Working(?) TURN server

2020-09-11 18:14:02 +02:00 · 2020-09-11 18:14:02 +02:00 · cfbd809761
parent 2d78fff08f
commit cfbd809761
5 changed files with 47 additions and 0 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -4,3 +4,5 @@ export STACK_NAME=matrix
 export LETS_ENCRYPT_ENV=production

 export ENTRYPOINT_CONF_VERSION=v1
+export TURNSERVER_CONF_VERSION=v1
+export COTURN_SHARED_SECRET_VERSION=v1
--- a/README.md
+++ b/README.md
@ -9,6 +9,7 @@ image][synapse-docker].
 3. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
   your Docker swarm box
 4. `direnv allow` (or `. .envrc`)
+4. `abra secret_generate coturn_shared_secret`
 5. `abra deploy`
 6. `abra service_run synapse` to open a shell
 7. `register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008`
--- a/compose.yml
+++ b/compose.yml
@ -12,6 +12,8 @@ services:
      - LETSENCRYPT_HOST=${DOMAIN}
      - SYNAPSE_SERVER_NAME=${DOMAIN}
      - SYNAPSE_REPORT_STATS=no
+      - TURN_SERVER=${DOMAIN}
+      - TURN_PORT=3478
    networks: 
      - proxy
    deploy:
@ -31,11 +33,18 @@ services:
      - source: entrypoint_conf
        target: /docker-entrypoint.sh
        mode: 0555
+    secrets:
+      - coturn_shared_secret

  coturn:
    image: instrumentisto/coturn:latest
    networks:
     - swarm_host
+    secrets:
+      - coturn_shared_secret
+    configs:
+      - source: turnserver_conf
+        target: /etc/coturn/turnserver.conf

 volumes:
  synapse:
@ -57,3 +66,12 @@ configs:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
+  turnserver_conf:
+    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
+    file: turnserver.conf.tmpl
+    template_driver: golang
+
+secrets:
+  coturn_shared_secret:    
+    external: true 
+    name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -2,6 +2,17 @@

 if [[ ! -f /data/homeserver.yaml ]]; then
 	/start.py generate
+
+	apt update && apt install -y wget
+	wget https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_amd64 && \
+		chmod +x yq_linux_amd64 && \
+		mv yq_linux_amd64 /bin/yq
+
+	# turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
+	yq w -i /data/homeserver.yaml turn_uris "[]"
+	yq w -i /data/homeserver.yaml turn_uris\[0\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=udp"
+	yq w -i /data/homeserver.yaml turn_uris\[1\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=tcp"
+	yq w -i /data/homeserver.yaml coturn_shared_secret "$(tr -d \"\n\" < /run/secrets/coturn_shared_secret)"
 fi

 /start.py
--- a/turnserver.conf.tmpl
+++ b/turnserver.conf.tmpl
@ -0,0 +1,15 @@
+use-auth-secret
+static-auth-secret={{ secret "coturn_shared_secret" }}
+realm=turn.{{ env "DOMAIN" }}
+
+log-file=stdout
+pidfile=/var/tmp/turnserver.pid
+userdb=/var/tmp/turnserver.db
+
+no-cli
+
+no-tls
+no-dtls
+
+prod
+no-tcp-relay