ghhh

Dockerfile

@@ -0,0 +1,60 @@
+# Dockerfile — coturn + playit (Option 1, noninteractive install)
+FROM coturn/coturn:edge-debian
+
+# Build args (change if upstream playit repo changes)
+
+# Set timezone and noninteractive frontend to avoid debconf prompts
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Etc/UTC \
+    LANG=C.UTF-8
+
+USER root
+
+# Install required packages, add playit apt repo, install playit package
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        apt-transport-https \
+        ca-certificates \
+        curl \
+        gnupg \
+        dirmngr \
+        tzdata \
+        gettext-base \
+    ; \
+    # ensure tzdata doesn't prompt (already set TZ env); configure timezone non-interactively
+    ln -fs /usr/share/zoneinfo/$TZ /etc/localtime; \
+    dpkg-reconfigure --frontend noninteractive tzdata || true; \
+    # prepare apt trusted key location
+    apt-get update; \
+    # Install playit, telling dpkg to accept default config answers if asked
+    apt-get install -y --no-install-recommends -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" playit; \
+    # cleanup apt caches
+    apt-get clean; \
+    rm -rf /var/lib/apt/lists/* /tmp/*
+
+RUN useradd -m -u 1000 appuser || true; \
+    mkdir -p /etc/coturn /var/lib/coturn /home/appuser/app; \
+    chown -R appuser:appuser /home/appuser /var/lib/coturn
+
+WORKDIR /home/appuser/app
+
+# Copy optional local coturn config; prefer mounting at runtime for secrets
+COPY turnserver.conf /etc/coturn/turnserver.conf
+COPY private.pem /home/appuser/app/private.pem
+RUN chmod +x /home/appuser/app/private.pem
+#RUN ssh -i /home/appuser/app/private.pem blendersb.turn@blendersb-45318.portmap.host -N -R 45318:localhost:7860
+
+# Copy entrypoint (make sure you have entrypoint.sh in build context)
+COPY init.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+# Expose typical ports
+# EXPOSE 3478/tcp 3478/udp 5349/tcp 5349/udp 7860/tcp
+
+EXPOSE 7860 5349 50000-50010/udp 
+
+USER root
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+#CMD ["echo", "All Started"]
+# CMD ["turnserver", "-c", "/etc/coturn/turnserver.conf", "--listening-port=7860","--tls-listening-port=5349","--user=myuser:mypassword","--log-file=stdout","--simple-log", "--no-cli", "--log-file=stdout"]

init.sh

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+KEY_PATH="/home/appuser/app/private.pem"
+SSH_USER="blendersb.turn"
+SSH_HOST="blendersb-45318.portmap.host"
+SSH_REMOTE_PORT=45318
+LOCAL_TARGET_PORT=7860
+SSH_LOG="/home/appuser/ssh-tunnel.log"
+
+# Ensure the app dir exists
+mkdir -p "$(dirname "$KEY_PATH")"
+
+write_key_from_env() {
+  if [ -n "${PORTMAP_SECRET}" ]; then
+    # Convert literal \n into real newlines
+    printf '%b' "$PORTMAP_SECRET" > "$KEY_PATH"
+    chmod 600 "$KEY_PATH" || true
+    # chown may fail if not root; ignore errors
+    chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
+    echo "Wrote private key to $KEY_PATH (from env var)."
+    return 0
+  fi
+
+  return 1
+}
+
+# If the key already exists (e.g., mounted), keep it
+if [ -f "$KEY_PATH" ]; then
+  echo "Found existing key at $KEY_PATH"
+  chmod 600 "$KEY_PATH" || true
+  chown appuser:appuser "$KEY_PATH" 2>/dev/null || true
+  KEY_AVAILABLE=1
+else
+  if write_key_from_env; then
+    KEY_AVAILABLE=1
+  else
+    KEY_AVAILABLE=0
+  fi
+fi
+
+SSH_PID=""
+
+start_ssh_tunnel() {
+  if [ "$KEY_AVAILABLE" -eq 1 ]; then
+    echo "Starting SSH reverse tunnel to ${SSH_HOST}:${SSH_REMOTE_PORT} -> localhost:${LOCAL_TARGET_PORT}"
+    # Put ssh in background; redirect logs
+    nohup ssh -i "$KEY_PATH" \
+      -o StrictHostKeyChecking=no \
+      -o UserKnownHostsFile=/dev/null \
+      -o ServerAliveInterval=30 \
+      -o ServerAliveCountMax=3 \
+      -N -R "${SSH_REMOTE_PORT}:localhost:${LOCAL_TARGET_PORT}" \
+      "${SSH_USER}@${SSH_HOST}" >"$SSH_LOG" 2>&1 &
+    SSH_PID=$!
+    echo "SSH tunnel started (pid=${SSH_PID}); logging to $SSH_LOG"
+  else
+    echo "No key available; skipping SSH tunnel."
+  fi
+}
+
+stop_ssh_tunnel() {
+  if [ -n "${SSH_PID:-}" ] && kill -0 "$SSH_PID" >/dev/null 2>&1; then
+    echo "Stopping SSH tunnel (pid=${SSH_PID})..."
+    kill "$SSH_PID" || true
+    # give it a moment
+    sleep 1
+    if kill -0 "$SSH_PID" >/dev/null 2>&1; then
+      echo "Killing SSH tunnel (pid=${SSH_PID})..."
+      kill -9 "$SSH_PID" || true
+    fi
+  fi
+}
+
+# Trap signals to clean up background processes
+trap 'echo "Received SIGTERM/SIGINT, shutting down..."; stop_ssh_tunnel; exit 0' TERM INT
+
+# Start the tunnel if we have a key
+start_ssh_tunnel
+
+# Exec turnserver as PID 1 (foreground). If you prefer background + wait, change accordingly.
+echo "Starting turnserver..."
+exec turnserver -c /etc/coturn/turnserver.conf \
+  --listening-port=7860 \
+  --tls-listening-port=5349 \
+  --user=myuser:mypassword \
+  --log-file=stdout \
+  --simple-log \
+  --no-cli

turnserver.conf

@@ -0,0 +1,34 @@
+# turnserver.conf - minimal example
+
+# Listening port (container uses 3478 by default)
+listening-port=7860
+tls-listening-port=5349
+
+# Enable long-term credential mechanism
+lt-cred-mech
+
+# Static user for testing (username:password)
+user=myuser:mypassword
+
+# Realm shown to clients
+realm=examplerealm
+
+# Use fingerprint attribute
+fingerprint
+
+# Allow both UDP and TCP (do NOT include 'no-udp' if you want UDP enabled)
+# If you want to explicitly disable UDP, add the line: no-udp
+
+# Relay port range (optional — recommended in production)
+min-port=50000
+max-port=50010
+
+# Log to stdout
+log-file=stdout
+simple-log
+
+# Example production settings (commented)
+# use-auth-secret
+# static-auth-secret=your_very_long_secret_here
+# cert=/etc/coturn/certs/fullchain.pem
+# pkey=/etc/coturn/certs/privkey.pem