Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eturnal #2855

Merged
merged 4 commits into from
Aug 17, 2023
Merged

eturnal #2855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
aeae72f
move to eturnal
Zoey2936 Jun 24, 2023
9d15455
enable stun auto detection
Zoey2936 Aug 7, 2023
96beb00
change eturnal.yml path
Zoey2936 Aug 9, 2023
d89d0ce
fix sed
Zoey2936 Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 20 additions & 18 deletions Containers/talk/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM nats:2.9.21-scratch as nats
FROM eturnal/eturnal:1.11.1 AS eturnal
FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
FROM alpine:3.18.3 as janus

Expand Down Expand Up @@ -32,8 +33,18 @@ RUN set -ex; \
make configs; \
rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample

FROM coturn/coturn:4.6.2-alpine3.18
USER root
FROM alpine:3.18.2
ENV STUN_SERVICE="stun.nextcloud.com 443"
ENV ETURNAL_ETC_DIR="/conf"
COPY --from=janus /usr/local /usr/local
COPY --from=eturnal /opt/eturnal /opt/eturnal
COPY --from=eturnal /usr/local/bin/stun /usr/local/bin/stun
COPY --from=eturnal /usr/local/bin/eturnalctl /usr/local/bin/eturnalctl
Zoey2936 marked this conversation as resolved.
Show resolved Hide resolved
COPY --from=nats /nats-server /usr/local/bin/nats-server
COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling

COPY --chmod=775 start.sh /start.sh
COPY --chmod=664 supervisord.conf /supervisord.conf

RUN set -ex; \
apk add --no-cache \
Expand All @@ -57,7 +68,7 @@ RUN set -ex; \
libwebsockets \
\
shadow; \
useradd --system talk; \
useradd --system eturnal; \
apk del --no-cache \
shadow; \
\
Expand All @@ -66,6 +77,7 @@ RUN set -ex; \
\
touch \
/etc/nats.conf; \
/etc/eturnal.yml; \
echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
mkdir -p \
/var/tmp \
Expand All @@ -74,32 +86,22 @@ RUN set -ex; \
/var/log/supervisord \
/var/run/supervisord \
/usr/local/lib/janus/loggers; \
chown talk:talk -R \
chown eturnal:eturnal -R \
/usr \
/opt/eturnal \
/etc/nats.conf \
/var/lib/turn \
/var/log/supervisord \
/var/run/supervisord; \
chmod 777 -R \
/tmp \
/conf \
/opt/eturnal \
/var/run/supervisord \
/var/lib/turn \
/var/log/supervisord;
szaimen marked this conversation as resolved.
Show resolved Hide resolved

COPY --from=janus /usr/local /usr/local
COPY --from=nats /nats-server /usr/local/bin/nats-server
COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling

COPY --chmod=775 start.sh /start.sh
COPY --chmod=664 supervisord.conf /supervisord.conf

# Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
ENV TALK_PORT=3478

USER talk
USER eturnal
ENTRYPOINT ["/start.sh"]
CMD ["supervisord", "-c", "/supervisord.conf"]

HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT" && eturnalctl status) || exit 1
szaimen marked this conversation as resolved.
Show resolved Hide resolved
LABEL com.centurylinklabs.watchtower.enable="false"
64 changes: 32 additions & 32 deletions Containers/talk/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
if [ -z "$NC_DOMAIN" ]; then
echo "You need to provide the NC_DOMAIN."
exit 1
elif [ -z "$TALK_PORT" ]; then
echo "You need to provide the TALK_PORT."
exit 1
elif [ -z "$TURN_SECRET" ]; then
echo "You need to provide the TURN_SECRET."
exit 1
Expand All @@ -16,43 +19,40 @@ elif [ -z "$INTERNAL_SECRET" ]; then
fi

set -x
IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"

IPv4_ADDRESS_NC="$(dig "$NC_DOMAIN" IN A +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9.]\+$' | sort | head -n1)"
IPv6_ADDRESS_NC="$(dig "$NC_DOMAIN" IN AAAA +short +https +tls-ca=/etc/ssl/certs/ca-certificates.crt @1.1.1.1 | grep '^[0-9a-f:]\+$' | sort | head -n1)"
szaimen marked this conversation as resolved.
Show resolved Hide resolved
set +x

# Turn
cat << TURN_CONF > "/conf/turnserver.conf"
listening-port=$TALK_PORT
fingerprint
use-auth-secret
static-auth-secret=$TURN_SECRET
realm=$NC_DOMAIN
total-quota=0
bps-capacity=0
stale-nonce
no-multicast-peers
simple-log
pidfile=/var/tmp/turnserver.pid
no-tls
no-dtls
userdb=/var/lib/turn/turndb
# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
allowed-peer-ip=$IPv4_ADDRESS_TALK
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
cat << TURN_CONF > "/conf/eturnal.yml"
eturnal:
listen:
- ip: "::"
szaimen marked this conversation as resolved.
Show resolved Hide resolved
port: $TALK_PORT
transport: udp
- ip: "::"
port: $TALK_PORT
transport: tcp
log_dir: stdout
log_level: warning
secret: "$TURN_SECRET"
relay_ipv4_addr: "$IPv4_ADDRESS_NC"
relay_ipv6_addr: "$IPv6_ADDRESS_NC"
Zoey2936 marked this conversation as resolved.
Show resolved Hide resolved
szaimen marked this conversation as resolved.
Show resolved Hide resolved
szaimen marked this conversation as resolved.
Show resolved Hide resolved
blacklist:
- recommended
whitelist:
- 127.0.0.1
- ::1
- "$IPv4_ADDRESS_TALK"
- "$IPv6_ADDRESS_TALK"
Zoey2936 marked this conversation as resolved.
Show resolved Hide resolved
TURN_CONF

# Remove empty lines so that the config is not invalid
sed -i '/""/d' /conf/eturnal.yml

# Signling
cat << SIGNALING_CONF > "/conf/signaling.conf"
[http]
Expand Down
4 changes: 2 additions & 2 deletions Containers/talk/supervisord.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ logfile_maxbytes=50MB
logfile_backups=10
loglevel=error

[program:turnserver]
[program:eturnal]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=turnserver -c /conf/turnserver.conf
command=eturnalctl foreground

[program:nats-server]
stdout_logfile=/dev/stdout
Expand Down
2 changes: 1 addition & 1 deletion php/containers.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -352,8 +352,8 @@
"tmpfs": [
"/var/log/supervisord",
"/var/run/supervisord",
"/opt/eturnal/run",
"/conf",
"/var/lib/turn",
"/tmp"
]
},
Expand Down