Minor clarifications to the TURN docs (#7533)

This commit is contained in:
Richard van der Hoff 2020-05-20 11:04:34 +01:00 committed by GitHub
parent 02919bf4d8
commit 4fa74c7606
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 15 deletions

1
changelog.d/7533.doc Normal file
View File

@ -0,0 +1 @@
Minor clarifications to the TURN docs.

View File

@ -18,7 +18,7 @@ For TURN relaying with `coturn` to work, it must be hosted on a server/endpoint
Hosting TURN behind a NAT (even with appropriate port forwarding) is known to cause issues Hosting TURN behind a NAT (even with appropriate port forwarding) is known to cause issues
and to often not work. and to often not work.
## `coturn` Setup ## `coturn` setup
### Initial installation ### Initial installation
@ -26,7 +26,13 @@ The TURN daemon `coturn` is available from a variety of sources such as native p
#### Debian installation #### Debian installation
# apt install coturn Just install the debian package:
```sh
apt install coturn
```
This will install and start a systemd service called `coturn`.
#### Source installation #### Source installation
@ -80,21 +86,35 @@ The TURN daemon `coturn` is available from a variety of sources such as native p
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user. user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
total-quota=1200 total-quota=1200
Ideally coturn should refuse to relay traffic which isn't SRTP; see 1. Also consider supporting TLS/DTLS. To do this, add the following settings
<https://github.com/matrix-org/synapse/issues/2009> to `turnserver.conf`:
# TLS certificates, including intermediate certs.
# For Let's Encrypt certificates, use `fullchain.pem` here.
cert=/path/to/fullchain.pem
# TLS private key file
pkey=/path/to/privkey.pem
1. Ensure your firewall allows traffic into the TURN server on the ports 1. Ensure your firewall allows traffic into the TURN server on the ports
you've configured it to listen on (remember to allow both TCP and UDP TURN you've configured it to listen on (By default: 3478 and 5349 for the TURN(s)
traffic) traffic (remember to allow both TCP and UDP traffic), and ports 49152-65535
for the UDP relay.)
1. If you've configured coturn to support TLS/DTLS, generate or import your 1. (Re)start the turn server:
private key and certificate.
1. Start the turn server: * If you used the Debian package (or have set up a systemd unit yourself):
```sh
systemctl restart coturn
```
* If you installed from source:
```sh
bin/turnserver -o bin/turnserver -o
```
## synapse Setup ## Synapse setup
Your home server configuration file needs the following extra keys: Your home server configuration file needs the following extra keys:
@ -126,7 +146,14 @@ As an example, here is the relevant section of the config file for matrix.org:
After updating the homeserver configuration, you must restart synapse: After updating the homeserver configuration, you must restart synapse:
* If you use synctl:
```sh
cd /where/you/run/synapse cd /where/you/run/synapse
./synctl restart ./synctl restart
```
* If you use systemd:
```
systemctl restart synapse.service
```
..and your Home Server now supports VoIP relaying! ..and your Home Server now supports VoIP relaying!