Skip to content

elan-ev/bbb_coturn

BranchesTags

Repository files navigation

Set up a TURN/STUN server for BigBlueButton

molecule

This is an ansible-role to set up coturn (currently in version 4.6.0) to work with BigBlueButton and largely follows the official BigBlueButton documentation.

Dependencies

This role makes use of the ansible.posix collection (ansible-galaxy collection install ansible.posix).

Role Variables

For a full overview of configuration options look at the defaults. The default values all-in-all follow the official recommendations from the BigBlueButton docs. However, you can configure some more options for extra security if you prefer.

Custom Config Files

Instead of mapping a lot of variables from an ansible-config-file to a coturn-config-file, you can simply specify the path to your own config-templates. To do so, overwrite the default value in the variable coturn_config_template.

This way you can use this role for any coturn configuration that you might desire.

Security and Firewall Related

This role can configure firewalld or ufw for coturn. However, you have to tell it so explicitely by either setting configure_for_firewalld or configure_for_ufw to true.

Additional Hardening

To prevent relaying traffic to other servers than your BigBlueButton nodes, you can set allowed_peer_ips to the IPs of your BigBlueButton nodes (or allowed_peer_hosts for the fqdns of the hosts to dig for them).

This role also mimics the default behavior of coturn to switch on options that decrease the gain factor in STUN binding responses (no_rfc5780, no_stun_backward_compatibility, response_origin_only_with_rfc5780).

TLS

By default, tls is configured and thus you should check if the default variables make sense for your setup. If, e.g. for test purposes, you don't want to use tls, simply set the variable use_tls to false.

Example Playbook

Your playbook might look like this:

---

- hosts: all
  become: true
  roles:
    - role: elan.bbb_coturn
      static_auth_secret: 1234
      realm: foo.com
      configure_for_firewalld: true
      configure_logrotate: true

If you want to pass you own config template:

---

- hosts: all
  become: true
  roles:
    - role: elan.bbb_coturn
      nginx_tls_config: 'my_templates/nginx_tls_config.yml.j2'

In this case you would have a configuration template for coturn that is located in a folder my_templates relative to the playbook.

Development

For development and testing you can use molecule. With podman as driver you can install it like this – preferably in a virtual environment:

pip install -r .dev_requirements.txt

Then you can create the test instances, apply the ansible config (converge) and destroy the test instances with these commands:

molecule create
molecule converge
molecule destroy

If you want to inspect a running test instance use molecule login --host <instance_name>, where you replace <instance_name> with the desired value.

License

BSD-3-Clause

Author Information

ELAN e.V

About

This is an ansible role to set up coturn to work with BigBlueButton.

galaxy.ansible.com/elan/bbb_coturn

Topics

ansible ansible-role ansible-galaxy

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases 1

0.1.0 Latest
Sep 14, 2023

Contributors 2

  •  
  •  

Languages