/[resiprocate]/main/reTurn/reTurnServer.config
ViewVC logotype

Annotation of /main/reTurn/reTurnServer.config

Parent Directory Parent Directory | Revision Log Revision Log


Revision 11221 - (hide annotations) (download)
Sat Aug 30 14:15:44 2014 UTC (5 years, 3 months ago) by dpocock
File size: 8530 byte(s)
reTurn: Logging: configuring Syslog facility
1 sgodin 10129 ########################################################
2     # reTurnServer configuration file
3     ########################################################
4    
5 Dpocock 10796 # Software name to include in STUN messages
6     # Set this to an empty string to reveal no software
7     # name information in STUN messages.
8     # Default: reTURNServer (RFC5389)
9     # The default also includes the software version on
10     # those platforms where PACKAGE_VERSION is defined
11     # at compile time.
12     #SoftwareName =
13    
14     # Whether or not to pad the SoftwareName value to
15     # a multiple of four bytes for compatibility with
16     # legacy clients. Default: true
17     #PadSoftwareName = true
18    
19 sgodin 10129 ########################################################
20     # Transport settings
21     ########################################################
22    
23     # Local IP Address to bind base STUN/TURN transports to.
24     # Note: This is the IP Address that clients should be configured to
25     # send STUN/TURN traffic to.
26     # Warning: If you are enabling RFC3489 backwards compatability
27     # (see AltStunAddress and AltStunPort settings), then do
28     # not leave this set to INADDR_ANY (0.0.0.0), place
29     # a valid IP address from a local NIC here.
30     TurnAddress = 0.0.0.0
31    
32 Dpocock 10468 # Local IPv6 Address to bind base STUN/TURN transports to.
33     # Note: This is the IP Address that IPv6 clients should be configured to
34     # send STUN/TURN traffic to.
35     # Not currently supported with RFC3489 backwards compatability
36     TurnV6Address = ::0
37    
38 sgodin 10129 # Local UDP/TCP Port to bind base STUN/TURN transports to.
39     # Note: This is the port that clients should be configured to
40     # send STUN/TURN traffic over UDP and TCP.
41 dpocock 10629 # reTurn will always bind on this port using both UDP and TCP.
42 sgodin 10129 TurnPort = 3478
43    
44     # Local TLS Port to bind base STUN/TURN transports to.
45     # Note: This is the port that clients should be configured to
46     # send STUN/TURN traffic over TLS.
47 dpocock 10629 # Set this to 0 to disable TLS support.
48     # The default port for STUN over TLS is 5349
49     # It is often necessary to use port 443 instead so that
50     # users can connect through a HTTP proxy that only allows
51     # traffic that appears to be going to a HTTPS server.
52 sgodin 10129 TlsTurnPort = 5349
53    
54     # Local IP Address to bind the transports used in Classic Stun
55     # NAT type discovery. Note: This address is only required if
56     # you need Classic Stun (RFC3489) support.
57     # It must be different from the TurnAddress setting, and a valid
58     # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
59     # support.
60     # Note: The STUN/TURN Client should not be configured with this
61     # address anywhere. This address is discovered by clients
62     # in Binding responses that are sent to the TurnAddress.
63     AltStunAddress = 0.0.0.0
64    
65     # Local UDP Port to bind classic STUN (RFC3489) transports to.
66     # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
67     # if you do not have a need to support the NAT type discovery procedures
68     # of RFC3489.
69     # Note: STUN/TURN Client should not be configured with this port anywhere.
70     # This port is discovered by clients in Binding responses that are
71     # sent to the TurnAddress/TurnPort.
72     AltStunPort = 0
73    
74    
75     ########################################################
76     # Logging settings
77     ########################################################
78    
79     # Logging Type: syslog|cerr|cout|file
80     LoggingType = file
81    
82 dpocock 11221 # For syslog, also specify the facility, default is LOG_DAEMON
83     SyslogFacility = LOG_DAEMON
84    
85 sgodin 10129 # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
86     LoggingLevel = DEBUG
87    
88     # Log Filename
89     LogFilename = reTurnServer.log
90    
91     # Log file Max Size
92     LogFileMaxLines = 50000
93    
94    
95     ########################################################
96     # UNIX related settings
97     ########################################################
98    
99     # Must be true or false, default = false, not supported on Windows
100     Daemonize = false
101    
102     # On UNIX it is normal to create a PID file
103     # if unspecified, no attempt will be made to create a PID file
104     #PidFile = /var/run/reTurnServer/reTurnServer.pid
105    
106     # UNIX account information to run process as
107     #RunAsUser = return
108     #RunAsGroup = return
109    
110    
111     ########################################################
112     # Authentication settings
113     ########################################################
114    
115     # Authentication Realm for Long Term Passwords
116     AuthenticationRealm = reTurn
117    
118 sgodin 10220 # File containing user authentication data.
119     # The format of each line is:
120     #
121     # login:password:realm:state
122     #
123     # Typically, the realm field must match the value of AuthenticationRealm
124     # defined above.
125     #
126     # The state field can be one of:
127     #
128     # authorized (user authorized)
129     # refused (user denied access)
130     # restricted (for when bandwidth limiting is implemented)
131     #
132     # This file format is interchangeable with TurnServer.org's user database
133     #
134     UserDatabaseFile = users.txt
135    
136 Dpocock 10779 # Hashed passwords in the user database file
137     # This option specifies whether the passwords are plain text
138     # or hashed with the scheme H(A1)
139     #
140     # When hashed passwords are enabled by this configuration setting,
141     # the values in the password column are the MD5 hash
142     # represented in hexadecimal
143     #
144     # To create a hashed password for the following credentials:
145     #
146     # user: bob
147     # realm: example.org
148     # password: foobar
149     #
150     # you can issue a command such as:
151     #
152     # echo -n bob:example.org:foobar | md5sum
153     #
154     # WARNING: the hashing scheme prevents recovery of the plain text
155     # password. However, H(A1) hash values must still be kept
156     # secret as they can be used to impersonate the user.
157     # Therefore, the user database file should always be readable
158     # only by the reTurn process and no other regular users.
159     #
160     UserDatabaseHashedPasswords = false
161    
162 Dpocock 10775 # How frequently to check the user database file for changes
163     # Set to 0 to only load the file once at startup
164     # Default = 60 seconds
165     UserDatabaseCheckInterval = 60
166 sgodin 10220
167 sgodin 10129 ########################################################
168     # TURN Allocation settings
169     ########################################################
170    
171     NonceLifetime = 3600
172    
173     # The starting port number to use for TURN allocations.
174     # This number MUST be an even number, in order to ensure
175     # proper operation for allocation of RTP port pairs.
176     # Default: 49152 (start of the Dynamic and/or Private Port range
177     # - recommended by RFC)
178     AllocationPortRangeMin = 49152
179    
180     # The ending port number to use for TURN allocations.
181     # This number MUST be an odd number, in order to ensure
182     # proper operation for allocation of RTP port pairs.
183     # Default: 65535 (end of the Dynamic and/or Private Port range
184     # - recommended by RFC)
185     AllocationPortRangeMax = 65535
186    
187     # Default time (in seconds) that an allocation will expire if an allocation
188     # refresh request is not sent. Default is 600 (10 minutes).
189     DefaultAllocationLifetime = 600
190    
191     # Maximum time (in seconds) allowed that will be accepted in an allocation requests
192     # lifetime header (ie. between TURN allocation refreshes). If an allocation is
193     # received with a higher lifetime, then the response will be returned with this
194     # value instead. Default is 3600 (1 hour).
195     MaxAllocationLifetime = 3600
196    
197    
198     ########################################################
199     # SSL/TLS Certificate settings
200     ########################################################
201    
202     # TLS Server Certificate Filename (loaded from working directory)
203 dpocock 10717 # The PEM formated file that contains the server certificate.
204 Dpocock 10864 # If the CA supplies an intermediate certificate chain, those
205 dpocock 10717 # certificates should also be appened to this file.
206     # The private key may optionally be included in this file
207     # or in a separate key file specified by TlsServerPrivateKeyFilename
208 sgodin 10129 TlsServerCertificateFilename = server.pem
209    
210 dpocock 10717 # TLS Server Private Key Filename (loaded from working directory)
211     # The PEM formated file that contains the private key of the certificate
212     # that will be presented to clients connecting over TLS.
213     # If not specified, reTurn will also try to find the private key
214     # in the file specified by TlsServerCertificateFilename
215 sgodin 10964 TlsServerPrivateKeyFilename =
216 dpocock 10717
217 sgodin 10129 # TLS temporary Diffie-Hellman parameters file (loaded from working directory)
218 Dpocock 10774 # Can be generated with the command:
219     #
220     # openssl dhparam -outform PEM -out dh512.pem 512
221     #
222 sgodin 10129 TlsTempDhFilename = dh512.pem
223    
224     # TLS server private key certificate password required to read
225     # from PEM file. Leave blank if key is not encrypted.
226     TlsPrivateKeyPassword =
227 dpocock 10208
228 Dpocock 10212

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27