ghhh

init.sh

@@ -1,87 +1,68 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-KEY_PATH="/home/appuser/app/private.pem"
+# Variables
 SSH_USER="blendersb.turn"
 SSH_HOST="blendersb-45318.portmap.host"
 SSH_REMOTE_PORT=45318
 LOCAL_TARGET_PORT=7860
 SSH_LOG="/home/appuser/ssh-tunnel.log"
 
-# Ensure the app dir exists
-mkdir -p "$(dirname "$KEY_PATH")"
+# Ensure ~/.ssh exists with correct permissions
+SSH_DIR="/home/appuser/.ssh"
+mkdir -p "$SSH_DIR"
+chmod 700 "$SSH_DIR"
+chown appuser:appuser "$SSH_DIR" 2>/dev/null || true
 
-write_key_from_env() {
-  if [ -n "${PORTMAP_SECRET}" ]; then
-    # Convert literal \n into real newlines
+KEY_PATH="$SSH_DIR/private.pem"
+
+# Write secret to key file if PORTMAP_SECRET env var exists
+if [ -n "${PORTMAP_SECRET:-}" ]; then
     printf '%b' "$PORTMAP_SECRET" > "$KEY_PATH"
-    echo "$PORTMAP_SECRET"
-    chmod 600 "$KEY_PATH" || true
-    # chown may fail if not root; ignore errors
+    chmod 600 "$KEY_PATH"
     chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
     echo "Wrote private key to $KEY_PATH (from env var)."
-    return 0
-  fi
-
-  return 1
-}
-
-# If the key already exists (e.g., mounted), keep it
-if [ -f "$KEY_PATH" ]; then
-  echo "Found existing key at $KEY_PATH"
-  chmod 600 "$KEY_PATH" || true
-  chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
-  cat "$KEY_PATH"
-  KEY_AVAILABLE=1
 else
-  if write_key_from_env; then
-    KEY_AVAILABLE=1
-  else
-    KEY_AVAILABLE=0
-  fi
+    echo "No PORTMAP_SECRET provided; skipping PEM creation."
 fi
 
 SSH_PID=""
 
 start_ssh_tunnel() {
-  if [ "$KEY_AVAILABLE" -eq 1 ]; then
-    echo "Starting SSH reverse tunnel to ${SSH_HOST}:${SSH_REMOTE_PORT} -> localhost:${LOCAL_TARGET_PORT}"
-    # Put ssh in background; redirect logs
-    nohup ssh -i "$KEY_PATH" \
-      "${SSH_USER}@${SSH_HOST}" \
-      -N -R "${SSH_REMOTE_PORT}:localhost:${LOCAL_TARGET_PORT}" >"$SSH_LOG" 2>&1 &
-    SSH_PID=$!
-    echo "SSH tunnel started (pid=${SSH_PID}); logging to $SSH_LOG"
-  else
-    echo "No key available; skipping SSH tunnel."
-  fi
+    if [ -f "$KEY_PATH" ]; then
+        echo "Starting SSH reverse tunnel to ${SSH_HOST}:${SSH_REMOTE_PORT} -> localhost:${LOCAL_TARGET_PORT}"
+        nohup ssh -i "$KEY_PATH" \
+          "${SSH_USER}@${SSH_HOST}" \
+            -N -R "${SSH_REMOTE_PORT}:localhost:${LOCAL_TARGET_PORT}" >"$SSH_LOG" 2>&1 &
+        SSH_PID=$!
+        echo "SSH tunnel started (pid=${SSH_PID}); logging to $SSH_LOG"
+    else
+        echo "No private key found; skipping SSH tunnel."
+    fi
 }
 
 stop_ssh_tunnel() {
-  if [ -n "${SSH_PID:-}" ] && kill -0 "$SSH_PID" >/dev/null 2>&1; then
-    echo "Stopping SSH tunnel (pid=${SSH_PID})..."
-    kill "$SSH_PID" || true
-    # give it a moment
-    sleep 1
-    if kill -0 "$SSH_PID" >/dev/null 2>&1; then
-      echo "Killing SSH tunnel (pid=${SSH_PID})..."
-      kill -9 "$SSH_PID" || true
+    if [ -n "${SSH_PID:-}" ] && kill -0 "$SSH_PID" >/dev/null 2>&1; then
+        echo "Stopping SSH tunnel (pid=${SSH_PID})..."
+        kill "$SSH_PID" || true
+        sleep 1
+        if kill -0 "$SSH_PID" >/dev/null 2>&1; then
+            kill -9 "$SSH_PID" || true
+        fi
     fi
-  fi
 }
 
-# Trap signals to clean up background processes
+# Trap termination signals
 trap 'echo "Received SIGTERM/SIGINT, shutting down..."; stop_ssh_tunnel; exit 0' TERM INT
 
-# Start the tunnel if we have a key
+# Start SSH tunnel
 start_ssh_tunnel
 
-# Exec turnserver as PID 1 (foreground). If you prefer background + wait, change accordingly.
-echo "Starting turnserver..."
+# Start coturn in foreground
 exec turnserver -c /etc/coturn/turnserver.conf \
-  --listening-port=7860 \
-  --tls-listening-port=5349 \
-  --user=myuser:mypassword \
-  --log-file=stdout \
-  --simple-log \
-  --no-cli
+    --listening-port=7860 \
+    --tls-listening-port=5349 \
+    --user=myuser:mypassword \
+    --log-file=stdout \
+    --simple-log \
+    --no-cli