47 lines
1.1 KiB
Django/Jinja
47 lines
1.1 KiB
Django/Jinja
use-auth-secret
|
|
static-auth-secret={{ coturn_secret_key }}
|
|
|
|
realm={{ service_info.coturn.domain }}
|
|
server-name=turnserver
|
|
|
|
syslog
|
|
|
|
# Security
|
|
no-tcp-relay
|
|
|
|
# Deny private IPs
|
|
denied-peer-ip=10.0.0.0-10.255.255.255
|
|
denied-peer-ip=192.168.0.0-192.168.255.255
|
|
denied-peer-ip=172.16.0.0-172.31.255.255
|
|
|
|
no-multicast-peers
|
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
|
denied-peer-ip=100.64.0.0-100.127.255.255
|
|
denied-peer-ip=127.0.0.0-127.255.255.255
|
|
denied-peer-ip=169.254.0.0-169.254.255.255
|
|
denied-peer-ip=192.0.0.0-192.0.0.255
|
|
denied-peer-ip=192.0.2.0-192.0.2.255
|
|
denied-peer-ip=192.88.99.0-192.88.99.255
|
|
denied-peer-ip=198.18.0.0-198.19.255.255
|
|
denied-peer-ip=198.51.100.0-198.51.100.255
|
|
denied-peer-ip=203.0.113.0-203.0.113.255
|
|
denied-peer-ip=240.0.0.0-255.255.255.255
|
|
|
|
# Allow localhost
|
|
allowed-peer-ip={{ local_ip }}
|
|
|
|
user-quota=12
|
|
total-quota=1200
|
|
|
|
# TLS
|
|
cert=/etc/ssl-acme/certs/fullchain_{{ service_info.coturn.ssl_cert }}.crt
|
|
pkey=/etc/ssl-acme/keys/{{ service_info.coturn.ssl_cert }}.key
|
|
|
|
# External IP address (automatically managed: do not edit!)
|
|
external-ip={{ ansible_facts.ipify_public_ip }}
|
|
|
|
listening-ip={{ local_ip }}
|
|
listening-port=3478
|
|
min-port=49152
|
|
max-port=65535
|