-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
107 lines (90 loc) · 3.03 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
---
listening_port: 3478
min_port: 32769
max_port: 65535
listening_ip: "{{ lookup('dig', ansible_host) }}"
# You need to set the same static authentification secret
# for this coturn instance here *and* in BigBlueButton.
static_auth_secret: ""
# Realm of you coturn
# If this variable is empty or undefined,
# the default of coturn is to fall back
# to the host domain name.
realm: ""
# The tls variables should all be defined if you set
# use_tls to true (recommended).
use_tls: true
tls_listening_port: 443
# If you use tls you need to define the directory where
# your tls certificate files are located.
# This directory should already exist on the target host.
tls_cert_dir: "/etc/ssl/certs"
# This role automatically installs dummy tls files that you
# can write over later with your actual tls files.
# Alternatively, you can specify here the path to the files
# that should be copied to the host.
tls_cert: "{{ tls_cert_dir }}/{{ inventory_hostname }}.crt"
tls_key: "{{ tls_cert_dir }}/{{ inventory_hostname }}.key"
# You can specify the coturn tls_group (optional).
# tls_group:
# coturn will deny these ip addresses
denied_peer_ips:
# IPv4 Private-Use
- 10.0.0.0-10.255.255.255
- 172.16.0.0-172.31.255.255
- 192.168.0.0-192.168.255.255
# Other IPv4 Special-Purpose addresses
- 100.64.0.0-100.127.255.255
- 169.254.0.0-169.254.255.255
- 192.0.0.0-192.0.0.255
- 192.0.2.0-192.0.2.255
- 198.18.0.0-198.19.255.255
- 198.51.100.0-198.51.100.255
- 203.0.113.0-203.0.113.255
# IPv6 Unique-Local
- fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# IPv6 Link-Local Unicast
- fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# Other IPv6 Special-Purpose assignments
- ::ffff:0:0-::ffff:ffff:ffff
- 64:ff9b::-64:ff9b::ffff:ffff
- 64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
- 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
- 2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
- 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# additional security parameters
no_software_attribute: false
stale_nonce: 600
user_quota: 0
total_quota: 0
# coturn username on the host
turn_user: "{{ 'coturn' if ansible_os_family == 'RedHat' else 'turnserver' }}"
# default coturn config template file
# Change this to your custom config template file
# if you desire a different configuration
# from the one the values above can provide you.
config_template: turnserver.conf
# activate firewall configuration
configure_for_firewalld: false
configure_for_ufw: false
# activate logrotate
configure_logrotate: false
# prometheus metrics
metrics: false
# suppress STUN functionality (TURN only)
no_stun: false
# no UDP client listener
no_udp: false
# no DTLS client listener
no_dtls: false
# no UDP relay endpoints are allowed
no_udp_relay: false
# set allowed relay ips here
allowed_peer_ips: []
# The same as the value above, but with dns names
# instead of ips; uses the dig-module to get the ips.
allowed_peer_hosts: []
# values to decrease gain factor in stun amplification
no_rfc5780: true
no_stun_backward_compatibility: true
response_origin_only_with_rfc5780: true