Create turnserver.conf

2024-06-17 02:32:58 +00:00 · 2022-01-15 09:08:56 -05:00 · 2022-01-15 09:08:56 -05:00 · ca352ffc4d
commit ca352ffc4d
parent ad06fdc34d
1 changed files with 28 additions and 0 deletions
--- a/coturn/turnserver.conf
+++ b/coturn/turnserver.conf
@ -0,0 +1,28 @@
+use-auth-secret
+static-auth-secret=changeme
+realm=turn.yourdomain.tld
+
+syslog
+
+# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay.
+no-tcp-relay
+
+# don't let the relay ever try to connect to private IP address ranges within your network (if any)
+# given the turn server is likely behind your firewall, remember to include any privileged public IPs too.
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+
+# special case the turn server itself so that client->TURN->TURN->client flows work
+allowed-peer-ip=10.0.0.1
+
+# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
+user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
+total-quota=1200
+
+# TLS certificates, including intermediate certs.
+# For Let's Encrypt certificates, use `fullchain.pem` here.
+cert=/keys/fullchain.pem
+
+# TLS private key file
+pkey=/keys/privkey.pem