From da0e8fbcab8ebbde6b50ddd0dbb40c0e4e438c84 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 30 Dec 2016 15:52:46 +0000
Subject: [PATCH] Separate turn server
---
src/freedombone-app-gnusocial | 2 +-
src/freedombone-app-matrix | 82 +++++++------------------
src/freedombone-utils-turn | 111 ++++++++++++++++++++++++++++++++++
3 files changed, 134 insertions(+), 61 deletions(-)
create mode 100755 src/freedombone-utils-turn
diff --git a/src/freedombone-app-gnusocial b/src/freedombone-app-gnusocial
index 3d12df6a0..38d30958d 100755
--- a/src/freedombone-app-gnusocial
+++ b/src/freedombone-app-gnusocial
@@ -40,7 +40,7 @@ GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
GNUSOCIAL_COMMIT='7d67eefdf501f492e29f59971ac288e0414dc5b0'
GNUSOCIAL_ADMIN_PASSWORD=
GNUSOCIAL_THEME_REPO="https://git.gnu.io/h2p/Qvitter.git"
-GNUSOCIAL_THEME_COMMIT='474376938b0e55c2e3d0c06d308a44a48d98ba88'
+GNUSOCIAL_THEME_COMMIT='a7f82628402db3a7579bb9b2877da3c5737da77b'
GNUSOCIAL_WELCOME_MESSAGE=$'<h1>Welcome to GNU Social – a federated social metwork</h1><p>Another Freedombone site</p>'
GNUSOCIAL_BACKGROUND_IMAGE_URL=
GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"
diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index cd7027702..ac5656a9b 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -36,7 +36,6 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
MATRIX_DATA_DIR='/var/lib/matrix'
-MATRIX_TURN_PORT=3478
MATRIX_PORT=8448
MATRIX_REPO="https://github.com/matrix-org/synapse"
MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171'
@@ -46,18 +45,6 @@ matrix_variables=(ONION_ONLY
MATRIX_PASSWORD
DEFAULT_DOMAIN_NAME)
-function matrix_generate_turn_key {
- local turnkey="${1}"
- local filepath="${2}"
-
- echo "lt-cred-mech" > "${filepath}"
- echo "use-auth-secret" >> "${filepath}"
- echo "static-auth-secret=${turnkey}" >> "${filepath}"
- echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
- echo "cert=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
- echo "pkey=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
-}
-
function matrix_generate_synapse_file {
local filepath="${1}"
@@ -75,7 +62,7 @@ function matrix_configure_homeserver_yaml {
local ymltemp="$(mktemp)"
- awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=tcp\"]" \
+ awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=tcp\"]" \
-v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
-v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \
-v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \
@@ -94,42 +81,15 @@ function matrix_configure_homeserver_yaml {
mv ${ymltemp} "${filepath}"
}
-function matrix_start {
- if [ -f ${MATRIX_DATA_DIR}/turnserver.conf ]; then
- echo "-=> start turn"
- /usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf
- fi
-
- echo "-=> start riot.im client"
- (
- if [ -f ${MATRIX_DATA_DIR}/vector.im.conf ] || [ -f ${MATRIX_DATA_DIR}/riot.im.conf ] ; then
- echo "The riot web client is now handled via silvio/matrix-riot-docker"
- fi
- )
-
- echo "-=> start matrix"
- python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml
-}
-
-function matrix_stop {
- echo "-=> stop matrix"
- echo "-=> via docker stop ..."
-}
-
-
function matrix_diff {
- echo "-=> Diff between local configfile and a fresh generated config file"
- echo "-=> some values are different in technical point of view, like"
- echo "-=> autogenerated secret keys etc..."
-
DIFFPARAMS="${DIFFPARAMS:-Naur}"
DEFAULT_DOMAIN_NAME="${DEFAULT_DOMAIN_NAME:-demo_server_name}"
REPORT_STATS="${REPORT_STATS:-no_or_yes}"
export DEFAULT_DOMAIN_NAME REPORT_STATS
- matrix_generate_synapse_file /tmp/homeserver.synapse.yaml
- diff -${DIFFPARAMS} /tmp/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
- rm /tmp/homeserver.synapse.yaml
+ matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
+ diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
+ rm $INSTALL_DIR/homeserver.synapse.yaml
}
function matrix_generate {
@@ -141,14 +101,7 @@ function matrix_generate {
[[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"
- echo "-=> generate turn config"
- turnkey=$(pwgen -s 64 1)
- matrix_generate_turn_key $turnkey ${MATRIX_DATA_DIR}/turnserver.conf
-
- echo "-=> generate synapse config"
matrix_generate_synapse_file ${MATRIX_DATA_DIR}/homeserver.tmp
-
- echo "-=> configure some settings in homeserver.yaml"
matrix_configure_homeserver_yaml $turnkey ${MATRIX_DATA_DIR}/homeserver.tmp
mv ${MATRIX_DATA_DIR}/homeserver.tmp ${MATRIX_DATA_DIR}/homeserver.yaml
@@ -286,9 +239,12 @@ function restore_remote_synapse {
function remove_matrix {
firewall_remove ${MATRIX_PORT}
- firewall_remove ${MATRIX_TURN_PORT}
systemctl stop matrix
- systemcrl disable matrix
+
+ function_check remove_turn
+ remove_turn
+
+ systemctl disable matrix
if [ -f /etc/systemd/system/matrix.service ]; then
rm /etc/systemd/system/matrix.service
fi
@@ -306,17 +262,19 @@ function remove_matrix {
}
function install_matrix {
+ if [ ! -d $INSTALL_DIR ]; then
+ mkdir -p $INSTALL_DIR
+ fi
+
if [[ ${ONION_ONLY} == 'no' ]]; then
- # obtain a cert for the default domain
- if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+ if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo $'Obtaining certificate for the main domain'
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
fi
fi
- REBUILD=1
export DEBIAN_FRONTEND=noninteractive
- apt-get -yq install coreutils coturn \
+ apt-get -yq install coreutils \
curl file gcc git libevent-2.0-5 \
libevent-dev libffi-dev libffi6 \
libgnutls28-dev libjpeg62-turbo \
@@ -325,7 +283,7 @@ function install_matrix {
libsqlite3-dev libssl-dev \
libssl1.0.0 libtool libxml2 \
libxml2-dev libxslt1-dev libxslt1.1 \
- make pwgen python python-dev \
+ make python python-dev \
python-pip python-psycopg2 \
python-virtualenv sqlite unzip \
zlib1g zlib1g-dev
@@ -357,6 +315,12 @@ function install_matrix {
chown -R matrix:matrix /etc/matrix
chown -R matrix:matrix /var/lib/matrix
+ function_check install_turn
+ install_turn
+
+ function_check matrix_generate
+ matrix_generate
+
echo '[Unit]' > /etc/systemd/system/matrix.service
echo 'Description=Matrix federated messaging' >> /etc/systemd/system/matrix.service
echo '' >> /etc/systemd/system/matrix.service
@@ -364,7 +328,6 @@ function install_matrix {
echo 'Type=simple' >> /etc/systemd/system/matrix.service
echo 'User=matrix' >> /etc/systemd/system/matrix.service
echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
- echo "ExecStart=/usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf" >> /etc/systemd/system/matrix.service
echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
echo 'Restart=always' >> /etc/systemd/system/matrix.service
echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
@@ -378,7 +341,6 @@ function install_matrix {
update_default_domain
firewall_add matrix ${MATRIX_PORT}
- firewall_add matrix-turn ${MATRIX_TURN_PORT}
MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_PORT})
if [ ! ${MATRIX_PASSWORD} ]; then
diff --git a/src/freedombone-utils-turn b/src/freedombone-utils-turn
new file mode 100755
index 000000000..e9228ba9a
--- /dev/null
+++ b/src/freedombone-utils-turn
@@ -0,0 +1,111 @@
+#!/bin/bash
+#
+# .---. . .
+# | | |
+# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
+# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
+# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
+#
+# Freedom in the Cloud
+#
+# TURN server functions
+#
+# License
+# =======
+#
+# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+TURN_PORT=3478
+
+function generate_turn_key {
+ local turnkey="${1}"
+ local filepath="${2}"
+
+ echo "lt-cred-mech" > "${filepath}"
+ echo "use-auth-secret" >> "${filepath}"
+ echo "static-auth-secret=${turnkey}" >> "${filepath}"
+ echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ echo "cert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" >> "${filepath}"
+ else
+ echo "cert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" >> "${filepath}"
+ fi
+ echo "pkey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" >> "${filepath}"
+}
+
+function remove_turn {
+ firewall_remove ${TURN_PORT}
+}
+
+function remove_turn {
+ firewall_remove ${TURN_PORT}
+ systemctl stop turn
+ systemctl disable turn
+ if [ -f /etc/systemd/system/turn.service ]; then
+ rm /etc/systemd/system/turn.service
+ fi
+ apt-get -y remove coturn
+ rm -rf /var/lib/turn
+}
+
+function install_turn {
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get -yq install coreutils coturn \
+ curl file gcc git libevent-2.0-5 \
+ libevent-dev libffi-dev libffi6 \
+ libgnutls28-dev libjpeg62-turbo \
+ libjpeg62-turbo-dev libldap-2.4-2 \
+ libldap2-dev libsasl2-dev \
+ libsqlite3-dev libssl-dev \
+ libssl1.0.0 libtool libxml2 \
+ libxml2-dev libxslt1-dev libxslt1.1 \
+ make python python-dev \
+ python-pip python-psycopg2 \
+ python-virtualenv sqlite unzip \
+ zlib1g zlib1g-dev
+
+ pip install --upgrade pip
+ pip install --upgrade python-ldap
+ pip install --upgrade lxml
+
+ if [ ! -d /var/lib/turn ]; then
+ mkdir /var/lib/turn
+ fi
+
+ turnkey="$(create_password 30)"
+ generate_turn_key $turnkey /var/lib/turn/turnserver.conf
+
+ chown -R matrix:matrix /var/lib/turn
+
+ echo '' >> /etc/systemd/system/turn.service
+ echo '[Service]' >> /etc/systemd/system/turn.service
+ echo 'Type=simple' >> /etc/systemd/system/turn.service
+ echo 'User=matrix' >> /etc/systemd/system/turn.service
+ echo "WorkingDirectory=/var/lib/turn" >> /etc/systemd/system/turn.service
+ echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf" >> /etc/systemd/system/turn.service
+ echo 'Restart=always' >> /etc/systemd/system/turn.service
+ echo 'RestartSec=10' >> /etc/systemd/system/turn.service
+ echo '' >> /etc/systemd/system/turn.service
+ echo '[Install]' >> /etc/systemd/system/turn.service
+ echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turn.service
+ systemctl enable turn
+ systemctl daemon-reload
+ systemctl start turn
+
+ firewall_add turn ${TURN_PORT}
+}
+
+# NOTE: deliberately no exit 0
--
GitLab