168 lines
4.4 KiB
Bash
Executable File
168 lines
4.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
readonly toolName="coturn"
|
|
readonly toolDeps="coturn miniupnpc"
|
|
readonly toolConf="/etc/turnserver.conf"
|
|
readonly toolServiceName="coturn.service"
|
|
readonly publicIpRetry=20
|
|
|
|
seq_config() {
|
|
if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
|
|
sq_config=1
|
|
else
|
|
# End if no configuration file exists
|
|
dry || return 1
|
|
fi
|
|
|
|
# Apt cmdline option to suppress user interaction
|
|
interactive || sq_aptOpt="-y"
|
|
|
|
return 0
|
|
}
|
|
|
|
step_1_info() { echo "Install $toolName"; }
|
|
step_1_alias() { echo "install"; }
|
|
step_1() {
|
|
exe apt update
|
|
exe apt install $toolDeps ${sq_aptOpt:-}
|
|
}
|
|
|
|
step_10_info() {
|
|
echo "Update $toolName 'external-ip' using dig [OPTION] [CUSTOM DNS]"
|
|
echoinfo " [OPTION]"
|
|
echoinfo " -l : Always output update required and error information"
|
|
echoinfo " (even with -qq)"
|
|
}
|
|
step_10_alias() { echo "updateip"; }
|
|
step_10() {
|
|
if running ; then
|
|
error "$toolName already running"
|
|
return 1
|
|
fi
|
|
|
|
shift
|
|
|
|
local retryCount=$publicIpRetry
|
|
local ipUpdater
|
|
local ipRegex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
|
|
local dnsUrl="46.182.19.48" #digitalcourage.de/support/zensurfreier-dns-server
|
|
local dnsFallbackUrl="194.150.168.168" #dns.as250.net; Berlin/Frankfurt
|
|
|
|
local lLevelSave=${LOG_LEVEL:?}
|
|
local lTimeSave=${LOG_TIME:-}
|
|
local retval=0
|
|
|
|
# Force a visible output level for this step
|
|
if [ "${1:-}" == "-l" ]; then
|
|
LOG_LEVEL=3
|
|
LOG_TIME=1
|
|
fi
|
|
|
|
local pubIp
|
|
|
|
while [ $retryCount -gt 0 ]; do
|
|
pubIp=$("$(command -v upnpc)" -s | grep ^ExternalIPAddress | cut -c21-)
|
|
[ $? -eq 0 ] && ipUpdater="upnpc" && break || error "Upnpc failed"
|
|
pubIp=$(dig @$dnsUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
|
|
[ $? -eq 0 ] && ipUpdater="DNS" && break || error "DNS lookup to $dnsUrl failed"
|
|
pubIp=$(dig @$dnsFallbackUrl +short +timeout=1 ${sc_turnDomain:?} 2>>/dev/null)
|
|
[ $? -eq 0 ] && ipUpdater="DNS Fallback" && break || error "DNS lookup to $dnsFallbackUrl failed"
|
|
((retryCount--))
|
|
done
|
|
|
|
if [[ ! $pubIp =~ $ipRegex ]]; then
|
|
warning "Couldn't aquire public IP for ${sc_turnDomain}. Giving up."
|
|
retval=1
|
|
|
|
else
|
|
local confIp=`cat "$toolConf" | grep "^external-ip" | cut -d'=' -f2`
|
|
|
|
if [ "$pubIp" != "$confIp" ]; then
|
|
info "Update required (via $ipUpdater). New public ip: $pubIp"
|
|
exe sed -i "s/^external-ip[[:space:]]*=.*/external-ip=${pubIp}/" "$toolConf"
|
|
exe sleep 1
|
|
info "Restarting $toolName"
|
|
exe /bin/systemctl restart $toolServiceName
|
|
else
|
|
info "No update required for ${sc_turnDomain} (via $ipUpdater). Current ip: $confIp"
|
|
fi
|
|
fi
|
|
|
|
# Reset temporary log level change
|
|
if [ "${1:-}" == "-l" ]; then
|
|
LOG_LEVEL=${lLevelSave:?}
|
|
LOG_TIME=${lTimeSave:-0}
|
|
fi
|
|
|
|
return ${retval}
|
|
}
|
|
|
|
step_12_info() { echo "Setup public ip update cron job every 5 minutes"; }
|
|
step_12_alias() { echo "cronip"; }
|
|
step_12() {
|
|
local ipCronLoc="/etc/cron.d/update_public_ip"
|
|
local ipCron="*/5 * * * * root $(escpath ${seq_self:?}) -qq updateip"
|
|
|
|
info "Setup $ipCronLoc"
|
|
addConf -s "$ipCron" "$ipCronLoc"
|
|
}
|
|
|
|
step_14_info() {
|
|
echoinfoArgs "[SOURCE_IP]"
|
|
echo "Setup ufw rules to allow upnp, optionally from a sepcific SOURCE_IP"
|
|
}
|
|
step_14_alias() { echo "ufw"; }
|
|
step_14() {
|
|
shift
|
|
|
|
local rex4='^[0-9\.]+[/0-9]*$'
|
|
local rex6='^[0-9A-Fa-f\:]+[/0-9]*$'
|
|
local remoteIp=
|
|
local lPort=1900
|
|
|
|
# Check if string is a ipv4 or ipv6 address
|
|
if [[ "${1:-}" =~ $rex4 ]] || [[ "${1:-}" =~ $rex6 ]] ; then
|
|
remoteIp=${1}
|
|
fi
|
|
|
|
if [[ -z ${remoteIp:-} ]] ; then
|
|
exe ufw allow ${lPort:?}/udp comment "Allow upnp"
|
|
else
|
|
exe ufw allow from ${remoteIp:?} port ${lPort:?} proto udp comment "Allow upnp"
|
|
fi
|
|
}
|
|
|
|
step_100_info() { echo "Installation notes"; }
|
|
step_100_alias() { echo "notes"; }
|
|
step_100() {
|
|
color green
|
|
cat <<COTURN_EOF
|
|
# Port forwarding
|
|
|
|
3478 tcp/udp
|
|
5349 tcp/udp
|
|
|
|
# Permissions
|
|
|
|
When using letsencrypt certificates for transport security.
|
|
|
|
* Add user \`turnserver\` to group \`www-data\`
|
|
|
|
usermod -aG www-data turnserver
|
|
|
|
* In the renewal deploy script of cerbot add:
|
|
|
|
LOC_DOMAIN="yourdoma.in"
|
|
chown root:www-data /etc/letsencrypt/archive
|
|
chmod 750 /etc/letsencrypt/archive
|
|
chown root:www-data /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
|
|
chmod g+r /etc/letsencrypt/archive/\$LOC_DOMAIN/privkey*
|
|
|
|
COTURN_EOF
|
|
}
|
|
|
|
# shellcheck disable=SC2034 # Appears unused
|
|
readonly sqr_minVersion=16
|
|
# shellcheck disable=SC1091 # Don't follow this source
|
|
. /usr/local/bin/sequencer.sh
|