add: dcapev3, pgsql

dopos · Jan 5, 2024 · a33c4ea · a33c4ea
1 parent fb94eaf
commit a33c4ea
Show file tree

Hide file tree

Showing 6 changed files with 161 additions and 76 deletions.
diff --git a/.drone.yml b/.drone.yml
diff --git a/.woodpecker.yml b/.woodpecker.yml
@@ -0,0 +1,22 @@
+
+# lint this file
+# go install github.com/woodpecker-ci/woodpecker/cmd/cli@latest
+# cli lint .woodpecker.yml
+
+variables:
+    - &dcape_img 'dcape-compose'
+
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      lfs: false
+      tags: false
+
+steps:
+  deploy:
+    image: *dcape_img
+    commands:
+      - make .default-deploy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
diff --git a/Makefile b/Makefile
@@ -1,60 +1,68 @@
-# app custom Makefile
+## dcape-app-template Makefile
+## This file extends Makefile.app from dcape
+#:
 
-APP_NAME ?= coturn
+SHELL               = /bin/bash
+CFG                ?= .env
+CFG_BAK            ?= $(CFG).bak
 
-# The domain name of this homeserver.
-APP_DOMAIN ?= dev.lan
-
-# Hostname for external access
-APP_SITE ?= coturn.dev.lan
+#- App name
+APP_NAME           ?= coturn
 
-# Docker repo & image name without version
-IMAGE    ?= ghcr.io/coturn/coturn
+#- Docker image name
+IMAGE              ?= ghcr.io/coturn/coturn
 
-#USE_TLS = yes
+#- Docker image tag
+IMAGE_VER          ?= 4.6.2-alpine
 
-# ------------------------------------------------------------------------------
-# app custom config
+# The domain name of this homeserver.
+APP_DOMAIN         ?= dev.test
 
-IMAGE_VER        ?= 4.6.1-alpine
+# Hostname for external access
+APP_SITE           ?= coturn.$(APP_DOMAIN)
 
 #EXTERNAL_IP        ?= $(shell docker run --rm $(IMAGE):$(IMAGE_VER) detect-external-ip)
+
+#- STATIC_AUTH_SECRET
 STATIC_AUTH_SECRET ?= $(shell < /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo)
+
+#- CLI_SECRET
 CLI_SECRET         ?= $(shell < /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo)
 
+#- UDP min port
 MIN_PORT            = 49152
+#- UDP max port
 MAX_PORT            = 49200
 
+USE_DB              = yes
+DB_INIT_SQL         = schema.sql
 # ------------------------------------------------------------------------------
-# .env template (custom part)
-# inserted in .env.sample via 'make config'
-define CONFIG_CUSTOM
-# ------------------------------------------------------------------------------
-# app custom config, generated by make config
-# db:$(USE_DB) user:$(ADD_USER)
-
 
-#EXTERNAL_IP=$(EXTERNAL_IP)
-STATIC_AUTH_SECRET=$(STATIC_AUTH_SECRET)
-CLI_SECRET=$(CLI_SECRET)
+# if exists - load old values
+-include $(CFG_BAK)
+export
 
-MIN_PORT=$(MIN_PORT)
-MAX_PORT=$(MAX_PORT)
+-include $(CFG)
+export
 
-# Path to /opt/dcape/var. Used only outside drone
-DCAPE_ROOT=$(DCAPE_ROOT)
-
-endef
+DB_ADMIN_USER      ?= $(PGUSER)
 
 # ------------------------------------------------------------------------------
-# Find and include DCAPE/apps/drone/dcape-app/Makefile
+# Find and include DCAPE_ROOT/Makefile
 DCAPE_COMPOSE   ?= dcape-compose
-DCAPE_MAKEFILE  ?= $(shell docker inspect -f "{{.Config.Labels.dcape_app_makefile}}" $(DCAPE_COMPOSE))
-ifeq ($(shell test -e $(DCAPE_MAKEFILE) && echo -n yes),yes)
-  include $(DCAPE_MAKEFILE)
+DCAPE_ROOT      ?= $(shell docker inspect -f "{{.Config.Labels.dcape_root}}" $(DCAPE_COMPOSE))
+
+ifeq ($(shell test -e $(DCAPE_ROOT)/Makefile.app && echo -n yes),yes)
+  include $(DCAPE_ROOT)/Makefile.app
 else
-  include /opt/dcape-app/Makefile
+  include /opt/dcape/Makefile.app
 endif
 
-ext-ip:
-	@echo $(EXTERNAL_IP)
+# ------------------------------------------------------------------------------
+
+## Cals and show external ip
+ext-ip: CMD=exec app detect-external-ip
+ext-ip: dc
+
+cli: CMD=exec app bash
+cli: dc
diff --git a/README.md b/README.md
@@ -11,6 +11,10 @@
 [coturn](https://github.com/coturn/coturn) application package for [dcape](https://github.com/dopos/dcape).
 Based on [coturn-docker](https://github.com/m1rkwood/coturn-docker) repo.
 
+## Notes
+
+* Traefik [has no DTLS support](https://github.com/traefik/traefik/issues/6642)
+
 ## Docker image used
 
 * [ghcr.io/coturn/coturn](https://github.com/coturn/coturn/pkgs/container/coturn)

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,32 +7,44 @@ services:
   app:
     restart: unless-stopped
     ports:
-      - 3478:3478
-      - 3478:3478/udp
-      - 5349:5349
-      - 5349:5349/udp
+#      - 3478:3478
+#      - 3478:3478/udp
+#      - 5349:5349
+#      - 5349:5349/udp
       - '${MIN_PORT}-${MAX_PORT}:${MIN_PORT}-${MAX_PORT}/udp'
+      - 127.0.0.1:5766:5766
     command:
-      - '--realm=${APP_SITE}'
-      - '--server-name=turn-server'
-      - '--fingerprint'
-      - '--listening-ip=0.0.0.0'
+      - -v
+      - --log-file=stdout
+      - --external-ip=$(detect-external-ip)
+      - --realm=${APP_SITE}
+      - --tcp-proxy-port=5555
+      - --fingerprint
+      - --listening-ip=0.0.0.0
 #      - '--external-ip=${EXTERNAL_IP}'
 #      - '--relay-ip=${EXTERNAL_IP}'
-      - '--min-port=${MIN_PORT}'
-      - '--max-port=${MAX_PORT}'
-      - '--log-file=stdout'
-#      - '--tls-listening-port=443'
-      - '--use-auth-secret'
-      - '--static-auth-secret=${STATIC_AUTH_SECRET}'
-      - '--cli-password=${CLI_SECRET}'
-      - --no-tls --no-dtls -n
+      - --min-port=${MIN_PORT}
+      - --max-port=${MAX_PORT}
+      - --log-file=stdout
+      - --cli-ip=0.0.0.0
+      - --use-auth-secret
+      - --static-auth-secret=${STATIC_AUTH_SECRET}
+      - --cli-ip=0.0.0.0
+      - --cli-password=${CLI_SECRET}
+      - --web-admin
+      - --web-admin-listen-on-workers
+      - --no-tls
+      - --no-dtls
       - --pidfile=/var/tmp/turnserver.pid
-    tmpfs:
-      - /run:mode=770,size=1k,uid=200,gid=10000
+      - -n
+      - --psql-userdb="host=db dbname=${PGDATABASE} user=${PGUSER} password=${PGPASSWORD} sslmode=disable"
+#    tmpfs:
+#      - /run:mode=770,size=1k,uid=200,gid=10000
 #    network_mode: host
     labels:
-      - "traefik.http.services.app-${APP_TAG}.loadbalancer.server.port=3478"
+      - "traefik.http.services.app-${APP_TAG}.loadbalancer.server.port=5555"
+      - "traefik.http.services.app-${APP_TAG}.loadbalancer.proxyprotocol=2"
+
     environment:
       - DETECT_EXTERNAL_IP=yes
       - DETECT_RELAY_IP=yes
diff --git a/schema.sql b/schema.sql
@@ -0,0 +1,60 @@
+/*
+  Code from:
+    https://raw.githubusercontent.com/coturn/coturn/master/docker/postgresql/schema.sql
+    or https://github.com/coturn/coturn/blob/master/turndb/schema.sql
+*/
+
+CREATE TABLE turnusers_lt (
+    realm varchar(127) default '',
+    name varchar(512),
+    hmackey char(128),
+    PRIMARY KEY (realm,name)
+);
+
+CREATE TABLE turn_secret (
+	realm varchar(127) default '',
+	value varchar(256),
+	primary key (realm,value)
+);
+
+CREATE TABLE allowed_peer_ip (
+	realm varchar(127) default '',
+	ip_range varchar(256),
+	primary key (realm,ip_range)
+);
+
+CREATE TABLE denied_peer_ip (
+	realm varchar(127) default '',
+	ip_range varchar(256),
+	primary key (realm,ip_range)
+);
+
+CREATE TABLE turn_origin_to_realm (
+	origin varchar(127),
+	realm varchar(127),
+	primary key (origin)
+);
+
+CREATE TABLE turn_realm_option (
+	realm varchar(127) default '',
+	opt varchar(32),
+	value varchar(128),
+	primary key (realm,opt)
+);
+
+CREATE TABLE oauth_key (
+	kid varchar(128),
+	ikm_key varchar(256),
+	timestamp bigint default 0,
+	lifetime integer default 0,
+	as_rs_alg varchar(64) default '',
+	realm varchar(127),
+	primary key (kid)
+);
+
+CREATE TABLE admin_user (
+	name varchar(32),
+	realm varchar(127),
+	password varchar(127),
+	primary key (name)
+);