1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Improve coturn config

This commit is contained in:
Josué Tille 2024-03-09 01:51:57 +01:00
parent 3a1f0b13c9
commit 3b20f1320a
No known key found for this signature in database
GPG key ID: 5F259226AD51F2F5

View file

@ -13,15 +13,16 @@ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/ssl/private/dh2048.pem dh-file=/etc/ssl/private/dh2048.pem
# Block clear communication
no-udp
no-tcp
# Block old protocols
no-sslv2 no-sslv2
no-sslv3 no-sslv3
no-tlsv1 no-tlsv1
no-tlsv1_1 no-tlsv1_1
no-multicast-peers
no-cli
log-file=/var/log/matrix-__APP__/turnserver.log log-file=/var/log/matrix-__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid pidfile=/run/coturn-__APP__/turnserver.pid
simple-log simple-log
@ -30,6 +31,12 @@ simple-log
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user. user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
total-quota=1200 total-quota=1200
# recommended additional local peers to block, to mitigate external access to internal services.
# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
# Max time 12h # Max time 12h
max-allocate-lifetime=43200 max-allocate-lifetime=43200