/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Annotation of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10854 - (hide annotations) (download)
Mon Jan 13 22:06:50 2014 UTC (5 years, 10 months ago) by Dpocock
File size: 8450 byte(s)
reTurn: remove config option RunWithoutValidUsers, just log a warning when no valid users detected
1 sgodin 10129 ########################################################
2     # reTurnServer configuration file
3     ########################################################
4    
5 Dpocock 10796 # Software name to include in STUN messages
6     # Set this to an empty string to reveal no software
7     # name information in STUN messages.
8     # Default: reTURNServer (RFC5389)
9     # The default also includes the software version on
10     # those platforms where PACKAGE_VERSION is defined
11     # at compile time.
12     #SoftwareName =
13    
14     # Whether or not to pad the SoftwareName value to
15     # a multiple of four bytes for compatibility with
16     # legacy clients. Default: true
17     #PadSoftwareName = true
18    
19 sgodin 10129 ########################################################
20     # Transport settings
21     ########################################################
22    
23     # Local IP Address to bind base STUN/TURN transports to.
24     # Note: This is the IP Address that clients should be configured to
25     # send STUN/TURN traffic to.
26     # Warning: If you are enabling RFC3489 backwards compatability
27     # (see AltStunAddress and AltStunPort settings), then do
28     # not leave this set to INADDR_ANY (0.0.0.0), place
29     # a valid IP address from a local NIC here.
30     TurnAddress = 0.0.0.0
31    
32 Dpocock 10468 # Local IPv6 Address to bind base STUN/TURN transports to.
33     # Note: This is the IP Address that IPv6 clients should be configured to
34     # send STUN/TURN traffic to.
35     # Not currently supported with RFC3489 backwards compatability
36     TurnV6Address = ::0
37    
38 sgodin 10129 # Local UDP/TCP Port to bind base STUN/TURN transports to.
39     # Note: This is the port that clients should be configured to
40     # send STUN/TURN traffic over UDP and TCP.
41 dpocock 10629 # reTurn will always bind on this port using both UDP and TCP.
42 sgodin 10129 TurnPort = 3478
43    
44     # Local TLS Port to bind base STUN/TURN transports to.
45     # Note: This is the port that clients should be configured to
46     # send STUN/TURN traffic over TLS.
47 dpocock 10629 # Set this to 0 to disable TLS support.
48     # The default port for STUN over TLS is 5349
49     # It is often necessary to use port 443 instead so that
50     # users can connect through a HTTP proxy that only allows
51     # traffic that appears to be going to a HTTPS server.
52 sgodin 10129 TlsTurnPort = 5349
53    
54     # Local IP Address to bind the transports used in Classic Stun
55     # NAT type discovery. Note: This address is only required if
56     # you need Classic Stun (RFC3489) support.
57     # It must be different from the TurnAddress setting, and a valid
58     # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
59     # support.
60     # Note: The STUN/TURN Client should not be configured with this
61     # address anywhere. This address is discovered by clients
62     # in Binding responses that are sent to the TurnAddress.
63     AltStunAddress = 0.0.0.0
64    
65     # Local UDP Port to bind classic STUN (RFC3489) transports to.
66     # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
67     # if you do not have a need to support the NAT type discovery procedures
68     # of RFC3489.
69     # Note: STUN/TURN Client should not be configured with this port anywhere.
70     # This port is discovered by clients in Binding responses that are
71     # sent to the TurnAddress/TurnPort.
72     AltStunPort = 0
73    
74    
75     ########################################################
76     # Logging settings
77     ########################################################
78    
79     # Logging Type: syslog|cerr|cout|file
80     LoggingType = file
81    
82     # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
83     LoggingLevel = DEBUG
84    
85     # Log Filename
86     LogFilename = reTurnServer.log
87    
88     # Log file Max Size
89     LogFileMaxLines = 50000
90    
91    
92     ########################################################
93     # UNIX related settings
94     ########################################################
95    
96     # Must be true or false, default = false, not supported on Windows
97     Daemonize = false
98    
99     # On UNIX it is normal to create a PID file
100     # if unspecified, no attempt will be made to create a PID file
101     #PidFile = /var/run/reTurnServer/reTurnServer.pid
102    
103     # UNIX account information to run process as
104     #RunAsUser = return
105     #RunAsGroup = return
106    
107    
108     ########################################################
109     # Authentication settings
110     ########################################################
111    
112     # Authentication Realm for Long Term Passwords
113     AuthenticationRealm = reTurn
114    
115 sgodin 10220 # File containing user authentication data.
116     # The format of each line is:
117     #
118     # login:password:realm:state
119     #
120     # Typically, the realm field must match the value of AuthenticationRealm
121     # defined above.
122     #
123     # The state field can be one of:
124     #
125     # authorized (user authorized)
126     # refused (user denied access)
127     # restricted (for when bandwidth limiting is implemented)
128     #
129     # This file format is interchangeable with TurnServer.org's user database
130     #
131     UserDatabaseFile = users.txt
132    
133 Dpocock 10779 # Hashed passwords in the user database file
134     # This option specifies whether the passwords are plain text
135     # or hashed with the scheme H(A1)
136     #
137     # When hashed passwords are enabled by this configuration setting,
138     # the values in the password column are the MD5 hash
139     # represented in hexadecimal
140     #
141     # To create a hashed password for the following credentials:
142     #
143     # user: bob
144     # realm: example.org
145     # password: foobar
146     #
147     # you can issue a command such as:
148     #
149     # echo -n bob:example.org:foobar | md5sum
150     #
151     # WARNING: the hashing scheme prevents recovery of the plain text
152     # password. However, H(A1) hash values must still be kept
153     # secret as they can be used to impersonate the user.
154     # Therefore, the user database file should always be readable
155     # only by the reTurn process and no other regular users.
156     #
157     UserDatabaseHashedPasswords = false
158    
159 Dpocock 10775 # How frequently to check the user database file for changes
160     # Set to 0 to only load the file once at startup
161     # Default = 60 seconds
162     UserDatabaseCheckInterval = 60
163 sgodin 10220
164 sgodin 10129 ########################################################
165     # TURN Allocation settings
166     ########################################################
167    
168     NonceLifetime = 3600
169    
170     # The starting port number to use for TURN allocations.
171     # This number MUST be an even number, in order to ensure
172     # proper operation for allocation of RTP port pairs.
173     # Default: 49152 (start of the Dynamic and/or Private Port range
174     # - recommended by RFC)
175     AllocationPortRangeMin = 49152
176    
177     # The ending port number to use for TURN allocations.
178     # This number MUST be an odd number, in order to ensure
179     # proper operation for allocation of RTP port pairs.
180     # Default: 65535 (end of the Dynamic and/or Private Port range
181     # - recommended by RFC)
182     AllocationPortRangeMax = 65535
183    
184     # Default time (in seconds) that an allocation will expire if an allocation
185     # refresh request is not sent. Default is 600 (10 minutes).
186     DefaultAllocationLifetime = 600
187    
188     # Maximum time (in seconds) allowed that will be accepted in an allocation requests
189     # lifetime header (ie. between TURN allocation refreshes). If an allocation is
190     # received with a higher lifetime, then the response will be returned with this
191     # value instead. Default is 3600 (1 hour).
192     MaxAllocationLifetime = 3600
193    
194    
195     ########################################################
196     # SSL/TLS Certificate settings
197     ########################################################
198    
199     # TLS Server Certificate Filename (loaded from working directory)
200 dpocock 10717 # The PEM formated file that contains the server certificate.
201     # If the CA supplieds an intermediate certificate chain, those
202     # certificates should also be appened to this file.
203     # The private key may optionally be included in this file
204     # or in a separate key file specified by TlsServerPrivateKeyFilename
205 sgodin 10129 TlsServerCertificateFilename = server.pem
206    
207 dpocock 10717 # TLS Server Private Key Filename (loaded from working directory)
208     # The PEM formated file that contains the private key of the certificate
209     # that will be presented to clients connecting over TLS.
210     # If not specified, reTurn will also try to find the private key
211     # in the file specified by TlsServerCertificateFilename
212     TlsServerPrivateKeyFilename = server-key.pem
213    
214 sgodin 10129 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
215 Dpocock 10774 # Can be generated with the command:
216     #
217     # openssl dhparam -outform PEM -out dh512.pem 512
218     #
219 sgodin 10129 TlsTempDhFilename = dh512.pem
220    
221     # TLS server private key certificate password required to read
222     # from PEM file. Leave blank if key is not encrypted.
223     TlsPrivateKeyPassword =
224 dpocock 10208
225 Dpocock 10212

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27