Configure STUN/TURN for ejabberd and nginx proxy

2022-05-11 15:12:10 +02:00
parent 36e52a3cf1
commit c158f845f0
9 changed files with 185 additions and 24 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@@ -161,7 +161,9 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
  variables hosts: hosts,
            admin_users: admin_users,
            stun_auth_realm: "kosmos.org",
-            turn_ip_address: node["knife_zero"]["host"],
+            stun_secret: ejabberd_credentials['stun_secret'],
+            turn_ip_address: node["kosmos-ejabberd"]["turn_ip_address"],
+            stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
            akkounts_ip_addresses: akkounts_ip_addresses
--- a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb
@@ -25,13 +25,13 @@ firewall_rule 'erlang_cluster' do
 end

 firewall_rule 'ejabberd_stun_turn' do
-  port     3478
-  protocol :tcp
+  port     node["kosmos-ejabberd"]["stun_turn_port"]
+  protocol :udp
  command  :allow
 end

 firewall_rule 'ejabberd_turn' do
  port     node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"]
-  protocol :tcp
+  protocol :udp
  command  :allow
 end
--- a/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/nginx.rb
@@ -0,0 +1,52 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: nginx
+#
+
+include_recipe "kosmos-base::firewall"
+
+ejabberd_hosts = []
+search(:node, "role:ejabberd").each do |node|
+  ejabberd_hosts << node["knife_zero"]["host"]
+end
+
+ejabberd_hosts.each do |ip_address|
+  IPAddr.new ip_address
+rescue IPAddr::InvalidAddressError
+  ejabberd_hosts.delete ip_address
+  next
+end
+
+template "#{node['nginx']['dir']}/streams-available/ejabberd" do
+  source "nginx_conf_streams.erb"
+  owner 'www-data'
+  mode 0640
+  # variables ejabberd_hosts: ejabberd_hosts
+  variables ejabberd_hosts: ["10.1.1.113"],
+            stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
+            turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
+            turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_stream "ejabberd" do
+  action :enable
+end
+
+firewall_rule "ejabberd" do
+  port     [5222, 5223, 5269, 5443]
+  protocol :tcp
+  command  :allow
+end
+
+firewall_rule 'ejabberd_stun_turn' do
+  port     node["kosmos-ejabberd"]["stun_turn_port"]
+  protocol :udp
+  command  :allow
+end
+
+firewall_rule 'ejabberd_turn' do
+  port     node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"]
+  protocol :udp
+  command  :allow
+end