/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Contents of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10796 - (show annotations) (download)
Tue Dec 31 01:05:05 2013 UTC (5 years, 11 months ago) by Dpocock
File size: 8965 byte(s)
reTurn: add support for configuring software name header in STUN packets
1 ########################################################
2 # reTurnServer configuration file
3 ########################################################
4
5 # Software name to include in STUN messages
6 # Set this to an empty string to reveal no software
7 # name information in STUN messages.
8 # Default: reTURNServer (RFC5389)
9 # The default also includes the software version on
10 # those platforms where PACKAGE_VERSION is defined
11 # at compile time.
12 #SoftwareName =
13
14 # Whether or not to pad the SoftwareName value to
15 # a multiple of four bytes for compatibility with
16 # legacy clients. Default: true
17 #PadSoftwareName = true
18
19 ########################################################
20 # Transport settings
21 ########################################################
22
23 # Local IP Address to bind base STUN/TURN transports to.
24 # Note: This is the IP Address that clients should be configured to
25 # send STUN/TURN traffic to.
26 # Warning: If you are enabling RFC3489 backwards compatability
27 # (see AltStunAddress and AltStunPort settings), then do
28 # not leave this set to INADDR_ANY (0.0.0.0), place
29 # a valid IP address from a local NIC here.
30 TurnAddress = 0.0.0.0
31
32 # Local IPv6 Address to bind base STUN/TURN transports to.
33 # Note: This is the IP Address that IPv6 clients should be configured to
34 # send STUN/TURN traffic to.
35 # Not currently supported with RFC3489 backwards compatability
36 TurnV6Address = ::0
37
38 # Local UDP/TCP Port to bind base STUN/TURN transports to.
39 # Note: This is the port that clients should be configured to
40 # send STUN/TURN traffic over UDP and TCP.
41 # reTurn will always bind on this port using both UDP and TCP.
42 TurnPort = 3478
43
44 # Local TLS Port to bind base STUN/TURN transports to.
45 # Note: This is the port that clients should be configured to
46 # send STUN/TURN traffic over TLS.
47 # Set this to 0 to disable TLS support.
48 # The default port for STUN over TLS is 5349
49 # It is often necessary to use port 443 instead so that
50 # users can connect through a HTTP proxy that only allows
51 # traffic that appears to be going to a HTTPS server.
52 TlsTurnPort = 5349
53
54 # Local IP Address to bind the transports used in Classic Stun
55 # NAT type discovery. Note: This address is only required if
56 # you need Classic Stun (RFC3489) support.
57 # It must be different from the TurnAddress setting, and a valid
58 # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
59 # support.
60 # Note: The STUN/TURN Client should not be configured with this
61 # address anywhere. This address is discovered by clients
62 # in Binding responses that are sent to the TurnAddress.
63 AltStunAddress = 0.0.0.0
64
65 # Local UDP Port to bind classic STUN (RFC3489) transports to.
66 # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
67 # if you do not have a need to support the NAT type discovery procedures
68 # of RFC3489.
69 # Note: STUN/TURN Client should not be configured with this port anywhere.
70 # This port is discovered by clients in Binding responses that are
71 # sent to the TurnAddress/TurnPort.
72 AltStunPort = 0
73
74
75 ########################################################
76 # Logging settings
77 ########################################################
78
79 # Logging Type: syslog|cerr|cout|file
80 LoggingType = file
81
82 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
83 LoggingLevel = DEBUG
84
85 # Log Filename
86 LogFilename = reTurnServer.log
87
88 # Log file Max Size
89 LogFileMaxLines = 50000
90
91
92 ########################################################
93 # UNIX related settings
94 ########################################################
95
96 # Must be true or false, default = false, not supported on Windows
97 Daemonize = false
98
99 # On UNIX it is normal to create a PID file
100 # if unspecified, no attempt will be made to create a PID file
101 #PidFile = /var/run/reTurnServer/reTurnServer.pid
102
103 # UNIX account information to run process as
104 #RunAsUser = return
105 #RunAsGroup = return
106
107
108 ########################################################
109 # Authentication settings
110 ########################################################
111
112 # Authentication Realm for Long Term Passwords
113 AuthenticationRealm = reTurn
114
115 # File containing user authentication data.
116 # The format of each line is:
117 #
118 # login:password:realm:state
119 #
120 # Typically, the realm field must match the value of AuthenticationRealm
121 # defined above.
122 #
123 # The state field can be one of:
124 #
125 # authorized (user authorized)
126 # refused (user denied access)
127 # restricted (for when bandwidth limiting is implemented)
128 #
129 # This file format is interchangeable with TurnServer.org's user database
130 #
131 UserDatabaseFile = users.txt
132
133 # Hashed passwords in the user database file
134 # This option specifies whether the passwords are plain text
135 # or hashed with the scheme H(A1)
136 #
137 # When hashed passwords are enabled by this configuration setting,
138 # the values in the password column are the MD5 hash
139 # represented in hexadecimal
140 #
141 # To create a hashed password for the following credentials:
142 #
143 # user: bob
144 # realm: example.org
145 # password: foobar
146 #
147 # you can issue a command such as:
148 #
149 # echo -n bob:example.org:foobar | md5sum
150 #
151 # WARNING: the hashing scheme prevents recovery of the plain text
152 # password. However, H(A1) hash values must still be kept
153 # secret as they can be used to impersonate the user.
154 # Therefore, the user database file should always be readable
155 # only by the reTurn process and no other regular users.
156 #
157 UserDatabaseHashedPasswords = false
158
159 # How frequently to check the user database file for changes
160 # Set to 0 to only load the file once at startup
161 # Default = 60 seconds
162 UserDatabaseCheckInterval = 60
163
164 # A common error involves leaving AuthenticationRealm at its
165 # default value but using some other realm name in the
166 # file specified by UserDatabaseFile
167 # By default, reTurn will now refuse to run unless at least
168 # one user is defined for the realm specified by the parameter
169 # AuthenticationRealm
170 #
171 # However, if you are not using TURN and only require STUN,
172 # no valid users are necessary so you can force reTurn to
173 # run without users by setting RunWithoutValidUsers
174 #
175 RunWithoutValidUsers = false
176
177 ########################################################
178 # TURN Allocation settings
179 ########################################################
180
181 NonceLifetime = 3600
182
183 # The starting port number to use for TURN allocations.
184 # This number MUST be an even number, in order to ensure
185 # proper operation for allocation of RTP port pairs.
186 # Default: 49152 (start of the Dynamic and/or Private Port range
187 # - recommended by RFC)
188 AllocationPortRangeMin = 49152
189
190 # The ending port number to use for TURN allocations.
191 # This number MUST be an odd number, in order to ensure
192 # proper operation for allocation of RTP port pairs.
193 # Default: 65535 (end of the Dynamic and/or Private Port range
194 # - recommended by RFC)
195 AllocationPortRangeMax = 65535
196
197 # Default time (in seconds) that an allocation will expire if an allocation
198 # refresh request is not sent. Default is 600 (10 minutes).
199 DefaultAllocationLifetime = 600
200
201 # Maximum time (in seconds) allowed that will be accepted in an allocation requests
202 # lifetime header (ie. between TURN allocation refreshes). If an allocation is
203 # received with a higher lifetime, then the response will be returned with this
204 # value instead. Default is 3600 (1 hour).
205 MaxAllocationLifetime = 3600
206
207
208 ########################################################
209 # SSL/TLS Certificate settings
210 ########################################################
211
212 # TLS Server Certificate Filename (loaded from working directory)
213 # The PEM formated file that contains the server certificate.
214 # If the CA supplieds an intermediate certificate chain, those
215 # certificates should also be appened to this file.
216 # The private key may optionally be included in this file
217 # or in a separate key file specified by TlsServerPrivateKeyFilename
218 TlsServerCertificateFilename = server.pem
219
220 # TLS Server Private Key Filename (loaded from working directory)
221 # The PEM formated file that contains the private key of the certificate
222 # that will be presented to clients connecting over TLS.
223 # If not specified, reTurn will also try to find the private key
224 # in the file specified by TlsServerCertificateFilename
225 TlsServerPrivateKeyFilename = server-key.pem
226
227 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
228 # Can be generated with the command:
229 #
230 # openssl dhparam -outform PEM -out dh512.pem 512
231 #
232 TlsTempDhFilename = dh512.pem
233
234 # TLS server private key certificate password required to read
235 # from PEM file. Leave blank if key is not encrypted.
236 TlsPrivateKeyPassword =
237
238

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27