meissa
/
c4k-jitsi
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 8 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
jitsi-changes
2.0.2
2.0.1
2.0.0
1.6.0
1.5.1
1.5.0
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.1
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '52d59f187c'
${ noResults }
c4k-jitsi/infrastructure/docker-coturn/image/resources/turnserver.conf

71 lines
2.8 KiB
Plaintext
Raw Blame History

# location of example configuration
## https://github.com/coturn/coturn/blob/master/docker/coturn/
## https://github.com/coturn/coturn/blob/master/README.turnserver - Line 666 for TURN REST API
listening-port=3478
tls-listening-port=5349
#listening-ip=<eureIP> # Automatically Detected
#relay-ip=<eureIP> # Automatically Detected
fingerprint
#use-auth-secret # Authentication Issue
#static-auth-secret=<euerSecret> # Authentication Issue
#realm=stun.kuketz-meet.de # Automatically detected
total-quota=100
bps-capacity=0
no-udp #??
no-tcp #??
# stale-nonce=600 # Authentication Issue - when to force re-authentication in seconds
cert=/etc/ssl/certs/stun.kuketz-meet_ecdsa.pem # same as jitsi?
pkey=/etc/ssl/private/stun.kuketz-meet_ecdsa.key # same as jitsi?
cipher-list="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
ec-curve-name=secp384r1
# dh-file=/etc/ssl/certs/dhparam.pem # should we use custom DH TLS key?
no-stdout-log
log-file=/var/log/coturn.log
# simple-log # We want logs with pid and date in the name
no-multicast-peers
# cli-port=5766 # do we want cli access?
# cli-password=SOME_SALTED_PW # do we want a cli password?
no-tlsv1
no-tlsv1_1
# Authentication Issue -> restrict access to only jitsi server ?
## Authentication mechanisms:
## no-auth [default] - allows anonymous access
## lt-cred-mech - long time credential mechanism, do not use with use-auth-secret
## oauth - sets the possibility for oAuth
## server-name= - sets the server name which is used for oAuth
## [define a user in config (this file), command line, or userdb file] - sets lt-cred-mech as default
### user=username1:key1
### or
### user=username1:password1
### Keys must be generated by turnadmin utility. The key value depends
### on user name, realm, and password:
###
### Example:
### $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
### Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
### ('0x' in the beginning of the key is what differentiates the key from
### password. If it has 0x then it is a key, otherwise it is a password).
###
### The corresponding user account entry in the config file will be:
###
### user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
### Or, equivalently, with open clear password (less secure):
### user=ninefingers:youhavetoberealistic
## use-auth-secret - sets the TURN REST API flag
### This option is used with timestamp:
### usercombo -> "timestamp:userid"
### turn user -> usercombo
### turn password -> base64(hmac(secret key, usercombo))
## we can use a database for storing users and secrets for the TURN REST API
# CLI Security
## do we want a password?
# TODO import from env variables
# TODO find paths for cert and pkey
Reference in New Issue View Git Blame Copy Permalink