- add guide to documentation and example files to repository to run coturn alongside PairDrop via Docker Compose

- enable TURN over TLS
- modified the .gitignore to ignore files with user-data
- should fix #105
- partly cherry-picked from #106

Co-authored-by: xundeenergie <xundeenergie@users.noreply.github.com>

turnserver_example.conf

@@ -6,11 +6,16 @@ server-name=pairdrop
 listening-ip=0.0.0.0
 
 # External IP-Address of the TURN server
-external-ip=<IP_ADDRESS>
+# only needed, if coturn is behind a NAT
+# external-ip=<IP_ADDRESS>
 
-# Main listening port
+# Main listening port for STUN and TURN
 listening-port=3478
 
+# Main listening port for TURN over TLS (TURNS)
+# Use port 443 to bypass some firewalls
+tls-listening-port=5349
+
 # Further ports that are open for communication
 min-port=10000
 max-port=20000
@@ -18,21 +23,34 @@ max-port=20000
 # Use fingerprint in TURN message
 fingerprint
 
-# Log file path
-log-file=/var/log/turnserver.log
-
 # Enable verbose logging
-verbose
+# verbose
+
+# Log file path
+# - is logging to STDOUT, so it's visible in docker-compose logs
+log-file=-
 
 # Specify the user for the TURN authentification
-user=user:password
+user=username:password
 
 # Enable long-term credential mechanism
 lt-cred-mech
 
 # SSL certificates
-cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
-pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem
+cert=/etc/coturn/ssl/cert.crt
+pkey=/etc/coturn/ssl/pkey.pem
+dh-file=/etc/coturn/ssl/dhparam.pem
 
-# 443 for TURN over TLS, which can bypass firewalls
-tls-listening-port=443
+# For security-reasons disable old ssl and tls-protocols
+# and other recommended options: see https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
+no-sslv3
+no-tlsv1
+no-tlsv1_1
+no-tlsv1_2
+no-rfc5780
+no-stun-backward-compatibility
+response-origin-only-with-rfc5780
+no-cli
+no-multicast-peers
+no-software-attribute
+check-origin-consistency