holm/docker
1
0
Fork 0
forked from extern/docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

give coturn the option to run with manual certificates

Browse Source
This commit is contained in:
cjhille 2021-06-08 16:28:24 +00:00
parent 0ff8da7f67
commit eb2408cb17
5 changed files with 53 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docker-compose.tmpl.yml
View File

@ -329,7 +329,12 @@ services:
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}" - "--static-auth-secret=${TURN_SECRET}"
volumes: volumes:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
- ssl_data:/etc/resty-auto-ssl - ssl_data:/etc/resty-auto-ssl
{{else}}
- ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
- ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
{{end}}
- ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
network_mode: host network_mode: host

31
mod/coturn/entrypoint.sh
View File

@ -1,18 +1,27 @@
#!/bin/sh #!/bin/sh
set -e set -e
apk add jq if [ "$ENABLE_HTTPS_PROXY" == true ]; then
apk add jq
while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ] while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
do do
echo "ERROR: certificate doesn't exist yet." echo "ERROR: certificate doesn't exist yet."
echo "Certificate gets create on the first request to the HTTPS proxy." echo "Certificate gets create on the first request to the HTTPS proxy."
echo "We will try again..." echo "We will try again..."
sleep 10 sleep 10
done done
# extract cert # extract cert
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
fi
if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
echo "ERROR: certificate not found, but coturn relies on it."
echo "Use either auto HTTPS proxy or"
echo "provide path to certificates in .env file"
exit 1
fi
# If command starts with an option, prepend with turnserver binary. # If command starts with an option, prepend with turnserver binary.
if [ "${1:0:1}" == '-' ]; then if [ "${1:0:1}" == '-' ]; then

5
sample.env
View File

@ -8,8 +8,11 @@
ENABLE_HTTPS_PROXY=true ENABLE_HTTPS_PROXY=true
# coturn (a TURN Server) # coturn (a TURN Server)
# requires HTTPS Proxy to be enabled # requires either the abhove HTTPS Proxy to be enabled
# or TLS certificates to be mounted to container
ENABLE_COTURN=true ENABLE_COTURN=true
#COTURN_TLS_CERT_PATH=
#COTURN_TLS_KEY_PATH=
# Greenlight Frontend # Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html # https://docs.bigbluebutton.org/greenlight/gl-overview.html

9
scripts/generate-compose
View File

@ -20,12 +20,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then
fi fi
if [ "$ENABLE_COTURN" == true ]; then if [ "$ENABLE_COTURN" == true ]; then
if [ -z "$ENABLE_HTTPS_PROXY" ]; then if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then
echo "ERROR: coturn requires the https proxy for certificate retrival." echo "ERROR: coturn requires TLS certificates."
echo "you must also set ENABLE_HTTPS_PROXY=true" echo "Either enable the https proxy for certificate retrival"
echo "or provide a path to your certificates in .env file."
exit 1 exit 1
fi fi
if [ "$DEV_MODE" == true ]; then if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then
echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start" echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
echo "you should disable coturn in .env" echo "you should disable coturn in .env"
exit 1 exit 1

22
scripts/setup
View File

@ -33,10 +33,20 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
done done
coturn="" coturn=""
if [ "$https_proxy" == "y" ] while [[ ! $coturn =~ ^(y|n)$ ]]; do
read -p "Should a coturn be included? (y/n): " coturn
done
if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
then then
while [[ ! $coturn =~ ^(y|n)$ ]]; do echo "Coturn needs TLS to function properly."
read -p "Should a coturn be included? (y/n): " coturn echo " Since automatic HTTPS Proxy is disabled,"
echo " you must provide a relative or absolute path"
echo " to your certificates."
while [[ -z "$CERTPATH" ]]; do
read -p "Please enter path to cert.pem: " CERTPATH
done
while [[ -z "$KEYPATH" ]]; do
read -p "Please enter path to key.pem: " KEYPATH
done done
fi fi
@ -124,6 +134,12 @@ else
sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
fi fi
if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
then
sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env
sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env
fi
if [ "$prometheus_exporter" == "y" ] if [ "$prometheus_exporter" == "y" ]
then then
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env