coturn - configurable domain for nslookup (fixed domain bug)
Add ufw step to allow upnp port
This commit is contained in:
136
seqs/coturn.sh
136
seqs/coturn.sh
@@ -1,36 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
toolName=coturn
|
||||
toolDeps="coturn miniupnpc"
|
||||
toolConf="/etc/turnserver.conf"
|
||||
toolServiceName="coturn.service"
|
||||
publicIpRetry=20
|
||||
|
||||
# Get script working directory
|
||||
# (when called from a different directory)
|
||||
WDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >>/dev/null 2>&1 && pwd)"
|
||||
APTOPT=
|
||||
CONFIG=0
|
||||
SCRIPT_FILE=$(basename -- $0)
|
||||
SCRIPT_NAME=${SCRIPT_FILE%%.*}
|
||||
CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg"
|
||||
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
|
||||
readonly toolName="coturn"
|
||||
readonly toolDeps="coturn miniupnpc"
|
||||
readonly toolConf="/etc/turnserver.conf"
|
||||
readonly toolServiceName="coturn.service"
|
||||
readonly publicIpRetry=20
|
||||
|
||||
seq_config() {
|
||||
#echo "Called once before executing steps."
|
||||
## e.g. to source a config file manually:
|
||||
#. "$CONFIG_FILE"
|
||||
## or to use sequencer api with global config file:
|
||||
#initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
|
||||
## or to use sequencer api with profile config file support:
|
||||
#initSeqConfig -p "$SCRIPT_NAME" "$CONFIG_FILE_TEMPLATE"
|
||||
#if [ $? -eq 0 ] ; then
|
||||
# CONFIG=1
|
||||
#else
|
||||
# # End if no configuration file exists
|
||||
# dry || return -1
|
||||
#fi
|
||||
quiet && APTOPT="-y"
|
||||
if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
|
||||
sq_config=1
|
||||
else
|
||||
# End if no configuration file exists
|
||||
dry || return 1
|
||||
fi
|
||||
|
||||
# Apt cmdline option to suppress user interaction
|
||||
interactive || sq_aptOpt="-y"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
@@ -38,7 +24,7 @@ step_1_info() { echo "Install $toolName"; }
|
||||
step_1_alias() { echo "install"; }
|
||||
step_1() {
|
||||
exe apt update
|
||||
exe apt install $toolDeps $APTOPT
|
||||
exe apt install $toolDeps ${sq_aptOpt:-}
|
||||
}
|
||||
|
||||
step_10_info() {
|
||||
@@ -53,56 +39,98 @@ step_10() {
|
||||
error "$toolName already running"
|
||||
return 1
|
||||
fi
|
||||
|
||||
shift
|
||||
|
||||
local retryCount=$publicIpRetry
|
||||
local ipUpdater
|
||||
local ipRegex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
|
||||
local dnsUrl="46.182.19.48" #digitalcourage.de/support/zensurfreier-dns-server
|
||||
local dnsFallbackUrl="194.150.168.168" #dns.as250.net; Berlin/Frankfurt
|
||||
local lecho="info"
|
||||
|
||||
local lLevelSave=${LOG_LEVEL:?}
|
||||
local lTimeSave=${LOG_TIME:-}
|
||||
local retval=0
|
||||
|
||||
# Force a visible output level for this step
|
||||
if [ "${1:-}" == "-l" ]; then
|
||||
lecho="echo"
|
||||
shift
|
||||
LOG_LEVEL=3
|
||||
LOG_TIME=1
|
||||
fi
|
||||
|
||||
local pubIp
|
||||
|
||||
while [ $retryCount -gt 0 ]; do
|
||||
pubIp=`"$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-`
|
||||
[ $? -eq 0 ] && ipUpdater="upnpc" && break || "$lecho" "[$(date)] [W] Upnpc failed"
|
||||
pubIp=$(dig @$dnsUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
|
||||
[ $? -eq 0 ] && ipUpdater="DNS" && break || "$lecho" "[$(date) [W] DNS lookup to $dnsUrl failed"
|
||||
pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
|
||||
[ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || "$lecho" "[$(date)] [W] DNS lookup to $dnsFallbackUrl failed"
|
||||
pubIp=$("$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-)
|
||||
[ $? -eq 0 ] && ipUpdater="upnpc" && break || error "Upnpc failed"
|
||||
pubIp=$(dig @$dnsUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
|
||||
[ $? -eq 0 ] && ipUpdater="DNS" && break || error "DNS lookup to $dnsUrl failed"
|
||||
pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
|
||||
[ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || error "DNS lookup to $dnsFallbackUrl failed"
|
||||
((retryCount--))
|
||||
done
|
||||
|
||||
if [[ ! $pubIp =~ $ipRegex ]]; then
|
||||
"$lecho" "[$(date)] [E] Couldn't aquire public IP. Giving up."
|
||||
return 1
|
||||
warning "Couldn't aquire public IP for ${sc_turnDomain}. Giving up."
|
||||
retval=1
|
||||
|
||||
else
|
||||
local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
|
||||
|
||||
if [ "$pubIp" != "$confIp" ]; then
|
||||
info "Update required (via $ipUpdater). New public ip: $pubIp"
|
||||
exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
|
||||
exe sleep 1
|
||||
info "Restarting $toolName"
|
||||
exe /bin/systemctl restart $toolServiceName
|
||||
else
|
||||
info "No update required for ${sc_turnDomain} (via $ipUpdater). Current ip: $confIp"
|
||||
fi
|
||||
fi
|
||||
|
||||
local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
|
||||
|
||||
if [ "$pubIp" != "$confIp" ]; then
|
||||
$lecho "[$(date)] [I] Update required (via $ipUpdater). New public ip: $pubIp"
|
||||
exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
|
||||
exe sleep 1
|
||||
$lecho "[$(date)] [I] Restarting $toolName"
|
||||
exe /bin/systemctl restart $toolServiceName
|
||||
else
|
||||
info "[$(date)] [I] No update required (via $ipUpdater). Current ip: $confIp"
|
||||
# Reset temporary log level change
|
||||
if [ "${1:-}" == "-l" ]; then
|
||||
LOG_LEVEL=${lLevelSave:?}
|
||||
LOG_TIME=${lTimeSave:-0}
|
||||
fi
|
||||
|
||||
return ${retval}
|
||||
}
|
||||
|
||||
step_12_info() { echo "Setup public ip update cron job every 5 minutes"; }
|
||||
step_12_alias() { echo "cronip"; }
|
||||
step_12() {
|
||||
local ipCronLoc="/etc/cron.d/update_public_ip"
|
||||
local ipCron="*/5 * * * * root $(escpath ${seq_self:?}) -qq updateip"
|
||||
|
||||
info "Setup $ipCronLoc"
|
||||
addConf -s "$ipCron" "$ipCronLoc"
|
||||
}
|
||||
ipCronLoc="/etc/cron.d/update_public_ip"
|
||||
ipCron="*/5 * * * * root $WDIR/$SCRIPT_FILE -qq updateip"
|
||||
|
||||
step_14_info() {
|
||||
echoinfoArgs "[SOURCE_IP]"
|
||||
echo "Setup ufw rules to allow upnp, optionally from a sepcific SOURCE_IP"
|
||||
}
|
||||
step_14_alias() { echo "ufw"; }
|
||||
step_14() {
|
||||
shift
|
||||
|
||||
local rex4='^[0-9\.]+[/0-9]*$'
|
||||
local rex6='^[0-9A-Fa-f\:]+[/0-9]*$'
|
||||
local remoteIp=
|
||||
local lPort=1900
|
||||
|
||||
# Check if string is a ipv4 or ipv6 address
|
||||
if [[ "${1:-}" =~ $rex4 ]] || [[ "${1:-}" =~ $rex6 ]] ; then
|
||||
remoteIp=${1}
|
||||
fi
|
||||
|
||||
if [[ -z ${remoteIp:-} ]] ; then
|
||||
exe ufw allow ${lPort:?}/udp comment "Allow upnp"
|
||||
else
|
||||
exe ufw allow from ${remoteIp:?} port ${lPort:?} proto udp comment "Allow upnp"
|
||||
fi
|
||||
}
|
||||
|
||||
step_100_info() { echo "Installation notes"; }
|
||||
step_100_alias() { echo "notes"; }
|
||||
@@ -133,5 +161,7 @@ chmod g+r /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
|
||||
COTURN_EOF
|
||||
}
|
||||
|
||||
# shellcheck disable=SC2034 # Appears unused
|
||||
readonly sqr_minVersion=16
|
||||
# shellcheck disable=SC1091 # Don't follow this source
|
||||
. /usr/local/bin/sequencer.sh
|
||||
|
||||
Reference in New Issue
Block a user