From 9162b33208caa6c0dd7ccbea4e24754c8e89a6e1 Mon Sep 17 00:00:00 2001
From: afeiszli <alex.feiszli@gmail.com>
Date: Wed, 3 May 2023 17:15:21 -0400
Subject: [PATCH] updating compose files and install/upgrade scripts

---
 compose/docker-compose.ee.yml                 | 22 +++++
 compose/docker-compose.reference.yml          | 17 ++++
 compose/docker-compose.yml                    |  6 +-
 docker/Caddyfile-EE                           | 10 +++
 scripts/nm-quick.sh                           | 52 ++++++++++-
 ...rade.sh => nm-upgrade-0-17-1-to-0-19-0.sh} | 90 +++++++++++++++++--
 6 files changed, 185 insertions(+), 12 deletions(-)
 rename scripts/{nm-upgrade.sh => nm-upgrade-0-17-1-to-0-19-0.sh} (87%)

diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml
index 80139f8d..8ce3f8aa 100644
--- a/compose/docker-compose.ee.yml
+++ b/compose/docker-compose.ee.yml
@@ -33,6 +33,12 @@ services:
       LICENSE_KEY: "YOUR_LICENSE_KEY"
       NETMAKER_ACCOUNT_ID: "YOUR_ACCOUNT_ID"
       DEFAULT_PROXY_MODE: "off"
+      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
+      TURN_SERVER_API_HOST: "https://turnapi.NETMAKER_BASE_DOMAIN"
+      TURN_PORT: "3479"
+      TURN_USERNAME: "REPLACE_TURN_USERNAME"
+      TURN_PASSWORD: "REPLACE_TURN_PASSWORD"
+      USE_TURN: "true"
     ports:
       - "3478:3478/udp"
   netmaker-ui:
@@ -119,6 +125,21 @@ services:
       API_PORT: "8085"
       LICENSE_KEY: "YOUR_LICENSE_KEY"
       PROMETHEUS_HOST: https://prometheus.NETMAKER_BASE_DOMAIN
+  turn:
+    container_name: turn
+    image: gravitl/turnserver:v1.0.0
+    network_mode: "host"
+    volumes:
+      - turn_server:/etc/config
+    environment:
+      DEBUG_MODE: "off"
+      VERBOSITY: "1"
+      TURN_PORT: "3479"
+      TURN_API_PORT: "8089"
+      CORS_ALLOWED_ORIGIN: "*"
+      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
+      USERNAME: "REPLACE_TURN_USERNAME"
+      PASSWORD: "REPLACE_TURN_PASSWORD"
 volumes:
   caddy_data: {}
   caddy_conf: {}
@@ -127,3 +148,4 @@ volumes:
   mosquitto_logs: {}
   prometheus_data: {}
   grafana_data: {}
+  turn_server: {}
diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml
index d595f2fd..ba7aa12d 100644
--- a/compose/docker-compose.reference.yml
+++ b/compose/docker-compose.reference.yml
@@ -95,6 +95,22 @@ services:
     ports:
       - "1883:1883"
       - "8883:8883"
+  turn:
+    container_name: turn
+    image: gravitl/turnserver:v1.0.0
+    network_mode: "host"
+    volumes:
+      - turn_server:/etc/config
+    environment:
+      DEBUG_MODE: "off"
+      VERBOSITY: "1"
+      TURN_PORT: "3479"
+      TURN_API_PORT: "8089"
+      CORS_ALLOWED_ORIGIN: "*"
+      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
+      USERNAME: "REPLACE_TURN_USERNAME"
+      PASSWORD: "REPLACE_TURN_PASSWORD"
+      USE_TURN: "true"
 volumes:
   caddy_data: {} # runtime data for caddy
   caddy_conf: {} # configuration file for Caddy
@@ -102,3 +118,4 @@ volumes:
   sqldata: {} # storage for embedded sqlite
   dnsconfig: {} # storage for coredns
   mosquitto_logs: {} # storage for mqtt logs
+  turn_server: {}
\ No newline at end of file
diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
index c80590c4..aa823612 100644
--- a/compose/docker-compose.yml
+++ b/compose/docker-compose.yml
@@ -35,7 +35,7 @@ services:
       TURN_PORT: "3479"
       TURN_USERNAME: "REPLACE_TURN_USERNAME"
       TURN_PASSWORD: "REPLACE_TURN_PASSWORD"
-      USE_TURN: "false"
+      USE_TURN: "true"
     ports:
       - "3478:3478/udp"
   netmaker-ui:
@@ -97,8 +97,8 @@ services:
       TURN_API_PORT: "8089"
       CORS_ALLOWED_ORIGIN: "*"
       TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
-      USERNAME: "REPLACE_USERNAME"
-      PASSWORD: "REPLACE_PASSWORD"
+      USERNAME: "REPLACE_TURN_USERNAME"
+      PASSWORD: "REPLACE_TURN_PASSWORD"
 volumes:
   caddy_data: {}
   caddy_conf: {}
diff --git a/docker/Caddyfile-EE b/docker/Caddyfile-EE
index aec0d67e..61f39bf8 100644
--- a/docker/Caddyfile-EE
+++ b/docker/Caddyfile-EE
@@ -50,6 +50,16 @@ https://stun.NETMAKER_BASE_DOMAIN {
 	reverse_proxy netmaker:3478
 }
 
+# TURN
+https://turn.NETMAKER_BASE_DOMAIN {
+	reverse_proxy host.docker.internal:3479
+}
+
+#TURN API
+https://turnapi.NETMAKER_BASE_DOMAIN {
+        reverse_proxy http://host.docker.internal:8089
+}
+
 # MQ
 wss://broker.NETMAKER_BASE_DOMAIN {
         reverse_proxy ws://mq:8883
diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh
index 3fd57467..d5b55794 100755
--- a/scripts/nm-quick.sh
+++ b/scripts/nm-quick.sh
@@ -432,6 +432,8 @@ set_install_vars() {
 	echo "                api.$NETMAKER_BASE_DOMAIN"
 	echo "             broker.$NETMAKER_BASE_DOMAIN"
 	echo "               stun.$NETMAKER_BASE_DOMAIN"
+	echo "               turn.$NETMAKER_BASE_DOMAIN"
+	echo "               turnapi.$NETMAKER_BASE_DOMAIN"
 
 	if [ "$INSTALL_TYPE" = "ee" ]; then
 		echo "         prometheus.$NETMAKER_BASE_DOMAIN"
@@ -527,6 +529,51 @@ set_install_vars() {
 		done
 	fi
 
+	unset GET_TURN_USERNAME
+	unset GET_TURN_PASSWORD
+	unset CONFIRM_TURN_PASSWORD
+	echo "Enter Credentials For TURN..."
+	if [ -z $AUTO_BUILD ]; then
+		read -p "TURN Username (click 'enter' to use 'netmaker'): " GET_TURN_USERNAME
+	fi
+	if [ -z "$GET_TURN_USERNAME" ]; then
+	echo "using default username for mq"
+	TURN_USERNAME="netmaker"
+	else
+	TURN_USERNAME="$GET_TURN_USERNAME"
+	fi
+
+	TURN_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
+
+	if [ -z $AUTO_BUILD ]; then  
+		select domain_option in "Auto Generated Password" "Input Your Own Password"; do
+			case $REPLY in
+			1)
+			echo "using random password for turn"
+			break
+			;;      
+			2)
+			while true
+			do
+				echo "Enter your Password For TURN: " 
+				read -s GET_TURN_PASSWORD
+				echo "Enter your password again to confirm: "
+				read -s CONFIRM_TURN_PASSWORD
+				if [ ${GET_TURN_PASSWORD} != ${CONFIRM_TURN_PASSWORD} ]; then
+					echo "wrong password entered, try again..."
+					continue
+				fi
+				TURN_PASSWORD="$GET_TURN_PASSWORD"
+				echo "TURN Password Saved Successfully!!"
+				break
+			done
+			break
+			;;
+			*) echo "invalid option $REPLY";;
+		esac
+		done
+	fi
+
 	wait_seconds 2
 
 	echo "-----------------------------------------------------------------"
@@ -580,8 +627,11 @@ install_netmaker() {
 	sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml
 	sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml
 	sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile
-	sed -i "s/REPLACE_MQ_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml
 	sed -i "s/REPLACE_MQ_USERNAME/$MQ_USERNAME/g" /root/docker-compose.yml 
+	sed -i "s/REPLACE_MQ_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml
+	sed -i "s/REPLACE_TURN_USERNAME/$TURN_USERNAME/g" /root/docker-compose.yml 
+	sed -i "s/REPLACE_TURN_PASSWORD/$TURN_PASSWORD/g" /root/docker-compose.yml
+
 	if [ "$INSTALL_TYPE" = "ee" ]; then
 		sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml
 		sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml
diff --git a/scripts/nm-upgrade.sh b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh
similarity index 87%
rename from scripts/nm-upgrade.sh
rename to scripts/nm-upgrade-0-17-1-to-0-19-0.sh
index f0b3a789..02ae3b6e 100644
--- a/scripts/nm-upgrade.sh
+++ b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh
@@ -259,10 +259,12 @@ collect_server_settings() {
   done
 
   STUN_DOMAIN="stun.$SERVER_NAME"
+  TURN_DOMAIN="turn.$SERVER_NAME"
+  TURNAPI_DOMAIN="turnapi.$SERVER_NAME"
   echo "-----------------------------------------------------"
-  echo "Netmaker v0.18 requires a new DNS entry for $STUN_DOMAIN."
-  echo "Please confirm this is added to your DNS provider before continuing"
-  echo "(note: this is not required if using an nip.io address)"
+  echo "Netmaker v0.19 requires new DNS entries for $STUN_DOMAIN, $TURN_DOMAIN, and $TURNAPI_DOMAIN."
+  echo "Please confirm this is added to your DNS provider before continuing."
+  echo "You can skip this step if using a wildcard DNS entry (e.g. *.$SERVER_NAME) or a nip.io address."
   echo "-----------------------------------------------------"
   confirm
 }
@@ -336,6 +338,16 @@ cat <<EOT >> $INSTALL_PATH/Caddyfile
 https://$STUN_DOMAIN {
   reverse_proxy netmaker:3478
 }
+
+# TURN
+https://$TURN_DOMAIN {
+  reverse_proxy netmaker:3479
+}
+
+#TURN API
+https://turnapi.$TURNAPI_DOMAIN {
+        reverse_proxy http://host.docker.internal:8089
+}
 EOT
 
 }
@@ -384,10 +396,55 @@ set_mq_credentials() {
   done
 }
 
+# set_turn_credentials - sets mq credentials
+set_turn_credentials() {
+
+  unset GET_TURN_USERNAME
+  unset GET_TURN_PASSWORD
+  unset CONFIRM_TURN_PASSWORD
+  echo "Enter Credentials For TURN..."
+  read -p "TURN Username (click 'enter' to use 'netmaker'): " GET_TURN_USERNAME
+  if [ -z "$GET_TURN_USERNAME" ]; then
+    echo "using default username for turn"
+    TURN_USERNAME="netmaker"
+  else
+    TURN_USERNAME="$GET_TURN_USERNAME"
+  fi
+
+  select domain_option in "Auto Generated Password" "Input Your Own Password"; do
+    case $REPLY in
+    1)
+    echo "generating random password for TURN"
+    TURN_PASSWORD=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo '')
+    break
+    ;;      
+      2)
+    while true
+      do
+          echo "Enter your Password For TURN: " 
+          read -s GET_TURN_PASSWORD
+          echo "Enter your password again to confirm: "
+          read -s CONFIRM_TURN_PASSWORD
+          if [ ${GET_TURN_PASSWORD} != ${CONFIRM_TURN_PASSWORD} ]; then
+              echo "wrong password entered, try again..."
+              continue
+          fi
+      TURN_PASSWORD="$GET_TURN_PASSWORD"
+          echo "TURN Password Saved Successfully!!"
+          break
+      done
+        break
+        ;;
+      *) echo "invalid option $REPLY";;
+    esac
+  done
+}
+
 # set_compose - set compose file with proper values
 set_compose() {
 
   set_mq_credentials
+  set_turn_credentials
 
   echo "retrieving updated wait script and mosquitto conf"  
   rm $INSTALL_PATH/wait.sh
@@ -406,21 +463,38 @@ set_compose() {
 
   STUN_PORT=3478
 
-  # RELEASE_REPLACE - Use this once release is ready
-
-  #sed -i "s/v0.17.1/v0.18.6/g" /root/docker-compose.yml
   yq ".services.netmaker.environment.SERVER_NAME = \"$SERVER_NAME\"" -i $INSTALL_PATH/docker-compose.yml
   yq ".services.netmaker.environment += {\"BROKER_ENDPOINT\": \"wss://$BROKER_NAME\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.netmaker.environment += {\"SERVER_BROKER_ENDPOINT\": \"ws://mq:1883\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.netmaker.environment += {\"STUN_LIST\": \"$STUN_DOMAIN:$STUN_PORT,stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302\"}" -i $INSTALL_PATH/docker-compose.yml  
-  yq ".services.netmaker.environment += {\"MQ_PASSWORD\": \"$MQ_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.netmaker.environment += {\"MQ_USERNAME\": \"$MQ_USERNAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"MQ_PASSWORD\": \"$MQ_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"TURN_SERVER_HOST\": \"turn.$SERVER_NAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"TURN_SERVER_API_HOST\": \"turnapi.$SERVER_NAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"TURN_USERNAME\": \"$TURN_USERNAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"TURN_PASSWORD\": \"$TURN_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.netmaker.environment += {\"STUN_PORT\": \"$STUN_PORT\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"TURN_PORT\": \"3479\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.netmaker.environment += {\"USE_TURN\": \"true\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.netmaker.ports += \"3478:3478/udp\"" -i $INSTALL_PATH/docker-compose.yml
 
-  yq ".services.mq.environment += {\"MQ_PASSWORD\": \"$MQ_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
   yq ".services.mq.environment += {\"MQ_USERNAME\": \"$MQ_USERNAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.mq.environment += {\"MQ_PASSWORD\": \"$MQ_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
 
+  yq ".services.turn += {\"container_name\": \"turn\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn += {\"image\": \"gravitl/turnserver:v1.0.0\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn += {\"network_mode\": \"host\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.volumes += {\"turn_server:/etc/config\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"DEBUG_MODE\": \"off\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"VERBOSITY\": \"1\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"TURN_PORT\": \"3479\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"TURN_API_PORT\": \"8089\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"CORS_ALLOWED_ORIGIN\": \"*\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"TURN_SERVER_HOST\": \"$TURN_DOMAIN\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"TURN_USERNAME\": \"$TURN_USERNAME\"}" -i $INSTALL_PATH/docker-compose.yml  
+  yq ".services.turn.environment += {\"TURN_PASSWORD\": \"$TURN_PASSWORD\"}" -i $INSTALL_PATH/docker-compose.yml  
+
+  yq ".services.volumes += {\".turn_server\": \"{}\"}" -i $INSTALL_PATH/docker-compose.yml  
 
   #remove unnecessary ports
   yq eval 'del( .services.netmaker.ports[] | select(. == "51821*") )' -i $INSTALL_PATH/docker-compose.yml