diff --git a/.github/workflows/test-infrastructure-files.yml b/.github/workflows/test-infrastructure-files.yml index e01844c3349..776adc16d0a 100644 --- a/.github/workflows/test-infrastructure-files.yml +++ b/.github/workflows/test-infrastructure-files.yml @@ -87,8 +87,10 @@ jobs: CI_NETBIRD_SIGNAL_PORT: 12345 CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite" CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false + CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4" run: | + set -x grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY @@ -120,6 +122,7 @@ jobs: grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES" grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000" + grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP - name: Install modules run: go mod tidy @@ -175,7 +178,10 @@ jobs: - name: test management.json file gen run: test -f management.json - name: test turnserver.conf file gen - run: test -f turnserver.conf + run: | + set -x + test -f turnserver.conf + grep external-ip turnserver.conf - name: test zitadel.env file gen run: test -f zitadel.env - name: test dashboard.env file gen diff --git a/infrastructure_files/base.setup.env b/infrastructure_files/base.setup.env index 7dd456745bb..28bb5ba4d3d 100644 --- a/infrastructure_files/base.setup.env +++ b/infrastructure_files/base.setup.env @@ -23,6 +23,8 @@ NETBIRD_SIGNAL_PORT=${NETBIRD_SIGNAL_PORT:-10000} # Turn TURN_DOMAIN=${NETBIRD_TURN_DOMAIN:-$NETBIRD_DOMAIN} +NETBIRD_TURN_EXTERNAL_IP=${NETBIRD_TURN_EXTERNAL_IP} + # Turn credentials # User TURN_USER=self @@ -120,3 +122,4 @@ export NETBIRD_DASHBOARD_TAG export NETBIRD_SIGNAL_TAG export NETBIRD_MANAGEMENT_TAG export COTURN_TAG +export NETBIRD_TURN_EXTERNAL_IP diff --git a/infrastructure_files/configure.sh b/infrastructure_files/configure.sh index 5c87361b63a..f04735de683 100755 --- a/infrastructure_files/configure.sh +++ b/infrastructure_files/configure.sh @@ -54,6 +54,29 @@ if [[ "x-$TURN_PASSWORD" == "x-" ]]; then export TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g') fi +TURN_EXTERNAL_IP_CONFIG="#" + +if [[ "x-$NETBIRD_TURN_EXTERNAL_IP" == "x-" ]]; then + echo "discovering server's public IP" + IP=$(curl -s -4 https://jsonip.com | jq -r '.ip') + if [[ "x-$IP" != "x-" ]]; then + TURN_EXTERNAL_IP_CONFIG="external-ip=$IP" + else + echo "unable to discover server's public IP" + fi +else + echo "${NETBIRD_TURN_EXTERNAL_IP}"| egrep '([0-9]{1,3}\.){3}[0-9]{1,3}$' > /dev/null + if [[ $? -eq 0 ]]; then + echo "using provided server's public IP" + TURN_EXTERNAL_IP_CONFIG="external-ip=$NETBIRD_TURN_EXTERNAL_IP" + else + echo "provided NETBIRD_TURN_EXTERNAL_IP $NETBIRD_TURN_EXTERNAL_IP is invalid, please correct it and try again" + exit 1 + fi +fi + +export TURN_EXTERNAL_IP_CONFIG + artifacts_path="./artifacts" mkdir -p $artifacts_path diff --git a/infrastructure_files/getting-started-with-zitadel.sh b/infrastructure_files/getting-started-with-zitadel.sh index c8c5199a330..6c7b9f02c01 100644 --- a/infrastructure_files/getting-started-with-zitadel.sh +++ b/infrastructure_files/getting-started-with-zitadel.sh @@ -402,6 +402,15 @@ read_nb_domain() { echo "$READ_NETBIRD_DOMAIN" } +get_turn_external_ip() { + TURN_EXTERNAL_IP_CONFIG="#external-ip=" + IP=$(curl -s -4 https://jsonip.com | jq -r '.ip') + if [[ "x-$IP" != "x-" ]]; then + TURN_EXTERNAL_IP_CONFIG="external-ip=$IP" + fi + echo "$TURN_EXTERNAL_IP_CONFIG" +} + initEnvironment() { CADDY_SECURE_DOMAIN="" ZITADEL_EXTERNALSECURE="false" @@ -413,6 +422,7 @@ initEnvironment() { TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g') TURN_MIN_PORT=49152 TURN_MAX_PORT=65535 + TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip) if ! check_nb_domain "$NETBIRD_DOMAIN"; then NETBIRD_DOMAIN=$(read_nb_domain) @@ -560,6 +570,7 @@ EOF renderTurnServerConf() { cat <