mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
43 lines
1.2 KiB
Text
43 lines
1.2 KiB
Text
lt-cred-mech
|
|
use-auth-secret
|
|
static-auth-secret=__TURNSERVER_PWD__
|
|
realm=__DOMAIN__
|
|
|
|
tls-listening-port=__PORT_TURNSERVER_TLS__
|
|
alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
|
|
min-port=49153
|
|
max-port=49193
|
|
cli-port=__PORT_CLI__
|
|
|
|
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
|
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
|
dh-file=/etc/ssl/private/dh2048.pem
|
|
|
|
# Block clear communication
|
|
no-udp
|
|
no-tcp
|
|
|
|
# Block old protocols
|
|
no-sslv2
|
|
no-sslv3
|
|
no-tlsv1
|
|
no-tlsv1_1
|
|
|
|
log-file=/var/log/matrix-__APP__/turnserver.log
|
|
pidfile=/run/coturn-__APP__/turnserver.pid
|
|
simple-log
|
|
|
|
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
|
|
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
|
|
total-quota=1200
|
|
|
|
# recommended additional local peers to block, to mitigate external access to internal services.
|
|
# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
|
|
no-multicast-peers
|
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
|
denied-peer-ip=127.0.0.0-127.255.255.255
|
|
|
|
# Max time 12h
|
|
max-allocate-lifetime=43200
|
|
|
|
_TURN_EXTERNAL_IP_
|