mirror of
https://github.com/schlagmichdoch/PairDrop.git
synced 2025-04-20 07:05:05 -04:00
Merge 61872c9804 into b2f4582196
This commit is contained in:
xundeenergie
GitHub
commit
f50b9d9584
6 changed files with 67 additions and 9 deletions
|
|
@ -2,4 +2,4 @@ node_modules
|
|||
.github
|
||||
.git*
|
||||
|
||||
*.md
|
||||
*.md
|
||||
|
|
|
|||
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -3,3 +3,6 @@ node_modules
|
|||
fqdn.env
|
||||
/docker/certs
|
||||
qrcode-svg/
|
||||
rtc_config.json
|
||||
turnserver.conf
|
||||
ssl/*
|
||||
|
|
|
|||
|
|
@ -10,10 +10,18 @@ services:
|
|||
restart: unless-stopped
|
||||
ports:
|
||||
- "3000:3000"
|
||||
environment:
|
||||
- RTC_CONFIG=/home/node/app/rtc_config.json
|
||||
- WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
|
||||
- RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
|
||||
- TZ=Europa/Vienna # Time Zone
|
||||
# you need to copy rtc_config_example.json to rtc_config.json and specify domain, IP address, user and password
|
||||
coturn_server:
|
||||
image: "coturn/coturn"
|
||||
restart: always
|
||||
network_mode: "host"
|
||||
volumes:
|
||||
- ./turnserver.conf:/etc/coturn/turnserver.conf
|
||||
#you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
|
||||
- ./ssl/:/etc/coturn/ssl/
|
||||
# you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
|
||||
# create dhparams.pem with `openssl dhparam -out ssl/dhparams.pem 4096` it takes a very long time!!!
|
||||
|
|
|
|||
|
|
@ -514,9 +514,28 @@ Now point your web browser to `http://localhost:8080`.
|
|||
- To stop the containers, run `docker-compose stop`.
|
||||
- To debug the NodeJS server, run `docker logs pairdrop_node_1`.
|
||||
|
||||
|
||||
<br>
|
||||
|
||||
# Coturn
|
||||
## docker-compose
|
||||
|
||||
- generate or retrieve certificates for your <DOMAIN> (f.e. letsencrypt)
|
||||
- copy your ssl-certificates and privkey to `./ssl` and `chown -R nobody:nogroup ./ssl`
|
||||
- create a dh-params file with `openssl dhparam -out ./ssl/dhparams.pem 4096`
|
||||
- copy `rtc_config_example-coturn.json` to `rtc_config.json`
|
||||
- copy `turnserver_example.conf` to `turnserver.conf`
|
||||
- change <DOMAIN> in all 2 files to the domain, where your pairdrop is running
|
||||
- change user and password for turn-server in `turnserver.conf` and `rtc-config.json`
|
||||
- To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d`
|
||||
- To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart`
|
||||
- To stop the container including coturn run `docker-compose -f docker-compose-coturn.yml stop`
|
||||
|
||||
## Firewall
|
||||
To run PairDrop including its own coturn-server you need to punch holes in the firewall. These ports must be opened additionally:
|
||||
- 3478 tcp/udp
|
||||
- 5349 tcp/udp
|
||||
- 10000:20000 tcp/udp
|
||||
|
||||
## Testing PWA related features
|
||||
PWAs requires the app to be served under a correctly set up and trusted TLS endpoint.
|
||||
|
||||
|
|
|
|||
13
rtc_config_example-coturn.json
Normal file
13
rtc_config_example-coturn.json
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"sdpSemantics": "unified-plan",
|
||||
"iceServers": [
|
||||
{
|
||||
"urls": "stuns:<DOMAIN>:5349"
|
||||
},
|
||||
{
|
||||
"urls": "turns:<DOMAIN>:5349",
|
||||
"username": "user",
|
||||
"credential": "password"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
# TURN server name and realm
|
||||
# realm can be domain or <IP-ADDRESS>
|
||||
realm=<DOMAIN>
|
||||
server-name=pairdrop
|
||||
|
||||
|
|
@ -6,11 +7,19 @@ server-name=pairdrop
|
|||
listening-ip=0.0.0.0
|
||||
|
||||
# External IP-Address of the TURN server
|
||||
external-ip=<IP_ADDRESS>
|
||||
# only needed, if coturn is behind a NAT
|
||||
#external-ip=<IP_ADDRESS>
|
||||
|
||||
# relay-ip is needed for tls turns connections
|
||||
# it can be set multiple times. A local IP is sufficient (not 127.0.0.1!!)
|
||||
relay-ip=<SOME_LOCAL_IP_ADDRESS>
|
||||
|
||||
# Main listening port
|
||||
listening-port=3478
|
||||
|
||||
# 443 for TURN over TLS, which can bypass firewalls
|
||||
tls-listening-port=5349
|
||||
|
||||
# Further ports that are open for communication
|
||||
min-port=10000
|
||||
max-port=20000
|
||||
|
|
@ -19,7 +28,8 @@ max-port=20000
|
|||
fingerprint
|
||||
|
||||
# Log file path
|
||||
log-file=/var/log/turnserver.log
|
||||
# - is logging to STDOUT, so it's visible in docker-compose logs
|
||||
log-file=-
|
||||
|
||||
# Enable verbose logging
|
||||
verbose
|
||||
|
|
@ -31,8 +41,13 @@ user=user:password
|
|||
lt-cred-mech
|
||||
|
||||
# SSL certificates
|
||||
cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
|
||||
pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem
|
||||
cert=/etc/letsencrypt/fullchain.pem
|
||||
pkey=/etc/letsencrypt/privkey.pem
|
||||
dh-file=/etc/dhparam.pem
|
||||
|
||||
# 443 for TURN over TLS, which can bypass firewalls
|
||||
tls-listening-port=443
|
||||
# For security-reasons disable old ssl and tls-protocols
|
||||
no-sslv3
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
|
||||
stale-nonce=600
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue