From 6d111e76c79ee12e127a1db28cc26851f12e5667 Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek@a6k.me>
Date: Tue, 3 Feb 2026 13:52:30 +0530
Subject: [PATCH] fix: fix setup_remote script and docker compose

---
 docker-compose.yaml     | 27 ++++++++++++++-------------
 scripts/setup_remote.sh | 19 +++++++++----------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 7dc661f..14ce51c 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -114,9 +114,9 @@ services:
       SENTRY_DSN: "https://3acdb63d5f1f70430953353b82de61e0@o4509486225096704.ingest.us.sentry.io/4510152922693632"
 
       # TURN server configuration (for WebRTC NAT traversal in remote server)
+      # Uses time-limited credentials via TURN REST API (HMAC-SHA1)
       TURN_HOST: "${TURN_HOST:-}"
-      TURN_USERNAME: "${TURN_USERNAME:-}"
-      TURN_PASSWORD: "${TURN_PASSWORD:-}"
+      TURN_SECRET: "${TURN_SECRET:-}"
 
     ports:
       - "8000:8000"
@@ -158,12 +158,6 @@ services:
 
       # Sentry
       SENTRY_DSN: "https://d9387fed5f80e90781f1dbd9b2c0994c@o4509486225096704.ingest.us.sentry.io/4510124708200448"
-
-      # TURN server configuration (for WebRTC NAT traversal in remote server)
-      # Fetched at runtime via /api/config/turn endpoint
-      TURN_HOST: "${TURN_HOST:-}"
-      TURN_USERNAME: "${TURN_USERNAME:-}"
-      TURN_PASSWORD: "${TURN_PASSWORD:-}"
     ports:
       - "3010:3010"
     depends_on:
@@ -196,10 +190,15 @@ services:
     container_name: coturn
     restart: unless-stopped
     profiles: ["remote"]
-    network_mode: host
+    ports:
+      - "3478:3478/udp"
+      - "3478:3478/tcp"
+      - "5349:5349/udp"
+      - "5349:5349/tcp"
+      - "49152-49200:49152-49200/udp"
     environment:
-      TURN_USERNAME: ${TURN_USERNAME}
-      TURN_PASSWORD: ${TURN_PASSWORD}
+      TURN_SECRET: ${TURN_SECRET}
+      TURN_HOST: ${TURN_HOST}
     command: >
       -n
       --listening-port=3478
@@ -207,8 +206,8 @@ services:
       --min-port=49152
       --max-port=49200
       --realm=${TURN_REALM:-dograh.com}
-      --user=${TURN_USERNAME}:${TURN_PASSWORD}
-      --lt-cred-mech
+      --use-auth-secret
+      --static-auth-secret=${TURN_SECRET}
       --fingerprint
       --no-cli
       --log-file=stdout
@@ -216,6 +215,8 @@ services:
       --no-tlsv1
       --no-tlsv1_1
       ${TURN_HOST:+--external-ip=$TURN_HOST}
+    networks:
+      - app-network
 
 volumes:
   postgres_data:
diff --git a/scripts/setup_remote.sh b/scripts/setup_remote.sh
index f35284f..355ce0b 100755
--- a/scripts/setup_remote.sh
+++ b/scripts/setup_remote.sh
@@ -30,20 +30,20 @@ if ! [[ "$SERVER_IP" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
     exit 1
 fi
 
-# Get the TURN password
-echo -e "${YELLOW}Enter a password for the TURN server (press Enter for default 'dograh-turn-secret'):${NC}"
-read -sp "> " TURN_PASSWORD
+# Get the TURN secret
+echo -e "${YELLOW}Enter a shared secret for the TURN server (press Enter to generate a random one):${NC}"
+read -sp "> " TURN_SECRET
 echo ""
 
-if [[ -z "$TURN_PASSWORD" ]]; then
-    TURN_PASSWORD="dograh-turn-secret"
-    echo -e "${BLUE}Using default TURN password${NC}"
+if [[ -z "$TURN_SECRET" ]]; then
+    TURN_SECRET=$(openssl rand -hex 32)
+    echo -e "${BLUE}Generated random TURN secret${NC}"
 fi
 
 echo ""
 echo -e "${GREEN}Configuration:${NC}"
 echo -e "  Server IP:     ${BLUE}$SERVER_IP${NC}"
-echo -e "  TURN Password: ${BLUE}********${NC}"
+echo -e "  TURN Secret:   ${BLUE}********${NC}"
 echo ""
 
 # Create project directory if it doesn't exist
@@ -135,10 +135,9 @@ echo -e "${GREEN}✓ SSL certificates generated${NC}"
 
 echo -e "${BLUE}[5/5] Creating environment file...${NC}"
 cat > .env << ENV_EOF
-# TURN Server Configuration
+# TURN Server Configuration (time-limited credentials via TURN REST API)
 TURN_HOST=$SERVER_IP
-TURN_USERNAME=dograh
-TURN_PASSWORD=$TURN_PASSWORD
+TURN_SECRET=$TURN_SECRET
 
 # Telemetry (set to false to disable)
 ENABLE_TELEMETRY=true