Skip to content
Open
2 changes: 1 addition & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ node_modules
.github
.git*

*.md
*.md
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ node_modules
fqdn.env
/docker/certs
qrcode-svg/
rtc_config.json
turnserver.conf
ssl/*
10 changes: 9 additions & 1 deletion docker-compose-coturn.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,18 @@ services:
restart: unless-stopped
ports:
- "3000:3000"
environment:
- RTC_CONFIG=/home/node/app/rtc_config.json
- WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
- RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
- TZ=Europa/Vienna # Time Zone
# you need to copy rtc_config_example.json to rtc_config.json and specify domain, IP address, user and password
coturn_server:
image: "coturn/coturn"
restart: always
network_mode: "host"
volumes:
- ./turnserver.conf:/etc/coturn/turnserver.conf
#you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
- ./ssl/:/etc/coturn/ssl/
# you need to copy turnserver_example.conf to turnserver.conf and specify domain, IP address, user and password
# create dhparams.pem with `openssl dhparam -out ssl/dhparams.pem 4096` it takes a very long time!!!
21 changes: 20 additions & 1 deletion docs/host-your-own.md
Original file line number Diff line number Diff line change
Expand Up @@ -397,9 +397,28 @@ Now point your browser to `http://localhost:8080`.
- To stop the containers run `docker-compose stop`.
- To debug the NodeJS server run `docker logs pairdrop_node_1`.


<br>

# Coturn
## docker-compose

- generate or retrieve certificates for your <DOMAIN> (f.e. letsencrypt)
- copy your ssl-certificates and privkey to `./ssl` and `chown -R nobody:nogroup ./ssl`
- create a dh-params file with `openssl dhparam -out ./ssl/dhparams.pem 4096`
- copy `rtc_config_example-coturn.json` to `rtc_config.json`
- copy `turnserver_example.conf` to `turnserver.conf`
- change <DOMAIN> in all 2 files to the domain, where your pairdrop is running
- change user and password for turn-server in `turnserver.conf` and `rtc-config.json`
Comment thread
xundeenergie marked this conversation as resolved.
- To start the container including coturn run `docker-compose -f docker-compose-coturn.yml up -d`
- To restart the container including coturn run `docker-compose -f docker-compose-coturn.yml restart`
- To stop the container including coturn run `docker-compose -f docker-compose-coturn.yml stop`

## Firewall
To run PairDrop including its own coturn-server you need to punch holes in the firewall. These ports must be opened additionally:
- 3478 tcp/udp
- 5349 tcp/udp
- 10000:20000 tcp/udp

## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.

Expand Down
13 changes: 13 additions & 0 deletions rtc_config_example-coturn.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"sdpSemantics": "unified-plan",
"iceServers": [
{
"urls": "stuns:<DOMAIN>:5349"
},
{
"urls": "turns:<DOMAIN>:5349",
"username": "user",
"credential": "password"
}
]
}
27 changes: 21 additions & 6 deletions turnserver_example.conf
Original file line number Diff line number Diff line change
@@ -1,16 +1,25 @@
# TURN server name and realm
# realm can be domain or <IP-ADDRESS>
realm=<DOMAIN>
server-name=pairdrop

# IPs the TURN server listens to
listening-ip=0.0.0.0

# External IP-Address of the TURN server
external-ip=<IP_ADDRESS>
# only needed, if coturn is behind a NAT
#external-ip=<IP_ADDRESS>

# relay-ip is needed for tls turns connections
# it can be set multiple times. A local IP is sufficient (not 127.0.0.1!!)
relay-ip=<SOME_LOCAL_IP_ADDRESS>

# Main listening port
listening-port=3478

# 443 for TURN over TLS, which can bypass firewalls
tls-listening-port=5349

# Further ports that are open for communication
min-port=10000
max-port=20000
Expand All @@ -19,7 +28,8 @@ max-port=20000
fingerprint

# Log file path
log-file=/var/log/turnserver.log
# - is logging to STDOUT, so it's visible in docker-compose logs
log-file=-

# Enable verbose logging
verbose
Expand All @@ -31,8 +41,13 @@ user=user:password
lt-cred-mech

# SSL certificates
cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem
cert=/etc/letsencrypt/fullchain.pem
pkey=/etc/letsencrypt/privkey.pem
dh-file=/etc/dhparam.pem

# 443 for TURN over TLS, which can bypass firewalls
tls-listening-port=443
# For security-reasons disable old ssl and tls-protocols
no-sslv3
no-tlsv1
no-tlsv1_1

stale-nonce=600