From e5ffe6e0a3126074e138415f42e767eb1838b71e Mon Sep 17 00:00:00 2001
From: hariprasadt <hariprasad.t@samsung.com>
Date: Mon, 18 Nov 2024 22:30:08 +0530
Subject: [PATCH] Easy installation of coturn on AWS (#1581)

https://github.com/coturn/coturn/issues/1576

Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
---
 scripts/install_coturn_on_aws_ec2.sh | 175 +++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 scripts/install_coturn_on_aws_ec2.sh

diff --git a/scripts/install_coturn_on_aws_ec2.sh b/scripts/install_coturn_on_aws_ec2.sh
new file mode 100644
index 0000000..c4d1e52
--- /dev/null
+++ b/scripts/install_coturn_on_aws_ec2.sh
@@ -0,0 +1,175 @@
+#!/bin/bash
+#####################################################################################
+############## purpose                 : install coturn as a server          ########
+############## verification on aws     : tested & verified on aws ec2        ########
+############## platform                : aws ec2                             ########
+############## aws ubuntu version      : ubuntu 22.04 LTS                    ########
+############## coturn base version     : 4.6.2                               ########
+############## dependent tools         : installs prometheus client as well  ########
+############## file permissions        : chmod 777 install_coturn_on_aws_ec2.sh #####
+############## run command             : ./install_coturn_on_aws_ec2.sh      ########
+############## developer               : hariprasad.t@samsung.com            ########
+#####################################################################################
+
+coturn_package="https://github.com/coturn/coturn/archive/refs/tags/4.6.2.tar.gz"
+coturn_version="4.6.2"
+
+if [ "$#" -eq 0 ]
+then
+  echo "coturn version is not supplied as argument, installing below version as default."
+  echo "default coturn package: $coturn_package"
+else
+  coturn_package="https://github.com/coturn/coturn/archive/refs/tags/$1.tar.gz"
+  coturn_version="$1"
+  echo "installing coturn package: $coturn_package"
+fi
+
+echo "--------> this script installs coturn server version $1 on aws ec2 instance..."
+
+echo "--------> create user turnserver..."
+sudo adduser --gecos "" --disabled-password turnserver
+
+echo "--------> updating packages..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y update
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
+
+### install all dependent packages
+echo "--------> installing dependent packages..."
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y gcc make openssl-dev build-essential pkg-config libsystemd-dev musl-dev sqlite
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libssl-dev libsqlite3-dev libevent-dev libpq-dev libmysqlclient-dev libhiredis-dev libmicrohttpd-dev
+
+### download prometheus client libraries
+echo "--------> installing prometheus client..."
+wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
+wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
+sudo dpkg -i prometheus-client/libprom-dev-0.1.3-Linux.deb
+sudo dpkg -i prometheus-client/libpromhttp-dev-0.1.3-Linux.deb
+
+### download coturn source code
+echo "--------> downloading coturn $coturn_package"
+wget "$coturn_package"
+tar -xf "$coturn_version.tar.gz"
+cd "coturn-$coturn_version"
+./configure
+
+### compile & install coturn
+make
+echo "--------> installing coturn ..."
+sudo make install
+
+sudo bash -c "cat > /etc/default/coturn << EOL
+TURNSERVER_ENABLED=1
+EXTRA_OPTIONS=-v
+EOL"
+
+echo "--------> generating random key for realm..."
+secret_key=$(bash -c 'openssl rand -hex 32')
+
+### fetch ec2 public ip and private ip using metadata token (applicable for v2 version of metadata)
+echo "--------> retrieving public & private ips of ec2 instance..."
+aws_token=$(bash -c 'curl -s -X PUT "http://instance-data/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"')
+public_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/public-ipv4"')
+private_ip=$(bash -c 'curl -s -H "X-aws-ec2-metadata-token:'$aws_token'" -X GET "http://instance-data/latest/meta-data/local-ipv4"')
+
+echo "--------> public ip: $public_ip, private ip: $private_ip"
+
+sudo bash -c "mv /etc/turnserver.conf /etc/turnserver.conf.original"
+
+### create configuration file for coturn with basic expected parameters
+### change below values as per your requirement.. like ports, username, password, etc.
+echo "--------> applying new config changes..."
+sudo bash -c "cat > /etc/turnserver.conf << EOL
+listening-port=3478
+tls-listening-port=5349
+# allow only TLSv1.2+
+no-tlsv1
+no-tlsv1_1
+userdb=/usr/local/var/db/turndb
+no-cli
+min-port=45000
+max-port=65535
+log-file=/var/log/turnserver/turnserver.log
+verbose
+fingerprint
+realm=${secret_key}
+lt-cred-mech
+user=username:password
+external-ip=${public_ip}/${private_ip}
+new-log-timestamp
+new-log-timestamp-format \"%FT%T%z\"
+log-binding
+prometheus
+EOL"
+
+### make coturn as auto recoverable by making it as a service
+sudo bash -c "cat > /lib/systemd/system/coturn.service << EOL
+[Unit]
+Description=coTURN STUN Server
+Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
+After=network.target
+
+[Service]
+User=turnserver
+Group=turnserver
+Type=notify
+EnvironmentFile=/etc/default/coturn
+ExecStart=/usr/local/bin/turnserver -c /etc/turnserver.conf --pidfile=
+Restart=on-failure
+InaccessibleDirectories=/home
+PrivateTmp=yes
+LimitCORE=infinity
+LimitNOFILE=1000000
+LimitNPROC=60000
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+
+[Install]
+WantedBy=multi-user.target
+EOL"
+
+### memory based database configurations
+sudo bash -c "sudo mkdir -p /var/lib/turn/turndb"
+sudo bash -c "sudo chown turnserver:turnserver /var/lib/turn/turndb"
+
+### apply log rotation policy to avoid "disk full" issues
+echo "--------> setting log rotation policy..."
+sudo bash -c "sudo mkdir -p /var/log/turnserver"
+sudo bash -c "sudo chown turnserver:turnserver /var/log/turnserver"
+sudo bash -c "cat > /etc/logrotate.d/coturn << EOL
+/var/log/turnserver/*.log
+{
+        rotate 7
+        daily
+        missingok
+        notifempty
+        compress
+        postrotate
+                /bin/systemctl kill -s HUP coturn.service
+        endscript
+}
+EOL"
+
+sudo ufw allow 80/tcp
+sudo ufw allow 443/tcp
+sudo ufw allow 3478/udp
+sudo ufw allow 5349/tcp
+
+#Running coTURN on privileged port 443
+sudo bash -c "setcap cap_net_bind_service=+ep /usr/local/bin/turnserver"
+
+sudo bash -c "sudo chown turnserver:turnserver /etc/default/coturn"
+sudo bash -c "sudo chown turnserver:turnserver /etc/turnserver.conf"
+
+echo "--------> starting coturn as a service..."
+sudo systemctl enable coturn.service
+sudo systemctl daemon-reload
+sudo systemctl restart coturn.service
+echo "--------> coturn is running successfully..."
+
+####
+echo "------ verification steps after installation -------"
+echo "a. check with command: ps -eaf | grep turnserver"
+echo "b. check with command: systemctl status coturn"
+echo "c. check configuration: cat /etc/turnserver.conf"
+echo "----------------------------------------------------"
+####
\ No newline at end of file