From 2b11e015069c37b40acac41ccfaccea313067ec9 Mon Sep 17 00:00:00 2001 From: Miguel Gagliardo Date: Sat, 30 Mar 2024 13:29:03 +0000 Subject: [PATCH] Tweaking coturn service, removing TCP and fixing TLS (enforcing >TLS1.2) --- matrix/config/turnserver.conf | 5 ++--- matrix/coturn.service | 16 ++++++++++++++++ matrix/install.sh | 8 ++++++-- 3 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 matrix/coturn.service diff --git a/matrix/config/turnserver.conf b/matrix/config/turnserver.conf index 104942a..fb71a86 100644 --- a/matrix/config/turnserver.conf +++ b/matrix/config/turnserver.conf @@ -746,6 +746,5 @@ syslog # Do not allow an TLS/DTLS version of protocol # -#no-tlsv1 -#no-tlsv1_1 -#no-tlsv1_2 +no-tlsv1 +no-tlsv1_1 diff --git a/matrix/coturn.service b/matrix/coturn.service new file mode 100644 index 0000000..f24df42 --- /dev/null +++ b/matrix/coturn.service @@ -0,0 +1,16 @@ +[Unit] +Description=coTURN STUN/TURN Server +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=network.target + +[Service] +User=root +Group=root +Type=notify +ExecStart=/usr/bin/turnserver -c /etc/turnserver.conf --pidfile= +Restart=on-failure +InaccessibleDirectories=/home +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target diff --git a/matrix/install.sh b/matrix/install.sh index 2974f99..3821397 100755 --- a/matrix/install.sh +++ b/matrix/install.sh @@ -32,8 +32,8 @@ ufw allow 443/tcp ufw allow 8448/tcp # Coturn Ports -ufw allow 3478/tcp -ufw allow 5443/tcp +ufw allow 3478/udp +ufw allow 5443/udp ufw allow 49152:65535/udp # Enable firewall @@ -54,6 +54,10 @@ sed -i "s|TURN_PWD|${TURN_PWD}|g" /etc/turnserver.conf sed -i "s|EXTERNAL_IP|${EXTERNAL_IP}|g" /etc/turnserver.conf sed -i "s|STATIC_SECRET|${TURN_STATIC_SECRET}|g" /etc/turnserver.conf +# Custom coturn SystemD service file to allow coturn access to Letsencrypt SSL certs +cp "${BASE_DIR}/coturn.service" /lib/systemd/system/coturn.service +systemctl daemon-reload + # Add Docker's official GPG key echo -e "Install docker\n"