parent
b058967138
commit
eace7979b3
79
Installation-CoTURN-service-pour-prosody.md
Normal file
79
Installation-CoTURN-service-pour-prosody.md
Normal file
@ -0,0 +1,79 @@
|
||||
Prérequis un serveur prosody, un certificat pour notre domaine turn.im.cyberjinh.fr
|
||||
[certbot est notr ami](https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates)
|
||||
|
||||
doc externe : [coturn prosody doc](https://prosody.im/doc/coturn) & [Install Coturn on Debian](https://community.hetzner.com/tutorials/install-turn-stun-server-on-debian-ubuntu-with-coturn)
|
||||
|
||||
Installation coturn
|
||||
```
|
||||
apt-get install coturn
|
||||
```
|
||||
Sauvegarde le conf de base
|
||||
```
|
||||
mv /etc/turnserver.conf /etc/turnserver.conf.orig
|
||||
```
|
||||
Configuration du service coturn
|
||||
```
|
||||
sudo vim /etc/turnservice.conf
|
||||
```
|
||||
```
|
||||
# listening-port=3478
|
||||
tls-listening-port=5349
|
||||
|
||||
fingerprint
|
||||
lt-cred-mech
|
||||
|
||||
use-auth-secret
|
||||
static-auth-secret=replace-this-secret
|
||||
realm=turn.im.cyberjinh.fr
|
||||
|
||||
total-quota=100
|
||||
stale-nonce=600
|
||||
|
||||
pkey = /etc/private/certs/im.cyberjinh.fr/privkey.pem
|
||||
cert = /etc/private/certs/im.cyberjinh.fr/fullchain.pem
|
||||
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
|
||||
|
||||
no-sslv3
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
no-tlsv1_2
|
||||
|
||||
dh2066
|
||||
|
||||
no-stdout-log
|
||||
log-file=/var/tmp/turn.log
|
||||
#log-file=/dev/null
|
||||
|
||||
no-loopback-peers
|
||||
no-multicast-peers
|
||||
|
||||
proc-user=turnserver
|
||||
proc-group=turnserver
|
||||
```
|
||||
Génération du code secret
|
||||
```
|
||||
sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
|
||||
```
|
||||
On ouvre ensuite les ports sur notre firewall en l'occurance sur de l'UDP et TCP port 5349
|
||||
|
||||
On active le service turn sur prosody, cela se fait dans la configuration des modules
|
||||
[turncredentials module](https://modules.prosody.im/mod_turncredentials)
|
||||
```
|
||||
modules_enabled = {
|
||||
-- other modules ...
|
||||
"turncredentials";
|
||||
}
|
||||
```
|
||||
Dans la conf prosody on ajoute en modifiant avec notre secret généré plus haut
|
||||
```
|
||||
turncredentials_host = "turn.im.cyberjinh.fr"
|
||||
turncredentials_secret = "replace-this-secret"
|
||||
```
|
||||
On ajoute a notre serveur DNS les entrés qui vont bien
|
||||
On peut aussi modifié le /etc/hosts de notre machine qui heberge le service TURN
|
||||
On restart les services
|
||||
```
|
||||
sudo systemctl restart prosody coturn.service
|
||||
```
|
||||
En cas de probleme, on peut s'aider de ce site en précisant son serveur STUN de cette façon stun:stun.im.cyberjinh.fr:5349
|
||||
`https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/`
|
||||
Loading…
Reference in New Issue
Block a user