docker-coturn/docker-entrypoint.sh at master · Monogramm/docker-coturn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
#!/bin/sh
set -e

# -------------------------------------------------------------------
# Functions

log() {
  echo "[$(date +%Y-%m-%dT%H:%M:%S%:z)] $@"
}

# -------------------------------------------------------------------
# Runtime

ARGS=""

log "Initiliazing Coturn server directories..."

mkdir -p /srv/turnserver/db/
mkdir -p /srv/turnserver/logs/
chown root.root /srv/turnserver
chmod 755 /srv/turnserver

log "Initiliazing Coturn server properties..."

if [ -e "/srv/config" ]; then
	log "Load Coturn server configuration..."
	. /srv/config
fi

if [ -n "$LISTEN_IPS" ]; then
	log "    - setting listener IP address of relay server: $LISTEN_IPS"
	for ip in $LISTEN_IPS; do
		ARGS="$ARGS -L $ip"
	done
fi

if [ -n "$EXTERNAL_IPS" ]; then
	log "    - setting TURN Server public/private address mapping: $EXTERNAL_IPS"
	for ip in $EXTERNAL_IPS; do
		ARGS="$ARGS -X $ip"
	done
fi

if [ -n "$TLS_CERT" ]; then
	log "    - setting certificate file: $TLS_CERT"
	ARGS="$ARGS --cert=$TLS_CERT"
fi

if [ -n "$TLS_KEY" ]; then
	log "    - setting private key file: $TLS_KEY"
	ARGS="$ARGS --pkey=$TLS_KEY"
fi

if [ -n "$DH_FILE" ]; then
	log "    - setting DH TLS key: $DH_FILE"
	ARGS="$ARGS --dh-file=$DH_FILE"
fi

if [ -n "$RELAY_IP" ]; then
	log "    - setting relay IP: $RELAY_IP"
	ARGS="$ARGS --relay-ip=$RELAY_IP"
fi

if [ -n "$LONG_TERM_CREDENTIALS" ]; then
	log "    - enabling long term credentials (needed for WebRTC usage)..."
	ARGS="$ARGS --lt-cred-mech"
fi

if [ -n "$STATIC_AUTH_SECRET" ]; then
	log "    - setting auth secret (needed for TURN Server REST API)..."
	ARGS="$ARGS --use-auth-secret --static-auth-secret=$STATIC_AUTH_SECRET"
fi

if [ -n "$SECURE_STUN" ]; then
	log "    - enabling authentication of the STUN Binding request..."
	ARGS="$ARGS --secure-stun"
fi

if [ -n "$NO_CLI" ]; then
	log "    - disabling CLI..."
	ARGS="$ARGS --no-cli"
fi

if [ -n "$CLI_IP" ]; then
	log "    - setting local system IP address to be used for CLI server endpoint: $CLI_IP"
	ARGS="$ARGS --cli-ip=$CLI_IP"
fi

if [ -n "$CLI_PORT" ]; then
	log "    - setting CLI server port: $CLI_PORT"
	ARGS="$ARGS --cli-port=$CLI_PORT"
fi

if [ -n "$CLI_PASSWORD" ]; then
	log "    - setting CLI password..."
	ARGS="$ARGS --cli-password=$(turnadmin -P -p $CLI_PASSWORD | sed -e 's|\\$|\\\\$|g')"
fi

if [ -n "$WEB_ADMIN" ]; then
	log "    - enabling web admin..."
	ARGS="$ARGS --web-admin"
fi

if [ -n "$WEB_ADMIN_IP" ]; then
	log "    - setting web admin local system IP address: $WEB_ADMIN_IP"
	ARGS="$ARGS --web-admin-ip=$WEB_ADMIN_IP"
fi

if [ -n "$WEB_ADMIN_PORT" ]; then
	log "    - setting web admin server port: $WEB_ADMIN_PORT"
	ARGS="$ARGS --web-admin-port=$WEB_ADMIN_PORT"
fi

if [ -n "$WEB_ADMIN_PASSWORD" ]; then

	if [ -z "$WEB_ADMIN_USERNAME" ]; then
		WEB_ADMIN_USERNAME=root
	fi

	if ! echo "$(turnadmin -L -b $USER_DB)" | grep -q "^$WEB_ADMIN_USERNAME$"; then
		log "    - setting Web Admin user '$WEB_ADMIN_USERNAME'..."
		turnadmin -A -b $USER_DB -u $WEB_ADMIN_USERNAME -p "$(turnadmin -P -p $WEB_ADMIN_PASSWORD | sed -e 's|\\$|\\\\$|g')"
	else
		log "    - Web Admin user '$WEB_ADMIN_USERNAME' already set"
	fi
fi

if [ -n "$RELAY_THREADS" ]; then
	log "    - setting relay threads number: $RELAY_THREADS"
	ARGS="$ARGS --relay-threads=$RELAY_THREADS"
fi

if [ -n "$NO_AUTH" ]; then
	log "    - disabling credential mechanism..."
	ARGS="$ARGS --no-auth"
fi

if [ -n "$PROD" ]; then
	log "    - enabling production mode (hide the software version)..."
	ARGS="$ARGS --prod"
fi

if [ -n "$NO_STDOUT_LOG" ]; then
	log "    - disabling stdout log messages..."
	ARGS="$ARGS --no-stdout-log"
fi

if [ -n "$SYSLOG" ]; then
	log "    - enabling output all log information into the system log (syslog)..."
	ARGS="$ARGS --syslog"
fi

if [ -n "$SIMPLE_LOG" ]; then
	log "    - enabling simple log file (no rolling out log file, simple file name)..."
	ARGS="$ARGS --simple-log"
fi

if [ "$VERBOSE" = "1" ]; then
	log "    - enabling 'Moderate' verbose mode..."
	ARGS="$ARGS --verbose"
fi

if [ "$DEBUG" = "1" ]; then
	log "    - enabling extra verbose mode (for debug purposes only)..."
	ARGS="$ARGS --Verbose"
fi

if [ -n "$REDIS_STATSDB" ]; then
	log "    - enabling REDIS statistics database..."
	# Use like REDIS_STATSDB=mydb password=secret, and link with redis container, named redis.
	ARGS="$ARGS --redis-statsdb=host=$REDIS_PORT_6379_TCP_ADDR dbname=$REDIS_STATSDB port=$REDIS_PORT_6379_TCP_PORT connect_timeout=30"
fi

sleep 2

log "Starting Coturn server..."
exec turnserver \
	-n \
	$ARGS \
	--fingerprint \
	--stale-nonce \
	--check-origin-consistency \
	--no-multicast-peers \
	--listening-port=$LISTENING_PORT \
	--tls-listening-port=$TLS_LISTENING_PORT \
	--alt-listening-port=$ALT_LISTENING_PORT \
	--alt-tls-listening-port=$ALT_TLS_LISTENING_PORT \
	--realm=$REALM \
	--min-port=$MIN_PORT \
	--max-port=$MAX_PORT \
	--max-bps=$MAX_BPS \
	--bps-capacity=$BPS_CAPACITY \
	--cipher-list=$CIPHER_LIST \
	--userdb=$USER_DB \
	--user-quota=$USER_QUOTA \
	--total-quota=$TOTAL_QUOTA \
	--log-file=$LOG_FILE \
	--pidfile=$PID_FILE