From 0bcb2597e8b02ff5eaf451d42cc90c88af8712d2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 2 May 2020 12:41:30 +0200 Subject: [PATCH 1/2] Update node info --- nodes/andromeda.kosmos.org.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json index f233f14..fc8ce4d 100644 --- a/nodes/andromeda.kosmos.org.json +++ b/nodes/andromeda.kosmos.org.json @@ -19,7 +19,7 @@ "automatic": { "fqdn": "andromeda.kosmos.org", "os": "linux", - "os_version": "4.15.0-74-generic", + "os_version": "4.15.0-96-generic", "hostname": "andromeda", "ipaddress": "46.4.18.160", "roles": [ From 4448ec21733bfbae718f6ee46034109f23338601 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sat, 2 May 2020 14:07:14 +0200 Subject: [PATCH 2/2] Configure TURN properly Was missing a couple of necessary properties, and is now using an explicit port range for TURN, and opening those ports in UFW. --- site-cookbooks/kosmos-ejabberd/attributes/default.rb | 2 ++ site-cookbooks/kosmos-ejabberd/recipes/default.rb | 12 +++++++++++- .../kosmos-ejabberd/templates/ejabberd.yml.erb | 6 ++++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/site-cookbooks/kosmos-ejabberd/attributes/default.rb b/site-cookbooks/kosmos-ejabberd/attributes/default.rb index f383af4..f724394 100644 --- a/site-cookbooks/kosmos-ejabberd/attributes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/attributes/default.rb @@ -1,5 +1,7 @@ node.default["kosmos-ejabberd"]["version"] = "20.04" node.default["kosmos-ejabberd"]["checksum"] = "5377ff18960a399e661fa23f4a1d9f57c78d4579ed108c52b8f68e7cd9268868" +node.default["kosmos-ejabberd"]["turn_min_port"] = 49152 +node.default["kosmos-ejabberd"]["turn_max_port"] = 59152 node.override["tor"]["HiddenServices"]["ejabberd"] = { "HiddenServicePorts" => [ diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 1899493..1572727 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -154,7 +154,11 @@ template "/opt/ejabberd/conf/ejabberd.yml" do sensitive true variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'], hosts: hosts, - admin_users: admin_users + admin_users: admin_users, + stun_auth_realm: "kosmos.org", + turn_ip_address: node['ipaddress'], + turn_min_port: node["kosmos-ejabberd"]["turn_min_port"], + turn_max_port: node["kosmos-ejabberd"]["turn_max_port"] notifies :run, "execute[ejabberdctl reload_config]", :delayed end @@ -206,6 +210,12 @@ unless node.chef_environment == "development" protocol :udp command :allow end + + firewall_rule 'ejabberd_turn' do + port node["kosmos-ejabberd"]["turn_min_port"]..node["kosmos-ejabberd"]["turn_max_port"] + protocol :udp + command :allow + end end # diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 9e4c14e..5ed892b 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -78,9 +78,11 @@ listen: port: 3478 transport: udp module: ejabberd_stun + auth_realm: <%= @stun_auth_realm %> use_turn: true - ## The server's public IPv4 address: - # turn_ip: 203.0.113.3 + turn_ip: <%= @turn_ip_address %> + turn_min_port: <%= @turn_min_port %> + turn_max_port: <%= @turn_max_port %> s2s_use_starttls: optional