--- # Project source code URL: https://github.com/coturn/coturn matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn" matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" matrix_coturn_version: 4.6.0-r0 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" # The Docker network that Coturn would be put into. # # Because Coturn relays traffic to unvalidated IP addresses, # using a dedicated network, isolated from other Docker (and local) services is preferrable. # # Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also # possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking. matrix_coturn_docker_network: "matrix-coturn" matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn" matrix_coturn_docker_src_files_path: "{{ matrix_coturn_base_path }}/docker-src" matrix_coturn_config_path: "{{ matrix_coturn_base_path }}/turnserver.conf" # List of systemd services that matrix-coturn.service depends on matrix_coturn_systemd_required_services_list: ['docker.service'] # A list of additional "volumes" to mount in the container. # This list gets populated dynamically at runtime. You can provide a different default value, # if you wish to mount your own files into the container. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} matrix_coturn_container_additional_volumes: [] # A list of extra arguments to pass to the container matrix_coturn_container_extra_arguments: [] # Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:3478"), or empty string to not expose. matrix_coturn_container_stun_plain_host_bind_port: '3478' # Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:5349"), or empty string to not expose. matrix_coturn_container_stun_tls_host_bind_port: '5349' # Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on. # # Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. # Takes a null/none value (`~`) to prevent listening. # # The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`. matrix_coturn_container_turn_range_listen_interface: '' # UDP port-range to use for TURN matrix_coturn_turn_udp_min_port: 49152 matrix_coturn_turn_udp_max_port: 49172 # A shared secret (between Synapse and Coturn) used for authentication. # You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`). matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] matrix_coturn_user_quota: null matrix_coturn_total_quota: null # To enable TLS, you need to provide paths to certificates. # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths. # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`. matrix_coturn_tls_enabled: false matrix_coturn_tls_cert_path: ~ matrix_coturn_tls_key_path: ~ matrix_coturn_tls_v1_enabled: false matrix_coturn_tls_v1_1_enabled: false