소스 검색
Enable some recommended Coturn options in an effort to lower DDoS amplification factor
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592pull/2596/head
Slavi Pantaleev
3 년 전
2개의 변경된 파일과 26개의 추가작업 그리고 0개의 파일을 삭제
통합 보기
Diff Options
-
+14 -0roles/custom/matrix-coturn/defaults/main.yml
-
+12 -0roles/custom/matrix-coturn/templates/turnserver.conf.j2
+ 14
- 0
roles/custom/matrix-coturn/defaults/main.yml
파일 보기
| @@ -112,11 +112,25 @@ matrix_coturn_user_quota: null | |||||
| matrix_coturn_total_quota: null | matrix_coturn_total_quota: null | ||||
| # Controls whether `no-tcp-relay` is added to the configuration | # Controls whether `no-tcp-relay` is added to the configuration | ||||
| # Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L419-L422 | |||||
| matrix_coturn_no_tcp_relay_enabled: true | matrix_coturn_no_tcp_relay_enabled: true | ||||
| # Controls whether `no-multicast-peers` is added to the configuration | # Controls whether `no-multicast-peers` is added to the configuration | ||||
| # Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L629-L632 | |||||
| matrix_coturn_no_multicast_peers_enabled: true | matrix_coturn_no_multicast_peers_enabled: true | ||||
| # Controls whether `no-rfc5780` is added to the configuration | |||||
| # Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L770-L781 | |||||
| matrix_coturn_no_rfc5780_enabled: true | |||||
| # Controls whether `no-stun-backward-compatibility` is added to the configuration | |||||
| # Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L783-L789 | |||||
| matrix_coturn_no_stun_backward_compatibility_enabled: true | |||||
| # Controls whether `response-origin-only-with-rfc5780` is added to the configuration | |||||
| # Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L791-L796 | |||||
| matrix_coturn_response_origin_only_with_rfc5780_enabled: true | |||||
| # Additional configuration to be passed to turnserver.conf | # Additional configuration to be passed to turnserver.conf | ||||
| # Example: | # Example: | ||||
| # matrix_coturn_additional_configuration: | | # matrix_coturn_additional_configuration: | | ||||
+ 12
- 0
roles/custom/matrix-coturn/templates/turnserver.conf.j2
파일 보기
| @@ -35,6 +35,18 @@ prod | |||||
| no-tcp-relay | no-tcp-relay | ||||
| {% endif %} | {% endif %} | ||||
| {% if matrix_coturn_no_rfc5780_enabled %} | |||||
| no-rfc5780 | |||||
| {% endif %} | |||||
| {% if matrix_coturn_no_stun_backward_compatibility_enabled %} | |||||
| no-stun-backward-compatibility | |||||
| {% endif %} | |||||
| {% if matrix_coturn_response_origin_only_with_rfc5780_enabled %} | |||||
| response-origin-only-with-rfc5780 | |||||
| {% endif %} | |||||
| {% if matrix_coturn_user_quota != None %} | {% if matrix_coturn_user_quota != None %} | ||||
| user-quota={{ matrix_coturn_user_quota }} | user-quota={{ matrix_coturn_user_quota }} | ||||
| {% endif %} | {% endif %} | ||||