coturn: configure TURN for use with BBB

This commit is contained in:
Markus 2022-01-27 21:12:28 +01:00
parent dcc8dfa14b
commit 224d6ef256
7 changed files with 62 additions and 10 deletions

View File

@ -1,4 +1,10 @@
---
- name: Reload systemd
systemd: daemon_reload=yes
- name: Restart coturn
service: name=coturn state=restarted
- name: Run acertmgr
command: /usr/bin/acertmgr

View File

@ -0,0 +1,4 @@
---
dependencies:
- { role: acertmgr }

View File

@ -3,6 +3,28 @@
- name: Install coturn
apt: name=coturn
- name: Create coturn service override directory
file: path=/etc/systemd/system/coturn.service.d state=directory
- name: Configure coturn service override
template: src=coturn.override.j2 dest=/etc/systemd/system/coturn.service.d/override.conf
notify:
- Reload systemd
- Restart coturn
- name: Create gitea directories
file: path={{ item }} state=directory owner=turnserver
with_items:
- /etc/turnserver
- /etc/turnserver/certs
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/turnserver/certs/{{ coturn_realm }}.key -out /etc/turnserver/certs/{{ coturn_realm }}.crt -days 730 -subj "/CN={{ coturn_realm }}" creates=/etc/turnserver/certs/{{ coturn_realm }}.crt
- name: Configure certificate manager
template: src=certs.j2 dest=/etc/acertmgr/{{ coturn_realm }}.conf
notify: Run acertmgr
- name: Configure coturn
template: src={{ item }}.j2 dest=/etc/{{ item }}
with_items:

View File

@ -0,0 +1,15 @@
---
{{ coturn_realm }}:
- path: /etc/turnserver/certs/{{ coturn_realm }}.key
user: turnserver
group: turnserver
perm: '400'
format: key
action: '/usr/sbin/service coturn restart'
- path: /etc/turnserver/certs/{{ coturn_realm }}.crt
user: turnserver
group: turnserver
perm: '400'
format: crt,ca
action: '/usr/sbin/service coturn restart'

View File

@ -0,0 +1,2 @@
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE

View File

@ -15,7 +15,7 @@
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
#listening-port=3478
listening-port=443
# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
@ -27,7 +27,7 @@
# TLS version 1.0, 1.1 and 1.2.
# For secure UDP connections, Coturn supports DTLS version 1.
#
#tls-listening-port=5349
tls-listening-port=443
# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
@ -125,7 +125,10 @@
#
# By default, this value is empty, and no address mapping is used.
#
#external-ip=60.70.80.91
external-ip={{ ansible_default_ipv4.address }}
{% if ansible_default_ipv6.address is defined %}
external-ip={{ ansible_default_ipv6.address }}
{% endif %}
#
#OR:
#
@ -399,17 +402,17 @@ realm={{ coturn_realm }}
# Uncomment if no TCP client listener is desired.
# By default TCP client listener is always started.
#
no-tcp
#no-tcp
# Uncomment if no TLS client listener is desired.
# By default TLS client listener is always started.
#
no-tls
#no-tls
# Uncomment if no DTLS client listener is desired.
# By default DTLS client listener is always started.
#
no-dtls
#no-dtls
# Uncomment if no UDP relay endpoints are allowed.
# By default UDP relay endpoints are enabled (like in RFC 5766).
@ -746,6 +749,6 @@ mobility
# Do not allow an TLS/DTLS version of protocol
#
no-tlsv1
no-tlsv1_1
no-tlsv1_2
#no-tlsv1
#no-tlsv1_1
#no-tlsv1_2

View File

@ -1145,7 +1145,7 @@ oembed:
# The public URIs of the TURN server to give to clients
#
turn_uris: ["turn:{{ coturn_realm }}:3478?transport=udp"]
turn_uris: ["turn:{{ coturn_realm }}:443?transport=udp"]
# The shared secret used to compute passwords for the TURN server
#