listening-port=3478
alt-listening-port=3479

## TLS needs an SSL certificate and domain, but enables TCP
tls-listening-port=443
alt-tls-listening-port=444

# min-port=10000
# max-port=20000

realm=www.turn.obs.ninja
server-name=www.turn.obs.ninja

fingerprint

## Lets just use Google since its more reliable
no-stun

lt-cred-mech
user=UUUUU:PPPPPPPPPPPPP

stale-nonce=600

## depreciated in newer coturn
# no-loopback-peers

no-multicast-peers

## 1-gbps/100 users = 1mbps each
total-quota=100

cert=/var/certs/turn_obs_ninja_chain.crt
pkey=/var/certs/turn_obs_ninja.key

## Tweaks to fix some lets encrypt errors
# cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# no-sslv3
# no-tlsv1
# no-tlsv1_1
# no-tlsv1_2
dh2066

# max-bps=650000
# no-udp
# no-tcp

#verbose
no-stdout-log

## bypass the letsencrypt bug; easier than modifying the service
#proc-user=root
#proc-group=root