Initial files for danu-signal
This commit is contained in:
Linus Gasser
11
.env.sample
11
.env.sample
@ -1,8 +1,15 @@
|
||||
TYPE=danu-signal
|
||||
|
||||
DOMAIN=danu-signal.example.com
|
||||
DOMAIN=signal.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.danu-signal.example.com`'
|
||||
#EXTRA_DOMAINS=', `www.signal.example.com`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
# Coturn config version (bump when turnserver.conf.tmpl changes)
|
||||
TURNSERVER_CONF_VERSION=v1
|
||||
|
||||
# Coturn credentials - used in turnserver.conf.tmpl
|
||||
COTURN_USER=coturn
|
||||
COTURN_PASSWORD=changeme
|
||||
|
||||
15
README.md
15
README.md
@ -1,12 +1,12 @@
|
||||
# danu-signal
|
||||
|
||||
> One line description of the recipe
|
||||
> Danu signalling server and TURN/STUN relay for WebRTC peer discovery
|
||||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**: 0
|
||||
* **Image**: [`danu-signal`](https://hub.docker.com/r/danu-signal), 4, upstream
|
||||
* **Image**: [`fledgre/flsignal`](https://hub.docker.com/r/fledgre/flsignal), 4, upstream
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: No
|
||||
* **Email**: No
|
||||
@ -17,8 +17,15 @@
|
||||
|
||||
## Quick start
|
||||
|
||||
* `abra app new danu-signal --secrets`
|
||||
* `abra app config <app-name>`
|
||||
* `abra app new danu-signal`
|
||||
* `abra app config <app-name>` – set `DOMAIN`, `COTURN_USER`, `COTURN_PASSWORD`
|
||||
* `abra app deploy <app-name>`
|
||||
|
||||
## Notes
|
||||
|
||||
This recipe deploys two services:
|
||||
|
||||
- **signal**: The [flsignal](https://hub.docker.com/r/fledgre/flsignal) WebSocket signalling server, exposed via Traefik on the configured `DOMAIN`.
|
||||
- **coturn**: A [coturn](https://github.com/coturn/coturn) TURN/STUN server running in host-network mode (required for UDP relay). Configure credentials via `COTURN_USER` and `COTURN_PASSWORD`.
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
|
||||
1
abra.sh
1
abra.sh
@ -1,2 +1,3 @@
|
||||
# Set any config versions here
|
||||
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
||||
export TURNSERVER_CONF_VERSION=v1
|
||||
|
||||
47
compose.yml
47
compose.yml
@ -1,39 +1,42 @@
|
||||
---
|
||||
services:
|
||||
app:
|
||||
image: nginx:1.27.5
|
||||
signal:
|
||||
image: fledgre/flsignal:latest
|
||||
networks:
|
||||
- proxy
|
||||
command: -v
|
||||
volumes:
|
||||
- stats:/stats
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8765"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
## Edit the following line if you are using one, but not both, "Redirect" sections below
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
|
||||
## Redirect HTTP to HTTPS
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
|
||||
## When you're ready for release, run "abra recipe sync <name>" to set this
|
||||
- "coop-cloud.${STACK_NAME}.version="
|
||||
## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
|
||||
# - "backupbot.backup=true"
|
||||
# - "backupbot.backup.path=/some/path"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
|
||||
coturn:
|
||||
image: coturn/coturn
|
||||
network_mode: host
|
||||
configs:
|
||||
- source: turnserver_conf
|
||||
target: /etc/coturn/turnserver.conf
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
stats:
|
||||
|
||||
configs:
|
||||
turnserver_conf:
|
||||
name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
|
||||
file: turnserver.conf.tmpl
|
||||
template_driver: golang
|
||||
|
||||
20
turnserver.conf.tmpl
Normal file
20
turnserver.conf.tmpl
Normal file
@ -0,0 +1,20 @@
|
||||
# Coturn TURN server configuration
|
||||
# See https://github.com/coturn/coturn for full options
|
||||
|
||||
# Static user credentials (username:password)
|
||||
user={{ .Env.COTURN_USER }}:{{ .Env.COTURN_PASSWORD }}
|
||||
|
||||
# The default realm for users
|
||||
realm={{ .Env.DOMAIN }}
|
||||
|
||||
# TURN server allocates address family according to TURN client request.
|
||||
allocation-default-address-family=ipv4
|
||||
|
||||
# Disable RFC5780 (NAT behavior discovery) to reduce amplification attack risk.
|
||||
no-rfc5780
|
||||
|
||||
# Disable old STUN Binding requests; use only XOR-MAPPED-ADDRESS.
|
||||
no-stun-backward-compatibility
|
||||
|
||||
# Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled.
|
||||
response-origin-only-with-rfc5780
|
||||
Reference in New Issue
Block a user