Initial working version

2024-04-11 13:25:10 -03:00 · 2024-04-11 13:25:10 -03:00 · a57c0f994f
parent f2ceb2024c
commit a57c0f994f
3 changed files with 68 additions and 8 deletions
--- a/abra.sh
+++ b/abra.sh
@ -0,0 +1 @@
+export TURNSERVER_CONF_VERSION=v1
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: nginx:1.20.0
+    image: screensy/website
    networks:
      - proxy
    deploy:
@ -11,7 +11,7 @@ services:
        condition: on-failure
      labels:
        - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@ -20,13 +20,45 @@ services:
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.version="
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 10
+    #   start_period: 1m
+  
+  rendezvous:
+    image: screensy/rendezvous
+    networks:
+      - proxy
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-rendezvous.loadbalancer.server.port=4000"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && HeadersRegexp(`Connection`, `.*Upgrade.*`) && Headers(`Upgrade`, `websocket`)"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
+  turn:
+    image: "coturn/coturn:4.5.2"
+    # Use the host network directly as Docker performs badly with
+    # large port ranges
+    networks:
+      - host
+    configs:
+      - source: turnserver_conf
+        target: /etc/coturn/turnserver.conf

 networks:
  proxy:
    external: true
+  host:
+    external: true
+
+configs:
+  turnserver_conf:
+    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
+    file: turnserver.conf.tmpl
+    template_driver: golang
--- a/turnserver.conf.tmpl
+++ b/turnserver.conf.tmpl
@ -0,0 +1,27 @@
+# Set the value below to your public IP address or domain.
+external-ip={{ env "DOMAIN" }}
+
+# Set the TURN/STUN server listener port for UDP and TCP.
+listening-port=3478
+
+# Create a default static user account with username "screensy" and password
+# "screensy".
+user=screensy:screensy
+
+# Use long-term credential mechanism to prevent completely anonymous access by
+# spammers.
+lt-cred-mech
+
+# Set the realm to be used for the users. Required by lt-cred-mech.
+realm=screensy
+
+# Turn off the CLI support since we do not support it.
+no-cli
+
+# Do not start TLS client listener since we do not support it. This is not
+# dangerous, since even with an unencrypted TURN server, the WebRTC data cannot
+# be compromised.
+no-tls
+
+# Do not start DTLS client listener since we do not support it.
+no-dtls