give coturn the option to run with manual certificates

docker-compose.tmpl.yml

@@ -329,7 +329,12 @@ services:
       - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
       - "--static-auth-secret=${TURN_SECRET}"
     volumes:
+      {{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
       - ssl_data:/etc/resty-auto-ssl
+      {{else}}
+      - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
+      - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
+      {{end}}
       - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
       - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
     network_mode: host

mod/coturn/entrypoint.sh

@@ -1,5 +1,6 @@
 #!/bin/sh
 set -e 
+if [ "$ENABLE_HTTPS_PROXY" == true ]; then
   apk add jq
 
   while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
@@ -13,6 +14,14 @@ done
   # extract cert
   cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
   cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
+fi
+
+if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
+  echo "ERROR: certificate not found, but coturn relies on it."
+  echo "Use either auto HTTPS proxy or"
+  echo "provide path to certificates in .env file"
+  exit 1
+fi
 
 # If command starts with an option, prepend with turnserver binary.
 if [ "${1:0:1}" == '-' ]; then

sample.env

@@ -8,8 +8,11 @@
 ENABLE_HTTPS_PROXY=true
 
 # coturn (a TURN Server)
-# requires HTTPS Proxy to be enabled
+# requires either the abhove HTTPS Proxy to be enabled 
+# or TLS certificates to be mounted to container
 ENABLE_COTURN=true
+#COTURN_TLS_CERT_PATH=
+#COTURN_TLS_KEY_PATH=
 
 # Greenlight Frontend
 # https://docs.bigbluebutton.org/greenlight/gl-overview.html

scripts/generate-compose

@@ -20,12 +20,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then
 fi
 
 if [ "$ENABLE_COTURN" == true ]; then
-  if [ -z "$ENABLE_HTTPS_PROXY" ]; then
+  if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then
-    echo "ERROR: coturn requires the https proxy for certificate retrival."
+    echo "ERROR: coturn requires TLS certificates."
-    echo "you must also set ENABLE_HTTPS_PROXY=true"
+    echo "Either enable the https proxy for certificate retrival"
+    echo "or provide a path to your certificates in .env file."
     exit 1
   fi
-  if [ "$DEV_MODE" == true ]; then
+  if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then
     echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
     echo "you should disable coturn in .env"
     exit 1

scripts/setup

@@ -33,11 +33,21 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
 done
 
 coturn=""
-if [ "$https_proxy" == "y" ]
-then
 while [[ ! $coturn =~ ^(y|n)$ ]]; do
     read -p "Should a coturn be included? (y/n): " coturn
 done
+if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
+then
+    echo "Coturn needs TLS to function properly."
+    echo "   Since automatic HTTPS Proxy is disabled,"
+    echo "   you must provide a relative or absolute path"
+    echo "   to your certificates."
+    while [[ -z "$CERTPATH" ]]; do
+        read -p "Please enter path to cert.pem: " CERTPATH 
+    done
+    while [[ -z "$KEYPATH" ]]; do
+        read -p "Please enter path to key.pem: " KEYPATH 
+    done
 fi
 
 prometheus_exporter=""
@@ -124,6 +134,12 @@ else
     sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
 fi
 
+if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
+then
+    sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env
+    sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env
+fi
+
 if [ "$prometheus_exporter" == "y" ]
 then
     sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env