blenders commited on
Commit
913eba3
·
1 Parent(s): 988ae20
Files changed (4) hide show
  1. Dockerfile +60 -0
  2. init.sh +89 -0
  3. private.pem +0 -0
  4. turnserver.conf +34 -0
Dockerfile ADDED
@@ -0,0 +1,60 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Dockerfile — coturn + playit (Option 1, noninteractive install)
2
+ FROM coturn/coturn:edge-debian
3
+
4
+ # Build args (change if upstream playit repo changes)
5
+
6
+ # Set timezone and noninteractive frontend to avoid debconf prompts
7
+ ENV DEBIAN_FRONTEND=noninteractive \
8
+ TZ=Etc/UTC \
9
+ LANG=C.UTF-8
10
+
11
+ USER root
12
+
13
+ # Install required packages, add playit apt repo, install playit package
14
+ RUN set -eux; \
15
+ apt-get update; \
16
+ apt-get install -y --no-install-recommends \
17
+ apt-transport-https \
18
+ ca-certificates \
19
+ curl \
20
+ gnupg \
21
+ dirmngr \
22
+ tzdata \
23
+ gettext-base \
24
+ ; \
25
+ # ensure tzdata doesn't prompt (already set TZ env); configure timezone non-interactively
26
+ ln -fs /usr/share/zoneinfo/$TZ /etc/localtime; \
27
+ dpkg-reconfigure --frontend noninteractive tzdata || true; \
28
+ # prepare apt trusted key location
29
+ apt-get update; \
30
+ # Install playit, telling dpkg to accept default config answers if asked
31
+ apt-get install -y --no-install-recommends -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" playit; \
32
+ # cleanup apt caches
33
+ apt-get clean; \
34
+ rm -rf /var/lib/apt/lists/* /tmp/*
35
+
36
+ RUN useradd -m -u 1000 appuser || true; \
37
+ mkdir -p /etc/coturn /var/lib/coturn /home/appuser/app; \
38
+ chown -R appuser:appuser /home/appuser /var/lib/coturn
39
+
40
+ WORKDIR /home/appuser/app
41
+
42
+ # Copy optional local coturn config; prefer mounting at runtime for secrets
43
+ COPY turnserver.conf /etc/coturn/turnserver.conf
44
+ COPY private.pem /home/appuser/app/private.pem
45
+ RUN chmod +x /home/appuser/app/private.pem
46
+ #RUN ssh -i /home/appuser/app/private.pem blendersb.turn@blendersb-45318.portmap.host -N -R 45318:localhost:7860
47
+
48
+ # Copy entrypoint (make sure you have entrypoint.sh in build context)
49
+ COPY init.sh /usr/local/bin/entrypoint.sh
50
+ RUN chmod +x /usr/local/bin/entrypoint.sh
51
+
52
+ # Expose typical ports
53
+ # EXPOSE 3478/tcp 3478/udp 5349/tcp 5349/udp 7860/tcp
54
+
55
+ EXPOSE 7860 5349 50000-50010/udp
56
+
57
+ USER root
58
+ ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
59
+ #CMD ["echo", "All Started"]
60
+ # CMD ["turnserver", "-c", "/etc/coturn/turnserver.conf", "--listening-port=7860","--tls-listening-port=5349","--user=myuser:mypassword","--log-file=stdout","--simple-log", "--no-cli", "--log-file=stdout"]
init.sh ADDED
@@ -0,0 +1,89 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+
4
+ KEY_PATH="/home/appuser/app/private.pem"
5
+ SSH_USER="blendersb.turn"
6
+ SSH_HOST="blendersb-45318.portmap.host"
7
+ SSH_REMOTE_PORT=45318
8
+ LOCAL_TARGET_PORT=7860
9
+ SSH_LOG="/home/appuser/ssh-tunnel.log"
10
+
11
+ # Ensure the app dir exists
12
+ mkdir -p "$(dirname "$KEY_PATH")"
13
+
14
+ write_key_from_env() {
15
+ if [ -n "${PORTMAP_SECRET}" ]; then
16
+ # Convert literal \n into real newlines
17
+ printf '%b' "$PORTMAP_SECRET" > "$KEY_PATH"
18
+ chmod 600 "$KEY_PATH" || true
19
+ # chown may fail if not root; ignore errors
20
+ chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
21
+ echo "Wrote private key to $KEY_PATH (from env var)."
22
+ return 0
23
+ fi
24
+
25
+ return 1
26
+ }
27
+
28
+ # If the key already exists (e.g., mounted), keep it
29
+ if [ -f "$KEY_PATH" ]; then
30
+ echo "Found existing key at $KEY_PATH"
31
+ chmod 600 "$KEY_PATH" || true
32
+ chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
33
+ KEY_AVAILABLE=1
34
+ else
35
+ if write_key_from_env; then
36
+ KEY_AVAILABLE=1
37
+ else
38
+ KEY_AVAILABLE=0
39
+ fi
40
+ fi
41
+
42
+ SSH_PID=""
43
+
44
+ start_ssh_tunnel() {
45
+ if [ "$KEY_AVAILABLE" -eq 1 ]; then
46
+ echo "Starting SSH reverse tunnel to ${SSH_HOST}:${SSH_REMOTE_PORT} -> localhost:${LOCAL_TARGET_PORT}"
47
+ # Put ssh in background; redirect logs
48
+ nohup ssh -i "$KEY_PATH" \
49
+ -o StrictHostKeyChecking=no \
50
+ -o UserKnownHostsFile=/dev/null \
51
+ -o ServerAliveInterval=30 \
52
+ -o ServerAliveCountMax=3 \
53
+ -N -R "${SSH_REMOTE_PORT}:localhost:${LOCAL_TARGET_PORT}" \
54
+ "${SSH_USER}@${SSH_HOST}" >"$SSH_LOG" 2>&1 &
55
+ SSH_PID=$!
56
+ echo "SSH tunnel started (pid=${SSH_PID}); logging to $SSH_LOG"
57
+ else
58
+ echo "No key available; skipping SSH tunnel."
59
+ fi
60
+ }
61
+
62
+ stop_ssh_tunnel() {
63
+ if [ -n "${SSH_PID:-}" ] && kill -0 "$SSH_PID" >/dev/null 2>&1; then
64
+ echo "Stopping SSH tunnel (pid=${SSH_PID})..."
65
+ kill "$SSH_PID" || true
66
+ # give it a moment
67
+ sleep 1
68
+ if kill -0 "$SSH_PID" >/dev/null 2>&1; then
69
+ echo "Killing SSH tunnel (pid=${SSH_PID})..."
70
+ kill -9 "$SSH_PID" || true
71
+ fi
72
+ fi
73
+ }
74
+
75
+ # Trap signals to clean up background processes
76
+ trap 'echo "Received SIGTERM/SIGINT, shutting down..."; stop_ssh_tunnel; exit 0' TERM INT
77
+
78
+ # Start the tunnel if we have a key
79
+ start_ssh_tunnel
80
+
81
+ # Exec turnserver as PID 1 (foreground). If you prefer background + wait, change accordingly.
82
+ echo "Starting turnserver..."
83
+ exec turnserver -c /etc/coturn/turnserver.conf \
84
+ --listening-port=7860 \
85
+ --tls-listening-port=5349 \
86
+ --user=myuser:mypassword \
87
+ --log-file=stdout \
88
+ --simple-log \
89
+ --no-cli
private.pem ADDED
File without changes
turnserver.conf ADDED
@@ -0,0 +1,34 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # turnserver.conf - minimal example
2
+
3
+ # Listening port (container uses 3478 by default)
4
+ listening-port=7860
5
+ tls-listening-port=5349
6
+
7
+ # Enable long-term credential mechanism
8
+ lt-cred-mech
9
+
10
+ # Static user for testing (username:password)
11
+ user=myuser:mypassword
12
+
13
+ # Realm shown to clients
14
+ realm=examplerealm
15
+
16
+ # Use fingerprint attribute
17
+ fingerprint
18
+
19
+ # Allow both UDP and TCP (do NOT include 'no-udp' if you want UDP enabled)
20
+ # If you want to explicitly disable UDP, add the line: no-udp
21
+
22
+ # Relay port range (optional — recommended in production)
23
+ min-port=50000
24
+ max-port=50010
25
+
26
+ # Log to stdout
27
+ log-file=stdout
28
+ simple-log
29
+
30
+ # Example production settings (commented)
31
+ # use-auth-secret
32
+ # static-auth-secret=your_very_long_secret_here
33
+ # cert=/etc/coturn/certs/fullchain.pem
34
+ # pkey=/etc/coturn/certs/privkey.pem