/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Annotation of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10777 - (hide annotations) (download)
Tue Dec 24 01:26:04 2013 UTC (5 years, 11 months ago) by Dpocock
File size: 7599 byte(s)
reTurn: add new config option RunWithoutValidUsers
1 sgodin 10129 ########################################################
2     # reTurnServer configuration file
3     ########################################################
4    
5     ########################################################
6     # Transport settings
7     ########################################################
8    
9     # Local IP Address to bind base STUN/TURN transports to.
10     # Note: This is the IP Address that clients should be configured to
11     # send STUN/TURN traffic to.
12     # Warning: If you are enabling RFC3489 backwards compatability
13     # (see AltStunAddress and AltStunPort settings), then do
14     # not leave this set to INADDR_ANY (0.0.0.0), place
15     # a valid IP address from a local NIC here.
16     TurnAddress = 0.0.0.0
17    
18 Dpocock 10468 # Local IPv6 Address to bind base STUN/TURN transports to.
19     # Note: This is the IP Address that IPv6 clients should be configured to
20     # send STUN/TURN traffic to.
21     # Not currently supported with RFC3489 backwards compatability
22     TurnV6Address = ::0
23    
24 sgodin 10129 # Local UDP/TCP Port to bind base STUN/TURN transports to.
25     # Note: This is the port that clients should be configured to
26     # send STUN/TURN traffic over UDP and TCP.
27 dpocock 10629 # reTurn will always bind on this port using both UDP and TCP.
28 sgodin 10129 TurnPort = 3478
29    
30     # Local TLS Port to bind base STUN/TURN transports to.
31     # Note: This is the port that clients should be configured to
32     # send STUN/TURN traffic over TLS.
33 dpocock 10629 # Set this to 0 to disable TLS support.
34     # The default port for STUN over TLS is 5349
35     # It is often necessary to use port 443 instead so that
36     # users can connect through a HTTP proxy that only allows
37     # traffic that appears to be going to a HTTPS server.
38 sgodin 10129 TlsTurnPort = 5349
39    
40     # Local IP Address to bind the transports used in Classic Stun
41     # NAT type discovery. Note: This address is only required if
42     # you need Classic Stun (RFC3489) support.
43     # It must be different from the TurnAddress setting, and a valid
44     # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
45     # support.
46     # Note: The STUN/TURN Client should not be configured with this
47     # address anywhere. This address is discovered by clients
48     # in Binding responses that are sent to the TurnAddress.
49     AltStunAddress = 0.0.0.0
50    
51     # Local UDP Port to bind classic STUN (RFC3489) transports to.
52     # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
53     # if you do not have a need to support the NAT type discovery procedures
54     # of RFC3489.
55     # Note: STUN/TURN Client should not be configured with this port anywhere.
56     # This port is discovered by clients in Binding responses that are
57     # sent to the TurnAddress/TurnPort.
58     AltStunPort = 0
59    
60    
61     ########################################################
62     # Logging settings
63     ########################################################
64    
65     # Logging Type: syslog|cerr|cout|file
66     LoggingType = file
67    
68     # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
69     LoggingLevel = DEBUG
70    
71     # Log Filename
72     LogFilename = reTurnServer.log
73    
74     # Log file Max Size
75     LogFileMaxLines = 50000
76    
77    
78     ########################################################
79     # UNIX related settings
80     ########################################################
81    
82     # Must be true or false, default = false, not supported on Windows
83     Daemonize = false
84    
85     # On UNIX it is normal to create a PID file
86     # if unspecified, no attempt will be made to create a PID file
87     #PidFile = /var/run/reTurnServer/reTurnServer.pid
88    
89     # UNIX account information to run process as
90     #RunAsUser = return
91     #RunAsGroup = return
92    
93    
94     ########################################################
95     # Authentication settings
96     ########################################################
97    
98     # Authentication Realm for Long Term Passwords
99     AuthenticationRealm = reTurn
100    
101 sgodin 10220 # File containing user authentication data.
102     # The format of each line is:
103     #
104     # login:password:realm:state
105     #
106     # Typically, the realm field must match the value of AuthenticationRealm
107     # defined above.
108     #
109     # The state field can be one of:
110     #
111     # authorized (user authorized)
112     # refused (user denied access)
113     # restricted (for when bandwidth limiting is implemented)
114     #
115     # This file format is interchangeable with TurnServer.org's user database
116     #
117     UserDatabaseFile = users.txt
118    
119 Dpocock 10775 # How frequently to check the user database file for changes
120     # Set to 0 to only load the file once at startup
121     # Default = 60 seconds
122     UserDatabaseCheckInterval = 60
123 sgodin 10220
124 Dpocock 10777 # A common error involves leaving AuthenticationRealm at its
125     # default value but using some other realm name in the
126     # file specified by UserDatabaseFile
127     # By default, reTurn will now refuse to run unless at least
128     # one user is defined for the realm specified by the parameter
129     # AuthenticationRealm
130     #
131     # However, if you are not using TURN and only require STUN,
132     # no valid users are necessary so you can force reTurn to
133     # run without users by setting RunWithoutValidUsers
134     #
135     RunWithoutValidUsers = false
136 Dpocock 10775
137 sgodin 10129 ########################################################
138     # TURN Allocation settings
139     ########################################################
140    
141     NonceLifetime = 3600
142    
143     # The starting port number to use for TURN allocations.
144     # This number MUST be an even number, in order to ensure
145     # proper operation for allocation of RTP port pairs.
146     # Default: 49152 (start of the Dynamic and/or Private Port range
147     # - recommended by RFC)
148     AllocationPortRangeMin = 49152
149    
150     # The ending port number to use for TURN allocations.
151     # This number MUST be an odd number, in order to ensure
152     # proper operation for allocation of RTP port pairs.
153     # Default: 65535 (end of the Dynamic and/or Private Port range
154     # - recommended by RFC)
155     AllocationPortRangeMax = 65535
156    
157     # Default time (in seconds) that an allocation will expire if an allocation
158     # refresh request is not sent. Default is 600 (10 minutes).
159     DefaultAllocationLifetime = 600
160    
161     # Maximum time (in seconds) allowed that will be accepted in an allocation requests
162     # lifetime header (ie. between TURN allocation refreshes). If an allocation is
163     # received with a higher lifetime, then the response will be returned with this
164     # value instead. Default is 3600 (1 hour).
165     MaxAllocationLifetime = 3600
166    
167    
168     ########################################################
169     # SSL/TLS Certificate settings
170     ########################################################
171    
172     # TLS Server Certificate Filename (loaded from working directory)
173 dpocock 10717 # The PEM formated file that contains the server certificate.
174     # If the CA supplieds an intermediate certificate chain, those
175     # certificates should also be appened to this file.
176     # The private key may optionally be included in this file
177     # or in a separate key file specified by TlsServerPrivateKeyFilename
178 sgodin 10129 TlsServerCertificateFilename = server.pem
179    
180 dpocock 10717 # TLS Server Private Key Filename (loaded from working directory)
181     # The PEM formated file that contains the private key of the certificate
182     # that will be presented to clients connecting over TLS.
183     # If not specified, reTurn will also try to find the private key
184     # in the file specified by TlsServerCertificateFilename
185     TlsServerPrivateKeyFilename = server-key.pem
186    
187 sgodin 10129 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
188 Dpocock 10774 # Can be generated with the command:
189     #
190     # openssl dhparam -outform PEM -out dh512.pem 512
191     #
192 sgodin 10129 TlsTempDhFilename = dh512.pem
193    
194     # TLS server private key certificate password required to read
195     # from PEM file. Leave blank if key is not encrypted.
196     TlsPrivateKeyPassword =
197 dpocock 10208
198 Dpocock 10212

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27