Permalink
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
mom040267
| GENERAL INFORMATION | |
| turnadmin is a TURN administration tool. This tool can be used to manage | |
| the user accounts (add/remove users, generate | |
| TURN keys for the users). For security reasons, we do not recommend | |
| storing passwords openly. The better option is to use pre-processed "keys" | |
| which are then used for authentication. These keys are generated by turnadmin. | |
| Turnadmin is a link to turnserver binary, but turnadmin performs different | |
| functions. | |
| Options note: turnadmin has long and short option names, for most options. | |
| Some options have only long form, some options have only short form. Their syntax | |
| somewhat different, if an argument is required: | |
| The short form must be used as this (for example): | |
| $ turnadmin -u <username> ... | |
| The long form equivalent must use the "=" character: | |
| $ turnadmin --user=<username> ... | |
| If this is a flag option (no argument required) then their usage are the same, for example: | |
| $ turnadmin -k ... | |
| is equivalent to: | |
| $ turnadmin --key ... | |
| You have always the use the -r <realm> option with commands for long term credentials - | |
| because data for multiple realms can be stored in the same database. | |
| ===================================== | |
| NAME | |
| turnadmin - a TURN relay administration tool. | |
| SYNOPSIS | |
| $ turnadmin [command] [options] | |
| $ turnadmin [ -h | --help] | |
| DESCRIPTION | |
| Commands: | |
| -P, --generate-encrypted-password Generate and print to the standard | |
| output an encrypted form of a password (for web admin user or CLI). | |
| The value then can be used as a safe key for the password | |
| storage on disk or in the database. Every invocation for the same password | |
| produces a different result. The for mat of the encrypted password is: | |
| $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters, | |
| the sha256 output is 64 characters. Character 5 is the algorithm id (sha256). | |
| Only sha256 is supported as the hash function. | |
| -k, --key Generate key for a long-term credentials mechanism user. | |
| -a, --add Add or update a long-term user. | |
| -A, --add-admin Add or update an admin user. | |
| -d, --delete Delete a long-term user. | |
| -D, --delete-admin Delete an admin user. | |
| -l, --list List long-term users in the database. | |
| -L, --list-admin List admin users in the database. | |
| -s, --set-secret=<value> Add shared secret for TURN RESP API | |
| -S, --show-secret Show stored shared secrets for TURN REST API | |
| -X, --delete-secret=<value> Delete a shared secret. | |
| --delete-all_secrets Delete all shared secrets for REST API. | |
| -O, --add-origin Add origin-to-realm relation. | |
| -R, --del-origin Delete origin-to-realm relation. | |
| -I, --list-origins List origin-to-realm relations. | |
| -g, --set-realm-option Set realm params: max-bps, total-quota, user-quota. | |
| -G, --list-realm-options List realm params. | |
| -E, --generate-encrypted-password-aes Generate and print to the standard output | |
| an encrypted form of password with AES-128 | |
| Options with required values: | |
| -b, --db, --userdb SQLite user database file name (default - /var/db/turndb or | |
| /usr/local/var/db/turndb or /var/lib/turn/turndb). | |
| See the same option in the turnserver section. | |
| -e, --psql-userdb PostgreSQL user database connection string. | |
| See the --psql-userdb option in the turnserver section. | |
| -M, --mysql-userdb MySQL user database connection string. | |
| See the --mysql-userdb option in the turnserver section. | |
| -J, --mongo-userdb MongoDB user database connection string. | |
| See the --mysql-mongo option in the turnserver section. | |
| -N, --redis-userdb Redis user database connection string. | |
| See the --redis-userdb option in the turnserver section. | |
| -u, --user User name. | |
| -r, --realm Realm. | |
| -p, --password Password. | |
| -x, --key-path Generates a 128 bit key into the given path. | |
| -f, --file-key-path Contains a 128 bit key in the given path. | |
| -v, --verify Verify a given base64 encrypted type password. | |
| -o, --origin Origin | |
| --max-bps Set value of realm's max-bps parameter. | |
| --total-quota Set value of realm's total-quota parameter. | |
| --user-quota Set value of realm's user-quota parameter. | |
| -h, --help Help. | |
| Command examples: | |
| Generate an encrypted form of a password: | |
| $ turnadmin -P -p <password> | |
| Generate a key: | |
| $ turnadmin -k -u <username> -r <realm> -p <password> | |
| Add/update a user in the in the database: | |
| $ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password> | |
| Delete a user from the database: | |
| $ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> | |
| List all long-term users in MySQL database: | |
| $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm> | |
| List all admin users in Redis database: | |
| $ turnadmin -L --redis-userdb="<db-connection-string>" | |
| Set secret in MySQL database: | |
| $ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm> | |
| Show secret stored in PostgreSQL database: | |
| $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm> | |
| Set origin-to-realm relation in MySQL database: | |
| $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin> | |
| Delete origin-to-realm relation from Redis DB: | |
| $ turnadmin --redis-userdb="<db-connection-string>" -o <origin> | |
| List all origin-to-realm relations in Redis DB: | |
| $ turnadmin --redis-userdb="<db-connection-string>" -I | |
| List the origin-to-realm relations in PostgreSQL DB for a single realm: | |
| $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm> | |
| Create new key file for mysql password encryption: | |
| $ turnadmin -E --key-path <key-file> | |
| Create encrypted mysql password: | |
| $ turnadmin -E --file-key-path <key-file> -p <secret> | |
| Verify/decrypt encrypted password: | |
| $ turnadmin --file-key-path <key-file> -v <encrypted> | |
| Help: | |
| $ turnadmin -h | |
| ======================================= | |
| DOCS | |
| After installation, run the command: | |
| $ man turnadmin | |
| or in the project root directory: | |
| $ man -M man turnadmin | |
| to see the man page. | |
| ===================================== | |
| FILES | |
| /etc/turnserver.conf | |
| /var/db/turndb | |
| /usr/local/var/db/turndb | |
| /var/lib/turn/turndb | |
| /usr/local/etc/turnserver.conf | |
| ===================================== | |
| DIRECTORIES | |
| /usr/local/share/turnserver | |
| /usr/local/share/doc/turnserver | |
| /usr/local/share/examples/turnserver | |
| ====================================== | |
| SEE ALSO | |
| turnserver, turnutils | |
| ====================================== | |
| WEB RESOURCES | |
| project page: | |
| https://github.com/coturn/coturn/ | |
| Wiki page: | |
| https://github.com/coturn/coturn/wiki | |
| forum: | |
| https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/ | |
| ====================================== | |
| AUTHORS | |
| Oleg Moskalenko <mom040267@gmail.com> | |
| Gabor Kovesdan http://kovesdan.org/ | |
| Daniel Pocock http://danielpocock.com/ | |
| John Selbie (jselbie@gmail.com) | |
| Lee Sylvester <lee@designrealm.co.uk> | |
| Erik Johnston <erikj@openmarket.com> | |
| Roman Lisagor <roman@demonware.net> | |
| Vladimir Tsanev <tsachev@gmail.com> | |
| Po-sheng Lin <personlin118@gmail.com> | |
| Peter Dunkley <peter.dunkley@acision.com> | |
| Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp> | |
| Federico Pinna <fpinna@vivocha.com> | |
| Bradley T. Hughes <bradleythughes@fastmail.fm> | |
| Mihaly Meszaros <misi@majd.eu> |