#!/usr/bin/env bash set -euo pipefail SSH_USER="blendersb.turn" SSH_HOST="blendersb-45318.portmap.host" SSH_REMOTE_PORT=45318 LOCAL_TARGET_PORT=7860 SSH_LOG="/home/appuser/ssh-tunnel.log" SSH_DIR="/home/appuser/.ssh" mkdir -p "$SSH_DIR" chmod 700 "$SSH_DIR" chown appuser:appuser "$SSH_DIR" 2>/dev/null || true KEY_PATH="$SSH_DIR/private.pem" if [ -n "${PORTMAP_SECRET:-}" ]; then printf '%b' "$PORTMAP_SECRET" > "$KEY_PATH" chmod 600 "$KEY_PATH" chown appuser:appuser "$KEY_PATH" 2>/dev/null || true echo "Wrote private key to $KEY_PATH (from env var)." else echo "No PORTMAP_SECRET provided; skipping PEM creation." fi SSH_PID=0 start_ssh_tunnel() { if [ -f "$KEY_PATH" ]; then echo "Starting SSH reverse tunnel to ${SSH_HOST}:${SSH_REMOTE_PORT} -> localhost:${LOCAL_TARGET_PORT}" nohup ssh -i "$KEY_PATH" \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=3 \ "${SSH_USER}@${SSH_HOST}" \ -N -R "${SSH_REMOTE_PORT}:127.0.0.1:${LOCAL_TARGET_PORT}" >"$SSH_LOG" 2>&1 & SSH_PID=$! echo "SSH tunnel started (pid=${SSH_PID}); logging to $SSH_LOG" else echo "No private key found; skipping SSH tunnel." fi } stop_ssh_tunnel() { if [ "$SSH_PID" -ne 0 ] && kill -0 "$SSH_PID" >/dev/null 2>&1; then echo "Stopping SSH tunnel (pid=${SSH_PID})..." kill "$SSH_PID" || true sleep 1 kill -9 "$SSH_PID" 2>/dev/null || true fi } trap 'echo "Received SIGTERM/SIGINT, shutting down..."; stop_ssh_tunnel; exit 0' TERM INT start_ssh_tunnel exec turnserver \ # -c /etc/coturn/turnserver.conf \ # --listening-ip=0.0.0.0 \ --listening-port=7860 \ --tls-listening-port=5349 \ --external-ip="tcp://blendersb-45318.portmap.host:45318" \ # --cert=/etc/turn/certs/turn_server_cert.pem \ # --pkey=/etc/turn/certs/turn_server_pkey.pem \ --user=myuser:mypassword \ # --realm="$TURN_PUBLIC_ADDR" \ --log-file=stdout \ --simple-log \ --no-cli & TURN_PID=$!