File: reTurnServer.config

package info (click to toggle)
resiprocate 1%3A1.9.7-5
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 36,456 kB
  • ctags: 27,123
  • sloc: cpp: 195,346; xml: 12,515; sh: 11,986; ansic: 6,807; makefile: 2,182; php: 1,150; python: 300; objc: 91; sql: 85; perl: 21; csh: 5
file content (225 lines) | stat: -rw-r--r-- 8,260 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
########################################################
# reTurnServer configuration file
########################################################

# Software name to include in STUN messages
# Set this to an empty string to reveal no software
# name information in STUN messages.
# Default: reTURNServer (RFC5389)
# The default also includes the software version on
# those platforms where PACKAGE_VERSION is defined
# at compile time.
#SoftwareName =

# Whether or not to pad the SoftwareName value to
# a multiple of four bytes for compatibility with
# legacy clients.  Default: true
#PadSoftwareName = true

########################################################
# Transport settings
########################################################

# Local IP Address to bind base STUN/TURN transports to.
# Note:  This is the IP Address that clients should be configured to
#        send STUN/TURN traffic to.
# Warning:  If you are enabling RFC3489 backwards compatability
#           (see AltStunAddress and AltStunPort settings), then do
#           not leave this set to INADDR_ANY (0.0.0.0), place
#           a valid IP address from a local NIC here.
TurnAddress = 0.0.0.0

# Local IPv6 Address to bind base STUN/TURN transports to.
# Note:  This is the IP Address that IPv6 clients should be configured to
#        send STUN/TURN traffic to.
#        Not currently supported with RFC3489 backwards compatability
TurnV6Address = ::0

# Local UDP/TCP Port to bind base STUN/TURN transports to.
# Note:  This is the port that clients should be configured to
#        send STUN/TURN traffic over UDP and TCP.
#        reTurn will always bind on this port using both UDP and TCP.
TurnPort = 3478

# Local TLS Port to bind base STUN/TURN transports to.
# Note:  This is the port that clients should be configured to
#        send STUN/TURN traffic over TLS.
#        Set this to 0 to disable TLS support.
#        The default port for STUN over TLS is 5349
#        It is often necessary to use port 443 instead so that
#        users can connect through a HTTP proxy that only allows
#        traffic that appears to be going to a HTTPS server.
TlsTurnPort = 0

# Local IP Address to bind the transports used in Classic Stun
# NAT type discovery.  Note:  This address is only required if
# you need Classic Stun (RFC3489) support.
# It must be different from the TurnAddress setting, and a valid
# local IP Address.  Use 0.0.0.0 to disable RFC3489 backwards compatbility
# support.
# Note:  The STUN/TURN Client should not be configured with this
#        address anywhere.  This address is discovered by clients
#        in Binding responses that are sent to the TurnAddress.
AltStunAddress = 0.0.0.0

# Local UDP Port to bind classic STUN (RFC3489) transports to.
# Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
# if you do not have a need to support the NAT type discovery procedures
# of RFC3489.
# Note:  STUN/TURN Client should not be configured with this port anywhere.
#        This port is discovered by clients in Binding responses that are
#        sent to the TurnAddress/TurnPort.
AltStunPort = 0


########################################################
# Logging settings
########################################################

# Logging Type: syslog|cerr|cout|file
LoggingType = file

# Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
LoggingLevel = WARNING

# Log Filename
LogFilename = /var/log/reTurnServer/reTurnServer.log

# Log file Max Size
LogFileMaxLines = 0


########################################################
# UNIX related settings
########################################################

# Must be true or false, default = false, not supported on Windows
Daemonize = true

# On UNIX it is normal to create a PID file
# if unspecified, no attempt will be made to create a PID file
PidFile = /var/run/reTurnServer/reTurnServer.pid

# UNIX account information to run process as
RunAsUser = return
RunAsGroup = return


########################################################
# Authentication settings
########################################################

# Authentication Realm for Long Term Passwords
AuthenticationRealm = reTurn

# File containing user authentication data.
# The format of each line is:
#
#    login:password:realm:state
#
# Typically, the realm field must match the value of AuthenticationRealm
# defined above.
#
# The state field can be one of:
#
#   authorized   (user authorized)
#   refused      (user denied access)
#   restricted   (for when bandwidth limiting is implemented)
#
# This file format is interchangeable with TurnServer.org's user database
#
UserDatabaseFile = /etc/reTurn/users.txt

# Hashed passwords in the user database file
# This option specifies whether the passwords are plain text
# or hashed with the scheme H(A1)
#
# When hashed passwords are enabled by this configuration setting,
# the values in the password column are the MD5 hash 
# represented in hexadecimal
#
# To create a hashed password for the following credentials:
#
#      user:       bob
#      realm:      example.org
#      password:   foobar
#
# you can issue a command such as:
#
#      echo -n bob:example.org:foobar | md5sum
#
# WARNING: the hashing scheme prevents recovery of the plain text
# password.  However, H(A1) hash values must still be kept
# secret as they can be used to impersonate the user.
# Therefore, the user database file should always be readable
# only by the reTurn process and no other regular users.
#
UserDatabaseHashedPasswords = true

# How frequently to check the user database file for changes
# Set to 0 to only load the file once at startup
# Default = 60 seconds
UserDatabaseCheckInterval = 60

########################################################
# TURN Allocation settings
########################################################

NonceLifetime = 3600

# The starting port number to use for TURN allocations.
# This number MUST be an even number, in order to ensure
# proper operation for allocation of RTP port pairs.
# Default: 49152 (start of the Dynamic and/or Private Port range
#                 - recommended by RFC)
AllocationPortRangeMin = 49152

# The ending port number to use for TURN allocations.
# This number MUST be an odd number, in order to ensure
# proper operation for allocation of RTP port pairs.
# Default: 65535 (end of the Dynamic and/or Private Port range
#                 - recommended by RFC)
AllocationPortRangeMax = 65535

# Default time (in seconds) that an allocation will expire if an allocation
# refresh request is not sent.  Default is 600 (10 minutes).
DefaultAllocationLifetime = 600

# Maximum time (in seconds) allowed that will be accepted in an allocation requests
# lifetime header (ie. between TURN allocation refreshes).  If an allocation is
# received with a higher lifetime, then the response will be returned with this
# value instead.  Default is 3600 (1 hour).
MaxAllocationLifetime = 3600


########################################################
# SSL/TLS Certificate settings
########################################################

# TLS Server Certificate Filename (loaded from working directory)
# The PEM formated file that contains the server certificate.
# If the CA supplies an intermediate certificate chain, those
# certificates should also be appened to this file.
# The private key may optionally be included in this file
# or in a separate key file specified by TlsServerPrivateKeyFilename
TlsServerCertificateFilename = server.pem

# TLS Server Private Key Filename (loaded from working directory)
# The PEM formated file that contains the private key of the certificate
# that will be presented to clients connecting over TLS.
# If not specified, reTurn will also try to find the private key
# in the file specified by TlsServerCertificateFilename
TlsServerPrivateKeyFilename = server-key.pem

# TLS temporary Diffie-Hellman parameters file (loaded from working directory)
# Can be generated with the command:
#
#     openssl dhparam -outform PEM -out dh512.pem 512
#
TlsTempDhFilename = /etc/reTurn/dh512.pem

# TLS server private key certificate password required to read
# from PEM file.  Leave blank if key is not encrypted.
TlsPrivateKeyPassword =