Enable some recommended Coturn options in an effort to lower DDoS amplification factor

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2592
This commit is contained in:
Slavi Pantaleev 2023-03-22 08:04:25 +02:00
parent c222391e77
commit 69b2df629b
2 changed files with 26 additions and 0 deletions

View File

@ -112,11 +112,25 @@ matrix_coturn_user_quota: null
matrix_coturn_total_quota: null matrix_coturn_total_quota: null
# Controls whether `no-tcp-relay` is added to the configuration # Controls whether `no-tcp-relay` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L419-L422
matrix_coturn_no_tcp_relay_enabled: true matrix_coturn_no_tcp_relay_enabled: true
# Controls whether `no-multicast-peers` is added to the configuration # Controls whether `no-multicast-peers` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L629-L632
matrix_coturn_no_multicast_peers_enabled: true matrix_coturn_no_multicast_peers_enabled: true
# Controls whether `no-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L770-L781
matrix_coturn_no_rfc5780_enabled: true
# Controls whether `no-stun-backward-compatibility` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L783-L789
matrix_coturn_no_stun_backward_compatibility_enabled: true
# Controls whether `response-origin-only-with-rfc5780` is added to the configuration
# Learn more here: https://github.com/coturn/coturn/blob/242eb78227f66442ba1573c00ec4552faae23eed/examples/etc/turnserver.conf#L791-L796
matrix_coturn_response_origin_only_with_rfc5780_enabled: true
# Additional configuration to be passed to turnserver.conf # Additional configuration to be passed to turnserver.conf
# Example: # Example:
# matrix_coturn_additional_configuration: | # matrix_coturn_additional_configuration: |

View File

@ -35,6 +35,18 @@ prod
no-tcp-relay no-tcp-relay
{% endif %} {% endif %}
{% if matrix_coturn_no_rfc5780_enabled %}
no-rfc5780
{% endif %}
{% if matrix_coturn_no_stun_backward_compatibility_enabled %}
no-stun-backward-compatibility
{% endif %}
{% if matrix_coturn_response_origin_only_with_rfc5780_enabled %}
response-origin-only-with-rfc5780
{% endif %}
{% if matrix_coturn_user_quota != None %} {% if matrix_coturn_user_quota != None %}
user-quota={{ matrix_coturn_user_quota }} user-quota={{ matrix_coturn_user_quota }}
{% endif %} {% endif %}