Updated self-hosted scripts and documentation (#249)

* Updated self-hosted scripts and documentation Added more variables to setup.env and Updated the documentation. We are now configuring turn server with template as well. * Updated self-hosted scripts and documentation Added more variables to setup.env and Updated the documentation. We are now configuring turn server with template as well. * Updated self-hosted scripts and documentation Added more variables to setup.env and Updated the documentation. We are now configuring turn server with template as well. * Updated self-hosted scripts and documentation Added more variables to setup.env and Updated the documentation. We are now configuring turn server with template as well.
2026-04-18 08:16:39 +00:00 · 2022-03-05 11:20:04 +01:00
parent 3385ea6379
commit 071b03e790
6 changed files with 95 additions and 32 deletions
--- a/infrastructure_files/configure.sh
+++ b/infrastructure_files/configure.sh
@@ -1,7 +1,27 @@
 #!/bin/bash

-unset $(grep -v '^#' ./setup.env | sed -E 's/(.*)=.*/\1/' | xargs)
-export $(grep -v '^#' ./setup.env | xargs)
+source setup.env
+
+if [[ "x-$WIRETRUSTEE_DOMAIN" == "x-" ]]
+then
+  echo WIRETRUSTEE_DOMAIN is not set, please update your setup.env file
+  exit 1
+fi
+
+# local development or tests
+if [[ $WIRETRUSTEE_DOMAIN == "localhost" || $WIRETRUSTEE_DOMAIN == "127.0.0.1" ]]
+then
+  export WIRETRUSTEE_MGMT_API_ENDPOINT=http://$WIRETRUSTEE_DOMAIN:$WIRETRUSTEE_MGMT_API_PORT
+  unset WIRETRUSTEE_MGMT_API_CERT_FILE
+  unset WIRETRUSTEE_MGMT_API_CERT_KEY_FILE
+fi
+
+# if not provided, we generate a turn password
+if [[ "x-$TURN_PASSWORD" == "x-" ]]
+then
+  export TURN_PASSWORD=$(openssl rand -base64 32|sed 's/=//g')
+fi

 envsubst < docker-compose.yml.tmpl > docker-compose.yml
 envsubst < management.json.tmpl > management.json
+envsubst < turnserver.conf.tmpl > turnserver.conf
--- a/infrastructure_files/docker-compose.yml.tmpl
+++ b/infrastructure_files/docker-compose.yml.tmpl
@@ -11,19 +11,18 @@ services:
      - AUTH0_DOMAIN=$WIRETRUSTEE_AUTH0_DOMAIN
      - AUTH0_CLIENT_ID=$WIRETRUSTEE_AUTH0_CLIENT_ID
      - AUTH0_AUDIENCE=$WIRETRUSTEE_AUTH0_AUDIENCE
-      - WIRETRUSTEE_MGMT_API_ENDPOINT=https://$WIRETRUSTEE_DOMAIN:33071
+      - WIRETRUSTEE_MGMT_API_ENDPOINT=$WIRETRUSTEE_MGMT_API_ENDPOINT
      - NGINX_SSL_PORT=443
      - LETSENCRYPT_DOMAIN=$WIRETRUSTEE_DOMAIN
      - LETSENCRYPT_EMAIL=$WIRETRUSTEE_LETSENCRYPT_EMAIL
    volumes:
-      - /var/lib/wiretrustee/dashboard/letsencrypt:/etc/letsencrypt/
+      - wiretrustee-letsencrypt:/etc/letsencrypt/
  # Signal
  signal:
    image: wiretrustee/signal:latest
    restart: unless-stopped
    volumes:
      - wiretrustee-signal:/var/lib/wiretrustee
-    #      - /var/log/wiretrustee/signal.log:/var/log/wiretrustee/signal.log
    ports:
      - 10000:10000
  #     # port and command for Let's Encrypt validation
@@ -37,12 +36,11 @@ services:
      - dashboard
    volumes:
      - wiretrustee-mgmt:/var/lib/wiretrustee
-      - /var/lib/wiretrustee/dashboard/letsencrypt:/etc/letsencrypt:ro
+      - wiretrustee-letsencrypt:/etc/letsencrypt:ro
      - ./management.json:/etc/wiretrustee/management.json
-    #      - /var/log/wiretrustee/management.log:/var/log/wiretrustee/management.log
    ports:
      - 33073:33073 #gRPC port
-      - 33071:33071 #HTTP port
+      - $WIRETRUSTEE_MGMT_API_PORT:33071 #API port
  #     # port and command for Let's Encrypt validation
  #      - 443:443
  #    command: ["--letsencrypt-domain", "$WIRETRUSTEE_DOMAIN", "--log-file", "console"]
@@ -50,7 +48,7 @@ services:
  coturn:
    image: coturn/coturn
    restart: unless-stopped
-    domainname: <YOUR DOMAIN>
+    domainname: $WIRETRUSTEE_DOMAIN
    volumes:
      - ./turnserver.conf:/etc/turnserver.conf:ro
    #      - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
@@ -58,4 +56,5 @@ services:
    network_mode: host
 volumes:
  wiretrustee-mgmt:
-  wiretrustee-signal:
+  wiretrustee-signal:
+  wiretrustee-letsencrypt:
--- a/infrastructure_files/management.json.tmpl
+++ b/infrastructure_files/management.json.tmpl
@@ -12,8 +12,8 @@
            {
                "Proto": "udp",
                "URI": "turn:$WIRETRUSTEE_DOMAIN:3478",
-                "Username": "",
-                "Password": null
+                "Username": "$TURN_USER",
+                "Password": "$TURN_PASSWORD"
            }
        ],
        "CredentialsTTL": "12h",
@@ -28,19 +28,14 @@
    },
    "Datadir": "",
    "HttpConfig": {
-        "Address": "0.0.0.0:33071",
+        "Address": "0.0.0.0:$WIRETRUSTEE_MGMT_API_PORT",
        "AuthIssuer": "https://$WIRETRUSTEE_AUTH0_DOMAIN/",
        "AuthAudience": "$WIRETRUSTEE_AUTH0_AUDIENCE",
-        "AuthKeysLocation": "https://$WIRETRUSTEE_AUTH0_DOMAIN/.well-known/jwks.json"
+        "AuthKeysLocation": "https://$WIRETRUSTEE_AUTH0_DOMAIN/.well-known/jwks.json",
+        "CertFile":"$WIRETRUSTEE_MGMT_API_CERT_FILE",
+        "CertKey":"$WIRETRUSTEE_MGMT_API_CERT_KEY_FILE"
    },
    "IdpManagerConfig": {
-        "Manager": "none",
-        "Auth0ClientCredentials": {
-        "Audience": "<PASTE YOUR AUTH0 AUDIENCE HERE>",
-        "AuthIssuer": "<PASTE YOUR AUTH0 Auth Issuer HERE>",
-        "ClientId": "<PASTE YOUR AUTH0 Application Client ID HERE>",
-        "ClientSecret": "<PASTE YOUR AUTH0 Application Client Secret HERE>",
-         "GrantType": "client_credentials"
-         }
+        "Manager": "none"
     }
 }
--- a/infrastructure_files/setup.env
+++ b/infrastructure_files/setup.env
@@ -1,4 +1,6 @@
-# e.g. app.mydomain.com
+# Dashboard domain and auth0 configuration
+
+# Dashboard domain. e.g. app.mydomain.com
 WIRETRUSTEE_DOMAIN=""
 # e.g. dev-24vkclam.us.auth0.com
 WIRETRUSTEE_AUTH0_DOMAIN=""
@@ -8,3 +10,42 @@ WIRETRUSTEE_AUTH0_CLIENT_ID=""
 WIRETRUSTEE_AUTH0_AUDIENCE=""
 # e.g. hello@mydomain.com
 WIRETRUSTEE_LETSENCRYPT_EMAIL=""
+
+## From this point, most settings are being done automatically, but you can edit if you need some customization
+
+# Management API
+
+# Management API port
+WIRETRUSTEE_MGMT_API_PORT=33071
+# Management API endpoint address, used by the Dashboard
+WIRETRUSTEE_MGMT_API_ENDPOINT=https://$WIRETRUSTEE_DOMAIN:$WIRETRUSTEE_MGMT_API_PORT
+# Management Certficate file path. These are generated by the Dashboard container
+WIRETRUSTEE_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$WIRETRUSTEE_DOMAIN/fullchain.pem"
+# Management Certficate key file path.
+WIRETRUSTEE_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$WIRETRUSTEE_DOMAIN/privkey.pem"
+
+# Turn credentials
+
+# User
+TURN_USER=self
+# Password. If empty, the configure.sh will generate one with openssl
+TURN_PASSWORD=
+# Min port
+TURN_MIN_PORT=49152
+# Max port
+TURN_MAX_PORT=65535
+
+# exports
+export WIRETRUSTEE_DOMAIN
+export WIRETRUSTEE_AUTH0_DOMAIN
+export WIRETRUSTEE_AUTH0_CLIENT_ID
+export WIRETRUSTEE_AUTH0_AUDIENCE
+export WIRETRUSTEE_LETSENCRYPT_EMAIL
+export WIRETRUSTEE_MGMT_API_PORT
+export WIRETRUSTEE_MGMT_API_ENDPOINT
+export WIRETRUSTEE_MGMT_API_CERT_FILE
+export WIRETRUSTEE_MGMT_API_CERT_KEY_FILE
+export TURN_USER
+export TURN_PASSWORD
+export TURN_MIN_PORT
+export TURN_MAX_PORT
--- a/infrastructure_files/turnserver.conf.tmpl
+++ b/infrastructure_files/turnserver.conf.tmpl
@@ -154,12 +154,12 @@ tls-listening-port=5349
 # Lower and upper bounds of the UDP relay endpoints:
 # (default values are 49152 and 65535)
 #
-min-port=49152
-max-port=65535
+min-port=$TURN_MIN_PORT
+max-port=$TURN_MAX_PORT

 # Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
 # By default the verbose mode is off.
-verbose
+#verbose

 # Uncomment to run TURN server in 'extra' verbose mode.
 # This mode is very annoying and produces lots of output.
@@ -249,7 +249,7 @@ lt-cred-mech
 #user=username1:key1
 #user=username2:key2
 # OR:
-user=username1:password1
+user=$TURN_USER:$TURN_PASSWORD
 #user=username2:password2
 #
 # Keys must be generated by turnadmin utility. The key value depends