Skip to content

Commit

Permalink
Add external-ip support for coturn
Browse files Browse the repository at this point in the history 
Use the provided IP address with NETBIRD_TURN_EXTERNAL_IP or discover
the address via https://jsonip.com API

For quick start guide with zitadel, we only use discover with the external API
  • Loading branch information
@mlsmaycon
mlsmaycon committed Jan 6, 2024
1 parent 8b4ec96 commit b4db92a
Show file tree
Hide file tree
Showing 7 changed files with 53 additions and 2 deletions.
8 changes: 7 additions & 1 deletion .github/workflows/test-infrastructure-files.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,10 @@ jobs:
CI_NETBIRD_SIGNAL_PORT: 12345
CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"

run: |
set -x
grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
Expand Down Expand Up @@ -120,6 +122,7 @@ jobs:
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP
- name: Install modules
run: go mod tidy
Expand Down Expand Up @@ -175,7 +178,10 @@ jobs:
- name: test management.json file gen
run: test -f management.json
- name: test turnserver.conf file gen
run: test -f turnserver.conf
run: |
set -x
test -f turnserver.conf
grep external-ip turnserver.conf
- name: test zitadel.env file gen
run: test -f zitadel.env
- name: test dashboard.env file gen
Expand Down
3 changes: 3 additions & 0 deletions infrastructure_files/base.setup.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ NETBIRD_SIGNAL_PORT=${NETBIRD_SIGNAL_PORT:-10000}
# Turn
TURN_DOMAIN=${NETBIRD_TURN_DOMAIN:-$NETBIRD_DOMAIN}

NETBIRD_TURN_EXTERNAL_IP=${NETBIRD_TURN_EXTERNAL_IP}

# Turn credentials
# User
TURN_USER=self
Expand Down Expand Up @@ -120,3 +122,4 @@ export NETBIRD_DASHBOARD_TAG
export NETBIRD_SIGNAL_TAG
export NETBIRD_MANAGEMENT_TAG
export COTURN_TAG
export NETBIRD_TURN_EXTERNAL_IP
23 changes: 23 additions & 0 deletions infrastructure_files/configure.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,29 @@ if [[ "x-$TURN_PASSWORD" == "x-" ]]; then
export TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
fi

TURN_EXTERNAL_IP_CONFIG="#"

if [[ "x-$NETBIRD_TURN_EXTERNAL_IP" == "x-" ]]; then
echo "discovering server's public IP"
IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
if [[ "x-$IP" != "x-" ]]; then
TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
else
echo "unable to discover server's public IP"
fi
else
echo ${NETBIRD_TURN_EXTERNAL_IP}| egrep '([0-9]{1,3}\.){3}[0-9]{1,3}$' > /dev/null

Check warning on line 68 in infrastructure_files/configure.sh

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

infrastructure_files/configure.sh#L68 

Double quote to prevent globbing and word splitting.
if [[ $? -eq 0 ]]; then
echo "using provided server's public IP"
TURN_EXTERNAL_IP_CONFIG="external-ip=$NETBIRD_TURN_EXTERNAL_IP"
else
echo "provided NETBIRD_TURN_EXTERNAL_IP $NETBIRD_TURN_EXTERNAL_IP is invalid, please correct it and try again"
exit 1
fi
fi

export TURN_EXTERNAL_IP_CONFIG

artifacts_path="./artifacts"
mkdir -p $artifacts_path

Expand Down
11 changes: 11 additions & 0 deletions infrastructure_files/getting-started-with-zitadel.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,15 @@ read_nb_domain() {
echo "$READ_NETBIRD_DOMAIN"
}

get_turn_external_ip() {
TURN_EXTERNAL_IP_CONFIG="#external-ip="
IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
if [[ "x-$IP" != "x-" ]]; then
TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
fi
echo $TURN_EXTERNAL_IP_CONFIG

Check warning on line 411 in infrastructure_files/getting-started-with-zitadel.sh

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

infrastructure_files/getting-started-with-zitadel.sh#L411 

Double quote to prevent globbing and word splitting.
}

initEnvironment() {
CADDY_SECURE_DOMAIN=""
ZITADEL_EXTERNALSECURE="false"
Expand All @@ -413,6 +422,7 @@ initEnvironment() {
TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
TURN_MIN_PORT=49152
TURN_MAX_PORT=65535
TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip)

if ! check_nb_domain "$NETBIRD_DOMAIN"; then
NETBIRD_DOMAIN=$(read_nb_domain)
Expand Down Expand Up @@ -560,6 +570,7 @@ EOF
renderTurnServerConf() {
cat <<EOF
listening-port=3478
$TURN_EXTERNAL_IP_CONFIG
tls-listening-port=5349
min-port=$TURN_MIN_PORT
max-port=$TURN_MAX_PORT
Expand Down
6 changes: 6 additions & 0 deletions infrastructure_files/setup.env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ NETBIRD_DOMAIN=""
# if not specified it will assume NETBIRD_DOMAIN
NETBIRD_TURN_DOMAIN=""

# TURN server public IP address
# required for a connection involving peers in
# the same network as the server and external peers
# usually matches the IP for the domain set in NETBIRD_TURN_DOMAIN
NETBIRD_TURN_EXTERNAL_IP=""

# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
Expand Down
3 changes: 2 additions & 1 deletion infrastructure_files/tests/setup.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@ NETBIRD_IDP_MGMT_CLIENT_ID=$CI_NETBIRD_IDP_MGMT_CLIENT_ID
NETBIRD_IDP_MGMT_CLIENT_SECRET=$CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
NETBIRD_SIGNAL_PORT=12345
NETBIRD_STORE_CONFIG_ENGINE=$CI_NETBIRD_STORE_CONFIG_ENGINE
NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH
NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH
NETBIRD_TURN_EXTERNAL_IP=1.2.3.4
1 change: 1 addition & 0 deletions infrastructure_files/turnserver.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ tls-listening-port=5349
#external-ip=60.70.80.91/172.17.19.101
#external-ip=60.70.80.92/172.17.19.102

$TURN_EXTERNAL_IP_CONFIG

# Number of the relay threads to handle the established connections
# (in addition to authentication thread and the listener thread).
Expand Down

0 comments on commit b4db92a

Please sign in to comment.