Update files for coturn (#3953)
* Update docs/configuring-playbook-turn.md: add a section for description about installing Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Update docs/configuring-playbook-turn.md and a related file - Edit the introducion based on docs/configuring-playbook-client-element-web.md - Adopt the commont format by creating the section "Adjusting the playbook configuration" - Add the section "Extending the configuration" - Move the section "Disabling Coturn" to the bottom Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> * Fix capitalization: Coturn → coturn See: https://github.com/coturn/coturn. Note that "coturn" is not capitalized even on the start of a sentence, except some rare cases like on the releases page: https://github.com/coturn/coturn/releases Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> --------- Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org> Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
This commit is contained in:
Suguru Hirahara
GitHub
@ -14,9 +14,9 @@ matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/
|
||||
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
|
||||
|
||||
# The Docker network that Coturn would be put into.
|
||||
# The Docker network that coturn would be put into.
|
||||
#
|
||||
# Because Coturn relays traffic to unvalidated IP addresses,
|
||||
# Because coturn relays traffic to unvalidated IP addresses,
|
||||
# using a dedicated network, isolated from other Docker (and local) services is preferrable.
|
||||
#
|
||||
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
|
||||
@ -24,7 +24,7 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
|
||||
#
|
||||
# Setting `matrix_coturn_container_network` to 'host' will run the container with host networking,
|
||||
# which will drastically improve performance when thousands of ports are opened due to Docker not having to set up forwarding rules for each port.
|
||||
# Running with host networking can be dangerous, as it potentially exposes your local network and its services to Coturn peers.
|
||||
# Running with host networking can be dangerous, as it potentially exposes your local network and its services to coturn peers.
|
||||
# Regardless of the networking mode, we apply a deny list which via `matrix_coturn_denied_peer_ips`,
|
||||
# which hopefully prevents access to such private network ranges.
|
||||
# When running in host-networking mode, you need to adjust the firewall yourself, so that ports are opened.
|
||||
@ -51,17 +51,17 @@ matrix_coturn_container_additional_volumes: []
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_coturn_container_extra_arguments: []
|
||||
|
||||
# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
|
||||
# Controls whether the coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
|
||||
matrix_coturn_container_stun_plain_host_bind_port: "{{ '3478' if matrix_coturn_container_network != 'host' else '' }}"
|
||||
|
||||
# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
|
||||
# Controls whether the coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
|
||||
matrix_coturn_container_stun_tls_host_bind_port: "{{ '5349' if matrix_coturn_container_network != 'host' else '' }}"
|
||||
|
||||
# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
|
||||
# Controls whether the coturn container exposes its TURN UDP port range and which interface to do it on.
|
||||
#
|
||||
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
|
||||
# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
|
||||
@ -93,7 +93,7 @@ matrix_coturn_lt_cred_mech_username: ""
|
||||
# A password used authentication when `matrix_coturn_authentication_method` is `lt-cred-mech`.
|
||||
matrix_coturn_lt_cred_mech_password: ""
|
||||
|
||||
# The external IP address of the machine where Coturn is.
|
||||
# The external IP address of the machine where coturn is.
|
||||
# If do not define an IP address here or in `matrix_coturn_turn_external_ip_addresses`, auto-detection via an EchoIP service will be done.
|
||||
# See `matrix_coturn_turn_external_ip_address_auto_detection_enabled`
|
||||
matrix_coturn_turn_external_ip_address: ''
|
||||
@ -117,11 +117,11 @@ matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_retries_del
|
||||
matrix_coturn_allowed_peer_ips: []
|
||||
|
||||
# We block loopback interfaces and private networks by default to prevent private resources from being accessible.
|
||||
# This is especially important when Coturn does not run within a container network (e.g. `matrix_coturn_container_network: host`).
|
||||
# This is especially important when coturn does not run within a container network (e.g. `matrix_coturn_container_network: host`).
|
||||
#
|
||||
# Learn more: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
|
||||
#
|
||||
# If you're running Coturn for local network peers, you may wish to override these rules.
|
||||
# If you're running coturn for local network peers, you may wish to override these rules.
|
||||
matrix_coturn_denied_peer_ips:
|
||||
- 0.0.0.0-0.255.255.255
|
||||
- 10.0.0.0-10.255.255.255
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_coturn_turn_external_ip_address: "{{ result_matrix_coturn_turn_external_ip_address_auto_detection_echoip_response.json.ip }}"
|
||||
|
||||
- name: Ensure Matrix Coturn path exists
|
||||
- name: Ensure Matrix coturn path exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
@ -43,7 +43,7 @@
|
||||
- {path: "{{ matrix_coturn_docker_src_files_path }}", when: "{{ matrix_coturn_container_image_self_build }}"}
|
||||
when: "item.when | bool"
|
||||
|
||||
- name: Ensure Coturn image is pulled
|
||||
- name: Ensure coturn image is pulled
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
@ -57,7 +57,7 @@
|
||||
|
||||
- when: "matrix_coturn_container_image_self_build | bool"
|
||||
block:
|
||||
- name: Ensure Coturn repository is present on self-build
|
||||
- name: Ensure coturn repository is present on self-build
|
||||
ansible.builtin.git:
|
||||
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
@ -67,7 +67,7 @@
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
register: matrix_coturn_git_pull_results
|
||||
|
||||
- name: Ensure Coturn Docker image is built
|
||||
- name: Ensure coturn Docker image is built
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_coturn_docker_image }}"
|
||||
source: build
|
||||
@ -78,7 +78,7 @@
|
||||
path: "{{ matrix_coturn_docker_src_files_path }}"
|
||||
pull: true
|
||||
|
||||
- name: Ensure Coturn configuration path exists
|
||||
- name: Ensure coturn configuration path exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_coturn_base_path }}"
|
||||
state: directory
|
||||
@ -94,7 +94,7 @@
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure Coturn network is created in Docker
|
||||
- name: Ensure coturn network is created in Docker
|
||||
when: matrix_coturn_container_network not in ['', 'host']
|
||||
community.docker.docker_network:
|
||||
name: "{{ matrix_coturn_container_network }}"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
- name: (Deprecation) Catch and report renamed Coturn settings
|
||||
- name: (Deprecation) Catch and report renamed coturn settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
@ -15,7 +15,7 @@
|
||||
Invalid authentication method specified in `matrix_coturn_authentication_method`
|
||||
when: "matrix_coturn_authentication_method not in ['auth-secret', 'lt-cred-mech']"
|
||||
|
||||
- name: Fail if required Coturn settings not defined
|
||||
- name: Fail if required coturn settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item.name }}`).
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Coturn server
|
||||
Description=Matrix coturn server
|
||||
{% for service in matrix_coturn_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
|
||||
Reference in New Issue
Block a user