Skip to content

Commit

Permalink
Merge pull request #65 from systemli/enh/debian12
Browse files Browse the repository at this point in the history
Add support for debian12, remove debian10
  • Loading branch information
doobry-systemli authored Aug 5, 2023
2 parents f407945 + 903ba4e commit 02a22d2
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ jobs:
name: Integration
uses: systemli/github-ansible-workflow/.github/workflows/[email protected]
with:
distros: '[ "debian11", "debian10" ]'
distros: '[ "debian12", "debian11" ]'
2 changes: 1 addition & 1 deletion meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ galaxy_info:
platforms:
- name: Debian
versions:
- bookworm
- bullseye
- buster
galaxy_tags:
- networking
- nextcloud
Expand Down
51 changes: 47 additions & 4 deletions templates/turnserver.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ fingerprint
#
# You can simply run the turnserver and access the port 9641 and path /metrics
#
# For mor info on the prometheus exporter and metrics
# For more info on the prometheus exporter and metrics
# https://prometheus.io/docs/introduction/overview/
# https://prometheus.io/docs/concepts/data_model/
#
Expand Down Expand Up @@ -518,7 +518,7 @@ stale-nonce
#dh1066

# Use custom DH TLS key, stored in PEM format in the file.
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
# Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.
#
{% if not coturn_tls %}#{% endif %}dh-file=/etc/coturn-dh-{{ coturn_dhparam_length }}.pem

Expand Down Expand Up @@ -546,6 +546,11 @@ no-stdout-log
#
syslog

# Set syslog facility for syslog messages
# Default values is ''.
#
#syslog-facility="LOG_LOCAL1"

# This flag means that no log file rollover will be used, and the log file
# name will be constructed as-is, without PID and date appendage.
# This option can be used, for example, together with the logrotate tool.
Expand All @@ -555,7 +560,7 @@ syslog
# Enable full ISO-8601 timestamp in all logs.
#new-log-timestamp

# Set timestamp format (in strftime(1) format)
# Set timestamp format (in strftime(1) format). Depends on new-log-timestamp to be enabled.
#new-log-timestamp-format "%FT%T%z"

# Disabled by default binding logging in verbose log mode to avoid DoS attacks.
Expand Down Expand Up @@ -682,14 +687,24 @@ allowed-peer-ip={{ ip }}
#
#mobility

# Allocate Address Family according
# Allocate Address Family according (DEPRECATED and will be removed in favour of allocation-default-address-family)
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
#
#keep-address-family

# TURN server allocates address family according TURN client requested address family.
# If address family not requested explicitly by the client, then it falls back to this default.
# The standard RFC explicitly define that this default must be IPv4,
# so use other option values with care!
# Possible values: "ipv4" or "ipv6" or "keep"
# "keep" sets the allocation default address family according to
# the TURN client allocation request connection address family.
#allocation-default-address-family="ipv4"
#allocation-default-address-family="ipv4"


# User name to run the process. After the initialization, the turnserver process
# will attempt to change the current user ID to that user.
Expand Down Expand Up @@ -773,3 +788,31 @@ no-cli
no-tlsv1
no-tlsv1_1
#no-tlsv1_2

# Disable RFC5780 (NAT behavior discovery).
#
# Originally, if there are more than one listener address from the same
# address family, then by default the NAT behavior discovery feature enabled.
# This option disables the original behavior, because the NAT behavior
# discovery adds extra attributes to response, and this increase the
# possibility of an amplification attack.
#
# Strongly encouraged to use this option to decrease gain factor in STUN
# binding responses.
#
no-rfc5780

# Disable handling old STUN Binding requests and disable MAPPED-ADDRESS
# attribute in binding response (use only the XOR-MAPPED-ADDRESS).
#
# Strongly encouraged to use this option to decrease gain factor in STUN
# binding responses.
#
no-stun-backward-compatibility

# Only send RESPONSE-ORIGIN attribute in binding response if RFC5780 is enabled.
#
# Strongly encouraged to use this option to decrease gain factor in STUN
# binding responses.
#
response-origin-only-with-rfc5780

0 comments on commit 02a22d2

Please sign in to comment.