diff --git a/README.turnserver b/README.turnserver index 50b3be53..85087bb4 100644 --- a/README.turnserver +++ b/README.turnserver @@ -181,7 +181,7 @@ Flags: The actual value of the secret is defined either by option static-auth-secret, or can be found in the turn_secret table in the database. ---oauth Require oAuth authentication, as in the third-party TURN specs document. +--oauth Support oAuth authentication, as in the third-party TURN specs document. --dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066. diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index cc533781..e4209026 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -213,7 +213,7 @@ # #server-name=blackdow.carleon.gov -# Flag to require oAuth authentication. +# Flag that allows oAuth authentication. # #oauth diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh index e070dbd2..59254acb 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_mongo.sh @@ -21,6 +21,7 @@ # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 9) "--log-file=stdout" means that all log output will go to the stdout. # 10) --cipher-list=ALL means that we support all OpenSSL ciphers +# 11) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -30,4 +31,4 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh index 04834a0d..44448dae 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql.sh @@ -22,6 +22,7 @@ # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 9) "--log-file=stdout" means that all log output will go to the stdout. # 10) --cipher-list=ALL means that we support all OpenSSL ciphers +# 11) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -31,4 +32,4 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh index 52751b1f..5da6af48 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_mysql_ssl.sh @@ -23,6 +23,7 @@ # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 9) "--log-file=stdout" means that all log output will go to the stdout. # 10) --cipher-list=ALL means that we support all OpenSSL ciphers +# 11) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -32,4 +33,4 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh index 4e422294..f65852fb 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_psql.sh @@ -22,6 +22,7 @@ # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 9) "--log-file=stdout" means that all log output will go to the stdout. # 10) --cipher-list=ALL means that we support all OpenSSL ciphers +# 11) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -31,7 +32,7 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ # Newer PostgreSQL style connection string example: -# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh index af5449ff..1de0d158 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_redis.sh @@ -25,6 +25,7 @@ # 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 10) "--log-file=stdout" means that all log output will go to the stdout. # 11) --cipher-list=ALL means that we support all OpenSSL ciphers +# 12) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -34,4 +35,4 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh b/examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh index f0866065..892df9c0 100755 --- a/examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh +++ b/examples/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh @@ -21,6 +21,7 @@ # 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. # 9) "--log-file=stdout" means that all log output will go to the stdout. # 10) --cipher-list=ALL means that we support all OpenSSL ciphers +# 11) --oauth - mandate oAuth security dialog # Other parameters (config file name, etc) are default. if [ -d examples ] ; then @@ -30,5 +31,5 @@ fi export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL $@ +PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_mongo.sh b/examples/scripts/oauth/secure_relay_with_db_mongo.sh deleted file mode 100755 index 59254acb..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_mongo.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with MongoDB database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --mongo-userdb="mongodb://localhost/coturn" -# means that local MongoDB database "turn" will be used. -# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 9) "--log-file=stdout" means that all log output will go to the stdout. -# 10) --cipher-list=ALL means that we support all OpenSSL ciphers -# 11) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mongo-userdb="mongodb://localhost/coturn" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_mysql.sh b/examples/scripts/oauth/secure_relay_with_db_mysql.sh deleted file mode 100755 index 44448dae..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_mysql.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with MySQL database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" -# means that local MySQL database "coturn" will be used, with database user "turn" and -# database user password "turn", and connection timeout 30 seconds. -# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 9) "--log-file=stdout" means that all log output will go to the stdout. -# 10) --cipher-list=ALL means that we support all OpenSSL ciphers -# 11) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_mysql_ssl.sh b/examples/scripts/oauth/secure_relay_with_db_mysql_ssl.sh deleted file mode 100755 index 5da6af48..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_mysql_ssl.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with SSL connection to a MySQL database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" -# means that local MySQL database "coturn" will be used, with database user "turn" and -# database user password "turn", and with SSL connection with cipher DHE-RSA-AES256-SHA, -# and connection timeout 30 seconds. -# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 9) "--log-file=stdout" means that all log output will go to the stdout. -# 10) --cipher-list=ALL means that we support all OpenSSL ciphers -# 11) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --mysql-userdb="host=localhost dbname=coturn user=turn password=turn cipher=DHE-RSA-AES256-SHA connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_psql.sh b/examples/scripts/oauth/secure_relay_with_db_psql.sh deleted file mode 100755 index f65852fb..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_psql.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with Postgres database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" -# means that local database "coturn" will be used, with database user "turn" and database user -# password "turn". -# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 9) "--log-file=stdout" means that all log output will go to the stdout. -# 10) --cipher-list=ALL means that we support all OpenSSL ciphers -# 11) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb="host=localhost dbname=coturn user=turn password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ - -# Newer PostgreSQL style connection string example: -# PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --psql-userdb=postgresql://turn:turn@/turn --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_redis.sh b/examples/scripts/oauth/secure_relay_with_db_redis.sh deleted file mode 100755 index 1de0d158..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_redis.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with Redis database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" -# means that local Redis database 0 will be used, -# database password is "turn", and connection timeout 30 seconds. -# 7) --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" -# means that we want to use Redis for status and statistics information, -# and this will be the database number 3. -# 8) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 9) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 10) "--log-file=stdout" means that all log output will go to the stdout. -# 11) --cipher-list=ALL means that we support all OpenSSL ciphers -# 12) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --redis-userdb="ip=127.0.0.1 dbname=2 password=turn connect_timeout=30" --redis-statsdb="ip=127.0.0.1 dbname=3 password=turn connect_timeout=30" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ diff --git a/examples/scripts/oauth/secure_relay_with_db_sqlite.sh b/examples/scripts/oauth/secure_relay_with_db_sqlite.sh deleted file mode 100755 index 892df9c0..00000000 --- a/examples/scripts/oauth/secure_relay_with_db_sqlite.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# -# This is an example how to start a TURN Server in -# secure mode with SQLite database for users -# with the long-term credentials mechanism. -# -# We start here a TURN Server listening on IPv4 address -# 127.0.0.1 and on IPv6 address ::1. We use 127.0.0.1 as -# IPv4 relay address, and we use ::1 as IPv6 relay address. -# -# Other options: -# -# 1) set bandwidth limit on client session 3000000 bytes per second (--max-bps). -# 2) use fingerprints (-f) -# 3) use 3 relay threads (-m 3) -# 4) use min UDP relay port 32355 and max UDP relay port 65535 -# 5) "-r north.gov" means "use authentication realm north.gov" -# 6) --db= -# means that local database will be used. -# 7) "--cert=example_turn_server_cert.pem" sets the OpenSSL certificate file name. -# 8) "--pkey=example_turn_server_pkey.pem" sets the OpenSSL private key name. -# 9) "--log-file=stdout" means that all log output will go to the stdout. -# 10) --cipher-list=ALL means that we support all OpenSSL ciphers -# 11) --oauth - mandate oAuth security dialog -# Other parameters (config file name, etc) are default. - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ -export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/ - -PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --server-name="blackdow.carleon.gov" -v --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 -r north.gov --db="var/db/turndb" --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout --cipher-list=ALL --oauth $@ - diff --git a/examples/scripts/oauth/secure_udp_client.sh b/examples/scripts/oauth/secure_udp_client.sh deleted file mode 100755 index 76df4619..00000000 --- a/examples/scripts/oauth/secure_udp_client.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh -# -# This is an example of a script to run a "secure" TURN UDP client -# with the long-term credentials mechanism. -# -# Options: -# -# 1) -t is absent, it means that UDP networking is used. -# 5) -n 1000 means 1000 messages per single emulated client. Messages -# are sent with interval of 20 milliseconds, to emulate an RTP stream. -# 6) -m 10 means that 10 clients are emulated. -# 7) -l 170 means that the payload size of the packets is 170 bytes -# (like average audio RTP packet). -# 8) -e 127.0.0.1 means that the clients will use peer address 127.0.0.1. -# 9) -g means "set DONT_FRAGMENT parameter in TURN requests". -# 10) -u ninefingers means that if the server challenges the client with -# authentication challenge, then we use account "ninefingers". -# 11) -w youhavetoberealistic sets the password for the account as "youhavetoberealistic". -# 12) -s option is absent - it means that the client will be using -# the "channel" mechanism for data. -# 13) -J means that the client supports oAuth third-party authorization -# (with kid='north') -# 14) ::1 (the last parameter) is the TURN Server IP address. We use IPv6 here -# to illustrate how the TURN Server convert the traffic from IPv6 to IPv4 and back. -# - -if [ -d examples ] ; then - cd examples -fi - -export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/ - -PATH=examples/bin/:../bin/:./bin/:${PATH} turnutils_uclient -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u ninefingers -w youhavetoberealistic -J $@ ::1 - diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index a809a709..51c4d857 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -265,7 +265,7 @@ or can be found in the turn_secret table in the database. .TP .B \fB\-\-oauth\fP -Require oAuth authentication, as in the third\-party TURN specs document. +Support oAuth authentication, as in the third\-party TURN specs document. .TP .B \fB\-\-dh566\fP diff --git a/rpm/turnserver.spec b/rpm/turnserver.spec index fcf68a4c..95a884c9 100644 --- a/rpm/turnserver.spec +++ b/rpm/turnserver.spec @@ -235,14 +235,6 @@ fi %{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_psql.sh %{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_redis.sh %{_datadir}/%{name}/scripts/longtermsecuredb/secure_relay_with_db_sqlite.sh -%dir %{_datadir}/%{name}/scripts/oauth -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_mysql.sh -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_mysql_ssl.sh -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_mongo.sh -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_psql.sh -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_redis.sh -%{_datadir}/%{name}/scripts/oauth/secure_relay_with_db_sqlite.sh -%{_datadir}/%{name}/scripts/oauth/secure_udp_client.sh %dir %{_datadir}/%{name}/scripts/restapi %{_datadir}/%{name}/scripts/restapi/secure_relay_secret.sh %{_datadir}/%{name}/scripts/restapi/secure_relay_secret_with_db_mysql.sh diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 1eb9440f..7dd1e65d 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -492,7 +492,7 @@ static char Usage[] = "Usage: turnserver [options]\n" " --server-name Server name used for\n" " the oAuth authentication purposes.\n" " The default value is the realm name.\n" -" --oauth Require oAuth authentication.\n" +" --oauth Support oAuth authentication.\n" " -n Do not use configuration file, take all parameters from the command line only.\n" " --cert Certificate file, PEM format. Same file search rules\n" " applied as for the configuration file.\n"