SYNOPSIS
/usr/local/etc/turnserver.conf
DESCRIPTION
This is the TurnServer configuration file.Here are the configuration options supported.
OPTIONS
The file contains the following definitions:
- listen_address = { IPv4 address, ... }
-
The public IPv4 address of any relayed address (if not set, no relay for IPv4).
You can set more than one address, example:
listen_address = { "172.16.2.1", "173.17.2.1" }
The main advantage to have multiple public IPv4 addresses is to do load sharing.
- listen_addressv6 = { IPv6 address, ...}
-
The public IPv6 address of any relayed address (if not set, no relay for IPv6).
You can set more than one address, example:
listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }
The main advantage to have multiple public IPv6 addresses is to do load sharing.
- udp_port = number
-
The UDP port of the server to listen for incoming connections.
- tcp_port = number
-
The TCP port of the server to listen for incoming connections.
- tls_port = number
-
The TLS port of the server to listen for incoming connections.
- tls = boolean
-
Enable or not TLS over TCP connections.
- dtls = boolean
-
Enable or not TLS over UDP connections. It is an experimental feature of
TurnServer and it is not defined by TURN standard.
- max_port = number
-
Maximum allocation port number.
- min_port = number
-
Minimum allocation port number.
- turn_tcp = boolean
-
Enable or not TURN-TCP extension. This extension is documented in RFC6062.
- tcp_buffer_userspace = boolean
-
Enable or not userspace buffering for TURN-TCP extension. If false server will
use OS buffering.
- tcp_buffer_size = number
-
TURN-TCP internal buffer size. It is used to bufferize data coming from TCP peer
when client does not have sent ConnectionBind.
- daemon = boolean
-
Run the program as daemon.
- unpriv_user = string
-
If the program is run as root or setuid root, the program will drop its
privileges to the unpriv_user privileges.
To use this feature, create a special user with the adduser command: adduser --system --group turnserver
- realm = string
-
Realm value (i.e. domain.org).
- nonce_key = string
-
Key used to hash nonce.
- max_relay_per_username = number
-
Maximum number of allocation per username.
- allocation_lifetime = number
-
Lifetime of an allocation in second.
- bandwidth_per_allocation = number
-
Bandwidth limit for an allocation in KBytes/s.
0 value means disable bandwidth quota.
- restricted_bandwidth = number
-
Bandwidth limit for restricted userse in KBytes/s.
0 value means disable bandwidth limitation.
- denied_address {
address = IPv4 | IPv6 address
mask = bitmask number
port = number (1 - 65535)
}
Defines an entry for the denied access list. This can appear multiple time. Format is defined as follow:
address is a string representing an IPv4 or IPv6 address.
mask is a number representing the bitmask (i.e. 24 is similar as 255.255.255.0, ...).
port is a number representing the network port. The 0 value means all ports.It is strongly recommended to restrict addresses 127.0.0.1 and ::1 if there are private services running on the TURN server.
- ca_file = string
-
The pathname of the Certification Authority certificate (required when
tls=true).
- cert_file = string
-
The pathname of the server certificate (required when tls=true).
- private_key_file = string
-
The pathname of the server private key (required when tls=true).
- account_method = [file | db | ldap ...]
-
The method to retrieve account data.
Note that only the "file" method is implemented.
- account_file = string
-
The pathname of the account file (required when account_method=file).
- mod_tmpuser = boolean
-
Enable or not mod_tmpuser which consist of a socket that listen on localhost
and external program can create or delete temporary user.
EXAMPLE
listen_address = { "172.16.0.1" }
listen_addressv6 = { "2001:db8::1" }
udp_port = 3478
tcp_port = 3478
tls_port = 5349
tls = true
dtls = false
max_port = 65535
min_port = 49152
turn_tcp = false
tcp_buffer_userspace = true
tcp_buffer_size = 32768
daemon = false
unpriv_user = turnserver
realm = "domain.org"
nonce_key = "hieKedq"
max_relay_per_username = 10
allocation_lifetime = 1800
bandwidth_per_allocation = 150
restricted_bandwidth = 10
denied_address {
address = "172.1.0.3"
mask = 24
port = 0
}
denied_address {
address = "127.0.0.1"
mask = 8
port = 0
}
denied_address {
address = "::1"
mask = 128
port = 0
}
ca_file = "/etc/ca.crt"
cert_file = "/etc/server.crt"
private_key_file = "/etc/server.key"
account_method = "file"
account_file = "/etc/turnusers.txt