parent
b058967138
commit
eace7979b3
79
Installation-CoTURN-service-pour-prosody.md
Normal file
79
Installation-CoTURN-service-pour-prosody.md
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
Prérequis un serveur prosody, un certificat pour notre domaine turn.im.cyberjinh.fr
|
||||||
|
[certbot est notr ami](https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates)
|
||||||
|
|
||||||
|
doc externe : [coturn prosody doc](https://prosody.im/doc/coturn) & [Install Coturn on Debian](https://community.hetzner.com/tutorials/install-turn-stun-server-on-debian-ubuntu-with-coturn)
|
||||||
|
|
||||||
|
Installation coturn
|
||||||
|
```
|
||||||
|
apt-get install coturn
|
||||||
|
```
|
||||||
|
Sauvegarde le conf de base
|
||||||
|
```
|
||||||
|
mv /etc/turnserver.conf /etc/turnserver.conf.orig
|
||||||
|
```
|
||||||
|
Configuration du service coturn
|
||||||
|
```
|
||||||
|
sudo vim /etc/turnservice.conf
|
||||||
|
```
|
||||||
|
```
|
||||||
|
# listening-port=3478
|
||||||
|
tls-listening-port=5349
|
||||||
|
|
||||||
|
fingerprint
|
||||||
|
lt-cred-mech
|
||||||
|
|
||||||
|
use-auth-secret
|
||||||
|
static-auth-secret=replace-this-secret
|
||||||
|
realm=turn.im.cyberjinh.fr
|
||||||
|
|
||||||
|
total-quota=100
|
||||||
|
stale-nonce=600
|
||||||
|
|
||||||
|
pkey = /etc/private/certs/im.cyberjinh.fr/privkey.pem
|
||||||
|
cert = /etc/private/certs/im.cyberjinh.fr/fullchain.pem
|
||||||
|
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
|
||||||
|
|
||||||
|
no-sslv3
|
||||||
|
no-tlsv1
|
||||||
|
no-tlsv1_1
|
||||||
|
no-tlsv1_2
|
||||||
|
|
||||||
|
dh2066
|
||||||
|
|
||||||
|
no-stdout-log
|
||||||
|
log-file=/var/tmp/turn.log
|
||||||
|
#log-file=/dev/null
|
||||||
|
|
||||||
|
no-loopback-peers
|
||||||
|
no-multicast-peers
|
||||||
|
|
||||||
|
proc-user=turnserver
|
||||||
|
proc-group=turnserver
|
||||||
|
```
|
||||||
|
Génération du code secret
|
||||||
|
```
|
||||||
|
sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
|
||||||
|
```
|
||||||
|
On ouvre ensuite les ports sur notre firewall en l'occurance sur de l'UDP et TCP port 5349
|
||||||
|
|
||||||
|
On active le service turn sur prosody, cela se fait dans la configuration des modules
|
||||||
|
[turncredentials module](https://modules.prosody.im/mod_turncredentials)
|
||||||
|
```
|
||||||
|
modules_enabled = {
|
||||||
|
-- other modules ...
|
||||||
|
"turncredentials";
|
||||||
|
}
|
||||||
|
```
|
||||||
|
Dans la conf prosody on ajoute en modifiant avec notre secret généré plus haut
|
||||||
|
```
|
||||||
|
turncredentials_host = "turn.im.cyberjinh.fr"
|
||||||
|
turncredentials_secret = "replace-this-secret"
|
||||||
|
```
|
||||||
|
On ajoute a notre serveur DNS les entrés qui vont bien
|
||||||
|
On peut aussi modifié le /etc/hosts de notre machine qui heberge le service TURN
|
||||||
|
On restart les services
|
||||||
|
```
|
||||||
|
sudo systemctl restart prosody coturn.service
|
||||||
|
```
|
||||||
|
En cas de probleme, on peut s'aider de ce site en précisant son serveur STUN de cette façon stun:stun.im.cyberjinh.fr:5349
|
||||||
|
`https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/`
|
Loading…
Reference in New Issue
Block a user