From ef719bcee422b79e24240a8ca1faca6164e9e199 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Thu, 29 Oct 2020 19:45:42 +0200
Subject: [PATCH] Update for COTURN

---
 compose.coturn.yml | 35 ++++++++++++++++++++++++++++
 compose.yml        | 58 ++++++++++++----------------------------------
 gen.sh             |  6 +++++
 3 files changed, 56 insertions(+), 43 deletions(-)
 create mode 100644 compose.coturn.yml
 create mode 100755 gen.sh

diff --git a/compose.coturn.yml b/compose.coturn.yml
new file mode 100644
index 0000000..e6caee7
--- /dev/null
+++ b/compose.coturn.yml
@@ -0,0 +1,35 @@
+services:
+  app:
+    environment:
+      - TURN_SERVER=${DOMAIN}
+      - TURN_PORT=3478
+    secrets:
+      - coturn_shared_secret
+
+  coturn:
+    image: instrumentisto/coturn:latest
+    networks:
+     - swarm_host
+    secrets:
+      - coturn_shared_secret
+    configs:
+      - source: turnserver_conf
+        target: /etc/coturn/turnserver.conf
+
+configs:
+  turnserver_conf:
+    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
+    file: turnserver.conf.tmpl
+    template_driver: golang
+
+secrets:
+  coturn_shared_secret:    
+    external: true 
+    name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}
+
+networks:
+  # use host-mode networking until Docker can handle mass port-forwards:
+  # https://github.com/moby/moby/issues/11185
+  swarm_host:
+    external:
+      name: 'host'
diff --git a/compose.yml b/compose.yml
index b03bbed..0d504e4 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,7 +2,7 @@
 version: "3.8"
 
 services:
-  synapse:
+  app:
     image: "matrixdotorg/synapse:latest"
     volumes:
       - "synapse:/data"
@@ -12,66 +12,38 @@ services:
       - LETSENCRYPT_HOST=${DOMAIN}
       - SYNAPSE_SERVER_NAME=${DOMAIN}
       - SYNAPSE_REPORT_STATS=no
-      - TURN_SERVER=${DOMAIN}
-      - TURN_PORT=3478
     networks: 
       - proxy
+    configs:
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
+        mode: 0555
+    entrypoint: /docker-entrypoint.sh
     deploy:
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8008"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
       restart_policy:
         condition: on-failure
         delay: "60s"
         max_attempts: 3
         window: 120s
-    entrypoint: /docker-entrypoint.sh
-    configs:
-      - source: entrypoint_conf
-        target: /docker-entrypoint.sh
-        mode: 0555
-    secrets:
-      - coturn_shared_secret
-
-  coturn:
-    image: instrumentisto/coturn:latest
-    networks:
-     - swarm_host
-    secrets:
-      - coturn_shared_secret
-    configs:
-      - source: turnserver_conf
-        target: /etc/coturn/turnserver.conf
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8008"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
 
 volumes:
   synapse:
-  traefik_letsencrypt:
-    external: true
 
 networks:
   proxy:
     external: true
-  internal:
-  # use host-mode networking until Docker can handle mass port-forwards:
-  # https://github.com/moby/moby/issues/11185
-  swarm_host:
-    external:
-      name: 'host'
 
 configs:
   entrypoint_conf:
     name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
-  turnserver_conf:
-    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
-    file: turnserver.conf.tmpl
-    template_driver: golang
-
-secrets:
-  coturn_shared_secret:    
-    external: true 
-    name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}
diff --git a/gen.sh b/gen.sh
new file mode 100755
index 0000000..332054c
--- /dev/null
+++ b/gen.sh
@@ -0,0 +1,6 @@
+secret="screw\$naval5seem!herb" && \
+time=$(date +%s) && \
+expiry=8400 && \
+username=$(( $time + $expiry )) &&\
+echo username:$username && \
+echo password : $(echo -n $username | openssl dgst -binary -sha1 -hmac $secret | openssl base64)