SHiNE-server/scripts/setup_turn_coturn.sh

90 lines
2.0 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
set -euo pipefail
# Установка coturn с REST-auth (временные credentials по shared-secret).
# Запускать НА TURN-сервере под root.
#
# Пример:
# sudo bash scripts/setup_turn_coturn.sh --secret "CHANGE_ME_LONG_SECRET" --realm "shineup.me"
SECRET=""
REALM="shineup.me"
MIN_PORT="49160"
MAX_PORT="49200"
while [[ $# -gt 0 ]]; do
case "$1" in
--secret)
SECRET="${2:-}"
shift 2
;;
--realm)
REALM="${2:-}"
shift 2
;;
--min-port)
MIN_PORT="${2:-49160}"
shift 2
;;
--max-port)
MAX_PORT="${2:-49200}"
shift 2
;;
*)
echo "Неизвестный аргумент: $1" >&2
exit 1
;;
esac
done
if [[ -z "${SECRET}" ]]; then
echo "Нужно передать --secret" >&2
exit 1
fi
export DEBIAN_FRONTEND=noninteractive
apt-get update -y
apt-get install -y coturn
PUBLIC_IP="$(hostname -I | awk '{print $1}')"
if [[ -z "${PUBLIC_IP}" ]]; then
echo "Не удалось определить public ip автоматически, укажите вручную в /etc/turnserver.conf" >&2
PUBLIC_IP="0.0.0.0"
fi
cat >/etc/turnserver.conf <<EOF
listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=${SECRET}
realm=${REALM}
total-quota=200
stale-nonce=600
no-multicast-peers
no-loopback-peers
no-cli
simple-log
external-ip=${PUBLIC_IP}
listening-ip=0.0.0.0
relay-ip=${PUBLIC_IP}
min-port=${MIN_PORT}
max-port=${MAX_PORT}
EOF
if [[ -f /etc/default/coturn ]]; then
sed -i 's/^#\?TURNSERVER_ENABLED=.*/TURNSERVER_ENABLED=1/' /etc/default/coturn || true
fi
systemctl enable coturn
systemctl restart coturn
systemctl --no-pager --full status coturn
echo
echo "coturn настроен."
echo "Откройте firewall: 3478/tcp, 3478/udp, ${MIN_PORT}-${MAX_PORT}/udp"
echo "Для SHiNE-сервера задайте такой же shared-secret в параметре:"
echo " -Dcall.ice.turn.sharedSecret=${SECRET}"