From 856e414084876551fe29f0c72d54d476d9905bd0 Mon Sep 17 00:00:00 2001
From: tbutter <thomas@gmx.net>
Date: Tue, 10 Aug 2021 13:57:08 +0200
Subject: [PATCH] prosody: add ability to configure external TURN server

Co-authored-by: Thomas Butter <tbutter@gmail.com>
---
 docker-compose.yml                            |  5 ++++
 env.example                                   |  7 ++++++
 .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 23 +++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1c229b3..0409153 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -172,6 +172,11 @@ services:
             - JWT_TOKEN_AUTH_MODULE
             - LOG_LEVEL
             - PUBLIC_URL
+            - TURN_CREDENTIALS
+            - TURN_HOST
+            - TURNS_HOST
+            - TURN_PORT
+            - TURNS_PORT
             - TZ
         networks:
             meet.jitsi:
diff --git a/env.example b/env.example
index 5f05253..f507fde 100644
--- a/env.example
+++ b/env.example
@@ -354,6 +354,13 @@ JIBRI_STRIP_DOMAIN_JID=muc
 # Directory for logs inside Jibri container
 JIBRI_LOGS_DIR=/config/logs
 
+# Configure an external TURN server
+# TURN_CREDENTIALS="secret"
+# TURN_HOST=turnserver.example.com
+# TURN_PORT=443
+# TURNS_HOST=turnserver.example.com
+# TURNS_PORT=443
+
 # Disable HTTPS: handle TLS connections outside of this setup
 #DISABLE_HTTPS=1
 
diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
index 1cb544b..5786328 100644
--- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
+++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -24,6 +24,26 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
 
 {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
 {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
+{{ $TURN_PORT := .Env.TURN_PORT | default "443" }}
+{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" }}
+
+{{ if .Env.TURN_CREDENTIALS }}
+external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
+{{ end }}
+
+{{ if or .Env.TURN_HOST .Env.TURNS_HOST }}
+external_services = {
+  {{ if .Env.TURN_HOST }}
+     { type = "turn", host = "{{ .Env.TURN_HOST }}", port = {{ $TURN_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
+  {{ end }}
+  {{ if and .Env.TURN_HOST .Env.TURNS_HOST }}
+  ,
+  {{ end }}
+  {{ if .Env.TURNS_HOST }}
+     { type = "turns", host = "{{ .Env.TURNS_HOST }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
+  {{ end }}
+};
+{{ end }}
 
 {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
 asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
@@ -93,6 +113,9 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
         "ping";
         "speakerstats";
         "conference_duration";
+        {{ if or .Env.TURN_HOST .Env.TURNS_HOST }}
+        "external_services";
+        {{ end }}
         {{ if $ENABLE_LOBBY }}
         "muc_lobby_rooms";
         {{ end }}