[__coturn] Add support for common parameters and extra-config.
extra-config allows for any complex setup to be defined and managed by the type user.
This commit is contained in:
parent
45f601c911
commit
61bd5b5958
7 changed files with 80 additions and 20 deletions
|
@ -157,8 +157,8 @@ cat << EOF
|
||||||
# Lower and upper bounds of the UDP relay endpoints:
|
# Lower and upper bounds of the UDP relay endpoints:
|
||||||
# (default values are 49152 and 65535)
|
# (default values are 49152 and 65535)
|
||||||
#
|
#
|
||||||
min-port=49152
|
min-port=$MIN_PORT
|
||||||
max-port=65535
|
max-port=$MAX_PORT
|
||||||
|
|
||||||
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
||||||
# By default the verbose mode is off.
|
# By default the verbose mode is off.
|
||||||
|
@ -437,7 +437,15 @@ cat << EOF
|
||||||
# Uncomment if no UDP relay endpoints are allowed.
|
# Uncomment if no UDP relay endpoints are allowed.
|
||||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
||||||
#
|
#
|
||||||
#no-udp-relay
|
EOF
|
||||||
|
|
||||||
|
if [ "$NO_UDP_RELAY" ]; then
|
||||||
|
echo 'no-udp-relay'
|
||||||
|
else
|
||||||
|
echo '#no-udp-relay'
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat << EOF
|
||||||
|
|
||||||
# Uncomment if no TCP relay endpoints are allowed.
|
# Uncomment if no TCP relay endpoints are allowed.
|
||||||
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
||||||
|
@ -445,7 +453,7 @@ cat << EOF
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ "$NO_TCP_RELAY" ]; then
|
if [ "$NO_TCP_RELAY" ]; then
|
||||||
echo 'no-tcp-releay'
|
echo 'no-tcp-relay'
|
||||||
else
|
else
|
||||||
echo '#no-tcp-relay'
|
echo '#no-tcp-relay'
|
||||||
fi
|
fi
|
||||||
|
@ -781,3 +789,10 @@ cat << EOF
|
||||||
#no-tlsv1_1
|
#no-tlsv1_1
|
||||||
#no-tlsv1_2
|
#no-tlsv1_2
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
if [ -n "$EXTRA_CONFIG" ]; then
|
||||||
|
cat <<EOF
|
||||||
|
# Extra configuration (overrides any previous settings)
|
||||||
|
$EXTRA_CONFIG
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
|
@ -8,8 +8,7 @@ cdist-type__coturn - Install and configure a coturn TURN server
|
||||||
|
|
||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
This (singleton) type install and configure a coturn TURN
|
This (singleton) type installs and configures a coturn TURN server.
|
||||||
server.
|
|
||||||
|
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
|
@ -20,36 +19,54 @@ None.
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
static_auth_secret
|
static_auth_secret
|
||||||
Secret used to access the TURN REST API.
|
Secret used to access the TURN REST API.
|
||||||
|
|
||||||
realm
|
realm
|
||||||
Defailt realm.
|
Default realm.
|
||||||
|
|
||||||
allowed-peer
|
allowed-peer
|
||||||
Allow specific ip addresses or ranges of ip addresses. Can be specified multiple times.
|
Allow specific IP addresses or ranges of IP addresses. Can be specified multiple times.
|
||||||
|
|
||||||
denied-peer
|
denied-peer
|
||||||
Ban specific ip addresses or ranges of ip addresses. Can be specified multiple times.
|
Ban specific IP addresses or ranges of IP addresses. Can be specified multiple times.
|
||||||
|
|
||||||
cert
|
cert
|
||||||
Path to certificate file. Absolute or relative
|
Path to certificate file. Absolute or relative. Use PEM file format.
|
||||||
|
|
||||||
pkey
|
pkey
|
||||||
Patch to privaty key file. Use PEM file format.
|
Patch to private key file. Use PEM file format.
|
||||||
|
|
||||||
|
min-port
|
||||||
|
Lower bound of the UDP port range for relay endpoints allocation.
|
||||||
|
Default value is 49152, according to RFC 5766.
|
||||||
|
|
||||||
|
max-port
|
||||||
|
Upper bound of the UDP port range for relay endpoints allocation.
|
||||||
|
Default value is 65535, according to RFC 5766.
|
||||||
|
|
||||||
|
extra-config
|
||||||
|
This will be appended verbatim to the end of `coturn.conf`, use this for more
|
||||||
|
complex setups where the parameters exposed by this type are not enough.
|
||||||
|
If its value is `-`, stdin will be used.
|
||||||
|
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
Allows TURN credentials to be accounted for a specific user id.
|
Allows TURN credentials to be accounted for a specific user id.
|
||||||
|
|
||||||
no-tcp-relay
|
no-tcp-relay
|
||||||
Disable TCP relay endpoints.
|
Disable TCP relay endpoints.
|
||||||
|
|
||||||
|
no-udp-relay
|
||||||
|
Disable UDP relay endpoints.
|
||||||
|
|
||||||
no-tls
|
no-tls
|
||||||
Disable TLS listener.
|
Disable TLS listener.
|
||||||
|
|
||||||
no-dtls
|
no-dtls
|
||||||
Disable DTLS listener.
|
Disable DTLS listener.
|
||||||
|
|
||||||
|
|
||||||
EXAMPLES
|
EXAMPLES
|
||||||
--------
|
--------
|
||||||
|
@ -60,6 +77,15 @@ EXAMPLES
|
||||||
--realm turn.domain.tld \
|
--realm turn.domain.tld \
|
||||||
--no_tcp_relay
|
--no_tcp_relay
|
||||||
|
|
||||||
|
__coturn \
|
||||||
|
--realm turn.domain.tld \
|
||||||
|
--extra-config '-' <<EOF
|
||||||
|
# Debug logging
|
||||||
|
Verbose
|
||||||
|
# Use a redis database
|
||||||
|
redis-userdb="ip=[::1] dbname=coturn password=secret port=6379 connect_timeout=2"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -59,6 +59,10 @@ if [ -f "$__object/parameter/no-tcp-relay" ]; then
|
||||||
export NO_TCP_RELAY=1
|
export NO_TCP_RELAY=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/no-udp-relay" ]; then
|
||||||
|
export NO_UDP_RELAY=1
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f "$__object/parameter/allowed-peer" ]; then
|
if [ -f "$__object/parameter/allowed-peer" ]; then
|
||||||
ALLOWED_PEERS=$(cat "$__object/parameter/allowed-peer")
|
ALLOWED_PEERS=$(cat "$__object/parameter/allowed-peer")
|
||||||
export ALLOWED_PEERS
|
export ALLOWED_PEERS
|
||||||
|
@ -84,13 +88,22 @@ if [ -f "$__object/parameter/pkey" ]; then
|
||||||
export PKEY
|
export PKEY
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/extra-config" ]; then
|
||||||
|
EXTRA_CONFIG=$(cat $__object/parameter/extra-config)
|
||||||
|
if [ "$EXTRA_CONFIG" = "-" ]; then
|
||||||
|
EXTRA_CONFIG=$(cat "$__object/stdin")
|
||||||
|
fi
|
||||||
|
export EXTRA_CONFIG
|
||||||
|
fi
|
||||||
|
|
||||||
|
export MIN_PORT=$(cat "$__object/parameter/min-port")
|
||||||
|
export MAX_PORT=$(cat "$__object/parameter/max-port")
|
||||||
|
|
||||||
# Generate and deploy configuration file.
|
# Generate and deploy configuration file.
|
||||||
mkdir -p "$__object/files"
|
mkdir -p "$__object/files"
|
||||||
"$__type/files/turnserver.conf.sh" > "$__object/files/turnserver.conf"
|
"$__type/files/turnserver.conf.sh" > "$__object/files/turnserver.conf"
|
||||||
|
|
||||||
require="__package/coturn" __file $coturn_config \
|
require="__package/coturn" __file $coturn_config \
|
||||||
--source "$__object/files/turnserver.conf" \
|
--source "$__object/files/turnserver.conf" \
|
||||||
--owner turnserver
|
--owner turnserver \
|
||||||
|
--onchange 'service coturn restart'
|
||||||
# Restart coturn server.
|
|
||||||
require="__file/$coturn_config" __service coturn --action restart
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
no-tcp-relay
|
no-tcp-relay
|
||||||
|
no-udp-relay
|
||||||
no-tls
|
no-tls
|
||||||
no-dtls
|
no-dtls
|
||||||
|
|
1
type/__coturn/parameter/default/max-port
Normal file
1
type/__coturn/parameter/default/max-port
Normal file
|
@ -0,0 +1 @@
|
||||||
|
65535
|
1
type/__coturn/parameter/default/min-port
Normal file
1
type/__coturn/parameter/default/min-port
Normal file
|
@ -0,0 +1 @@
|
||||||
|
49152
|
|
@ -2,3 +2,6 @@ static-auth-secret
|
||||||
realm
|
realm
|
||||||
cert
|
cert
|
||||||
pkey
|
pkey
|
||||||
|
min-port
|
||||||
|
max-port
|
||||||
|
extra-config
|
||||||
|
|
Loading…
Reference in a new issue