2021-11-30 18:20:42 +08:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# Variables
|
|
|
|
|
if [ -z "$NC_DOMAIN" ]; then
|
|
|
|
|
echo "You need to provide the NC_DOMAIN."
|
|
|
|
|
exit 1
|
|
|
|
|
elif [ -z "$TURN_SECRET" ]; then
|
|
|
|
|
echo "You need to provide the TURN_SECRET."
|
|
|
|
|
exit 1
|
|
|
|
|
elif [ -z "$SIGNALING_SECRET" ]; then
|
2022-08-24 03:45:48 +08:00
|
|
|
echo "You need to provide the SIGNALING_SECRET."
|
2021-11-30 18:20:42 +08:00
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2022-10-13 20:04:59 +08:00
|
|
|
set -x
|
2023-03-10 00:08:21 +08:00
|
|
|
IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
|
2022-10-13 20:04:59 +08:00
|
|
|
set +x
|
|
|
|
|
|
|
|
|
|
# Turn
|
2021-11-30 18:20:42 +08:00
|
|
|
cat << TURN_CONF > "/etc/turnserver.conf"
|
2022-06-07 06:43:48 +08:00
|
|
|
listening-port=$TALK_PORT
|
2021-11-30 18:20:42 +08:00
|
|
|
fingerprint
|
2022-03-18 20:09:08 +08:00
|
|
|
lt-cred-mech
|
2021-11-30 18:20:42 +08:00
|
|
|
use-auth-secret
|
|
|
|
|
static-auth-secret=$TURN_SECRET
|
|
|
|
|
realm=$NC_DOMAIN
|
2022-09-07 17:17:53 +08:00
|
|
|
total-quota=0
|
2021-11-30 18:20:42 +08:00
|
|
|
bps-capacity=0
|
|
|
|
|
stale-nonce
|
|
|
|
|
no-multicast-peers
|
|
|
|
|
simple-log
|
|
|
|
|
pidfile=/var/tmp/turnserver.pid
|
2022-12-21 18:22:19 +08:00
|
|
|
no-tls
|
|
|
|
|
no-dtls
|
|
|
|
|
userdb=/var/lib/turn/turndb
|
2022-10-13 20:04:59 +08:00
|
|
|
# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
|
2023-03-10 00:08:21 +08:00
|
|
|
allowed-peer-ip=$IPv4_ADDRESS_TALK
|
2022-10-13 20:04:59 +08:00
|
|
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
|
|
|
|
denied-peer-ip=10.0.0.0-10.255.255.255
|
|
|
|
|
denied-peer-ip=100.64.0.0-100.127.255.255
|
|
|
|
|
denied-peer-ip=127.0.0.0-127.255.255.255
|
|
|
|
|
denied-peer-ip=169.254.0.0-169.254.255.255
|
|
|
|
|
denied-peer-ip=172.16.0.0-172.31.255.255
|
|
|
|
|
denied-peer-ip=192.0.0.0-192.0.0.255
|
|
|
|
|
denied-peer-ip=192.0.2.0-192.0.2.255
|
|
|
|
|
denied-peer-ip=192.88.99.0-192.88.99.255
|
|
|
|
|
denied-peer-ip=192.168.0.0-192.168.255.255
|
|
|
|
|
denied-peer-ip=198.18.0.0-198.19.255.255
|
|
|
|
|
denied-peer-ip=198.51.100.0-198.51.100.255
|
|
|
|
|
denied-peer-ip=203.0.113.0-203.0.113.255
|
|
|
|
|
denied-peer-ip=240.0.0.0-255.255.255.255
|
2021-11-30 18:20:42 +08:00
|
|
|
TURN_CONF
|
|
|
|
|
|
|
|
|
|
# Signling
|
2023-03-22 01:39:18 +08:00
|
|
|
cat << SIGNALING_CONF > "/etc/signaling.conf"
|
2021-11-30 18:20:42 +08:00
|
|
|
[http]
|
|
|
|
|
listen = 0.0.0.0:8081
|
2022-03-18 20:09:08 +08:00
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[app]
|
|
|
|
|
debug = false
|
2022-03-18 20:09:08 +08:00
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[sessions]
|
|
|
|
|
hashkey = $(openssl rand -hex 16)
|
|
|
|
|
blockkey = $(openssl rand -hex 16)
|
2022-03-18 20:09:08 +08:00
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[clients]
|
|
|
|
|
internalsecret = $(openssl rand -hex 16)
|
2022-03-18 20:09:08 +08:00
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[backend]
|
2022-03-18 20:09:08 +08:00
|
|
|
backends = backend-1
|
2021-11-30 18:20:42 +08:00
|
|
|
allowall = false
|
|
|
|
|
timeout = 10
|
|
|
|
|
connectionsperhost = 8
|
2022-03-18 20:09:08 +08:00
|
|
|
|
|
|
|
|
[backend-1]
|
|
|
|
|
url = https://${NC_DOMAIN}
|
|
|
|
|
secret = ${SIGNALING_SECRET}
|
|
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[nats]
|
|
|
|
|
url = nats://127.0.0.1:4222
|
2022-03-18 20:09:08 +08:00
|
|
|
|
2021-11-30 18:20:42 +08:00
|
|
|
[mcu]
|
|
|
|
|
type = janus
|
|
|
|
|
url = ws://127.0.0.1:8188
|
|
|
|
|
SIGNALING_CONF
|
|
|
|
|
|
|
|
|
|
exec "$@"
|
