nginx https only, real cert gen, fix turnserver conf

mattslaney · Jul 11, 2024 · 7e517fb · 7e517fb
1 parent 4590157
commit 7e517fb
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/coturn/turnserver.conf b/coturn/turnserver.conf
@@ -10,6 +10,6 @@ fingerprint
 # lt-cred-mech
 # user=someusername:somepassword
 use-auth-secret
-status-auth-secret=COTURN_AUTH_SECRET
+static-auth-secret=COTURN_AUTH_SECRET
 # log-file=/var/tmp/turn.log
 syslog
diff --git a/index.js b/index.js
@@ -19,9 +19,7 @@ try {
   console.error("Error reading config file: ", err);
 }
 
-const generateTurnCredentials = () => {
-  const secret = config.TURN_SECRET;
-  const ttl = parseInt(config.TURN_TTL);
+const generateTurnCredentials = (secret, ttl) => {
   const timestamp = Math.floor(Date.now() / 1000) + ttl;
   const userId = "turnuser";
   const userCombo = `${timestamp}:${userId}`;
@@ -111,7 +109,9 @@ app.use(
   express.static("node_modules/material-icons/iconfont")
 );
 app.get("/config", (_, res) => {
-  const [username, password] = generateTurnCredentials();
+  const secret = config.TURN_SECRET;
+  const ttl = parseInt(config.TURN_TTL);
+  const [username, password] = generateTurnCredentials(secret, ttl);
   console.log(`TURN username: ${username}, password: ${password}`);
 
   const updatedIceServers = peerConfig.iceServers.map((server) => {

diff --git a/nginx/setup.sh b/nginx/setup.sh
@@ -10,6 +10,20 @@ sudo cp *.pem /etc/ssl
 sudo cp webrtc /etc/nginx/sites-available/
 sudo ln -s /etc/nginx/sites-available/webrtc /etc/nginx/sites-enabled
 
+# Obtain a certificate
+## Self Signed
+# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
+## Self Signed - One Command
+# sudo openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"
+## Real Certificate
+if [ -z "$1" ]; then
+    read -p "Enter the domain for the certificate: " domainname
+else
+    domainname=$1
+fi
+sudo certbot certonly --standalone -d $domainname
+
+# Open HTTP & HTTPS on firewall
 sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 

diff --git a/nginx/webrtc b/nginx/webrtc
@@ -1,5 +1,11 @@
 server {
-	listen       80;
+    listen 80;
+    server_name webrtc;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
 	listen       443 ssl;
 	server_name  webrtc;