Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Prochaine révision Les deux révisions suivantes | ||
projets:vroom [12/02/2015 19:17] dani [Known issues] |
projets:vroom [31/08/2015 10:54] dani |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
====== VROOM ====== | ====== VROOM ====== | ||
+ | {{odt> | ||
+ | |||
+ | <note important> | ||
===== Intro ===== | ===== Intro ===== | ||
Ligne 117: | Ligne 120: | ||
<code bash> | <code bash> | ||
- | yum install git nodejs npm tar wget httpd mod_ssl openssl | + | yum install git tar wget httpd mod_ssl openssl mariadb-server \ |
' | ' | ||
' | ' | ||
Ligne 136: | Ligne 139: | ||
=== Setup MySQL/ | === Setup MySQL/ | ||
- | A database will be used to share informations between | + | A database will be used to store rooms configuration, |
<code bash> | <code bash> | ||
systemctl enable mariadb.service | systemctl enable mariadb.service | ||
Ligne 179: | Ligne 181: | ||
mysql-userdb " | mysql-userdb " | ||
verbose | verbose | ||
+ | syslog | ||
fingerprint | fingerprint | ||
lt-cred-mech | lt-cred-mech | ||
no-sslv2 | no-sslv2 | ||
+ | no-sslv3 | ||
+ | no-tcp | ||
+ | no-udp | ||
+ | tls-listening-port 5349 | ||
+ | alt-tls-listening-port 3478 | ||
no-loopback-peers | no-loopback-peers | ||
- | realm firewall-services.com | + | no-multicast-peers |
- | cert /etc/pki/tls/ | + | realm vroom |
- | pkey /etc/pki/tls/ | + | cert /etc/turnserver/cert.pem |
+ | pkey /etc/turnserver/key.pem | ||
proc-user turnserver | proc-user turnserver | ||
proc-group turnserver | proc-group turnserver | ||
Ligne 192: | Ligne 201: | ||
<note important> | <note important> | ||
- | An SSL certificate is needed for everything to work correctly (**/etc/pki/tls/ | + | * An SSL certificate is needed for everything to work correctly |
+ | * Both key and certificate must be readable by turnserver user and/or group | ||
+ | * You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption | ||
+ | * If you have intermediate(s) CA, you have to put them in the cert.pem file, but **after** your certificate | ||
</ | </ | ||
Ligne 212: | Ligne 224: | ||
* TCP 3478, 3479, 5349, 5350 and 49152 to 65535 | * TCP 3478, 3479, 5349, 5350 and 49152 to 65535 | ||
* UDP 3478, 3479, 5349, 5350 and 49152 to 65535 | * UDP 3478, 3479, 5349, 5350 and 49152 to 65535 | ||
- | </ | ||
- | === Setup SignalMaster === | + | A quick note on how to open the correct port with firewalld: |
- | + | ||
- | This daemon is a slightly modified version of [[https:// | + | |
<code bash> | <code bash> | ||
- | cd /opt/vroom/signalmaster | + | firewall-cmd --add-port 80/tcp \ |
- | npm install | + | |
- | </code> | + | |
- | + | --add-port 3479/tcp \ | |
- | Ok, now lets create a user to run this | + | --add-port 5349/tcp \ |
- | <code bash> | + | --add-port 5350/tcp \ |
- | useradd | + | --add-port 49152-65535/ |
- | </code> | + | firewall-cmd --add-port 3478/udp \ |
- | + | | |
- | Lets configure signalmaster: | + | --add-port 5349/udp \ |
- | <code bash> | + | --add-port 5350/udp \ |
- | cat <<' | + | --add-port 49152-65535/ |
- | { | + | firewall-cmd --permanent \ |
- | " | + | --add-port 80/tcp \ |
- | " | + | |
- | "port": 8888 | + | |
- | }, | + | |
- | " | + | --add-port 5349/tcp \ |
- | " | + | --add-port 5350/tcp \ |
- | " | + | --add-port 49152-65535/ |
- | " | + | firewall-cmd --permanent \ |
- | " | + | --add-port 3478/udp \ |
- | } | + | --add-port 3479/udp \ |
- | } | + | --add-port 5349/udp \ |
- | EOF | + | |
- | </code> | + | --add-port 49152-65535/ |
- | + | ||
- | Now, lets add our unit file so systemd will be able to manage this daemon: | + | |
- | <code bash> | + | |
- | cp / | + | |
- | systemctl daemon-reload | + | |
- | systemctl enable signalmaster | + | |
- | systemctl start signalmaster | + | |
</ | </ | ||
+ | </ | ||
- | <note important> | ||
=== Setup Apache === | === Setup Apache === | ||
Ligne 289: | Ligne 291: | ||
And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-) | And adapt it to your need. This file is quite small and contains comments, so you should find your way ;-) | ||
+ | |||
+ | <note important> | ||
+ | The **realm** key in **[turn]** section of the config file must match the realm setting in **/ | ||
+ | </ | ||
Then, enable and start vroom daemon | Then, enable and start vroom daemon |