This will build a Docker Image for Eturnal, A STUN and TURN server
- About
- Maintainer
- Table of Contents
- Installation
- Configuration
- Maintenance
- Support
- License
- References
Clone this repository and build the image with docker build -t (imagename) .
Builds of the image are available on Docker Hub.
docker pull tiredofit/eturnal:(imagetag)
Builds of the image are also available on the Github Container Registry
docker pull ghcr.io/tiredofit/docker-eturnal:(imagetag)
The following image tags are available along with their tagged release based on what's written in the Changelog:
Container OS | Tag |
---|---|
Alpine | :latest |
Images are built primarily for amd64
architecture, and may also include builds for arm/v7
, arm64
and others. These variants are all unsupported. Consider sponsoring my work so that I can work with various hardware. To see if this image supports multiple architecures, type docker manifest (image):(tag)
-
The quickest way to get started is using docker-compose. See the examples folder for a working compose.yml that can be modified for development or production use.
-
Set various environment variables to understand the capabilities of this image.
-
Map persistent storage for access to configuration and data files for backup.
The following directories are used for configuration and can be mapped for persistent storage.
Directory | Description |
---|---|
/config/ | Configuration Files |
/logs/ | Configuration Files |
This image relies on an Alpine Linux base image that relies on an init system for added capabilities. Outgoing SMTP capabilities are handlded via msmtp
. Individual container performance monitoring is performed by zabbix-agent. Additional tools include: bash
,curl
,less
,logrotate
,nano
,vim
.
Be sure to view the following repositories to understand all the customizable options:
Image | Description |
---|---|
OS Base | Customized Image based on Alpine Linux |
Variable | Value | Default |
---|---|---|
CONFIG_FILE |
eturnal.yml |
|
CONFIG_PATH |
/config/ |
|
LOG_FILE |
eturnal.log |
|
LOG_LEVEL |
critical debug error info notice warning |
info |
LOG_PATH |
/logs/ |
|
LOG_TYPE |
FILE |
FILE |
SETUP_MODE |
AUTO |
AUTO |
Variable | Value | Default |
---|---|---|
BLACKLIST_IP |
Comma seperated | 127.0.0.0/8,::1 |
ENABLE_IPV4 |
Enable IPV4 Support | TRUE |
ENABLE_IPV6 |
Enable IPV6 Support | FALSE |
ENABLE_LOG_STUN |
Enable logging STUN requests | FALSE |
ENABLE_TCP |
TRUE |
|
ENABLE_TLS |
FALSE |
|
ENABLE_UDP |
TRUE |
|
ETURNALCTL_ARGS |
Extra arguments to pass to eternalctl |
|
MAX_BPS |
Limit bandwidth via a number eg 10000or unlimited` |
unlimited |
MAX_PERMISSIONS |
Limit maxmimum number of TURN permissions per allocation. Number eg 10 or unlimited |
10 |
PUBLIC_IPV4 |
auto to use STUN_IPV4_HOST or IPV4 eg 123.123.123.123 |
|
PUBLIC_IPV6 |
auto to use STUN_IPV6_HOST or IPV6 eg FE80:0000:0000:0000:0202:B3FF:FE1E:8329 |
|
REALM |
Authentication Realm | eturnal.net |
RELAY_MIN_PORT |
Minimum Port Range | 49152 |
RELAY_MAX_PORT |
Maximum Port Range | 65535 |
SECRET |
Shared secret | tiredofit |
SOFTWARE_NAME |
Software name to advertise during STUN/TURN | eturnal |
STRICT_EXPIRY |
Disconnect clients as soon as credentials expire | false |
STUN_IPV4_SERVICE |
Use this host to lookup your IPV4 Address | stun.google.com:19302 |
STUN_IPV6_SERVICE |
Use this host to lookup your IPV6 Address | [2a01:4f8:1c0c:6374::1]:3478 |
STUN_LOG_LEVEL |
critical debug error info notice warning |
${LOG_LEVEL} |
TCP_ENABLE_PROXY_PROTOCOL |
Grab client IP:port from Proxy Protocol header | false |
TCP_ENABLE_TURN |
true false only offer STUN true |
|
TCP_LISTEN_IP |
:: |
|
TCP_LISTEN_PORT |
3478 |
|
TLS_CERT_FILE |
Path and filename | |
TLS_CIPHERS |
TLS Cipher List | HIGH:!aNULL:@STRENGTH |
TLS_DHPARAM_FILE |
Path and filename | |
TLS_KEY_FILE |
Path and filename | |
TLS_ENABLE_PROXY_PROTOCOL |
Grab client IP:port from Proxy Protocol header | false |
TLS_ENABLE_TURN |
true false only offer STUN true |
|
TLS_LISTEN_IP |
:: |
|
TLS_LISTEN_PORT |
5349 |
|
TLS_OPTIONS |
Comma seperated eg no_tlsv1,no_tlsv1_1,cipherserver_prference |
|
UDP_ENABLE_TURN |
true false only offer STUN true |
|
UDP_LISTEN_IP |
:: |
|
UDP_LISTEN_PORT |
3478 |
|
WHITELIST_IP |
Comma seperated | `` |
Variable | Value | Default |
---|---|---|
ENABLE_STATS_INFLUX |
FALSE |
|
ENABLE_STATS_PROMETHEUS |
Enable Prometheus Statistics Support | FALSE |
STATS_INFLUX_HOST |
`` | |
STATS_INFLUX_PORT |
8089 |
|
STATS_PROMETHEUS_ENABLE_TLS |
true false |
false |
STATS_PROMETHEUS_ENABLE_VM_METRICS |
false |
|
STATS_PROMETHEUS_LISTEN_IP |
127.0.0.1 |
|
STATS_PROMETHEUS_LISTEN_PORT |
8081 |
|
STATS_PROMETHEUS_TLS_CERT_FILE |
Path and Filename | `` |
STATS_PROMETHEUS_TLS_KEY_FILE |
Path and Filename | `` |
Port | Protocol | Description |
---|---|---|
3478 |
udp |
|
3478 |
tcp |
|
5349 |
tls |
For debugging and maintenance purposes you may want access the containers shell.
docker exec -it (whatever your container name is) bash
These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
- The Discussions board is a great place for working with the community on tips and tricks of using this image.
- Consider sponsoring me for personalized support.
- Please, submit a Bug Report if something isn't working as expected. I'll do my best to issue a fix in short order.
- Feel free to submit a feature request, however there is no guarantee that it will be added, or at what timeline.
- Consider sponsoring me regarding development of features.
- Best effort to track upstream changes, More priority if I am actively using the image in a production environment.
- Consider sponsoring me for up to date releases.
MIT. See LICENSE for more details.