ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity

Enable some recommended Coturn options in an effort to lower DDoS amplification factor 

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
This commit is contained in:
Slavi Pantaleev 2023-03-22 08:04:25 +02:00
parent c222391e77
commit 69b2df629b
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/custom/matrix-coturn/defaults/main.yml
View File

@ -112,11 +112,25 @@ matrix_coturn_user_quota: null
matrix_coturn_total_quota: null
# Controls whether `no-tcp-relay` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L419-L422
matrix_coturn_no_tcp_relay_enabled: true
# Controls whether `no-multicast-peers` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L629-L632
matrix_coturn_no_multicast_peers_enabled: true
# Controls whether `no-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L770-L781
matrix_coturn_no_rfc5780_enabled: true
# Controls whether `no-stun-backward-compatibility` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L783-L789
matrix_coturn_no_stun_backward_compatibility_enabled: true
# Controls whether `response-origin-only-with-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L791-L796
matrix_coturn_response_origin_only_with_rfc5780_enabled: true
# Additional configuration to be passed to turnserver.conf
# Example:
# matrix_coturn_additional_configuration: |

12
roles/custom/matrix-coturn/templates/turnserver.conf.j2
View File

@ -35,6 +35,18 @@ prod
no-tcp-relay
{% endif %}
{% if matrix_coturn_no_rfc5780_enabled %}
no-rfc5780
{% endif %}
{% if matrix_coturn_no_stun_backward_compatibility_enabled %}
no-stun-backward-compatibility
{% endif %}
{% if matrix_coturn_response_origin_only_with_rfc5780_enabled %}
response-origin-only-with-rfc5780
{% endif %}
{% if matrix_coturn_user_quota != None %}
user-quota={{ matrix_coturn_user_quota }}
{% endif %}