forked from fouille/coturn_install_debian
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·247 lines (233 loc) · 7.62 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
#!/bin/bash
# Copyright 2021 Franck MULLER (see the AUTHORS file)
# SPDX-License-Identifier: GPL-3.0-or-later
#Functions
install_coturn() {
base_install=$(whiptail --title "Coturn Installer" --yesno "Welcome in the Coturn Installer, after press Enter the installation start automaticaly" --no-button "Cancel" --yes-button "Go !" 13 60 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
{
i=1
while read -r line; do
i=$(( i + 1 ))
echo $i
done < <(apt-get update && apt-get install dnsutils coturn -y)
} | whiptail --gauge "Wait update and install Coturn Service" 6 60 0
else
exit
fi
configure_coturn 0
}
active_turn() {
whiptail --yesno "Would you like to active TURN now?" 10 60 2
if [ $? -eq 0 ]; then # yes
systemctl stop coturn
sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn
configure_le
else #no TURN configured
basic_start "Maybe Already Configured :"
fi
}
configure_le() {
whiptail --yesno "This script work's only with Letsencrypt on Certbot, do you want to continue ?" 10 60 2
if [ $? -eq 0 ]; then # yes
systemctl stop coturn
install_certbot 0
else #no TURN configured
basic_start "Maybe Already Configured :"
fi
}
install_certbot() {
if [ $1 -eq 0 ]; then
{
i=1
while read -r line; do
i=$(( i + 1 ))
echo $i
done < <(apt-get install certbot -y)
} | whiptail --gauge "Please wait install Certbot" 6 60 0
fi
run_certbot
}
run_certbot() {
#remove dryrun
TURNDOMAIN=$(whiptail --inputbox "Please write your TURN Domain" 8 39 turn.domain.tld 3>&1 1>&2 2>&3)
MAIL=$(whiptail --inputbox "Please your Email address for Letsencrypt" 8 39 [email protected] 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then
{
i=1
while read -r line; do
i=$(( i + 1 ))
echo $i
done < <(certbot certonly --quiet --email $MAIL --standalone --preferred-challenges http -d $TURNDOMAIN --agree-tos)
} | whiptail --gauge "Please wait Certbot create SSL certificate, maybe long operation..." 6 60 0
fi
configure_turn
}
configure_turn() {
#systemctl stop coturn
TURNPORT=$(whiptail --inputbox "Please write your TURN Port access" 8 39 5349 3>&1 1>&2 2>&3)
USER=$(whiptail --inputbox "Please enter your User pass (simple)" 8 39 user 3>&1 1>&2 2>&3)
PASS=$(whiptail --inputbox "Please enter your Password (simple)" 8 39 password 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then # yes
sed -i '/#tls-listening-port/c\tls-listening-port='$TURNPORT /etc/turnserver.conf
sed -i '/#cipher-list/c\cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"' /etc/turnserver.conf
sed -i '/#cert/c\cert=/etc/letsencrypt/live/'$TURNDOMAIN'/fullchain.pem' /etc/turnserver.conf
sed -i '/#pkey/c\pkey=/etc/letsencrypt/live/'$TURNDOMAIN'/privkey.pem' /etc/turnserver.conf
sed -i '/#user/c\user='$USER':'$PASS /etc/turnserver.conf
fi
nat_enable
}
nat_enable() {
localIP=$(detect_localip)
wanIP=$(detect_wanip)
detectNAT=$([[ $localIP == $wanIP ]] && echo "noNAT" || echo "NAT")
if [ $detectNAT = "NAT" ]; then #if yes
whiptail --yesno "NAT is detected on your Network, it's correct ? ( $wanIP --> $localIP)" 10 60 2
if [ $? -eq 0 ]; then # yes
PUBIP=$(whiptail --inputbox "Your public IP (change if not correct)" 8 39 $wanIP 3>&1 1>&2 2>&3)
PRIVIP=$(whiptail --inputbox "Your private IP (change if not correct)" 8 39 $localIP 3>&1 1>&2 2>&3)
sed -i '/#external-ip/c\external-ip='$PUBIP'/'$PRIVIP /etc/turnserver.conf
construct_start
else #no NAT
construct_start
fi
else #if no detect_ip
whiptail --yesno "NO NAT, it's correct ? ( $wanIP --> $localIP)" 10 60 2
if [ $? -eq 0 ]; then # yes no NAT
construct_start
echo "step 2 NO NAT confirm"
else #no NAT is active
PUBIP=$(whiptail --inputbox "Your public IP (change if not correct)" 8 39 $wanIP 3>&1 1>&2 2>&3)
PRIVIP=$(whiptail --inputbox "Your private IP (change if not correct)" 8 39 $localIP 3>&1 1>&2 2>&3)
sed -i '/#extern-ip/c\extern-ip='$PUBIP'/'$PRIVIP /etc/turnserver.conf
construct_start
fi
fi
}
configure_coturn() {
if [ $1 -eq 0 ]; then
{
i=1
while read -r line; do
i=$(( i + 1 ))
echo $i
done < <(construct_file)
} | whiptail --gauge "Wait..." 6 60 0
fi
setup_all
}
setup_all() {
systemctl stop coturn
SERVER=$(whiptail --inputbox "Please write your STUN domain" 8 39 stun.domain.tld 3>&1 1>&2 2>&3)
REALM=$(whiptail --inputbox "Please write your domain" 8 39 domain.tld 3>&1 1>&2 2>&3)
#EXTERNIP=$(whiptail --inputbox "Please enter your Extern IP (Maybe Public)" 8 39 domain.tld 3>&1 1>&2 2>&3)
STUNPORT=$(whiptail --inputbox "Please your STUN Access Port" 8 39 3478 3>&1 1>&2 2>&3)
if [ $? -eq 0 ]; then # yes
sed -i '/server-name/c\server-name='$SERVER /etc/turnserver.conf
sed -i '/realm/c\realm='$REALM /etc/turnserver.conf
sed -i '/#listening-port/c\listening-port='$STUNPORT /etc/turnserver.conf
fi
active_turn
}
#Detect
detect_localip() {
hostname -I
return
}
detect_wanip() {
dig +short myip.opendns.com @resolver1.opendns.com
return
}
#Construct
construct_file() {
mv /etc/turnserver.conf /etc/turnserver.conf.backup
touch /etc/turnserver.conf
echo '#listening-port=3478
fingerprint
lt-cred-mech
server-name=
realm=
listening-ip=0.0.0.0
#external-ip=
#user=
total-quota=100
stale-nonce=600
#tls-listening-port=5349
#cert=/usr/local/psa/var/modules/letsencrypt/etc/live/ourcodeworld.com/cert.pem
#pkey=/usr/local/psa/var/modules/letsencrypt/etc/live/ourcodeworld.com/privkey.pem
#cipher-list=
proc-user=turnserver
proc-group=turnserver
bps-capacity=0
stale-nonce
no-multicast-peers
verbose' >> /etc/turnserver.conf
}
construct_start() {
echo "Final step, please Wait..."
mv /lib/systemd/system/coturn.service /tmp/
systemctl daemon-reload
update-rc.d coturn defaults
/etc/init.d/coturn start
echo ""
echo "Coturn is now Configured"
echo ""
echo "-------------"
echo "For start dans stop Coturn please use: /etc/init.d/coturn start|stop|restart"
echo "-------------"
echo ""
echo "-------------"
echo "Your STUN server is: "$SERVER":"$STUNPORT
echo "Your TURN server is: "$TURNDOMAIN":"$TURNPORT" Username: "$USER" Password: "$PASS
echo "-------------"
echo ""
echo "Have nice Day :-)"
}
basic_start() {
echo "Final step, please Wait..."
systemctl restart coturn
echo ""
echo "Coturn is now Configured with STUN server ONLY"
echo ""
echo "-------------"
echo "For start dans stop Coturn please use: systemctl start|stop|restart coturn"
echo "-------------"
echo ""
echo "-------------"
echo "Your STUN server is: $SERVER:$STUNPORT" $1
echo "Your TURN server is: NOT CONFIGURED - Please use 'install.sh -d' for enable TURN"
echo "-------------"
echo ""
echo "Have nice Day :-)"
}
#Main
usage() {
cat << EOF
This script is used to install Coturn
usage : $(basename $0) {-t}
without arg : install Coturn
-t : add Turn Service
-r : remove Coturn
EOF
exit 1
}
while getopts ':rt' opt; do
case ${opt} in
r)
systemctl stop coturn
apt-get remove coturn certbot -y
apt-get autoremove coturn certbot -y
exit 0
;;
t)
active_turn
exit 0
;;
*)
usage
exit 0
;;
esac
done
install_coturn