fix TURN/STURN

* remove docker-compose-coturn.yml and replace it with and example-file, because there are user-data inside, which should not be on git * add a whole rtc_config_example-coturn.json to be copied to rtc_config.json and only the domain <DOMAIN> should be changed. * modified the documentation * modified the .gitignore to ignore the files with user-data
2023-04-22 22:13:20 +02:00 · 2023-04-22 22:13:20 +02:00 · 61b52609bc
parent 8f4ce63a0c
commit 61b52609bc
7 changed files with 76 additions and 21 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -2,4 +2,4 @@ node_modules
 .github
 .git*

-*.md
+*.md
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,9 @@ node_modules
 fqdn.env
 /docker/certs
 qrcode-svg/
+docker-compose-coturn.yml
+rtc_config.json
+turnserver.conf
+logs/*
+*.orig
+*.log
--- a/docker-compose-coturn.yml
+++ b/docker-compose-coturn.yml
@ -1,19 +0,0 @@
-version: "3"
-services:
-  node:
-    image: "node:lts-alpine"
-    user: "node"
-    working_dir: /home/node/app
-    volumes:
-      - ./:/home/node/app
-    command: ash -c "npm i && npm run start:prod"
-    restart: unless-stopped
-    ports:
-      - "3000:3000"
-  coturn_server:
-    image: "coturn/coturn"
-    restart: always
-    network_mode: "host"
-    volumes:
-      - ./turnserver.conf:/etc/coturn/turnserver.conf
-    #you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
--- a/docker-compose-coturn_example.yml
+++ b/docker-compose-coturn_example.yml
@ -0,0 +1,27 @@
+version: "3"
+services:
+  node:
+    image: "node:lts-alpine"
+    user: "node"
+    working_dir: /home/node/app
+    volumes:
+      - ./:/home/node/app
+    command: ash -c "npm i && npm run start:prod"
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      - RTC_CONFIG=/home/node/app/rtc_config.json
+      - WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
+      - RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
+      - TZ=Europa/Vienna # Time Zone
+    #you need to copy rtc_config_example.json to rtc_config.json and specify domain, IP address, user and password
+  coturn_server:
+    image: "coturn/coturn"
+    restart: always
+    network_mode: "host"
+    volumes:
+      - ./turnserver.conf:/etc/coturn/turnserver.conf
+      - ./logs/:/var/log/
+      - /etc/letsencrypt/live/<DOMAIN>/:/etc/letsencrypt/live/<DOMAIN>/
+    #you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
--- a/docs/host-your-own.md
+++ b/docs/host-your-own.md
@ -397,9 +397,26 @@ Now point your browser to `http://localhost:8080`.
 - To stop the containers run `docker-compose stop`.
 - To debug the NodeJS server run `docker logs pairdrop_node_1`.

-
 <br>

+# Coturn
+## docker-compose
+
+- copy `docker-compose-coturn_example.yml` to `docker-compose-coturn.yml`
+- copy `rtc_config_example-coturn.json` to `rtc_config.json`
+- copy `turnserver_example.conf` to `turnserver.conf`
+- change <DOMAIN> in all three files to the domain, where your pairdrop is running
+- change user and password for turn-server in `turnserver.conf` and `rtc-config.json`
+- To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d`
+- To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart`
+- To stop the container including coturn run `docker-compose -f docker-compose-coturn.yml stop`
+
+## Firewall
+To run PairDrop including its own coturn-server you need to punch holes in the firewall. This ports must be opened additionally:
+- 3478 tcp/udp
+- 5349 tcp/udp
+- 10000:20000 tcp/udp
+
 ## Testing PWA related features
 PWAs require that the app is served under a correctly set up and trusted TLS endpoint.

--- a/rtc_config_example-coturn.json
+++ b/rtc_config_example-coturn.json
@ -0,0 +1,21 @@
+{
+  "sdpSemantics": "unified-plan",
+  "iceServers": [
+    {
+        "urls": "stun:<DOMAIN>:3478"
+    },
+    {
+        "urls": "stuns:<DOMAIN>:5349"
+    },
+    {
+        "urls": "turn:<DOMAIN>:3478",
+        "username": "user",
+        "credential": "password"
+    },
+    {
+        "urls": "turns:<DOMAIN>:5349",
+        "username": "user",
+        "credential": "password"
+    }
+  ]
+}
--- a/turnserver_example.conf
+++ b/turnserver_example.conf
@ -6,6 +6,8 @@ server-name=pairdrop
 listening-ip=0.0.0.0

 # External IP-Address of the TURN server
+# if you have a VPN for example on your Server...
+#external-ip=<IP_ADDRESS>/<OTHER_IP_ADDRESS>
 external-ip=<IP_ADDRESS>

 # Main listening port
@ -35,4 +37,5 @@ cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
 pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem

 # 443 for TURN over TLS, which can bypass firewalls
+# the standard-port is 5349
 tls-listening-port=443