2016-07-03 17:13:34 +02:00
|
|
|
#!/bin/bash
|
|
|
|
#
|
|
|
|
# .---. . .
|
|
|
|
# | | |
|
|
|
|
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
|
|
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
|
|
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
|
|
#
|
|
|
|
# Freedom in the Cloud
|
|
|
|
#
|
|
|
|
# SIP functions
|
|
|
|
#
|
|
|
|
# License
|
|
|
|
# =======
|
|
|
|
#
|
|
|
|
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Affero General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2016-07-06 17:47:55 +02:00
|
|
|
VARIANTS='full chat'
|
|
|
|
|
2016-07-03 17:13:34 +02:00
|
|
|
SIP_SERVER_PASSWORD=
|
|
|
|
SIP_PORT=5060
|
|
|
|
SIP_TLS_PORT=5061
|
2016-10-05 23:33:41 +02:00
|
|
|
|
2016-10-01 21:39:57 +02:00
|
|
|
TURN_PORT=3478
|
|
|
|
TURN_TLS_PORT=5349
|
|
|
|
TURN_NONCE=
|
2016-07-03 17:13:34 +02:00
|
|
|
|
2016-10-05 23:33:41 +02:00
|
|
|
sip_variables=(ONION_ONLY
|
|
|
|
MY_USERNAME
|
|
|
|
SIP_PORT
|
|
|
|
SIP_TLS_PORT
|
|
|
|
SIP_SERVER_PASSWORD
|
|
|
|
TURN_PORT
|
|
|
|
TURN_TLS_PORT
|
|
|
|
TURN_NONCE)
|
|
|
|
|
2016-10-02 12:17:01 +02:00
|
|
|
function remove_user_sip {
|
|
|
|
remove_username="$1"
|
|
|
|
${PROJECT_NAME}-rmsipuser ${remove_username}
|
|
|
|
|
|
|
|
# remove user from SIP TURN/STUN
|
|
|
|
if [ -f /etc/turnserver/turnusers.txt ]; then
|
|
|
|
sed -i "/${remove_username}:/d" /etc/turnserver/turnusers.txt
|
2016-10-02 00:39:56 +02:00
|
|
|
fi
|
2016-10-02 12:17:01 +02:00
|
|
|
}
|
2016-10-02 00:39:56 +02:00
|
|
|
|
2016-10-02 12:17:01 +02:00
|
|
|
function add_user_sip {
|
2016-10-02 00:39:56 +02:00
|
|
|
new_username="$1"
|
|
|
|
new_user_password="$2"
|
|
|
|
|
|
|
|
SIP_EXTENSION=$(${PROJECT_NAME}-sipfreeext)
|
|
|
|
${PROJECT_NAME}-addsipuser -u $new_username -e $SIP_EXTENSION -p "$new_user_password"
|
|
|
|
if [ ! "$?" = "0" ]; then
|
2016-10-02 12:17:01 +02:00
|
|
|
echo '1'
|
2016-10-02 00:39:56 +02:00
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
# add user to the sipwitch group
|
|
|
|
if [ -f /etc/sipwitch.conf ]; then
|
|
|
|
usermod -aG sipwitch $new_username
|
|
|
|
fi
|
|
|
|
|
|
|
|
# add user for SIP STUN/TURN
|
|
|
|
if [ -d /etc/turnserver ]; then
|
|
|
|
if grep -q "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE; then
|
|
|
|
DEFAULT_DOMAIN_NAME=$(grep "DEFAULT_DOMAIN_NAME" $CONFIGURATION_FILE | head -n 1 | awk -F '=' '{print $2}')
|
|
|
|
echo "${new_username}:${new_user_password}:${DEFAULT_DOMAIN_NAME}:authorized" >> /etc/turnserver/turnusers.txt
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo '0'
|
|
|
|
}
|
|
|
|
|
2016-09-30 12:34:39 +02:00
|
|
|
function install_interactive_sip {
|
|
|
|
echo -n ''
|
2016-10-10 20:11:33 +02:00
|
|
|
APP_INSTALLED=1
|
2016-09-30 12:34:39 +02:00
|
|
|
}
|
|
|
|
|
2016-09-25 12:20:41 +02:00
|
|
|
function change_password_sip {
|
|
|
|
echo -n ''
|
|
|
|
}
|
|
|
|
|
2016-07-09 12:36:12 +02:00
|
|
|
function reconfigure_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
echo -n ''
|
2016-07-09 12:36:12 +02:00
|
|
|
}
|
|
|
|
|
2016-07-06 16:01:28 +02:00
|
|
|
function upgrade_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
# remove the original sipwitch daemon if it exists
|
|
|
|
if [ -f /etc/init.d/sipwitch ]; then
|
|
|
|
rm -f /etc/init.d/sipwitch
|
|
|
|
fi
|
2016-07-06 16:01:28 +02:00
|
|
|
}
|
|
|
|
|
2016-07-06 15:55:09 +02:00
|
|
|
function backup_local_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ -f /etc/sipwitch.conf ]; then
|
|
|
|
echo $"Backing up SIP settings"
|
|
|
|
temp_backup_dir=/root/tempsipbackup
|
|
|
|
if [ ! -d $temp_backup_dir ]; then
|
|
|
|
mkdir -p $temp_backup_dir
|
|
|
|
fi
|
|
|
|
cp -f /etc/sipwitch.conf $temp_backup_dir
|
|
|
|
backup_directory_to_usb $temp_backup_dir sip
|
|
|
|
echo $"SIP settings backup complete"
|
|
|
|
fi
|
2016-07-06 15:55:09 +02:00
|
|
|
}
|
|
|
|
|
2016-07-08 17:06:34 +02:00
|
|
|
function restore_local_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ -d $USB_MOUNT/backup/sip ]; then
|
|
|
|
echo $"Restoring SIP settings"
|
|
|
|
temp_restore_dir=/root/tempsip
|
|
|
|
function_check restore_directory_from_usb
|
|
|
|
restore_directory_from_usb $temp_restore_dir sip
|
|
|
|
cp -f $temp_restore_dir/home/$ADMIN_USERNAME/tempbackup/sipwitch.conf /etc/sipwitch.conf
|
|
|
|
if [ ! "$?" = "0" ]; then
|
|
|
|
rm -rf $temp_restore_dir
|
|
|
|
function_check set_user_permissions
|
|
|
|
set_user_permissions
|
|
|
|
backup_unmount_drive
|
|
|
|
exit 3679
|
|
|
|
fi
|
|
|
|
rm -rf $temp_restore_dir
|
|
|
|
service sipwitch restart
|
|
|
|
echo $"Restore of SIP settings complete"
|
|
|
|
fi
|
2016-07-08 17:06:34 +02:00
|
|
|
}
|
|
|
|
|
2016-07-06 15:55:09 +02:00
|
|
|
function backup_remote_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ -f /etc/sipwitch.conf ]; then
|
|
|
|
echo $"Backing up SIP settings"
|
|
|
|
temp_backup_dir=/root/tempsipbackup
|
|
|
|
if [ ! -d $temp_backup_dir ]; then
|
|
|
|
mkdir -p $temp_backup_dir
|
|
|
|
fi
|
|
|
|
cp -f /etc/sipwitch.conf $temp_backup_dir
|
|
|
|
backup_directory_to_friend $temp_backup_dir sip
|
|
|
|
echo $"Backup SIP settings complete"
|
|
|
|
fi
|
2016-07-04 22:02:22 +02:00
|
|
|
}
|
|
|
|
|
2016-07-08 17:06:34 +02:00
|
|
|
function restore_remote_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
echo -n ''
|
2016-07-08 17:06:34 +02:00
|
|
|
}
|
|
|
|
|
2016-07-04 14:11:14 +02:00
|
|
|
function remove_sip {
|
2016-10-01 21:39:57 +02:00
|
|
|
iptables -D INPUT -p udp --dport $TURN_PORT -j ACCEPT
|
|
|
|
iptables -D INPUT -p tcp --dport $TURN_PORT -j ACCEPT
|
|
|
|
iptables -D INPUT -p tcp --dport $TURN_TLS_PORT -j ACCEPT
|
2016-10-05 23:33:41 +02:00
|
|
|
|
2016-09-25 12:20:41 +02:00
|
|
|
iptables -D INPUT -p udp --dport $SIP_PORT -j ACCEPT
|
|
|
|
iptables -D INPUT -p tcp --dport $SIP_PORT -j ACCEPT
|
|
|
|
iptables -D INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
|
|
|
|
iptables -D INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
|
|
|
|
function_check save_firewall_settings
|
|
|
|
save_firewall_settings
|
|
|
|
|
|
|
|
function_check remove_onion_service
|
|
|
|
remove_onion_service sip ${SIP_PORT}
|
|
|
|
|
|
|
|
apt-get -y remove --purge sipwitch
|
|
|
|
apt-get -y remove --purge turnserver
|
|
|
|
if [ -f /etc/sipwitch.conf ]; then
|
|
|
|
rm /etc/sipwitch.conf
|
|
|
|
fi
|
|
|
|
if [ -d /etc/turnserver ]; then
|
|
|
|
rm -rf /etc/turnserver
|
|
|
|
fi
|
|
|
|
sed -i '/install_sip/d' $COMPLETION_FILE
|
2016-10-01 21:39:57 +02:00
|
|
|
sed -i '/configure_firewall_for_turn/d' $COMPLETION_FILE
|
2016-09-25 12:20:41 +02:00
|
|
|
sed -i '/configure_firewall_for_sip4/d' $COMPLETION_FILE
|
2016-07-04 14:11:14 +02:00
|
|
|
}
|
|
|
|
|
2016-10-01 21:39:57 +02:00
|
|
|
function configure_firewall_for_turn {
|
|
|
|
if grep -Fxq "configure_firewall_for_turn" $COMPLETION_FILE; then
|
2016-09-25 12:20:41 +02:00
|
|
|
return
|
|
|
|
fi
|
|
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
|
|
return
|
|
|
|
fi
|
2016-10-01 21:39:57 +02:00
|
|
|
iptables -A INPUT -p udp --dport $TURN_PORT -j ACCEPT
|
|
|
|
iptables -A INPUT -p tcp --dport $TURN_PORT -j ACCEPT
|
|
|
|
iptables -A INPUT -p tcp --dport $TURN_TLS_PORT -j ACCEPT
|
2016-09-25 12:20:41 +02:00
|
|
|
function_check save_firewall_settings
|
|
|
|
save_firewall_settings
|
|
|
|
|
2016-10-01 21:39:57 +02:00
|
|
|
OPEN_PORTS+=("TURN $TURN_PORT")
|
|
|
|
OPEN_PORTS+=("TURN TLS $TURN_TLS_PORT")
|
|
|
|
echo 'configure_firewall_for_turn' >> $COMPLETION_FILE
|
2016-07-03 19:52:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function configure_firewall_for_sip4 {
|
2016-09-25 12:20:41 +02:00
|
|
|
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
if [[ $ONION_ONLY != "no" ]]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
|
|
|
|
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
|
|
|
|
iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
|
|
|
|
iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
|
|
|
|
function_check save_firewall_settings
|
|
|
|
save_firewall_settings
|
|
|
|
|
|
|
|
OPEN_PORTS+=("SIP $SIP_PORT")
|
|
|
|
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
|
|
|
|
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
|
2016-07-03 19:52:57 +02:00
|
|
|
}
|
|
|
|
|
2016-07-03 17:13:34 +02:00
|
|
|
function get_sip_server_password {
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ -f /home/$MY_USERNAME/README ]; then
|
2016-10-01 23:45:49 +02:00
|
|
|
if grep -q "sip server password" /home/$MY_USERNAME/README; then
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ ! $SIP_SERVER_PASSWORD ]; then
|
2016-10-01 23:45:49 +02:00
|
|
|
SIP_SERVER_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "sip server password" | awk -F ':' '{print $2}' | sed 's/^ *//')
|
2016-09-25 12:20:41 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
2016-07-03 17:13:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function update_sipwitch_daemon {
|
2016-09-25 12:20:41 +02:00
|
|
|
if [ ! -f /etc/init.d/sipwitch ]; then
|
|
|
|
return
|
|
|
|
fi
|
2016-10-05 23:33:41 +02:00
|
|
|
|
2016-09-25 12:20:41 +02:00
|
|
|
service sipwitch stop
|
|
|
|
|
|
|
|
# remove the original sipwitch daemon if it exists
|
|
|
|
if [ -f /etc/init.d/sipwitch ]; then
|
|
|
|
rm -f /etc/init.d/sipwitch
|
|
|
|
fi
|
|
|
|
|
|
|
|
# daemon
|
|
|
|
echo '[Unit]' > /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'Description=GNU SIP Witch, a SIP telephony service daemon.' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'After=network.target' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo '' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo '[Service]' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'Type=simple' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'Group=sipwitch' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'PIDFile=/var/run/sipwitch/pidfile' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'EnvironmentFile=-/etc/conf.d/sipwitch' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'EnvironmentFile=-/etc/sipwitch.conf' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'EnvironmentFile=-/etc/default/sipwitch' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'ExecStartPre=-/bin/rm -f /var/run/sipwitch/control' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo "ExecStart=/usr/sbin/sipw -f \$OPTIONS -P$SIP_PORT" >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'Restart=always' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'NotifyAccess=main' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo '' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo '[Install]' >> /etc/systemd/system/sipwitch.service
|
|
|
|
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sipwitch.service
|
|
|
|
|
|
|
|
systemctl enable sipwitch
|
|
|
|
systemctl daemon-reload
|
|
|
|
systemctl start sipwitch
|
2016-07-03 17:13:34 +02:00
|
|
|
}
|
|
|
|
|
2016-07-05 22:50:11 +02:00
|
|
|
function install_sip_main {
|
2016-10-01 20:52:39 +02:00
|
|
|
if [[ $(app_is_installed sip_main) == "1" ]]; then
|
2016-09-25 12:20:41 +02:00
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
apt-get -y install sipwitch
|
|
|
|
|
|
|
|
function_check get_sip_server_password
|
|
|
|
get_sip_server_password
|
|
|
|
if [ ! $SIP_SERVER_PASSWORD ]; then
|
|
|
|
if [ -f $IMAGE_PASSWORD_FILE ]; then
|
|
|
|
SIP_SERVER_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
|
|
|
|
else
|
|
|
|
SIP_SERVER_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo '<?xml version="1.0"?>' > /etc/sipwitch.conf
|
|
|
|
echo '<sipwitch>' >> /etc/sipwitch.conf
|
|
|
|
echo '<provision>' >> /etc/sipwitch.conf
|
|
|
|
|
|
|
|
echo "<user id=\"$MY_USERNAME\">" >> /etc/sipwitch.conf
|
|
|
|
echo '<extension>201</extension>' >> /etc/sipwitch.conf
|
|
|
|
echo "<secret>$SIP_SERVER_PASSWORD</secret>" >> /etc/sipwitch.conf
|
|
|
|
echo "<display>$MY_USERNAME 201</display>" >> /etc/sipwitch.conf
|
|
|
|
echo '</user>' >> /etc/sipwitch.conf
|
|
|
|
|
|
|
|
echo '</provision>' >> /etc/sipwitch.conf
|
|
|
|
echo '<access>' >> /etc/sipwitch.conf
|
|
|
|
echo '</access>' >> /etc/sipwitch.conf
|
|
|
|
echo '<stack>' >> /etc/sipwitch.conf
|
|
|
|
echo " <localnames>$DEFAULT_DOMAIN_NAME</localnames>" >> /etc/sipwitch.conf
|
|
|
|
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <threading>2</threading>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <interface>*</interface>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <dumping>false</dumping>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <system>system</system>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <anon>anonymous</anon>' >> /etc/sipwitch.conf
|
|
|
|
echo '</stack>' >> /etc/sipwitch.conf
|
|
|
|
echo '<timers>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <!-- ring every 4 seconds -->' >> /etc/sipwitch.conf
|
|
|
|
echo ' <ring>4</ring>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <!-- call forward no answer after x rings -->' >> /etc/sipwitch.conf
|
|
|
|
echo ' <cfna>4</cfna>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <!-- call reset to clear cid in stack, 6 seconds -->' >> /etc/sipwitch.conf
|
|
|
|
echo ' <reset>6</reset>' >> /etc/sipwitch.conf
|
|
|
|
echo '</timers>' >> /etc/sipwitch.conf
|
|
|
|
echo '<!-- we have 2xx numbers plus space for external users -->' >> /etc/sipwitch.conf
|
|
|
|
echo '<registry>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <prefix>200</prefix>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <range>100</range>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <keysize>77</keysize>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <mapped>200</mapped>' >> /etc/sipwitch.conf
|
|
|
|
echo ' <!-- <realm>GNU Telephony</realm> -->' >> /etc/sipwitch.conf
|
|
|
|
echo '</registry>' >> /etc/sipwitch.conf
|
|
|
|
echo '<routing>' >> /etc/sipwitch.conf
|
|
|
|
echo '</routing>' >> /etc/sipwitch.conf
|
|
|
|
echo '</sipwitch>' >> /etc/sipwitch.conf
|
|
|
|
|
|
|
|
sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
|
|
|
|
sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
|
|
|
|
groupadd sipwitch
|
|
|
|
usermod -aG sipwitch $MY_USERNAME
|
|
|
|
|
|
|
|
SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})
|
|
|
|
|
|
|
|
if ! grep -q $"SIP Server" /home/$MY_USERNAME/README; then
|
|
|
|
echo '' >> /home/$MY_USERNAME/README
|
|
|
|
echo '' >> /home/$MY_USERNAME/README
|
|
|
|
echo $'SIP Server' >> /home/$MY_USERNAME/README
|
|
|
|
echo '==========' >> /home/$MY_USERNAME/README
|
|
|
|
echo $"SIP onion_domain: $SIP_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
|
|
|
|
echo $"SIP server username: $MY_USERNAME" >> /home/$MY_USERNAME/README
|
|
|
|
echo $"SIP server extension: 201" >> /home/$MY_USERNAME/README
|
|
|
|
echo $"SIP server password: $SIP_SERVER_PASSWORD" >> /home/$MY_USERNAME/README
|
|
|
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
|
|
|
chmod 600 /home/$MY_USERNAME/README
|
|
|
|
fi
|
|
|
|
|
|
|
|
function_check configure_firewall_for_sip4
|
|
|
|
configure_firewall_for_sip4
|
2016-10-01 20:52:39 +02:00
|
|
|
install_completed sip_main
|
2016-07-03 17:13:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
function install_sip_turn {
|
2016-10-01 20:52:39 +02:00
|
|
|
if [[ $(app_is_installed sip_turn) == "1" ]]; then
|
2016-09-25 12:20:41 +02:00
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
apt-get -y install turnserver
|
|
|
|
|
|
|
|
# create a nonce if needed
|
2016-10-01 21:39:57 +02:00
|
|
|
if [ ! $TURN_NONCE ]; then
|
|
|
|
TURN_NONCE="$(create_password 30)"
|
2016-09-25 12:20:41 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
function_check create_site_certificate
|
|
|
|
create_site_certificate $DEFAULT_DOMAIN_NAME
|
|
|
|
|
|
|
|
echo '##' > /etc/turnserver/turnserver.conf
|
|
|
|
echo '# TurnServer configuration file.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '#' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Public IPv4 address of any relayed address (if not set, no relay for IPv4).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## To have multiple address, separate addresses with a comma' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "listen_address = { \"192.168.0.1\" }" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Public IPv6 address of any relayed address (if not set, no relay for IPv6).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## To have multiple address, separate address with a comma' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "#listen_addressv6 = { \"2001:db8::1\" }" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## UDP listening port.' >> /etc/turnserver/turnserver.conf
|
2016-10-01 21:39:57 +02:00
|
|
|
echo "udp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
|
2016-09-25 12:20:41 +02:00
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TCP listening port.' >> /etc/turnserver/turnserver.conf
|
2016-10-01 21:39:57 +02:00
|
|
|
echo "tcp_port = $TURN_PORT" >> /etc/turnserver/turnserver.conf
|
2016-09-25 12:20:41 +02:00
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TLS listening port.' >> /etc/turnserver/turnserver.conf
|
2016-10-01 21:39:57 +02:00
|
|
|
echo "tls_port = $TURN_TLS_PORT" >> /etc/turnserver/turnserver.conf
|
2016-09-25 12:20:41 +02:00
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TLS support.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'tls = true' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## DTLS support. It is an experimental feature and is not defined in TURN' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## standard.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'dtls = false' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Maximum allocation port number.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'max_port = 65535' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Minimum allocation port number.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'min_port = 49152' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TURN-TCP support.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'turn_tcp = true' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TURN-TCP buffering mode:' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## - true, use userspace buffering;' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## - false, use kernel buffering.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'tcp_buffer_userspace = true' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## TURN-TCP maximum buffer size.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'tcp_buffer_size = 32768' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Daemon mode.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'daemon = true' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Unprivileged user.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## If you want to use this feature create a system user.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## On Linux: adduser --system --group turnserver' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'unpriv_user = turnserver' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Realm value.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "realm = \"$DEFAULT_DOMAIN_NAME\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Nonce key.' >> /etc/turnserver/turnserver.conf
|
2016-10-01 21:39:57 +02:00
|
|
|
echo "nonce_key = \"$TURN_NONCE\"" >> /etc/turnserver/turnserver.conf
|
2016-09-25 12:20:41 +02:00
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Max relay per username.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'max_relay_per_username = 5' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Allocation lifetime.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'allocation_lifetime = 1800' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Allocation bandwidth limitation (in KBytes/s).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## 0 value means bandwidth quota disabled.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'bandwidth_per_allocation = 150' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Restricted user bandwidth (in KBytes/s).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## 0 value means bandwidth limitation disabled.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'restricted_bandwidth = 10' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Denied addresses.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '# disallow relaying to localhost' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' address = "127.0.0.1"' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' mask = "8"' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' port = 0' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '}' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '# disallow relaying to ip6-localhost' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'denied_address {' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' address = "::1"' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' mask = "128"' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo ' port = 0' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '}' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Certification Authority file.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "ca_file = \"/etc/ssl/certs/ca-certificates.crt\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Server certificate file.' >> /etc/turnserver/turnserver.conf
|
|
|
|
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem ]; then
|
|
|
|
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.pem\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
else
|
|
|
|
if [ -f /etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt ]; then
|
|
|
|
echo "cert_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.crt\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Private key file.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "private_key_file = \"/etc/ssl/certs/$DEFAULT_DOMAIN_NAME.key\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Account method.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "account_method = \"file\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## Account file (if account_method = file).' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo "account_file = \"/etc/turnserver/turnusers.txt\"" >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo '## mod_tmpuser.' >> /etc/turnserver/turnserver.conf
|
|
|
|
echo 'mod_tmpuser = false' >> /etc/turnserver/turnserver.conf
|
|
|
|
|
|
|
|
echo "${MY_USERNAME}:password:${DEFAULT_DOMAIN_NAME}:authorized" > /etc/turnserver/turnusers.txt
|
|
|
|
|
|
|
|
systemctl restart turnserver
|
|
|
|
|
2016-10-01 21:39:57 +02:00
|
|
|
function_check configure_firewall_for_turn
|
|
|
|
configure_firewall_for_turn
|
2016-10-01 20:52:39 +02:00
|
|
|
install_completed sip_turn
|
2016-07-03 17:13:34 +02:00
|
|
|
}
|
|
|
|
|
2016-07-05 22:50:11 +02:00
|
|
|
function install_sip {
|
2016-09-25 12:20:41 +02:00
|
|
|
install_sip_main
|
|
|
|
update_sipwitch_daemon
|
2016-10-10 20:11:33 +02:00
|
|
|
APP_INSTALLED=1
|
2016-07-12 12:30:14 +02:00
|
|
|
}
|
2016-07-05 22:50:11 +02:00
|
|
|
|
2016-07-03 17:13:34 +02:00
|
|
|
# NOTE: deliberately no exit 0
|