eturnal 1.12.2

Added

• Allow for setting the software_name option to none, which configures
  eturnal to omit the SOFTWARE attribute from STUN/TURN responses.
• Allow for setting the relay_ipv4_addr and/or relay_ipv6_addr options to
  none. The latter may be useful for disabling RFC 6156 support (e.g., in
  case the server's IPv6 setup isn't usable for some reason).

Changed

• Binary release: Use new (GCC-14.2-based) version of build toolchain.
• Binary release: Update Erlang/OTP from 27.1.2 to 27.3.3.
• Binary release: Update OpenSSL from 3.4.0 to 3.5.0.
• Docker: Switch base image to Wolfi OS,
  which uses glibc. The old musl-libc (Alpine) variants now have a -alpine
  suffix.
• Windows: Add explicit IPv4 listeners to default configuration, as :: doesn't
  create dual-stack sockets on that platform.

eturnal 1.12.1

Added

• Docker: Offer a container VARIANT which includes the acme.sh cert creation
  script. The variant has a tag suffix -acme or just acme as latest
  synonym and can be configured with environment variables.
• Docker: Add Docker secrets support. Any environment variable with a __FILE
  suffix is treated as a Docker secret. (#64)

Changed

• The eturnalctl status call now checks whether eturnal is actually ready to
  handle STURN/TURN clients (and prints a line to the standard output in that
  case). If this call is issued early during startup, it will block (up to 15
  seconds) until eturnal is responsive. The old behavior was to (silently)
  return success as soon as the underlying VM is alive.
• Binary release: Update Erlang/OTP from 26.0.2 to 27.1.2.
• Binary release: Update Rebar3 from 3.22.1 to 3.24.0.
• Binary release: Update OpenSSL from 3.1.3 to 3.4.0.

eturnal 1.12.0

Added

• The new blacklist_clients and blacklist_peers options may be used to
  specify blocklists for TURN clients and TURN peers separately. The old
  blacklist option that affected both clients and peers has been deprecated.
  The same applies to the whitelist option, which has been deprecated in favor
  of the new whitelist_clients and whitelist_peers options. By default, the
  blacklist_peers option is set to a list of networks
  recommended
  to be blocked. The other three lists are empty by default.

Changed

• Binary release: Update OpenSSL from 3.1.2 to 3.1.3.
• Binary release: Update zlib from 1.2.13 to 1.3.
• Binary release: Use new (GCC-13.2-based) version of build toolchain.

Fixed

• Don't fail to ping the systemd watchdog under certain conditions.

Removed

• Drop support for container image for architecture s390x. If you need it,
  please contact us.

eturnal 1.11.1

Fixed

• Don't fail to build with SKIP_DEPS set to true.

eturnal 1.11.0

Added

• Allow for specifying static credentials in the eturnal.yml configuration
  file. They can be used instead of (or in addition to) a shared secret.
• Allow for overriding the build.config settings using environment variables
  (of the same name, but upper-case).
• Docker: Container images can now be pulled from Docker Hub as well. The name
  is docker.io/eturnal/eturnal:latest. When pulling with Docker, docker.io
  may be omitted.
• Provide a homebrew Formula
  for macOS.

Changed

• The environment variable ETURNAL_ETC_PREFIX has been deprecated in favor of
  ETURNAL_ETC_DIR. If the former was used with previous releases,
  ETURNAL_ETC_DIR should now be set to $ETURNAL_ETC_PREFIX/etc.
• mod_stats_prometheus: Fine tune bucket sizes for TURN sessions, e.g., drop
  the 1 KiB bucket, as the 4 KiB bucket size should be sufficient to identify
  "inactive" sessions. Also, slightly alter the other bucket sizes.
• Binary release: Update Erlang/OTP from 25.0.3 to 26.0.2.
• Binary release: Update Rebar3 from 3.19.0 to 3.22.1.
• Binary release: Update OpenSSL from 1.1.1q to 3.1.2.
• Binary release: Update zlib from 1.2.12 to 1.2.13.
• Binary release: Build Erlang/OTP without Termcap support.
• Docker: Always use the same Erlang/OTP version as the binary release.
• Windows: Update Erlang/OTP to 26.x.

Fixed

• Fix a small memory leak (about 200 bytes per TURN session).
• Include the ssl library with non-distro builds, as it's required for
  enabling TLS for the mod_stats_prometheus endpoint.
• Docker: Include libcap libraries into the image to enable binding to
  privileged ports (<1024) directly.
  Hint: Depending on the container runtime in use, if the docker run option
  --cap-drop=ALL is used, CAP_NET_BIND_SERVICE may be included again to make
  the container work (see examples).

eturnal 1.10.1

Added

• Improve TCP/TLS performance if no traffic shaper is configured using the
  max_bps option.
• mod_stats_prometheus: Add a counter for STUN/TURN protocol errors, bucketed
  by transport and error condition.
• build.config: Add code_loading option to specify whether code is loaded
  statically during eturnal startup or dynamically on demand. The latter may be
  desirable for (distribution) builds that use separately packaged Erlang
  dependencies, as it avoids hard-coding dependency versions at build time.
• Docker: Include STUN lookup at container start for an IPv6 address as well.
• Docker: Allow to define a different external STUN service for IP address
  lookups by adding the container-image-specific environment variable
  STUN_SERVICE, defaulting to: STUN_SERVICE="stun.conversations.im 3478".
  This same variable may also be used to disable the STUN lookup by defining
  STUN_SERVICE=false.

Changed

• build.config: Rename the eturnal_bin_prefix option to eturnal_prefix.
• Binary release: Reduce code size by omitting an unused transitive dependency
  (which had slipped back into the previous release).

Removed

• build.config: Remove the eturnal_etc_prefix option.

Fixed

• Fix dynamic loading of mod_stats_prometheus dependencies (for distribution
  builds).
• Docker: Keep list of installed packages, so that image scanners like Trivy can
  check the image for vulnerabilities.

eturnal 1.10.0

Added

• Include mod_stats_prometheus, a module for exporting metrics to Prometheus.
• Include an example configuration for logrotate.
• Include an example OpenRC init (and configuration) file.

Changed

• If an EPMD process was spawned during eturnal startup, stop it on shutdown,
  unless it's used by other Erlang nodes.

Fixed

• Avoid permission issues in the case where eturnalctl was invoked by root
  from a directory the user running eturnal isn't permitted to change into.
• Make sure eturnalctl daemon won't hang on the very first startup when using
  Erlang/OTP 23 or newer.

eturnal 1.9.1

Added

• Allow for adding the special keywords default or recommended to the
  blacklist. The former expands to the addresses blocked by default, the
  latter includes the former and additionally expands to a number of networks
  recommended
  to be blocked.
• Fall back to reading the relay port range boundaries from environment
  variables when relay_min_port and/or relay_max_port aren't specified.
• Docker: Adjust image ENTRYPOINT to provide a way to autodetect (in most
  cases) the Docker host's IPv4 address during container startup within isolated
  network environments, without explicitly defining the IPv4 address (with an
  ENV variable or a configuration file).

Changed

• If an EPMD process is spawned during
  eturnal startup, let it listen on localhost only (#9). (Note that our Linux
  packages and container images are
  configured to not start
  an EPMD process.)
• Omit the code location from log messages, except when debug logging is
  enabled.
• Apply other minor logging improvements.
• Docker: Reduce image size. IMPORTANT: A custom eturnal.yml configuration
  file should be mounted to the default path /etc/eturnal.yml or to a custom
  path defined with ETURNAL_ETC_PREFIX, as mounting it to
  /opt/eturnal/etc/eturnal.yml will prevent the container to start up
  successfully.
• Binary release: Update Erlang/OTP from 25.0.2 to 25.0.3.
• Windows: Update to LibYAML 0.2.5.
• Windows: Update to OpenSSL 3.0.5.

eturnal 1.9.0

Added

• Publish Docker images and provide configuration examples for Docker/Kubernetes
  (many thanks to Saarko) (#20).
• Fall back to reading the relay IP addresses from environment variables when
  relay_ipv4_address and/or relay_ipv6_address aren't specified (#24).

Changed

• Binary release: Update Erlang/OTP from 24.3.4 to 25.0.2.
• Binary release: Update Rebar3 from 3.18.0 to 3.19.0.
• Binary release: Update OpenSSL from 1.1.1m to 1.1.1q.
• Binary release: Update minimum glibc version from 2.17 to 2.19.
• Binary release: Reduce code size by omitting an unused transitive dependency.

Fixed

• Avoid crashes in the case where no secret is configured in the eturnal.yml
  file (#21).
• Don't log misleading complaints about proxy_protocol option.
• Gracefully handle errors while receiving UDP data (#23).
• Restart listeners on failure.
• Reduce log level for network issues that may occur during normal operation.
• Windows: Support custom installation path (#22).

eturnal 1.8.3

Changed

• Specifying an ip address for listen entries is no longer mandatory. The
  default value is now "::".
• Make sure eturnal's log_dir is used for the additional log files created by
  eturnalctl daemon.
• Keep TURN session IDs unique across eturnal restarts.
• Binary release: Update Erlang/OTP from 24.2.2 to 24.3.4.
• Binary release: Update OpenSSL from 1.1.1m to 1.1.1o.
• Binary release: Update zlib from 1.2.11 to 1.2.12.
• Binary release: Use new (GCC-11.2-based) version of build toolchain.
• Binary release: Provide self-extracting installer for non-DEB/RPM systems.

Fixed

• Windows: Don't fail to start up after reboot.