feat: add FORCE_TURN_RELAY variable

scripts/setup_local.sh

@@ -0,0 +1,174 @@
+#!/bin/bash
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}"
+echo "╔══════════════════════════════════════════════════════════════╗"
+echo "║                    Dograh Local Setup                        ║"
+echo "║       Local docker deployment, optional TURN server          ║"
+echo "╚══════════════════════════════════════════════════════════════╝"
+echo -e "${NC}"
+
+# Ask whether to enable coturn (skip prompt if ENABLE_COTURN is already set)
+if [[ -z "$ENABLE_COTURN" ]]; then
+    echo -e "${YELLOW}Enable coturn (TURN server) for WebRTC NAT traversal? [y/N]:${NC}"
+    read -p "> " ENABLE_COTURN_INPUT
+    if [[ "$ENABLE_COTURN_INPUT" =~ ^[Yy] ]]; then
+        ENABLE_COTURN=true
+    else
+        ENABLE_COTURN=false
+    fi
+fi
+
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    # Get the host browsers/peers will use to reach the TURN server
+    if [[ -z "$TURN_HOST" ]]; then
+        echo -e "${YELLOW}Enter the host browsers should use to reach TURN (press Enter for 127.0.0.1):${NC}"
+        read -p "> " TURN_HOST
+    fi
+    TURN_HOST="${TURN_HOST:-127.0.0.1}"
+
+    # Validate that TURN_HOST is either an IP or a hostname (basic check)
+    if ! [[ "$TURN_HOST" =~ ^[A-Za-z0-9.-]+$ ]]; then
+        echo -e "${RED}Error: TURN host must be an IP address or hostname${NC}"
+        exit 1
+    fi
+
+    # Get the TURN secret (skip prompt if TURN_SECRET is already set)
+    if [[ -z "$TURN_SECRET" ]]; then
+        echo -e "${YELLOW}Enter a shared secret for the TURN server (press Enter to generate a random one):${NC}"
+        read -sp "> " TURN_SECRET
+        echo ""
+    fi
+
+    if [[ -z "$TURN_SECRET" ]]; then
+        TURN_SECRET=$(openssl rand -hex 32)
+        echo -e "${BLUE}Generated random TURN secret${NC}"
+    fi
+fi
+
+# Telemetry opt-out (default: true)
+ENABLE_TELEMETRY="${ENABLE_TELEMETRY:-true}"
+
+# Container registry (defaults to the public OSS registry)
+REGISTRY="${REGISTRY:-ghcr.io/dograh-hq}"
+
+echo ""
+echo -e "${GREEN}Configuration:${NC}"
+echo -e "  Coturn:        ${BLUE}$ENABLE_COTURN${NC}"
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    echo -e "  TURN Host:     ${BLUE}$TURN_HOST${NC}"
+    echo -e "  TURN Secret:   ${BLUE}********${NC}"
+fi
+echo -e "  Telemetry:     ${BLUE}$ENABLE_TELEMETRY${NC}"
+echo -e "  Registry:      ${BLUE}$REGISTRY${NC}"
+echo ""
+
+# Download compose file (skip when DOGRAH_SKIP_DOWNLOAD=1 — e.g. local repo testing).
+TOTAL_STEPS=2
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    TOTAL_STEPS=3
+fi
+
+if [[ "$DOGRAH_SKIP_DOWNLOAD" != "1" ]]; then
+    echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml...${NC}"
+    curl -sS -o docker-compose.yaml https://raw.githubusercontent.com/dograh-hq/dograh/main/docker-compose.yaml
+    echo -e "${GREEN}✓ docker-compose.yaml downloaded${NC}"
+else
+    echo -e "${BLUE}[1/$TOTAL_STEPS] Using docker-compose.yaml in current directory${NC}"
+fi
+
+# Generate turnserver.conf if coturn is enabled
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    echo -e "${BLUE}[2/$TOTAL_STEPS] Creating TURN server configuration...${NC}"
+    cat > turnserver.conf << TURN_EOF
+# Coturn TURN Server - Docker Configuration (local)
+# Auto-generated by setup_local.sh
+
+# Listener ports
+listening-port=3478
+tls-listening-port=5349
+
+# Relay port range
+min-port=49152
+max-port=49200
+
+# Network - external IP for NAT traversal
+external-ip=$TURN_HOST
+
+# Realm
+realm=dograh.com
+
+# Authentication (TURN REST API with time-limited credentials)
+use-auth-secret
+static-auth-secret=$TURN_SECRET
+
+# Security
+fingerprint
+no-cli
+no-multicast-peers
+
+# Logging
+log-file=stdout
+TURN_EOF
+    echo -e "${GREEN}✓ turnserver.conf created${NC}"
+fi
+
+# Generate .env
+ENV_STEP=$TOTAL_STEPS
+echo -e "${BLUE}[$ENV_STEP/$TOTAL_STEPS] Creating environment file...${NC}"
+OSS_JWT_SECRET=$(openssl rand -hex 32)
+
+cat > .env << ENV_EOF
+# Container registry for Dograh images
+REGISTRY=$REGISTRY
+
+# JWT secret for OSS authentication
+OSS_JWT_SECRET=$OSS_JWT_SECRET
+
+# Telemetry (set to false to disable)
+ENABLE_TELEMETRY=$ENABLE_TELEMETRY
+ENV_EOF
+
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    cat >> .env << ENV_EOF
+
+# TURN Server Configuration (time-limited credentials via TURN REST API)
+TURN_HOST=$TURN_HOST
+TURN_SECRET=$TURN_SECRET
+ENV_EOF
+fi
+echo -e "${GREEN}✓ .env file created${NC}"
+
+echo ""
+echo -e "${GREEN}╔══════════════════════════════════════════════════════════════╗${NC}"
+echo -e "${GREEN}║                    Setup Complete!                           ║${NC}"
+echo -e "${GREEN}╚══════════════════════════════════════════════════════════════╝${NC}"
+echo ""
+echo -e "Files created in ${BLUE}$(pwd)${NC}:"
+echo "  - docker-compose.yaml"
+echo "  - .env"
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    echo "  - turnserver.conf"
+fi
+echo ""
+if [[ "$ENABLE_COTURN" == "true" ]]; then
+    echo -e "${YELLOW}To start Dograh with TURN, run:${NC}"
+    echo ""
+    echo -e "  ${BLUE}docker compose --profile local-turn up --pull always${NC}"
+else
+    echo -e "${YELLOW}To start Dograh, run:${NC}"
+    echo ""
+    echo -e "  ${BLUE}docker compose up --pull always${NC}"
+fi
+echo ""
+echo -e "${YELLOW}Your application will be available at:${NC}"
+echo ""
+echo -e "  ${BLUE}http://localhost:3010${NC}"
+echo ""

scripts/setup_remote.sh

@@ -204,6 +204,9 @@ echo -e "${BLUE}[6/6] Creating environment file...${NC}"
 OSS_JWT_SECRET=$(openssl rand -hex 32)
 
 cat > .env << ENV_EOF
+# Change environment from local to production so that coturn filters local IPs
+ENVIRONMENT=production
+
 # Backend API endpoint (public URL the backend uses to build webhook/embed links)
 BACKEND_API_ENDPOINT=https://$SERVER_IP