From 8a236244b576fa07b082d16b998ef672d72af6b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz=20=28admin=29?= Date: Mon, 24 Apr 2023 00:39:20 +0200 Subject: [PATCH] make changes for working turns --- turnserver_example.conf | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/turnserver_example.conf b/turnserver_example.conf index 00063d4..fea03e8 100644 --- a/turnserver_example.conf +++ b/turnserver_example.conf @@ -1,4 +1,5 @@ # TURN server name and realm +# realm can be domain or realm= server-name=pairdrop @@ -6,13 +7,18 @@ server-name=pairdrop listening-ip=0.0.0.0 # External IP-Address of the TURN server -# if you have a VPN for example on your Server... -#external-ip=/ external-ip= +# relay-ip is needed for tls turns connections +relay-ip= + # Main listening port listening-port=3478 +# 443 for TURN over TLS, which can bypass firewalls +# the standard-port is 5349 +tls-listening-port=443 + # Further ports that are open for communication min-port=10000 max-port=20000 @@ -34,9 +40,13 @@ user=user:password lt-cred-mech # SSL certificates -cert=/etc/letsencrypt/live//cert.pem -pkey=/etc/letsencrypt/live//privkey.pem +cert=/etc/letsencrypt/fullchain.pem +pkey=/etc/letsencrypt/privkey.pem +dh-file=/etc/dhparam.pem -# 443 for TURN over TLS, which can bypass firewalls -# the standard-port is 5349 -tls-listening-port=443 +# For security-reasons disable old ssl and tls-protocols +no-sslv3 +no-tlsv1 +no-tlsv1_1 + +stale-nonce=600