apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-07 07:55:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
dograh/config/coturn/turnserver.conf

106 lines
3.5 KiB
Text
Raw Permalink Normal View History

feat: add coturn configurations (#143) * feat: add coturn changes * add turn credentials and config * fix: fix setup_remote script and docker compose
2026-02-03 13:52:50 +05:30
# Coturn TURN Server Configuration
# For use with time-limited credentials (TURN REST API)
# =============================================================================
# Listener Configuration
# =============================================================================
# TURN listener port for UDP and TCP
listening-port=3478
# TURN listener port for TLS and DTLS
tls-listening-port=5349
# Relay port range for media
# These ports are used for actual media relay between peers
min-port=49152
max-port=49200
# =============================================================================
# Authentication Configuration (TURN REST API)
# =============================================================================
# Enable TURN REST API authentication (time-limited credentials)
# This uses HMAC-SHA1 based authentication with a shared secret
# Username format: {expiration_timestamp}:{user_id}
# Password: base64(hmac-sha1(secret, username))
use-auth-secret
# Shared secret for TURN REST API authentication
# IMPORTANT: Change this value in production!
# This must match the TURN_SECRET environment variable in the backend API
static-auth-secret=dograh-turn-secret-change-in-production
# Realm for the TURN server (required for long-term credential mechanism)
# This is sent to clients in 401 challenges and used in credential validation
realm=dograh.local
# =============================================================================
# Security Settings
# =============================================================================
# Use fingerprint in TURN messages for additional security
fingerprint
# Disable multicast peers (security best practice)
no-multicast-peers
# Disable CLI interface (not needed in containerized deployment)
no-cli
# =============================================================================
# Logging Configuration
# =============================================================================
# Log to stdout for Docker compatibility
log-file=stdout
# Enable verbose logging (comment out in production for performance)
verbose
# Use ISO-8601 timestamps in logs
new-log-timestamp
# =============================================================================
# Performance & Limits
# =============================================================================
# Total allocation quota (0 = unlimited)
# total-quota=0
# Per-user allocation quota (0 = unlimited)
# user-quota=0
# Max bandwidth per session in bytes per second (0 = unlimited)
# max-bps=0
# =============================================================================
# Network Configuration
# =============================================================================
# For Docker with host networking, external-ip is auto-detected
# For cloud deployments (AWS, GCP), set external IP explicitly:
# external-ip=<PUBLIC_IP>/<PRIVATE_IP>
# Explicitly bind to all interfaces (required for Docker port mapping)
listening-ip=0.0.0.0
# =============================================================================
# STUN Configuration
# =============================================================================
# Allow STUN binding requests (enabled by default)
# no-stun
# =============================================================================
# TLS Configuration (optional - for TURNS)
# =============================================================================
# Uncomment and set paths for TLS support:
# cert=/etc/coturn/certs/turn_server_cert.pem
# pkey=/etc/coturn/certs/turn_server_pkey.pem
# Disable TLS/DTLS if not using certificates
no-tls
no-dtls
Reference in a new issue Copy permalink