Configure STUN/TURN for ejabberd and nginx proxy

2022-05-11 15:12:10 +02:00
parent 36e52a3cf1
commit c158f845f0
9 changed files with 185 additions and 24 deletions
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@@ -78,12 +78,13 @@ listen:
    ## register: true
    captcha: false
  -
-    port: 3478
-    transport: tcp
+    port: <%= @stun_turn_port %>
+    transport: udp
    module: ejabberd_stun
    auth_realm: <%= @stun_auth_realm %>
    use_turn: true
-    turn_ip: <%= @turn_ip_address %>
+    tls: false
+    turn_ipv4_address: <%= @turn_ip_address %>
    turn_min_port: <%= @turn_min_port %>
    turn_max_port: <%= @turn_max_port %>

@@ -230,7 +231,21 @@ modules:
    versioning: true
    store_current_id: true
  mod_shared_roster: {}
-  mod_stun_disco: {}
+  mod_stun_disco:
+    secret: <%= @stun_secret %>
+    services:
+      -
+        host: <%= @turn_ip_address %>
+        port: <%= @stun_turn_port %>
+        type: stun
+        transport: udp
+        restricted: false
+      -
+        host: <%= @turn_ip_address %>
+        port: <%= @stun_turn_port %>
+        type: turn
+        transport: udp
+        restricted: true
  mod_vcard:
    search: false
  mod_vcard_xupdate: {}
--- a/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb
@@ -0,0 +1,81 @@
+log_format proxy '$remote_addr [$time_local] '
+           '$protocol $status $bytes_sent $bytes_received '
+           '$session_time "$upstream_addr" '
+           '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+
+access_log /var/log/nginx/streams.log proxy buffer=32k flush=1m;
+
+upstream ejabberd_c2s {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+  server <%= ip_address %>:5222;
+<% end %>
+}
+
+upstream ejabberd_c2s_tls {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+  server <%= ip_address %>:5223;
+<% end %>
+}
+
+upstream ejabberd_s2s {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+  server <%= ip_address %>:5269;
+<% end %>
+}
+
+upstream ejabberd_https {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+  server <%= ip_address %>:5443;
+<% end %>
+}
+
+upstream ejabberd_stun_turn {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+  server <%= ip_address %>:<%= @stun_turn_port %>;
+<% end %>
+}
+
+upstream ejabberd_turn {
+  hash   $remote_addr consistent;
+<% @ejabberd_hosts.each do |ip_address| %>
+<% (@turn_min_port..@turn_max_port).each do |port| %>
+  server <%= "#{ip_address}:#{port.to_s}" %>;
+<% end %>
+<% end %>
+}
+
+server {
+  listen     5222;
+  proxy_pass ejabberd_c2s;
+}
+
+server {
+  listen     5223;
+  proxy_pass ejabberd_c2s;
+}
+
+server {
+  listen     5269;
+  proxy_pass ejabberd_s2s;
+}
+
+server {
+  listen     5443;
+  proxy_pass ejabberd_https;
+}
+
+server {
+  listen     <%= @stun_turn_port %> udp;
+  proxy_pass ejabberd_stun_turn;
+}
+
+server {
+  listen     <%= "#{@turn_min_port}-#{@turn_max_port}" %> udp;
+  proxy_pass 10.1.1.113:$server_port;
+  #proxy_pass ejabberd_turn;
+}