From 085bd8abd505e3357e7240ee55f5290cf6e3ed03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Wed, 25 Nov 2020 16:28:13 +0100
Subject: [PATCH] Move TURN port to a different range

It landed on a port used by PostgreSQL. Also switch STUN/TURN to TCP
because HAProxy does not support UDP.

Closes #240
---
 site-cookbooks/kosmos-ejabberd/attributes/default.rb      | 4 ++--
 site-cookbooks/kosmos-ejabberd/recipes/default.rb         | 4 ++--
 site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb
index 9a91622..fa4e89f 100644
--- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb
@@ -1,7 +1,7 @@
 node.default["kosmos-ejabberd"]["version"] = "20.04"
 node.default["kosmos-ejabberd"]["checksum"] = "5377ff18960a399e661fa23f4a1d9f57c78d4579ed108c52b8f68e7cd9268868"
-node.default["kosmos-ejabberd"]["turn_min_port"] = 49152
-node.default["kosmos-ejabberd"]["turn_max_port"] = 59152
+node.default["kosmos-ejabberd"]["turn_min_port"] = 50000
+node.default["kosmos-ejabberd"]["turn_max_port"] = 55000
 
 node.override["tor"]["HiddenServices"]["ejabberd"] = {
   "HiddenServicePorts" => [
diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
index 528de76..334ad98 100644
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -205,13 +205,13 @@ unless node.chef_environment == "development"
 
   firewall_rule 'ejabberd_stun_turn' do
     port     3478
-    protocol :udp
+    protocol :tcp
     command  :allow
   end
 
   firewall_rule 'ejabberd_turn' do
     port     node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"]
-    protocol :udp
+    protocol :tcp
     command  :allow
   end
 end
diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
index 7889b20..0c82cc1 100644
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -76,7 +76,7 @@ listen:
     captcha: false
   -
     port: 3478
-    transport: udp
+    transport: tcp
     module: ejabberd_stun
     auth_realm: <%= @stun_auth_realm %>
     use_turn: true