# TURN server name and realm
# realm can be domain or <IP-ADDRESS>
realm=<DOMAIN>
server-name=pairdrop

# IPs the TURN server listens to
listening-ip=0.0.0.0

# External IP-Address of the TURN server
# only needed, if coturn is behind a NAT
#external-ip=<IP_ADDRESS>

# relay-ip is needed for tls turns connections
# it can be set multiple times. A local IP is sufficient (not 127.0.0.1!!)
relay-ip=<SOME_LOCAL_IP_ADDRESS>

# Main listening port
listening-port=3478

# 443 for TURN over TLS, which can bypass firewalls
tls-listening-port=5349

# Further ports that are open for communication
min-port=10000
max-port=20000

# Use fingerprint in TURN message
fingerprint

# Log file path
# - is logging to STDOUT, so it's visible in docker-compose logs 
log-file=-

# Enable verbose logging
verbose

# Specify the user for the TURN authentification
user=user:password

# Enable long-term credential mechanism
lt-cred-mech

# SSL certificates
cert=/etc/letsencrypt/fullchain.pem
pkey=/etc/letsencrypt/privkey.pem
dh-file=/etc/dhparam.pem

# For security-reasons disable old ssl and tls-protocols
no-sslv3
no-tlsv1
no-tlsv1_1

stale-nonce=600