From 98df67a8deeb7ead6859a1900b6f25e6ebceb1e0 Mon Sep 17 00:00:00 2001 From: Krithin Sitaram Date: Sat, 29 Dec 2018 07:31:49 +0800 Subject: [PATCH] Remove mention of lt-cred-mech in the sample coturn config. (#4333) * Remove mention of lt-cred-mech in the sample coturn config. See https://github.com/coturn/coturn/pull/262 for more context. Also clean up some minor formatting issues while I'm here. * Add changelog. Signed-off-by: Krithin Sitaram --- changelog.d/4333.misc | 1 + docs/turn-howto.rst | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 changelog.d/4333.misc diff --git a/changelog.d/4333.misc b/changelog.d/4333.misc new file mode 100644 index 000000000..43f7139a4 --- /dev/null +++ b/changelog.d/4333.misc @@ -0,0 +1 @@ +Documentation improvements for coturn setup. Contributed by Krithin Sitaram. diff --git a/docs/turn-howto.rst b/docs/turn-howto.rst index e48628ce6..a2fc5c882 100644 --- a/docs/turn-howto.rst +++ b/docs/turn-howto.rst @@ -40,7 +40,6 @@ You may be able to setup coturn via your package manager, or set it up manually 4. Create or edit the config file in ``/etc/turnserver.conf``. The relevant lines, with example values, are:: - lt-cred-mech use-auth-secret static-auth-secret=[your secret key here] realm=turn.myserver.org @@ -52,7 +51,7 @@ You may be able to setup coturn via your package manager, or set it up manually 5. Consider your security settings. TURN lets users request a relay which will connect to arbitrary IP addresses and ports. At the least - we recommend: + we recommend:: # VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay. no-tcp-relay @@ -106,7 +105,7 @@ Your home server configuration file needs the following extra keys: to refresh credentials. The TURN REST API specification recommends one day (86400000). - 4. "turn_allow_guests": Whether to allow guest users to use the TURN + 4. "turn_allow_guests": Whether to allow guest users to use the TURN server. This is enabled by default, as otherwise VoIP will not work reliably for guests. However, it does introduce a security risk as it lets guests connect to arbitrary endpoints without having gone