53 lines
1.1 KiB
Text
53 lines
1.1 KiB
Text
# TURN server name and realm
|
|
# realm can be domain or <IP-ADDRESS>
|
|
realm=<DOMAIN>
|
|
server-name=pairdrop
|
|
|
|
# IPs the TURN server listens to
|
|
listening-ip=0.0.0.0
|
|
|
|
# External IP-Address of the TURN server
|
|
# only needed, if coturn is behind a NAT
|
|
#external-ip=<IP_ADDRESS>
|
|
|
|
# relay-ip is needed for tls turns connections
|
|
# it can be set multiple times. A local IP is sufficient (not 127.0.0.1!!)
|
|
relay-ip=<SOME_LOCAL_IP_ADDRESS>
|
|
|
|
# Main listening port
|
|
listening-port=3478
|
|
|
|
# 443 for TURN over TLS, which can bypass firewalls
|
|
tls-listening-port=5349
|
|
|
|
# Further ports that are open for communication
|
|
min-port=10000
|
|
max-port=20000
|
|
|
|
# Use fingerprint in TURN message
|
|
fingerprint
|
|
|
|
# Log file path
|
|
# - is logging to STDOUT, so it's visible in docker-compose logs
|
|
log-file=-
|
|
|
|
# Enable verbose logging
|
|
verbose
|
|
|
|
# Specify the user for the TURN authentification
|
|
user=user:password
|
|
|
|
# Enable long-term credential mechanism
|
|
lt-cred-mech
|
|
|
|
# SSL certificates
|
|
cert=/etc/letsencrypt/fullchain.pem
|
|
pkey=/etc/letsencrypt/privkey.pem
|
|
dh-file=/etc/dhparam.pem
|
|
|
|
# For security-reasons disable old ssl and tls-protocols
|
|
no-sslv3
|
|
no-tlsv1
|
|
no-tlsv1_1
|
|
|
|
stale-nonce=600
|