mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
47 lines
1.3 KiB
Text
47 lines
1.3 KiB
Text
lt-cred-mech
|
|
use-auth-secret
|
|
static-auth-secret={{ turnserver_pwd }}
|
|
realm={{ domain }}
|
|
|
|
tls-listening-port={{ port_turnserver_tls }}
|
|
alt-tls-listening-port={{ port_turnserver_alt_tls }}
|
|
min-port=49153
|
|
max-port=49193
|
|
cli-port={{ port_cli }}
|
|
|
|
cert=/etc/yunohost/certs/{{ domain }}/crt.pem
|
|
pkey=/etc/yunohost/certs/{{ domain }}/key.pem
|
|
dh-file=/etc/ssl/private/dh2048.pem
|
|
|
|
{% if enable_dtls_for_audio_video_turn_call == 'true' %}
|
|
# Block clear communication
|
|
no-udp
|
|
no-tcp
|
|
{% endif %}
|
|
|
|
# Block old protocols
|
|
no-sslv2
|
|
no-sslv3
|
|
no-tlsv1
|
|
no-tlsv1_1
|
|
|
|
log-file=/var/log/matrix-{{ app }}/turnserver.log
|
|
pidfile=/run/coturn-{{ app }}/turnserver.pid
|
|
simple-log
|
|
|
|
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
|
|
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
|
|
total-quota=1200
|
|
|
|
# recommended additional local peers to block, to mitigate external access to internal services.
|
|
# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
|
|
no-multicast-peers
|
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
|
denied-peer-ip=127.0.0.0-127.255.255.255
|
|
|
|
# Max time 12h
|
|
max-allocate-lifetime=43200
|
|
|
|
{%- for ip in turn_external_ip.strip(',').split(',') %}
|
|
external-ip={{ ip }}
|
|
{%- endfor %}
|