srizan/archived-vdo.ninja
1
0
Fork 0
mirror of https://github.com/SrIzan10/vdo.ninja.git synced 2026-05-01 11:05:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

verifying new turn instucts

Browse Source
This commit is contained in:
steveseguin
2025-01-12 18:41:28 -05:00
parent 9ef61ee12f
commit c1c4a0def1
3 changed files with 53 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
turnserver.md
View File

@@ -53,16 +53,17 @@ stale-nonce=600 # Nonce timeout in seconds
realm=turn.example.com # Your server's domain
server-name=turn.example.com
no-multicast-peers # Security measure
dh2066 # Strong DH params
no-stdout-log # Disable stdout logging
```
## SSL/TLS Support (Optional)
The installer can configure SSL/TLS support which:
The installer configures SSL/TLS support which:
- Enables TURNS (TURN over TLS) on port 443
- Automatically obtains and renews SSL certificates via certbot
- Generates secure DH parameters for improved TLS security
- Configures automatic certificate reload without server restart
- Sets up proper file permissions for security
## Testing Your Server
@@ -130,9 +131,16 @@ sudo systemctl status coturn
- Manual fix: `sudo setcap cap_net_bind_service=+ep /usr/bin/turnserver`
2. **SSL certificate errors (701)**
- Verify certificate permissions
- Check certificate paths in configuration
- Ensure certificates are readable by turnserver user
- Verify certificate permissions: `sudo chown -R turnserver:turnserver /etc/letsencrypt/live/your-domain/`
- Check DH parameters: `sudo ls -l /etc/turnserver/dhparam.pem`
- Ensure all SSL files are readable by turnserver user
- Verify cipher suite compatibility in config
3. **TLS connection failures**
- Check firewall rules for both TCP and UDP on port 443
- Verify TLS certificate paths in configuration
- Ensure DH parameters are properly generated
- Check logs: `sudo journalctl -u coturn -n 50`
## Production Considerations
@@ -146,11 +154,13 @@ sudo systemctl status coturn
- Watch for high CPU/memory usage
- Track active connections
3. **Security**
- Regularly update credentials
- Monitor for abuse
- Keep coturn and SSL certificates up to date
2. **Security**
- Regularly rotate TURN credentials
- Monitor for unusual traffic patterns
- Keep coturn, OpenSSL, and certificates up to date
- Use strong cipher suites for TLS connections
- Maintain proper file permissions
## Support
For issues or questions: