From 44d62498ed065b570b0ac39872ed823049c6fe5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:21:09 +0200 Subject: [PATCH] fix --- conf/coturn-pairdrop.service | 27 +++++++++++++++++ conf/coturn/default_coturn | 5 ++++ conf/coturn/turnserver.conf | 33 +++++++++++++++++++++ conf/rtc_config.json | 7 ++++- manifest.toml | 5 ++++ scripts/backup | 3 ++ scripts/install | 48 ++++++++++++++++++++++++++++++ scripts/remove | 11 +++++++ scripts/restore | 5 ++++ scripts/upgrade | 57 ++++++++++++++++++++++++++++++++++++ 10 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 conf/coturn-pairdrop.service create mode 100644 conf/coturn/default_coturn create mode 100644 conf/coturn/turnserver.conf diff --git a/conf/coturn-pairdrop.service b/conf/coturn-pairdrop.service new file mode 100644 index 0000000..09d9cc4 --- /dev/null +++ b/conf/coturn-pairdrop.service @@ -0,0 +1,27 @@ +[Unit] +Description=Coturn STUN/TURN Server +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=syslog.target network.target + +[Service] +User=turnserver +Group=turnserver +Type=forking +EnvironmentFile=/etc/default/coturn-__APP__ +PIDFile=/run/coturn-__APP__/turnserver.pid +RuntimeDirectory=coturn-__APP__ +RuntimeDirectoryMode=0755 +ExecStart=/usr/bin/turnserver -o -c /etc/__APP__/coturn.conf $EXTRA_OPTIONS +ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid +Restart=on-abort + +LimitCORE=infinity +LimitNOFILE=999999 +LimitNPROC=60000 +LimitRTPRIO=infinity +LimitRTTIME=7000000 +CPUSchedulingPolicy=other +UMask=0007 + +[Install] +WantedBy=multi-user.target diff --git a/conf/coturn/default_coturn b/conf/coturn/default_coturn new file mode 100644 index 0000000..fc87269 --- /dev/null +++ b/conf/coturn/default_coturn @@ -0,0 +1,5 @@ +# +# Uncomment it if you want to have the turnserver running as +# an automatic system service daemon +# +TURNSERVER_ENABLED=1 diff --git a/conf/coturn/turnserver.conf b/conf/coturn/turnserver.conf new file mode 100644 index 0000000..8fe4917 --- /dev/null +++ b/conf/coturn/turnserver.conf @@ -0,0 +1,33 @@ +# TURN server name and realm +realm=__DOMAIN__ + +# Enable long-term credential mechanism +lt-cred-mech + +# Specify the user for the TURN authentification +user=__APP__:__TURNSERVER_PWD__ + +# Main listening port +listening-port=__PORT_TURNSERVER__ + +# Further ports that are open for communication +min-port=49152 +max-port=65535 + +# SSL certificates +cert=/etc/yunohost/certs/__DOMAIN__/crt.pem +pkey=/etc/yunohost/certs/__DOMAIN__/key.pem +dh-file=/etc/ssl/private/dh2048.pem + +# Log file path +log-file=/var/log/__APP__/turnserver.log +pidfile=/run/coturn-__APP__/turnserver.pid +simple-log + +no-sslv2 +no-sslv3 +no-tlsv1 +no-tlsv1_1 +no-loopback-peers +no-multicast-peers +no-cli diff --git a/conf/rtc_config.json b/conf/rtc_config.json index 99f1623..4e8a969 100644 --- a/conf/rtc_config.json +++ b/conf/rtc_config.json @@ -3,6 +3,11 @@ "iceServers": [ { "urls": "stun:stun.l.google.com:19302" + }, + { + "urls": "__DOMAIN__:__TURNSERVER_PORT__", + "username": "__APP__", + "credential": "__TURNSERVER_PWD__" } ] -} \ No newline at end of file +} diff --git a/manifest.toml b/manifest.toml index 0dcb723..58efd16 100644 --- a/manifest.toml +++ b/manifest.toml @@ -57,3 +57,8 @@ ram.runtime = "50M" main.url = "/" [resources.ports] + turnserver.default = 1194 + turnserver.exposed = "Both" + + [resources.apt] + packages = "coturn" diff --git a/scripts/backup b/scripts/backup index f8e82aa..7a5b15b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -20,6 +20,7 @@ ynh_print_info --message="Declaring files to be backed up..." #================================================= ynh_backup --src_path="$install_dir" +ynh_backup --src_path="/etc/$app" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -32,6 +33,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/default/coturn-$app" +ynh_backup --src_path="/etc/systemd/system/coturn-$app.service" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 8bea240..373c4a8 100755 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,15 @@ ynh_setup_source --dest_dir="$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + #================================================= # SYSTEM CONFIGURATION #================================================= @@ -40,7 +49,45 @@ ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config +mkdir -p /etc/$app +# Create systemd service for turnserver +cp ../conf/coturn/default_coturn /etc/default/coturn-$app +ynh_add_systemd_config --service=coturn-$app --template=coturn-pairdrop.service + yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver + +#================================================= +# SET COTURN CONFIG +#================================================= +ynh_script_progression --message="Configuring Coturn..." --weight=1 + +# Find password for turnserver +turnserver_pwd=$(ynh_string_random --length=30) +ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd + +coturn_config_path="/etc/$app/coturn.conf" + +ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$coturn_config_path" + +# Get public IP and set as external IP for coturn +# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl -s ip.yunohost.org)" || true +public_ip6="$(curl -s ipv6.yunohost.org)" || true + +if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" ) +then + echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path" +fi + +ynh_store_file_checksum --file="$coturn_config_path" + +# Set permissions to app files +chown -R $app:root /etc/$app +chown turnserver:root /etc/$app/coturn.conf +chmod -R u=rwX,g=rX,o= /etc/$app +setfacl -R -m user:turnserver:rX /etc/$app +setfacl -R -m user:turnserver:rwX /var/log/$app #================================================= # BUILD YARN DEPENDENCIES @@ -73,6 +120,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 59b1cc0..d096eba 100755 --- a/scripts/remove +++ b/scripts/remove @@ -25,13 +25,24 @@ then yunohost service remove $app fi +if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null +then + ynh_script_progression --message="Removing coturn-$app service integration..." --weight=1 + yunohost service remove coturn-$app +fi + ynh_remove_systemd_config +ynh_remove_systemd_config --service=coturn-$app ynh_remove_nginx_config # Remove NodeJS ynh_remove_nodejs +ynh_secure_remove --file=/etc/default/coturn-$app + +ynh_system_user_delete --username=turnserver + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 7b915f0..1c7a1ba 100755 --- a/scripts/restore +++ b/scripts/restore @@ -34,6 +34,11 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + +ynh_restore_file --origin_path="/etc/$app" + ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" diff --git a/scripts/upgrade b/scripts/upgrade index 26052c5..5cafe1c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,6 +34,61 @@ fi chown -R $app:www-data "$install_dir" +#================================================= +# MULTINSTANCE SUPPORT +#================================================= + +if [ ! -e /etc/$app/coturn.conf ] +then + ynh_script_progression --message="Creating an independant service for Coturn..." --weight=1 + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + # Set by default the system config for coturn + echo "" > /etc/turnserver.conf + ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate --logfile /var/log/$app --nonappend +fi + +#================================================= +# UPDATE COTURN CONFIG +#================================================= +ynh_script_progression --message="Updating Coturn config..." --weight=1 + +ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="/etc/$app/coturn.conf" + +# Get public IP and set as external IP for coturn +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl -s ip.yunohost.org)" || true +public_ip6="$(curl -s ipv6.yunohost.org)" || true + +if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" ) +then + echo "external-ip=${public_ip4}/${public_ip6}" >> "/etc/$app/coturn.conf" +fi + +ynh_store_file_checksum --file="/etc/$app/coturn.conf" + +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + +# Set permissions on app files +chown -R $app:root /etc/$app +chown turnserver:root "/etc/$app/coturn.conf" +chmod -R u=rwX,g=rX,o= /etc/$app +setfacl -R -m user:turnserver:rX /etc/$app +setfacl -R -m user:turnserver:rwX /var/log/$app + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -52,6 +107,7 @@ ynh_add_nginx_config ynh_add_systemd_config yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver #================================================= # BUILD YARN DEPENDENCIES @@ -81,6 +137,7 @@ popd ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log" #================================================= # END OF SCRIPT