mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-26 20:41:07 +01:00 
			
		
		
		
	
							parent
							
								
									8c15f4bf23
								
							
						
					
					
						commit
						ab1292059f
					
				| @ -1,7 +1,7 @@ | |||||||
| # Coturn TURN SERVER configuration file | # Coturn TURN SERVER configuration file | ||||||
| # | # | ||||||
| # Boolean values note: where a boolean value is supposed to be used, | # Boolean values note: where a boolean value is supposed to be used, | ||||||
| # you can use '0', 'off', 'no', 'false', or 'f' as 'false, | # you can use '0', 'off', 'no', 'false', or 'f' as 'false', | ||||||
| # and you can use '1', 'on', 'yes', 'true', or 't' as 'true' | # and you can use '1', 'on', 'yes', 'true', or 't' as 'true' | ||||||
| # If the value is missing, then it means 'true' by default. | # If the value is missing, then it means 'true' by default. | ||||||
| # | # | ||||||
| @ -125,7 +125,7 @@ tls-listening-port=5349 | |||||||
| # | # | ||||||
| # By default, this value is empty, and no address mapping is used. | # By default, this value is empty, and no address mapping is used. | ||||||
| # | # | ||||||
| external-ip=193.224.22.37 | #external-ip=60.70.80.91 | ||||||
| # | # | ||||||
| #OR: | #OR: | ||||||
| # | # | ||||||
| @ -186,6 +186,18 @@ lt-cred-mech | |||||||
| # | # | ||||||
| #no-auth | #no-auth | ||||||
| 
 | 
 | ||||||
|  | # Enable prometheus exporter | ||||||
|  | # If enabled the turnserver will expose an endpoint with stats on a prometheus format | ||||||
|  | # this endpoint is listening on a different port to not conflict with other configurations. | ||||||
|  | # | ||||||
|  | # You can simply run the turnserver and access the port 9641 and path /metrics | ||||||
|  | # | ||||||
|  | # For more info on the prometheus exporter and metrics | ||||||
|  | # https://prometheus.io/docs/introduction/overview/ | ||||||
|  | # https://prometheus.io/docs/concepts/data_model/ | ||||||
|  | # | ||||||
|  | #prometheus | ||||||
|  | 
 | ||||||
| # TURN REST API flag. | # TURN REST API flag. | ||||||
| # (Time Limited Long Term Credential) | # (Time Limited Long Term Credential) | ||||||
| # Flag that sets a special authorization option that is based upon authentication secret. | # Flag that sets a special authorization option that is based upon authentication secret. | ||||||
| @ -377,7 +389,7 @@ realm=example.org | |||||||
| # Total bytes-per-second bandwidth the TURN server is allowed to allocate | # Total bytes-per-second bandwidth the TURN server is allowed to allocate | ||||||
| # for the sessions, combined (input and output network streams are treated separately). | # for the sessions, combined (input and output network streams are treated separately). | ||||||
| # | # | ||||||
| # bps-capacity=0 | #bps-capacity=0 | ||||||
| 
 | 
 | ||||||
| # Uncomment if no UDP client listener is desired. | # Uncomment if no UDP client listener is desired. | ||||||
| # By default UDP client listener is always started. | # By default UDP client listener is always started. | ||||||
| @ -516,12 +528,27 @@ pkey=/etc/ssl/private/privkey.pem | |||||||
| # | # | ||||||
| syslog | syslog | ||||||
| 
 | 
 | ||||||
|  | # Set syslog facility for syslog messages | ||||||
|  | # Default values is ''. | ||||||
|  | # | ||||||
|  | #syslog-facility="LOG_LOCAL1" | ||||||
|  | 
 | ||||||
| # This flag means that no log file rollover will be used, and the log file | # This flag means that no log file rollover will be used, and the log file | ||||||
| # name will be constructed as-is, without PID and date appendage. | # name will be constructed as-is, without PID and date appendage. | ||||||
| # This option can be used, for example, together with the logrotate tool. | # This option can be used, for example, together with the logrotate tool. | ||||||
| # | # | ||||||
| #simple-log | #simple-log | ||||||
| 
 | 
 | ||||||
|  | # Enable full ISO-8601 timestamp in all logs. | ||||||
|  | #new-log-timestamp | ||||||
|  | 
 | ||||||
|  | # Set timestamp format (in strftime(1) format). Depends on new-log-timestamp to be enabled. | ||||||
|  | #new-log-timestamp-format "%FT%T%z" | ||||||
|  | 
 | ||||||
|  | # Disabled by default binding logging in verbose log mode to avoid DoS attacks. | ||||||
|  | # Enable binding logging and UDP endpoint logs in verbose log mode. | ||||||
|  | #log-binding | ||||||
|  | 
 | ||||||
| # Option to set the "redirection" mode. The value of this option | # Option to set the "redirection" mode. The value of this option | ||||||
| # will be the address of the alternate server for UDP & TCP service in the form of | # will be the address of the alternate server for UDP & TCP service in the form of | ||||||
| # <ip>[:<port>]. The server will send this value in the attribute | # <ip>[:<port>]. The server will send this value in the attribute | ||||||
| @ -584,7 +611,8 @@ syslog | |||||||
| 
 | 
 | ||||||
| # This is the timestamp/username separator symbol (character) in TURN REST API. | # This is the timestamp/username separator symbol (character) in TURN REST API. | ||||||
| # The default value is ':'. | # The default value is ':'. | ||||||
| # rest-api-separator=: | # | ||||||
|  | #rest-api-separator=: | ||||||
| 
 | 
 | ||||||
| # Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1). | # Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1). | ||||||
| # This is an extra security measure. | # This is an extra security measure. | ||||||
| @ -636,7 +664,7 @@ syslog | |||||||
| # | # | ||||||
| #mobility | #mobility | ||||||
| 
 | 
 | ||||||
| # Allocate Address Family according | # Allocate Address Family according (DEPRECATED and will be removed in favor of allocation-default-address-family) | ||||||
| # If enabled then TURN server allocates address family according  the TURN | # If enabled then TURN server allocates address family according  the TURN | ||||||
| # Client <=> Server communication address family. | # Client <=> Server communication address family. | ||||||
| # (By default Coturn works according RFC 6156.) | # (By default Coturn works according RFC 6156.) | ||||||
| @ -644,6 +672,16 @@ syslog | |||||||
| # | # | ||||||
| #keep-address-family | #keep-address-family | ||||||
| 
 | 
 | ||||||
|  | # TURN server allocates address family according TURN client requested address family. | ||||||
|  | # If address family not requested explicitly by the client, then it falls back to this default. | ||||||
|  | # The standard RFC explicitly define that this default must be IPv4,  | ||||||
|  | # so use other option values with care!  | ||||||
|  | # Possible values: "ipv4" or "ipv6" or "keep"  | ||||||
|  | # "keep" sets the allocation default address family according to  | ||||||
|  | # the TURN client allocation request connection address family. | ||||||
|  | # | ||||||
|  | #allocation-default-address-family="ipv4" | ||||||
|  | #allocation-default-address-family="ipv4" | ||||||
| 
 | 
 | ||||||
| # User name to run the process. After the initialization, the turnserver process | # User name to run the process. After the initialization, the turnserver process | ||||||
| # will attempt to change the current user ID to that user. | # will attempt to change the current user ID to that user. | ||||||
| @ -697,10 +735,15 @@ cli-password=CHANGE_ME | |||||||
| #web-admin-port=8080 | #web-admin-port=8080 | ||||||
| 
 | 
 | ||||||
| # Web-admin server listen on STUN/TURN worker threads | # Web-admin server listen on STUN/TURN worker threads | ||||||
| # By default it is disabled for security resons! (Not recommended in any production environment!) | # By default it is disabled for security reasons! (Not recommended in any production environment!) | ||||||
| # | # | ||||||
| #web-admin-listen-on-workers | #web-admin-listen-on-workers | ||||||
| 
 | 
 | ||||||
|  | # Redirect ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' to '<URL>$1'. | ||||||
|  | # Default is '', i.e. no special handling for such requests. | ||||||
|  | # | ||||||
|  | #acme-redirect=http://redirectserver/.well-known/acme-challenge/ | ||||||
|  | 
 | ||||||
| # Server relay. NON-STANDARD AND DANGEROUS OPTION. | # Server relay. NON-STANDARD AND DANGEROUS OPTION. | ||||||
| # Only for those applications when you want to run | # Only for those applications when you want to run | ||||||
| # server applications on the relay endpoints. | # server applications on the relay endpoints. | ||||||
| @ -723,3 +766,31 @@ cli-password=CHANGE_ME | |||||||
| #no-tlsv1 | #no-tlsv1 | ||||||
| #no-tlsv1_1 | #no-tlsv1_1 | ||||||
| #no-tlsv1_2 | #no-tlsv1_2 | ||||||
|  | 
 | ||||||
|  | # Disable RFC5780 (NAT behavior discovery). | ||||||
|  | # | ||||||
|  | # Originally, if there are more than one listener address from the same | ||||||
|  | # address family, then by default the NAT behavior discovery feature enabled. | ||||||
|  | # This option disables the original behavior, because the NAT behavior | ||||||
|  | # discovery adds extra attributes to response, and this increase the | ||||||
|  | # possibility of an amplification attack. | ||||||
|  | # | ||||||
|  | # Strongly encouraged to use this option to decrease gain factor in STUN | ||||||
|  | # binding responses. | ||||||
|  | # | ||||||
|  | no-rfc5780 | ||||||
|  | 
 | ||||||
|  | # Disable handling old STUN Binding requests and disable MAPPED-ADDRESS | ||||||
|  | # attribute in binding response (use only the XOR-MAPPED-ADDRESS). | ||||||
|  | # | ||||||
|  | # Strongly encouraged to use this option to decrease gain factor in STUN | ||||||
|  | # binding responses. | ||||||
|  | # | ||||||
|  | no-stun-backward-compatibility | ||||||
|  | 
 | ||||||
|  | # Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled. | ||||||
|  | # | ||||||
|  | # Strongly encouraged to use this option to decrease gain factor in STUN | ||||||
|  | # binding responses. | ||||||
|  | # | ||||||
|  | response-origin-only-with-rfc5780 | ||||||
|  | |||||||
| @ -1,7 +1,7 @@ | |||||||
| # Coturn TURN SERVER configuration file | # Coturn TURN SERVER configuration file | ||||||
| # | # | ||||||
| # Boolean values note: where a boolean value is supposed to be used, | # Boolean values note: where a boolean value is supposed to be used, | ||||||
| # you can use '0', 'off', 'no', 'false', or 'f' as 'false, | # you can use '0', 'off', 'no', 'false', or 'f' as 'false', | ||||||
| # and you can use '1', 'on', 'yes', 'true', or 't' as 'true' | # and you can use '1', 'on', 'yes', 'true', or 't' as 'true' | ||||||
| # If the value is missing, then it means 'true' by default. | # If the value is missing, then it means 'true' by default. | ||||||
| # | # | ||||||
| @ -23,7 +23,7 @@ | |||||||
| # "automatically" recognizes the type of traffic. Actually, two listening | # "automatically" recognizes the type of traffic. Actually, two listening | ||||||
| # endpoints (the "plain" one and the "tls" one) are equivalent in terms of | # endpoints (the "plain" one and the "tls" one) are equivalent in terms of | ||||||
| # functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs. | # functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs. | ||||||
| # For secure TCP connections, Coturn currently supports | # For secure TCP connections, Coturn currently supports SSL version 3 and | ||||||
| # TLS version 1.0, 1.1 and 1.2. | # TLS version 1.0, 1.1 and 1.2. | ||||||
| # For secure UDP connections, Coturn supports DTLS version 1. | # For secure UDP connections, Coturn supports DTLS version 1. | ||||||
| # | # | ||||||
| @ -389,7 +389,7 @@ | |||||||
| # Total bytes-per-second bandwidth the TURN server is allowed to allocate | # Total bytes-per-second bandwidth the TURN server is allowed to allocate | ||||||
| # for the sessions, combined (input and output network streams are treated separately). | # for the sessions, combined (input and output network streams are treated separately). | ||||||
| # | # | ||||||
| # bps-capacity=0 | #bps-capacity=0 | ||||||
| 
 | 
 | ||||||
| # Uncomment if no UDP client listener is desired. | # Uncomment if no UDP client listener is desired. | ||||||
| # By default UDP client listener is always started. | # By default UDP client listener is always started. | ||||||
| @ -611,7 +611,8 @@ | |||||||
| 
 | 
 | ||||||
| # This is the timestamp/username separator symbol (character) in TURN REST API. | # This is the timestamp/username separator symbol (character) in TURN REST API. | ||||||
| # The default value is ':'. | # The default value is ':'. | ||||||
| # rest-api-separator=: | # | ||||||
|  | #rest-api-separator=: | ||||||
| 
 | 
 | ||||||
| # Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1). | # Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1). | ||||||
| # This is an extra security measure. | # This is an extra security measure. | ||||||
| @ -663,7 +664,7 @@ | |||||||
| # | # | ||||||
| #mobility | #mobility | ||||||
| 
 | 
 | ||||||
| # Allocate Address Family according (DEPRECATED and will be removed in favour of allocation-default-address-family) | # Allocate Address Family according (DEPRECATED and will be removed in favor of allocation-default-address-family) | ||||||
| # If enabled then TURN server allocates address family according  the TURN | # If enabled then TURN server allocates address family according  the TURN | ||||||
| # Client <=> Server communication address family. | # Client <=> Server communication address family. | ||||||
| # (By default Coturn works according RFC 6156.) | # (By default Coturn works according RFC 6156.) | ||||||
| @ -678,10 +679,10 @@ | |||||||
| # Possible values: "ipv4" or "ipv6" or "keep"  | # Possible values: "ipv4" or "ipv6" or "keep"  | ||||||
| # "keep" sets the allocation default address family according to  | # "keep" sets the allocation default address family according to  | ||||||
| # the TURN client allocation request connection address family. | # the TURN client allocation request connection address family. | ||||||
|  | # | ||||||
| #allocation-default-address-family="ipv4" | #allocation-default-address-family="ipv4" | ||||||
| #allocation-default-address-family="ipv4" | #allocation-default-address-family="ipv4" | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| # User name to run the process. After the initialization, the turnserver process | # User name to run the process. After the initialization, the turnserver process | ||||||
| # will attempt to change the current user ID to that user. | # will attempt to change the current user ID to that user. | ||||||
| # | # | ||||||
| @ -734,13 +735,14 @@ | |||||||
| #web-admin-port=8080 | #web-admin-port=8080 | ||||||
| 
 | 
 | ||||||
| # Web-admin server listen on STUN/TURN worker threads | # Web-admin server listen on STUN/TURN worker threads | ||||||
| # By default it is disabled for security resons! (Not recommended in any production environment!) | # By default it is disabled for security reasons! (Not recommended in any production environment!) | ||||||
| # | # | ||||||
| #web-admin-listen-on-workers | #web-admin-listen-on-workers | ||||||
| 
 | 
 | ||||||
| #acme-redirect=http://redirectserver/.well-known/acme-challenge/ |  | ||||||
| # Redirect ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' to '<URL>$1'. | # Redirect ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' to '<URL>$1'. | ||||||
| # Default is '', i.e. no special handling for such requests. | # Default is '', i.e. no special handling for such requests. | ||||||
|  | # | ||||||
|  | #acme-redirect=http://redirectserver/.well-known/acme-challenge/ | ||||||
| 
 | 
 | ||||||
| # Server relay. NON-STANDARD AND DANGEROUS OPTION. | # Server relay. NON-STANDARD AND DANGEROUS OPTION. | ||||||
| # Only for those applications when you want to run | # Only for those applications when you want to run | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user