diff --git a/templates/default/documentation.html.ep b/templates/default/documentation.html.ep
index 40a8697..28d1f27 100644
--- a/templates/default/documentation.html.ep
+++ b/templates/default/documentation.html.ep
@@ -288,18 +288,28 @@ cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini
If you plan to use VROOM only on a local network, where each peer can connect to each others, you can just omit this part. But if you want
VROOM to work from anywhere, you'll need use STUN and most likely TURN too.
- - stun_server: The STUN server(s) to use. For example*
+
- stun_server: The STUN server(s) to use. For example
stun_server = 'stun:stun.l.google.com:19302','stun:vroom.example.net:3478'.
This must be a comma separated list of full STUN URI as defined by rfc7064
+
- turn_server: The TURN server(s) to use. For example
turn_server = 'turns:vroom.example.net:5349','turns:vroom.example.net:5349?transport=tcp'.
This must be a comma separated list of full STUN URI as defined by rfc7065
+
+ - credentials: This defines what TURN credentials are sent to clients. It can take two values:
+
+ - static: With this mode, you're using a single set of credentials (set with turn_user and
+ turn_password) and they will be used by every peer in every room
+ - rest: In this mode, VROOM will generate TURN REST API
+ compatible credentials for each room. Each credentials set will be valid only for 5 minutes. You must set secret_key to the same secret key
+ set in your TURN server
+
+
+
- turn_user and turn_password: To use your TURN server, you'll most likely require credentials.
- You can either enter them here. If you let this empty, VROOM assumes that you're using
- rfc5766-turn-server and will generate one user and password
- for each room. See the Configure rfc5766-turn-server section. Note that the same credentials will be used for every TURN server you define
- - realm: If you use rfc5766-turn-server with dynamic credentials, you must set here the realm configured in
- /etc/turnserver/turnserver.conf
+ If using static credentials, you must set this to the username and password the clients will use
+
+ - secret_key: When using the rest credentials method, set this to the secret key shared with the turn server
@@ -417,10 +427,11 @@ cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini
- Setup rfc5766-turn-server
+ Setup coturn or rfc5766-turn-server
- You can run any TURN server you want, but VROOM integrates well with rfc5766-turn-server.
+ You can run any TURN server you want, but VROOM is mainly tested rfc5766-turn-server
+ or coturn (which are very similar). The reference instance https://vroom.im is using coturn.
To make use of it, follow those steps
@@ -432,7 +443,7 @@ cp /opt/vroom/conf/settings.ini.dist /opt/vroom/conf/settings.ini
Download the latest version from here and extract the archive
- Only the 3.x branch is supported
+ Branch 3.x is rfc5766-turn-server and 4.x is coturn. 4.x is recommanded
@@ -455,11 +466,10 @@ yum localinstall turnserver-*/*.rpm
mv /etc/turnserver/turnserver.conf /etc/turnserver/turnserver.conf.default
cat <<'EOF' > /etc/turnserver/turnserver.conf
-mysql-userdb "host=localhost dbname=vroom user=vroom password=MySuperPassw0rd connect_timeout=5"
verbose
-syslog
fingerprint
lt-cred-mech
+syslog
no-sslv2
no-sslv3
no-tcp
@@ -473,6 +483,8 @@ cert /etc/turnserver/cert.pem
pkey /etc/turnserver/key.pem
proc-user turnserver
proc-group turnserver
+use-auth-secret
+static-auth-secret SuperSecretPassword
EOF
@@ -481,6 +493,9 @@ EOF
Both key and certificate must be readable by turnserver user and/or group
You can comment no-tcp, no-udp and alt-tls-listening-port if you want to test without encryption
If you have intermediate(s) CA, you have to put them in the cert.pem file, but after your certificate
+ In this example, the turn server will use TURN REST API compatible authentication, so you must set
+ credentials='rest' and secret_key='SuperSecretPassword' in the turn section of VROOM's settings.ini
+