Ansible Role coturn
This role installs and configures coturn.
Runs on
RHEL 8 (and compatible)
Mandatory Requirements
On RHEL-compatible systems, enable the EPEL repository. This can be done using the linuxfabrik.lfops.repo_epel role.
Mandatory Role Variables
Variable |
Description |
|---|---|
|
List of IP address ranges which never be used as peer IPs. This should be used to prevent the coturn server from accessing private IPs. Given the turn server is likely behind your firewall, remember to include any privileged public IPs too. |
|
The default realm to be used for the users. Hint: Should be the domain of the coturn server for the usage with Nextcloud. |
|
Static authentication secret value (a string) for TURN REST API only. |
Example:
# mandatory
coturn__denied_peer_ip:
- '192.0.2.0-192.0.255.255'
coturn__realm: 'turn.example.com'
coturn__static_auth_secret: 'egi7eesa9eik4kae9ov9quohpheequ9XighaivobuThoo7ooKuo3aikooNuy9edei4fu3jaikeepai4j'
Optional Role Variables
Variable |
Description |
Default Value |
|---|---|---|
|
List of IP address ranges which are excepted from |
|
|
TURN listener port for UDP and TCP listeners |
|
|
Upper bound of the UDP port range for relay endpoints allocation. |
|
|
Lower bound of the UDP port range for relay endpoints allocation. |
|
|
Enables or disables the coturn service, analogous to |
|
|
Use extra security with nonce value having limited lifetime, in seconds. Set it to 0 for unlimited nonce lifetime. |
|
Example:
# optional
coturn__allowed_peer_ip:
- '{{ ansible_facts["default_ipv4"]["address"] }}'
coturn__listening_port: 3478
coturn__max_port: 65535
coturn__min_port: 49152
coturn__service_enabled: true
coturn__state_nonce: 0