adrien/automation
adrien/automation
1
1
Fork 0
Code Issues Pull requests Releases Wiki Activity

before testing coturn

Browse source
This commit is contained in:
LUXEY Adrien 2021-01-17 21:22:35 +01:00
parent 7778ea82e8
commit cb1f738eea
4 changed files with 52 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
deployer/group_vars/all/vars.yml
View file

@ -174,6 +174,7 @@ sites:
# Coturn server # Coturn server
coturn: coturn:
static_auth_secret : "{{ vault_synapse_coturn_static_auth_secret }}" static_auth_secret : "{{ vault_synapse_coturn_static_auth_secret }}"
listening_port: 3578
min_port: 49152 min_port: 49152
max_port: 49172 max_port: 49172
external_ip: 92.243.8.85 external_ip: 92.243.8.85

21
deployer/roles/build/tasks/synapse.yml
View file

@ -54,6 +54,27 @@
import_tasks: postgres.yml import_tasks: postgres.yml
tags: postgres tags: postgres
###########################################
# Allow coturn inbound connections in UFW #
###########################################
- name: "Allow inbound port {{ site.coturn.listening_port }} for coturn in UFW"
ufw:
direction: in
from_ip: any
to_port: {{ site.coturn.listening_port }}
proto: any
rule: allow
comment: "coturn TCP/UDP"
- name: "Allow inbound UDP ports {{ site.coturn.min_port }}-{{ site.coturn.max_port }} for coturn un UFW"
ufw:
direction: in
from_ip: any
to_port: "{{ item }}"
loop: "{{ range({{ site.coturn.min_port }}, {{ site.coturn.max_port }} + 1)|list }}"
################# #################
# Setup backups # # Setup backups #
################# #################

17
deployer/roles/build/templates/synapse/turnserver.conf.j2 → deployer/roles/build/templates/synapse/coturn/turnserver.conf.j2
View file

@ -4,6 +4,23 @@
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/templates/turnserver.conf.j2 # https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/templates/turnserver.conf.j2
# in Jan. 2021 # in Jan. 2021
# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
listening-port={{ site.coturn.listening_port }}
# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
# This is needed for RFC 5780 support
# (STUN extension specs, NAT behavior discovery). The TURN Server
# supports RFC 5780 only if it is started with more than one
# listening IP address of the same family (IPv4 or IPv6).
# RFC 5780 is supported only by UDP protocol, other protocols
# are listening to that endpoint only for "symmetry".
#
alt-listening-port=0
use-auth-secret use-auth-secret
static-auth-secret={{ site.coturn.static_auth_secret }} static-auth-secret={{ site.coturn.static_auth_secret }}
realm=turn.{{ site.url }} realm=turn.{{ site.url }}

18
deployer/roles/build/templates/synapse/docker-compose.yml.j2
View file

@ -21,12 +21,20 @@ services:
ipv4_address: "{{ site.subnet_site_ip }}" ipv4_address: "{{ site.subnet_site_ip }}"
turn: turn:
image: coturn/coturn:latest # We use: https://github.com/instrumentisto/coturn-docker-image
image: instrumentisto/coturn-docker-image:latest
restart: unless-stopped restart: unless-stopped
# TODO # We bind directly to host (no proxying the NAT piercer)
# network_mode == host # TCP/UDP: {{ site.coturn.listening_port }}
# give it the turnserver.conf # UDP: {{ site.coturn.min_port }} - {{ site.coturn.max_port }}
# Anything else? network: host
#
volumes:
- type: tmpfs
target: /var/lib/coturn
- type: volume
source: "{{ sites_path }}/{{ site.slug }}/turnserver.conf"
destination: /etc/coturn/turnserver.conf
networks: networks:
net: net: