diff --git a/group_vars/all/10_ports.yml b/group_vars/all/10_ports.yml index 6432c588..d34c63ba 100644 --- a/group_vars/all/10_ports.yml +++ b/group_vars/all/10_ports.yml @@ -88,12 +88,12 @@ ports: web-app-gitlab: 2202 ldaps: svc-db-openldap: 636 - stun: + stun_turn: web-app-bigbluebutton: 3478 # Not sure if it's right placed here or if it should be moved to localhost section # Occupied by BBB: 3479 web-app-nextcloud: 3480 web-svc-coturn: 3481 - turn: + stun_turn_tls: web-app-bigbluebutton: 5349 # Not sure if it's right placed here or if it should be moved to localhost section web-app-nextcloud: 5350 # Not used yet web-svc-coturn: 5351 diff --git a/roles/web-svc-coturn/templates/docker-compose.yml.j2 b/roles/web-svc-coturn/templates/docker-compose.yml.j2 index ccdacbc5..121733d7 100644 --- a/roles/web-svc-coturn/templates/docker-compose.yml.j2 +++ b/roles/web-svc-coturn/templates/docker-compose.yml.j2 @@ -7,10 +7,10 @@ network_mode: {{ COTURN_NETWORK_MODE }} {% if COTURN_NETWORK_MODE == 'bridge' %} ports: - - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/udp" - - "{{ COTURN_TURN_PORT }}:{{ COTURN_TURN_PORT }}/tcp" - - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/tcp" - - "{{ COTURN_STUN_PORT }}:{{ COTURN_STUN_PORT }}/udp" + - "{{ COTURN_STUN_TURN_PORT }}:{{ COTURN_STUN_TURN_PORT }}/udp" + - "{{ COTURN_STUN_TURN_PORT }}:{{ COTURN_STUN_TURN_PORT }}/tcp" + - "{{ COTURN_STUN_TURN_PORT_TLS }}:{{ COTURN_STUN_TURN_PORT_TLS }}/tcp" + - "{{ COTURN_STUN_TURN_PORT_TLS }}:{{ COTURN_STUN_TURN_PORT_TLS }}/udp" - "{{ COTURN_RELAY_PORT_RANGE }}/udp" {% include 'roles/docker-container/templates/networks.yml.j2' %} {% endif %} @@ -34,12 +34,18 @@ --no-multicast-peers --no-cli --no-tcp-relay + --listening-port={{ COTURN_STUN_TURN_PORT }} + --tls-listening-port={{ COTURN_STUN_TURN_PORT_TLS }} --min-port={{ COTURN_RELAY_PORT_START }} --max-port={{ COTURN_RELAY_PORT_END }} --cert={{ COTURN_TLS_CERT_PATH }} --pkey={{ COTURN_TLS_KEY_PATH }} --cipher-list=DEFAULT - --dh2066 - + healthcheck: + test: ["CMD", "sh", "-c", "command -v turnutils_stunclient >/dev/null && turnutils_stunclient -p {{ COTURN_STUN_TURN_PORT }} 127.0.0.1 || nc -z 127.0.0.1 {{ COTURN_STUN_TURN_PORT }}"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 10s {% include 'roles/docker-compose/templates/networks.yml.j2' %} diff --git a/roles/web-svc-coturn/vars/main.yml b/roles/web-svc-coturn/vars/main.yml index 0104ad88..c66bfda4 100644 --- a/roles/web-svc-coturn/vars/main.yml +++ b/roles/web-svc-coturn/vars/main.yml @@ -13,8 +13,8 @@ COTURN_REALM: "{{ domain }}" COTURN_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.network_mode') }}" ## Ports -COTURN_TURN_PORT: "{{ ports.public.turn[application_id] }}" -COTURN_STUN_PORT: "{{ ports.public.stun[application_id] }}" +COTURN_STUN_TURN_PORT: "{{ ports.public.stun_turn[application_id] }}" +COTURN_STUN_TURN_PORT_TLS: "{{ ports.public.stun_turn_tls[application_id] }}" COTURN_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" COTURN_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}" COTURN_RELAY_PORT_RANGE: "{{ COTURN_RELAY_PORT_START }}-{{ COTURN_RELAY_PORT_END }}"