remove coturn due to #73

2024-11-22 08:03:19 +01:00 · 2021-03-28 00:58:01 +01:00 · 2021-03-28 00:58:01 +01:00 · f49ef6b625
commit f49ef6b625
parent 4e3e1dd851
8 changed files with 0 additions and 154 deletions
--- a/README.md
+++ b/README.md
@ -12,7 +12,6 @@ you can find a **stable bbb-docker release for 2.2** here: https://github.com/al
 ## Features
 - Easy installation
 - Greenlight included
 - TURN server included
 - Fully automated HTTPS certificates
 - Full IPv6 support
 - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@ -319,23 +319,6 @@ services:
    network_mode: host
 {{end}}
 {{ if isTrue .Env.ENABLE_COTURN }}
  # coturn
  coturn:
    image: instrumentisto/coturn:4.5
    restart: unless-stopped
    command:
      - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
      - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
      - "--static-auth-secret=${TURN_SECRET}"
    volumes:
      - ssl_data:/etc/resty-auto-ssl
      - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
      - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
    network_mode: host
 {{end}}
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
  # greenlight
  greenlight:
--- a/docs/development.md
+++ b/docs/development.md
@ -7,7 +7,6 @@ you can run bbb-docker locally without any certificate issues with following `.e
 DEV_MODE=true
 ENABLE_HTTPS_PROXY=true
 #ENABLE_COTURN=true
 #ENABLE_GREENLIGHT=true
 #ENABLE_WEBHOOKS=true
 #ENABLE_PROMETHEUS_EXPORTER=true
@ -17,9 +16,7 @@ DOMAIN=10.7.7.1
 EXTERNAL_IPv4=10.7.7.1
 STUN_IP=216.93.246.18
 STUN_PORT=3478
 TURN_SERVER=turns:localhost:465?transport=tcp
 TURN_SECRET=SuperTurnSecret
 SHARED_SECRET=SuperSecret
 ETHERPAD_API_KEY=SuperEtherpadKey
 RAILS_SECRET=SuperRailsSecret
--- a/mod/coturn/entrypoint.sh
+++ b/mod/coturn/entrypoint.sh
@ -1,23 +0,0 @@
 #!/bin/sh
 set -e 
 apk add jq
 while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
 do
  echo "ERROR: certificate doesn't exist yet."
  echo "Certificate gets create on the first request to the HTTPS proxy."
  echo "We will try again..."
  sleep 10
 done
 # extract cert
 cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
 cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
 # If command starts with an option, prepend with turnserver binary.
 if [ "${1:0:1}" == '-' ]; then
  set -- turnserver "$@"
 fi
 exec $(eval "echo $@")
--- a/mod/coturn/turnserver.conf
+++ b/mod/coturn/turnserver.conf
@ -1,71 +0,0 @@
 # Example coturn configuration for BigBlueButton
 # These are the two network ports used by the TURN server which the client
 # may connect to. We enable the standard unencrypted port 3478 for STUN,
 # as well as port 443 for TURN over TLS, which can bypass firewalls.
 listening-port=3478
 # we use the SMTP over TLS Port, since 443 is already used for HTTPS
 tls-listening-port=465
 # If the server has multiple IP addresses, you may wish to limit which
 # addresses coturn is using. Do that by setting this option (it can be
 # specified multiple times). The default is to listen on all addresses.
 # You do not normally need to set this option.
 #listening-ip=172.17.19.101
 # If the server is behind NAT, you need to specify the external IP address.
 # If there is only one external address, specify it like this:
 #external-ip=172.17.19.120
 # If you have multiple external addresses, you have to specify which
 # internal address each corresponds to, like this. The first address is the
 # external ip, and the second address is the corresponding internal IP.
 #external-ip=172.17.19.131/10.0.0.11
 #external-ip=172.17.18.132/10.0.0.12
 # Fingerprints in TURN messages are required for WebRTC
 fingerprint
 # The long-term credential mechanism is required for WebRTC
 lt-cred-mech
 # Configure coturn to use the "TURN REST API" method for validating time-
 # limited credentials. BigBlueButton will generate credentials in this
 # format. Note that the static-auth-secret value specified here must match
 # the configuration in BigBlueButton's turn-stun-servers.xml
 # You can generate a new random value by running the command:
 #   openssl rand -hex 16
 use-auth-secret
 # static-auth-secret=<random value>
 # If the realm value is unspecified, it defaults to the TURN server hostname.
 # You probably want to configure it to a domain name that you control to
 # improve log output. There is no functional impact.
 realm=example.com
 # Configure TLS support.
 # Adjust these paths to match the locations of your certificate files
 cert=/tmp/cert.pem
 pkey=/tmp/key.pem
 # Limit the allowed ciphers to improve security
 # Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
 cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
 # Enable longer DH TLS key to improve security
 dh2066
 # All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
 # older protocols
 no-tlsv1
 no-tlsv1_1
 # To enable single filename logs you need to enable the simple-log flag
 syslog
 # Allocate Address Family according 
 # If enabled then TURN server allocates address family according  the TURN 
 # Client <=> Server communication address family.
 # (By default Coturn works according RFC 6156.)
 # !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
 keep-address-family
--- a/sample.env
+++ b/sample.env
@ -7,10 +7,6 @@
 # fully automated Lets Encrypt certificates
 ENABLE_HTTPS_PROXY=true
 # coturn (a TURN Server)
 # requires HTTPS Proxy to be enabled
 ENABLE_COTURN=true
 # Greenlight Frontend
 # https://docs.bigbluebutton.org/greenlight/gl-overview.html
 ENABLE_GREENLIGHT=true
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@ -19,22 +19,6 @@ if [ -z "$EXTERNAL_IPv4" ]; then
    exit 1
 fi
 if [ "$ENABLE_COTURN" == true ]; then
  if [ -z "$ENABLE_HTTPS_PROXY" ]; then
    echo "ERROR: coturn requires the https proxy for certificate retrival."
    echo "you must also set ENABLE_HTTPS_PROXY=true"
    exit 1
  fi
  if [ "$DEV_MODE" == true ]; then
    echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
    echo "you should disable coturn in .env"
    exit 1
  fi
 fi
 docker run  \
    --rm  \
    -v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
@ -42,7 +26,6 @@ docker run  \
    -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
    -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
    -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
    -e ENABLE_COTURN=${ENABLE_COTURN:-false} \
    -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
    -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
    -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
--- a/scripts/setup
+++ b/scripts/setup
@ -32,14 +32,6 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
    read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
 done
 coturn=""
 if [ "$https_proxy" == "y" ]
 then
    while [[ ! $coturn =~ ^(y|n)$ ]]; do
        read -p "Should a coturn be included? (y/n): " coturn
    done
 fi
 prometheus_exporter=""
 while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
    read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
@ -114,16 +106,6 @@ then
    sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
 fi
 if [ "$coturn" == "y" ]
 then
    sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:465?transport=tcp/" .env
    TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
    sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
    sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
 else
    sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
 fi
 if [ "$prometheus_exporter" == "y" ]
 then
    sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env