From 7e517fb848af1aea634644b67a2b5814e86e863a Mon Sep 17 00:00:00 2001 From: mattslaney Date: Thu, 11 Jul 2024 12:54:31 +0100 Subject: [PATCH] nginx https only, real cert gen, fix turnserver conf --- coturn/turnserver.conf | 2 +- index.js | 8 ++++---- nginx/setup.sh | 14 ++++++++++++++ nginx/webrtc | 8 +++++++- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/coturn/turnserver.conf b/coturn/turnserver.conf index 6907326..d3a1e05 100644 --- a/coturn/turnserver.conf +++ b/coturn/turnserver.conf @@ -10,6 +10,6 @@ fingerprint # lt-cred-mech # user=someusername:somepassword use-auth-secret -status-auth-secret=COTURN_AUTH_SECRET +static-auth-secret=COTURN_AUTH_SECRET # log-file=/var/tmp/turn.log syslog \ No newline at end of file diff --git a/index.js b/index.js index 806d6ad..d04bd96 100644 --- a/index.js +++ b/index.js @@ -19,9 +19,7 @@ try { console.error("Error reading config file: ", err); } -const generateTurnCredentials = () => { - const secret = config.TURN_SECRET; - const ttl = parseInt(config.TURN_TTL); +const generateTurnCredentials = (secret, ttl) => { const timestamp = Math.floor(Date.now() / 1000) + ttl; const userId = "turnuser"; const userCombo = `${timestamp}:${userId}`; @@ -111,7 +109,9 @@ app.use( express.static("node_modules/material-icons/iconfont") ); app.get("/config", (_, res) => { - const [username, password] = generateTurnCredentials(); + const secret = config.TURN_SECRET; + const ttl = parseInt(config.TURN_TTL); + const [username, password] = generateTurnCredentials(secret, ttl); console.log(`TURN username: ${username}, password: ${password}`); const updatedIceServers = peerConfig.iceServers.map((server) => { diff --git a/nginx/setup.sh b/nginx/setup.sh index e94da42..ca5e1f3 100755 --- a/nginx/setup.sh +++ b/nginx/setup.sh @@ -10,6 +10,20 @@ sudo cp *.pem /etc/ssl sudo cp webrtc /etc/nginx/sites-available/ sudo ln -s /etc/nginx/sites-available/webrtc /etc/nginx/sites-enabled +# Obtain a certificate +## Self Signed +# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 +## Self Signed - One Command +# sudo openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname" +## Real Certificate +if [ -z "$1" ]; then + read -p "Enter the domain for the certificate: " domainname +else + domainname=$1 +fi +sudo certbot certonly --standalone -d $domainname + +# Open HTTP & HTTPS on firewall sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT diff --git a/nginx/webrtc b/nginx/webrtc index c644d50..e07c91b 100644 --- a/nginx/webrtc +++ b/nginx/webrtc @@ -1,5 +1,11 @@ server { - listen 80; + listen 80; + server_name webrtc; + + return 301 https://$host$request_uri; +} + +server { listen 443 ssl; server_name webrtc;