mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-25 10:28:29 +01:00
Add no-multicast-peers to Coturn config by default
Part of a security hardening provoked by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
This commit is contained in:
parent
803d5c129e
commit
4c9f96722f
@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: []
|
||||
matrix_coturn_user_quota: null
|
||||
matrix_coturn_total_quota: null
|
||||
|
||||
# Controls whether `no-multicast-peers` is added to the configuration
|
||||
matrix_coturn_no_multicast_peers_enabled: true
|
||||
|
||||
# To enable TLS, you need to provide paths to certificates.
|
||||
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
|
||||
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.
|
||||
|
@ -39,6 +39,10 @@ user-quota={{ matrix_coturn_user_quota }}
|
||||
total-quota={{ matrix_coturn_total_quota }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_coturn_no_multicast_peers_enabled %}
|
||||
no-multicast-peers
|
||||
{% endif %}
|
||||
|
||||
{% for ip_range in matrix_coturn_denied_peer_ips %}
|
||||
denied-peer-ip={{ ip_range }}
|
||||
{% endfor %}
|
||||
|
Loading…
Reference in New Issue
Block a user