Merge pull request #1254 from nextcloud/enh/591/turnserver

Improve turn server

Containers/talk/Dockerfile

@@ -10,6 +10,7 @@ RUN set -ex; \
         curl \
         ca-certificates \
         netcat \
+        dnsutils \
     ; \
     rm -rf /var/lib/apt/lists/*
 

Containers/talk/start.sh

@@ -15,7 +15,11 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
-# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
+set -x
+IPv4_ADDRESS="$(dig nextcloud-aio-talk A +short)"
+set +x
+
+# Turn
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -32,6 +36,22 @@ pidfile=/var/tmp/turnserver.pid
 no-tls
 no-dtls
 userdb=/var/lib/turn/turndb
+# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
+allowed-peer-ip=$IPv4_ADDRESS
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=100.64.0.0-100.127.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+denied-peer-ip=169.254.0.0-169.254.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+denied-peer-ip=192.0.0.0-192.0.0.255
+denied-peer-ip=192.0.2.0-192.0.2.255
+denied-peer-ip=192.88.99.0-192.88.99.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+denied-peer-ip=198.18.0.0-198.19.255.255
+denied-peer-ip=198.51.100.0-198.51.100.255
+denied-peer-ip=203.0.113.0-203.0.113.255
+denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
 # Janus