mirrors/PairDrop
1
0
Fork 0
mirror of https://github.com/schlagmichdoch/PairDrop.git synced 2025-04-19 22:55:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

- add guide to documentation and example files to repository to run coturn alongside PairDrop via Docker Compose

Browse source 
- enable TURN over TLS
- modified the .gitignore to ignore files with user-data
- should fix #105
- partly cherry-picked from #106

Co-authored-by: xundeenergie <xundeenergie@users.noreply.github.com>
This commit is contained in:
schlagmichdoch 2023-10-28 04:23:59 +02:00
parent 750f54301d
commit 1c79290ad6
5 changed files with 96 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -3,3 +3,6 @@ node_modules
fqdn.env fqdn.env
/docker/certs /docker/certs
qrcode-svg/ qrcode-svg/
turnserver.conf
rtc_config.json
ssl/

16
docker-compose-coturn.yml
View file

@ -4,20 +4,28 @@ services:
image: "lscr.io/linuxserver/pairdrop:latest" image: "lscr.io/linuxserver/pairdrop:latest"
container_name: pairdrop container_name: pairdrop
restart: unless-stopped restart: unless-stopped
volumes:
- ./rtc_config.json:/home/node/app/rtc_config.json
environment: environment:
- PUID=1000 # UID to run the application as - PUID=1000 # UID to run the application as
- PGID=1000 # GID to run the application as - PGID=1000 # GID to run the application as
- WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client. - WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
- RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min. - RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
- RTC_CONFIG=false # Set to the path of a file that specifies the STUN/TURN servers. - RTC_CONFIG=/home/node/app/rtc_config.json # Set to the path of a file that specifies the STUN/TURN servers.
- DEBUG_MODE=false # Set to true to debug container and peer connections. - DEBUG_MODE=false # Set to true to debug container and peer connections.
- TZ=Etc/UTC # Time Zone - TZ=Etc/UTC # Time Zone
ports: ports:
- "127.0.0.1:3000:3000" # Web UI. Change the port number before the last colon e.g. `127.0.0.1:9000:3000` - "127.0.0.1:3000:3000" # Web UI. Change the port number before the last colon e.g. `127.0.0.1:9000:3000`
coturn_server: coturn_server:
image: "coturn/coturn" image: "coturn/coturn"
restart: always restart: unless-stopped
network_mode: "host"
volumes: volumes:
- ./turnserver.conf:/etc/coturn/turnserver.conf - ./turnserver.conf:/etc/coturn/turnserver.conf
#you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password - ./ssl/:/etc/coturn/ssl/
ports:
- "3478:3478"
- "3478:3478/udp"
- "5349:5349"
- "5349:5349/udp"
- "10000-20000:10000-20000/udp"
# see guide at docs/host-your-own.md#coturn-and-pairdrop-via-docker-compose

50
docs/host-your-own.md
View file

@ -6,6 +6,8 @@ Beware that you have to host your own TURN server to enable transfers between di
Follow [this guide](https://gabrieltanner.org/blog/turn-server/) to either install coturn directly on your system (Step 1) Follow [this guide](https://gabrieltanner.org/blog/turn-server/) to either install coturn directly on your system (Step 1)
or deploy it via Docker (Step 5). or deploy it via Docker (Step 5).
You can use the `docker-compose-coturn.yml` in this repository. See [Coturn and PairDrop via Docker Compose](#coturn-and-pairdrop-via-docker-compose).
Alternatively, use a free, pre-configured TURN server like [OpenRelay](https://www.metered.ca/tools/openrelay/) Alternatively, use a free, pre-configured TURN server like [OpenRelay](https://www.metered.ca/tools/openrelay/)
@ -546,6 +548,54 @@ service apache2 reload
<br> <br>
## Coturn and PairDrop via Docker Compose
### Setup container
To run coturn and PairDrop at once by using the `docker-compose-coturn.yml` with TURN over TLS enabled
you need to follow these steps:
1. Generate or retrieve certificates for your `<DOMAIN>` (e.g. letsencrypt / certbot)
2. Create `./ssl` folder: `mkdir ssl`
3. Copy your ssl-certificates and the privkey to `./ssl`
4. Restrict access to `./ssl`: `chown -R nobody:nogroup ./ssl`
5. Create a dh-params file: `openssl dhparam -out ./ssl/dhparams.pem 4096`
6. Copy `rtc_config_example.json` to `rtc_config.json`
7. Copy `turnserver_example.conf` to `turnserver.conf`
8. Change `<DOMAIN>` in both files to the domain where your PairDrop instance is running
9. Change `username` and `password` in `turnserver.conf` and `rtc-config.json`
10. To start the container including coturn run: \
`docker compose -f docker-compose-coturn.yml up -d`
<br>
#### Setup container
To restart the container including coturn run: \
`docker compose -f docker-compose-coturn.yml restart`
<br>
#### Setup container
To stop the container including coturn run: \
`docker compose -f docker-compose-coturn.yml stop`
<br>
### Firewall
To run PairDrop including its own coturn-server you need to punch holes in the firewall. These ports must be opened additionally:
- 3478 tcp/udp
- 5349 tcp/udp
- 10000:20000 tcp/udp
<br>
### Firewall
To run PairDrop including its own coturn-server you need to punch holes in the firewall. These ports must be opened additionally:
- 3478 tcp/udp
- 5349 tcp/udp
- 10000:20000 tcp/udp
<br>
## Local Development ## Local Development
### Install ### Install

4
rtc_config_example.json
View file

@ -2,10 +2,10 @@
"sdpSemantics": "unified-plan", "sdpSemantics": "unified-plan",
"iceServers": [ "iceServers": [
{ {
"urls": "stun:stun.l.google.com:19302" "urls": "stun:<DOMAIN>:3478"
}, },
{ {
"urls": "turn:example.com:3478", "urls": "turns:<DOMAIN>:5349",
"username": "username", "username": "username",
"credential": "password" "credential": "password"
} }

40
turnserver_example.conf
View file

@ -6,11 +6,16 @@ server-name=pairdrop
listening-ip=0.0.0.0 listening-ip=0.0.0.0
# External IP-Address of the TURN server # External IP-Address of the TURN server
external-ip=<IP_ADDRESS> # only needed, if coturn is behind a NAT
# external-ip=<IP_ADDRESS>
# Main listening port # Main listening port for STUN and TURN
listening-port=3478 listening-port=3478
# Main listening port for TURN over TLS (TURNS)
# Use port 443 to bypass some firewalls
tls-listening-port=5349
# Further ports that are open for communication # Further ports that are open for communication
min-port=10000 min-port=10000
max-port=20000 max-port=20000
@ -18,21 +23,34 @@ max-port=20000
# Use fingerprint in TURN message # Use fingerprint in TURN message
fingerprint fingerprint
# Log file path
log-file=/var/log/turnserver.log
# Enable verbose logging # Enable verbose logging
verbose # verbose
# Log file path
# - is logging to STDOUT, so it's visible in docker-compose logs
log-file=-
# Specify the user for the TURN authentification # Specify the user for the TURN authentification
user=user:password user=username:password
# Enable long-term credential mechanism # Enable long-term credential mechanism
lt-cred-mech lt-cred-mech
# SSL certificates # SSL certificates
cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem cert=/etc/coturn/ssl/cert.crt
pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem pkey=/etc/coturn/ssl/pkey.pem
dh-file=/etc/coturn/ssl/dhparam.pem
# 443 for TURN over TLS, which can bypass firewalls # For security-reasons disable old ssl and tls-protocols
tls-listening-port=443 # and other recommended options: see https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
no-sslv3
no-tlsv1
no-tlsv1_1
no-tlsv1_2
no-rfc5780
no-stun-backward-compatibility
response-origin-only-with-rfc5780
no-cli
no-multicast-peers
no-software-attribute
check-origin-consistency