mirror of http://138.197.108.81/gattes/matrix.git
Tweaking coturn service, removing TCP and fixing TLS (enforcing >TLS1.2)
This commit is contained in:
parent
47998d1efc
commit
2b11e01506
|
@ -746,6 +746,5 @@ syslog
|
|||
|
||||
# Do not allow an TLS/DTLS version of protocol
|
||||
#
|
||||
#no-tlsv1
|
||||
#no-tlsv1_1
|
||||
#no-tlsv1_2
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
[Unit]
|
||||
Description=coTURN STUN/TURN Server
|
||||
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
Group=root
|
||||
Type=notify
|
||||
ExecStart=/usr/bin/turnserver -c /etc/turnserver.conf --pidfile=
|
||||
Restart=on-failure
|
||||
InaccessibleDirectories=/home
|
||||
PrivateTmp=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -32,8 +32,8 @@ ufw allow 443/tcp
|
|||
ufw allow 8448/tcp
|
||||
|
||||
# Coturn Ports
|
||||
ufw allow 3478/tcp
|
||||
ufw allow 5443/tcp
|
||||
ufw allow 3478/udp
|
||||
ufw allow 5443/udp
|
||||
ufw allow 49152:65535/udp
|
||||
|
||||
# Enable firewall
|
||||
|
@ -54,6 +54,10 @@ sed -i "s|TURN_PWD|${TURN_PWD}|g" /etc/turnserver.conf
|
|||
sed -i "s|EXTERNAL_IP|${EXTERNAL_IP}|g" /etc/turnserver.conf
|
||||
sed -i "s|STATIC_SECRET|${TURN_STATIC_SECRET}|g" /etc/turnserver.conf
|
||||
|
||||
# Custom coturn SystemD service file to allow coturn access to Letsencrypt SSL certs
|
||||
cp "${BASE_DIR}/coturn.service" /lib/systemd/system/coturn.service
|
||||
systemctl daemon-reload
|
||||
|
||||
# Add Docker's official GPG key
|
||||
echo -e "Install docker\n"
|
||||
|
||||
|
|
Loading…
Reference in New Issue