diff --git a/.dockerignore b/.dockerignore index f592d2c..e2148b7 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,5 +3,8 @@ !files/dev-perms.pub.pem !files/dev-reticulum-jwk.json !files/dev-reticulum.conf +!files/coturn/entrypoint.sh +!files/coturn/certs/cert.pem +!files/coturn/certs/key.pem !services/reticulum/priv/dev-ssl.cert !services/reticulum/priv/dev-ssl.key diff --git a/README.md b/README.md index 1056de3..2f6273d 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ means visiting these links in your web browser and following the prompts: * [Hubs Admin](https://hubs.local:8989) * [Hubs Client](https://hubs.local:8080) * [Reticulum](https://hubs.local:4000) +* [Coturn](https://hubs.local:5349) ### Admin panel access diff --git a/docker-compose.yml b/docker-compose.yml index c9aab61..1a08aab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,26 @@ version: "3.9" services: + coturn: + environment: + REALM: ret + PSQL: host=db dbname=ret_dev user=postgres password=postgres options='-c search_path=coturn' connect_timeout=30 + TLS_PORT: 5349 + MIN_PORT: 50000 + MAX_PORT: 50050 + build: + context: . + dockerfile: dockerfiles/coturn.Dockerfile + volumes: + - coturn:/var/lib/coturn + ports: + - "5349:5349" + # This should be the same as MIN_PORT MAX_PORT. + # You might neeed to increase this number depending on how many clients you are connecting. + # (Keep the ports range small to improve container startup time) + - "50000-50050:50000-50050" + - "50000-50050:50000-50050/udp" + networks: + hubs_network: db: environment: POSTGRES_PASSWORD: postgres @@ -9,6 +30,10 @@ services: user: postgres volumes: - pgdata:/var/lib/postgresql/data + ports: + - "5432:5432" + networks: + hubs_network: dialog: build: context: . @@ -18,11 +43,22 @@ services: HTTPS_CERT_FULLCHAIN: /etc/ssl/fullchain.pem HTTPS_CERT_PRIVKEY: /etc/ssl/privkey.pem INTERACTIVE: "false" + MEDIASOUP_MIN_PORT: 40000 + MEDIASOUP_MAX_PORT: 40050 + MEDIASOUP_ANNOUNCED_IP: 10.20.30.12 ports: - "4443:4443" + # This should be the same as MEDIASOUP_MIN_PORT and MEDIASOUP_MAX_PORT + # You might neeed to increase this number depending on how many clients you are connecting. + # (Keep the ports range small to improve container startup time) + - "40000-40050:40000-40050" + - "40000-40050:40000-40050/udp" volumes: - dialog:/code working_dir: /code + networks: + hubs_network: + ipv4_address: 10.20.30.12 hubs-admin: build: context: . @@ -38,6 +74,8 @@ services: volumes: - hubs:/code working_dir: /code/admin + networks: + hubs_network: hubs-client: build: context: . @@ -54,6 +92,8 @@ services: volumes: - hubs:/code working_dir: /code + networks: + hubs_network: hubs-storybook: build: context: . @@ -67,10 +107,14 @@ services: volumes: - hubs:/code working_dir: /code + networks: + hubs_network: postgrest: build: context: . dockerfile: dockerfiles/postgrest.Dockerfile + networks: + hubs_network: reticulum: build: context: ./services/reticulum @@ -92,6 +136,8 @@ services: volumes: - reticulum:/code - retstorage:/code/storage/dev + networks: + hubs_network: spoke: build: context: . @@ -104,10 +150,16 @@ services: - "9090:9090" volumes: - spoke:/code + networks: + hubs_network: networks: - default: + hubs_network: name: mozilla-hubs + ipam: + config: + - subnet: 10.20.30.0/24 volumes: + coturn: dialog: hubs: pgdata: diff --git a/dockerfiles/coturn.Dockerfile b/dockerfiles/coturn.Dockerfile new file mode 100644 index 0000000..89430aa --- /dev/null +++ b/dockerfiles/coturn.Dockerfile @@ -0,0 +1,8 @@ +FROM coturn/coturn:alpine AS dev +USER root:root +RUN apk add curl netcat-openbsd +COPY files/coturn/certs/key.pem /certs/key.pem +COPY files/coturn/certs/cert.pem /certs/cert.pem +COPY files/coturn/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/bin/sh", "entrypoint.sh"] diff --git a/files/coturn/certs/cert.pem b/files/coturn/certs/cert.pem new file mode 100644 index 0000000..f2eb262 --- /dev/null +++ b/files/coturn/certs/cert.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCApACCQD9yAV5B4xV9jANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApo +dWJzLmxvY2FsMCAXDTIyMTExMDE0MjQ0OFoYDzIxMjIxMDE3MTQyNDQ4WjAVMRMw +EQYDVQQDDApodWJzLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEA6uga2VrfqURqckX+dGwJzxXrzrOVxnAJw1sszl/IFgedhbYvrdcEbKjjl335 +7i5pK6JRIslU0VscYLmCjr4ru9KOlJQFfpeix3ZjNR3djuh/bO62hZPS9LHqDDcv +AsrKV+pTmttfs4C7XSr4hVK5e/nbuOPVOCU+HsvxubV5OxlVQjRiU/XrzJluAyaA +e5xGG5eeUdUMgVX38qOynxzRGFTTJswMzOLxoIkVB1iTfoY/tCKI4t3z+45SICzg +gEUtv1mYn2s31tG+4jqRrZZB09NSaf+vvRlvv17hyhzIWUQnNtxU5A1CWy4Hsl+K +00kPYEQFIOKF9rrZbo/58cipLYl0h03OlsVgmDbFQz3zDQJK5VxdxUsSH8Hg8Y2C +L0yfehnCO+B4P3KkJ8UME4YyzFWpUeAGFELvJowG5HGAC2DVyaVoVrC6MbX+ZwZH +IT6BBLCyaygd3E1MS3nrNygsV6SUMGX5AiNxlpgBYg+uthykvlqDlBvN6rhK6rEI +3+Lx2Fcu5SzHCni1Y7m316T20xHYXpnZF3/OmIPHpFL2dS+hy7hds6SNye5I0TQE +zSCPD7kQpqh50V7feZ0T4iF5Xb2K7AnPRGbYTxqs/0RPRyR7ffEgNCGuenU333at +gsvvxzYbiw3PUK31uhZ6PRXmC7AVje6CffBXBmjlrI4iRMcCAwEAATANBgkqhkiG +9w0BAQsFAAOCAgEAn4WKLyZw1n1MP1XKEfVIuFD2j3nxCXIfFqSBoufmUiYJ0qbT +nGqWp5WqyQRcoboiz7jJFRu54f3OJjCxQ3EY/5ylyKLEPoRUFQlt1EA0MAJEZs8n +afB37RAsWIqANH/mgRqgSriKx4EVVZqeHhRvlx1CwdtQO5kPW5g1cKuym/Kw0MT/ +Dw7sNBizsBUMaaPfR1QLN6R3WWysSRFLDMtK25LTJTYlm8veQSlmTVp2cAOjWYAF +xEAoOw3cnZcLKi2q1FiCeSf08VfvqyORiBkzohMJlV7xUy8c/sOgFVRLaFh05baX +GJdXs10sqOJr4HLWMUhYzpDdm5ZPmyb27TA3m5Z45E2Kq9S40BhWSYZgRIumJV5W +NVsGmnwqvyDD7pWfPLA7jXKQ8u+yrGBcyZchRoS+ltXgnDpP7HR980Rm6E8Jg3dT +YNhvKCKgyWr5g78omNXJtez9EwjpnxTqTf5xmjcLxuCI65oHs0xBzgIjQpWSoMc/ +JVt7FpWXNxSirThMSeUSL7lAbYsm71Dsr/Av+jZKlSR0fSOD0Ee1ga9upbjyJYV3 +2YglvaHSIyjtdf0qrvk5ABWZwzqM4fc2snAZKaP0wnuR13dujzWlRAIUdDETXldC +FFxYNVWYKzfxkGCb1GXUerAYidBlCRwxHlfp9+SYIARSNSa0/x0jJq6+fUQ= +-----END CERTIFICATE----- diff --git a/files/coturn/certs/key.pem b/files/coturn/certs/key.pem new file mode 100644 index 0000000..ae99b21 --- /dev/null +++ b/files/coturn/certs/key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDq6BrZWt+pRGpy +Rf50bAnPFevOs5XGcAnDWyzOX8gWB52Fti+t1wRsqOOXffnuLmkrolEiyVTRWxxg +uYKOviu70o6UlAV+l6LHdmM1Hd2O6H9s7raFk9L0seoMNy8CyspX6lOa21+zgLtd +KviFUrl7+du449U4JT4ey/G5tXk7GVVCNGJT9evMmW4DJoB7nEYbl55R1QyBVffy +o7KfHNEYVNMmzAzM4vGgiRUHWJN+hj+0Ioji3fP7jlIgLOCARS2/WZifazfW0b7i +OpGtlkHT01Jp/6+9GW+/XuHKHMhZRCc23FTkDUJbLgeyX4rTSQ9gRAUg4oX2utlu +j/nxyKktiXSHTc6WxWCYNsVDPfMNAkrlXF3FSxIfweDxjYIvTJ96GcI74Hg/cqQn +xQwThjLMValR4AYUQu8mjAbkcYALYNXJpWhWsLoxtf5nBkchPoEEsLJrKB3cTUxL +ees3KCxXpJQwZfkCI3GWmAFiD662HKS+WoOUG83quErqsQjf4vHYVy7lLMcKeLVj +ubfXpPbTEdhemdkXf86Yg8ekUvZ1L6HLuF2zpI3J7kjRNATNII8PuRCmqHnRXt95 +nRPiIXldvYrsCc9EZthPGqz/RE9HJHt98SA0Ia56dTffdq2Cy+/HNhuLDc9QrfW6 +Fno9FeYLsBWN7oJ98FcGaOWsjiJExwIDAQABAoICAQCvfEuqep/BtPGMgsuPr7I4 +ORkbJr/KKaKxhWhYl+dCxdegrzS5Onr8rcKwRpUyoQtCZJUWVq99YwI1JADroBfN +zYNkbZwZMTCSr9d3M+NzQi8HcuF5srASyuKc05DUFijJOq3Qbvf0gkP2WwajmuQk +QMkrO1DrC693lEX1xSNWyhsORVH7hSjthOVRhy7OqTUaoc7NNUqNSGrdofrrsLxn +396KCj+5xARcOGw0O7CcAbCPYok+ai89itnBXaUtTgDaBRXmalOhsLlYCgcQVcLB +ewoDU9a2fs0jer9UnOHzBd4BtuHYKCudMCrhz0xHgTnyYX4vTepkIrwSQ46mWJBA +nPxmHegVrguEFDa32zswNgA7si6B0Dt/pNySzLB070KeWa5TEE3X4nIkC1+H4gui +SE3sHvDtoPZ9GN7tVUG9vzchVuJ+W45e2Ri24NxVgKPLLirOFkuCvaFUjTe3Uqmg +fXLy7BEglehWOW7Fc6D+y2+BA2WyQ4EtI1xnGzJIubNQ3RwfGakcX2Za3+9XtNKb +OWJ6htt/Eu8EmJj1sEGtH+oNjbP4CWNfcNBALewyyEwdZosER9c/etFstqOwndwV +l/T2eUjuEi1PTezSEPRSEnnXagOBIOKCe9r3TwBTh14706GNdOLx2hVcTPndGaW5 +ZL2jbiwUrEm+Yar5Rmw6UQKCAQEA+8QNTdXmnY/M9INrqLkvHIHCxaluorOJ9egh +ETVkdIJijZAd9LhU1StJSQT2PlzTCJtIyUToqdATPzpVLAkS8mrox8Jy7aJGqJIg +OQ/27rL+e6eoZynsiEEd8yYGjusqcT614rS5qiOGwnOAMgWHSN3KGXtHQkaJXkpW +TaAynCfiE82pEQYc6Q7e1RDCqGtSIE5ZL73+K8+dWnbtOL6lj8pS/bt7ZA2qZGju +TWw6/psX6hkUHSVntu0aqbn7pWDCW1ijINYR9mcks1Zlp8bQV4K+vanVON8hzNyb +oX0a67QLfXhoTefXsMcm1krZzqwzWRtgW8Fyb1BkLYyiG3ps6QKCAQEA7tt3vqFn +or7E+aJx7cbRqTusy763w6matGza6m8ojrE3oWEtkU51pi2WJ/iE70LqX3bvTQOl +qUyDj9U+ZUF+rBUHKXT7nFVRkS6jiwGpYObQs08JttDzOFL2xwFnEiwf1cw0Bw9d +E0z2jcho2iZkH3FINDfOY3l1Kol6tiH6UD9qPg/ovun9dZ4MAsEM5t1LGMHW+aSv +uUSofrsrD9OLqWeDkISFaZY1+CyBQuIrLHarmCU+BTjm6G371PbRNfqF3y8ujNAE +kjFALj+2nf1pqAe6aCt2FkGC7QZbmR8t2lDEmxTrrUrlR1TT21h4eS72rjB36xJ5 +kIBM+RijHkJWLwKCAQEA9Uf/Eirn3++eZUW4WIv6OxKsmHhGolq6eQorVSGoed4h +d/vFQ4tmkrv2TR55bS5wJ31p/zSUXAStC7egDSPWArlnil6GK8AiiM68d/t2vv1B +82TXK5Lrr5+JNz9/ujOgiO3otDMQg5LTEpUGezVppPL3l7XEKeygnm1cAYqmY/5z +QonmQgCrn99t9zS6AO11+KV8PIgknbhKfD1LRjJvCFS8YBkM0OCDdgnIyUM9gpnF +RbwjHXY4wj3j8SGR6oAHOolzfGUy4NWCKvpsVXXburZVcGCKrDqvKnBva3iABszF +OPta2zOZrs+HpdUMuE6KRDDowtwHyi0PPFU8BftTKQKCAQBmISUEN5NOfO9QJes8 +1gQTrlZmD7gXS0/A0cKQ9tKKoK++qwSG2ttnIJrRoGuGuj/obbxIW8TbrMGcIHu7 +Y9O71InpagGjiL+FqkF3UFCSBF88LBFlP9afQKoP0UO2+3LpQZUFZ8ZOWFwbp5Nd +o4iwAQn0eeAfnHFCrOHxOnoDEfplavwDlZ0wS1GrY8wWcoyHm2pF9+rC9t5swa7Z +54QR/Ra+FkvNJ9MPuEfUx0vaiSs5tMLeDMR+oXhKSPaPc/0FvvDSeKdbsv9URx3Y +U+B3XkaP//VP8tb+bfeAc1pxvJM0FC/pOtrqMxUa9qscdb44ILVFp/KenJ1M7QHi +EE81AoIBAQCOhn8io6TwnYtv1Ar/z3nQhQEbOwDADSNuhzLth3zLr9kpQyW+AhW7 +s18KchXKu20Boplc8rDXyf/WnfdyA9xdjPq+QzFWf9ateEdZbyd0pK4mXMyXE0iP +FqO64yk47OUTvfbC8o1+1lInYxIVENPH/Qf9wefhr9SH6LIEUYWz5oxTME7v1oWL +Nie+oLDWrpSNB6pB6I2DXaFLcOw8IY1y5Q2RRMTKgjF13kZPVPA3+B0L8aq6xNtU +xKVJRRUN9HIieu2YtwmF9kGoDpokdM2gUl8qG13vpjp3bwc97Ay3Kvn/w0hkNinP +AkRImjgwts/xPStfNaFtRIX9irK5Z8tL +-----END PRIVATE KEY----- diff --git a/files/coturn/entrypoint.sh b/files/coturn/entrypoint.sh new file mode 100644 index 0000000..a422c85 --- /dev/null +++ b/files/coturn/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +echo "realm=${REALM}" > /etc/turnserver.conf +echo "min-port=${MIN_PORT}" >> /etc/turnserver.conf +echo "max-port=${MAX_PORT}" >> /etc/turnserver.conf +echo "tls-listening-port=${TLS_PORT}" >> /etc/turnserver.conf +echo "psql-userdb=${PSQL}" >> /etc/turnserver.conf +echo "lt-cred-mech=true" >> /etc/turnserver.conf +echo "use-auth-secret=true" >> /etc/turnserver.conf +echo "cert=/certs/cert.pem" >> /etc/turnserver.conf +echo "pkey=/certs/key.pem" >> /etc/turnserver.conf +echo "verbose" >> /etc/turnserver.conf + +echo "####################################################" +cat /etc/turnserver.conf +echo "####################################################" + +turnserver --log-file=stdout