matrix: Merge in upstream turnserver.conf

e9b37edc · Jan Alexander Steffens (heftig) · 109aac0b · e9b37edc
Verified Commit e9b37edc authored 1 month ago by Jan Alexander Steffens (heftig)
--- a/roles/matrix/templates/turnserver.conf.j2
+++ b/roles/matrix/templates/turnserver.conf.j2
@@ -54,9 +54,22 @@ tls-listening-port=2420
 #tcp-proxy-port=5555
 # Listener IP address of relay server. Multiple listeners can be specified.
-# If no IP(s) specified in the config file or in the command line options,
+# If no IP is specified in the config file or in the command line options,
-# then all IPv4 and IPv6 system IPs will be used for listening.
+# then all IPv4 system IPs will be used for listening.
-#
+#listening-ip=
+#
+# If you specify '::' as IP, then all IPv6 system IPs will be used for
+# listening.
+#listening-ip=::
+#
+# If you want to listen on all IPv4 as well as on all IPv6, you can do
+#listening-ip=
+#listening-ip=::
+# or
+#listening-ip=0.0.0.0
+#listening-ip=::
+#
+# to specify just some IPs you prefer:
 #listening-ip=172.17.19.101
 #listening-ip=10.207.21.238
 #listening-ip=2607:f0d0:1002:51::4
@@ -192,12 +205,24 @@ fingerprint
 #
 # You can simply run the turnserver and access the port 9641 and path /metrics
 #
+# This is currently unavailable on apt installations
+#
 # For more info on the prometheus exporter and metrics
 # https://prometheus.io/docs/introduction/overview/
 # https://prometheus.io/docs/concepts/data_model/
 #
 #prometheus
+# Enable labeling prometheus traffic metrics with client usernames.
+# Labeling with client usernames is disabled by default, because this may cause memory
+# leaks when using authentication with ephemeral usernames (e.g. TURN REST API).
+#
+#prometheus-username-labels
+# Prometheus listener port (Default: 9641).
+#
+#prometheus-port=9641
 # TURN REST API flag.
 # (Time Limited Long Term Credential)
 # Flag that sets a special authorization option that is based upon authentication secret.
@@ -465,6 +490,13 @@ cert=/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem
 #
 pkey=/etc/letsencrypt/live/{{ matrix_domain }}/privkey.pem
+# Raw public keys support.
+# On/off switch for RFC-7250 aka raw public keys.
+# Keep in mind, in order for rpks to work,
+# coturn must be built against openSSL version at least 3.2.1
+#
+#raw-public-keys
 # Private key file password, if it is in encoded format.
 # This option has no default value.
 #
@@ -723,6 +755,7 @@ no-cli
 # Enable Web-admin support on https. By default it is Disabled.
 # If it is enabled it also enables a http a simple static banner page
 # with a small reminder that the admin page is available only on https.
+# Not supported if no-tls option used
 #
 #web-admin
@@ -794,3 +827,9 @@ no-stun-backward-compatibility
 # binding responses.
 #
 response-origin-only-with-rfc5780
+# Return an HTTP/S response when an HTTP/S connection is made to a TCP port
+# otherwise only supporting STUN/TURN. This may be useful for debugging and
+# diagnosing connection problems. A "400 Not supported" response is currently
+# returned.
+#respond-http-unsupported