Fix

conf/coturn/turnserver.conf

@@ -23,6 +23,6 @@ no-multicast-peers
 
 no-cli
 
-log-file=/var/log/matrix-__APP__/turnserver.log
+log-file=/var/log/__APP__/turnserver.log
 pidfile=/run/coturn-__APP__/turnserver.pid
 simple-log

conf/ice-servers.json

@@ -1,11 +1,46 @@
 [
     {
         "urls": [
-            "turn:turn.example.com:443",
+            "turn:__DOMAIN__:__TLS_PORT__",
-            "turn:turn.example.com:443?transport=tcp"
+            "turn:__DOMAIN__:__TLS_PORT__?transport=tcp"
         ],
-        "username": "galene",
+        "username": "__APP__",
-        "credential": "secret",
+        "credential": "__TURNPWD__",
+        "credentialType": "hmac-sha1"
+    }
+]
+[
+    {
+        "urls": [
+            "turn:__DOMAIN__:__TLS_ALT_PORT__",
+            "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=tcp"
+        ],
+        "username": "__APP__",
+        "credential": "__TURNPWD__",
+        "credentialType": "hmac-sha1"
+    }
+]
+
+[
+    {
+        "urls": [
+            "turn:__DOMAIN__:__TLS_PORT__",
+            "turn:__DOMAIN__:__TLS_PORT__?transport=udp"
+        ],
+        "username": "__APP__",
+        "credential": "__TURNPWD__",
+        "credentialType": "hmac-sha1"
+    }
+]
+
+[
+    {
+        "urls": [
+            "turn:__DOMAIN__:__TLS_ALT_PORT__",
+            "turn:__DOMAIN__:__TLS_ALT_PORT__?transport=udp"
+        ],
+        "username": "__APP__",
+        "credential": "__TURNPWD__",
         "credentialType": "hmac-sha1"
     }
 ]

scripts/backup

@@ -54,11 +54,19 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #ynh_backup --src_path="/etc/logrotate.d/$app"
 
+#=================================================
+# BACKUP SYNAPSE LOG
+#=================================================
+
+ynh_backup --src_path="/var/log/$app"
+
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
 
 ynh_backup --src_path="/etc/systemd/system/$app.service"
+ynh_backup --src_path="/etc/default/coturn-$app"
+ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
 
 #=================================================
 # END OF SCRIPT

scripts/install

@@ -27,7 +27,9 @@ domain=$YNH_APP_ARG_DOMAIN
 path_url="/"
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
+ynh_print_OFF
 password=$YNH_APP_ARG_PASSWORD
+ynh_print_ON
 group_name=$YNH_APP_ARG_GROUP_NAME
 architecture=$(ynh_detect_arch)
 
@@ -143,13 +145,22 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
 
 cp ../conf/passwd $final_path/data/passwd
 
-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/data/passwd"
+ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd"
-ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/data/passwd"
+ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd"
 
 mv -f $final_path/groups/groupname.json $final_path/groups/$group_name.json
 
-ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/groups/$group_name.json"
+ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/groups/$group_name.json"
-ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/groups/$group_name.json"
+ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/groups/$group_name.json"
+
+cp ../conf/ice-servers.json $final_path/data/ice-servers.json
+
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$admin --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json"
+ynh_print_ON
 
 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
@@ -158,6 +169,7 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --
 # Calculate and store the config file checksum into the app settings
 ynh_store_file_checksum --file="$final_path/data/passwd"
 ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
+ynh_store_file_checksum --file="$final_path/data/ice-servers.json"
 
 #=================================================
 # SET COTURN CONFIG
@@ -208,7 +220,7 @@ ynh_store_file_checksum --file="$coturn_config_path"
 #=================================================
 ynh_script_progression --message="Configuring log rotation..." --weight=1
 
-ynh_use_logrotate --logfile "/var/log/$app"
+ynh_use_logrotate --origin_path="/etc/logrotate.d/$app"
 
 #=================================================
 # ADD SCRIPT FOR COTURN CRON AND APP SERVICE
@@ -229,6 +241,7 @@ ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$
 # Set permissions to app files
 chown -R $app: $final_path
 chmod -R 755 $final_path
+chmod u=rwX,g=rX,o= -R /etc/$app
 chmod 770 $final_path/Coturn_config_rotate.sh
 setfacl -R -m user:turnserver:rX  /etc/$app
 setfacl -R -m user:turnserver:rwX  /var/log/$app

scripts/remove

@@ -17,22 +17,29 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-port=$(ynh_app_setting_get --app=$app --key=port)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+port=$(ynh_app_setting_get --app=$app --key=port)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
 
 #=================================================
 # STANDARD REMOVE
 #=================================================
 # REMOVE SERVICE INTEGRATION IN YUNOHOST
 #=================================================
+ynh_script_progression --message="Removing $app service integration..." --weight=1
 
 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
 if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
-	ynh_script_progression --message="Removing $app service integration..." --weight=1
 	yunohost service remove $app
 fi
 
+if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null >/dev/null
+then
+	yunohost service remove coturn-$app
+fi
+
 #=================================================
 # STOP AND REMOVE SERVICE
 #=================================================
@@ -40,14 +47,15 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
 
 # Remove the dedicated systemd config
 ynh_remove_systemd_config
+ynh_remove_systemd_config --service=coturn-$app
 
 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
-#ynh_script_progression --message="Removing dependencies..." --time --weight=1
+ynh_script_progression --message="Removing dependencies..." --time --weight=1
 
 # Remove metapackage and its dependencies
-#ynh_remove_app_dependencies
+ynh_remove_app_dependencies
 
 #=================================================
 # REMOVE APP MAIN DIR
@@ -55,7 +63,9 @@ ynh_remove_systemd_config
 ynh_script_progression --message="Removing app main directory..." --weight=2
 
 # Remove the app directory securely
-ynh_secure_remove --file="$final_path"
+ynh_secure_remove --file=$final_path
+ynh_secure_remove --file=/var/log/$app
+ynh_secure_remove --file=/etc/default/coturn-$app
 
 #=================================================
 # REMOVE NGINX CONFIGURATION
@@ -68,20 +78,26 @@ ynh_remove_nginx_config
 #=================================================
 # REMOVE LOGROTATE CONFIGURATION
 #=================================================
-#ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
 
 # Remove the app-specific logrotate config
-#ynh_remove_logrotate
+ynh_remove_logrotate
 
 #=================================================
 # CLOSE A PORT
 #=================================================
 
-# if yunohost firewall list | grep -q "\- $port$"
+closeport() {
-# then
+    local port=$1
-# 	ynh_script_progression --message="Closing port $port..." --time --weight=1
+    if yunohost firewall list | grep -q "\- $port$"
-# 	ynh_exec_warn_less yunohost firewall disallow TCP $port
+    then
-# fi
+            ynh_script_progression --message="Closing port $port"
+            ynh_exec_warn_less yunohost firewall disallow Both $port
+    fi
+}
+
+closeport $turnserver_tls_port
+closeport $turnserver_alt_tls_port
 
 #=================================================
 # GENERIC FINALIZATION

scripts/restore

@@ -31,6 +31,8 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 group_name=$(ynh_app_setting_get --app=$app --key=group_name)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -64,6 +66,8 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
+adduser $synapse_user ssl-cert
+adduser turnserver ssl-cert
 
 #=================================================
 # RESTORE USER RIGHTS
@@ -90,6 +94,7 @@ ynh_script_progression --message="Restoring the systemd configuration..." --weig
 
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
 systemctl enable $app.service --quiet
+systemctl enable coturn-$app.service --quiet
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
@@ -105,12 +110,69 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
 ynh_script_progression --message="Starting a systemd service..." --weight=3
 
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
 #=================================================
 
-#ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
+#=================================================
+# RECONFIGURE THE TURNSERVER
+#=================================================
+ynh_script_progression --message="Reconfiguring coturn..." --weight=23
+
+# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
+
+# Retrieve specific settings
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
+cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
+ynh_print_OFF
+turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
+ynh_print_ON
+
+# WARNING : these commands are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+coturn_config_path="/etc/matrix-$app/coturn.conf"
+
+cp ../settings/conf/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+    echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+    echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
+#=================================================
+# OPEN THE PORT
+#=================================================
+
+# Ouvre le port dans le firewall
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
 
 #=================================================
 # GENERIC FINALIZATION

scripts/upgrade

@@ -23,6 +23,10 @@ is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 group_name=$(ynh_app_setting_get --app=$app --key=group_name)
 port=$(ynh_app_setting_get --app=$app --key=port)
+turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
+cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
+turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
 architecture=$(ynh_detect_arch)
 
 #=================================================
@@ -98,6 +102,91 @@ then
     popd
 fi
 
+#=================================================
+# MULTINSTANCE SUPPORT
+#=================================================
+
+if [ ! -e /etc/matrix-$app/coturn.conf ]
+then
+    ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
+
+    #=================================================
+    # CREATE AN INDEPENDANT SERVICE FOR COTURN
+    #=================================================
+
+    # Disable default config for turnserver and create a new service
+    systemctl stop coturn.service
+
+    # Set by default the system config for coturn
+    echo "" > /etc/turnserver.conf
+    ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
+
+    # Set a port for each service in turnserver
+    turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
+    cli_port=$(ynh_find_port --port=5766)
+
+    ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
+    ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
+
+    yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
+
+    #=================================================
+    # MAKE A CLEAN LOGROTATE CONFIG
+    #=================================================
+
+    ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
+fi
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+# UPDATE COTURN CONFIG
+#=================================================
+ynh_script_progression --message="Updating coturn config..." --weight=1
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+coturn_config_path="/etc/matrix-$app/coturn.conf"
+
+cp ../conf/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+    echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+    echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
+#=================================================
+# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
+#=================================================
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -138,14 +227,18 @@ ynh_add_systemd_config
 # Set permissions on app files
 chown -R $app: $final_path
 chmod -R 755 $final_path
+chmod u=rwX,g=rX,o= -R /etc/$app
+chmod 770 $final_path/Coturn_config_rotate.sh
+setfacl -R -m user:turnserver:rX  /etc/matrix-$app
+setfacl -R -m user:turnserver:rwX  /var/log/matrix-$app
 
 #=================================================
 # SETUP LOGROTATE
 #=================================================
-# ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
 
 # # Use logrotate to manage app-specific logfile(s)
-# ynh_use_logrotate --non-append
+ynh_use_logrotate --non-append
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
@@ -160,7 +253,8 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=coturn-$app.service --action=restart
+ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
 
 #=================================================
 # RELOAD NGINX