/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Contents of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 11221 - (show annotations) (download)
Sat Aug 30 14:15:44 2014 UTC (5 years, 2 months ago) by dpocock
File size: 8530 byte(s)
reTurn: Logging: configuring Syslog facility
1 ########################################################
2 # reTurnServer configuration file
3 ########################################################
4
5 # Software name to include in STUN messages
6 # Set this to an empty string to reveal no software
7 # name information in STUN messages.
8 # Default: reTURNServer (RFC5389)
9 # The default also includes the software version on
10 # those platforms where PACKAGE_VERSION is defined
11 # at compile time.
12 #SoftwareName =
13
14 # Whether or not to pad the SoftwareName value to
15 # a multiple of four bytes for compatibility with
16 # legacy clients. Default: true
17 #PadSoftwareName = true
18
19 ########################################################
20 # Transport settings
21 ########################################################
22
23 # Local IP Address to bind base STUN/TURN transports to.
24 # Note: This is the IP Address that clients should be configured to
25 # send STUN/TURN traffic to.
26 # Warning: If you are enabling RFC3489 backwards compatability
27 # (see AltStunAddress and AltStunPort settings), then do
28 # not leave this set to INADDR_ANY (0.0.0.0), place
29 # a valid IP address from a local NIC here.
30 TurnAddress = 0.0.0.0
31
32 # Local IPv6 Address to bind base STUN/TURN transports to.
33 # Note: This is the IP Address that IPv6 clients should be configured to
34 # send STUN/TURN traffic to.
35 # Not currently supported with RFC3489 backwards compatability
36 TurnV6Address = ::0
37
38 # Local UDP/TCP Port to bind base STUN/TURN transports to.
39 # Note: This is the port that clients should be configured to
40 # send STUN/TURN traffic over UDP and TCP.
41 # reTurn will always bind on this port using both UDP and TCP.
42 TurnPort = 3478
43
44 # Local TLS Port to bind base STUN/TURN transports to.
45 # Note: This is the port that clients should be configured to
46 # send STUN/TURN traffic over TLS.
47 # Set this to 0 to disable TLS support.
48 # The default port for STUN over TLS is 5349
49 # It is often necessary to use port 443 instead so that
50 # users can connect through a HTTP proxy that only allows
51 # traffic that appears to be going to a HTTPS server.
52 TlsTurnPort = 5349
53
54 # Local IP Address to bind the transports used in Classic Stun
55 # NAT type discovery. Note: This address is only required if
56 # you need Classic Stun (RFC3489) support.
57 # It must be different from the TurnAddress setting, and a valid
58 # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
59 # support.
60 # Note: The STUN/TURN Client should not be configured with this
61 # address anywhere. This address is discovered by clients
62 # in Binding responses that are sent to the TurnAddress.
63 AltStunAddress = 0.0.0.0
64
65 # Local UDP Port to bind classic STUN (RFC3489) transports to.
66 # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
67 # if you do not have a need to support the NAT type discovery procedures
68 # of RFC3489.
69 # Note: STUN/TURN Client should not be configured with this port anywhere.
70 # This port is discovered by clients in Binding responses that are
71 # sent to the TurnAddress/TurnPort.
72 AltStunPort = 0
73
74
75 ########################################################
76 # Logging settings
77 ########################################################
78
79 # Logging Type: syslog|cerr|cout|file
80 LoggingType = file
81
82 # For syslog, also specify the facility, default is LOG_DAEMON
83 SyslogFacility = LOG_DAEMON
84
85 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
86 LoggingLevel = DEBUG
87
88 # Log Filename
89 LogFilename = reTurnServer.log
90
91 # Log file Max Size
92 LogFileMaxLines = 50000
93
94
95 ########################################################
96 # UNIX related settings
97 ########################################################
98
99 # Must be true or false, default = false, not supported on Windows
100 Daemonize = false
101
102 # On UNIX it is normal to create a PID file
103 # if unspecified, no attempt will be made to create a PID file
104 #PidFile = /var/run/reTurnServer/reTurnServer.pid
105
106 # UNIX account information to run process as
107 #RunAsUser = return
108 #RunAsGroup = return
109
110
111 ########################################################
112 # Authentication settings
113 ########################################################
114
115 # Authentication Realm for Long Term Passwords
116 AuthenticationRealm = reTurn
117
118 # File containing user authentication data.
119 # The format of each line is:
120 #
121 # login:password:realm:state
122 #
123 # Typically, the realm field must match the value of AuthenticationRealm
124 # defined above.
125 #
126 # The state field can be one of:
127 #
128 # authorized (user authorized)
129 # refused (user denied access)
130 # restricted (for when bandwidth limiting is implemented)
131 #
132 # This file format is interchangeable with TurnServer.org's user database
133 #
134 UserDatabaseFile = users.txt
135
136 # Hashed passwords in the user database file
137 # This option specifies whether the passwords are plain text
138 # or hashed with the scheme H(A1)
139 #
140 # When hashed passwords are enabled by this configuration setting,
141 # the values in the password column are the MD5 hash
142 # represented in hexadecimal
143 #
144 # To create a hashed password for the following credentials:
145 #
146 # user: bob
147 # realm: example.org
148 # password: foobar
149 #
150 # you can issue a command such as:
151 #
152 # echo -n bob:example.org:foobar | md5sum
153 #
154 # WARNING: the hashing scheme prevents recovery of the plain text
155 # password. However, H(A1) hash values must still be kept
156 # secret as they can be used to impersonate the user.
157 # Therefore, the user database file should always be readable
158 # only by the reTurn process and no other regular users.
159 #
160 UserDatabaseHashedPasswords = false
161
162 # How frequently to check the user database file for changes
163 # Set to 0 to only load the file once at startup
164 # Default = 60 seconds
165 UserDatabaseCheckInterval = 60
166
167 ########################################################
168 # TURN Allocation settings
169 ########################################################
170
171 NonceLifetime = 3600
172
173 # The starting port number to use for TURN allocations.
174 # This number MUST be an even number, in order to ensure
175 # proper operation for allocation of RTP port pairs.
176 # Default: 49152 (start of the Dynamic and/or Private Port range
177 # - recommended by RFC)
178 AllocationPortRangeMin = 49152
179
180 # The ending port number to use for TURN allocations.
181 # This number MUST be an odd number, in order to ensure
182 # proper operation for allocation of RTP port pairs.
183 # Default: 65535 (end of the Dynamic and/or Private Port range
184 # - recommended by RFC)
185 AllocationPortRangeMax = 65535
186
187 # Default time (in seconds) that an allocation will expire if an allocation
188 # refresh request is not sent. Default is 600 (10 minutes).
189 DefaultAllocationLifetime = 600
190
191 # Maximum time (in seconds) allowed that will be accepted in an allocation requests
192 # lifetime header (ie. between TURN allocation refreshes). If an allocation is
193 # received with a higher lifetime, then the response will be returned with this
194 # value instead. Default is 3600 (1 hour).
195 MaxAllocationLifetime = 3600
196
197
198 ########################################################
199 # SSL/TLS Certificate settings
200 ########################################################
201
202 # TLS Server Certificate Filename (loaded from working directory)
203 # The PEM formated file that contains the server certificate.
204 # If the CA supplies an intermediate certificate chain, those
205 # certificates should also be appened to this file.
206 # The private key may optionally be included in this file
207 # or in a separate key file specified by TlsServerPrivateKeyFilename
208 TlsServerCertificateFilename = server.pem
209
210 # TLS Server Private Key Filename (loaded from working directory)
211 # The PEM formated file that contains the private key of the certificate
212 # that will be presented to clients connecting over TLS.
213 # If not specified, reTurn will also try to find the private key
214 # in the file specified by TlsServerCertificateFilename
215 TlsServerPrivateKeyFilename =
216
217 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
218 # Can be generated with the command:
219 #
220 # openssl dhparam -outform PEM -out dh512.pem 512
221 #
222 TlsTempDhFilename = dh512.pem
223
224 # TLS server private key certificate password required to read
225 # from PEM file. Leave blank if key is not encrypted.
226 TlsPrivateKeyPassword =
227
228

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27