/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Contents of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10779 - (show annotations) (download)
Tue Dec 24 01:26:14 2013 UTC (5 years, 11 months ago) by Dpocock
File size: 8487 byte(s)
reTurn: support for hashed passwords in user database file
1 ########################################################
2 # reTurnServer configuration file
3 ########################################################
4
5 ########################################################
6 # Transport settings
7 ########################################################
8
9 # Local IP Address to bind base STUN/TURN transports to.
10 # Note: This is the IP Address that clients should be configured to
11 # send STUN/TURN traffic to.
12 # Warning: If you are enabling RFC3489 backwards compatability
13 # (see AltStunAddress and AltStunPort settings), then do
14 # not leave this set to INADDR_ANY (0.0.0.0), place
15 # a valid IP address from a local NIC here.
16 TurnAddress = 0.0.0.0
17
18 # Local IPv6 Address to bind base STUN/TURN transports to.
19 # Note: This is the IP Address that IPv6 clients should be configured to
20 # send STUN/TURN traffic to.
21 # Not currently supported with RFC3489 backwards compatability
22 TurnV6Address = ::0
23
24 # Local UDP/TCP Port to bind base STUN/TURN transports to.
25 # Note: This is the port that clients should be configured to
26 # send STUN/TURN traffic over UDP and TCP.
27 # reTurn will always bind on this port using both UDP and TCP.
28 TurnPort = 3478
29
30 # Local TLS Port to bind base STUN/TURN transports to.
31 # Note: This is the port that clients should be configured to
32 # send STUN/TURN traffic over TLS.
33 # Set this to 0 to disable TLS support.
34 # The default port for STUN over TLS is 5349
35 # It is often necessary to use port 443 instead so that
36 # users can connect through a HTTP proxy that only allows
37 # traffic that appears to be going to a HTTPS server.
38 TlsTurnPort = 5349
39
40 # Local IP Address to bind the transports used in Classic Stun
41 # NAT type discovery. Note: This address is only required if
42 # you need Classic Stun (RFC3489) support.
43 # It must be different from the TurnAddress setting, and a valid
44 # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
45 # support.
46 # Note: The STUN/TURN Client should not be configured with this
47 # address anywhere. This address is discovered by clients
48 # in Binding responses that are sent to the TurnAddress.
49 AltStunAddress = 0.0.0.0
50
51 # Local UDP Port to bind classic STUN (RFC3489) transports to.
52 # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
53 # if you do not have a need to support the NAT type discovery procedures
54 # of RFC3489.
55 # Note: STUN/TURN Client should not be configured with this port anywhere.
56 # This port is discovered by clients in Binding responses that are
57 # sent to the TurnAddress/TurnPort.
58 AltStunPort = 0
59
60
61 ########################################################
62 # Logging settings
63 ########################################################
64
65 # Logging Type: syslog|cerr|cout|file
66 LoggingType = file
67
68 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
69 LoggingLevel = DEBUG
70
71 # Log Filename
72 LogFilename = reTurnServer.log
73
74 # Log file Max Size
75 LogFileMaxLines = 50000
76
77
78 ########################################################
79 # UNIX related settings
80 ########################################################
81
82 # Must be true or false, default = false, not supported on Windows
83 Daemonize = false
84
85 # On UNIX it is normal to create a PID file
86 # if unspecified, no attempt will be made to create a PID file
87 #PidFile = /var/run/reTurnServer/reTurnServer.pid
88
89 # UNIX account information to run process as
90 #RunAsUser = return
91 #RunAsGroup = return
92
93
94 ########################################################
95 # Authentication settings
96 ########################################################
97
98 # Authentication Realm for Long Term Passwords
99 AuthenticationRealm = reTurn
100
101 # File containing user authentication data.
102 # The format of each line is:
103 #
104 # login:password:realm:state
105 #
106 # Typically, the realm field must match the value of AuthenticationRealm
107 # defined above.
108 #
109 # The state field can be one of:
110 #
111 # authorized (user authorized)
112 # refused (user denied access)
113 # restricted (for when bandwidth limiting is implemented)
114 #
115 # This file format is interchangeable with TurnServer.org's user database
116 #
117 UserDatabaseFile = users.txt
118
119 # Hashed passwords in the user database file
120 # This option specifies whether the passwords are plain text
121 # or hashed with the scheme H(A1)
122 #
123 # When hashed passwords are enabled by this configuration setting,
124 # the values in the password column are the MD5 hash
125 # represented in hexadecimal
126 #
127 # To create a hashed password for the following credentials:
128 #
129 # user: bob
130 # realm: example.org
131 # password: foobar
132 #
133 # you can issue a command such as:
134 #
135 # echo -n bob:example.org:foobar | md5sum
136 #
137 # WARNING: the hashing scheme prevents recovery of the plain text
138 # password. However, H(A1) hash values must still be kept
139 # secret as they can be used to impersonate the user.
140 # Therefore, the user database file should always be readable
141 # only by the reTurn process and no other regular users.
142 #
143 UserDatabaseHashedPasswords = false
144
145 # How frequently to check the user database file for changes
146 # Set to 0 to only load the file once at startup
147 # Default = 60 seconds
148 UserDatabaseCheckInterval = 60
149
150 # A common error involves leaving AuthenticationRealm at its
151 # default value but using some other realm name in the
152 # file specified by UserDatabaseFile
153 # By default, reTurn will now refuse to run unless at least
154 # one user is defined for the realm specified by the parameter
155 # AuthenticationRealm
156 #
157 # However, if you are not using TURN and only require STUN,
158 # no valid users are necessary so you can force reTurn to
159 # run without users by setting RunWithoutValidUsers
160 #
161 RunWithoutValidUsers = false
162
163 ########################################################
164 # TURN Allocation settings
165 ########################################################
166
167 NonceLifetime = 3600
168
169 # The starting port number to use for TURN allocations.
170 # This number MUST be an even number, in order to ensure
171 # proper operation for allocation of RTP port pairs.
172 # Default: 49152 (start of the Dynamic and/or Private Port range
173 # - recommended by RFC)
174 AllocationPortRangeMin = 49152
175
176 # The ending port number to use for TURN allocations.
177 # This number MUST be an odd number, in order to ensure
178 # proper operation for allocation of RTP port pairs.
179 # Default: 65535 (end of the Dynamic and/or Private Port range
180 # - recommended by RFC)
181 AllocationPortRangeMax = 65535
182
183 # Default time (in seconds) that an allocation will expire if an allocation
184 # refresh request is not sent. Default is 600 (10 minutes).
185 DefaultAllocationLifetime = 600
186
187 # Maximum time (in seconds) allowed that will be accepted in an allocation requests
188 # lifetime header (ie. between TURN allocation refreshes). If an allocation is
189 # received with a higher lifetime, then the response will be returned with this
190 # value instead. Default is 3600 (1 hour).
191 MaxAllocationLifetime = 3600
192
193
194 ########################################################
195 # SSL/TLS Certificate settings
196 ########################################################
197
198 # TLS Server Certificate Filename (loaded from working directory)
199 # The PEM formated file that contains the server certificate.
200 # If the CA supplieds an intermediate certificate chain, those
201 # certificates should also be appened to this file.
202 # The private key may optionally be included in this file
203 # or in a separate key file specified by TlsServerPrivateKeyFilename
204 TlsServerCertificateFilename = server.pem
205
206 # TLS Server Private Key Filename (loaded from working directory)
207 # The PEM formated file that contains the private key of the certificate
208 # that will be presented to clients connecting over TLS.
209 # If not specified, reTurn will also try to find the private key
210 # in the file specified by TlsServerCertificateFilename
211 TlsServerPrivateKeyFilename = server-key.pem
212
213 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
214 # Can be generated with the command:
215 #
216 # openssl dhparam -outform PEM -out dh512.pem 512
217 #
218 TlsTempDhFilename = dh512.pem
219
220 # TLS server private key certificate password required to read
221 # from PEM file. Leave blank if key is not encrypted.
222 TlsPrivateKeyPassword =
223
224

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27