From 36908f255f0e0367802d1f1268aa9e097ef9e2f9 Mon Sep 17 00:00:00 2001
From: Alexey Kovrizhkin <lekovr@gmail.com>
Date: Sat, 6 Jan 2024 18:09:12 +0300
Subject: [PATCH] Ready for testing

---
 Makefile           | 21 +++++++++++++---
 README.md          |  2 +-
 docker-compose.yml | 61 +++++++++++++++++++++++++++-------------------
 3 files changed, 54 insertions(+), 30 deletions(-)

diff --git a/Makefile b/Makefile
index 073adf4..f938a13 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ CFG                ?= .env
 CFG_BAK            ?= $(CFG).bak
 
 #- App name
-APP_NAME           ?= coturn
+APP_NAME           ?= turn
 
 #- Docker image name
 IMAGE              ?= ghcr.io/coturn/coturn
@@ -19,7 +19,7 @@ IMAGE_VER          ?= 4.6.2-alpine
 APP_DOMAIN         ?= dev.test
 
 # Hostname for external access
-APP_SITE           ?= coturn.$(APP_DOMAIN)
+APP_SITE           ?= $(APP_DOMAIN)
 
 #EXTERNAL_IP        ?= $(shell docker run --rm $(IMAGE):$(IMAGE_VER) detect-external-ip)
 
@@ -36,6 +36,7 @@ MAX_PORT            = 49200
 
 USE_DB              = yes
 DB_INIT_SQL         = schema.sql
+USE_DCAPE_DC        = no
 # ------------------------------------------------------------------------------
 
 # if exists - load old values
@@ -64,5 +65,17 @@ endif
 ext-ip: CMD=exec app detect-external-ip
 ext-ip: dc
 
-cli: CMD=exec app bash
-cli: dc
+## Open CLI via telnet
+cli:
+	@echo "Use pass: $(CLI_SECRET)"
+	@telnet 127.0.0.1 5766
+
+PG_DSN := postgres://$(PGUSER):$(PGPASSWORD)@db/$(PGDATABASE)?sslmode=disable
+
+## Add admin user
+admin-add: CMD=exec app turnadmin -A -u admin -p "$(CLI_SECRET)" --psql-userdb="$(PG_DSN)"
+admin-add: dc
+
+## List admin users
+admin-ls: CMD=exec app turnadmin -L --psql-userdb="$(PG_DSN)"
+admin-ls: dc
diff --git a/README.md b/README.md
index a26686b..b6cb980 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Based on [coturn-docker](https://github.com/m1rkwood/coturn-docker) repo.
 
 ## Notes
 
-* Traefik [has no DTLS support](https://github.com/traefik/traefik/issues/6642)
+* Traefik [has no DTLS support](https://github.com/traefik/traefik/issues/6642), we are not using Traefik to proxy anything for it
 
 ## Docker image used
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4d57d9a..c9b41d5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,50 +1,61 @@
 # custom app config
-# overrides DCAPE/apps/drone/dcape-app/docker-compose.yml
 
 version: '2'
 
 services:
   app:
+    image: ${IMAGE}:${IMAGE_VER}
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/ssl/certs:/etc/ssl/certs:ro
+      - /opt/src/dopos/cert-exp/ssl:/ssl:ro # traefik acme.json exported
     restart: unless-stopped
     ports:
-#      - 3478:3478
-#      - 3478:3478/udp
-#      - 5349:5349
-#      - 5349:5349/udp
+## STUN/TURN
+      - "3478:3478"
+      - "3478:3478/udp"
+      - "3479:3479"
+      - "3479:3479/udp"
+## STUN/TURN SSL
+      - "5349:5349"
+      - "5349:5349/udp"
+      - "5350:5350"
+      - "5350:5350/udp"
+      - 7999:7999           # webadmin
+      - 127.0.0.1:5766:5766 # cli
+# Relay Ports
       - '${MIN_PORT}-${MAX_PORT}:${MIN_PORT}-${MAX_PORT}/udp'
-      - 127.0.0.1:5766:5766
     command:
       - -v
+      - --realm=${APP_SITE}
+      - --cert=/ssl/${APP_SITE}.crt
+      - --pkey=/ssl/${APP_SITE}.key
       - --log-file=stdout
       - --external-ip=$(detect-external-ip)
-      - --realm=${APP_SITE}
-      - --tcp-proxy-port=5555
       - --fingerprint
       - --listening-ip=0.0.0.0
-#      - '--external-ip=${EXTERNAL_IP}'
-#      - '--relay-ip=${EXTERNAL_IP}'
       - --min-port=${MIN_PORT}
       - --max-port=${MAX_PORT}
-      - --log-file=stdout
-      - --cli-ip=0.0.0.0
       - --use-auth-secret
       - --static-auth-secret=${STATIC_AUTH_SECRET}
-      - --cli-ip=0.0.0.0
       - --cli-password=${CLI_SECRET}
+      - --cli-ip=0.0.0.0
       - --web-admin
-      - --web-admin-listen-on-workers
-      - --no-tls
-      - --no-dtls
+      - --web-admin-ip=0.0.0.0
+      - --web-admin-port=7999
+      - --user-quota=12
+      - --total-quota=1200
+      - --no-tlsv1
+      - --no-tlsv1_1
+      - --no-tcp-relay
       - --pidfile=/var/tmp/turnserver.pid
-      - -n
-      - --psql-userdb="host=db dbname=${PGDATABASE} user=${PGUSER} password=${PGPASSWORD} sslmode=disable"
-#    tmpfs:
-#      - /run:mode=770,size=1k,uid=200,gid=10000
-#    network_mode: host
-    labels:
-      - "traefik.http.services.app-${APP_TAG}.loadbalancer.server.port=5555"
-      - "traefik.http.services.app-${APP_TAG}.loadbalancer.proxyprotocol=2"
-
+      - --psql-userdb="postgres://${PGUSER}:${PGPASSWORD}@db/${PGDATABASE}?sslmode=disable"
     environment:
       - DETECT_EXTERNAL_IP=yes
       - DETECT_RELAY_IP=yes
+
+networks:
+  default:
+    name: ${DCAPE_NET}
+    external: true