Refactor Coturn port configuration: unify STUN and TURN into stun_turn and stun_turn_tls, update vars, docker-compose template, and add robust healthcheck [https://chatgpt.com/share/68d73a2d-ef34-800f-90d2-1628822ca541]

2025-10-09 18:28:10 +02:00 · 2025-09-27 03:14:53 +02:00
parent 8af39c32ec
commit 85db0a40db
3 changed files with 16 additions and 10 deletions
--- a/group_vars/all/10_ports.yml
+++ b/group_vars/all/10_ports.yml
@@ -88,12 +88,12 @@ ports:
      web-app-gitlab:         2202
    ldaps:
      svc-db-openldap:        636
-    stun:
+    stun_turn:
      web-app-bigbluebutton:  3478  # Not sure if it's right placed here or if it should be moved to localhost section
      # Occupied by BBB:      3479
      web-app-nextcloud:      3480
      web-svc-coturn:         3481
-    turn:
+    stun_turn_tls:
      web-app-bigbluebutton:  5349  # Not sure if it's right placed here or if it should be moved to localhost section
      web-app-nextcloud:      5350  # Not used yet
      web-svc-coturn:         5351
--- a/roles/web-svc-coturn/templates/docker-compose.yml.j2
+++ b/roles/web-svc-coturn/templates/docker-compose.yml.j2
@@ -7,10 +7,10 @@
    network_mode: {{ COTURN_NETWORK_MODE }}
 {% if COTURN_NETWORK_MODE == 'bridge' %}
    ports:
-      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/udp"
-      - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/tcp"
-      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp"
-      - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp"
+      - "{{ COTURN_STUN_TURN_PORT }}:{{ COTURN_STUN_TURN_PORT }}/udp"
+      - "{{ COTURN_STUN_TURN_PORT }}:{{ COTURN_STUN_TURN_PORT }}/tcp"
+      - "{{ COTURN_STUN_TURN_PORT_TLS }}:{{ COTURN_STUN_TURN_PORT_TLS }}/tcp"
+      - "{{ COTURN_STUN_TURN_PORT_TLS }}:{{ COTURN_STUN_TURN_PORT_TLS }}/udp"
      - "{{ COTURN_RELAY_PORT_RANGE }}/udp"
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% endif %}
@@ -34,12 +34,18 @@
      --no-multicast-peers
      --no-cli
      --no-tcp-relay
+      --listening-port={{ COTURN_STUN_TURN_PORT }}
+      --tls-listening-port={{ COTURN_STUN_TURN_PORT_TLS }}
      --min-port={{ COTURN_RELAY_PORT_START }}
      --max-port={{ COTURN_RELAY_PORT_END }}
      --cert={{ COTURN_TLS_CERT_PATH }}
      --pkey={{ COTURN_TLS_KEY_PATH }}
      --cipher-list=DEFAULT
-      --dh2066
-
+    healthcheck:
+      test: ["CMD", "sh", "-c", "command -v turnutils_stunclient >/dev/null && turnutils_stunclient -p {{ COTURN_STUN_TURN_PORT }} 127.0.0.1 || nc -z 127.0.0.1 {{ COTURN_STUN_TURN_PORT }}"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

--- a/roles/web-svc-coturn/vars/main.yml
+++ b/roles/web-svc-coturn/vars/main.yml
@@ -13,8 +13,8 @@ COTURN_REALM:               "{{ domain }}"
 COTURN_NETWORK_MODE:        "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.network_mode') }}"

 ## Ports
-COTURN_TURN_PORT:           "{{ ports.public.turn[application_id] }}"
-COTURN_STUN_PORT:           "{{ ports.public.stun[application_id] }}"
+COTURN_STUN_TURN_PORT:      "{{ ports.public.stun_turn[application_id] }}"
+COTURN_STUN_TURN_PORT_TLS:  "{{ ports.public.stun_turn_tls[application_id] }}"
 COTURN_RELAY_PORT_START:    "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}"
 COTURN_RELAY_PORT_END:      "{{ ports.public.relay_port_ranges[application_id ~ '_end'  ] }}"
 COTURN_RELAY_PORT_RANGE:    "{{ COTURN_RELAY_PORT_START }}-{{ COTURN_RELAY_PORT_END }}"