#jinja2: lstrip_blocks: "True"

# Adapted from 
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/templates/turnserver.conf.j2
# in Jan. 2021

realm=turn.{{ site.url }}
use-auth-secret
static-auth-secret={{ site.coturn.static_auth_secret }}

# Listener IP address of relay server. Multiple listeners can be specified.
# If no IP(s) specified in the config file or in the command line options,
# then all IPv4 and IPv6 system IPs will be used for listening.
#
listening-ip={{ site.coturn.external_ip }}

# Relay address (the local IP address that will be used to relay the
# packets to the peer).
# Multiple relay addresses may be used.
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
#
# If no relay IP(s) specified, then the turnserver will apply the default
# policy: it will decide itself which relay addresses to be used, and it
# will always be using the client socket IP address as the relay IP address
# of the TURN session (if the requested relay address family is the same
# as the family of the client socket).
# 
relay-ip={{ site.coturn.external_ip }}

external-ip={{ site.coturn.external_ip }}

# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
listening-port={{ site.coturn.listening_port }}

# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
# This is needed for RFC 5780 support
# (STUN extension specs, NAT behavior discovery). The TURN Server
# supports RFC 5780 only if it is started with more than one
# listening IP address of the same family (IPv4 or IPv6).
# RFC 5780 is supported only by UDP protocol, other protocols
# are listening to that endpoint only for "symmetry".
#
#alt-listening-port=0


min-port={{ site.coturn.min_port }}
max-port={{ site.coturn.min_port }}


#log-file=stdout
pidfile=/var/lib/coturn/turnserver.pid
userdb=/var/lib/coturn/turnserver.db

# PROD
#prod
# DEBUG
verbose

no-cli
no-tls
no-dtls

no-tcp-relay

{% if site.coturn.user_quota != None %}
user-quota={{ site.coturn.user_quota }}
{% endif %}
{% if site.coturn.total_quota != None %}
total-quota={{ site.coturn.total_quota }}
{% endif %}

{% for ip_range in site.coturn.denied_peer_ips %}
denied-peer-ip={{ ip_range }}
{% endfor %}
{% for ip_range in site.coturn.allowed_peer_ips %}
allowed-peer-ip={{ ip_range }}
{% endfor %}
#allowed-peer-ip={{ site.coturn.external_ip }}