eturnal is a turn server and an alternative to coturn. It can be installed on Debian using the instructions provided here.
To use a static username and password, a script must be used to generate one that works with the defined secret code in the config file.
The following python code can be used for such conversion:
import hmac
import hashlib
import base64
username = "1735686000" # For credentials valid until 2025-01-01.
secret = "1pIFIj70BPsgBI92j5ux" # As specified in your configuration file.
sha = hmac.new(secret.encode('utf-8'), username.encode('utf-8'), hashlib.sha1)
password = base64.b64encode(sha.digest()).decode('utf-8')
print(username)
print(password)
The following options can be used to disable older versions of tls to force tlsv1.3:
## TLS certificate/key files (must be readable by 'eturnal' user!):
tls_crt_file: /opt/fullchain.pem
tls_key_file: /opt/privkey.pem
tls_options:
- no_tlsv1
- no_tlsv1_1
- no_tlsv1_2
It is recommended to also uncomment the - recommended item in the blacklist section to blacklist local network ip addresses from turn and speed up connection.
This comment has been removed by the author.
ReplyDeleteFor what it's worth, since eturnal 1.11.1 you could also specify static credentials in there eturnal.yml file:
ReplyDeletehttps://eturnal.net/documentation/#credentials