dani/vroom
1
0
Fork 0
mirror of https://github.com/dani/vroom.git synced 2024-06-01 21:11:41 +02:00
Code Issues Projects Releases Wiki Activity

Add some docs about turnserver

Browse Source
This commit is contained in:
Daniel Berteaud 2015-03-13 17:57:52 +01:00
parent fd3abd2d7e
commit 34bda2319b
1 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
templates/default/documentation.html.ep
View File

@ -393,6 +393,126 @@ cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini</pre>
</ul>
</p>
<h1 id="turn_server">
Setup rfc5766-turn-server
</h1>
<p>
You can run any TURN server you want, but VROOM integrates well with <a href="https://code.google.com/p/rfc5766-turn-server/" target="_blank">rfc5766-turn-server</a>.
To make use of it, follow those steps
</p>
<h2 id="turn_download">
Download turnserver
</h2>
<p>
Download the latest version from <a href="http://turnserver.open-sys.org/downloads/">here</a> and extract the archive
</p>
<p class="alert alert-info">
Only the 3.x branch is supported
</p>
<h2 id="turn_install">
Install the RPMS
</h2>
<p>
You can now install the extracted RPMS
<pre>
yum localinstall turnserver-*/*.rpm</pre>
</p>
<h2 id="turn_configure">
Configure turnserver
</h2>
<p>
Here's a sample configuration:
<pre>
mv /etc/turnserver/turnserver.conf /etc/turnserver/turnserver.conf.default
cat <<'EOF' > /etc/turnserver/turnserver.conf
mysql-userdb "host=localhost dbname=vroom user=vroom password=MySuperPassw0rd connect_timeout=5"
verbose
syslog
fingerprint
lt-cred-mech
no-sslv2
no-sslv3
no-tcp
no-udp
tls-listening-port 5349
alt-tls-listening-port 3478
no-loopback-peers
no-multicast-peers
realm vroom
cert /etc/turnserver/cert.pem
pkey /etc/turnserver/key.pem
proc-user turnserver
proc-group turnserver
EOF</pre>
</p>
<div class="alert alert-info">
<ul>
<li>An SSL certificate is needed for everything to work correctly and securely (<strong>/etc/turnserver/cert.pem</strong> and <strong>/etc/turnserver/key.pem</strong> in this example)</li>
<li>Both key and certificate must be readable by turnserver user and/or group</li>
<li>You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption</li>
<li>If you have intermediate(s) CA, you have to put them in the cert.pem file, but after your certificate</li>
</ul>
</div>
<h2 id="turn_start">
Enable and start turnserver
</h2>
<p>
You can now start and enable turnserver
<pre>
systemctl enable turnserver
systemctl start turnserver</pre>
</p>
<p>
You can check it's working with
<pre>
journalctl -fl -u turnserver.service</pre>
</p>
<div class="alert alert-info">
Configuration of your firewall is out of scope for this doc, but you have to ensure the following ports are open:
<ul>
<li>TCP 3478, 3479, 5349, 5350 and 49152 to 65535</li>
<li>UDP 3478, 3479, 5349, 5350 and 49152 to 65535</li>
</ul>
If you use <strong>firewalld</strong> you can open the correct ports with the following commands
<pre>
firewall-cmd --add-port 80/tcp \\
--add-port 443/tcp \\
--add-port 3478/tcp \\
--add-port 3479/tcp \\
--add-port 5349/tcp \\
--add-port 5350/tcp \\
--add-port 49152-65535/tcp
firewall-cmd --add-port 3478/udp \\
--add-port 3479/udp \\
--add-port 5349/udp \\
--add-port 5350/udp \\
--add-port 49152-65535/udp
firewall-cmd --permanent \\
--add-port 80/tcp \\
--add-port 443/tcp \\
--add-port 3478/tcp \\
--add-port 3479/tcp \\
--add-port 5349/tcp \\
--add-port 5350/tcp \\
--add-port 49152-65535/tcp
firewall-cmd --permanent \\
--add-port 3478/udp \\
--add-port 3479/udp \\
--add-port 5349/udp \\
--add-port 5350/udp \\
--add-port 49152-65535/udp</pre>
</div>
<h1 id="customize">
Customize
</h1>