srizan/archived-vdo.ninja
1
0
Fork 0
mirror of https://github.com/SrIzan10/vdo.ninja.git synced 2026-05-01 11:05:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c1c4a0def1ea70debb4cac707f0efc58b9e6d135
archived-vdo.ninja/turnserver_install.sh.sample
steveseguin c1c4a0def1 verifying new turn instucts
2025-01-12 18:41:28 -05:00

183 lines
5.1 KiB
Bash
Raw Blame History

#!/bin/bash
if [ "$EUID" -ne 0 ]; then
echo "Please run as root or with sudo"
exit 1
fi
configure_ssl() {
local DOMAIN=$1
# Generate DH params first
if [ ! -f /etc/turnserver/dhparam.pem ]; then
mkdir -p /etc/turnserver
openssl dhparam -out /etc/turnserver/dhparam.pem 2066
fi
# Check if port 80 is in use
if netstat -tuln | grep ':80 '; then
echo "Warning: Port 80 is in use. Stopping potentially conflicting services..."
systemctl stop nginx 2>/dev/null || true
systemctl stop apache2 2>/dev/null || true
fi
# Install certbot if needed
if ! command -v certbot >/dev/null; then
apt-get install certbot -y
fi
# Verify domain points to this server
LOCAL_IP=$(curl -s https://api.ipify.org)
DOMAIN_IP=$(dig +short "$DOMAIN")
echo "Verifying domain configuration..."
echo "Server IP: $LOCAL_IP"
echo "Domain IP: $DOMAIN_IP"
if [ "$LOCAL_IP" != "$DOMAIN_IP" ]; then
echo "Warning: Domain $DOMAIN does not point to this server's IP ($LOCAL_IP)"
read -p "Continue anyway? (y/N): " CONTINUE
if [ "${CONTINUE,,}" != "y" ]; then
return 1
fi
fi
# Try to get the cert
if ! certbot certonly --standalone --preferred-challenges http -d "$DOMAIN"; then
echo "Failed to obtain SSL certificate. Trying alternative method..."
if ! certbot certonly --standalone --preferred-challenges tls-alpn-01 -d "$DOMAIN"; then
return 1
fi
fi
# Update turnserver.conf with SSL settings
cat >> /etc/turnserver.conf << EOL
# SSL Configuration
cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem
pkey=/etc/letsencrypt/live/${DOMAIN}/privkey.pem
dh-file=/etc/turnserver/dhparam.pem
# Cipher Suite
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
EOL
# Set proper permissions
chown -R turnserver:turnserver /etc/turnserver
chmod 700 /etc/turnserver
chmod 600 /etc/turnserver/dhparam.pem
# Also ensure proper permissions for SSL certs
chown -R turnserver:turnserver /etc/letsencrypt/live/${DOMAIN}/
chmod -R 700 /etc/letsencrypt/live/${DOMAIN}/
# Create renewal hook
mkdir -p /etc/letsencrypt/renewal-hooks/deploy
cat > /etc/letsencrypt/renewal-hooks/deploy/coturn-reload << EOL
#!/bin/bash
systemctl --signal=SIGUSR2 kill coturn
EOL
chmod +x /etc/letsencrypt/renewal-hooks/deploy/coturn-reload
return 0
}
# Main installation function
install_coturn() {
local DOMAIN=$1
local USERNAME=$2
local PASSWORD=$3
# Install required packages
apt-get update
apt-get install coturn curl dnsutils openssl -y
# Configure system limits
echo "fs.file-max = 65535" >> /etc/sysctl.conf
sysctl -p
ulimit -n 65535
# Enable TURN server
echo "TURNSERVER_ENABLED=1" > /etc/default/coturn
# Generate base turnserver configuration
cat > /etc/turnserver.conf << EOL
# Listening Ports
listening-port=3478
alt-listening-port=3479
tls-listening-port=443
# Authentication
fingerprint
lt-cred-mech
user=${USERNAME}:${PASSWORD}
stale-nonce=600
# Server Configuration
realm=${DOMAIN}
server-name=${DOMAIN}
min-port=49152
max-port=65535
# Security
no-multicast-peers
no-stdout-log
EOL
# Set proper permissions for binding to privileged ports
setcap cap_net_bind_service=+ep /usr/bin/turnserver
# Start services
systemctl daemon-reload
systemctl enable coturn
systemctl start coturn
}
# Main script execution
echo "TURN Server Installation and Configuration"
echo "----------------------------------------"
# Get or verify domain
while true; do
read -p "Enter your domain (e.g., turn.example.com): " DOMAIN
echo "Verifying domain..."
if dig +short "$DOMAIN" >/dev/null; then
break
else
echo "Warning: Domain $DOMAIN does not appear to be configured. Please verify DNS settings."
read -p "Try a different domain? (Y/n): " RETRY
if [ "${RETRY,,}" = "n" ]; then
break
fi
fi
done
read -p "Enter username for TURN: " USERNAME
read -s -p "Enter password for TURN: " PASSWORD
echo
# Install base TURN server
install_coturn "$DOMAIN" "$USERNAME" "$PASSWORD"
# Configure SSL if desired
read -p "Do you want to enable SSL/TLS support? (y/N): " ENABLE_SSL
if [ "${ENABLE_SSL,,}" = "y" ]; then
if ! configure_ssl "$DOMAIN"; then
echo "SSL configuration failed. You can retry SSL setup later by running:"
echo "certbot delete"
echo "certbot certonly --standalone -d $DOMAIN"
echo "Then restart coturn: systemctl restart coturn"
fi
fi
# Display status
systemctl status coturn
echo "Installation complete!"
echo "----------------------------------------"
echo "Domain: $DOMAIN"
echo "Username: $USERNAME"
echo "STUN/TURN ports: 3478 (default), 3479 (alt)"
if [ "${ENABLE_SSL,,}" = "y" ]; then
echo "TLS enabled on port 443"
echo "SSL certificates will automatically renew via certbot"
fi
Reference in New Issue View Git Blame Copy Permalink