fix: force FORCE_TURN_RELAY for local IPs in setup

2026-06-07 07:55:16 +02:00 · 2026-05-16 18:37:38 +05:30 · 2026-05-16 18:37:38 +05:30 · fc04f31639
commit fc04f31639
parent 2381a803ad
5 changed files with 160 additions and 18 deletions
--- a/scripts/lib/setup_common.sh
+++ b/scripts/lib/setup_common.sh
@ -98,6 +98,28 @@ dograh_is_ipv4() {
    [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]
 }

+dograh_is_local_ipv4() {
+    local ip=$1
+    local o1 o2 o3 o4 octet
+
+    dograh_is_ipv4 "$ip" || return 1
+    IFS=. read -r o1 o2 o3 o4 <<< "$ip"
+
+    for octet in "$o1" "$o2" "$o3" "$o4"; do
+        [[ "$octet" =~ ^[0-9]+$ ]] || return 1
+        (( octet >= 0 && octet <= 255 )) || return 1
+    done
+
+    (( o1 == 10 )) && return 0
+    (( o1 == 127 )) && return 0
+    (( o1 == 169 && o2 == 254 )) && return 0
+    (( o1 == 172 && o2 >= 16 && o2 <= 31 )) && return 0
+    (( o1 == 192 && o2 == 168 )) && return 0
+    (( o1 == 100 && o2 >= 64 && o2 <= 127 )) && return 0
+
+    return 1
+}
+
 dograh_infer_server_ip() {
    local project_dir=${1:-$(dograh_project_dir)}
    local turn_conf="$project_dir/turnserver.conf"
--- a/scripts/setup_local.sh
+++ b/scripts/setup_local.sh
@ -68,6 +68,8 @@ if [[ "${ENABLE_COTURN:-false}" == "true" ]]; then
            ip=$(hostname -I 2>/dev/null | awk '{print $1}')
            [[ -n "$ip" ]] && { echo "$ip"; return; }
        fi
+
+        return 0
    }

    DEFAULT_TURN_HOST="$(detect_lan_ip)"
@ -100,6 +102,17 @@ if [[ "${ENABLE_COTURN:-false}" == "true" ]]; then
    fi
 fi

+if [[ "${ENABLE_COTURN:-false}" != "true" ]]; then
+    FORCE_TURN_RELAY=false
+elif [[ -z "${FORCE_TURN_RELAY:-}" ]]; then
+    if dograh_is_local_ipv4 "$TURN_HOST"; then
+        FORCE_TURN_RELAY=true
+        echo -e "${YELLOW}Detected a local/private TURN host IP; enabling FORCE_TURN_RELAY=true.${NC}"
+    else
+        FORCE_TURN_RELAY=false
+    fi
+fi
+
 # Telemetry opt-out (default: true)
 ENABLE_TELEMETRY="${ENABLE_TELEMETRY:-true}"

@ -112,6 +125,7 @@ echo -e "  Coturn:        ${BLUE}${ENABLE_COTURN:-false}${NC}"
 if [[ "${ENABLE_COTURN:-false}" == "true" ]]; then
    echo -e "  TURN Host:     ${BLUE}$TURN_HOST${NC}"
    echo -e "  TURN Secret:   ${BLUE}********${NC}"
+    echo -e "  Force relay:   ${BLUE}$FORCE_TURN_RELAY${NC}"
 fi
 echo -e "  Telemetry:     ${BLUE}$ENABLE_TELEMETRY${NC}"
 echo -e "  Registry:      ${BLUE}$REGISTRY${NC}"
@ -155,6 +169,9 @@ OSS_JWT_SECRET=$OSS_JWT_SECRET

 # Telemetry (set to false to disable)
 ENABLE_TELEMETRY=$ENABLE_TELEMETRY
+
+# Relay-only ICE candidates (auto-enabled for local/private TURN host IPs)
+FORCE_TURN_RELAY=$FORCE_TURN_RELAY
 ENV_EOF

 if [[ "${ENABLE_COTURN:-false}" == "true" ]]; then
--- a/scripts/setup_remote.sh
+++ b/scripts/setup_remote.sh
@ -49,6 +49,15 @@ if ! dograh_is_ipv4 "$SERVER_IP"; then
    dograh_fail "Invalid IP address format"
 fi

+if [[ -z "${FORCE_TURN_RELAY:-}" ]]; then
+    if dograh_is_local_ipv4 "$SERVER_IP"; then
+        FORCE_TURN_RELAY=true
+        dograh_warn "Detected a local/private server IP; enabling FORCE_TURN_RELAY=true."
+    else
+        FORCE_TURN_RELAY=false
+    fi
+fi
+
 # Get the TURN secret (skip prompt if TURN_SECRET is already set)
 if [[ -z "${TURN_SECRET:-}" ]]; then
    echo -e "${YELLOW}Enter a shared secret for the TURN server (press Enter to generate a random one):${NC}"
@ -185,6 +194,7 @@ echo -e "${GREEN}Configuration:${NC}"
 echo -e "  Server IP:        ${BLUE}$SERVER_IP${NC}"
 echo -e "  TURN Secret:      ${BLUE}********${NC}"
 echo -e "  Deploy mode:      ${BLUE}$DEPLOY_MODE${NC}"
+echo -e "  Force TURN relay: ${BLUE}$FORCE_TURN_RELAY${NC}"
 echo -e "  FastAPI workers:  ${BLUE}$FASTAPI_WORKERS${NC}  (ports 8000..$((8000 + FASTAPI_WORKERS - 1)))"
 if [[ "$DEPLOY_MODE" == "build" ]]; then
    if [[ "${REPO_SOURCE:-}" == "clone" ]]; then
@ -267,6 +277,7 @@ MINIO_PUBLIC_ENDPOINT=https://$SERVER_IP
 # TURN Server Configuration (time-limited credentials via TURN REST API)
 TURN_HOST=$SERVER_IP
 TURN_SECRET=$TURN_SECRET
+FORCE_TURN_RELAY=$FORCE_TURN_RELAY

 # JWT secret for OSS authentication
 OSS_JWT_SECRET=$OSS_JWT_SECRET