/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Annotation of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10796 - (hide annotations) (download)
Tue Dec 31 01:05:05 2013 UTC (6 years ago) by Dpocock
File size: 8965 byte(s)
reTurn: add support for configuring software name header in STUN packets
1 sgodin 10129 ########################################################
2     # reTurnServer configuration file
3     ########################################################
4    
5 Dpocock 10796 # Software name to include in STUN messages
6     # Set this to an empty string to reveal no software
7     # name information in STUN messages.
8     # Default: reTURNServer (RFC5389)
9     # The default also includes the software version on
10     # those platforms where PACKAGE_VERSION is defined
11     # at compile time.
12     #SoftwareName =
13    
14     # Whether or not to pad the SoftwareName value to
15     # a multiple of four bytes for compatibility with
16     # legacy clients. Default: true
17     #PadSoftwareName = true
18    
19 sgodin 10129 ########################################################
20     # Transport settings
21     ########################################################
22    
23     # Local IP Address to bind base STUN/TURN transports to.
24     # Note: This is the IP Address that clients should be configured to
25     # send STUN/TURN traffic to.
26     # Warning: If you are enabling RFC3489 backwards compatability
27     # (see AltStunAddress and AltStunPort settings), then do
28     # not leave this set to INADDR_ANY (0.0.0.0), place
29     # a valid IP address from a local NIC here.
30     TurnAddress = 0.0.0.0
31    
32 Dpocock 10468 # Local IPv6 Address to bind base STUN/TURN transports to.
33     # Note: This is the IP Address that IPv6 clients should be configured to
34     # send STUN/TURN traffic to.
35     # Not currently supported with RFC3489 backwards compatability
36     TurnV6Address = ::0
37    
38 sgodin 10129 # Local UDP/TCP Port to bind base STUN/TURN transports to.
39     # Note: This is the port that clients should be configured to
40     # send STUN/TURN traffic over UDP and TCP.
41 dpocock 10629 # reTurn will always bind on this port using both UDP and TCP.
42 sgodin 10129 TurnPort = 3478
43    
44     # Local TLS Port to bind base STUN/TURN transports to.
45     # Note: This is the port that clients should be configured to
46     # send STUN/TURN traffic over TLS.
47 dpocock 10629 # Set this to 0 to disable TLS support.
48     # The default port for STUN over TLS is 5349
49     # It is often necessary to use port 443 instead so that
50     # users can connect through a HTTP proxy that only allows
51     # traffic that appears to be going to a HTTPS server.
52 sgodin 10129 TlsTurnPort = 5349
53    
54     # Local IP Address to bind the transports used in Classic Stun
55     # NAT type discovery. Note: This address is only required if
56     # you need Classic Stun (RFC3489) support.
57     # It must be different from the TurnAddress setting, and a valid
58     # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
59     # support.
60     # Note: The STUN/TURN Client should not be configured with this
61     # address anywhere. This address is discovered by clients
62     # in Binding responses that are sent to the TurnAddress.
63     AltStunAddress = 0.0.0.0
64    
65     # Local UDP Port to bind classic STUN (RFC3489) transports to.
66     # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
67     # if you do not have a need to support the NAT type discovery procedures
68     # of RFC3489.
69     # Note: STUN/TURN Client should not be configured with this port anywhere.
70     # This port is discovered by clients in Binding responses that are
71     # sent to the TurnAddress/TurnPort.
72     AltStunPort = 0
73    
74    
75     ########################################################
76     # Logging settings
77     ########################################################
78    
79     # Logging Type: syslog|cerr|cout|file
80     LoggingType = file
81    
82     # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
83     LoggingLevel = DEBUG
84    
85     # Log Filename
86     LogFilename = reTurnServer.log
87    
88     # Log file Max Size
89     LogFileMaxLines = 50000
90    
91    
92     ########################################################
93     # UNIX related settings
94     ########################################################
95    
96     # Must be true or false, default = false, not supported on Windows
97     Daemonize = false
98    
99     # On UNIX it is normal to create a PID file
100     # if unspecified, no attempt will be made to create a PID file
101     #PidFile = /var/run/reTurnServer/reTurnServer.pid
102    
103     # UNIX account information to run process as
104     #RunAsUser = return
105     #RunAsGroup = return
106    
107    
108     ########################################################
109     # Authentication settings
110     ########################################################
111    
112     # Authentication Realm for Long Term Passwords
113     AuthenticationRealm = reTurn
114    
115 sgodin 10220 # File containing user authentication data.
116     # The format of each line is:
117     #
118     # login:password:realm:state
119     #
120     # Typically, the realm field must match the value of AuthenticationRealm
121     # defined above.
122     #
123     # The state field can be one of:
124     #
125     # authorized (user authorized)
126     # refused (user denied access)
127     # restricted (for when bandwidth limiting is implemented)
128     #
129     # This file format is interchangeable with TurnServer.org's user database
130     #
131     UserDatabaseFile = users.txt
132    
133 Dpocock 10779 # Hashed passwords in the user database file
134     # This option specifies whether the passwords are plain text
135     # or hashed with the scheme H(A1)
136     #
137     # When hashed passwords are enabled by this configuration setting,
138     # the values in the password column are the MD5 hash
139     # represented in hexadecimal
140     #
141     # To create a hashed password for the following credentials:
142     #
143     # user: bob
144     # realm: example.org
145     # password: foobar
146     #
147     # you can issue a command such as:
148     #
149     # echo -n bob:example.org:foobar | md5sum
150     #
151     # WARNING: the hashing scheme prevents recovery of the plain text
152     # password. However, H(A1) hash values must still be kept
153     # secret as they can be used to impersonate the user.
154     # Therefore, the user database file should always be readable
155     # only by the reTurn process and no other regular users.
156     #
157     UserDatabaseHashedPasswords = false
158    
159 Dpocock 10775 # How frequently to check the user database file for changes
160     # Set to 0 to only load the file once at startup
161     # Default = 60 seconds
162     UserDatabaseCheckInterval = 60
163 sgodin 10220
164 Dpocock 10777 # A common error involves leaving AuthenticationRealm at its
165     # default value but using some other realm name in the
166     # file specified by UserDatabaseFile
167     # By default, reTurn will now refuse to run unless at least
168     # one user is defined for the realm specified by the parameter
169     # AuthenticationRealm
170     #
171     # However, if you are not using TURN and only require STUN,
172     # no valid users are necessary so you can force reTurn to
173     # run without users by setting RunWithoutValidUsers
174     #
175     RunWithoutValidUsers = false
176 Dpocock 10775
177 sgodin 10129 ########################################################
178     # TURN Allocation settings
179     ########################################################
180    
181     NonceLifetime = 3600
182    
183     # The starting port number to use for TURN allocations.
184     # This number MUST be an even number, in order to ensure
185     # proper operation for allocation of RTP port pairs.
186     # Default: 49152 (start of the Dynamic and/or Private Port range
187     # - recommended by RFC)
188     AllocationPortRangeMin = 49152
189    
190     # The ending port number to use for TURN allocations.
191     # This number MUST be an odd number, in order to ensure
192     # proper operation for allocation of RTP port pairs.
193     # Default: 65535 (end of the Dynamic and/or Private Port range
194     # - recommended by RFC)
195     AllocationPortRangeMax = 65535
196    
197     # Default time (in seconds) that an allocation will expire if an allocation
198     # refresh request is not sent. Default is 600 (10 minutes).
199     DefaultAllocationLifetime = 600
200    
201     # Maximum time (in seconds) allowed that will be accepted in an allocation requests
202     # lifetime header (ie. between TURN allocation refreshes). If an allocation is
203     # received with a higher lifetime, then the response will be returned with this
204     # value instead. Default is 3600 (1 hour).
205     MaxAllocationLifetime = 3600
206    
207    
208     ########################################################
209     # SSL/TLS Certificate settings
210     ########################################################
211    
212     # TLS Server Certificate Filename (loaded from working directory)
213 dpocock 10717 # The PEM formated file that contains the server certificate.
214     # If the CA supplieds an intermediate certificate chain, those
215     # certificates should also be appened to this file.
216     # The private key may optionally be included in this file
217     # or in a separate key file specified by TlsServerPrivateKeyFilename
218 sgodin 10129 TlsServerCertificateFilename = server.pem
219    
220 dpocock 10717 # TLS Server Private Key Filename (loaded from working directory)
221     # The PEM formated file that contains the private key of the certificate
222     # that will be presented to clients connecting over TLS.
223     # If not specified, reTurn will also try to find the private key
224     # in the file specified by TlsServerCertificateFilename
225     TlsServerPrivateKeyFilename = server-key.pem
226    
227 sgodin 10129 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
228 Dpocock 10774 # Can be generated with the command:
229     #
230     # openssl dhparam -outform PEM -out dh512.pem 512
231     #
232 sgodin 10129 TlsTempDhFilename = dh512.pem
233    
234     # TLS server private key certificate password required to read
235     # from PEM file. Leave blank if key is not encrypted.
236     TlsPrivateKeyPassword =
237 dpocock 10208
238 Dpocock 10212

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27