-
Notifications
You must be signed in to change notification settings - Fork 359
Expand file tree
/
Copy pathmain.go
More file actions
102 lines (88 loc) · 2.88 KB
/
main.go
File metadata and controls
102 lines (88 loc) · 2.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// SPDX-FileCopyrightText: 2026 The Pion community <https://pion.ly>
// SPDX-License-Identifier: MIT
// Package main implements a TURN server with TLS support
package main
import (
"crypto/tls"
"flag"
"log"
"net"
"os"
"os/signal"
"strconv"
"strings"
"syscall"
"github.com/pion/turn/v5"
)
func main() {
publicIP := flag.String("public-ip", "", "IP Address that TURN can be contacted by.")
port := flag.Int("port", 5349, "Listening port.")
users := flag.String("users", "", "List of username and password (e.g. \"user=pass,user=pass\")")
realm := flag.String("realm", "pion.ly", "Realm (defaults to \"pion.ly\")")
certFile := flag.String("cert", "server.crt", "Certificate (defaults to \"server.crt\")")
keyFile := flag.String("key", "server.key", "Key (defaults to \"server.key\")")
flag.Parse()
if len(*publicIP) == 0 {
log.Fatalf("'public-ip' is required")
} else if len(*users) == 0 {
log.Fatalf("'users' is required")
}
cer, err := tls.LoadX509KeyPair(*certFile, *keyFile)
if err != nil {
log.Println(err)
return
}
// Create a TLS listener to pass into pion/turn
// pion/turn itself doesn't allocate any TLS listeners, but lets the user pass them in
// this allows us to add logging, storage or modify inbound/outbound traffic
tlsListener, err := tls.Listen("tcp4", net.JoinHostPort("0.0.0.0", strconv.Itoa(*port)), &tls.Config{
MinVersion: tls.VersionTLS12,
Certificates: []tls.Certificate{cer},
})
if err != nil {
log.Println(err)
return
}
// Cache -users flag for easy lookup later
// If passwords are stored they should be saved to your DB hashed using turn.GenerateAuthKey
usersMap := map[string][]byte{}
for userPass := range strings.SplitSeq(*users, ",") {
parts := strings.SplitN(userPass, "=", 2)
if len(parts) != 2 {
log.Fatalf("Invalid user credential format '%s': expected 'username=password'", userPass)
}
usersMap[parts[0]] = turn.GenerateAuthKey(parts[0], *realm, parts[1])
}
server, err := turn.NewServer(turn.ServerConfig{
Realm: *realm,
// Set AuthHandler callback
// This is called every time a user tries to authenticate with the TURN server
// Return the key for that user, or false when no user is found
AuthHandler: func(ra *turn.RequestAttributes) (string, []byte, bool) {
if key, ok := usersMap[ra.Username]; ok {
return ra.Username, key, true
}
return "", nil, false
},
// ListenerConfig is a list of Listeners and the configuration around them
ListenerConfigs: []turn.ListenerConfig{
{
Listener: tlsListener,
RelayAddressGenerator: &turn.RelayAddressGeneratorStatic{
RelayAddress: net.ParseIP(*publicIP),
Address: "0.0.0.0",
},
},
},
})
if err != nil {
log.Panic(err)
}
// Block until user sends SIGINT or SIGTERM
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
<-sigs
if err = server.Close(); err != nil {
log.Panic(err)
}
}