From 44d62498ed065b570b0ac39872ed823049c6fe5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:21:09 +0200 Subject: [PATCH 01/10] fix --- conf/coturn-pairdrop.service | 27 +++++++++++++++++ conf/coturn/default_coturn | 5 ++++ conf/coturn/turnserver.conf | 33 +++++++++++++++++++++ conf/rtc_config.json | 7 ++++- manifest.toml | 5 ++++ scripts/backup | 3 ++ scripts/install | 48 ++++++++++++++++++++++++++++++ scripts/remove | 11 +++++++ scripts/restore | 5 ++++ scripts/upgrade | 57 ++++++++++++++++++++++++++++++++++++ 10 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 conf/coturn-pairdrop.service create mode 100644 conf/coturn/default_coturn create mode 100644 conf/coturn/turnserver.conf diff --git a/conf/coturn-pairdrop.service b/conf/coturn-pairdrop.service new file mode 100644 index 0000000..09d9cc4 --- /dev/null +++ b/conf/coturn-pairdrop.service @@ -0,0 +1,27 @@ +[Unit] +Description=Coturn STUN/TURN Server +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=syslog.target network.target + +[Service] +User=turnserver +Group=turnserver +Type=forking +EnvironmentFile=/etc/default/coturn-__APP__ +PIDFile=/run/coturn-__APP__/turnserver.pid +RuntimeDirectory=coturn-__APP__ +RuntimeDirectoryMode=0755 +ExecStart=/usr/bin/turnserver -o -c /etc/__APP__/coturn.conf $EXTRA_OPTIONS +ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid +Restart=on-abort + +LimitCORE=infinity +LimitNOFILE=999999 +LimitNPROC=60000 +LimitRTPRIO=infinity +LimitRTTIME=7000000 +CPUSchedulingPolicy=other +UMask=0007 + +[Install] +WantedBy=multi-user.target diff --git a/conf/coturn/default_coturn b/conf/coturn/default_coturn new file mode 100644 index 0000000..fc87269 --- /dev/null +++ b/conf/coturn/default_coturn @@ -0,0 +1,5 @@ +# +# Uncomment it if you want to have the turnserver running as +# an automatic system service daemon +# +TURNSERVER_ENABLED=1 diff --git a/conf/coturn/turnserver.conf b/conf/coturn/turnserver.conf new file mode 100644 index 0000000..8fe4917 --- /dev/null +++ b/conf/coturn/turnserver.conf @@ -0,0 +1,33 @@ +# TURN server name and realm +realm=__DOMAIN__ + +# Enable long-term credential mechanism +lt-cred-mech + +# Specify the user for the TURN authentification +user=__APP__:__TURNSERVER_PWD__ + +# Main listening port +listening-port=__PORT_TURNSERVER__ + +# Further ports that are open for communication +min-port=49152 +max-port=65535 + +# SSL certificates +cert=/etc/yunohost/certs/__DOMAIN__/crt.pem +pkey=/etc/yunohost/certs/__DOMAIN__/key.pem +dh-file=/etc/ssl/private/dh2048.pem + +# Log file path +log-file=/var/log/__APP__/turnserver.log +pidfile=/run/coturn-__APP__/turnserver.pid +simple-log + +no-sslv2 +no-sslv3 +no-tlsv1 +no-tlsv1_1 +no-loopback-peers +no-multicast-peers +no-cli diff --git a/conf/rtc_config.json b/conf/rtc_config.json index 99f1623..4e8a969 100644 --- a/conf/rtc_config.json +++ b/conf/rtc_config.json @@ -3,6 +3,11 @@ "iceServers": [ { "urls": "stun:stun.l.google.com:19302" + }, + { + "urls": "__DOMAIN__:__TURNSERVER_PORT__", + "username": "__APP__", + "credential": "__TURNSERVER_PWD__" } ] -} \ No newline at end of file +} diff --git a/manifest.toml b/manifest.toml index 0dcb723..58efd16 100644 --- a/manifest.toml +++ b/manifest.toml @@ -57,3 +57,8 @@ ram.runtime = "50M" main.url = "/" [resources.ports] + turnserver.default = 1194 + turnserver.exposed = "Both" + + [resources.apt] + packages = "coturn" diff --git a/scripts/backup b/scripts/backup index f8e82aa..7a5b15b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -20,6 +20,7 @@ ynh_print_info --message="Declaring files to be backed up..." #================================================= ynh_backup --src_path="$install_dir" +ynh_backup --src_path="/etc/$app" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -32,6 +33,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/default/coturn-$app" +ynh_backup --src_path="/etc/systemd/system/coturn-$app.service" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 8bea240..373c4a8 100755 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,15 @@ ynh_setup_source --dest_dir="$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + #================================================= # SYSTEM CONFIGURATION #================================================= @@ -40,7 +49,45 @@ ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config +mkdir -p /etc/$app +# Create systemd service for turnserver +cp ../conf/coturn/default_coturn /etc/default/coturn-$app +ynh_add_systemd_config --service=coturn-$app --template=coturn-pairdrop.service + yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver + +#================================================= +# SET COTURN CONFIG +#================================================= +ynh_script_progression --message="Configuring Coturn..." --weight=1 + +# Find password for turnserver +turnserver_pwd=$(ynh_string_random --length=30) +ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd + +coturn_config_path="/etc/$app/coturn.conf" + +ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="$coturn_config_path" + +# Get public IP and set as external IP for coturn +# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl -s ip.yunohost.org)" || true +public_ip6="$(curl -s ipv6.yunohost.org)" || true + +if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" ) +then + echo "external-ip=${public_ip4}/${public_ip6}" >> "$coturn_config_path" +fi + +ynh_store_file_checksum --file="$coturn_config_path" + +# Set permissions to app files +chown -R $app:root /etc/$app +chown turnserver:root /etc/$app/coturn.conf +chmod -R u=rwX,g=rX,o= /etc/$app +setfacl -R -m user:turnserver:rX /etc/$app +setfacl -R -m user:turnserver:rwX /var/log/$app #================================================= # BUILD YARN DEPENDENCIES @@ -73,6 +120,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 59b1cc0..d096eba 100755 --- a/scripts/remove +++ b/scripts/remove @@ -25,13 +25,24 @@ then yunohost service remove $app fi +if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null +then + ynh_script_progression --message="Removing coturn-$app service integration..." --weight=1 + yunohost service remove coturn-$app +fi + ynh_remove_systemd_config +ynh_remove_systemd_config --service=coturn-$app ynh_remove_nginx_config # Remove NodeJS ynh_remove_nodejs +ynh_secure_remove --file=/etc/default/coturn-$app + +ynh_system_user_delete --username=turnserver + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 7b915f0..1c7a1ba 100755 --- a/scripts/restore +++ b/scripts/restore @@ -34,6 +34,11 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + +ynh_restore_file --origin_path="/etc/$app" + ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" diff --git a/scripts/upgrade b/scripts/upgrade index 26052c5..5cafe1c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,6 +34,61 @@ fi chown -R $app:www-data "$install_dir" +#================================================= +# MULTINSTANCE SUPPORT +#================================================= + +if [ ! -e /etc/$app/coturn.conf ] +then + ynh_script_progression --message="Creating an independant service for Coturn..." --weight=1 + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + # Set by default the system config for coturn + echo "" > /etc/turnserver.conf + ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate --logfile /var/log/$app --nonappend +fi + +#================================================= +# UPDATE COTURN CONFIG +#================================================= +ynh_script_progression --message="Updating Coturn config..." --weight=1 + +ynh_add_config --template="../conf/coturn/turnserver.conf" --destination="/etc/$app/coturn.conf" + +# Get public IP and set as external IP for coturn +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl -s ip.yunohost.org)" || true +public_ip6="$(curl -s ipv6.yunohost.org)" || true + +if ( [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4" || [[ -n "$public_ip6" ]] && ynh_validate_ip6 --ip_address="$public_ip6" ) +then + echo "external-ip=${public_ip4}/${public_ip6}" >> "/etc/$app/coturn.conf" +fi + +ynh_store_file_checksum --file="/etc/$app/coturn.conf" + +ynh_system_user_create --username=turnserver +adduser turnserver ssl-cert + +# Set permissions on app files +chown -R $app:root /etc/$app +chown turnserver:root "/etc/$app/coturn.conf" +chmod -R u=rwX,g=rX,o= /etc/$app +setfacl -R -m user:turnserver:rX /etc/$app +setfacl -R -m user:turnserver:rwX /var/log/$app + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -52,6 +107,7 @@ ynh_add_nginx_config ynh_add_systemd_config yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver #================================================= # BUILD YARN DEPENDENCIES @@ -81,6 +137,7 @@ popd ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=coturn-$app.service --action=restart --log_path="/var/log/$app/turnserver.log" #================================================= # END OF SCRIPT From 495dba0f23401a692b8e4f434019dddd0d070b0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:25:03 +0200 Subject: [PATCH 02/10] fix --- conf/coturn-pairdrop.service | 2 +- scripts/restore | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/conf/coturn-pairdrop.service b/conf/coturn-pairdrop.service index 09d9cc4..7774640 100644 --- a/conf/coturn-pairdrop.service +++ b/conf/coturn-pairdrop.service @@ -1,5 +1,5 @@ [Unit] -Description=Coturn STUN/TURN Server +Description=Coturn STUN/TURN Server for __APP__ Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) After=syslog.target network.target diff --git a/scripts/restore b/scripts/restore index 1c7a1ba..c865570 100755 --- a/scripts/restore +++ b/scripts/restore @@ -44,7 +44,24 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +ynh_restore_file --origin_path="/etc/default/coturn-$app" +ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service" +systemctl enable coturn-$app.service --quiet + yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port + +#================================================= +# RESTORE USER RIGHTS +#================================================= +ynh_script_progression --message="Restoring permissions..." --weight=1 + +chown -R $app:root /var/log/$app +chown -R $app:root /etc/$app +chown turnserver:root /etc/$app/coturn.conf +chmod -R u=rwX,g=rX,o= /etc/$app +setfacl -R -m user:turnserver:rX /etc/$app +setfacl -R -m user:turnserver:rwX /var/log/$app #================================================= # GENERIC FINALIZATION From 98a73597b8645f5ec9e2c2d789edf49d494081b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:32:55 +0200 Subject: [PATCH 03/10] Update install --- scripts/install | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/install b/scripts/install index 373c4a8..dabd451 100755 --- a/scripts/install +++ b/scripts/install @@ -57,6 +57,19 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-pairdrop.service yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --weight=1 + +# Create log directory +mkdir -p /var/log/$app +touch /var/log/$app/$app.log +chown $app -R /var/log/$app + +# Setup logrotate +ynh_use_logrotate --logfile "/var/log/$app" + #================================================= # SET COTURN CONFIG #================================================= From 705b4bd48ca3b1f6f3c2c2f15cc06bfbb6d6b3bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:34:03 +0200 Subject: [PATCH 04/10] Update remove --- scripts/remove | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/remove b/scripts/remove index d096eba..1b0e560 100755 --- a/scripts/remove +++ b/scripts/remove @@ -31,6 +31,9 @@ then yunohost service remove coturn-$app fi +# Remove the app-specific logrotate config +ynh_remove_logrotate + ynh_remove_systemd_config ynh_remove_systemd_config --service=coturn-$app From 846a12c575590b276016eff85f43e41e75564e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:34:56 +0200 Subject: [PATCH 05/10] fix --- scripts/backup | 6 ++++++ scripts/restore | 2 ++ 2 files changed, 8 insertions(+) diff --git a/scripts/backup b/scripts/backup index 7a5b15b..afa01eb 100755 --- a/scripts/backup +++ b/scripts/backup @@ -28,6 +28,12 @@ ynh_backup --src_path="/etc/$app" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/restore b/scripts/restore index c865570..3d3f539 100755 --- a/scripts/restore +++ b/scripts/restore @@ -48,6 +48,8 @@ ynh_restore_file --origin_path="/etc/default/coturn-$app" ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service" systemctl enable coturn-$app.service --quiet +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port From 92473fadcafb83123115ed1cea06ef65f9182531 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:35:28 +0200 Subject: [PATCH 06/10] Update rtc_config.json --- conf/rtc_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/rtc_config.json b/conf/rtc_config.json index 4e8a969..71d1b93 100644 --- a/conf/rtc_config.json +++ b/conf/rtc_config.json @@ -5,7 +5,7 @@ "urls": "stun:stun.l.google.com:19302" }, { - "urls": "__DOMAIN__:__TURNSERVER_PORT__", + "urls": "__DOMAIN__:__PORT_TURNSERVER__", "username": "__APP__", "credential": "__TURNSERVER_PWD__" } From 6edb001325f664f6bdf7b1143c6f1323d3b9a38d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:49:09 +0200 Subject: [PATCH 07/10] Update restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 3d3f539..8b28ee6 100755 --- a/scripts/restore +++ b/scripts/restore @@ -51,7 +51,7 @@ systemctl enable coturn-$app.service --quiet ynh_restore_file --origin_path="/etc/logrotate.d/$app" yunohost service add $app --description="Local file sharing in your browser" --log="/var/log/$app/$app.log" -yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port +yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $port_turnserver #================================================= # RESTORE USER RIGHTS From a28ab1abcda481c9a8962a3589dda60a3fb737a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 14:55:33 +0200 Subject: [PATCH 08/10] Update rtc_config.json --- conf/rtc_config.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/conf/rtc_config.json b/conf/rtc_config.json index 71d1b93..1c682e5 100644 --- a/conf/rtc_config.json +++ b/conf/rtc_config.json @@ -2,10 +2,7 @@ "sdpSemantics": "unified-plan", "iceServers": [ { - "urls": "stun:stun.l.google.com:19302" - }, - { - "urls": "__DOMAIN__:__PORT_TURNSERVER__", + "urls": "turn:__DOMAIN__:__PORT_TURNSERVER__", "username": "__APP__", "credential": "__TURNSERVER_PWD__" } From 12fe8d55d551d3ae5939f9338324267b511f401a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 15:12:16 +0200 Subject: [PATCH 09/10] fix --- scripts/backup | 2 ++ scripts/restore | 2 ++ 2 files changed, 4 insertions(+) diff --git a/scripts/backup b/scripts/backup index afa01eb..9d5c346 100755 --- a/scripts/backup +++ b/scripts/backup @@ -32,6 +32,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP LOGROTATE #================================================= +ynh_backup --src_path="/var/log/$app" + ynh_backup --src_path="/etc/logrotate.d/$app" #================================================= diff --git a/scripts/restore b/scripts/restore index 8b28ee6..267c8f8 100755 --- a/scripts/restore +++ b/scripts/restore @@ -39,6 +39,8 @@ adduser turnserver ssl-cert ynh_restore_file --origin_path="/etc/$app" +ynh_restore_file --origin_path="/var/log/$app" + ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" From 8da1bf2a26d92cbc18b9476d056e8e75b0e2d095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 8 Oct 2023 19:03:10 +0200 Subject: [PATCH 10/10] Update systemd.service --- conf/systemd.service | 3 --- 1 file changed, 3 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 4559137..8a3d618 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -11,9 +11,6 @@ Environment="PORT=__PORT__" Environment="RTC_CONFIG=__INSTALL_DIR__/rtc_config.json" WorkingDirectory=__INSTALL_DIR__/ ExecStart=__YNH_NODE__ __INSTALL_DIR__/index.js --rate-limit --auto-restart -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=__APP__ Restart=always