mirror/coturn
1
0
Fork 0
mirror of https://salsa.debian.org/pkg-voip-team/coturn.git synced 2025-11-21 08:29:27 +01:00
Code Issues Projects Releases Packages Wiki Activity
coturn/debian
History
Exact
Bastian Germann de67f7832c Upload to unstable
2024-04-13 13:51:10 +00:00
..
etc/ufw/applications.d sync to 4.2.3.1 2014-11-09 22:56:34 -08:00
patches Import Debian changes 4.6.1-1 2024-04-13 13:24:16 +00:00
source Drop useless lintian overrides 2024-04-13 13:46:13 +00:00
tests Import Debian changes 4.5.2-3 2024-04-13 13:23:53 +00:00
upstream Import Debian changes 4.5.1.3-1 2024-04-13 13:22:42 +00:00
changelog Upload to unstable 2024-04-13 13:51:10 +00:00
control Fix lintian: depends-on-obsolete-package 2024-04-13 13:44:42 +00:00
copyright d/copyright: clean up 2024-04-13 13:47:20 +00:00
coturn.default Initial Debian packaging 2014-05-08 22:38:57 +02:00
coturn.dirs Import Debian changes 4.5.2-3 2024-04-13 13:23:53 +00:00
coturn.doc-base new scripts and license added 2014-07-22 10:46:15 -07:00
coturn.docs Import Debian changes 4.5.1.0-1 2024-04-13 13:20:20 +00:00
coturn.examples Import Debian changes 4.5.0.8-1 2024-04-13 13:18:55 +00:00
coturn.init Import Debian changes 4.5.2-1 2024-04-13 13:23:31 +00:00
coturn.install Import Debian changes 4.5.1.1-1.1 2024-04-13 13:21:47 +00:00
coturn.links Import Debian changes 4.5.1.3-1 2024-04-13 13:22:42 +00:00
coturn.manpages Import Debian changes 4.5.0.8-1 2024-04-13 13:18:55 +00:00
coturn.postinst Import Debian changes 4.5.2-3 2024-04-13 13:23:53 +00:00
coturn.postrm Import Debian changes 4.5.2-3 2024-04-13 13:23:53 +00:00
coturn.service Import Debian changes 4.5.2-1 2024-04-13 13:23:31 +00:00
gbp.conf gbp: Remove DEFAULT rules 2024-04-13 13:26:31 +00:00
README.Debian Import Debian changes 4.5.2-1 2024-04-13 13:23:31 +00:00
rules Import Debian changes 4.5.1.3-1 2024-04-13 13:22:42 +00:00
watch Import Debian changes 4.5.2-1 2024-04-13 13:23:31 +00:00

README.Debian 

Coturn TURN Server for Debian
------------------------------

1) The turnserver has reasonable default option values and can work in many 
simple environments without extra configuration. But more complex meaningful 
usage requires setting options specific to your particular environment. 
For example, WebRTC requires long-term credentials and some extra stuff. 
To set the turnserver parameters:

	a) Edit /etc/turnserver.conf file.

	b) For user accounts settings, the default SQLite TURN database location 
	is /var/db/turndb. If you do not set any database and if you do not set
	any TURN server database options, then the TURN server 
	will try to create an empty SQLite database in that default location.
	Or you can set up PostgreSQL or MySQL or Redis database for 
	user accounts. Use /usr/share/coturn/schema.sql as SQL database schema,
	or use /usr/share/coturn/schema.userdb.redis as Redis 
	database schema explanation for the user authentication data, and 
	(optionally) use /usr/share/coturn/schema.stats.redis as 
	Redis database schema explanation for status and statistics data.

2) You can start/stop the turnserver "manually", using the "/usr/bin/turnserver" 
   executable with appropriate options (see the documentation).
   If you want the turnserver to be an automatically started system service, 
   then you have to un-comment the line "TURNSERVER_ENABLED=1" in 
   the /etc/default/coturn file.
   
3) If you are using UFW, then run the command after the installation:

   $ ufw add turnserver

   You can inspect and adjust the UFW turnserver settings in the file 
   /etc/ufw/applications.d/turnserver.
   
4) For additional information, run:
 
   $ man turnserver
   $ man turnadmin
   $ man turnutils

5) During installation, no TURN user accounts are created.  
Coturn does not recognize UNIX accounts and requires accounts 
to be defined in it's own config file. By default, the TURN server 
uses anonymous access. 

6) Systemd:
   In some configurations you may need to add the

   After=network-online.target

   line to the/etc/systemd/system/coturn.service.d/network.conf or
   simillar systemd config file.

7) Non privileged ports
   If you plan to use any privileged ports(ports<1024 e.g. 80 or 443) 
   add the following for non root privileged port binding to 
   /etc/systemd/system/coturn.service.d/capability.conf.
   (After it reload config "systemctl daemon-reload")

    [Service]
    AmbientCapabilities=CAP_NET_BIND_SERVICE

  Or alternatively create nftables/iptables port forwarding nat rules.

    iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 3478
    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3478
    iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 5349
    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 5349

Traditional STUN doesn't require an account. For TURN relay
purposes, several accounting options are possible:
	  - anonymous access (the default option);
	  - traditional long-term credentials mechanism (see RFC5766);
	  - TURN REST API shared-secret-based long-term credentials mechanism
	    (see TURN REST API docs);
	  - Third-party authorization extension for the
	    long-term credentials mechanism;

If you are installing the TURN server for WebRTC usage, then you must set 
the long term credentials mechanism option and add user accounts - 
either with the default SQLite database, or with PostgreSQL 
database, or with MySQL database, or with Redis database. Optionally,
you can add TURN REST API on top of long-term credentials mechanism.

Please see the README.* files for details.

 -- Mészáros Mihály <misi@majd.eu>  Tue, 27 Nov 2018 12:32:02 +0000
 -- Oleg Moskalenko <mom040267@gmail.com>  Wed, 29 Oct 2014 11:47:00 -0700