Based on PR163 from netaskd

jitsi#163 Fix prosody configuration Fix web configuration Fix name : turn => coturn Update README.md
goacid · Jul 3, 2020 · 34b79ff · 34b79ff
2 parents baed605 + 14d717c
commit 34b79ff
Show file tree

Hide file tree

Showing 11 changed files with 155 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@ FORCE_REBUILD ?= 0
 JITSI_RELEASE ?= stable
 JITSI_BUILD ?= latest
 JITSI_REPO ?= jitsi
-JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi etherpad jibri
+JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi etherpad jibri coturn
 
 BUILD_ARGS := --build-arg JITSI_REPO=$(JITSI_REPO)
 ifeq ($(FORCE_REBUILD), 1)

diff --git a/README.md b/README.md
@@ -15,5 +15,5 @@ The installation manual is available [here](https://jitsi.github.io/handbook/doc
 ## TODO
 
 * Support container replicas (where applicable).
-* TURN server.
+
 
diff --git a/coturn.yml b/coturn.yml
@@ -0,0 +1,30 @@
+version: '3'
+
+services:
+ # coturn TURN server project
+ turn:
+ image: jitsi/coturn
+ restart: always
+ volumes:
+ - ${CONFIG}/turn:/config
+ ports:
+ - '${TURN_PORT}:${TURN_PORT}/tcp'
+ - '${TURN_PORT}:${TURN_PORT}/udp'
+ - '${TURN_RTP_MIN}-${TURN_RTP_MAX}:${TURN_RTP_MIN}-${TURN_RTP_MAX}/udp'
+ - '${TURN_ADMIN_PORT}:${TURN_ADMIN_PORT}/tcp'
+ environment:
+ - DOCKER_HOST_ADDRESS
+ - TURN_SECRET
+ - TURN_REALM
+ - TURN_HOST
+ - TURN_PORT
+ - TURN_TRANSPORT
+ - TURN_RTP_MIN
+ - TURN_RTP_MAX
+ - TURN_ADMIN_ENABLE
+ - TURN_ADMIN_USER
+ - TURN_ADMIN_SECRET
+ - TURN_ADMIN_PORT
+ networks:
+ meet.jitsi:
+
diff --git a/coturn/Dockerfile b/coturn/Dockerfile
@@ -0,0 +1,13 @@
+ARG VERSION
+FROM instrumentisto/coturn:${VERSION:-latest}
+
+RUN apk add --no-cache openssl
+
+ADD ./rootfs/defaults/docker-entrypoint.sh /docker-entrypoint.sh
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+VOLUME ["/config"]
+
+EXPOSE 5349 8443 10000:11000/udp
+
diff --git a/coturn/Makefile b/coturn/Makefile
@@ -0,0 +1,5 @@
+build:
+ docker build $(BUILD_ARGS) -t $(JITSI_REPO)/coturn .
+
+.PHONY: build
+
diff --git a/coturn/rootfs/defaults/docker-entrypoint.sh b/coturn/rootfs/defaults/docker-entrypoint.sh
@@ -0,0 +1,42 @@
+#!/bin/ash
+
+# make certs if not exist
+if [[ ! -f /config/cert.crt || ! -f /config/cert.key ]]; then
+ openssl req -newkey rsa:2048 -nodes -keyout /config/cert.key -x509 -days 3650 -out /config/cert.crt -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}"
+fi
+
+# use non empty TURN_PUBLIC_IP variable, othervise set it dynamically.
+[ -z "${TURN_PUBLIC_IP}" ] && export TURN_PUBLIC_IP=$(curl -4ks https://icanhazip.com)
+[ -z "${TURN_PUBLIC_IP}" ] && echo "ERROR: variable TURN_PUBLIC_IP is not set and can not be set dynamically!" && kill 1
+
+# set coturn web-admin access
+if [[ "${TURN_ADMIN_ENABLE}" == "1" || "${TURN_ADMIN_ENABLE}" == "true" ]]; then
+ turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme}
+ export TURN_ADMIN_OPTIONS="--web-admin --web-admin-ip=$(hostname -i) --web-admin-port=${TURN_ADMIN_PORT:-8443}"
+fi
+
+# run coturn server with API auth method enabled.
+turnserver -n ${TURN_ADMIN_OPTIONS} \
+--verbose \
+--prod \
+--no-tlsv1 \
+--no-tlsv1_1 \
+--log-file=stdout \
+--listening-port=${TURN_PORT:-5349} \
+--tls-listening-port=${TURN_PORT:-5349} \
+--alt-listening-port=${TURN_PORT:-5349} \
+--alt-tls-listening-port=${TURN_PORT:-5349} \
+--cert=/config/cert.crt \
+--pkey=/config/cert.key \
+--min-port=${TURN_RTP_MIN:-10000} \
+--max-port=${TURN_RTP_MAX:-11000} \
+--no-stun \
+--use-auth-secret \
+--static-auth-secret=${TURN_SECRET:-keepthissecret} \
+--no-multicast-peers \
+--realm=${TURN_REALM:-realm} \
+--listening-ip=$(hostname -i) \
+--external-ip=${TURN_PUBLIC_IP} \
+--cli-password=NotReallyCliUs3d \
+--no-cli
+
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -39,6 +39,7 @@ services:
  - JIBRI_RECORDER_USER
  - JIBRI_RECORDER_PASSWORD
  - ENABLE_RECORDING
+ - TURN_ENABLE
  networks:
  meet.jitsi:
  aliases:
@@ -104,6 +105,11 @@ services:
  - JWT_TOKEN_AUTH_MODULE
  - LOG_LEVEL
  - TZ
+ - TURN_ENABLE
+ - TURN_SECRET
+ - TURN_HOST
+ - TURN_PORT
+ - TURN_TRANSPORT
  networks:
  meet.jitsi:
  aliases:

diff --git a/env.example b/env.example
@@ -327,3 +327,43 @@ JIBRI_LOGS_DIR=/config/logs
 # Container restart policy
 # Defaults to unless-stopped
 RESTART_POLICY=unless-stopped
+# Use TURN for P2P and JVB (bridge mode) connections
+#TURN_ENABLE=0
+
+# Realm to be used for the users with long-term credentials mechanism or with TURN REST API
+#TURN_REALM=realm
+
+# Secret for connect to TURN server
+#TURN_SECRET=keepthissecret
+
+# Annonce FQDN/IP address of the turn server via XMPP server (XEP-0215).
+# If empty or not set, variable DOCKER_HOST_ADDRESS will be used by default.
+#TURN_HOST=turn.example.com
+
+# Public IP address for an instance of turn server.
+# If empty or not set, will be detected and set dynamically when a container start.
+#TURN_PUBLIC_IP=144.144.144.144
+
+# TLS/TCP/UDP turn port for connection
+#TURN_PORT=5349
+
+# Transport for stun/turn connection. Can be tcp or udp.
+#TURN_TRANSPORT=tcp
+
+# RTP start port for turn/turns connections
+#TURN_RTP_MIN=16000
+
+# RTP end port for turn/turns connections
+#TURN_RTP_MAX=17000
+
+# Enable admin web access. If enabled, please set variables below.
+#TURN_ADMIN_ENABLE=0
+
+# Username for admin panel
+#TURN_ADMIN_USER=admin
+
+# Password for admin panel
+#TURN_ADMIN_SECRET=changeme
+
+# HTTP(s) port for acess to admin panel
+#TURN_ADMIN_PORT=8443
diff --git a/prosody/Dockerfile b/prosody/Dockerfile
@@ -47,13 +47,18 @@ RUN \
  && apt-cleanup \
  && rm -rf /tmp/pkg /var/cache/apt
 
-RUN patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch
 
 COPY rootfs/ /
 
 COPY --from=builder /usr/local/lib/lua /usr/local/lib/lua
 COPY --from=builder /usr/local/share/lua /usr/local/share/lua
 
+ADD https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua /prosody-plugins/mod_turncredentials.lua
+
+RUN \
+ sed -i s/hook/hook_global/g /prosody-plugins/mod_auth_token.lua \
+ && patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch
+
 EXPOSE 5222 5347 5280
 
 VOLUME ["/config", "/prosody-plugins-custom"]
diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -52,12 +52,16 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
  "ping";
  "speakerstats";
  "conference_duration";
+ {{ if .Env.TURN_ENABLE | default "0" | toBool }}
+ "turncredentials";
+ {{end}}
  {{ if .Env.XMPP_MODULES }}
  "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
  {{ end }}
  {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }}
  "auth_cyrus";
  {{end}}
+
  }
 
  speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}"

diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config
@@ -114,6 +114,13 @@ if [[ ! -f /config/config.js ]]; then
  -e "s#// transcribingEnabled:.*#transcribingEnabled: true,#" \
  /config/config.js
  fi
+
+ if [[ $TURN_ENABLE -eq 1 || "$TURN_ENABLE" == "true" ]]; then
+ sed -i \
+ -e "s#// useStunTurn:.*,#useStunTurn: true,#" \
+ /config/config.js
+ fi
+
 fi
 
 if [[ ! -f /config/interface_config.js ]]; then