fix TURN/STURN

* remove docker-compose-coturn.yml and replace it with and example-file,
because there are user-data inside, which should not be on git
* add a whole rtc_config_example-coturn.json to be copied to
  rtc_config.json and only the domain <DOMAIN> should be changed.
* modified the documentation
* modified the .gitignore to ignore the files with user-data
This commit is contained in:
Jakobus Schürz 2023-04-22 22:13:20 +02:00
parent 8f4ce63a0c
commit 61b52609bc
7 changed files with 76 additions and 21 deletions

6
.gitignore vendored
View file

@ -3,3 +3,9 @@ node_modules
fqdn.env
/docker/certs
qrcode-svg/
docker-compose-coturn.yml
rtc_config.json
turnserver.conf
logs/*
*.orig
*.log

View file

@ -1,19 +0,0 @@
version: "3"
services:
node:
image: "node:lts-alpine"
user: "node"
working_dir: /home/node/app
volumes:
- ./:/home/node/app
command: ash -c "npm i && npm run start:prod"
restart: unless-stopped
ports:
- "3000:3000"
coturn_server:
image: "coturn/coturn"
restart: always
network_mode: "host"
volumes:
- ./turnserver.conf:/etc/coturn/turnserver.conf
#you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password

View file

@ -0,0 +1,27 @@
version: "3"
services:
node:
image: "node:lts-alpine"
user: "node"
working_dir: /home/node/app
volumes:
- ./:/home/node/app
command: ash -c "npm i && npm run start:prod"
restart: unless-stopped
ports:
- "3000:3000"
environment:
- RTC_CONFIG=/home/node/app/rtc_config.json
- WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
- RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
- TZ=Europa/Vienna # Time Zone
#you need to copy rtc_config_example.json to rtc_config.json and specify domain, IP address, user and password
coturn_server:
image: "coturn/coturn"
restart: always
network_mode: "host"
volumes:
- ./turnserver.conf:/etc/coturn/turnserver.conf
- ./logs/:/var/log/
- /etc/letsencrypt/live/<DOMAIN>/:/etc/letsencrypt/live/<DOMAIN>/
#you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password

View file

@ -397,9 +397,26 @@ Now point your browser to `http://localhost:8080`.
- To stop the containers run `docker-compose stop`.
- To debug the NodeJS server run `docker logs pairdrop_node_1`.
<br>
# Coturn
## docker-compose
- copy `docker-compose-coturn_example.yml` to `docker-compose-coturn.yml`
- copy `rtc_config_example-coturn.json` to `rtc_config.json`
- copy `turnserver_example.conf` to `turnserver.conf`
- change <DOMAIN> in all three files to the domain, where your pairdrop is running
- change user and password for turn-server in `turnserver.conf` and `rtc-config.json`
- To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d`
- To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart`
- To stop the container including coturn run `docker-compose -f docker-compose-coturn.yml stop`
## Firewall
To run PairDrop including its own coturn-server you need to punch holes in the firewall. This ports must be opened additionally:
- 3478 tcp/udp
- 5349 tcp/udp
- 10000:20000 tcp/udp
## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.

View file

@ -0,0 +1,21 @@
{
"sdpSemantics": "unified-plan",
"iceServers": [
{
"urls": "stun:<DOMAIN>:3478"
},
{
"urls": "stuns:<DOMAIN>:5349"
},
{
"urls": "turn:<DOMAIN>:3478",
"username": "user",
"credential": "password"
},
{
"urls": "turns:<DOMAIN>:5349",
"username": "user",
"credential": "password"
}
]
}

View file

@ -6,6 +6,8 @@ server-name=pairdrop
listening-ip=0.0.0.0
# External IP-Address of the TURN server
# if you have a VPN for example on your Server...
#external-ip=<IP_ADDRESS>/<OTHER_IP_ADDRESS>
external-ip=<IP_ADDRESS>
# Main listening port
@ -35,4 +37,5 @@ cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem
# 443 for TURN over TLS, which can bypass firewalls
# the standard-port is 5349
tls-listening-port=443