-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support STUN/TURN service discovery #3235
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make sure modules won't be reloaded before listeners. This is necessary to allow the (not yet committed) 'mod_stun_disco' module to parse the listener configuration after configuration reloads.
Use the current versions of 'xmpp' (to get XEP-0215 support) and 'stun' (to fix TURN issues).
Running this for a week for testing Conversations. 👍 |
1d95237
to
2d06f92
Compare
@weiss: Thanks for your good job! The missing important part is IPv6, hope soon too :) |
This module can be used just fine with STUN/TURN servers that support IPv6. |
Add the 'mod_stun_disco' module, which allows XMPP clients to discover STUN/TURN services and to obtain temporary credentials for using them as per XEP-0215: External Service Discovery. The temporary credentials handed out to clients have the format described in: https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 Also add the new module to the example configuration file. Closes processone#2947.
These days, STUN/TURN authentication can be performed with ephemeral credentials, where the REALM is irrelevant. Therefore, just log an [info] message rather than a [warning] in the case where no authentication REALM is configured but multiple virtual domains exist.
This module work with SCRAM passwords? |
@E-404 No, it generates short time credentials. See the links in the first post, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add the
mod_stun_disco
module, which allows XMPP clients to discover STUN/TURN services and to obtain temporary credentials for using them as per XEP-0215: External Service Discovery. The upcoming A/V support in the Android client Conversations will hard-depend on this server feature, and it's also used by clients such as Movim (and Jitsi Meet, though they currently use an outdated version of XEP-0215).The format of the temporary credentials handed out to clients is described in an IETF draft. Therefore, the module cannot only be used with ejabberd's built-in STUN/TURN support, but also with external STUN/TURN servers that support the same draft (such as coturn or restund). It also allows (non-XMPP) WebRTC applications to use ejabberd's built-in STUN/TURN support.
This PR doesn't touch existing code except for:
xmpp
andstun
dependencies in rebar.config/mix.exs,[warning]
logged byejabberd_stun
when multiple domains are configured and no auth realm is specified with a less alarming[info]
message (as the realm is irrelevant for XEP-0215 authentication), andThe module is shipped with test cases, has already been tested by several admins, and is running in production on two of the servers I operate myself.
Many thanks to @ChaosKid42, @licaon-kter, @rom1dep and others for testing things and giving very useful feedback.
Closes #2947.