SHARE
TWEET

Untitled

a guest Aug 13th, 2016 161 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Coturn TURN SERVER configuration file
  2. #
  3. # Boolean values note: where boolean value is supposed to be used,
  4. # you can use '0', 'off', 'no', 'false', 'f' as 'false,
  5. # and you can use '1', 'on', 'yes', 'true', 't' as 'true'
  6. # If the value is missed, then it means 'true'.
  7. #
  8.  
  9. # Listener interface device (optional, Linux only).
  10. # NOT RECOMMENDED.
  11. #
  12. listening-device=ens3
  13.  
  14. # TURN listener port for UDP and TCP (Default: 3478).
  15. # Note: actually, TLS & DTLS sessions can connect to the
  16. # "plain" TCP & UDP port(s), too - if allowed by configuration.
  17. #
  18. listening-port=3443
  19.  
  20. # TURN listener port for TLS (Default: 5349).
  21. # Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
  22. # port(s), too - if allowed by configuration. The TURN server
  23. # "automatically" recognizes the type of traffic. Actually, two listening
  24. # endpoints (the "plain" one and the "tls" one) are equivalent in terms of
  25. # functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
  26. # For secure TCP connections, we currently support SSL version 3 and
  27. # TLS version 1.0, 1.1 and 1.2.
  28. # For secure UDP connections, we support DTLS version 1.
  29. #
  30. #tls-listening-port=5349
  31.  
  32. # Alternative listening port for UDP and TCP listeners;
  33. # default (or zero) value means "listening port plus one".
  34. # This is needed for RFC 5780 support
  35. # (STUN extension specs, NAT behavior discovery). The TURN Server
  36. # supports RFC 5780 only if it is started with more than one
  37. # listening IP address of the same family (IPv4 or IPv6).
  38. # RFC 5780 is supported only by UDP protocol, other protocols
  39. # are listening to that endpoint only for "symmetry".
  40. #
  41. alt-listening-port=3478
  42.                              
  43. # Alternative listening port for TLS and DTLS protocols.
  44. # Default (or zero) value means "TLS listening port plus one".
  45. #
  46. #alt-tls-listening-port=0
  47.    
  48. # Listener IP address of relay server. Multiple listeners can be specified.
  49. # If no IP(s) specified in the config file or in the command line options,
  50. # then all IPv4 and IPv6 system IPs will be used for listening.
  51. #
  52. listening-ip=137.74.175.38
  53. #listening-ip=10.207.21.238
  54. #listening-ip=2607:f0d0:1002:51::4
  55.  
  56. # Auxiliary STUN/TURN server listening endpoint.
  57. # Aux servers have almost full TURN and STUN functionality.
  58. # The (minor) limitations are:
  59. #
  60. # 1) Auxiliary servers do not have alternative ports and
  61. # they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
  62. #
  63. # 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
  64. #
  65. # Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
  66. #
  67. # There may be multiple aux-server options, each will be used for listening
  68. # to client requests.
  69. #
  70. #aux-server=172.17.19.110:33478
  71. #aux-server=[2607:f0d0:1002:51::4]:33478
  72.  
  73. # (recommended for older Linuxes only)
  74. # Automatically balance UDP traffic over auxiliary servers (if configured).
  75. # The load balancing is using the ALTERNATE-SERVER mechanism.
  76. # The TURN client must support 300 ALTERNATE-SERVER response for this
  77. # functionality.
  78. #
  79. #udp-self-balance
  80.  
  81. # Relay interface device for relay sockets (optional, Linux only).
  82. # NOT RECOMMENDED.
  83. #
  84. #relay-device=eth1
  85.  
  86. # Relay address (the local IP address that will be used to relay the
  87. # packets to the peer).
  88. # Multiple relay addresses may be used.
  89. # The same IP(s) can be used as both listening IP(s) and relay IP(s).
  90. #
  91. # If no relay IP(s) specified, then the turnserver will apply the default
  92. # policy: it will decide itself which relay addresses to be used, and it
  93. # will always be using the client socket IP address as the relay IP address
  94. # of the TURN session (if the requested relay address family is the same
  95. # as the family of the client socket).
  96. #
  97. relay-ip=137.74.175.38
  98. #relay-ip=2607:f0d0:1002:51::5
  99.  
  100. # For Amazon EC2 users:
  101. #
  102. # TURN Server public/private address mapping, if the server is behind NAT.
  103. # In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
  104. # as relay IP address of all allocations. This scenario works only in a simple case
  105. # when one single relay address is be used, and no RFC5780 functionality is required.
  106. # That single relay address must be mapped by NAT to the 'external' IP.
  107. # The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
  108. # For that 'external' IP, NAT must forward ports directly (relayed port 12345
  109. # must be always mapped to the same 'external' port 12345).
  110. #
  111. # In more complex case when more than one IP address is involved,
  112. # that option must be used several times, each entry must
  113. # have form "-X <public-ip/private-ip>", to map all involved addresses.
  114. # RFC5780 NAT discovery STUN functionality will work correctly,
  115. # if the addresses are mapped properly, even when the TURN server itself
  116. # is behind A NAT.
  117. #
  118. # By default, this value is empty, and no address mapping is used.
  119. #
  120. #external-ip=60.70.80.91
  121. #
  122. #OR:
  123. #
  124. #external-ip=60.70.80.91/172.17.19.101
  125. #external-ip=60.70.80.92/172.17.19.102
  126.  
  127.  
  128. # Number of the relay threads to handle the established connections
  129. # (in addition to authentication thread and the listener thread).
  130. # If explicitly set to 0 then application runs relay process in a
  131. # single thread, in the same thread with the listener process
  132. # (the authentication thread will still be a separate thread).
  133. #
  134. # If this parameter is not set, then the default OS-dependent
  135. # thread pattern algorithm will be employed. Usually the default
  136. # algorithm is the most optimal, so you have to change this option
  137. # only if you want to make some fine tweaks.
  138. #
  139. # In the older systems (Linux kernel before 3.9),
  140. # the number of UDP threads is always one thread per network listening
  141. # endpoint - including the auxiliary endpoints - unless 0 (zero) or
  142. # 1 (one) value is set.
  143. #
  144. #relay-threads=0
  145.  
  146. # Lower and upper bounds of the UDP relay endpoints:
  147. # (default values are 49152 and 65535)
  148. #
  149. #min-port=49152
  150. #max-port=65535
  151.    
  152. # Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
  153. # By default the verbose mode is off.
  154. #verbose
  155.    
  156. # Uncomment to run TURN server in 'extra' verbose mode.
  157. # This mode is very annoying and produces lots of output.
  158. # Not recommended under any normal circumstances.
  159. #  
  160. #Verbose
  161.  
  162. # Uncomment to use fingerprints in the TURN messages.
  163. # By default the fingerprints are off.
  164. #
  165. #fingerprint
  166.  
  167. # Uncomment to use long-term credential mechanism.
  168. # By default no credentials mechanism is used (any user allowed).
  169. #
  170. lt-cred-mech
  171.  
  172. # This option is opposite to lt-cred-mech.
  173. # (TURN Server with no-auth option allows anonymous access).
  174. # If neither option is defined, and no users are defined,
  175. # then no-auth is default. If at least one user is defined,
  176. # in this file or in command line or in usersdb file, then
  177. # lt-cred-mech is default.
  178. #
  179. #no-auth
  180.  
  181. # TURN REST API flag.
  182. # Flag that sets a special authorization option that is based upon authentication secret.
  183. # This feature can be used with the long-term authentication mechanism, only.
  184. # This feature purpose is to support "TURN Server REST API", see
  185. # "TURN REST API" link in the project's page
  186. # https://github.com/coturn/coturn/
  187. #
  188. # This option is used with timestamp:
  189. #
  190. # usercombo -> "timestamp:userid"
  191. # turn user -> usercombo
  192. # turn password -> base64(hmac(secret key, usercombo))
  193. #
  194. # This allows TURN credentials to be accounted for a specific user id.
  195. # If you don't have a suitable id, the timestamp alone can be used.
  196. # This option is just turning on secret-based authentication.
  197. # The actual value of the secret is defined either by option static-auth-secret,
  198. # or can be found in the turn_secret table in the database (see below).
  199. #
  200. use-auth-secret
  201.  
  202. # 'Static' authentication secret value (a string) for TURN REST API only.
  203. # If not set, then the turn server
  204. # will try to use the 'dynamic' value in turn_secret table
  205. # in user database (if present). The database-stored  value can be changed on-the-fly
  206. # by a separate program, so this is why that other mode is 'dynamic'.
  207. #
  208. static-auth-secret=wakatepe
  209.  
  210. # Server name used for
  211. # the oAuth authentication purposes.
  212. # The default value is the realm name.
  213. #
  214. #server-name=blackdow.carleon.gov
  215.  
  216. # Flag that allows oAuth authentication.
  217. #
  218. #oauth
  219.  
  220. # 'Static' user accounts for long term credentials mechanism, only.
  221. # This option cannot be used with TURN REST API.
  222. # 'Static' user accounts are NOT dynamically checked by the turnserver process,
  223. # so that they can NOT be changed while the turnserver is running.
  224. #
  225. #user=username1:key1
  226. #user=username2:key2
  227. # OR:
  228. #user=username1:password1
  229. #user=username2:password2
  230. #
  231. # Keys must be generated by turnadmin utility. The key value depends
  232. # on user name, realm, and password:
  233. #
  234. # Example:
  235. # $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
  236. # Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
  237. # ('0x' in the beginning of the key is what differentiates the key from
  238. # password. If it has 0x then it is a key, otherwise it is a password).
  239. #
  240. # The corresponding user account entry in the config file will be:
  241. #
  242. #user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
  243. # Or, equivalently, with open clear password (less secure):
  244. #user=ninefingers:youhavetoberealistic
  245. #
  246.  
  247. # SQLite database file name.
  248. #
  249. # Default file name is /var/db/turndb or /usr/local/var/db/turndb or
  250. # /var/lib/turn/turndb.
  251. #
  252. #userdb=/var/db/turndb
  253.  
  254. # PostgreSQL database connection string in the case that we are using PostgreSQL
  255. # as the user database.
  256. # This database can be used for long-term credential mechanism
  257. # and it can store the secret value for secret-based timed authentication in TURN RESP API.
  258. # See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
  259. # versions connection string format, see
  260. # http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
  261. # for 9.x and newer connection string formats.
  262. #
  263. #psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
  264.  
  265. # MySQL database connection string in the case that we are using MySQL
  266. # as the user database.
  267. # This database can be used for long-term credential mechanism
  268. # and it can store the secret value for secret-based timed authentication in TURN RESP API.
  269. #
  270. # Optional connection string parameters for the secure communications (SSL):
  271. # ca, capath, cert, key, cipher
  272. # (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
  273. # command options description).
  274. #
  275. # Use string format as below (space separated parameters, all optional):
  276. #
  277. #mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"
  278.  
  279. # MongoDB database connection string in the case that we are using MongoDB
  280. # as the user database.
  281. # This database can be used for long-term credential mechanism
  282. # and it can store the secret value for secret-based timed authentication in TURN RESP API.
  283. # Use string format is described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
  284. #
  285. #mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
  286.  
  287. # Redis database connection string in the case that we are using Redis
  288. # as the user database.
  289. # This database can be used for long-term credential mechanism
  290. # and it can store the secret value for secret-based timed authentication in TURN RESP API.
  291. # Use string format as below (space separated parameters, all optional):
  292. #
  293. #redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
  294.  
  295. # Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
  296. # This database keeps allocations status information, and it can be also used for publishing
  297. # and delivering traffic and allocation event notifications.
  298. # The connection string has the same parameters as redis-userdb connection string.
  299. # Use string format as below (space separated parameters, all optional):
  300. #
  301. #redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
  302.  
  303. # The default realm to be used for the users when no explicit
  304. # origin/realm relationship was found in the database, or if the TURN
  305. # server is not using any database (just the commands-line settings
  306. # and the userdb file). Must be used with long-term credentials
  307. # mechanism or with TURN REST API.
  308. #
  309. realm=fairusevideos.org
  310.  
  311. # The flag that sets the origin consistency
  312. # check: across the session, all requests must have the same
  313. # main ORIGIN attribute value (if the ORIGIN was
  314. # initially used by the session).
  315. #
  316. #check-origin-consistency
  317.  
  318. # Per-user allocation quota.
  319. # default value is 0 (no quota, unlimited number of sessions per user).
  320. # This option can also be set through the database, for a particular realm.
  321. #
  322. #user-quota=0
  323.  
  324. # Total allocation quota.
  325. # default value is 0 (no quota).
  326. # This option can also be set through the database, for a particular realm.
  327. #
  328. total-quota=100
  329.  
  330. # Max bytes-per-second bandwidth a TURN session is allowed to handle
  331. # (input and output network streams are treated separately). Anything above
  332. # that limit will be dropped or temporary suppressed (within
  333. # the available buffer limits).
  334. # This option can also be set through the database, for a particular realm.
  335. #
  336. #max-bps=0
  337.  
  338. #
  339. # Maximum server capacity.
  340. # Total bytes-per-second bandwidth the TURN server is allowed to allocate
  341. # for the sessions, combined (input and output network streams are treated separately).
  342. #
  343. bps-capacity=0
  344.  
  345. # Uncomment if no UDP client listener is desired.
  346. # By default UDP client listener is always started.
  347. #
  348. #no-udp
  349.  
  350. # Uncomment if no TCP client listener is desired.
  351. # By default TCP client listener is always started.
  352. #
  353. #no-tcp
  354.  
  355. # Uncomment if no TLS client listener is desired.
  356. # By default TLS client listener is always started.
  357. #
  358. #no-tls
  359.  
  360. # Uncomment if no DTLS client listener is desired.
  361. # By default DTLS client listener is always started.
  362. #
  363. #no-dtls
  364.  
  365. # Uncomment if no UDP relay endpoints are allowed.
  366. # By default UDP relay endpoints are enabled (like in RFC 5766).
  367. #
  368. #no-udp-relay
  369.  
  370. # Uncomment if no TCP relay endpoints are allowed.
  371. # By default TCP relay endpoints are enabled (like in RFC 6062).
  372. #
  373. #no-tcp-relay
  374.  
  375. # Uncomment if extra security is desired,
  376. # with nonce value having limited lifetime (600 secs).
  377. # By default, the nonce value is unique for a session,
  378. # but it has unlimited lifetime. With this option,
  379. # the nonce lifetime is limited to 600 seconds, after that
  380. # the client will get 438 error and will have to re-authenticate itself.
  381. #
  382. stale-nonce
  383.  
  384. # Certificate file.
  385. # Use an absolute path or path relative to the
  386. # configuration file.
  387. #
  388. #cert=/usr/local/etc/turn_server_cert.pem
  389.  
  390. # Private key file.
  391. # Use an absolute path or path relative to the
  392. # configuration file.
  393. # Use PEM file format.
  394. #
  395. #pkey=/usr/local/etc/turn_server_pkey.pem
  396.  
  397. # Private key file password, if it is in encoded format.
  398. # This option has no default value.
  399. #
  400. #pkey-pwd=...
  401.  
  402. # Allowed OpenSSL cipher list for TLS/DTLS connections.
  403. # Default value is "DEFAULT".
  404. #
  405. cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
  406.  
  407. # CA file in OpenSSL format.
  408. # Forces TURN server to verify the client SSL certificates.
  409. # By default it is not set: there is no default value and the client
  410. # certificate is not checked.
  411. #
  412. # Example:
  413. #CA-file=/etc/ssh/id_rsa.cert
  414.  
  415. # Curve name for EC ciphers, if supported by OpenSSL
  416. # library (TLS and DTLS). The default value is prime256v1,
  417. # if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
  418. # an optimal curve will be automatically calculated, if not defined
  419. # by this option.
  420. #
  421. #ec-curve-name=prime256v1
  422.  
  423. # Use 566 bits predefined DH TLS key. Default size of the key is 1066.
  424. #
  425. #dh566
  426.  
  427. # Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
  428. #
  429. #dh2066
  430.  
  431. # Use custom DH TLS key, stored in PEM format in the file.
  432. # Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
  433. #
  434. #dh-file=<DH-PEM-file-name>
  435.  
  436. # Flag to prevent stdout log messages.
  437. # By default, all log messages are going to both stdout and to
  438. # the configured log file. With this option everything will be
  439. # going to the configured log only (unless the log file itself is stdout).
  440. #
  441. #no-stdout-log
  442.  
  443. # Option to set the log file name.
  444. # By default, the turnserver tries to open a log file in
  445. # /var/log, /var/tmp, /tmp and current directories directories
  446. # (which open operation succeeds first that file will be used).
  447. # With this option you can set the definite log file name.
  448. # The special names are "stdout" and "-" - they will force everything
  449. # to the stdout. Also, the "syslog" name will force everything to
  450. # the system log (syslog).
  451. # In the runtime, the logfile can be reset with the SIGHUP signal
  452. # to the turnserver process.
  453. #
  454. #log-file=/var/tmp/turn.log
  455.  
  456. # Option to redirect all log output into system log (syslog).
  457. #
  458. #syslog
  459.  
  460. # This flag means that no log file rollover will be used, and the log file
  461. # name will be constructed as-is, without PID and date appendage.
  462. # This option can be used, for example, together with the logrotate tool.
  463. #
  464. #simple-log
  465.  
  466. # Option to set the "redirection" mode. The value of this option
  467. # will be the address of the alternate server for UDP & TCP service in form of
  468. # <ip>[:<port>]. The server will send this value in the attribute
  469. # ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
  470. # Client will receive only values with the same address family
  471. # as the client network endpoint address family.
  472. # See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
  473. # The client must use the obtained value for subsequent TURN communications.
  474. # If more than one --alternate-server options are provided, then the functionality
  475. # can be more accurately described as "load-balancing" than a mere "redirection".
  476. # If the port number is omitted, then the default port
  477. # number 3478 for the UDP/TCP protocols will be used.
  478. # Colon (:) characters in IPv6 addresses may conflict with the syntax of
  479. # the option. To alleviate this conflict, literal IPv6 addresses are enclosed
  480. # in square brackets in such resource identifiers, for example:
  481. # [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
  482. # Multiple alternate servers can be set. They will be used in the
  483. # round-robin manner. All servers in the pool are considered of equal weight and
  484. # the load will be distributed equally. For example, if we have 4 alternate servers,
  485. # then each server will receive 25% of ALLOCATE requests. A alternate TURN server
  486. # address can be used more than one time with the alternate-server option, so this
  487. # can emulate "weighting" of the servers.
  488. #
  489. # Examples:
  490. #alternate-server=1.2.3.4:5678
  491. #alternate-server=11.22.33.44:56789
  492. #alternate-server=5.6.7.8
  493. #alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
  494.            
  495. # Option to set alternative server for TLS & DTLS services in form of
  496. # <ip>:<port>. If the port number is omitted, then the default port
  497. # number 5349 for the TLS/DTLS protocols will be used. See the previous
  498. # option for the functionality description.
  499. #
  500. # Examples:
  501. #tls-alternate-server=1.2.3.4:5678
  502. #tls-alternate-server=11.22.33.44:56789
  503. #tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
  504.  
  505. # Option to suppress TURN functionality, only STUN requests will be processed.
  506. # Run as STUN server only, all TURN requests will be ignored.
  507. # By default, this option is NOT set.
  508. #
  509. #stun-only
  510.  
  511. # Option to suppress STUN functionality, only TURN requests will be processed.
  512. # Run as TURN server only, all STUN requests will be ignored.
  513. # By default, this option is NOT set.
  514. #
  515. #no-stun
  516.  
  517. # This is the timestamp/username separator symbol (character) in TURN REST API.
  518. # The default value is ':'.
  519. # rest-api-separator=: 
  520.  
  521. # Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
  522. # This is an extra security measure.
  523. #
  524. no-loopback-peers
  525.  
  526. # Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
  527. # This is an extra security measure.
  528. #
  529. no-multicast-peers
  530.  
  531. # Option to set the max time, in seconds, allowed for full allocation establishment.
  532. # Default is 60 seconds.
  533. #
  534. #max-allocate-timeout=60
  535.  
  536. # Option to allow or ban specific ip addresses or ranges of ip addresses.
  537. # If an ip address is specified as both allowed and denied, then the ip address is
  538. # considered to be allowed. This is useful when you wish to ban a range of ip
  539. # addresses, except for a few specific ips within that range.
  540. #
  541. # This can be used when you do not want users of the turn server to be able to access
  542. # machines reachable by the turn server, but would otherwise be unreachable from the
  543. # internet (e.g. when the turn server is sitting behind a NAT)
  544. #
  545. # Examples:
  546. # denied-peer-ip=83.166.64.0-83.166.95.255
  547. # allowed-peer-ip=83.166.68.45
  548.  
  549. # File name to store the pid of the process.
  550. # Default is /var/run/turnserver.pid (if superuser account is used) or
  551. # /var/tmp/turnserver.pid .
  552. #
  553. #pidfile="/var/run/turnserver.pid"
  554.  
  555. # Require authentication of the STUN Binding request.
  556. # By default, the clients are allowed anonymous access to the STUN Binding functionality.
  557. #
  558. #secure-stun
  559.  
  560. # Mobility with ICE (MICE) specs support.
  561. #
  562. #mobility
  563.  
  564. # User name to run the process. After the initialization, the turnserver process
  565. # will make an attempt to change the current user ID to that user.
  566. #
  567. #proc-user=<user-name>
  568.  
  569. # Group name to run the process. After the initialization, the turnserver process
  570. # will make an attempt to change the current group ID to that group.
  571. #
  572. #proc-group=<group-name>
  573.  
  574. # Turn OFF the CLI support.
  575. # By default it is always ON.
  576. # See also options cli-ip and cli-port.
  577. #
  578. #no-cli
  579.  
  580. #Local system IP address to be used for CLI server endpoint. Default value
  581. # is 127.0.0.1.
  582. #
  583. #cli-ip=127.0.0.1
  584.  
  585. # CLI server port. Default is 5766.
  586. #
  587. #cli-port=5766
  588.  
  589. # CLI access password. Default is empty (no password).
  590. # For the security reasons, it is recommended to use the encrypted
  591. # for of the password (see the -P command in the turnadmin utility).
  592. #
  593. # Secure form for password 'qwerty':
  594. #
  595. #cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
  596. #
  597. # Or unsecure form for the same paassword:
  598. #
  599. #cli-password=qwerty
  600.  
  601. # Server relay. NON-STANDARD AND DANGEROUS OPTION.
  602. # Only for those applications when we want to run
  603. # server applications on the relay endpoints.
  604. # This option eliminates the IP permissions check on
  605. # the packets incoming to the relay endpoints.
  606. #
  607. #server-relay
  608.  
  609. # Maximum number of output sessions in ps CLI command.
  610. # This value can be changed on-the-fly in CLI. The default value is 256.
  611. #
  612. #cli-max-output-sessions
  613.  
  614. # Set network engine type for the process (for internal purposes).
  615. #
  616. #ne=[1|2|3]
  617.  
  618. # Do not allow an TLS/DTLS version of protocol
  619. #
  620. #no-tlsv1
  621. #no-tlsv1_1
  622. #no-tlsv1_2
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top