/etc/reTurn/reTurnServer.config is in resiprocate-turn-server 1:1.9.7-5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | ########################################################
# reTurnServer configuration file
########################################################
# Software name to include in STUN messages
# Set this to an empty string to reveal no software
# name information in STUN messages.
# Default: reTURNServer (RFC5389)
# The default also includes the software version on
# those platforms where PACKAGE_VERSION is defined
# at compile time.
#SoftwareName =
# Whether or not to pad the SoftwareName value to
# a multiple of four bytes for compatibility with
# legacy clients. Default: true
#PadSoftwareName = true
########################################################
# Transport settings
########################################################
# Local IP Address to bind base STUN/TURN transports to.
# Note: This is the IP Address that clients should be configured to
# send STUN/TURN traffic to.
# Warning: If you are enabling RFC3489 backwards compatability
# (see AltStunAddress and AltStunPort settings), then do
# not leave this set to INADDR_ANY (0.0.0.0), place
# a valid IP address from a local NIC here.
TurnAddress = 0.0.0.0
# Local IPv6 Address to bind base STUN/TURN transports to.
# Note: This is the IP Address that IPv6 clients should be configured to
# send STUN/TURN traffic to.
# Not currently supported with RFC3489 backwards compatability
TurnV6Address = ::0
# Local UDP/TCP Port to bind base STUN/TURN transports to.
# Note: This is the port that clients should be configured to
# send STUN/TURN traffic over UDP and TCP.
# reTurn will always bind on this port using both UDP and TCP.
TurnPort = 3478
# Local TLS Port to bind base STUN/TURN transports to.
# Note: This is the port that clients should be configured to
# send STUN/TURN traffic over TLS.
# Set this to 0 to disable TLS support.
# The default port for STUN over TLS is 5349
# It is often necessary to use port 443 instead so that
# users can connect through a HTTP proxy that only allows
# traffic that appears to be going to a HTTPS server.
TlsTurnPort = 0
# Local IP Address to bind the transports used in Classic Stun
# NAT type discovery. Note: This address is only required if
# you need Classic Stun (RFC3489) support.
# It must be different from the TurnAddress setting, and a valid
# local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility
# support.
# Note: The STUN/TURN Client should not be configured with this
# address anywhere. This address is discovered by clients
# in Binding responses that are sent to the TurnAddress.
AltStunAddress = 0.0.0.0
# Local UDP Port to bind classic STUN (RFC3489) transports to.
# Set AltStunPort to 0 to disable any RFC3489 backwards compatibility,
# if you do not have a need to support the NAT type discovery procedures
# of RFC3489.
# Note: STUN/TURN Client should not be configured with this port anywhere.
# This port is discovered by clients in Binding responses that are
# sent to the TurnAddress/TurnPort.
AltStunPort = 0
########################################################
# Logging settings
########################################################
# Logging Type: syslog|cerr|cout|file
LoggingType = file
# Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
LoggingLevel = WARNING
# Log Filename
LogFilename = /var/log/reTurnServer/reTurnServer.log
# Log file Max Size
LogFileMaxLines = 0
########################################################
# UNIX related settings
########################################################
# Must be true or false, default = false, not supported on Windows
Daemonize = true
# On UNIX it is normal to create a PID file
# if unspecified, no attempt will be made to create a PID file
PidFile = /var/run/reTurnServer/reTurnServer.pid
# UNIX account information to run process as
RunAsUser = return
RunAsGroup = return
########################################################
# Authentication settings
########################################################
# Authentication Realm for Long Term Passwords
AuthenticationRealm = reTurn
# File containing user authentication data.
# The format of each line is:
#
# login:password:realm:state
#
# Typically, the realm field must match the value of AuthenticationRealm
# defined above.
#
# The state field can be one of:
#
# authorized (user authorized)
# refused (user denied access)
# restricted (for when bandwidth limiting is implemented)
#
# This file format is interchangeable with TurnServer.org's user database
#
UserDatabaseFile = /etc/reTurn/users.txt
# Hashed passwords in the user database file
# This option specifies whether the passwords are plain text
# or hashed with the scheme H(A1)
#
# When hashed passwords are enabled by this configuration setting,
# the values in the password column are the MD5 hash
# represented in hexadecimal
#
# To create a hashed password for the following credentials:
#
# user: bob
# realm: example.org
# password: foobar
#
# you can issue a command such as:
#
# echo -n bob:example.org:foobar | md5sum
#
# WARNING: the hashing scheme prevents recovery of the plain text
# password. However, H(A1) hash values must still be kept
# secret as they can be used to impersonate the user.
# Therefore, the user database file should always be readable
# only by the reTurn process and no other regular users.
#
UserDatabaseHashedPasswords = true
# How frequently to check the user database file for changes
# Set to 0 to only load the file once at startup
# Default = 60 seconds
UserDatabaseCheckInterval = 60
########################################################
# TURN Allocation settings
########################################################
NonceLifetime = 3600
# The starting port number to use for TURN allocations.
# This number MUST be an even number, in order to ensure
# proper operation for allocation of RTP port pairs.
# Default: 49152 (start of the Dynamic and/or Private Port range
# - recommended by RFC)
AllocationPortRangeMin = 49152
# The ending port number to use for TURN allocations.
# This number MUST be an odd number, in order to ensure
# proper operation for allocation of RTP port pairs.
# Default: 65535 (end of the Dynamic and/or Private Port range
# - recommended by RFC)
AllocationPortRangeMax = 65535
# Default time (in seconds) that an allocation will expire if an allocation
# refresh request is not sent. Default is 600 (10 minutes).
DefaultAllocationLifetime = 600
# Maximum time (in seconds) allowed that will be accepted in an allocation requests
# lifetime header (ie. between TURN allocation refreshes). If an allocation is
# received with a higher lifetime, then the response will be returned with this
# value instead. Default is 3600 (1 hour).
MaxAllocationLifetime = 3600
########################################################
# SSL/TLS Certificate settings
########################################################
# TLS Server Certificate Filename (loaded from working directory)
# The PEM formated file that contains the server certificate.
# If the CA supplies an intermediate certificate chain, those
# certificates should also be appened to this file.
# The private key may optionally be included in this file
# or in a separate key file specified by TlsServerPrivateKeyFilename
TlsServerCertificateFilename = server.pem
# TLS Server Private Key Filename (loaded from working directory)
# The PEM formated file that contains the private key of the certificate
# that will be presented to clients connecting over TLS.
# If not specified, reTurn will also try to find the private key
# in the file specified by TlsServerCertificateFilename
TlsServerPrivateKeyFilename = server-key.pem
# TLS temporary Diffie-Hellman parameters file (loaded from working directory)
# Can be generated with the command:
#
# openssl dhparam -outform PEM -out dh512.pem 512
#
TlsTempDhFilename = /etc/reTurn/dh512.pem
# TLS server private key certificate password required to read
# from PEM file. Leave blank if key is not encrypted.
TlsPrivateKeyPassword =
|