From 307f323e439c1aeb402534dd214561852acd2ae2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Mon, 21 Aug 2023 16:23:23 +0200 Subject: [PATCH 1/6] Bugfixes --- README.md | 2 +- config/runtime.exs | 4 ++-- lib/rel/listener.ex | 4 ++-- lib/rel_app.ex | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fe95688..5711fd3 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ mix run --no-halt 2. In Docker ```console -docker run ghcr.io/webrtc-elixir/rel:latest +docker run ghcr.io/elixir-webrtc/rel:latest ``` ## Features and configuration diff --git a/config/runtime.exs b/config/runtime.exs index 5d5249f..bed403e 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -20,7 +20,7 @@ defmodule ConfigUtils do def parse_port(port) do case Integer.parse(port, 10) do - {val, _rem} when val in 0..49_151 -> + {val, _rem} when val in 0..65_535 -> val _other -> @@ -134,7 +134,7 @@ config :rel, external_listen_ip: external_listen_ip, relay_ip: relay_ip, external_relay_ip: external_relay_ip, - listen_port: System.get_env("UDP_LISTEN_PORT", "3478") |> ConfigUtils.parse_port(), + listen_port: System.get_env("LISTEN_PORT", "3478") |> ConfigUtils.parse_port(), domain: System.get_env("DOMAIN", "example.com") # Metrics endpoint configuration diff --git a/lib/rel/listener.ex b/lib/rel/listener.ex index e34702f..5f7c87d 100644 --- a/lib/rel/listener.ex +++ b/lib/rel/listener.ex @@ -21,7 +21,7 @@ defmodule Rel.Listener do alias ExSTUN.Message.Type alias ExSTUN.Message.Attribute.{Username, XORMappedAddress} - @buf_size 2 * 1024 + @buf_size 2 * 1024 * 1024 @default_alloc_ports MapSet.new(49_152..65_535) @spec start_link(term()) :: {:ok, pid()} @@ -198,7 +198,7 @@ defmodule Rel.Listener do # origin_alloc_state. In most cases, this shouldn't be a problem as # client is encouraged to refresh its allocation one minute # before its deadline - :ok = :gen_udp.send(socket, c_ip, c_port, origin_response) + :ok = :socket.sendto(socket, origin_response, %{family: :inet, addr: c_ip, port: c_port}) {:error, :allocation_exists, _alloc_origin_state} -> handle_error.(:allocation_exists, socket, c_ip, c_port, msg) diff --git a/lib/rel_app.ex b/lib/rel_app.ex index 4bdad6a..9cf2de2 100644 --- a/lib/rel_app.ex +++ b/lib/rel_app.ex @@ -33,7 +33,7 @@ defmodule Rel.App do metrics_ip = Application.fetch_env!(:rel, :metrics_ip) metrics_port = Application.fetch_env!(:rel, :metrics_port) - metrics_opts = [metrics: metrics(), plug_cowboy_opts: [ip: metrics_ip, port: metrics_port]] + metrics_opts = [metrics: metrics(), port: metrics_port, plug_cowboy_opts: [ip: metrics_ip]] children = [ Rel.ListenerSupervisor, From d075a9e67a4b5be9359cb93d2312f30d6fa1acfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Mon, 21 Aug 2023 16:44:04 +0200 Subject: [PATCH 2/6] Improve/fix config options --- .github/workflows/build_deploy.yml | 4 ++-- README.md | 22 ++++++++++++++-------- config/runtime.exs | 26 ++++++++++++-------------- docker-compose.yml | 2 +- lib/rel/auth_provider.ex | 2 +- lib/rel/utils.ex | 4 ++-- lib/rel_app.ex | 18 +++++++++--------- 7 files changed, 41 insertions(+), 37 deletions(-) diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml index a698bf4..40d0713 100644 --- a/.github/workflows/build_deploy.yml +++ b/.github/workflows/build_deploy.yml @@ -54,7 +54,7 @@ jobs: env: GF_SECURITY_ADMIN_PASSWORD: ${{ secrets.GF_SECURITY_ADMIN_PASSWORD }} GF_SECURITY_ADMIN_USER: ${{ secrets.GF_SECURITY_ADMIN_USER }} - DOMAIN: ${{ secrets.DOMAIN }} + REALM: ${{ secrets.DOMAIN }} DIR_NAME: ${{ secrets.DIR_NAME }} TAG: ${{ github.ref_name }} with: @@ -65,7 +65,7 @@ jobs: rm -rf $DIR_NAME; mkdir $DIR_NAME cd $DIR_NAME git clone -b $TAG --depth 1 https://github.com/${{ github.repository }} . - echo "DOMAIN=$DOMAIN + echo "REALM=$REALM GF_SECURITY_ADMIN_PASSWORD=$GF_SECURITY_ADMIN_PASSWORD GF_SECURITY_ADMIN_USER=$GF_SECURITY_ADMIN_USER TAG=${TAG#v}" > .env diff --git a/README.md b/README.md index 5711fd3..29f9dc2 100644 --- a/README.md +++ b/README.md @@ -88,10 +88,16 @@ RELAY_IP=0.0.0.0 EXTERNAL_RELAY_IP=167.235.241.140 ``` -Remember to use the `DOMAIN` variable specific to your deployment. It's used in e.g. `REALM` STUN attributes. +Remember to use the `REALM` variable specific to your deployment. It's used in `REALM` STUN attributes. See +[this section of RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617#section-3.2.1) to learn about appropriate values for `REALM` attribute. ```console -DOMAIN=my-amazing-turn.com +REALM=my-amazing-turn.com +``` + +You can configure the number of running `listener` processes. By default, it is equal to number of running Erlang VM schedulers: +```console +LISTENER_COUNT=8 ``` ### Auth @@ -100,12 +106,12 @@ Auth Provider is an HTTP endpoint that provides credentials required by *A REST By default it is available at `http://127.0.0.1:4000/`, but the address, encryption and CORS can be configured: ```console -AUTH_PROVIDER_IP=127.0.0.1 -AUTH_PROVIDER_PORT=4000 -AUTH_PROVIDER_USE_TLS=false -KEY_FILE_PAHT=./rel.key -CERT_FILE_PATH./rel.cert -AUTH_PROVIDER_ALLOW_CORS=false +AUTH_IP=127.0.0.1 +AUTH_PORT=4000 +AUTH_USE_TLS=false +AUTH_KEYFILE=./rel.key +AUTH_CERTFILE./rel.cert +AUTH_ALLOW_CORS=false ``` ### Metrics diff --git a/config/runtime.exs b/config/runtime.exs index bed403e..d23f761 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -77,11 +77,11 @@ defmodule ConfigUtils do end # HTTPS for AuthProvider -use_tls? = System.get_env("AUTH_PROVIDER_USE_TLS", "false") |> ConfigUtils.is_truthy?() -keyfile = System.get_env("KEY_FILE_PATH") -certfile = System.get_env("CERT_FILE_PATH") +auth_use_tls? = System.get_env("AUTH_USE_TLS", "false") |> ConfigUtils.is_truthy?() +auth_keyfile = System.get_env("AUTH_KEYFILE") +auth_certfile = System.get_env("AUTH_CERTFILE") -if use_tls? and (is_nil(keyfile) or is_nil(certfile)) do +if auth_use_tls? and (is_nil(auth_keyfile) or is_nil(auth_certfile)) do raise "Both KEY_FILE_PATH and CERT_FILE_PATH must be set is TLS is used" end @@ -101,7 +101,7 @@ relay_ip = end external_relay_ip = - case System.fetch_env("EXTERNAL_LISTEN_IP") do + case System.fetch_env("EXTERNAL_RELAY_IP") do {:ok, addr} -> ConfigUtils.parse_ip_address(addr) :error -> external_listen_ip end @@ -119,14 +119,12 @@ listener_count = # AuthProvider/credentials configuration config :rel, - auth_provider_ip: - System.get_env("AUTH_PROVIDER_IP", "127.0.0.1") |> ConfigUtils.parse_ip_address(), - auth_provider_port: System.get_env("AUTH_PROVIDER_PORT", "4000") |> ConfigUtils.parse_port(), - auth_provider_allow_cors?: - System.get_env("AUTH_PROVIDER_ALLOW_CORS", "false") |> ConfigUtils.is_truthy?(), - auth_provider_use_tls?: use_tls?, - keyfile: keyfile, - certfile: certfile + auth_ip: System.get_env("AUTH_IP", "127.0.0.1") |> ConfigUtils.parse_ip_address(), + auth_port: System.get_env("AUTH_PORT", "4000") |> ConfigUtils.parse_port(), + auth_allow_cors?: System.get_env("AUTH_ALLOW_CORS", "false") |> ConfigUtils.is_truthy?(), + auth_use_tls?: auth_use_tls?, + auth_keyfile: auth_keyfile, + auth_certfile: auth_certfile # TURN server configuration config :rel, @@ -135,7 +133,7 @@ config :rel, relay_ip: relay_ip, external_relay_ip: external_relay_ip, listen_port: System.get_env("LISTEN_PORT", "3478") |> ConfigUtils.parse_port(), - domain: System.get_env("DOMAIN", "example.com") + realm: System.get_env("REALM", "example.com") # Metrics endpoint configuration config :rel, diff --git a/docker-compose.yml b/docker-compose.yml index f3acb09..4b9b485 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: restart: on-failure network_mode: host environment: - DOMAIN: "${DOMAIN}" + REALM: "${REALM}" node-exporter: image: prom/node-exporter:v1.6.1 diff --git a/lib/rel/auth_provider.ex b/lib/rel/auth_provider.ex index ba240ff..9b8e7ee 100644 --- a/lib/rel/auth_provider.ex +++ b/lib/rel/auth_provider.ex @@ -8,7 +8,7 @@ defmodule Rel.AuthProvider do def init(_opts), do: [] def call(conn, _opts) do - allow? = Application.fetch_env!(:rel, :auth_provider_allow_cors?) + allow? = Application.fetch_env!(:rel, :auth_allow_cors?) if allow? do CORSPlug.call(conn, CORSPlug.init([])) diff --git a/lib/rel/utils.ex b/lib/rel/utils.ex index b6ffa86..a240313 100644 --- a/lib/rel/utils.ex +++ b/lib/rel/utils.ex @@ -32,7 +32,7 @@ defmodule Rel.Utils do @spec build_error(atom(), integer(), Method.t()) :: {response :: binary(), log_msg :: String.t()} def build_error(reason, t_id, method) do - domain = Application.fetch_env!(:rel, :domain) + realm = Application.fetch_env!(:rel, :realm) {log_msg, code, with_attrs?} = translate_error(reason) error_type = %Type{class: :error_response, method: method} @@ -40,7 +40,7 @@ defmodule Rel.Utils do attrs = if with_attrs? do - attrs ++ [%Nonce{value: build_nonce()}, %Realm{value: domain}] + attrs ++ [%Nonce{value: build_nonce()}, %Realm{value: realm}] else attrs end diff --git a/lib/rel_app.ex b/lib/rel_app.ex index 9cf2de2..8c4d83d 100644 --- a/lib/rel_app.ex +++ b/lib/rel_app.ex @@ -10,18 +10,18 @@ defmodule Rel.App do def start(_, _) do Logger.info("Starting Rel v#{@version}") - auth_ip = Application.fetch_env!(:rel, :auth_provider_ip) - auth_port = Application.fetch_env!(:rel, :auth_provider_port) - use_tls? = Application.fetch_env!(:rel, :auth_provider_use_tls?) - keyfile = Application.fetch_env!(:rel, :keyfile) - certfile = Application.fetch_env!(:rel, :certfile) + auth_ip = Application.fetch_env!(:rel, :auth_ip) + auth_port = Application.fetch_env!(:rel, :auth_port) + auth_use_tls? = Application.fetch_env!(:rel, :auth_use_tls?) + auth_keyfile = Application.fetch_env!(:rel, :auth_keyfile) + auth_certfile = Application.fetch_env!(:rel, :auth_certfile) auth_opts = - if use_tls? do + if auth_use_tls? do [ scheme: :https, - certfile: certfile, - keyfile: keyfile + certfile: auth_certfile, + keyfile: auth_keyfile ] else [scheme: :http] @@ -46,7 +46,7 @@ defmodule Rel.App do metrics_endpoint = "http://#{:inet.ntoa(metrics_ip)}:#{metrics_port}/metrics" Logger.info("Starting Prometheus metrics endpoint at: #{metrics_endpoint}") - scheme = if(use_tls?, do: "https", else: "http") + scheme = if(auth_use_tls?, do: "https", else: "http") auth_endpoint = "#{scheme}://#{:inet.ntoa(auth_ip)}:#{auth_port}/" Logger.info("Starting credentials endpoint at: #{auth_endpoint}") From 94925ea5aac0011d78e7561b296bbd81e9869d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Mon, 21 Aug 2023 16:57:55 +0200 Subject: [PATCH 3/6] Move allocation port range to config.exs --- config/config.exs | 4 ++++ lib/rel/listener.ex | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/config/config.exs b/config/config.exs index 7b54f26..e3e2ffa 100644 --- a/config/config.exs +++ b/config/config.exs @@ -1,5 +1,9 @@ import Config +config :rel, + alloc_port_range: 49_152..65_535 + +# various lifetimes config :rel, # 1 day in seconds, see https://datatracker.ietf.org/doc/html/draft-uberti-rtcweb-turn-rest-00#section-2.2 credentials_lifetime: 24 * 60 * 60, diff --git a/lib/rel/listener.ex b/lib/rel/listener.ex index 5f7c87d..75d804a 100644 --- a/lib/rel/listener.ex +++ b/lib/rel/listener.ex @@ -22,7 +22,7 @@ defmodule Rel.Listener do alias ExSTUN.Message.Attribute.{Username, XORMappedAddress} @buf_size 2 * 1024 * 1024 - @default_alloc_ports MapSet.new(49_152..65_535) + @default_alloc_ports MapSet.new(Application.compile_env!(:rel, :alloc_port_range)) @spec start_link(term()) :: {:ok, pid()} def start_link(args) do From 8f08fbb8725afbb18af19cce594b35a8ef50b93c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Mon, 21 Aug 2023 17:12:35 +0200 Subject: [PATCH 4/6] Allow to set allocation port range via env variable --- README.md | 8 ++++++++ config/config.exs | 4 ---- config/runtime.exs | 4 +++- lib/rel/listener.ex | 6 ++++-- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 29f9dc2..16c7c7a 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,13 @@ RELAY_IP=0.0.0.0 EXTERNAL_RELAY_IP=167.235.241.140 ``` +Rel will try to open relay addresses in `49_152 - 65_535` port range, but this can be changed. `RELAY_PORT_END` must be greater than `RELAY_PORT_START`. + +```console +RELAY_PORT_START=35000 +RELAY_PORT_END=45000 +``` + Remember to use the `REALM` variable specific to your deployment. It's used in `REALM` STUN attributes. See [this section of RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617#section-3.2.1) to learn about appropriate values for `REALM` attribute. @@ -96,6 +103,7 @@ REALM=my-amazing-turn.com ``` You can configure the number of running `listener` processes. By default, it is equal to number of running Erlang VM schedulers: + ```console LISTENER_COUNT=8 ``` diff --git a/config/config.exs b/config/config.exs index e3e2ffa..7b54f26 100644 --- a/config/config.exs +++ b/config/config.exs @@ -1,9 +1,5 @@ import Config -config :rel, - alloc_port_range: 49_152..65_535 - -# various lifetimes config :rel, # 1 day in seconds, see https://datatracker.ietf.org/doc/html/draft-uberti-rtcweb-turn-rest-00#section-2.2 credentials_lifetime: 24 * 60 * 60, diff --git a/config/runtime.exs b/config/runtime.exs index d23f761..2235cd0 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -133,7 +133,9 @@ config :rel, relay_ip: relay_ip, external_relay_ip: external_relay_ip, listen_port: System.get_env("LISTEN_PORT", "3478") |> ConfigUtils.parse_port(), - realm: System.get_env("REALM", "example.com") + realm: System.get_env("REALM", "example.com"), + relay_port_start: System.get_env("RELAY_PORT_START", "49152") |> ConfigUtils.parse_port(), + relay_port_end: System.get_env("RELAY_PORT_END", "65535") |> ConfigUtils.parse_port() # Metrics endpoint configuration config :rel, diff --git a/lib/rel/listener.ex b/lib/rel/listener.ex index 75d804a..f8d9b91 100644 --- a/lib/rel/listener.ex +++ b/lib/rel/listener.ex @@ -22,7 +22,6 @@ defmodule Rel.Listener do alias ExSTUN.Message.Attribute.{Username, XORMappedAddress} @buf_size 2 * 1024 * 1024 - @default_alloc_ports MapSet.new(Application.compile_env!(:rel, :alloc_port_range)) @spec start_link(term()) :: {:ok, pid()} def start_link(args) do @@ -322,7 +321,10 @@ defmodule Rel.Listener do |> Enum.map(fn alloc_origin_state -> Map.fetch!(alloc_origin_state, :alloc_port) end) |> MapSet.new() - available_alloc_ports = MapSet.difference(@default_alloc_ports, used_alloc_ports) + relay_port_start = Application.fetch_env!(:rel, :relay_port_start) + relay_port_end = Application.fetch_env!(:rel, :relay_port_end) + default_alloc_ports = MapSet.new(relay_port_start..relay_port_end) + available_alloc_ports = MapSet.difference(default_alloc_ports, used_alloc_ports) if MapSet.size(available_alloc_ports) == 0 do {:error, :out_of_ports} From cb750f78782d7731938a2a6dac8867ee11726923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Tue, 22 Aug 2023 09:08:42 +0200 Subject: [PATCH 5/6] Apply requested changes --- .github/workflows/build_deploy.yml | 2 +- config/runtime.exs | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml index 40d0713..21d949e 100644 --- a/.github/workflows/build_deploy.yml +++ b/.github/workflows/build_deploy.yml @@ -54,7 +54,7 @@ jobs: env: GF_SECURITY_ADMIN_PASSWORD: ${{ secrets.GF_SECURITY_ADMIN_PASSWORD }} GF_SECURITY_ADMIN_USER: ${{ secrets.GF_SECURITY_ADMIN_USER }} - REALM: ${{ secrets.DOMAIN }} + REALM: ${{ secrets.REALM }} DIR_NAME: ${{ secrets.DIR_NAME }} TAG: ${{ github.ref_name }} with: diff --git a/config/runtime.exs b/config/runtime.exs index 2235cd0..e2fdab7 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -106,6 +106,12 @@ external_relay_ip = :error -> external_listen_ip end +relay_port_start = System.get_env("RELAY_PORT_START", "49152") |> ConfigUtils.parse_port() +relay_port_end = System.get_env("RELAY_PORT_END", "65535") |> ConfigUtils.parse_port() + +if relay_port_start > relay_port_end, + do: raise("RELAY_PORT_END must be greater or equal to RELAY_PORT_END") + listener_count = case System.fetch_env("LISTENER_COUNT") do {:ok, count} -> @@ -134,8 +140,8 @@ config :rel, external_relay_ip: external_relay_ip, listen_port: System.get_env("LISTEN_PORT", "3478") |> ConfigUtils.parse_port(), realm: System.get_env("REALM", "example.com"), - relay_port_start: System.get_env("RELAY_PORT_START", "49152") |> ConfigUtils.parse_port(), - relay_port_end: System.get_env("RELAY_PORT_END", "65535") |> ConfigUtils.parse_port() + relay_port_start: relay_port_start, + relay_port_end: relay_port_end # Metrics endpoint configuration config :rel, From 183b7759d24e71ef8a0f3f45fd9799353d37e991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Wala?= Date: Tue, 22 Aug 2023 10:18:56 +0200 Subject: [PATCH 6/6] Refactor configuration documentation --- README.md | 81 +++++++----------------------------------------------- sample.env | 53 +++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 71 deletions(-) create mode 100644 sample.env diff --git a/README.md b/README.md index 16c7c7a..4e95b6d 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,9 @@ TURN server in pure Elixir. Aims to implement: -- [RFC 5766](https://datatracker.ietf.org/doc/html/rfc5766) -- [RFC 6156](https://datatracker.ietf.org/doc/html/rfc6156#autoid-7) +- RFC 5389: [Session Traversal Utilities for NAT (STUN)](https://datatracker.ietf.org/doc/html/rfc5389) +- RFC 5766: [Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)](https://datatracker.ietf.org/doc/html/rfc5766) +- RFC 6156: [Traversal Using Relays around NAT (TURN) Extension for IPv6](https://datatracker.ietf.org/doc/html/rfc6156#autoid-7) This project is in early stage of development and some of the features described in the RFCs might be missing. Expect breaking changes. @@ -43,7 +44,7 @@ pc = new RTCPeerConnection({ }); ``` -## Installation +## Installation and running 1. From source @@ -57,77 +58,15 @@ mix run --no-halt 2. In Docker ```console -docker run ghcr.io/elixir-webrtc/rel:latest +docker run --network=host ghcr.io/elixir-webrtc/rel:latest ``` ## Features and configuration -Currently, Rel is configured via environment variables. +Rel exposes Prometheus metrics endpoint (by default `http://127.0.0.1:9568/metrics`). -### TURN server - -Rel by default listens on `0.0.0.0:3478/UDP` for TURN traffic. This can be configured via `LISTEN_IP` and `LISTEN_PORT`. - -```console -LISTEN_IP=0.0.0.0 -LISTEN_PORT=3478 -``` - -`EXTERNAL_LISTEN_IP` is the IP address at which Rel is visible to clients. By default, Rel will try to guess the address -based on active network interfaces, but this must be set explicitly when e.g. using Docker without `--network host`. - -```console -EXTERNAL_LISTEN_IP=167.235.241.140 -``` - -By default, Rel will use the same addresses (`RELAY_IP == LISTEN_IP and EXTERNAL_RELAY_IP == EXTERNAL_LISTEN_IP`) to open allocations, but this -can be set to something else: - -```console -RELAY_IP=0.0.0.0 -EXTERNAL_RELAY_IP=167.235.241.140 -``` - -Rel will try to open relay addresses in `49_152 - 65_535` port range, but this can be changed. `RELAY_PORT_END` must be greater than `RELAY_PORT_START`. - -```console -RELAY_PORT_START=35000 -RELAY_PORT_END=45000 -``` - -Remember to use the `REALM` variable specific to your deployment. It's used in `REALM` STUN attributes. See -[this section of RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617#section-3.2.1) to learn about appropriate values for `REALM` attribute. - -```console -REALM=my-amazing-turn.com -``` - -You can configure the number of running `listener` processes. By default, it is equal to number of running Erlang VM schedulers: - -```console -LISTENER_COUNT=8 -``` - -### Auth - -Auth Provider is an HTTP endpoint that provides credentials required by *A REST API For Access To TURN Services*. -By default it is available at `http://127.0.0.1:4000/`, but the address, encryption and CORS can be configured: - -```console -AUTH_IP=127.0.0.1 -AUTH_PORT=4000 -AUTH_USE_TLS=false -AUTH_KEYFILE=./rel.key -AUTH_CERTFILE./rel.cert -AUTH_ALLOW_CORS=false -``` - -### Metrics - -By default, Rel provides Prometheus metrics at `http://127.0.0.1:9578/metrics`. The address can be configured: - -```console -METRICS_IP=127.0.0.1 -METRICS_PORT=9568 -``` +Rel supports authentication described in [A REST API For Access To TURN Services](https://datatracker.ietf.org/doc/html/draft-uberti-rtcweb-turn-rest-00#section-2.2). +By default available under `http://127.0.0.1:4000/`. Example request would be `POST http://127.0.0.1:40000/?service=turn&username=johnsmith`. +Key query parameter currently is not supported. +Rel is configured via environment variables. All of the possible options are described in [sample env file](./sample.env). diff --git a/sample.env b/sample.env new file mode 100644 index 0000000..8a0b338 --- /dev/null +++ b/sample.env @@ -0,0 +1,53 @@ +# Rel config env variables + +# Values presented in this example file are used by default +# except where explicitly specified otherwise + +## TURN + +# Server address and port on which Rel listens for TURN/STUN requests +LISTEN_IP=0.0.0.0 +LISTEN_PORT=3478 + +# Server address as seen from the client +# By default it is equal to LISTEN_PORT or (if LISTEN_PORT == 0.0.0.0) Rel +# will try to guess the address based on host's network interfaces +# It must be explicitly set when e.g. running in Docker without `--network=host` +# EXTERNAL_LISTEN_IP=167.235.241.140 + +# Address and port range where relay address will be allocated +RELAY_IP=0.0.0.0 +RELAY_PORT_START=49152 +RELAY_PORT_END=65535 + +# Relay address as seen from peers +# Behave the same way as EXTERNAL_LISTEN_IP +# EXTERNAL_RELAY_IP=167.235.241.140 + +# Values used in REALM STUN attribute, see https://datatracker.ietf.org/doc/html/rfc5389#section-15.7 +REALM=example.com + +# Number of running listener processes. By default equal to number of running Erlang VM schedulers +# LISTENER_COUNT=8 + +## AUTH PROVIDER + +# Auth provider is available under http(s)://$AUTH_IP:$AUTH_PORT/ +AUTH_IP=127.0.0.1 +AUTH_PORT=4000 + +# whether to use HTTP or HTTPS +# If true, AUTH_KEYFILE and AUTH_CERFILE must be explicitly set +AUTH_USE_TLS=false +# AUTH_KEYFILE=./rel.key +# AUTH_CERTFILE=./rel.cert + +# Whether to allos Cross-Origin Resource Sharing +# May be useful when requesting credentials via JavaScript in the browser +AUTH_ALLOW_CORS=false + +## METRICS + +# Prometheus metrics are served on http://$METRICS_IP:$METRICS_PORT/metrics +METRICS_IP=127.0.0.1 +METRICS_PORT=9568