diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 827571c..5d3eada 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -2,10 +2,11 @@ lt-cred-mech use-auth-secret static-auth-secret=__TURNPWD__ realm=__DOMAIN__ -no-stun tls-listening-port=__TLS_PORT__ alt-tls-listening-port=__TLS_ALT_PORT__ +min-port=49152 +max-port=49192 cli-port=__CLI_PORT__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem @@ -14,8 +15,14 @@ dh-file=/etc/matrix-__APP__/dh.pem no-sslv2 no-sslv3 -no-udp -no-tcp +no-tlsv1 + +no-loopback-peers +no-multicast-peers log-file=/var/log/matrix-__APP__/turnserver.log pidfile=/var/run/coturn-__APP__/turnserver.pid +simple-log + +external-ip=__IPV4__,__IPV6__ + diff --git a/scripts/install b/scripts/install index 2770c98..4a2b5f1 100644 --- a/scripts/install +++ b/scripts/install @@ -76,6 +76,7 @@ cli_port=$(ynh_find_port 5766) yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 +yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 # Store opened ports ynh_app_setting_set $app synapse_port $port @@ -250,6 +251,23 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" +# Get public IP and set as external IP for coturn +public_ip4="$(curl ip.yunohost.org)" +public_ip6="$(curl ipv6.yunohost.org)" +if ynh_validate_ip4 "$public_ip4" +then + ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" +else + ynh_replace_string '__IPV4__,' "" "$coturn_config_path" +fi + +if ynh_valide_ip6 "$public_ip6" +then + ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" +else + ynh_replace_string ',__IPV6__' "" "$coturn_config_path" +fi + ynh_store_file_checksum "$coturn_config_path" #================================================= diff --git a/scripts/remove b/scripts/remove index e3cbf9a..91a68c6 100755 --- a/scripts/remove +++ b/scripts/remove @@ -58,6 +58,7 @@ closeport() { closeport $synapse_tls_port closeport $turnserver_tls_port closeport $turnserver_alt_tls_port +closeport '49152:49192' #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 9274f69..b5f2a55 100644 --- a/scripts/restore +++ b/scripts/restore @@ -80,6 +80,7 @@ adduser turnserver ssl-cert yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 +yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 #================================================= # SETUP SSOWAT diff --git a/scripts/upgrade b/scripts/upgrade index f1d6fbc..b6568e8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -204,6 +204,15 @@ test -e /etc/matrix-$app/dh.pem || \ cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null +#================================================= +# MIGRATION 4 : FIX TURNSERVER CONFIG +#================================================= + +if ! yunohost firewall list | grep -q "\- 49152:49192$" +then + yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -221,8 +230,6 @@ ynh_add_nginx_config coturn_config_path="/etc/matrix-$app/coturn.conf" -ynh_backup_if_checksum_is_different "$coturn_config_path" - cp ../conf/turnserver.conf "$coturn_config_path" ynh_replace_string __APP__ $app "$coturn_config_path" @@ -232,6 +239,23 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" +# Get public IP and set as external IP for coturn +public_ip4="$(curl ip.yunohost.org)" +public_ip6="$(curl ipv6.yunohost.org)" +if ynh_validate_ip4 "$public_ip4" +then + ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" +else + ynh_replace_string '__IPV4__,' "" "$coturn_config_path" +fi + +if ynh_valide_ip6 "$public_ip6" +then + ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" +else + ynh_replace_string ',__IPV6__' "" "$coturn_config_path" +fi + ynh_store_file_checksum "$coturn_config_path" #=================================================