commit 285d1b47f66240f0314fb6333a6db6903b0be46f
parent f3457e5ddab9fbfaf1f73356db26886ab497725c
Author: Paco Esteban <paco@e1e0.net>
Date: Fri, 3 Apr 2020 14:31:14 +0200
jitsi uses local stun server (coturn)
Diffstat:
M | jitsi.yml | | | 35 | +++++++++++++++++++++++++++++++++++ |
1 file changed, 35 insertions(+), 0 deletions(-)
diff --git a/jitsi.yml b/jitsi.yml
@@ -3,6 +3,7 @@
remote_user: root
roles:
- geerlingguy.certbot
+ - coturn
- systemli.jitsi_meet
vars:
certbot_admin_email: paco@e1e0.net
@@ -12,6 +13,18 @@
certbot_certs:
- domains:
- vchat.e1e0.net
+ - domains:
+ - turn.e1e0.net
+ - stun.e1e0.net
+ coturn_auth_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 32633533646661666263373432343231643138623033303237663663636665313661616466313637
+ 6638636438383864316166613830363162353733386365630a393434343734656431383636353933
+ 33376434353764343339623930396566313634616263303761363363333237656231396562383666
+ 3462386366336566350a326461646139643564343439663731656531353238363435373862313564
+ 63643738663064373866616436316632626164626463376161616562306262306631336165663431
+ 3831613161663033646235373038373033313665396134383230
+ coturn_domain_name: "turn.e10e.net"
jitsi_meet_server_name: "vchat.e1e0.net"
jitsi_meet_videobridge_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
@@ -39,6 +52,8 @@
6263643566626331316238336362653162303566396434623337
jitsi_meet_ssl_cert_path: "/etc/letsencrypt/live/vchat.e1e0.net/fullchain.pem"
jitsi_meet_ssl_key_path: "/etc/letsencrypt/live/vchat.e1e0.net/privkey.pem"
+ jitsi_meet_config_stun_servers:
+ - stun.e1e0.net:3478
pre_tasks:
- name: root access only ssh key
lineinfile:
@@ -70,6 +85,26 @@
rule: allow
port: 10000:20000
proto: udp
+ - name: allow coturn
+ ufw:
+ rule: allow
+ port: '3478'
+ proto: tcp
+ - name: allow coturnS
+ ufw:
+ rule: allow
+ port: '5349'
+ proto: tcp
+ - name: allow udp coturn
+ ufw:
+ rule: allow
+ port: '3478'
+ proto: udp
+ - name: allow udp coturnS
+ ufw:
+ rule: allow
+ port: '5349'
+ proto: udp
- name: enable ufw with default deny
ufw:
state: enabled