diff --git a/docker/kurento-media-server/rootfs/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini b/docker/kurento-media-server/rootfs/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini new file mode 100644 index 00000000..db2e7de2 --- /dev/null +++ b/docker/kurento-media-server/rootfs/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini @@ -0,0 +1,130 @@ +;; Local network interfaces used for ICE gathering. +;; +;; If you know which network interfaces should be used to perform ICE (for +;; WebRTC connectivity), you can define them here. Doing so has several +;; advantages: +;; +;; * The WebRTC ICE gathering process will be much quicker. Normally, it needs +;; to gather local candidates for all of the network interfaces, but this step +;; can be made faster if you limit it to only the interface that you know will +;; work. +;; +;; * It will ensure that the media server always decides to use the correct +;; network interface. With WebRTC ICE gathering it's possible that, under some +;; circumstances (in systems with virtual network interfaces such as +;; "docker0") the ICE process ends up choosing the wrong local IP. +;; +;; is a comma-separated list of network interface names. +;; +;; Examples: +;; networkInterfaces=eth0 +;; networkInterfaces=eth0,enp0s25 +;; +;networkInterfaces=eth0 + +;; STUN server IP address. +;; +;; The ICE process uses STUN to punch holes through NAT firewalls. +;; +;; You don't need to configure both STUN and TURN, because TURN already includes +;; STUN functionality. +;; +;; MUST be an IP address; domain names are NOT supported. +;; +;; You need to use a well-working STUN server. Use this to check if it works: +;; https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ +;; From that check, you should get at least one Server-Reflexive Candidate +;; (type "srflx"). +;; +stunServerAddress=stun.imp.ch +stunServerPort=3478 + +;; TURN server URL. +;; +;; When STUN is not enough to open connections through some NAT firewalls, +;; using TURN is the remaining alternative. +;; +;; You don't need to configure both STUN and TURN, because TURN already includes +;; STUN functionality. +;; +;; The provided URL should follow one of these formats: +;; +;; * user:password@ipaddress:port +;; * user:password@ipaddress:port?transport=[udp|tcp|tls] +;; +;; MUST be an IP address; domain names are NOT supported. +;; is OPTIONAL. Possible values: udp, tcp, tls. Default: udp. +;; +;; You need to use a well-working TURN server. Use this to check if it works: +;; https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ +;; +;; From that check, you should get at least one Server-Reflexive Candidate +;; (type "srflx") AND one Relay Candidate (type "relay"). +;; +;turnURL=user:password@198.51.100.1:3478?transport=udp + +;; Certificate used for DTLS authentication. +;; +;; If you want KMS to use a specific certificate for DTLS, then provide it here. +;; You can provide both RSA or ECDSA files; the choice between them is done when +;; calling the WebRtcEndpoint constructor. +;; +;; If this setting isn't specified, a different set of self-signed certificates +;; is generated automatically for each WebRtcEndpoint instance. +;; +;; This setting can be helpful, for example, for situations where you have to +;; manage multiple media servers and want to make sure that all of them use the +;; same certificate. Some browsers, such as Firefox, require this in order to +;; allow multiple WebRTC connections from the same tab to different KMS. +;; +;; Absolute path to the concatenated certificate (chain) file(s) + private key, +;; in PEM format. +;; +;pemCertificateRSA=/path/to/cert+key.pem +;pemCertificateECDSA=/path/to/cert+key.pem + +;; External IPv4 and IPv6 addresses of the media server. +;; +;; Forces all local IPv4 and/or IPv6 ICE candidates to have the given address. +;; This is really nothing more than a hack, but it's very effective to force a +;; public IP address when one is known in advance for the media server. In doing +;; so, KMS will not need a STUN or TURN server, but remote peers will still be +;; able to contact it. +;; +;; You can try using these settings if KMS is deployed on a publicly accessible +;; server, without NAT, and with a static public IP address. But if it doesn't +;; work for you, just go back to configuring a STUN or TURN server for ICE. +;; +;; Only set this parameter if you know what you're doing, and you understand +;; 100% WHY you need it. For the majority of cases, you should just prefer to +;; configure a STUN or TURN server. +;; +;; is a single IPv4 address. +;; is a single IPv6 address. +;; +;externalIPv4=198.51.100.1 +;externalIPv6=2001:0db8:85a3:0000:0000:8a2e:0370:7334 + +;; External IP address of the media server. +;; +;; DEPRECATED: Use "externalIPv4" and/or "externalIPv6" instead. +;; +;; Forces all local IPv4 and IPv6 ICE candidates to have the given address. This +;; is really nothing more than a hack, but it's very effective to force a public +;; IP address when one is known in advance for the media server. In doing so, +;; KMS will not need a STUN or TURN server, but remote peers will still be able +;; to contact it. +;; +;; You can try using this setting if KMS is deployed on a publicly accessible +;; server, without NAT, and with a static public IP address. But if it doesn't +;; work for you, just go back to configuring a STUN or TURN server for ICE. +;; +;; Only set this parameter if you know what you're doing, and you understand +;; 100% WHY you need it. For the majority of cases, you should just prefer to +;; configure a STUN or TURN server. +;; +;; is a single IPv4 or IPv6 address. +;; +;externalAddress=198.51.100.1 +;externalAddress=2001:0db8:85a3:0000:0000:8a2e:0370:7334 +