######################################################## # reTurnServer configuration file ######################################################## # Software name to include in STUN messages # Set this to an empty string to reveal no software # name information in STUN messages. # Default: reTURNServer (RFC5389) # The default also includes the software version on # those platforms where PACKAGE_VERSION is defined # at compile time. #SoftwareName = # Whether or not to pad the SoftwareName value to # a multiple of four bytes for compatibility with # legacy clients. Default: true #PadSoftwareName = true ######################################################## # Transport settings ######################################################## # Local IP Address to bind base STUN/TURN transports to. # Note: This is the IP Address that clients should be configured to # send STUN/TURN traffic to. # Warning: If you are enabling RFC3489 backwards compatability # (see AltStunAddress and AltStunPort settings), then do # not leave this set to INADDR_ANY (0.0.0.0), place # a valid IP address from a local NIC here. TurnAddress = 0.0.0.0 # Local IPv6 Address to bind base STUN/TURN transports to. # Note: This is the IP Address that IPv6 clients should be configured to # send STUN/TURN traffic to. # Not currently supported with RFC3489 backwards compatability TurnV6Address = ::0 # Local UDP/TCP Port to bind base STUN/TURN transports to. # Note: This is the port that clients should be configured to # send STUN/TURN traffic over UDP and TCP. # reTurn will always bind on this port using both UDP and TCP. TurnPort = 3478 # Local TLS Port to bind base STUN/TURN transports to. # Note: This is the port that clients should be configured to # send STUN/TURN traffic over TLS. # Set this to 0 to disable TLS support. # The default port for STUN over TLS is 5349 # It is often necessary to use port 443 instead so that # users can connect through a HTTP proxy that only allows # traffic that appears to be going to a HTTPS server. TlsTurnPort = 0 # Local IP Address to bind the transports used in Classic Stun # NAT type discovery. Note: This address is only required if # you need Classic Stun (RFC3489) support. # It must be different from the TurnAddress setting, and a valid # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility # support. # Note: The STUN/TURN Client should not be configured with this # address anywhere. This address is discovered by clients # in Binding responses that are sent to the TurnAddress. AltStunAddress = 0.0.0.0 # Local UDP Port to bind classic STUN (RFC3489) transports to. # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility, # if you do not have a need to support the NAT type discovery procedures # of RFC3489. # Note: STUN/TURN Client should not be configured with this port anywhere. # This port is discovered by clients in Binding responses that are # sent to the TurnAddress/TurnPort. AltStunPort = 0 ######################################################## # Logging settings ######################################################## # Logging Type: syslog|cerr|cout|file LoggingType = file # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK LoggingLevel = WARNING # Log Filename LogFilename = /var/log/reTurnServer/reTurnServer.log # Log file Max Size LogFileMaxLines = 0 ######################################################## # UNIX related settings ######################################################## # Must be true or false, default = false, not supported on Windows Daemonize = true # On UNIX it is normal to create a PID file # if unspecified, no attempt will be made to create a PID file #PidFile = /var/run/reTurnServer/reTurnServer.pid # UNIX account information to run process as RunAsUser = return RunAsGroup = return ######################################################## # Authentication settings ######################################################## # Authentication Realm for Long Term Passwords AuthenticationRealm = reTurn # File containing user authentication data. # The format of each line is: # # login:password:realm:state # # Typically, the realm field must match the value of AuthenticationRealm # defined above. # # The state field can be one of: # # authorized (user authorized) # refused (user denied access) # restricted (for when bandwidth limiting is implemented) # # This file format is interchangeable with TurnServer.org's user database # UserDatabaseFile = /etc/reTurn/users.txt # Hashed passwords in the user database file # This option specifies whether the passwords are plain text # or hashed with the scheme H(A1) # # When hashed passwords are enabled by this configuration setting, # the values in the password column are the MD5 hash # represented in hexadecimal # # To create a hashed password for the following credentials: # # user: bob # realm: example.org # password: foobar # # you can issue a command such as: # # echo -n bob:example.org:foobar | md5sum # # WARNING: the hashing scheme prevents recovery of the plain text # password. However, H(A1) hash values must still be kept # secret as they can be used to impersonate the user. # Therefore, the user database file should always be readable # only by the reTurn process and no other regular users. # UserDatabaseHashedPasswords = true # How frequently to check the user database file for changes # Set to 0 to only load the file once at startup # Default = 60 seconds UserDatabaseCheckInterval = 60 ######################################################## # TURN Allocation settings ######################################################## NonceLifetime = 3600 # The starting port number to use for TURN allocations. # This number MUST be an even number, in order to ensure # proper operation for allocation of RTP port pairs. # Default: 49152 (start of the Dynamic and/or Private Port range # - recommended by RFC) AllocationPortRangeMin = 49152 # The ending port number to use for TURN allocations. # This number MUST be an odd number, in order to ensure # proper operation for allocation of RTP port pairs. # Default: 65535 (end of the Dynamic and/or Private Port range # - recommended by RFC) AllocationPortRangeMax = 65535 # Default time (in seconds) that an allocation will expire if an allocation # refresh request is not sent. Default is 600 (10 minutes). DefaultAllocationLifetime = 600 # Maximum time (in seconds) allowed that will be accepted in an allocation requests # lifetime header (ie. between TURN allocation refreshes). If an allocation is # received with a higher lifetime, then the response will be returned with this # value instead. Default is 3600 (1 hour). MaxAllocationLifetime = 3600 ######################################################## # SSL/TLS Certificate settings ######################################################## # TLS Server Certificate Filename (loaded from working directory) # The PEM formated file that contains the server certificate. # If the CA supplies an intermediate certificate chain, those # certificates should also be appened to this file. # The private key may optionally be included in this file # or in a separate key file specified by TlsServerPrivateKeyFilename TlsServerCertificateFilename = server.pem # TLS Server Private Key Filename (loaded from working directory) # The PEM formated file that contains the private key of the certificate # that will be presented to clients connecting over TLS. # If not specified, reTurn will also try to find the private key # in the file specified by TlsServerCertificateFilename TlsServerPrivateKeyFilename = # TLS temporary Diffie-Hellman parameters file (loaded from working directory) # Can be generated with the command: # # openssl dhparam -outform PEM -out dh512.pem 512 # TlsTempDhFilename = /etc/reTurn/dh512.pem # TLS server private key certificate password required to read # from PEM file. Leave blank if key is not encrypted. TlsPrivateKeyPassword =