From becb3c069c9cbe723591bdfa5eabeaf24dc9355d Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Fri, 17 Jan 2025 02:34:35 +0900 Subject: [PATCH] Update docs/configuring-playbook-turn.md and a related file - Edit the introducion based on docs/configuring-playbook-client-element-web.md - Adopt the commont format by creating the section "Adjusting the playbook configuration" - Add the section "Extending the configuration" - Move the section "Disabling Coturn" to the bottom Signed-off-by: Suguru Hirahara --- docs/configuring-playbook-turn.md | 56 ++++++++++++++++++------------- docs/configuring-playbook.md | 2 +- 2 files changed, 33 insertions(+), 25 deletions(-) diff --git a/docs/configuring-playbook-turn.md b/docs/configuring-playbook-turn.md index 30e534ff3..6e1a2d597 100644 --- a/docs/configuring-playbook-turn.md +++ b/docs/configuring-playbook-turn.md @@ -1,30 +1,22 @@ -# Adjusting TURN server configuration (optional, advanced) +# Configuring a TURN server (optional, advanced) -The playbook installs a [Coturn](https://github.com/coturn/coturn) TURN server by default, so that clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. +By default, this playbook installs and configures the [Coturn](https://github.com/coturn/coturn) as a TURN server, through which clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks. It also configures the Synapse chat server by default, so that it points to the Coturn TURN server installed by the playbook. If that's okay, you can skip this document. -By default, the Synapse chat server is configured, so that it points to the Coturn TURN server installed by the playbook. +If you'd like to stop the playbook installing the server, see the section [below](#disabling-coturn) to check the configuration for disabling it. -## Disabling Coturn - -If, for some reason, you'd like to prevent the playbook from installing Coturn, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: +## Adjusting the playbook configuration -```yaml -matrix_coturn_enabled: false -``` - -In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail. - -## Manually defining your public IP +### Define public IP manually (optional) In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn. -If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server. +If you'd rather use a local IP for `ansible_host`, add the following configuration to your `vars.yml` file. Make sure to replace `YOUR_PUBLIC_IP` with the pubic IP used by the server. ```yaml matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP" ``` -If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set `matrix_coturn_turn_external_ip_address` to an empty value. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable. +If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set an empty value to the variable. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable. If your server has multiple external IP addresses, the Coturn role offers a different variable for specifying them: @@ -33,11 +25,11 @@ If your server has multiple external IP addresses, the Coturn role offers a diff matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7'] ``` -## Changing the authentication mechanism +### Change the authentication mechanism (optional) The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better. -To do so, add this override to your configuration: +To do so, add the following configuration to your `vars.yml` file: ```yaml matrix_coturn_authentication_method: lt-cred-mech @@ -45,11 +37,11 @@ matrix_coturn_authentication_method: lt-cred-mech Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and Coturn. -If you're using [Jitsi](./configuring-playbook-jitsi.md), note that switching to `lt-cred-mech` will remove the integration between Jitsi and your own Coturn server, because Jitsi only seems to support the `auth-secret` authentication method. +If [Jitsi](configuring-playbook-jitsi.md) is installed, note that switching to `lt-cred-mech` will disable the integration between Jitsi and your Coturn server, as Jitsi seems to support the `auth-secret` authentication method only. -## Using your own external Coturn server +### Use your own external Coturn server (optional) -If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this: +If you'd like to use another TURN server (be it Coturn or some other one), add the following configuration to your `vars.yml` file. Make sure to replace `HOSTNAME_OR_IP` with your own. ```yaml # Disable integrated Coturn server @@ -63,16 +55,32 @@ matrix_synapse_turn_uris: - turn:HOSTNAME_OR_IP?transport=tcp ``` -If you have or want to enable [Jitsi](configuring-playbook-jitsi.md), you might want to enable the TURN server there too. If you do not do it, Jitsi will fall back to an upstream service. +If you have or want to enable Jitsi, you might want to enable the TURN server there too. If you do not do it, Jitsi will fall back to an upstream service. ```yaml jitsi_web_stun_servers: - stun:HOSTNAME_OR_IP:PORT ``` -You can put multiple host/port combinations if you like. -## Further variables and configuration options -To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml +You can put multiple host/port combinations if you'd like to. + +### Extending the configuration + +There are some additional things you may wish to configure about the TURN server. + +Take a look at: + +- `roles/custom/matrix-coturn/defaults/main.yml` for some variables that you can customize via your `vars.yml` file + +## Disabling Coturn + +If, for some reason, you'd like for the playbook to not install Coturn (or to uninstall it if it was previously installed), add the following configuration to your `vars.yml` file: + +```yaml +matrix_coturn_enabled: false +``` + +In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail. ## Installing diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 1603da378..2325aea66 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -40,7 +40,7 @@ For a more custom setup, see the [Other configuration options](#other-configurat - Server components: - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) - - [Adjusting TURN server configuration](configuring-playbook-turn.md) (advanced) + - [Configuring a TURN server](configuring-playbook-turn.md) (advanced) - [Configuring the Traefik reverse-proxy](configuring-playbook-traefik.md) (advanced)