138 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			138 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/bash
 | |
| 
 | |
| toolName=coturn
 | |
| toolDeps="coturn miniupnpc"
 | |
| toolConf="/etc/turnserver.conf"
 | |
| toolServiceName="coturn.service"
 | |
| publicIpRetry=20
 | |
| 
 | |
| # Get script working directory
 | |
| # (when called from a different directory)
 | |
| WDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >>/dev/null 2>&1 && pwd)"
 | |
| APTOPT=
 | |
| CONFIG=0
 | |
| SCRIPT_FILE=$(basename -- $0)
 | |
| SCRIPT_NAME=${SCRIPT_FILE%%.*}
 | |
| CONFIG_FILE_NAME="${SCRIPT_NAME}.cfg"
 | |
| CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
 | |
| 
 | |
| seq_config() {
 | |
|   #echo "Called once before executing steps."
 | |
|   ## e.g. to source a config file manually:
 | |
|   #. "$CONFIG_FILE"
 | |
|   ## or to use sequencer api with global config file:
 | |
|   #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
 | |
|   ## or to use sequencer api with profile config file support:
 | |
|   #initSeqConfig -p "$SCRIPT_NAME" "$CONFIG_FILE_TEMPLATE"
 | |
|   #if [ $? -eq 0 ] ; then
 | |
|   #  CONFIG=1
 | |
|   #else
 | |
|   #  # End if no configuration file exists
 | |
|   #  dry || return -1
 | |
|   #fi
 | |
|   quiet && APTOPT="-y"
 | |
|   return 0
 | |
| }
 | |
| 
 | |
| step_1_info() { echo "Install $toolName"; }
 | |
| step_1_alias() { echo "install"; }
 | |
| step_1() {
 | |
|   exe apt update
 | |
|   exe apt install $toolDeps $APTOPT
 | |
| }
 | |
| 
 | |
| step_10_info() {
 | |
|   echo "Update $toolName 'external-ip' using dig [OPTION] [CUSTOM DNS]"
 | |
|   echoinfo " [OPTION]"
 | |
|   echoinfo "   -l  :  Always output update required and error information"
 | |
|   echoinfo "          (even with -qq)"
 | |
| }
 | |
| step_10_alias() { echo "updateip"; }
 | |
| step_10() {
 | |
|   if running ; then
 | |
|     error "$toolName already running"
 | |
|     return 1
 | |
|   fi
 | |
|   shift
 | |
|   local retryCount=$publicIpRetry
 | |
|   local ipUpdater
 | |
|   local ipRegex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
 | |
|   local dnsUrl="46.182.19.48" #digitalcourage.de/support/zensurfreier-dns-server
 | |
|   local dnsFallbackUrl="194.150.168.168" #dns.as250.net; Berlin/Frankfurt
 | |
|   local lecho="info"
 | |
|   if [ "${1:-}" == "-l" ]; then
 | |
|     lecho="echo"
 | |
|     shift
 | |
|   fi
 | |
| 
 | |
|   local pubIp
 | |
| 
 | |
|   while [ $retryCount -gt 0 ]; do
 | |
|     pubIp=`"$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-`
 | |
|     [ $? -eq 0 ] && ipUpdater="upnpc" && break || "$lecho" "[$(date)] [W] Upnpc failed"
 | |
|     pubIp=$(dig @$dnsUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
 | |
|     [ $? -eq 0 ] && ipUpdater="DNS" && break || "$lecho" "[$(date) [W] DNS lookup to $dnsUrl failed"
 | |
|     pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 cloud.imoff.de 2>>/dev/null)
 | |
|     [ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || "$lecho" "[$(date)] [W] DNS lookup to $dnsFallbackUrl failed"
 | |
|     ((retryCount--))
 | |
|   done
 | |
| 
 | |
|   if [[ ! $pubIp =~ $ipRegex ]]; then
 | |
|     "$lecho" "[$(date)] [E] Couldn't aquire public IP. Giving up."
 | |
|     return 1
 | |
|   fi
 | |
| 
 | |
|   local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
 | |
| 
 | |
|   if [ "$pubIp" != "$confIp" ]; then
 | |
|     $lecho "[$(date)] [I] Update required (via $ipUpdater). New public ip: $pubIp"
 | |
|     exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
 | |
|     exe sleep 1
 | |
|     $lecho "[$(date)] [I] Restarting $toolName"
 | |
|     exe /bin/systemctl restart $toolServiceName
 | |
|   else
 | |
|     info "[$(date)] [I] No update required (via $ipUpdater). Current ip: $confIp"
 | |
|   fi
 | |
| }
 | |
| 
 | |
| step_12_info() { echo "Setup public ip update cron job every 5 minutes"; }
 | |
| step_12_alias() { echo "cronip"; }
 | |
| step_12() {
 | |
|   info "Setup $ipCronLoc"
 | |
|   addConf -s "$ipCron" "$ipCronLoc"
 | |
| } 
 | |
| ipCronLoc="/etc/cron.d/update_public_ip"
 | |
| ipCron="*/5 * * * * root $WDIR/$SCRIPT_FILE -qq updateip"
 | |
| 
 | |
| step_100_info() { echo "Installation notes"; }
 | |
| step_100_alias() { echo "notes"; }
 | |
| step_100() {
 | |
|   color green
 | |
|   cat <<COTURN_EOF
 | |
| # Port forwarding
 | |
| 
 | |
| 3478 tcp/udp
 | |
| 5349 tcp/udp
 | |
| 
 | |
| # Permissions
 | |
| 
 | |
| When using letsencrypt certificates for transport security.
 | |
| 
 | |
| * Add user \`turnserver\` to group \`www-data\`
 | |
| 
 | |
| usermod -aG www-data turnserver
 | |
| 
 | |
| * In the renewal deploy script of cerbot add:
 | |
| 
 | |
| LOC_DOMAIN="yourdoma.in"
 | |
| chown root:www-data /etc/letsencrypt/archive
 | |
| chmod 750 /etc/letsencrypt/archive
 | |
| chown root:www-data /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
 | |
| chmod g+r /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
 | |
| 
 | |
| COTURN_EOF
 | |
| }
 | |
| 
 | |
| readonly sqr_minVersion=16
 | |
| . /usr/local/bin/sequencer.sh
 |