netshade/matrix-synapse-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed coturn from the stack because of misconfiguration and for less complexity

Browse Source
This commit is contained in:
twicechild 2022-02-17 15:48:41 +02:00
parent e7def6633a
commit d3471c702b
4 changed files with 3 additions and 1514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
README.md
View File

@ -9,7 +9,6 @@ The stack follows some specific logic concerning the file organization and a cou
- Synapse homeserver - `matrixdotorg/synapse:latest` - Synapse homeserver - `matrixdotorg/synapse:latest`
- Element Web Client - `vectorim/element-web` - Element Web Client - `vectorim/element-web`
- Synapse Admin - `awesometechnologies/synapse-admin` - Synapse Admin - `awesometechnologies/synapse-admin`
- Turn Server - `instrumentisto/coturn`
- Telegram Bridge - `dock.mau.dev/tulir/mautrix-telegram:latest` - Telegram Bridge - `dock.mau.dev/tulir/mautrix-telegram:latest`
- Facebook Bridge - `dock.mau.dev/tulir/mautrix-facebook:latest` - Facebook Bridge - `dock.mau.dev/tulir/mautrix-facebook:latest`
- Maubot bot manager - `dock.mau.dev/maubot/maubot:latest` - Maubot bot manager - `dock.mau.dev/maubot/maubot:latest`
@ -57,7 +56,6 @@ ${CONF_PATH}/
db/ db/
homeserver/ homeserver/
webchat/ webchat/
turn/
telegram-bridge/ telegram-bridge/
facebook-bridge/ facebook-bridge/
webhook-service/ webhook-service/
@ -415,44 +413,6 @@ app_service_config_files:
<br/> <br/>
## Turn server (for audio and video calls)
Create a new file `turnserver.conf` in `${CONF_PATH}/turn/`. Copy and paste the sample file from: https://github.com/coturn/coturn/blob/master/docker/coturn/turnserver.conf
Edit the following in the file:
- Specify and external ip
```
external-ip=<YOUR PUBLIC IP, IF YOU PLAN TO USE IT FROM THE INTERNET>
external-ip=<YOUR DOCKER HOST IP>
```
- Specify a port range
```
min-port=64000
max-port=65535
```
This range worked perfectly for me but you should define your own depending on your network setup
- Certificates:
```
cert=/certs/WILDCARD.ms.local.crt
pkey=/certs/WILDCARD.ms.local.key
```
- Define a realm
```
realm=turn.ms.local
```
- Uncomment `use-auth-secret`. Generate a alphanumeric and fill `static-auth-secret=`.
- In `homeserver.yaml` in `##TURN##` section paste the same alpanumeric at `turn_shared_secret: "ALPHANUMERIC"` and add the following `turn_uris`
```
turn_uris:
- "turn:turn.ms.local?transport=udp"
- "turn:turn.ms.local?transport=tcp"
- "turns:turn.ms.local:5349?transport=udp"
- "turns:turn.ms.local:5349?transport=tcp"
```
<br/> <br/>
@ -474,7 +434,6 @@ After a while we should be able to visit the web element UI at `https://webchat.
- Postgres for the bridges databases - Postgres for the bridges databases
- No `--serverstransport.insecureskipverify=true` in traefik commands - No `--serverstransport.insecureskipverify=true` in traefik commands
- Use `secrets` for sensitive information - Use `secrets` for sensitive information
- Turn server runs in host network mode. This is needed to better communicate with UDP. This means that your devices and containers (especially `homeserver`) should be able to resolve `turn.ms.local` to you docker host IP
- There are some more things to setup for the homeserver, bots and bridges. Please refer to their respective documentations. - There are some more things to setup for the homeserver, bots and bridges. Please refer to their respective documentations.
@ -492,10 +451,6 @@ It goes without saying that I'm not responsible for anything that might go wrong
- Github: @postgres | https://github.com/postgres/postgres - Github: @postgres | https://github.com/postgres/postgres
- Documentation: https://www.postgresql.org/docs/current/ - Documentation: https://www.postgresql.org/docs/current/
- Docker image: https://hub.docker.com/_/postgres/ - Docker image: https://hub.docker.com/_/postgres/
- Coturn
- Github: @coturn | https://github.com/coturn/coturn
- Documantation: https://github.com/coturn/coturn/wiki/
- Docker image: https://hub.docker.com/r/instrumentisto/coturn/
- Element.io Web - Element.io Web
- Github: @vector-im - Github: @vector-im
- Docker image: https://hub.docker.com/r/vectorim/element-web/ - Docker image: https://hub.docker.com/r/vectorim/element-web/

12
docker-compose.yml
View File

@ -117,18 +117,6 @@ services:
- traefik.http.routers.admin.middlewares=admin - traefik.http.routers.admin.middlewares=admin
- traefik.http.routers.admin.tls=true - traefik.http.routers.admin.tls=true
## TURN SERVER
turn:
image: instrumentisto/coturn
container_name: turn
restart: always
network_mode: host
volumes:
- ${CONF_PATH}/turn/turnserver.conf:/etc/coturn/turnserver.conf
- ${DATA_PATH}/coturn:/var/lib/coturn
- ${CERT_PATH}:/certs
labels:
- traefik.enable=false
# BRIDGES # BRIDGES
telegram-bridge: telegram-bridge:

9
sample_configs/homeserver/homeserver.yaml
View File

@ -1166,15 +1166,12 @@ oembed:
# The public URIs of the TURN server to give to clients # The public URIs of the TURN server to give to clients
# #
turn_uris: #turn_uris:
- "turn:turn.domain.ltd?transport=udp"
- "turn:turn.domain.ltd?transport=tcp"
- "turns:turn.domain.ltd:5349?transport=udp"
- "turns:turn.domain.ltd:5349?transport=tcp"
# The shared secret used to compute passwords for the TURN server # The shared secret used to compute passwords for the TURN server
# #
turn_shared_secret: G6ktKGK9XMs9zP9tvyojRydRHkcYK9gvS8KCAsgBXaFQjbSHgntLfLJg8Yx2VBXB #turn_shared_secret:
# The Username and password if the TURN server needs them and # The Username and password if the TURN server needs them and
# does not use a token # does not use a token

1451
sample_configs/turn/turnserver.conf
View File

File diff suppressed because it is too large Load Diff