Add external-ip support for coturn

.github/workflows/test-infrastructure-files.yml

@@ -87,8 +87,10 @@ jobs:
           CI_NETBIRD_SIGNAL_PORT: 12345
           CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
           CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
+          CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
 
         run: |
+          set -x
           grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
           grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
           grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -120,6 +122,7 @@ jobs:
           grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
           grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
           grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
+          grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP
 
       - name: Install modules
         run: go mod tidy
@@ -175,7 +178,10 @@ jobs:
       - name: test management.json file gen
         run: test -f management.json
       - name: test turnserver.conf file gen
-        run: test -f turnserver.conf
+        run: | 
+          set -x
+          test -f turnserver.conf
+          grep external-ip turnserver.conf
       - name: test zitadel.env file gen
         run: test -f zitadel.env
       - name: test dashboard.env file gen

infrastructure_files/base.setup.env

@@ -23,6 +23,8 @@ NETBIRD_SIGNAL_PORT=${NETBIRD_SIGNAL_PORT:-10000}
 # Turn
 TURN_DOMAIN=${NETBIRD_TURN_DOMAIN:-$NETBIRD_DOMAIN}
 
+NETBIRD_TURN_EXTERNAL_IP=${NETBIRD_TURN_EXTERNAL_IP}
+
 # Turn credentials
 # User
 TURN_USER=self
@@ -120,3 +122,4 @@ export NETBIRD_DASHBOARD_TAG
 export NETBIRD_SIGNAL_TAG
 export NETBIRD_MANAGEMENT_TAG
 export COTURN_TAG
+export NETBIRD_TURN_EXTERNAL_IP

infrastructure_files/configure.sh

@@ -54,6 +54,29 @@ if [[ "x-$TURN_PASSWORD" == "x-" ]]; then
   export TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
 fi
 
+TURN_EXTERNAL_IP_CONFIG="#"
+
+if [[ "x-$NETBIRD_TURN_EXTERNAL_IP" == "x-" ]]; then
+  echo "discovering server's public IP"
+  IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
+  if [[ "x-$IP" != "x-" ]]; then
+    TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
+  else
+    echo "unable to discover server's public IP"
+  fi
+else
+  echo "${NETBIRD_TURN_EXTERNAL_IP}"| egrep '([0-9]{1,3}\.){3}[0-9]{1,3}$' > /dev/null
+  if [[ $? -eq 0 ]]; then
+    echo "using provided server's public IP"
+    TURN_EXTERNAL_IP_CONFIG="external-ip=$NETBIRD_TURN_EXTERNAL_IP"
+  else
+    echo "provided NETBIRD_TURN_EXTERNAL_IP $NETBIRD_TURN_EXTERNAL_IP is invalid, please correct it and try again"
+    exit 1
+  fi
+fi
+
+export TURN_EXTERNAL_IP_CONFIG
+
 artifacts_path="./artifacts"
 mkdir -p $artifacts_path
 

infrastructure_files/getting-started-with-zitadel.sh

@@ -402,6 +402,15 @@ read_nb_domain() {
   echo "$READ_NETBIRD_DOMAIN"
 }
 
+get_turn_external_ip() {
+  TURN_EXTERNAL_IP_CONFIG="#external-ip="
+  IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
+  if [[ "x-$IP" != "x-" ]]; then
+    TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
+  fi
+  echo "$TURN_EXTERNAL_IP_CONFIG"
+}
+
 initEnvironment() {
   CADDY_SECURE_DOMAIN=""
   ZITADEL_EXTERNALSECURE="false"
@@ -413,6 +422,7 @@ initEnvironment() {
   TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
   TURN_MIN_PORT=49152
   TURN_MAX_PORT=65535
+  TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip)
 
   if ! check_nb_domain "$NETBIRD_DOMAIN"; then
     NETBIRD_DOMAIN=$(read_nb_domain)
@@ -560,6 +570,7 @@ EOF
 renderTurnServerConf() {
   cat <<EOF
 listening-port=3478
+$TURN_EXTERNAL_IP_CONFIG
 tls-listening-port=5349
 min-port=$TURN_MIN_PORT
 max-port=$TURN_MAX_PORT

infrastructure_files/setup.env.example

@@ -15,6 +15,12 @@ NETBIRD_DOMAIN=""
 # if not specified it will assume NETBIRD_DOMAIN
 NETBIRD_TURN_DOMAIN=""
 
+# TURN server public IP address
+# required for a connection involving peers in
+# the same network as the server and external peers
+# usually matches the IP for the domain set in NETBIRD_TURN_DOMAIN
+NETBIRD_TURN_EXTERNAL_IP=""
+
 # -------------------------------------------
 # OIDC
 #  e.g., https://example.eu.auth0.com/.well-known/openid-configuration

infrastructure_files/tests/setup.env

@@ -24,4 +24,5 @@ NETBIRD_IDP_MGMT_CLIENT_ID=$CI_NETBIRD_IDP_MGMT_CLIENT_ID
 NETBIRD_IDP_MGMT_CLIENT_SECRET=$CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
 NETBIRD_SIGNAL_PORT=12345
 NETBIRD_STORE_CONFIG_ENGINE=$CI_NETBIRD_STORE_CONFIG_ENGINE
-NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH
+NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH
+NETBIRD_TURN_EXTERNAL_IP=1.2.3.4

infrastructure_files/turnserver.conf.tmpl

@@ -132,6 +132,7 @@ tls-listening-port=5349
 #external-ip=60.70.80.91/172.17.19.101
 #external-ip=60.70.80.92/172.17.19.102
 
+$TURN_EXTERNAL_IP_CONFIG
 
 # Number of the relay threads to handle the established connections
 # (in addition to authentication thread and the listener thread).