Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################################
- # reTurnServer configuration file
- ########################################################
- # Software name to include in STUN messages
- # Set this to an empty string to reveal no software
- # name information in STUN messages.
- # Default: reTURNServer (RFC5389)
- # The default also includes the software version on
- # those platforms where PACKAGE_VERSION is defined
- # at compile time.
- #SoftwareName =
- # Whether or not to pad the SoftwareName value to
- # a multiple of four bytes for compatibility with
- # legacy clients. Default: true
- #PadSoftwareName = true
- ########################################################
- # Transport settings
- ########################################################
- # Local IP Address to bind base STUN/TURN transports to.
- # Note: This is the IP Address that clients should be configured to
- # send STUN/TURN traffic to.
- # Warning: If you are enabling RFC3489 backwards compatability
- # (see AltStunAddress and AltStunPort settings), then do
- # not leave this set to INADDR_ANY (0.0.0.0), place
- # a valid IP address from a local NIC here.
- TurnAddress = 0.0.0.0
- # Local IPv6 Address to bind base STUN/TURN transports to.
- # Note: This is the IP Address that IPv6 clients should be configured to
- # send STUN/TURN traffic to.
- # Not currently supported with RFC3489 backwards compatability
- TurnV6Address = ::0
- # Local UDP/TCP Port to bind base STUN/TURN transports to.
- # Note: This is the port that clients should be configured to
- # send STUN/TURN traffic over UDP and TCP.
- # reTurn will always bind on this port using both UDP and TCP.
- TurnPort = 3478
- # Local TLS Port to bind base STUN/TURN transports to.
- # Note: This is the port that clients should be configured to
- # send STUN/TURN traffic over TLS.
- # Set this to 0 to disable TLS support.
- # The default port for STUN over TLS is 5349
- # It is often necessary to use port 443 instead so that
- # users can connect through a HTTP proxy that only allows
- # traffic that appears to be going to a HTTPS server.
- TlsTurnPort = 0
- # Local IP Address to bind the transports used in Classic Stun
- # NAT type discovery. Note: This address is only required if
- # you need Classic Stun (RFC3489) support.
- # It must be different from the TurnAddress setting, and a valid
- # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
- # support.
- # Note: The STUN/TURN Client should not be configured with this
- # address anywhere. This address is discovered by clients
- # in Binding responses that are sent to the TurnAddress.
- AltStunAddress = 0.0.0.0
- # Local UDP Port to bind classic STUN (RFC3489) transports to.
- # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
- # if you do not have a need to support the NAT type discovery procedures
- # of RFC3489.
- # Note: STUN/TURN Client should not be configured with this port anywhere.
- # This port is discovered by clients in Binding responses that are
- # sent to the TurnAddress/TurnPort.
- AltStunPort = 0
- ########################################################
- # Logging settings
- ########################################################
- # Logging Type: syslog|cerr|cout|file
- LoggingType = file
- # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
- LoggingLevel = WARNING
- # Log Filename
- LogFilename = /var/log/reTurnServer/reTurnServer.log
- # Log file Max Size
- LogFileMaxLines = 0
- ########################################################
- # UNIX related settings
- ########################################################
- # Must be true or false, default = false, not supported on Windows
- Daemonize = true
- # On UNIX it is normal to create a PID file
- # if unspecified, no attempt will be made to create a PID file
- PidFile = /var/run/reTurnServer/reTurnServer.pid
- # UNIX account information to run process as
- RunAsUser = return
- RunAsGroup = return
- ########################################################
- # Authentication settings
- ########################################################
- # Authentication Realm for Long Term Passwords
- AuthenticationRealm = reTurn
- # File containing user authentication data.
- # The format of each line is:
- #
- # login:password:realm:state
- #
- # Typically, the realm field must match the value of AuthenticationRealm
- # defined above.
- #
- # The state field can be one of:
- #
- # authorized (user authorized)
- # refused (user denied access)
- # restricted (for when bandwidth limiting is implemented)
- #
- # This file format is interchangeable with TurnServer.org's user database
- #
- UserDatabaseFile = /etc/reTurn/users.txt
- # Hashed passwords in the user database file
- # This option specifies whether the passwords are plain text
- # or hashed with the scheme H(A1)
- #
- # When hashed passwords are enabled by this configuration setting,
- # the values in the password column are the MD5 hash
- # represented in hexadecimal
- #
- # To create a hashed password for the following credentials:
- #
- # user: bob
- # realm: example.org
- # password: foobar
- #
- # you can issue a command such as:
- #
- # echo -n bob:example.org:foobar | md5sum
- #
- # WARNING: the hashing scheme prevents recovery of the plain text
- # password. However, H(A1) hash values must still be kept
- # secret as they can be used to impersonate the user.
- # Therefore, the user database file should always be readable
- # only by the reTurn process and no other regular users.
- #
- UserDatabaseHashedPasswords = true
- # How frequently to check the user database file for changes
- # Set to 0 to only load the file once at startup
- # Default = 60 seconds
- UserDatabaseCheckInterval = 60
- ########################################################
- # TURN Allocation settings
- ########################################################
- NonceLifetime = 3600
- # The starting port number to use for TURN allocations.
- # This number MUST be an even number, in order to ensure
- # proper operation for allocation of RTP port pairs.
- # Default: 49152 (start of the Dynamic and/or Private Port range
- # - recommended by RFC)
- AllocationPortRangeMin = 49152
- # The ending port number to use for TURN allocations.
- # This number MUST be an odd number, in order to ensure
- # proper operation for allocation of RTP port pairs.
- # Default: 65535 (end of the Dynamic and/or Private Port range
- # - recommended by RFC)
- AllocationPortRangeMax = 65535
- # Default time (in seconds) that an allocation will expire if an allocation
- # refresh request is not sent. Default is 600 (10 minutes).
- DefaultAllocationLifetime = 600
- # Maximum time (in seconds) allowed that will be accepted in an allocation requests
- # lifetime header (ie. between TURN allocation refreshes). If an allocation is
- # received with a higher lifetime, then the response will be returned with this
- # value instead. Default is 3600 (1 hour).
- MaxAllocationLifetime = 3600
- ########################################################
- # SSL/TLS Certificate settings
- ########################################################
- # TLS Server Certificate Filename (loaded from working directory)
- # The PEM formated file that contains the server certificate.
- # If the CA supplies an intermediate certificate chain, those
- # certificates should also be appened to this file.
- # The private key may optionally be included in this file
- # or in a separate key file specified by TlsServerPrivateKeyFilename
- TlsServerCertificateFilename = server.pem
- # TLS Server Private Key Filename (loaded from working directory)
- # The PEM formated file that contains the private key of the certificate
- # that will be presented to clients connecting over TLS.
- # If not specified, reTurn will also try to find the private key
- # in the file specified by TlsServerCertificateFilename
- TlsServerPrivateKeyFilename = server-key.pem
- # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
- # Can be generated with the command:
- #
- # openssl dhparam -outform PEM -out dh512.pem 512
- #
- TlsTempDhFilename = /etc/reTurn/dh512.pem
- # TLS server private key certificate password required to read
- # from PEM file. Leave blank if key is not encrypted.
- TlsPrivateKeyPassword =
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement