Improve/fix config options

elixir-webrtc · Aug 21, 2023 · d075a9e · d075a9e
1 parent 307f323
commit d075a9e
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 37 deletions.
diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml
@@ -54,7 +54,7 @@ jobs:
         env:
           GF_SECURITY_ADMIN_PASSWORD: ${{ secrets.GF_SECURITY_ADMIN_PASSWORD }}
           GF_SECURITY_ADMIN_USER: ${{ secrets.GF_SECURITY_ADMIN_USER }}
-          DOMAIN: ${{ secrets.DOMAIN }}
+          REALM: ${{ secrets.DOMAIN }}
           DIR_NAME: ${{ secrets.DIR_NAME }}
           TAG: ${{ github.ref_name }}
         with:
@@ -65,7 +65,7 @@ jobs:
             rm -rf $DIR_NAME; mkdir $DIR_NAME
             cd $DIR_NAME
             git clone -b $TAG --depth 1 https://github.com/${{ github.repository }} .
-            echo "DOMAIN=$DOMAIN
+            echo "REALM=$REALM
             GF_SECURITY_ADMIN_PASSWORD=$GF_SECURITY_ADMIN_PASSWORD
             GF_SECURITY_ADMIN_USER=$GF_SECURITY_ADMIN_USER
             TAG=${TAG#v}" > .env

diff --git a/README.md b/README.md
@@ -88,10 +88,16 @@ RELAY_IP=0.0.0.0
 EXTERNAL_RELAY_IP=167.235.241.140
 ```
 
-Remember to use the `DOMAIN` variable specific to your deployment. It's used in e.g. `REALM` STUN attributes.
+Remember to use the `REALM` variable specific to your deployment. It's used in `REALM` STUN attributes. See
+[this section of RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617#section-3.2.1) to learn about appropriate values for `REALM` attribute.
 
 ```console
-DOMAIN=my-amazing-turn.com
+REALM=my-amazing-turn.com
+```
+
+You can configure the number of running `listener` processes. By default, it is equal to number of running Erlang VM schedulers:
+```console
+LISTENER_COUNT=8
 ```
 
 ### Auth
@@ -100,12 +106,12 @@ Auth Provider is an HTTP endpoint that provides credentials required by *A REST
 By default it is available at `http://127.0.0.1:4000/`, but the address, encryption and CORS can be configured:
 
 ```console
-AUTH_PROVIDER_IP=127.0.0.1
-AUTH_PROVIDER_PORT=4000
-AUTH_PROVIDER_USE_TLS=false
-KEY_FILE_PAHT=./rel.key
-CERT_FILE_PATH./rel.cert
-AUTH_PROVIDER_ALLOW_CORS=false
+AUTH_IP=127.0.0.1
+AUTH_PORT=4000
+AUTH_USE_TLS=false
+AUTH_KEYFILE=./rel.key
+AUTH_CERTFILE./rel.cert
+AUTH_ALLOW_CORS=false
 ```
 
 ### Metrics

diff --git a/config/runtime.exs b/config/runtime.exs
@@ -77,11 +77,11 @@ defmodule ConfigUtils do
 end
 
 # HTTPS for AuthProvider
-use_tls? = System.get_env("AUTH_PROVIDER_USE_TLS", "false") |> ConfigUtils.is_truthy?()
-keyfile = System.get_env("KEY_FILE_PATH")
-certfile = System.get_env("CERT_FILE_PATH")
+auth_use_tls? = System.get_env("AUTH_USE_TLS", "false") |> ConfigUtils.is_truthy?()
+auth_keyfile = System.get_env("AUTH_KEYFILE")
+auth_certfile = System.get_env("AUTH_CERTFILE")
 
-if use_tls? and (is_nil(keyfile) or is_nil(certfile)) do
+if auth_use_tls? and (is_nil(auth_keyfile) or is_nil(auth_certfile)) do
   raise "Both KEY_FILE_PATH and CERT_FILE_PATH must be set is TLS is used"
 end
 
@@ -101,7 +101,7 @@ relay_ip =
   end
 
 external_relay_ip =
-  case System.fetch_env("EXTERNAL_LISTEN_IP") do
+  case System.fetch_env("EXTERNAL_RELAY_IP") do
     {:ok, addr} -> ConfigUtils.parse_ip_address(addr)
     :error -> external_listen_ip
   end
@@ -119,14 +119,12 @@ listener_count =
 
 # AuthProvider/credentials configuration
 config :rel,
-  auth_provider_ip:
-    System.get_env("AUTH_PROVIDER_IP", "127.0.0.1") |> ConfigUtils.parse_ip_address(),
-  auth_provider_port: System.get_env("AUTH_PROVIDER_PORT", "4000") |> ConfigUtils.parse_port(),
-  auth_provider_allow_cors?:
-    System.get_env("AUTH_PROVIDER_ALLOW_CORS", "false") |> ConfigUtils.is_truthy?(),
-  auth_provider_use_tls?: use_tls?,
-  keyfile: keyfile,
-  certfile: certfile
+  auth_ip: System.get_env("AUTH_IP", "127.0.0.1") |> ConfigUtils.parse_ip_address(),
+  auth_port: System.get_env("AUTH_PORT", "4000") |> ConfigUtils.parse_port(),
+  auth_allow_cors?: System.get_env("AUTH_ALLOW_CORS", "false") |> ConfigUtils.is_truthy?(),
+  auth_use_tls?: auth_use_tls?,
+  auth_keyfile: auth_keyfile,
+  auth_certfile: auth_certfile
 
 # TURN server configuration
 config :rel,
@@ -135,7 +133,7 @@ config :rel,
   relay_ip: relay_ip,
   external_relay_ip: external_relay_ip,
   listen_port: System.get_env("LISTEN_PORT", "3478") |> ConfigUtils.parse_port(),
-  domain: System.get_env("DOMAIN", "example.com")
+  realm: System.get_env("REALM", "example.com")
 
 # Metrics endpoint configuration
 config :rel,

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     restart: on-failure
     network_mode: host
     environment:
-      DOMAIN: "${DOMAIN}"
+      REALM: "${REALM}"
 
   node-exporter:
     image: prom/node-exporter:v1.6.1

diff --git a/lib/rel/auth_provider.ex b/lib/rel/auth_provider.ex
@@ -8,7 +8,7 @@ defmodule Rel.AuthProvider do
     def init(_opts), do: []
 
     def call(conn, _opts) do
-      allow? = Application.fetch_env!(:rel, :auth_provider_allow_cors?)
+      allow? = Application.fetch_env!(:rel, :auth_allow_cors?)
 
       if allow? do
         CORSPlug.call(conn, CORSPlug.init([]))

diff --git a/lib/rel/utils.ex b/lib/rel/utils.ex
@@ -32,15 +32,15 @@ defmodule Rel.Utils do
   @spec build_error(atom(), integer(), Method.t()) ::
           {response :: binary(), log_msg :: String.t()}
   def build_error(reason, t_id, method) do
-    domain = Application.fetch_env!(:rel, :domain)
+    realm = Application.fetch_env!(:rel, :realm)
     {log_msg, code, with_attrs?} = translate_error(reason)
     error_type = %Type{class: :error_response, method: method}
 
     attrs = [%ErrorCode{code: code}]
 
     attrs =
       if with_attrs? do
-        attrs ++ [%Nonce{value: build_nonce()}, %Realm{value: domain}]
+        attrs ++ [%Nonce{value: build_nonce()}, %Realm{value: realm}]
       else
         attrs
       end

diff --git a/lib/rel_app.ex b/lib/rel_app.ex
@@ -10,18 +10,18 @@ defmodule Rel.App do
   def start(_, _) do
     Logger.info("Starting Rel v#{@version}")
 
-    auth_ip = Application.fetch_env!(:rel, :auth_provider_ip)
-    auth_port = Application.fetch_env!(:rel, :auth_provider_port)
-    use_tls? = Application.fetch_env!(:rel, :auth_provider_use_tls?)
-    keyfile = Application.fetch_env!(:rel, :keyfile)
-    certfile = Application.fetch_env!(:rel, :certfile)
+    auth_ip = Application.fetch_env!(:rel, :auth_ip)
+    auth_port = Application.fetch_env!(:rel, :auth_port)
+    auth_use_tls? = Application.fetch_env!(:rel, :auth_use_tls?)
+    auth_keyfile = Application.fetch_env!(:rel, :auth_keyfile)
+    auth_certfile = Application.fetch_env!(:rel, :auth_certfile)
 
     auth_opts =
-      if use_tls? do
+      if auth_use_tls? do
         [
           scheme: :https,
-          certfile: certfile,
-          keyfile: keyfile
+          certfile: auth_certfile,
+          keyfile: auth_keyfile
         ]
       else
         [scheme: :http]
@@ -46,7 +46,7 @@ defmodule Rel.App do
     metrics_endpoint = "http://#{:inet.ntoa(metrics_ip)}:#{metrics_port}/metrics"
     Logger.info("Starting Prometheus metrics endpoint at: #{metrics_endpoint}")
 
-    scheme = if(use_tls?, do: "https", else: "http")
+    scheme = if(auth_use_tls?, do: "https", else: "http")
     auth_endpoint = "#{scheme}://#{:inet.ntoa(auth_ip)}:#{auth_port}/"
     Logger.info("Starting credentials endpoint at: #{auth_endpoint}")