diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-03-26 03:07:10 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-03-26 03:07:10 +0100 |
commit | edf5603dfadb9aded010412ca1751e1e61cfe642 (patch) | |
tree | ca129ca8ea64c6391ea5e1071678ac045d3c54dd /roles/apps/coturn/templates | |
parent | add app coturn (WIP) (diff) |
coturn mostly done
Diffstat (limited to 'roles/apps/coturn/templates')
-rw-r--r-- | roles/apps/coturn/templates/acmetool-reload.sh.j2 | 26 | ||||
-rw-r--r-- | roles/apps/coturn/templates/nginx-vhost.conf.j2 | 27 | ||||
-rw-r--r-- | roles/apps/coturn/templates/turnserver.conf.j2 | 16 |
3 files changed, 60 insertions, 9 deletions
diff --git a/roles/apps/coturn/templates/acmetool-reload.sh.j2 b/roles/apps/coturn/templates/acmetool-reload.sh.j2 new file mode 100644 index 00000000..70e0b686 --- /dev/null +++ b/roles/apps/coturn/templates/acmetool-reload.sh.j2 @@ -0,0 +1,26 @@ +#!/bin/sh +set -e +EVENT_NAME="$1" +[ "$EVENT_NAME" = "live-updated" ] || exit 42 + +MAIN_HOSTNAME="{{ coturn_hostnames[0] }}" +SSL_D="{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl" +USER="coturn" +GROUP="coturn" + +while read name; do + certdir="$ACME_STATE_DIR/live/$name" + if [ -z "$name" -o ! -e "$certdir" ]; then + continue + fi + if [ "$name" != "$MAIN_HOSTNAME" ]; then + continue + fi + + cp "$certdir/fullchain" "$SSL_D/cert.pem" + cp "$certdir/privkey" "$SSL_D/privkey.pem" + chown "$USER:$GROUP" "$SSL_D/cert.pem" "$SSL_D/privkey.pem" + break + + ## TODO: trigger restart of coturn!!! +done diff --git a/roles/apps/coturn/templates/nginx-vhost.conf.j2 b/roles/apps/coturn/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..0639fbe1 --- /dev/null +++ b/roles/apps/coturn/templates/nginx-vhost.conf.j2 @@ -0,0 +1,27 @@ +server { + listen 80; + listen [::]:80; + server_name {{ coturn_hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ coturn_hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/tls.conf; + ssl_certificate /var/lib/acme/live/{{ coturn_hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ coturn_hostnames[0] }}/privkey; + include snippets/hsts.conf; + + location / { + return 404; + } +} diff --git a/roles/apps/coturn/templates/turnserver.conf.j2 b/roles/apps/coturn/templates/turnserver.conf.j2 index 9462f148..d61cdad3 100644 --- a/roles/apps/coturn/templates/turnserver.conf.j2 +++ b/roles/apps/coturn/templates/turnserver.conf.j2 @@ -2,16 +2,14 @@ realm={{ coturn_realm }} fingerprint listening-port=3478 -# tls-listening-port=5349 +tls-listening-port=5349 -# cert=/etc/coturn/ssl/cert.pem -# pkey=/etc/coturn/ssl/privkey.pem -# dh-file=/etc/coturn/ssl/dhparam.pem -# cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5" -# no-tlsv1 -# no-tlsv1_1 -no-tls -no-dtls +cert=/etc/coturn/ssl/cert.pem +pkey=/etc/coturn/ssl/privkey.pem +dh-file=/etc/coturn/ssl/dhparams.pem +cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5" +no-tlsv1 +no-tlsv1_1 use-auth-secret static-auth-secret={{ coturn_auth_secret }} |