diff --git a/docker/README.docker b/docker/README.docker new file mode 100644 index 0000000..0f7cbfe --- /dev/null +++ b/docker/README.docker @@ -0,0 +1,19 @@ +Before you begin + * copy db schema run ./cp_schema.sh + * edit turnserver/turnserver.cfg according your db selection (mysql or postgresql or redis or mongodb) + +# start + + docker-compose -f docker-compose-all.yml up --build --detach + +# restart +Notice: May restart needed for coturn container, if it could not access database yet, due initialization delay. + docker restart docker_coturn_1 + +# stop + docker-compose -f docker-compose-all.yml down + + +# Or Stop with volume removal + docker-compose down --volumes + diff --git a/docker/Dockerfile b/docker/coturn/Dockerfile similarity index 87% rename from docker/Dockerfile rename to docker/coturn/Dockerfile index 08f7a10..6f61870 100644 --- a/docker/Dockerfile +++ b/docker/coturn/Dockerfile @@ -19,7 +19,7 @@ RUN make ### 2. stage: create production image -FROM debian:stable-slim AS coturn +FROM debian:stable AS coturn ENV INSTALL_PREFIX /usr/local ENV BUILD_PREFIX /usr/local/src @@ -28,12 +28,14 @@ ENV TURNSERVER_USER turnserver COPY --from=coturn-build ${BUILD_PREFIX}/coturn/bin/ ${INSTALL_PREFIX}/bin/ COPY --from=coturn-build ${BUILD_PREFIX}/coturn/man/ ${INSTALL_PREFIX}/man/ -COPY turnserver.conf ${INSTALL_PREFIX}/etc +#COPY turnserver.conf ${INSTALL_PREFIX}/etc COPY --from=coturn-build ${BUILD_PREFIX}/coturn/sqlite/turndb ${INSTALL_PREFIX}/var/db/turndb +COPY --from=coturn-build ${BUILD_PREFIX}/coturn/turndb ${INSTALL_PREFIX}/turndb # Install build dependencies RUN export DEBIAN_FRONTEND=noninteractive && \ apt-get update && \ apt-get install -y libc6>=2.15 libevent-core-2.0-5>=2.0.10-stable libevent-extra-2.0-5>=2.0.10-stable libevent-openssl-2.0-5>=2.0.10-stable libevent-pthreads-2.0-5>=2.0.10-stable libhiredis0.13>=0.13.1 libmariadbclient18>=5.5.36 libpq5>=8.4~ libsqlite3-0>=3.6.0 libssl1.1>=1.1.0 libmongoc-1.0 libbson-1.0 +RUN apt-get install -y mysql-client postgresql-client redis-tools mongodb-clients RUN if ! getent group "$TURNSERVER_GROUP" >/dev/null; then \ addgroup --system "$TURNSERVER_GROUP" || exit 1 ;\ @@ -61,8 +63,8 @@ EXPOSE 5766 # Relay Ports EXPOSE 49152-65535 49152-65535/udp +#COPY ./docker-entrypoint.sh / +#ENTRYPOINT ["/docker-entrypoint.sh"] WORKDIR ${INSTALL_PREFIX} - CMD ${INSTALL_PREFIX}/bin/turnserver - diff --git a/docker/coturn/cert.pem b/docker/coturn/cert.pem new file mode 100644 index 0000000..0034626 --- /dev/null +++ b/docker/coturn/cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGFzCCBP+gAwIBAgISA6lUbjohIPynulrqRhhtei8uMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MDkwOTM3NTJaFw0x +ODEyMDgwOTM3NTJaMCExHzAdBgNVBAMTFmRvY2tlci5sYWIudnZjLm5paWYuaHUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR2NpBf8lYR9x1Aq1AltIr +huhuWPqtzRSTxNPlHAD5qfx86IWex59jx+aNAfYZSUg9Zex13XNgJAO37fSxQ5LY +zEXDgGusIbaZ3rSW+62Smpw2p4nrDVetf39A83jXMTU/yWLT43ab6tgfpnggpHzO +YLnaG46DVjTXEJTd38sRZoGZdHUcMqV7A5463vsoukBrmO9wpPUz6U/uTw7tD0eQ +f5dJViqY88120hXIxqD9vxJpn7aOK2H9sa9OJ3XVRwyCpnB980CMM4kCqMh0j3EA +z6T0UblDpEiZjcMVKyjKAlDntbQXmy0bvABdU1LI98QXqEGzGYBA+wxVs6hcf4+n +AgMBAAGjggMeMIIDGjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKrVAeFyV+crd1H1 +SOlUXtyYCALQMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsG +AQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNl +bmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNl +bmNyeXB0Lm9yZy8wIQYDVR0RBBowGIIWZG9ja2VyLmxhYi52dmMubmlpZi5odTCB +/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYB +BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCB +ngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkg +UmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg +Q2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQu +b3JnL3JlcG9zaXRvcnkvMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAKTxRllTI +OWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFlvejBzwAABAMARzBFAiEAwGHT +AIxt5AEprWh2r7eyK/GZKZZheimdNtCca6q4LMACICxxpzVgjAkikFARMwUxvGfs +73T5lSzAsRLa9w88bGSFAHYAwRZK4Kdy0tQ5LcgKwQdw1PDEm96ZGkhAwfoHUWT2 +M2AAAAFlvejDqgAABAMARzBFAiEAisNayIaZAimDAhbhpTuMhOY6ZCtqQqHHrTId +HRTJD8cCIFhfNrFMemmfT9kAWZ2phtRqtVjAHYVEq5HbbcLnQ3YwMA0GCSqGSIb3 +DQEBCwUAA4IBAQAHhIpkn23C53LMI+ns5QDFDtGLxJWycZt83WowFXfFuT87K+LW +n0kUMl3GLlEbP8hi7LAH21p9WNSfFFwQmdqiO/eRm8quDjfOMmDu7njVASzTSeke +uiuSgqGq2BRiFI5juHo1UqqzQItcv4BvMS8l7bAQRgek2bhmUlb68Ebr3awFEdSQ +McjzYKZT0mIQgVTWik7PyMJTnzFYu5KHiU6n8B/UZqZP3hAJnHt6pG0brjaKUcaD +aPQYYxE363Vo0L7aC0Gkmi8FnS9f2c0nkxI4aMqbFlxiIztydHvk5R1gO7bOakP/ +Im62n/0uRF4BrgWqxYEuAYnzCYsqg1oByl8V +-----END CERTIFICATE----- diff --git a/docker/coturn/coturn.env b/docker/coturn/coturn.env new file mode 100644 index 0000000..d945733 --- /dev/null +++ b/docker/coturn/coturn.env @@ -0,0 +1 @@ +# for future usage diff --git a/docker/coturn/privkey.pem b/docker/coturn/privkey.pem new file mode 100644 index 0000000..f845d0c --- /dev/null +++ b/docker/coturn/privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR2NpBf8lYR9x1 +Aq1AltIrhuhuWPqtzRSTxNPlHAD5qfx86IWex59jx+aNAfYZSUg9Zex13XNgJAO3 +7fSxQ5LYzEXDgGusIbaZ3rSW+62Smpw2p4nrDVetf39A83jXMTU/yWLT43ab6tgf +pnggpHzOYLnaG46DVjTXEJTd38sRZoGZdHUcMqV7A5463vsoukBrmO9wpPUz6U/u +Tw7tD0eQf5dJViqY88120hXIxqD9vxJpn7aOK2H9sa9OJ3XVRwyCpnB980CMM4kC +qMh0j3EAz6T0UblDpEiZjcMVKyjKAlDntbQXmy0bvABdU1LI98QXqEGzGYBA+wxV +s6hcf4+nAgMBAAECggEBAJ6vpMR5NLIcjXqyjn9UThR6TVP813wMpG3mHvKXTal+ +wR9X2ouqmz6iURb6j7apcwZzB/BNiUz/jwxM1ogh+G8Xcf4YI9QkHmiXP+sY4TYG +0vCFm0bzbQUXcAyW0R+x53mX+bMPxIa9fbfZc+gDWxnZjVGBGzD4RLcJo/lwnahG +gt02EROW4bbHu+7EgWTnwH0WNO8ivtFs5qq6twOcCiA/ri5op2Qy1iLAWY6g2pf5 +exvJNeqUP2QNOgWJJpUADD/B+fUDrsYtLA9hba63IkRnTgeSCsOfB2Rmqkehg9SB +bIZjqFDBCZuDhrdi4xyO+54TcKMAb04rNtu4g9vzXFkCgYEA/hs5CE/SEfh/FLaN ++mi/rAtgkVhEQzNOdV0KurPUf3fC8P86G0ylJcJ/qsNCZVxRU6R4lvk6ZE6OZY+o +hbzgj1M9yd/jY1d9Qcua9v8EoZxyp7sgWMf++/DxrpPvcgQTlNNRV5rX/aDz8uL4 +GnZrkyLA+/0WFn/zAV7OjCw2FXsCgYEA02kxcuU+ldNkgHl7YrEl0tlWscfbzm10 +fRqMzuyyRyRgPEgKAIKExI0OVuwmyWvCFTbi8IOpZs/jtG3+r83RFY9VA0r0g3ch +jilCaI+2P1ZYm0UAQCyVLCjtVLIZu4Z/h8TctHHDXUjy18xDdLNMTs7hIcbuH85Q +hpzfcMRgmMUCgYEAmw6Ti73hazPeoA4RrwbyRxKeN7LL3NHXA4jl/i2z8qBq5VJo +67WmZNc9vj7uKhneSpLnPwEQH5tMCy9RX2J1CSB7aM9k2v7NITQT+Lp+4fssf6uR +Pnuz3ZsWbzg4ebOBG2Sjkziaqlrn4YOcb9FpLVyctGeobcxfxatLkH999TcCgYBx +PhrHwbZJiSd/jhMipWNuUw8WQckjBQxt6ufb+3vvkbOe9rOs3D0ED87LjsmkAP3A +YVsknFIEiX0ebAEN6MCDvPg7wE3Dke++d6lj2v8zZCwoV8ivl3H8apveT1xrT7tG +XZQfcATHFklGgNrtSxGn8Tc04ZsyHFCUGrmxbO+VRQKBgE7CUNEDLRD1D34v/rYd +e2yAeuQQiiKW1pNACBv6Y+Bc/tftunBh3ekTz5Z4XwRE1RZjdCjmEiT47IWh5mlu +cylZTVCkk0RbbRDTA37uw5ggMuNrTy7p9ktC4V1RbfO/yFfu0+R5T4X/n+6UFxu0 +PQrYxRItI7dWCOyRl1nwUogT +-----END PRIVATE KEY----- diff --git a/docker/turnserver.conf b/docker/coturn/turnserver.conf similarity index 97% rename from docker/turnserver.conf rename to docker/coturn/turnserver.conf index 45b6514..ee982bc 100644 --- a/docker/turnserver.conf +++ b/docker/coturn/turnserver.conf @@ -38,12 +38,12 @@ tls-listening-port=5349 # RFC 5780 is supported only by UDP protocol, other protocols # are listening to that endpoint only for "symmetry". # -alt-listening-port=0 +#alt-listening-port=0 # Alternative listening port for TLS and DTLS protocols. # Default (or zero) value means "TLS listening port plus one". # -alt-tls-listening-port=0 +#alt-tls-listening-port=0 # Listener IP address of relay server. Multiple listeners can be specified. # If no IP(s) specified in the config file or in the command line options, @@ -123,6 +123,8 @@ alt-tls-listening-port=0 # #external-ip=60.70.80.91/172.17.19.101 #external-ip=60.70.80.92/172.17.19.102 +#external-ip=60.70.80.92/172.17.19.102 +external-ip=193.224.22.37 # Number of the relay threads to handle the established connections @@ -167,7 +169,7 @@ fingerprint # Uncomment to use long-term credential mechanism. # By default no credentials mechanism is used (any user allowed). # -#lt-cred-mech +lt-cred-mech # This option is opposite to lt-cred-mech. # (TURN Server with no-auth option allows anonymous access). @@ -279,6 +281,8 @@ fingerprint # #psql-userdb="host= dbname= user= password= connect_timeout=30" +#psql-userdb="host=postgresql dbname=coturn user=coturn password=CHANGE_ME connect_timeout=30" + # MySQL database connection string in the case that we are using MySQL # as the user database. # This database can be used for long-term credential mechanism @@ -293,6 +297,8 @@ fingerprint # #mysql-userdb="host= dbname= user= password= port= connect_timeout= read_timeout=" +mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10" + # If you want to use in the MySQL connection string the password in encrypted format, # then set in this option the MySQL password encryption secret key file. # @@ -311,6 +317,9 @@ fingerprint # #mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]" +#mongo-userdb="mongodb://coturn:CHANGE_ME@mongodb/coturn" +#mongo-userdb="mongodb://mongodb/coturn" + # Redis database connection string in the case that we are using Redis # as the user database. # This database can be used for long-term credential mechanism @@ -319,6 +328,8 @@ fingerprint # #redis-userdb="ip= dbname= password= port= connect_timeout=" +#redis-userdb="ip=redis dbname=2 password=CHANGE_ME connect_timeout=30" + # Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used). # This database keeps allocations status information, and it can be also used for publishing # and delivering traffic and allocation event notifications. @@ -327,6 +338,8 @@ fingerprint # #redis-statsdb="ip= dbname= password= port= connect_timeout=" +#redis-statsdb="ip=redis dbname=2 password=CHANGE_ME connect_timeout=30" + # The default realm to be used for the users when no explicit # origin/realm relationship was found in the database, or if the TURN # server is not using any database (just the commands-line settings @@ -337,6 +350,7 @@ fingerprint # If domain name is empty string, or '(None)', then it is initialized to am empty string. # #realm=mycompany.org +realm=example.org # The flag that sets the origin consistency # check: across the session, all requests must have the same @@ -437,6 +451,7 @@ fingerprint # configuration file. # #cert=/usr/local/etc/turn_server_cert.pem +cert=/etc/ssl/certs/cert.pem # Private key file. # Use an absolute path or path relative to the @@ -444,6 +459,7 @@ fingerprint # Use PEM file format. # #pkey=/usr/local/etc/turn_server_pkey.pem +pkey=/etc/ssl/private/privkey.pem # Private key file password, if it is in encoded format. # This option has no default value. @@ -657,6 +673,7 @@ cli-port=5766 # Or unsecure form for the same password: # #cli-password=qwerty +cli-password=CHANGE_ME # Server relay. NON-STANDARD AND DANGEROUS OPTION. # Only for those applications when we want to run diff --git a/docker/cp-schema.sh b/docker/cp-schema.sh new file mode 100755 index 0000000..7b5411e --- /dev/null +++ b/docker/cp-schema.sh @@ -0,0 +1,3 @@ +#!/bin/bash +cp ../turndb/schema.sql mysql/ +cp ../turndb/schema.sql postgresql/ diff --git a/docker/docker-compose-all.yml b/docker/docker-compose-all.yml new file mode 100644 index 0000000..d3e06be --- /dev/null +++ b/docker/docker-compose-all.yml @@ -0,0 +1,108 @@ +version: "3" +services: + +# MySQL mariadb + mysql: + build: + context: ./mysql + restart: unless-stopped + volumes: + - mysql-data:/var/lib/mysql/data + env_file: + - mysql/mysql.env + networks: + - backend + +# PostgreSQL + postgresql: + build: + context: ./postgresql + restart: unless-stopped + volumes: + - postgresql-data:/var/lib/postgresql/data + env_file: + - postgresql/postgresql.env + networks: + - backend + +# Redis + redis: + build: + context: ./redis + restart: unless-stopped + volumes: + - redis-data:/data + env_file: + - redis/redis.env + networks: + - backend + +# MongoDB + mongodb: + image: mongo + restart: unless-stopped + volumes: + - mongodb-data:/data/db + env_file: + - mongodb/mongodb.env + networks: + - backend + + +# coTURN + coturn: + build: + context: ./coturn + restart: always + volumes: + - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf + - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem + - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem + ports: +## STUN/TURN + - "3478:3478" + - "3478:3478/udp" + - "3479:3479" + - "3479:3479/udp" + - "80:80" + - "80:80/udp" +## STUN/TURN SSL + - "5349:5349" + - "5349:5349/udp" + - "5350:5350" + - "5350:5350/udp" + - "443:443" + - "443:443/udp" +# Relay Ports +# - "49152-65535:49152-65535" +# - "49152-65535:49152-65535/udp" + networks: + - frontend + - backend + depends_on: + - mysql + - postgresql + - redis + - mongodb + env_file: + - coturn/coturn.env +# DB + - mysql/mysql.env + - postgresql/postgresql.env + - redis/redis.env + - mongodb/mongodb.env +volumes: + mysql-data: + postgresql-data: + redis-data: + mongodb-data: + +networks: + frontend: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.238.0/24 + backend: + internal: true diff --git a/docker/docker-compose-mongodb.yml b/docker/docker-compose-mongodb.yml new file mode 100644 index 0000000..c4c675f --- /dev/null +++ b/docker/docker-compose-mongodb.yml @@ -0,0 +1,63 @@ +version: "3" +services: + +# MongoDB + mongodb: + image: mongo + restart: unless-stopped + volumes: + - mongodb-data:/data/db + env_file: + - mongodb/mongodb.env + networks: + - backend + + +# coTURN + coturn: + build: + context: ./coturn + restart: always + volumes: + - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf + - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem + - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem + ports: +## STUN/TURN + - "3478:3478" + - "3478:3478/udp" + - "3479:3479" + - "3479:3479/udp" + - "80:80" + - "80:80/udp" +## STUN/TURN SSL + - "5349:5349" + - "5349:5349/udp" + - "5350:5350" + - "5350:5350/udp" + - "443:443" + - "443:443/udp" +# Relay Ports +# - "49152-65535:49152-65535" +# - "49152-65535:49152-65535/udp" + networks: + - frontend + - backend + depends_on: + - mongodb + env_file: + - coturn/coturn.env +# DB + - mongodb/mongodb.env +volumes: + mongodb-data: + +networks: + frontend: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.238.0/24 + backend: + internal: true diff --git a/docker/docker-compose-mysql.yml b/docker/docker-compose-mysql.yml new file mode 100644 index 0000000..2a68266 --- /dev/null +++ b/docker/docker-compose-mysql.yml @@ -0,0 +1,64 @@ +version: "3" +services: + +# MySQL mariadb + mysql: + build: + context: ./mysql + restart: unless-stopped + volumes: + - mysql-data:/var/lib/mysql/data + env_file: + - mysql/mysql.env + networks: + - backend + + +# coTURN + coturn: + build: + context: ./coturn + restart: always + volumes: + - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf + - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem + - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem + ports: +## STUN/TURN + - "3478:3478" + - "3478:3478/udp" + - "3479:3479" + - "3479:3479/udp" + - "80:80" + - "80:80/udp" +## STUN/TURN SSL + - "5349:5349" + - "5349:5349/udp" + - "5350:5350" + - "5350:5350/udp" + - "443:443" + - "443:443/udp" +# Relay Ports +# - "49152-65535:49152-65535" +# - "49152-65535:49152-65535/udp" + networks: + - frontend + - backend + depends_on: + - mysql + env_file: + - coturn/coturn.env +# DB + - mysql/mysql.env +volumes: + mysql-data: + +networks: + frontend: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.238.0/24 + backend: + internal: true diff --git a/docker/docker-compose-postgresql.yml b/docker/docker-compose-postgresql.yml new file mode 100644 index 0000000..514a00e --- /dev/null +++ b/docker/docker-compose-postgresql.yml @@ -0,0 +1,64 @@ +version: "3" +services: + +# PostgreSQL + postgresql: + build: + context: ./postgresql + restart: unless-stopped + volumes: + - postgresql-data:/var/lib/postgresql/data + env_file: + - postgresql/postgresql.env + networks: + - backend + + +# coTURN + coturn: + build: + context: ./coturn + restart: always + volumes: + - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf + - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem + - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem + ports: +## STUN/TURN + - "3478:3478" + - "3478:3478/udp" + - "3479:3479" + - "3479:3479/udp" + - "80:80" + - "80:80/udp" +## STUN/TURN SSL + - "5349:5349" + - "5349:5349/udp" + - "5350:5350" + - "5350:5350/udp" + - "443:443" + - "443:443/udp" +# Relay Ports +# - "49152-65535:49152-65535" +# - "49152-65535:49152-65535/udp" + networks: + - frontend + - backend + depends_on: + - postgresql + env_file: + - coturn/coturn.env +# DB + - postgresql/postgresql.env +volumes: + postgresql-data: + +networks: + frontend: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.238.0/24 + backend: + internal: true diff --git a/docker/docker-compose-redis.yml b/docker/docker-compose-redis.yml new file mode 100644 index 0000000..4ae6f07 --- /dev/null +++ b/docker/docker-compose-redis.yml @@ -0,0 +1,64 @@ +version: "3" +services: + +# Redis + redis: + build: + context: ./redis + restart: unless-stopped + volumes: + - redis-data:/data + env_file: + - redis/redis.env + networks: + - backend + + +# coTURN + coturn: + build: + context: ./coturn + restart: always + volumes: + - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf + - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem + - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem + ports: +## STUN/TURN + - "3478:3478" + - "3478:3478/udp" + - "3479:3479" + - "3479:3479/udp" + - "80:80" + - "80:80/udp" +## STUN/TURN SSL + - "5349:5349" + - "5349:5349/udp" + - "5350:5350" + - "5350:5350/udp" + - "443:443" + - "443:443/udp" +# Relay Ports +# - "49152-65535:49152-65535" +# - "49152-65535:49152-65535/udp" + networks: + - frontend + - backend + depends_on: + - redis + env_file: + - coturn/coturn.env +# DB + - redis/redis.env +volumes: + redis-data: + +networks: + frontend: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.238.0/24 + backend: + internal: true diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml deleted file mode 100644 index 74784a3..0000000 --- a/docker/docker-compose.yml +++ /dev/null @@ -1,77 +0,0 @@ -version: "3" -services: - -# MySQL mariadb - mariadb: - image: mariadb - restart: unless-stopped - env_file: env/mysql.env - networks: - - backend - -# PostgreSQL - postgresql: - image: postgresql - restart: unless-stopped - env_file: env/postgresql.env - networks: - - backend - -# Redis - redis: - image: redis - restart: unless-stopped - env_file: env/redis.env - networks: - - backend - -# MongoDB - mongodb: - image: mongodb - restart: unless-stopped - env_file: env/mongodb.env - networks: - - backend - - -# coTURN - coturn: - image: coturn - restart: unless-stopped - ports: -## STUN/TURN - - "3478" - - "3478/udp" - - "3479" - - "3479/udp" - - "80" - - "80/udp" -## STUN/TURN SSL - - "5349" - - "5349/udp" - - "5350" - - "5350/udp" - - "443" - - "443/udp" -# Relay Ports - - "49152-65535" - - "49152-65535/udp" - networks: - - frontend - - backend - depends_on: - - mysql - - postgresql - - redis - - mongodb - env_file: - - env/coturn.env -# DB - - env/mysql.env - - env/postresql.env - - env/redis.env - - env/mongodb.env - -networks: - frontend: - backend: diff --git a/docker/mongodb/mongodb.env b/docker/mongodb/mongodb.env new file mode 100644 index 0000000..1daa657 --- /dev/null +++ b/docker/mongodb/mongodb.env @@ -0,0 +1,3 @@ +#MONGO_INITDB_ROOT_USERNAME=coturn +#MONGO_INITDB_ROOT_PASSWORD=CHANGE_ME +#MONGO_INITDB_DATABASE=coturn diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile new file mode 100644 index 0000000..962f769 --- /dev/null +++ b/docker/mysql/Dockerfile @@ -0,0 +1,6 @@ +### init db with coturn schema +FROM mariadb + +ADD init-coturn-db.sql /docker-entrypoint-initdb.d + +ADD schema.sql /docker-entrypoint-initdb.d diff --git a/docker/mysql/init-coturn-db.sql b/docker/mysql/init-coturn-db.sql new file mode 100644 index 0000000..d4f5dec --- /dev/null +++ b/docker/mysql/init-coturn-db.sql @@ -0,0 +1 @@ +ALTER DATABASE coturn CHARACTER SET latin1; diff --git a/docker/mysql/mysql.env b/docker/mysql/mysql.env new file mode 100644 index 0000000..c59039d --- /dev/null +++ b/docker/mysql/mysql.env @@ -0,0 +1,6 @@ +MYSQL_ROOT_PASSWORD=CHANGE_ME + +MYSQL_USER=coturn +MYSQL_PASSWORD=CHANGE_ME +MYSQL_DATABASE=coturn + diff --git a/docker/mysql/schema.sql b/docker/mysql/schema.sql new file mode 100644 index 0000000..1c9eb60 --- /dev/null +++ b/docker/mysql/schema.sql @@ -0,0 +1,55 @@ + +CREATE TABLE turnusers_lt ( + realm varchar(127) default '', + name varchar(512), + hmackey char(128), + PRIMARY KEY (realm,name) +); + +CREATE TABLE turn_secret ( + realm varchar(127) default '', + value varchar(256), + primary key (realm,value) +); + +CREATE TABLE allowed_peer_ip ( + realm varchar(127) default '', + ip_range varchar(256), + primary key (realm,ip_range) +); + +CREATE TABLE denied_peer_ip ( + realm varchar(127) default '', + ip_range varchar(256), + primary key (realm,ip_range) +); + +CREATE TABLE turn_origin_to_realm ( + origin varchar(127), + realm varchar(127), + primary key (origin) +); + +CREATE TABLE turn_realm_option ( + realm varchar(127) default '', + opt varchar(32), + value varchar(128), + primary key (realm,opt) +); + +CREATE TABLE oauth_key ( + kid varchar(128), + ikm_key varchar(256), + timestamp bigint default 0, + lifetime integer default 0, + as_rs_alg varchar(64) default '', + realm varchar(127), + primary key (kid) +); + +CREATE TABLE admin_user ( + name varchar(32), + realm varchar(127), + password varchar(127), + primary key (name) +); diff --git a/docker/postgresql/Dockerfile b/docker/postgresql/Dockerfile new file mode 100644 index 0000000..8e68860 --- /dev/null +++ b/docker/postgresql/Dockerfile @@ -0,0 +1,4 @@ +### init db with coturn schema +FROM postgres + +ADD schema.sql /docker-entrypoint-initdb.d diff --git a/docker/postgresql/postgresql.env b/docker/postgresql/postgresql.env new file mode 100644 index 0000000..eb22d32 --- /dev/null +++ b/docker/postgresql/postgresql.env @@ -0,0 +1,3 @@ +POSTGRES_USER=coturn +POSTGRES_PASSWORD=CHANGE_ME +POSTGRES_DB=coturn diff --git a/docker/postgresql/schema.sql b/docker/postgresql/schema.sql new file mode 100644 index 0000000..1c9eb60 --- /dev/null +++ b/docker/postgresql/schema.sql @@ -0,0 +1,55 @@ + +CREATE TABLE turnusers_lt ( + realm varchar(127) default '', + name varchar(512), + hmackey char(128), + PRIMARY KEY (realm,name) +); + +CREATE TABLE turn_secret ( + realm varchar(127) default '', + value varchar(256), + primary key (realm,value) +); + +CREATE TABLE allowed_peer_ip ( + realm varchar(127) default '', + ip_range varchar(256), + primary key (realm,ip_range) +); + +CREATE TABLE denied_peer_ip ( + realm varchar(127) default '', + ip_range varchar(256), + primary key (realm,ip_range) +); + +CREATE TABLE turn_origin_to_realm ( + origin varchar(127), + realm varchar(127), + primary key (origin) +); + +CREATE TABLE turn_realm_option ( + realm varchar(127) default '', + opt varchar(32), + value varchar(128), + primary key (realm,opt) +); + +CREATE TABLE oauth_key ( + kid varchar(128), + ikm_key varchar(256), + timestamp bigint default 0, + lifetime integer default 0, + as_rs_alg varchar(64) default '', + realm varchar(127), + primary key (kid) +); + +CREATE TABLE admin_user ( + name varchar(32), + realm varchar(127), + password varchar(127), + primary key (name) +); diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile new file mode 100644 index 0000000..fc027fa --- /dev/null +++ b/docker/redis/Dockerfile @@ -0,0 +1,6 @@ +### init db with coturn schema +FROM redis + +COPY redis.conf /usr/local/etc/redis/redis.conf +CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ] + diff --git a/docker/redis/redis.conf b/docker/redis/redis.conf new file mode 100644 index 0000000..90e3902 --- /dev/null +++ b/docker/redis/redis.conf @@ -0,0 +1,3 @@ +timeout 0 +tcp-keepalive 60 +requirepass CHANGE_ME diff --git a/docker/redis/redis.env b/docker/redis/redis.env new file mode 100644 index 0000000..e69de29