wip coturn

2023-03-11 11:44:17 +01:00 · 2023-03-11 11:44:17 +01:00 · 6b8a94ba2e
commit 6b8a94ba2e
parent 850ea784e7
5 changed files with 120 additions and 0 deletions
--- a/cluster/prod/app/coturn/config/docker-entrypoint.sh
+++ b/cluster/prod/app/coturn/config/docker-entrypoint.sh
@ -0,0 +1,15 @@
+#!/bin/sh
+
+turnserver \
+    -n \
+    --external-ip=$(detect-external-ip) \
+    --min-port=49160 \
+    --max-port=49169 \
+    --log-file=stdout \
+    --use-auth-secret \
+    --realm turn.deuxfleurs.fr \
+    --no-cli \
+    --no-tls \
+    --no-dtls \
+    --prometheus \
+    --static-auth-secret '{{ key "secrets/coturn/static-auth-secret" | trimSpace }}' 
--- a/cluster/prod/app/coturn/deploy/coturn.hcl
+++ b/cluster/prod/app/coturn/deploy/coturn.hcl
@ -0,0 +1,87 @@
+job "coturn" {
+  datacenters = ["neptune", "orion"]
+  type = "service"
+
+  priority = 100
+
+  constraint {
+    attribute = "${attr.cpu.arch}"
+    value     = "amd64"
+  }
+
+  group "main" {
+    count = 1
+
+    network {
+      port "prometheus" { static = 9641 }
+      port "turn_ctrl" { static = 3478 }
+      port "turn_data0" { static = 49160 }
+      port "turn_data1" { static = 49161 }
+      port "turn_data2" { static = 49162 }
+      port "turn_data3" { static = 49163 }
+      port "turn_data4" { static = 49164 }
+      port "turn_data5" { static = 49165 }
+      port "turn_data6" { static = 49166 }
+      port "turn_data7" { static = 49167 }
+      port "turn_data8" { static = 49168 }
+      port "turn_data9" { static = 49169 }
+    }
+
+    task "turnserver" {
+      driver = "docker"
+      config {
+        image = "coturn/coturn:4.6.1-r2-alpine"
+        ports = [ "prometheus", "turn_ctrl", "turn_data0", "turn_data1", "turn_data2",
+                  "turn_data3", "turn_data4", "turn_data5", "turn_data6", "turn_data7",
+                  "turn_data8", "turn_data9" ]
+        network_mode = "host"
+        volumes = [
+          "secrets/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh",
+        ]
+      }
+
+      template {
+        data = file("../config/docker-entrypoint.sh")
+        destination = "secrets/docker-entrypoint.sh"
+        perms = 555
+      }
+
+      resources {
+        memory = 20
+        memory_max = 50
+        cpu = 50
+      }
+
+      service {
+        name = "coturn"
+        tags = [
+          "coturn",
+          "d53-cname turn.deuxfleurs.fr",
+          "(diplonat (tcp_port 3478) (udp_port 3478 49160 49161 49162 49163 49164 49165 49166 49167 49168 49169))",
+        ]
+        port = "turn_ctrl"
+        check {
+          type = "http"
+          protocol = "http"
+          port = "prometheus"
+          path = "/"
+          interval = "60s"
+          timeout = "5s"
+          check_restart {
+            limit = 3
+            grace = "600s"
+            ignore_warnings = false
+          }
+        }
+      }
+
+      restart {
+        interval = "30m"
+        attempts = 20
+        delay    = "15s"
+        mode     = "delay"
+      }
+    }
+  }
+}
+
--- a/cluster/prod/app/coturn/integration/cmd.sh
+++ b/cluster/prod/app/coturn/integration/cmd.sh
@ -0,0 +1,7 @@
+docker run \
+    --name coturn \
+    --rm \
+    -it \
+    -v `pwd`/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh \
+    --network=host \
+    coturn/coturn:4.6.1-r2-alpine
--- a/cluster/prod/app/coturn/readme.md
+++ b/cluster/prod/app/coturn/readme.md
@ -0,0 +1,6 @@
+stun+turn
+tcp: 3478
+udp: 49160-49169
+
+prometheus:
+tcp: 9641
--- a/cluster/prod/app/coturn/secrets.toml
+++ b/cluster/prod/app/coturn/secrets.toml
@ -0,0 +1,5 @@
+# coturn 
+[secrets."coturn/static-auth-secret"]
+type = 'command'
+rotate = true
+command = "openssl rand -base64 64|tr -d '\n'"