commit f3457e5ddab9fbfaf1f73356db26886ab497725c
parent b6b3f53c75816998713848d7c1310d17cdf2bd23
Author: Paco Esteban <paco@e1e0.net>
Date: Fri, 3 Apr 2020 14:30:54 +0200
new coturn role
Diffstat:
4 files changed, 71 insertions(+), 0 deletions(-)
diff --git a/roles/coturn/defaults/main.yml b/roles/coturn/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+coturn_auth_secret: "my_secret"
+coturn_domain_name: "myname.example.com"
diff --git a/roles/coturn/handlers/main.yml b/roles/coturn/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart coturn
+ service:
+ name: coturn
+ state: restarted
diff --git a/roles/coturn/tasks/main.yml b/roles/coturn/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+- name: Install coturn
+ package:
+ name: coturn
+ state: present
+
+- name: Enable coturn
+ lineinfile:
+ path: /etc/default/coturn
+ regexp: 'TURNSERVER_ENABLED'
+ line: TURNSERVER_ENABLED=1
+ notify: restart coturn
+
+- name: Config coturn
+ template:
+ src: turnserver.conf.j2
+ dest: /etc/turnserver.conf
+ owner: root
+ group: turnserver
+ mode: '0640'
+ notify: restart coturn
+
+- name: Create log folder
+ file:
+ path: /var/log/coturn
+ state: directory
+ owner: turnserver
+ group: turnserver
+ mode: '0755'
diff --git a/roles/coturn/templates/turnserver.conf.j2 b/roles/coturn/templates/turnserver.conf.j2
@@ -0,0 +1,34 @@
+listening-port=3478
+tls-listening-port=5349
+
+fingerprint
+lt-cred-mech
+
+use-auth-secret
+static-auth-secret={{ coturn_auth_secret }}
+
+realm={{ coturn_domain_name }}
+
+total-quota=100
+stale-nonce=600
+
+cert=/etc/letsencrypt/live/{{ coturn_domain_name }}/cert.pem
+pkey=/etc/letsencrypt/live/{{ coturn_domain_name }}/privkey.pem
+cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
+
+no-sslv3
+no-tlsv1
+no-tlsv1_1
+#no-tlsv1_2
+
+dh2066
+
+no-stdout-log
+log-file=/var/log/coturn/turn.log
+#log-file=/dev/null
+
+no-loopback-peers
+no-multicast-peers
+
+proc-user=turnserver
+proc-group=turnserver
