Created
October 3, 2020 17:49
-
-
Save hermanbanken/e500381cb26cc24330a6a8acc4c597a3 to your computer and use it in GitHub Desktop.
TURN on Jitsi on kubernetes (k8s)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// adapted from default | |
export const settings = { | |
...defaultSettings, | |
useStunTurn: true, | |
p2p: { | |
enabled: false, // disabled for testing | |
useStunTurn: true, | |
}, | |
// Some other settings for resolution & parallel talking as relevant for our usecase | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- original (adapted) source: https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua | |
-- XEP-0215 implementation for time-limited turn credentials | |
-- Copyright (C) 2012-2014 Philipp Hancke | |
-- This file is MIT/X11 licensed. | |
--turncredentials_secret = "keepthissecret"; | |
--turncredentials = { | |
-- { type = "stun", host = "8.8.8.8", port = 3478 }, | |
-- { type = "turn", host = "8.8.8.8", port = 3478 }, | |
-- { type = "turn", host = "8.8.8.8", port = 80, transport = "tcp" } | |
--} | |
-- for stun servers, host is required, port defaults to 3478 | |
-- for turn servers, host is required, port defaults to tcp, | |
-- transport defaults to udp | |
-- hosts can be a list of server names / ips for random | |
-- choice loadbalancing | |
local st = require "util.stanza"; | |
local hmac_sha1 = require "util.hashes".hmac_sha1; | |
local base64 = require "util.encodings".base64; | |
local os_time = os.time; | |
local secret = module:get_option_string("turncredentials_secret"); | |
local ttl = module:get_option_number("turncredentials_ttl", 86400); | |
local hosts = module:get_option("turncredentials") or {}; | |
-- Add fixed set of stun host(s) | |
local hosts_fixed = { | |
{ type = "stun", host = "meet-jit-si-turnrelay.jitsi.net", port = 443 } | |
} | |
for _,v in ipairs(hosts_fixed) do | |
table.insert(hosts, v) | |
end | |
-- Output configuration in logs | |
for idx, item in pairs(hosts) do | |
module:log("info", "TURN/STUN: %s %s/%q", item.type, item.host, item.hosts); | |
end | |
if not (secret) then | |
module:log("error", "turncredentials not configured"); | |
return; | |
end | |
function random(arr) | |
local index = math.random(1, #arr); | |
return arr[index]; | |
end | |
module:hook_global("config-reloaded", function() | |
secret = module:get_option_string("turncredentials_secret"); | |
ttl = module:get_option_number("turncredentials_ttl", 86400); | |
hosts = module:get_option("turncredentials") or {}; | |
end); | |
function disco(xmlns) | |
module:log("info", "TURN/STUN serving %s", xmlns); | |
return function (event) | |
local origin, stanza = event.origin, event.stanza; | |
if origin.type ~= "c2s" then | |
return; | |
end | |
module:log("info", "TURN/STUN running Service Discovery for end-user"); | |
local now = os_time() + ttl; | |
local userpart = tostring(now); | |
local nonce = base64.encode(hmac_sha1(secret, tostring(userpart), false)); | |
local reply = st.reply(stanza):tag("services", {xmlns = xmlns}) | |
for idx, item in pairs(hosts) do | |
if item.type == "stun" or item.type == "stuns" then | |
local stun = {} | |
-- stun items need host and port (defaults to 3478) | |
stun.type = item.type; | |
stun.port = ("%d"):format(item.port); | |
if item.hosts then | |
stun.host = random(item.hosts) | |
else | |
stun.host = item.host | |
end | |
reply:tag("service", stun):up(); | |
elseif item.type == "turn" or item.type == "turns" then | |
local turn = {} | |
-- turn items need host, port (defaults to 3478), | |
-- transport (defaults to udp) | |
-- username, password, ttl | |
turn.type = item.type; | |
turn.port = ("%d"):format(item.port); | |
turn.transport = item.transport; | |
turn.username = userpart; | |
turn.password = nonce; | |
turn.ttl = ("%d"):format(ttl); | |
if item.hosts then | |
turn.host = random(item.hosts) | |
else | |
turn.host = item.host | |
end | |
reply:tag("service", turn):up(); | |
end | |
end | |
origin.send(reply); | |
return true; | |
end | |
end | |
-- jitsi uses extdisco:1, but extdisco:2 is also possible since 2015 | |
-- https://community.jitsi.org/t/no-traffic-to-jvb-from-client/70817 | |
module:hook("iq-get/host/urn:xmpp:extdisco:1:services", disco("urn:xmpp:extdisco:1")); | |
module:hook("iq-get/host/urn:xmpp:extdisco:2:services", disco("urn:xmpp:extdisco:2")); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment