elias/vdo.ninja
1
0
Fork 0
mirror of https://github.com/eliasstepanik/vdo.ninja.git synced 2026-01-14 23:28:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update turnserver.md

Browse Source
This commit is contained in:
Steve Seguin 2020-09-10 08:41:58 -04:00 committed by GitHub
parent 17c2ae5fc6
commit a1aab474fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
turnserver.md
View File

@ -20,10 +20,10 @@ sudo apt install net-tools
note: If you run into error 701 issues with your TURN server, check that the coturn service has access to your new SSL certificates:
see this issue with coturn: https://github.com/coturn/coturn/issues/268
Next, we are going to open up some ports... just in case they are blocked by default.
Next, we are going to open up some ports... just in case they are blocked by default. Which exactly? well, these are default ports. TCP may not be needed?
```
sudo ufw allow 60000:62000/tcp
sudo ufw allow 60000:62000/udp
sudo ufw allow 49000:65535/tcp
sudo ufw allow 49000:65535/udp
```
Update turnserver.conf with passwords, domain names, and whatever else that needs changing. Example contents are provided below. Once you have updated it, start the TURN server and ensure it started correctly.
```
@ -32,54 +32,63 @@ sudo vi /etc/turnserver.conf
sudo systemctl restart coturn
sudo systemctl status coturn
sudo systemctl enable coturn
```
The follwoing are the contents of an example /etc/turnserver.conf file.
The follwoing are the contents of an example /etc/turnserver.conf file from above
```
## sudo vi /etc/turnserver.conf
listening-port=3478
## TLS needs an SSL certificate and domain, but enables TCP
tls-listening-port=443
# min-port=10000
# max-port=20000
## Update IP addresses; IPv4 is at least needed
external-ip=51.195.41.189
external-ip=2001:41d0:701:1100::287c
min-port=60000
max-port=62000
## Update domain name
realm=turn.obs.ninja
server-name=turn.obs.ninja
# lt-cred-mech
# userdb=/etc/turnuserdb.conf
## webrtc likes to use this
fingerprint
stale-nonce
no-multicast-peers
# no-stun
## Lets just use Google since its more reliable
no-stun
# oauth
lt-cred-mech
user=steve:setupYourOwnPlease
## Update your credentials
user=USERNAMEHERE:PASSWORDHERE
stale-nonce=600
# max-bps=650000
## depreciated in newer coturn
# no-loopback-peers
no-loopback-peers
## prevents hackers from hacking
no-multicast-peers
## 1-gbps/100 users = ~ 1-mbps each with this setting then
total-quota=100
## use real-valid certificate/privatekey files. Update the location
cert=/etc/letsencrypt/live/turn.obs.ninja/fullchain.pem
pkey=/etc/letsencrypt/live/turn.obs.ninja/privkey.pem
## Tweaks to fix some lets encrypt errors
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
no-sslv3
no-tlsv1
no-tlsv1_1
# no-tlsv1_2
dh2066
# no-udp
# no-tcp
# verbose
no-stdout-log
## bypass the letsencrypt bug; easier than modifying the service, but higher risk of being hacked.
proc-user=root
proc-group=root
```
easier said then done. good luck!