mirror of
https://github.com/YunoHost-Apps/galene_ynh.git
synced 2024-09-03 18:36:31 +02:00
rework coturn config
This commit is contained in:
ericgaspar
parent
4a77f2d9d0
commit
355be6bbf5
7 changed files with 38 additions and 72 deletions
10
README.md
10
README.md
|
|
@ -32,16 +32,16 @@ Groups are defined by files in the `/opt/yunohost/galene/groups` directory. Vari
|
|||
For VoIP and video conferencing a TURN server is also installed and configured. The TURN server listens on two UDP and TCP ports. You can get them with these commands:
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_tls_port
|
||||
sudo yunohost app setting galene turnserver_alt_tls_port
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
sudo yunohost app setting galene turnserver_alt_port
|
||||
```
|
||||
|
||||
The TURN server will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
||||
The TURN server will also choose a port dynamically when a new call starts. The range is between 49152 - 65535.
|
||||
|
||||
For security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
|
||||
For security reason the ports range (49152 - 65535) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49153:49193
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
|
||||
You might also need to open these ports (if it is not automatically done) on your ISP box.
|
||||
|
|
|
|||
10
README_fr.md
10
README_fr.md
|
|
@ -32,16 +32,16 @@ Les groupes sont définis par des fichiers dans le répertoire `/opt/yunohost/ga
|
|||
Pour la VoIP et la visioconférence, un serveur TURN est également installé et configuré. Le serveur TURN écoute sur deux ports UDP et TCP. Vous pouvez les obtenir avec ces commandes :
|
||||
|
||||
```
|
||||
sudo yunohost app setting galene turnserver_tls_port
|
||||
sudo yunohost app setting galene turnserver_alt_tls_port
|
||||
sudo yunohost app setting galene turnserver_port
|
||||
sudo yunohost app setting galene turnserver_alt_port
|
||||
```
|
||||
|
||||
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49153 et 49193.
|
||||
Le serveur TURN choisira également un port de manière dynamique lors du démarrage d'une nouvelle visioconférence. La plage est comprise entre 49152 et 65535.
|
||||
|
||||
Par sécurité, la plage de ports (49153 - 49193) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
|
||||
Par sécurité, la plage de ports (49152 - 65535) n'est pas automatiquement ouverte par défaut. Si vous souhaitez utiliser Galène pour la VoIP ou la visioconférence, vous devrez ouvrir cette plage de ports manuellement. Pour ce faire, exécutez simplement cette commande :
|
||||
|
||||
```
|
||||
sudo yunohost firewall allow Both 49153:49193
|
||||
sudo yunohost firewall allow Both 49152:65535
|
||||
```
|
||||
|
||||
Vous devrez peut-être également ouvrir ces ports (si ce n'est pas fait automatiquement) sur votre box.
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@ use-auth-secret
|
|||
static-auth-secret=__TURNSERVER_PWD__
|
||||
realm=__DOMAIN__
|
||||
|
||||
tls-listening-port=__TURNSERVER_TLS_PORT__
|
||||
alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__
|
||||
min-port=49153
|
||||
max-port=49193
|
||||
listening-port=__TURNSERVER_PORT__
|
||||
alt-listening-port=__TURNSERVER_ALT_PORT__
|
||||
min-port=49152
|
||||
max-port=65535
|
||||
|
||||
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
||||
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
||||
|
|
|
|||
|
|
@ -83,18 +83,18 @@ ynh_script_progression --message="Finding an available port..." --weight=3
|
|||
|
||||
# Find an available port
|
||||
port=$(ynh_find_port --port=8443)
|
||||
turnserver_tls_port=$(ynh_find_port --port=5349)
|
||||
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
||||
turnserver_port=$(ynh_find_port --port=1194)
|
||||
turnserver_alt_port=$(ynh_find_port --port=$((turnserver_port+1)))
|
||||
|
||||
# Open the ports
|
||||
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_port
|
||||
|
||||
# Store opened ports
|
||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_port --value=$turnserver_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_port --value=$turnserver_alt_port
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
|
|
@ -256,7 +256,7 @@ setfacl -R -m user:turnserver:rwX /var/log/$app
|
|||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_tls_port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turnserver_alt_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_port)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
|
|
@ -93,14 +93,14 @@ then
|
|||
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
||||
fi
|
||||
|
||||
if yunohost firewall list | grep -q "\- $turnserver_tls_port$"
|
||||
if yunohost firewall list | grep -q "\- $turnserver_port$"
|
||||
then
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_tls_port
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port
|
||||
fi
|
||||
|
||||
if yunohost firewall list | grep -q "\- $turnserver_alt_tls_port$"
|
||||
if yunohost firewall list | grep -q "\- $turnserver_alt_port$"
|
||||
then
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_alt_tls_port
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_alt_port
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turnserver_alt_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_port)
|
||||
ynh_print_OFF
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
ynh_print_ON
|
||||
|
|
@ -100,7 +100,7 @@ systemctl enable coturn-$app.service --quiet
|
|||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_tls_port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
@ -125,48 +125,14 @@ then
|
|||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
||||
# #=================================================
|
||||
# # RECONFIGURE THE TURNSERVER
|
||||
# #=================================================
|
||||
# ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
|
||||
|
||||
# # To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
|
||||
|
||||
# # WARNING : these commands are used in INSTALL, UPGRADE
|
||||
# # For any update do it in all files
|
||||
|
||||
# coturn_config_path="/etc/$app/coturn.conf"
|
||||
|
||||
# cp ../settings/conf/coturn/turnserver.conf "$coturn_config_path"
|
||||
|
||||
# ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
|
||||
# ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
|
||||
# ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
|
||||
# ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
|
||||
# ynh_print_OFF
|
||||
# ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
|
||||
# ynh_print_ON
|
||||
|
||||
# # Get public IP and set as external IP for coturn
|
||||
# # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
# public_ip4="$(curl ip.yunohost.org)" || true
|
||||
# public_ip6="$(curl ipv6.yunohost.org)" || true
|
||||
|
||||
# if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" )
|
||||
# then
|
||||
# echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path"
|
||||
# fi
|
||||
|
||||
# ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# OPEN THE PORT
|
||||
#=================================================
|
||||
|
||||
# Ouvre le port dans le firewall
|
||||
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_port
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|||
password=$(ynh_app_setting_get --app=$app --key=password)
|
||||
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
turnserver_port=$(ynh_app_setting_get --app=$app --key=turnserver_port)
|
||||
turnserver_alt_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
architecture=$(ynh_detect_arch)
|
||||
|
||||
|
|
@ -135,11 +135,11 @@ then
|
|||
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
|
||||
|
||||
# Set a port for each service in turnserver
|
||||
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
||||
turnserver_alt_port=$(ynh_find_port --port=$((turnserver_port+1)))
|
||||
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_port --value=$turnserver_alt_port
|
||||
|
||||
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
||||
yunohost firewall allow Both $turnserver_alt_port > /dev/null 2>&1
|
||||
|
||||
#=================================================
|
||||
# MAKE A CLEAN LOGROTATE CONFIG
|
||||
|
|
@ -264,7 +264,7 @@ ynh_use_logrotate --non-append
|
|||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
|
||||
|
||||
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_tls_port
|
||||
yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue