coturn: configure TURN for use with BBB
This commit is contained in:
parent
dcc8dfa14b
commit
224d6ef256
@ -1,4 +1,10 @@
|
||||
---
|
||||
|
||||
- name: Reload systemd
|
||||
systemd: daemon_reload=yes
|
||||
|
||||
- name: Restart coturn
|
||||
service: name=coturn state=restarted
|
||||
|
||||
- name: Run acertmgr
|
||||
command: /usr/bin/acertmgr
|
||||
|
4
roles/coturn/meta/main.yml
Normal file
4
roles/coturn/meta/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
dependencies:
|
||||
- { role: acertmgr }
|
@ -3,6 +3,28 @@
|
||||
- name: Install coturn
|
||||
apt: name=coturn
|
||||
|
||||
- name: Create coturn service override directory
|
||||
file: path=/etc/systemd/system/coturn.service.d state=directory
|
||||
|
||||
- name: Configure coturn service override
|
||||
template: src=coturn.override.j2 dest=/etc/systemd/system/coturn.service.d/override.conf
|
||||
notify:
|
||||
- Reload systemd
|
||||
- Restart coturn
|
||||
|
||||
- name: Create gitea directories
|
||||
file: path={{ item }} state=directory owner=turnserver
|
||||
with_items:
|
||||
- /etc/turnserver
|
||||
- /etc/turnserver/certs
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/turnserver/certs/{{ coturn_realm }}.key -out /etc/turnserver/certs/{{ coturn_realm }}.crt -days 730 -subj "/CN={{ coturn_realm }}" creates=/etc/turnserver/certs/{{ coturn_realm }}.crt
|
||||
|
||||
- name: Configure certificate manager
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ coturn_realm }}.conf
|
||||
notify: Run acertmgr
|
||||
|
||||
- name: Configure coturn
|
||||
template: src={{ item }}.j2 dest=/etc/{{ item }}
|
||||
with_items:
|
||||
|
15
roles/coturn/templates/certs.j2
Normal file
15
roles/coturn/templates/certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ coturn_realm }}:
|
||||
- path: /etc/turnserver/certs/{{ coturn_realm }}.key
|
||||
user: turnserver
|
||||
group: turnserver
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service coturn restart'
|
||||
- path: /etc/turnserver/certs/{{ coturn_realm }}.crt
|
||||
user: turnserver
|
||||
group: turnserver
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service coturn restart'
|
2
roles/coturn/templates/coturn.override.j2
Normal file
2
roles/coturn/templates/coturn.override.j2
Normal file
@ -0,0 +1,2 @@
|
||||
[Service]
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
@ -15,7 +15,7 @@
|
||||
# Note: actually, TLS & DTLS sessions can connect to the
|
||||
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
||||
#
|
||||
#listening-port=3478
|
||||
listening-port=443
|
||||
|
||||
# TURN listener port for TLS (Default: 5349).
|
||||
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
||||
@ -27,7 +27,7 @@
|
||||
# TLS version 1.0, 1.1 and 1.2.
|
||||
# For secure UDP connections, Coturn supports DTLS version 1.
|
||||
#
|
||||
#tls-listening-port=5349
|
||||
tls-listening-port=443
|
||||
|
||||
# Alternative listening port for UDP and TCP listeners;
|
||||
# default (or zero) value means "listening port plus one".
|
||||
@ -125,7 +125,10 @@
|
||||
#
|
||||
# By default, this value is empty, and no address mapping is used.
|
||||
#
|
||||
#external-ip=60.70.80.91
|
||||
external-ip={{ ansible_default_ipv4.address }}
|
||||
{% if ansible_default_ipv6.address is defined %}
|
||||
external-ip={{ ansible_default_ipv6.address }}
|
||||
{% endif %}
|
||||
#
|
||||
#OR:
|
||||
#
|
||||
@ -399,17 +402,17 @@ realm={{ coturn_realm }}
|
||||
# Uncomment if no TCP client listener is desired.
|
||||
# By default TCP client listener is always started.
|
||||
#
|
||||
no-tcp
|
||||
#no-tcp
|
||||
|
||||
# Uncomment if no TLS client listener is desired.
|
||||
# By default TLS client listener is always started.
|
||||
#
|
||||
no-tls
|
||||
#no-tls
|
||||
|
||||
# Uncomment if no DTLS client listener is desired.
|
||||
# By default DTLS client listener is always started.
|
||||
#
|
||||
no-dtls
|
||||
#no-dtls
|
||||
|
||||
# Uncomment if no UDP relay endpoints are allowed.
|
||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
||||
@ -746,6 +749,6 @@ mobility
|
||||
|
||||
# Do not allow an TLS/DTLS version of protocol
|
||||
#
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
no-tlsv1_2
|
||||
#no-tlsv1
|
||||
#no-tlsv1_1
|
||||
#no-tlsv1_2
|
||||
|
@ -1145,7 +1145,7 @@ oembed:
|
||||
|
||||
# The public URIs of the TURN server to give to clients
|
||||
#
|
||||
turn_uris: ["turn:{{ coturn_realm }}:3478?transport=udp"]
|
||||
turn_uris: ["turn:{{ coturn_realm }}:443?transport=udp"]
|
||||
|
||||
# The shared secret used to compute passwords for the TURN server
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user