From 476f6f78c12bcd861f7e30a4c8110a4e0ecc448a Mon Sep 17 00:00:00 2001 From: Elias Hackradt Date: Thu, 17 Jun 2021 23:10:08 +0200 Subject: [PATCH] Fixed some default limits --- defaults/main.yml | 4 ++++ tasks/main.yml | 5 ----- templates/turnserver.conf.j2 | 25 +++++++++++++------------ 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4d54a79..ee13b93 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,10 @@ --- coturn_listening_port: 3478 coturn_tls_listening_port: 443 +coturn_min_port: 4096 +coturn_max_port: 65535 +coturn_user_quota: 0 +coturn_total_quota: 0 listening_ip: "{{ ansible_host }}" # (D)TLS is currently unsupported by Nextcloud Talk and does not have a real diff --git a/tasks/main.yml b/tasks/main.yml index dcef9e1..e19a98b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -80,8 +80,3 @@ group: root mode: 0644 notify: restart coturn - -- name: Start / Restart coturn - service: - name: coturn - state: restarted diff --git a/templates/turnserver.conf.j2 b/templates/turnserver.conf.j2 index 7d8abfd..0ce51a0 100644 --- a/templates/turnserver.conf.j2 +++ b/templates/turnserver.conf.j2 @@ -152,8 +152,8 @@ external-ip={{ ip }} # Lower and upper bounds of the UDP relay endpoints: # (default values are 49152 and 65535) # -#min-port=49152 -#max-port=65535 +min-port={{ coturn_min_port }} +max-port={{ coturn_max_port }} # Uncomment to run TURN server in 'normal' 'moderate' verbose mode. # By default the verbose mode is off. @@ -178,7 +178,7 @@ fingerprint # Uncomment to use long-term credential mechanism. # By default no credentials mechanism is used (any user allowed). # -lt-cred-mech +# lt-cred-mech # This option is opposite to lt-cred-mech. # (TURN Server with no-auth option allows anonymous access). @@ -360,14 +360,15 @@ realm={{ coturn_realm }} # Per-user allocation quota. # default value is 0 (no quota, unlimited number of sessions per user). # This option can also be set through the database, for a particular realm. -# -#user-quota=0 +# 24-32 +user-quota={{ coturn_user_quota }} # Total allocation quota. # default value is 0 (no quota). # This option can also be set through the database, for a particular realm. # -total-quota=100 +# 240000 +total-quota={{ coturn_total_quota }} # Max bytes-per-second bandwidth a TURN session is allowed to handle # (input and output network streams are treated separately). Anything above @@ -422,7 +423,7 @@ bps-capacity=0 # It defaults to 600 secs (10 min) if no value is provided. After that delay, # the client will get 438 error and will have to re-authenticate itself. # -stale-nonce +# stale-nonce # Uncomment if you want to set the maximum allocation # time before it has to be refreshed. @@ -633,7 +634,7 @@ denied-peer-ip={{ ip }} # Mobility with ICE (MICE) specs support. # -#mobility +# mobility # Allocate Address Family according # If enabled then TURN server allocates address family according the TURN @@ -641,7 +642,7 @@ denied-peer-ip={{ ip }} # (By default coTURN works according RFC 6156.) # !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! # -#keep-address-family +# keep-address-family # User name to run the process. After the initialization, the turnserver process # will make an attempt to change the current user ID to that user. @@ -657,7 +658,7 @@ denied-peer-ip={{ ip }} # By default it is always ON. # See also options cli-ip and cli-port. # -#no-cli +no-cli #Local system IP address to be used for CLI server endpoint. Default value # is 127.0.0.1. @@ -718,6 +719,6 @@ denied-peer-ip={{ ip }} # Do not allow an TLS/DTLS version of protocol # -#no-tlsv1 -#no-tlsv1_1 +no-tlsv1 +no-tlsv1_1 #no-tlsv1_2