Ansible Role coturn¶
This role installs and configures coturn.
Mandatory Requirements¶
On RHEL-compatible systems, enable the EPEL repository. This can be done using the linuxfabrik.lfops.repo_epel role.
Mandatory Role Variables¶
coturn__denied_peer_ip
List of IP address ranges which never be used as peer IPs. This should be used to prevent the coturn server from accessing private IPs. Given the turn server is likely behind your firewall, remember to include any privileged public IPs too.
Type: List of strings.
coturn__realm
The default realm to be used for the users. Hint: Should be the domain of the coturn server for the usage with Nextcloud.
Type: String.
coturn__static_auth_secret
Static authentication secret value (a string) for TURN REST API only.
Type: String.
Example:
# mandatory
coturn__denied_peer_ip:
- '192.0.2.0-192.0.255.255'
coturn__realm: 'turn.example.com'
coturn__static_auth_secret: 'egi7eesa9eik4kae9ov9quohpheequ9XighaivobuThoo7ooKuo3aikooNuy9edei4fu3jaikeepai4j'
Optional Role Variables¶
coturn__allowed_peer_ip
List of IP address ranges which are excepted from
coturn__denied_peer_ip.Type: List of strings.
Default:
['{{ ansible_facts["default_ipv4"]["address"] }}']
coturn__listening_port
TURN listener port for UDP and TCP listeners.
Type: Number.
Default:
3478
coturn__max_port
Upper bound of the UDP port range for relay endpoints allocation.
Type: Number.
Default:
65535
coturn__min_port
Lower bound of the UDP port range for relay endpoints allocation.
Type: Number.
Default:
49152
coturn__service_enabled
Enables or disables the coturn service, analogous to
systemctl enable/disable --now.Type: Bool.
Default:
true
coturn__state_nonce
Use extra security with nonce value having limited lifetime, in seconds. Set it to 0 for unlimited nonce lifetime.
Type: Number.
Default:
0
Example:
# optional
coturn__allowed_peer_ip:
- '{{ ansible_facts["default_ipv4"]["address"] }}'
coturn__listening_port: 3478
coturn__max_port: 65535
coturn__min_port: 49152
coturn__service_enabled: true
coturn__state_nonce: 0