From 73b50e3156059366b47273d0a437ea7a6cf8add2 Mon Sep 17 00:00:00 2001 From: see Date: Fri, 22 Apr 2022 14:05:13 +0200 Subject: [PATCH] added coturn docker image --- infrastructure/docker-coturn/build.py | 49 +++++++++++++++++++ infrastructure/docker-coturn/image/Dockerfile | 7 +++ .../image/resources/entrypoint.sh | 14 ++++++ .../image/resources/install-debug.sh | 3 ++ .../docker-coturn/image/resources/install.sh | 8 +++ .../image/resources/turnserver.conf | 41 ++++++++++++++++ 6 files changed, 122 insertions(+) create mode 100644 infrastructure/docker-coturn/build.py create mode 100644 infrastructure/docker-coturn/image/Dockerfile create mode 100644 infrastructure/docker-coturn/image/resources/entrypoint.sh create mode 100644 infrastructure/docker-coturn/image/resources/install-debug.sh create mode 100755 infrastructure/docker-coturn/image/resources/install.sh create mode 100644 infrastructure/docker-coturn/image/resources/turnserver.conf diff --git a/infrastructure/docker-coturn/build.py b/infrastructure/docker-coturn/build.py new file mode 100644 index 0000000..872c0d4 --- /dev/null +++ b/infrastructure/docker-coturn/build.py @@ -0,0 +1,49 @@ +from os import environ +from pybuilder.core import task, init +from ddadevops import * +import logging + +name = 'c4k-coturn' +MODULE = 'docker' +PROJECT_ROOT_PATH = '../..' + + +class MyBuild(DevopsDockerBuild): + pass + +@init +def initialize(project): + project.build_depends_on('ddadevops>=0.12.7') + stage = 'notused' + dockerhub_user = environ.get('DOCKERHUB_USER') + if not dockerhub_user: + dockerhub_user = gopass_field_from_path('meissa/web/docker.com', 'login') + dockerhub_password = environ.get('DOCKERHUB_PASSWORD') + if not dockerhub_password: + dockerhub_password = gopass_password_from_path('meissa/web/docker.com') + config = create_devops_docker_build_config( + stage, PROJECT_ROOT_PATH, MODULE, dockerhub_user, dockerhub_password) + build = MyBuild(project, config) + build.initialize_build_dir() + + +@task +def image(project): + build = get_devops_build(project) + build.image() + +@task +def drun(project): + build = get_devops_build(project) + build.drun() + +@task +def test(project): + build = get_devops_build(project) + build.test() + +@task +def publish(project): + build = get_devops_build(project) + build.dockerhub_login() + build.dockerhub_publish() diff --git a/infrastructure/docker-coturn/image/Dockerfile b/infrastructure/docker-coturn/image/Dockerfile new file mode 100644 index 0000000..77a02d5 --- /dev/null +++ b/infrastructure/docker-coturn/image/Dockerfile @@ -0,0 +1,7 @@ +FROM coturn/coturn:4.5.2-r11 + +# Prepare Configuration +ADD resources /tmp +RUN /tmp/install.sh + +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/infrastructure/docker-coturn/image/resources/entrypoint.sh b/infrastructure/docker-coturn/image/resources/entrypoint.sh new file mode 100644 index 0000000..5968e1e --- /dev/null +++ b/infrastructure/docker-coturn/image/resources/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +#function main() { +# file_env POSTGRES_DB +# file_env POSTGRES_PASSWORD +# file_env POSTGRES_USER +# +# create-pg-pass +# +# /usr/local/bin/backup.sh +#} +# +#source /usr/local/lib/functions.sh +#main \ No newline at end of file diff --git a/infrastructure/docker-coturn/image/resources/install-debug.sh b/infrastructure/docker-coturn/image/resources/install-debug.sh new file mode 100644 index 0000000..a5b8ce8 --- /dev/null +++ b/infrastructure/docker-coturn/image/resources/install-debug.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +apt update && apt -qqy install vim bash-completion less diff --git a/infrastructure/docker-coturn/image/resources/install.sh b/infrastructure/docker-coturn/image/resources/install.sh new file mode 100755 index 0000000..1d74892 --- /dev/null +++ b/infrastructure/docker-coturn/image/resources/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -Eeo pipefail + +apt update > /dev/null + +install -m 0700 /tmp/install-debug.sh /usr/local/bin/ +install -m 0600 /tmp/turnserver.conf /etc/coturn/turnserver.conf +install -m 0700 /tmp/entrypoint.sh /entrypoint.sh diff --git a/infrastructure/docker-coturn/image/resources/turnserver.conf b/infrastructure/docker-coturn/image/resources/turnserver.conf new file mode 100644 index 0000000..bf56772 --- /dev/null +++ b/infrastructure/docker-coturn/image/resources/turnserver.conf @@ -0,0 +1,41 @@ +# location of example configuration +## https://github.com/coturn/coturn/blob/master/docker/coturn/ + +listening-port=3478 +tls-listening-port=5349 +#listening-ip= # Automatically Detected +#relay-ip= # Automatically Detected +fingerprint +#use-auth-secret # Authentication Issue +#static-auth-secret= # Authentication Issue +#realm=stun.kuketz-meet.de # Automatically detected +total-quota=100 +bps-capacity=0 +no-udp #?? +no-tcp #?? +# stale-nonce=600 # Authentication Issue +cert=/etc/ssl/certs/stun.kuketz-meet_ecdsa.pem # same as jitsi? +pkey=/etc/ssl/private/stun.kuketz-meet_ecdsa.key # same as jitsi? +cipher-list="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256" +ec-curve-name=secp384r1 +# dh-file=/etc/ssl/certs/dhparam.pem # +no-stdout-log +log-file=/var/log/coturn.log +# simple-log # We want logs with pid and date +no-multicast-peers +cli-port=5766 +#cli-password=SOME_SALTED_PW # do we want that? +no-tlsv1 +no-tlsv1_1 + +# Authentication Issue -> restrict access to only jitsi server ? +## 1 use-auth-secret? +## 2 if yes: what secret to define +## 3 reauthentication only possible with auth-secret +## There seems to be a userdb file for authentication + +# CLI Security +## do we want a password? + +# TODO import from env variables +# TODO find paths for cert and pkey