Add support for NCs Talk app with own stun/turn server.

2020-03-21 12:57:11 +01:00 · 2020-03-21 12:57:11 +01:00 · 9f2764c0ae
commit 9f2764c0ae
parent 6ea1f594b8
5 changed files with 96 additions and 0 deletions
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@ -386,6 +386,18 @@ jitsi_tcp_ports="$standard_http_ports"
 jitsi_udp_port_range="10000:20000"


+# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
+# -
+nc_turn_server_ips=""
+forward_nc_turn_server_ips=""
+
+# - Ports used by local TURN Server (Stun Server)
+# -
+# - comma separated list
+# -
+nc_turn_ports="3478:3479,5349:5350"
+
+
 # - TFTP Server
 # -
 # - NOT YET IMPLEMENTED
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@ -405,6 +405,18 @@ jitsi_tcp_ports="$standard_http_ports"
 jitsi_udp_port_range="10000:20000"


+# - TURN Server (Stun Server) (for Nextcloud 'talk' app)
+# -
+nc_turn_server_ips=""
+forward_nc_turn_server_ips=""
+
+# - Ports used by local TURN Server (Stun Server)
+# -
+# - comma separated list
+# -
+nc_turn_ports="3478:3479,5349:5350"
+
+
 # - TFTP Server
 # -
 # - NOT YET IMPLEMENTED
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@ -315,6 +315,20 @@ for _ip in $forward_jitsi_server_ips ; do
   forward_jitsi_server_ip_arr+=("$_ip")
 done

+# ---
+# - IP Addresses TURN Server (Stun Server) (for Nextcloud 'talk' app)
+# ---
+# local
+declare -a nc_turn_server_ip_arr
+for _ip in $nc_turn_server_ips ; do
+   nc_turn_server_ip_arr+=("$_ip")
+done
+# DMZ
+declare -a forward_nc_turn_server_ip_arr
+for _ip in $forward_nc_turn_server_ips ; do
+   forward_nc_turn_server_ip_arr+=("$_ip")
+done
+
 # ---
 # - IP Addresses Telephone Systems
 # ---
--- a/29
+++ b/29
@ -1769,6 +1769,35 @@ else
 fi


+# ---
+# - TURN Service (for NC Talk App)
+# ---
+
+echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
+
+if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]]  ; then
+
+   if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${nc_turn_server_ip_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if  [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+      for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+      done
+   fi
+
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - Jitsi Video Conferencing Service
 # ---
--- a/29
+++ b/29
@ -2015,6 +2015,35 @@ else
 fi


+# ---
+# - TURN Service (for NC Talk App)
+# ---
+
+echononl "\t\tTURN Service (for NC Talk App) both: udp and tcp"
+
+if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]]  ; then
+
+   if [[ ${#nc_turn_server_ip_arr[@]} -gt 0 ]] ; then
+      for _ip in ${nc_turn_server_ip_arr[@]} ; do
+         $ipt -A INPUT -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+         $ipt -A INPUT -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+      done
+   fi
+
+   if  [[ ${#forward_nc_turn_server_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+      for _ip in ${forward_nc_turn_server_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -d $_ip -m multiport --dports $nc_turn_ports -m state --state NEW -j ACCEPT
+      done
+   fi
+
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
 # ---
 # - Jitsi Video Conferencing Service
 # ---