lt-cred-mech
use-auth-secret
static-auth-secret=__TURNSERVER_PWD__
realm=__DOMAIN__

tls-listening-port=__PORT_TURNSERVER_TLS__
alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
min-port=49153
max-port=49193
cli-port=__PORT_CLI__

cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/ssl/private/dh2048.pem

_TURN_CLEAR_COM_PARAM_

# Block old protocols
no-sslv2
no-sslv3
no-tlsv1
no-tlsv1_1

log-file=/var/log/matrix-__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid
simple-log

# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
total-quota=1200

# recommended additional local peers to block, to mitigate external access to internal services.
# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=127.0.0.0-127.255.255.255

# Max time 12h
max-allocate-lifetime=43200

_TURN_EXTERNAL_IP_