coturn服務器配置中英對比

coturn服務器配置中英對比

默認配置位置

/etc/turnserver.conf

# RFC5766-TURN-SERVER configuration file
# RFC5766-TURN-SERVER配置文件
#
# Boolean values note: where boolean value is supposed to be used,
# you can use '0', 'off', 'no', 'false', 'f' as 'false,
# and you can use '1', 'on', 'yes', 'true', 't' as 'true'
# If the value is missed, then it means 'true'.
#
# 布爾值注意: 布爾值應該被使用,
# 您可使用'0', 'off', 'no', 'false', 'f' 至關於 'false,
# 還有你能夠用'1', 'on', 'yes', 'true', 't' 至關於 'true'
# 若是沒有值，至關於'true'.
#

# Listener interface device (optional, Linux only).
# NOT RECOMMENDED.
#
# 偵聽器接口設備(僅可選,Linux)。
# 不推薦。
#
#listening-device=eth0

# TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
# TURN爲UDP和TCP的偵聽器端口(默認: 3478)。
# 注:實際上,TLS和DTLS會話能夠鏈接到"清晰的"TCP和UDP端口,——若是容許配置。
#
#listening-port=3478
listening-port=3478

# TURN listener port for TLS (Default: 5349).
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
# port(s), too - if allowed by configuration. The TURN server
# "automatically" recognizes the type of traffic. Actually, two listening
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
# functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
# For secure TCP connections, we currently support SSL version 3 and
# TLS version 1.0, 1.1 and 1.2. SSL2 "encapculation mode" is also supported.
# For secure UDP connections, we support DTLS version 1.
#
# TURN爲TLS的偵聽器端口(默認: 5349)。
# 注意:事實上,"清晰的"TCP和UDP會話能夠鏈接到TLS和DTLS端口，若是容許配置。
# TURN服務器"自動"識別傳輸類型。實際上,兩個監聽終端點("清晰的"端和"TLS"端)是
# 對等的功能;但咱們保持兩個端點來知足RFC 5766規範。
# 對於安全的TCP鏈接,咱們目前支持SSL的3個版本，是TLS 1.0版本,1.1版本和1.2版本。
# SSL2還支持"encapculation模式"。對於安全的UDP鏈接,咱們支持DTLS版本1。
#
#tls-listening-port=5349
tls-listening-port=5349

# Alternative listening port for UDP and TCP listeners;
# default (or zero) value means "listening port plus one".
# This is needed for RFC 5780 support
# (STUN extension specs, NAT behavior discovery). The TURN Server
# supports RFC 5780 only if it is started with more than one
# listening IP address of the same family (IPv4 or IPv6).
# RFC 5780 is supported only by UDP protocol, other protocols
# are listening to that endpoint only for "symmetry".
#
# 選擇UDP和TCP監聽器監聽端口;
# 默認(或者0)是表示監聽的端口加1.
# 這是必須的，爲了RFC 5780的支持(STUN的擴展規範, NAT後端的發現)。
# TURN服務器支持RFC 5780只有啓動與多個監聽同一族的IP地址(IPv4或IPv6).
# RFC 5780只有UDP協議,支持其餘協議是監聽"對稱"型端口的。
#
#alt-listening-port=0
                                   
# Alternative listening port for TLS and DTLS protocols.
# Default (or zero) value means "TLS listening port plus one".
#
# 選擇監聽端口TLS和DTLS協議。
# 默認(或者0)是表示TLS監聽的端口加1.
#
#alt-tls-listening-port=0
    
# Listener IP address of relay server. Multiple listeners can be specified.
# If no IP(s) specified in the config file or in the command line options,
# then all IPv4 and IPv6 system IPs will be used for listening.
#
# 偵聽器中繼服務器的IP地址。能夠指定多個偵聽器。
# 若是沒有在配置文件或者命令選項中指定監聽的IP，
# 那麼全部的IPv4和IPv6全部的IP將被監聽
#
#listening-ip=172.17.19.101
#listening-ip=10.207.21.238
#listening-ip=2607:f0d0:1002:51::4
listening-ip=<IP>

# Auxiliary STUN/TURN server listening endpoint.
# Aux servers have almost full TURN and STUN functionality.
# The (minor) limitations are:
# 1) Auxiliary servers do not have alternative ports and
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
# There may be multiple aux-server options, each will be used for listening
# to client requests.
#
# 輔助STUN/TURN服務器監聽端口。
# 輔助服務器幾乎有齊TURN和STUN功能
# (一些)侷限性:
# 1) 輔助服務器沒有替代的端口而且他們不支持STUN RFC 5780功能(變動請求)。
# 2) 輔助服務器也不會返回ALTERNATIVE-SERVER回覆。
# 有效格式，IPv4的1.2.3.4:5555 和IPv6的[1:2::3:4]:5555。
# 可能會有多個aux-server選項,每一個將用於監聽客戶端請求。
#
#aux-server=172.17.19.110:33478
#aux-server=[2607:f0d0:1002:51::4]:33478

# (recommended for older Linuxes only)
# Automatically balance UDP traffic over auxiliary servers (if configured).
# The load balancing is using the ALTERNATE-SERVER mechanism.
# The TURN client must support 300 ALTERNATE-SERVER response for this
# functionality.
#
# (僅推薦老的Linuxes)
# 在輔助服務器自動均衡UDP流量(若是配置)。
# 使用ALTERNATE-SERVER的負載均衡機制。
# TURN客戶端必須支持300個ALTERNATE-SERVER響應。
#
#udp-self-balance

# Relay interface device for relay sockets (optional, Linux only).
# NOT RECOMMENDED.
#
# 終極接口設備爲中繼套接字(可選, 僅Linux).
# 不推薦。
#
#relay-device=eth1

# Relay address (the local IP address that will be used to relay the
# packets to the peer).
# Multiple relay addresses may be used.
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
# If no relay IP(s) specified, then the turnserver will apply the default
# policy: it will decide itself which relay addresses to be used, and it
# will always be using the client socket IP address as the relay IP address
# of the TURN session (if the requested relay address family is the same
# as the family of the client socket).
#
# 中繼地址(本地IP地址將用於傳遞數據包的給每一個端)
# 可使用多箇中繼地址。
# 相同的IP能夠用做監聽IP和繼電器IP。
# 若是沒有指定中繼IP，那麼turnserver將應用默認策略：它將自行決定使用那個中繼
# 地址，而且它老是會使用客戶端套接字的IP地址做爲中繼的IP地址在TURN會話中(若是
# 請求的中繼地址族解決同族的客戶端套接字)。
#
#relay-ip=172.17.19.105
#relay-ip=2607:f0d0:1002:51::5
relay-ip=<IP>

# For Amazon EC2 users:#
# TURN Server public/private address mapping, if the server is behind NAT.
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
# as relay IP address of all allocations. This scenario works only in a simple case
# when one single relay address is be used, and no RFC5780 functionality is required.
# That single relay address must be mapped by NAT to the 'external' IP.
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
# must be always mapped to the same 'external' port 12345).
# In more complex case when more than one IP address is involved,
# that option must be used several times, each entry must
# have form "-X <public-ip/private-ip>", to map all involved addresses.
# RFC5780 NAT discovery STUN functionality will work correctly,
# if the addresses are mapped properly, even when the TURN server itself
# is behind A NAT.
# By default, this value is empty, and no address mapping is used.
#
# Amazon EC2用戶:
# TURN服務器公開/私有的地址映射，假如服務器是在NAT後端。
# 在這種狀況下,若是一個表單中"-X <ip>"使用一個-X，而後該ip將被做爲中繼ip地址來使用。
# 這種狀況只適用於一個簡單的例子,當一箇中繼的地址是被使用,和沒有RFC5780功能是必需的。
# 單箇中繼地址必須經過NAT映射到外部的IP。
# 外部的IP值，假如不爲空，經過XOR-RELAYED-ADDRESS字段返回。
# 外部的IP,NAT必須直接轉發端口(轉發端口12345，必須老是映射到相同的外部端口12345)。
# 在更復雜的狀況下,當涉及到多個IP地址,這個選項必須使用幾回,每一個條目必須形
# 成"-X <public-ip/private-ip>",將全部涉及到的地址。
# RFC5780 NAT發現STUN功能正常工做，若是正確的地址映射,即便TURN服務器自己是
# 在一個NAT後。
# 默認，該值爲空，而且沒有使用地址映射。
#
#external-ip=60.70.80.91
#
#OR:
#
#external-ip=60.70.80.91/172.17.19.101
#external-ip=60.70.80.92/172.17.19.102
external-ip=<IP>


# Number of relay threads to handle the established connections
# (in addition to authentication thread and the listener thread).
# If set to 0 then application runs relay process in a single thread,
# in the same thread with the listener process (the authentication thread will
# still be a separate thread).
# In the older systems (Linux kernel before 3.9),
# the number of UDP threads is always one thread per network listening endpoint -
# including the auxiliary endpoints - unless 0 (zero) or 1 (one) value is set.
#
# 數量的中繼線程處理創建鏈接(除了驗證線程和偵聽器線程)。
# 若是設置爲0,那麼應用程序中繼進程在一個線程中運行,在同一
# 個線程中監聽處理(身份驗證線程仍然是一個單獨的線程)。
# 在舊系統(3.9 Linux內核以前),數量的UDP線程老是一個線程監聽一個網絡端點,包括輔助端點——除非設置0或1值。
#
#relay-threads=0
relay-threads=10

# Lower and upper bounds of the UDP relay endpoints:
# (default values are 49152 and 65535)
#
# UDP中繼端點的上下邊界:
# (默認是49152至65535)
#
#min-port=49152
#max-port=65535
    
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
# By default the verbose mode is off.
#
# 取消TURN服務器運行'normal' 'moderate'詳細模式。
# 默認狀況下,詳細模式是關閉的。
#
#verbose
    
# Uncomment to run TURN server in 'extra' verbose mode.
# This mode is very annoying and produces lots of output.
# Not recommended under any normal circumstances.
#
# 取消TURN服務器運行'extra'詳細模式。
# 這種模式是很是惱人的,產生大量的輸出。
# 在任何正常狀況下不建議。
#
#Verbose

# Uncomment to use fingerprints in the TURN messages.
# By default the fingerprints are off.
#
# 取消在TURN消息中使用指紋。
# 默認狀況下,指紋是關閉的。
#
#fingerprint

# Uncomment to use long-term credential mechanism.
# By default no credentials mechanism is used (any user allowed).
# This option can be used with either flat file user database or
# PostgreSQL DB or MySQL DB or Redis DB for user keys storage.
#
# 取消使用長期證書機制。
# 默認狀況下不使用憑證機制(容許任何用戶)。
# 這個選項可能使用用戶數據文件或PostgreSQL或MySQL或Redis來存儲用戶密鑰。
#
#lt-cred-mech
lt-cred-mech

# Uncomment to use short-term credential mechanism.
# By default no credentials mechanism is used (any user allowed).
# For short-term credential mechanism you have to use PostgreSQL or
# MySQL or Redis database for user password storage.
#
# 取消使用短時間證書機制。
# 默認狀況下不使用憑證機制(容許任何用戶)。
# 短時間證書機制必須使用PostgreSQL或MySQL或Redis數據庫來存儲用戶密碼。
#
#st-cred-mech

# This option is opposite to lt-cred-mech or st-cred-mech.
# (TURN Server with no-auth option allows anonymous access).
# If neither option is defined, and no users are defined,
# then no-auth is default. If at least one user is defined,
# in this file or in command line or in usersdb file, then
# lt-cred-mech is default.
#
# 這個選項是lt-cred-mech或st-cred-mech相反。
# (TURN服務器no-auth選項容許匿名訪問)。
# 若是沒有選項定義,沒有用戶定義,那麼no-auth默認。
# 若是至少定義有一個用戶,在這個文件中或在命令行或usersdb文件,
# 那麼lt-cred-mech默認。
#
#no-auth

# TURN REST API flag.
# Flag that sets a special authorization option that is based upon authentication secret.
# This feature can be used with the long-term authentication mechanism, only.
# This feature purpose is to support "TURN Server REST API", see
# "TURN REST API" link in the project's page
# http://code.google.com/p/rfc5766-turn-server/.
# This option is used with timestamp:
# usercombo -> "timestamp:userid"
# turn user -> usercombo
# turn password -> base64(hmac(secret key, usercombo))
# This allows TURN credentials to be accounted for a specific user id.
# If you don't have a suitable id, the timestamp alone can be used.
# This option is just turning on secret-based authentication.
# The actual value of the secret is defined either by option static-auth-secret,
# or can be found in the turn_secret table in the database (see below).
#
# TURN REST API標誌。
# 標誌是設置一個特殊的受權選項,是基於身份驗證的私密。
# 這個功能能夠用於長期驗證機制。
# 這個功能的目的是支持"TURN Server REST API",看到"TURN Server REST API"項目的頁面的連接
# http://code.google.com/p/rfc5766-turn-server/。
# 這個選項是使用時間戳:
# usercombo -> "timestamp:userid"
# turn user -> usercombo
# turn password -> base64(hmac(secret key, usercombo))
# 這容許TURN憑證佔用一個特定的用戶id。
# 若是你沒有一個合適的id,可使用單獨的時間戳。
# 這個選項只是打開基於私密的身份驗證。
# 實際值定義的私密就是經過選擇static-auth-secret,或能夠在數據庫中找到turn_secret表(見下文)。
#
#use-auth-secret

# 'Static' authentication secret value (a string) for TURN REST API only.
# If not set, then the turn server
# will try to use the 'dynamic' value in turn_secret table
# in user database (if present). The database-stored  value can be changed on-the-fly
# by a separate program, so this is why that other mode is 'dynamic'.
#
# TURN REST API的'Static'身份驗證的私密值(字符串)
# 若是沒有設置，那麼turn服務器將嘗試使用'dynamic'值在用戶數據庫的turn_secret表(若是存在)。
# 數據庫存儲的值能夠隨時改變，經過單獨的程序，因此這就是'dynamic'模式。
#
#static-auth-secret     

# 'Static' user accounts for long term credentials mechanism, only.
# This option cannot be used with TURN REST API or with short-term credentials
# mechanism.
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
# so that they can NOT be changed while the turnserver is running.
#
# 'Static'用戶長期佔憑證機制。
# 這個選項不能用於TURN REST API或短時間憑證機制。
# 'Static'用戶賬戶不是turnserver程序動態檢查,因此他們不能改變在turnserver運行時。
#
#user=username1:key1
#user=username2:key2
# OR:
#user=username1:password1
#user=username2:password2
#
# Keys must be generated by turnadmin utility. The key value depends
# on user name, realm, and password:
#
# 鑰匙必須由turnadmin實用程序生成。鍵值取決於用戶名稱、領域和密碼:
#
# Example:
# 例子,使用如下命令:
#
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
#
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
# 輸出是: 0xbc807ee29df3c9ffa736523fb2c4e8ee
#
# ('0x' in the beginning of the key is what differentiates the key from
# password. If it has 0x then it is a key, otherwise it is a password).
# ('0x'開始的關鍵是區分從密碼的關鍵。若是它有0x,那麼它是一個關鍵,不然這是一個密碼)。
#
# The corresponding user account entry in the config file will be:
# 相應的配置文件中的用戶賬戶條目將:
#
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
# Or, equivalently, with open clear password (less secure):
#或者是這樣，明文密碼(不安全的):
#user=ninefingers:youhavetoberealistic
#
user=<yourname:yourpsw>

# 'Dynamic' user accounts database file name.
# Only users for long-term mechanism can be stored in a flat file,
# short-term mechanism will not work with option, the short-term
# mechanism required PostgreSQL or MySQL or Redis database.
# 'Dynamic' long-term user accounts are dynamically checked by the turnserver process,
# so that they can be changed while the turnserver is running.
# Default file name is turnuserdb.conf.
#
# 'Dynamic'用戶賬戶數據庫文件名。
# 只有用戶長期機制能夠存儲在一個文件,短時間機制不會處理選項,短時間機制須要PostgreSQL或MySQL或
# Redis數據庫。
# 'Dynamic'的長期用戶賬戶在turnserver程序中動態檢查的,這樣他們能夠改變的在turnserver運行時。
# 默認文件名是turnuserdb.conf.
#
#userdb=/usr/local/etc/turnuserdb.conf
userdb=/etc/turnuserdb.conf

# PostgreSQL database connection string in the case that we are using PostgreSQL
# as the user database.
# This database can be used for long-term and short-term credential mechanisms
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
# versions connection string format, see
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
# for 9.x and newer connection string formats.
#
# PostgreSQL數據庫鏈接字符串,使用PostgreSQL做爲用戶數據庫。
# 該數據庫可用於長期和短時間證書機制,它能夠存儲的私密值，爲基於私密身份驗證的在TURN RESP API中。
# 8.x PostgreSQL版本請參見http://www.postgresql.org/docs/8.4/static/libpq-connect.html的鏈接字符串
# 格式,9.x和更新的請參閱http://www.postgresql.org/docs/9.2/static/libpq-connect.html LIBPQ-CONNSTRING
# 的鏈接字符串格式。
#
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"

# MySQL database connection string in the case that we are using MySQL
# as the user database.
# This database can be used for long-term and short-term credential mechanisms
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# Use string format as below (space separated parameters, all optional):
#
# MySQL數據庫鏈接字符串,使用MySQL做爲用戶數據庫。
# 該數據庫可用於長期和短時間證書機制,它能夠存儲的私密值，爲基於私密身份驗證的在TURN RESP API中。
# 使用字符串格式以下(空間分離參數,全部可選):
#
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"

# Redis database connection string in the case that we are using Redis
# as the user database.
# This database can be used for long-term and short-term credential mechanisms
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
# Use string format as below (space separated parameters, all optional):
#
# Redis數據庫鏈接字符串,使用Redis做爲用戶數據庫。
# 該數據庫可用於長期和短時間證書機制,它能夠存儲的私密值，爲基於私密身份驗證的在TURN RESP API中。
# 使用字符串格式以下(空間分離參數,全部可選):
#
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"

# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
# This database keeps allocations status information, and it can be also used for publishing
# and delivering traffic and allocation event notifications.
# The connection string has the same parameters as redis-userdb connection string.
# Use string format as below (space separated parameters, all optional):
#
# Redis狀態和統計數據庫鏈接字符串,若是使用(默認空,沒有Redis統計數據庫使用)。
# 這個數據庫保持分配狀態信息,它也能夠用於發佈和交付傳輸和分配事件通知。
# 鏈接字符串有相同的參數做爲redis-userdb鏈接字符串。
# 使用字符串格式以下(空間分離參數,全部可選):
#
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"

# Realm for long-term credentials mechanism and for TURN REST API.
#
# TURN REST API的長期憑證機制範圍。
#
#realm=mycompany.org

# Per-user allocation quota.
# default value is 0 (no quota, unlimited number of sessions per user).
#
# 每一個用戶分配配額。
# 默認值爲0(沒有配額,每一個用戶無限數量的會話)。
#
#user-quota=0

# Total allocation quota.
# default value is 0 (no quota).
#
# 總分配配額。
# 默認值爲0(無配額)。
#
#total-quota=0

# Max bytes-per-second bandwidth a TURN session is allowed to handle
# (input and output network streams are treated separately). Anything above
# that limit will be dropped or temporary suppressed (within
# the available buffer limits).
#
# TURN會話容許最大的傳輸佔用帶寬(輸入和輸出網絡流分別處理)。
# 高於限制將被刪除或暫時抑制(在可用的緩衝區範圍內)。
#
#max-bps=0
max-bps=1024

# Uncomment if no UDP client listener is desired.
# By default UDP client listener is always started.
#
# 若是沒有UDP客戶端監聽器須要取消。
# 默認狀況下UDP客戶端監聽器老是啓動。
#
#no-udp

# Uncomment if no TCP client listener is desired.
# By default TCP client listener is always started.
#
# 若是沒有TCPP客戶端監聽器須要取消。
# 默認狀況下TCPP客戶端監聽器老是啓動。
#
#no-tcp

# Uncomment if no TLS client listener is desired.
# By default TLS client listener is always started.
#
# 若是沒有TLS客戶端監聽器須要取消。
# 默認狀況下TLS客戶端監聽器老是啓動。
#
#no-tls

# Uncomment if no DTLS client listener is desired.
# By default DTLS client listener is always started.
#
# 若是沒有DTLS客戶端監聽器須要取消。
# 默認狀況下DTLS客戶端監聽器老是啓動。
#
#no-dtls

# Uncomment if no UDP relay endpoints are allowed.
# By default UDP relay endpoints are enabled (like in RFC 5766).
#
# 若是不容許UDP中繼端點須要取消。
# 默認狀況下啓用UDP繼電器端點(如在RFC 5766)。
#
#no-udp-relay

# Uncomment if no TCP relay endpoints are allowed.
# By default TCP relay endpoints are enabled (like in RFC 6062).
#
# 若是不容許TCP中繼端點須要取消。
# 默認狀況下啓用TCP繼電器端點(如在RFC 5766)。
#
#no-tcp-relay

# Uncomment if extra security is desired,
# with nonce value having limited lifetime (600 secs).
# By default, the nonce value is unique for a session,
# but it has unlimited lifetime. With this option,
# the nonce lifetime is limited to 600 seconds, after that
# the client will get 438 error and will have to re-authenticate itself.
#
# 取消若是須要額外的安全,現時已有有限的生命週期(600秒)。
# 默認狀況下,一個會話的惟一臨界值,但它通常擁有無限的生命週期。這個選項,臨界值
# 僅限於600秒,以後,客戶端將獲得438錯誤,將不得不從新認證。
#
#stale-nonce

# Certificate file.
# Use an absolute path or path relative to the
# configuration file.
#
# 證書文件。
# 使用絕對路徑或路徑相對於配置文件。
#
#cert=/usr/local/etc/turn_server_cert.pem

# Private key file.
# Use an absolute path or path relative to the
# configuration file.
# Use PEM file format.
#
# 私鑰文件。
# 使用絕對路徑或路徑相對於配置文件。使用PEM文件格式。
#
#pkey=/usr/local/etc/turn_server_pkey.pem

# Private key file password, if it is in encoded format.
# This option has no default value.
#
# 私有密鑰文件密碼,若是是在編碼格式。
# 這個選項沒有默認值。
#
#pkey-pwd=...

# Allowed OpenSSL cipher list for TLS/DTLS connections.
# Default value is "DEFAULT".
#
# 容許OpenSSL的密碼列表爲TLS/DTLS鏈接。
# 默認值是"DEFAULT"
#
#cipher-list="DEFAULT"

# CA file in OpenSSL format.
# Forces TURN server to verify the client SSL certificates.
# By default it is not set: there is no default value and the client
# certificate is not checked.
#
# 在OpenSSL格式的CA文件。
# 強制TURN服務器驗證客戶端SSL證書。
# 默認狀況下它沒有設置:沒有默認值,不檢查的客戶端證書。
#
# Example:
#CA-file=/etc/ssh/id_rsa.cert

# Curve name for EC ciphers, if supported by OpenSSL library (TLS and DTLS).
# The default value is prime256v1.
#
# 曲線名稱的EC密碼,若是由OpenSSL庫支持(TLS和DTLS)。
# 默認值是prime256v1。
#
#ec-curve-name=prime256v1

# Use 566 bits predefined DH TLS key. Default size of the key is 1066.
#
# 使用566位預約義DH TLS鍵。默認鍵大小是1066
#
#dh566

# Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
#
# 使用2066位預約義DH TLS鍵。默認鍵大小是1066
#
#dh2066

# Use custom DH TLS key, stored in PEM format in the file.
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
#
# 使用慣例的DH TLS鍵，使用PEM格式存儲在文件裏
# 當DH鍵從文件里加載，將忽略標誌--dh566和--dh2066
#
#dh-file=<DH-PEM-file-name>

# Flag to prevent stdout log messages.
# By default, all log messages are going to both stdout and to
# the configured log file. With this option everything will be
# going to the configured log only (unless the log file itself is stdout).
#
# 標誌防止輸出日誌信息
# 默認狀況下,全部日誌消息將輸出到配置的日誌文件。採用這一選項都將只配置日誌
# (除非日誌文件自己是輸出的)。
#
#no-stdout-log

# Option to set the log file name.
# By default, the turnserver tries to open a log file in
# /var/log, /var/tmp, /tmp and current directories directories
# (which open operation succeeds first that file will be used).
# With this option you can set the definite log file name.
# The special names are "stdout" and "-" - they will force everything
# to the stdout. Also, the "syslog" name will force everything to
# the system log (syslog).
# In the runtime, the logfile can be reset with the SIGHUP signal
# to the turnserver process.
#
# 設置日誌文件
# 默認狀況下,turnserver嘗試一個日誌文件在/var/log,/var/tmp,/tmp和
# 當前目錄(那個文件先打開成功,文件將被使用)。
# 採用這一選項能夠設置明確的日誌文件名。
# 特殊的名字是"stdout"和"-"——他們將強制全部的輸出。同時,"syslog"名稱將強制全部的系統日誌(syslog)。
# 在運行時,日誌文件能夠重置經過SIGHUP信號在turnserver程序中。
#
#log-file=/var/tmp/turn.log

# Option to redirect all log output into system log (syslog).
#
# 選擇重定向全部日誌輸出到系統日誌(syslog)。
#
#syslog

# This flag means that no log file rollover will be used, and the log file
# name will be constructed as-is, without PID and date appendage.
#
# 這個標誌意味着沒有日誌文件將使用翻轉,並按原樣將建立日誌文件名稱,沒有PID和日期的附加。
#
#simple-log

# Option to set the "redirection" mode. The value of this option
# will be the address of the alternate server for UDP & TCP service in form of
# <ip>[:<port>]. The server will send this value in the attribute
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
# Client will receive only values with the same address family
# as the client network endpoint address family.
# See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
# The client must use the obtained value for subsequent TURN communications.
# If more than one --alternate-server options are provided, then the functionality
# can be more accurately described as "load-balancing" than a mere "redirection".
# If the port number is omitted, then the default port
# number 3478 for the UDP/TCP protocols will be used.
# Colon ( characters in IPv6 addresses may conflict with the syntax of
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
# in square brackets in such resource identifiers, for example:
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
# Multiple alternate servers can be set. They will be used in the
# round-robin manner. All servers in the pool are considered of equal weight and
# the load will be distributed equally. For example, if we have 4 alternate servers,
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
# address can be used more than one time with the alternate-server option, so this
# can emulate "weighting" of the servers.
#
# 選項設置"redirection"模式。這個選項的值將備用服務器的地址UDP和TCP服務形式的<ip>[:<port>]。
# 服務器將發送這個值屬性ALTERNATE-SERVER,錯誤300,在ALLOCATE請求,客戶端。
# 客戶端將只接收和本身相同的地址族的客戶端的值。查看RFC 5389和RFC 5766爲ALTERNATE-SERVER的功能描述。
# 客戶端必須使用得到的值爲隨後的TURN通訊。若是不止一個——alternate-server選項提供,那麼功能能夠更準確
# 地描述爲"load-balancing",而不只僅是一個"redirection"。若是端口號省略,那麼爲UDP/TCP協議，使用默認端
# 口號是3478。冒號(在IPv6地址字符可能與選項的語法衝突。緩解這種衝突,文字IPv6地址包含在方括號在這種
# 資源標識符,例如[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 。
# 能夠設置多個備用服務器。他們將用於循環的方式。全部服務器池中被認爲是平等的重量和載荷將平均分配的原則。
# 例如,若是咱們有4個備用服務器,每一個服務器將得到25%的分配請求。備用TURN服務器地址可使用超過一次
# alternate-server選項,因此這能夠效仿的"weighting"服務器。
#
# Examples:
#alternate-server=1.2.3.4:5678
#alternate-server=11.22.33.44:56789
#alternate-server=5.6.7.8
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
              
# Option to set alternative server for TLS & DTLS services in form of
# <ip>:<port>. If the port number is omitted, then the default port
# number 5349 for the TLS/DTLS protocols will be used. See the previous
# option for the functionality description.
#
# 選項設置替代服務器TLS和DTLS服務形式的<ip>:<port>。
# 若是省略的端口號,那麼默認端口號5349將使用TLS/DTLS協議。看到前面選擇的功能描述。
#
# Examples:
#tls-alternate-server=1.2.3.4:5678
#tls-alternate-server=11.22.33.44:56789
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478

# Option to suppress TURN functionality, only STUN requests will be processed.
# Run as STUN server only, all TURN requests will be ignored.
# By default, this option is NOT set.
#
# 選擇抑制TURN功能,只有STUN的請求將被處理。
# 做爲STUN服務器,全部TURN請求將被忽略。
# 默認狀況下,沒有設置這個選項。
#
#stun-only

# Option to suppress STUN functionality, only TURN requests will be processed.
# Run as TURN server only, all STUN requests will be ignored.
# By default, this option is NOT set.
#
# 選擇抑制STUN功能,只有TURN的請求將被處理。
# 做爲TURN服務器,全部STUN請求將被忽略。
# 默認狀況下,沒有設置這個選項。
#
#no-stun

# This is the timestamp/username separator symbol (character) in TURN REST API.
# The default value is ':'.
#
# 這是時間戳/用戶名分離器符號(字符)在TURN REST API。
# 默認是使用':'
#
# rest-api-separator=:    

# Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
# This is an extra security measure.
#
# 標記用於不接受的端在環回地址(127.x.x.x 和 ::1)。
# 這是一個額外的安全措施。
#
#no-loopback-peers

# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
# This is an extra security measure.
#
# 標記用於不接受的端在廣播地址(224.0.0.0和以上的，和FFXX:*)。
# 這是一個額外的安全措施。
#
#no-multicast-peers

# Option to set the max time, in seconds, allowed for full allocation establishment.
# Default is 60 seconds.
#
# 選項設置的最大時間,以秒爲單位,容許完整的分配。
# 默認60秒
#
#max-allocate-timeout=60

# Option to allow or ban specific ip addresses or ranges of ip addresses.
# If an ip address is specified as both allowed and denied, then the ip address is
# considered to be allowed. This is useful when you wish to ban a range of ip
# addresses, except for a few specific ips within that range.
# This can be used when you do not want users of the turn server to be able to access
# machines reachable by the turn server, but would otherwise be unreachable from the
# internet (e.g. when the turn server is sitting behind a NAT)
#
# 選擇容許或禁止特定的ip地址或ip地址範圍。
# 若是指定一個ip地址容許和拒絕,那麼ip地址被認爲是容許的。這是有用的,當你但願禁止一個範
# 圍的ip地址,除了一些特定的ip範圍內。
# 這可使用當你不但願turn服務器的用戶可以訪問機器經過turn服務器,但多是另外一方面從互聯
# 網上不能到達(例如,當turn服務器是在一個NAT後)
#
# Examples:
# denied-peer-ip=83.166.64.0-83.166.95.255
# allowed-peer-ip=83.166.68.45

# File name to store the pid of the process.
# Default is /var/run/turnserver.pid (if superuser account is used) or
# /var/tmp/turnserver.pid .
#
# 存儲進程pid的文件名。
# 默認是/var/run/turnserver.pid(超級用戶使用)或者是/var/tmp/turnserver.pid
#
#pidfile="/var/run/turnserver.pid"
pidfile="/var/tmp/turnserver.pid"

# Require authentication of the STUN Binding request.
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
#
# 須要STUN綁定請求的身份驗證。
# 默認狀況下,客戶容許匿名訪問STUN綁定功能。
#
#secure-stun

# Require SHA256 digest function to be used for the message integrity.
# By default, the server uses SHA1 (as per TURN standard specs).
# With this option, the server
# always requires the stronger SHA256 function. The client application
# must support SHA256 hash function if this option is used. If the server obtains
# a message from the client with a weaker (SHA1) hash function then the
# server returns error code 426.
#
# 須要SHA256採摘功能用於消息的完整性。
# 默認狀況下,服務器使用SHA1(按標準規格)。
# 採用這一選項,服務器老是須要更強的SHA256功能。客戶端應用程序必須支持SHA256散列函數
# 若是使用這個選項。若是服務器得到消息從客戶端較弱(SHA1)散列函數那麼服務器返回錯誤代碼426。
#
#sha256

# Mobility with ICE (MICE) specs support.
#
# 移動的ICE(MICE)的規範支持。
#
#mobility

# User name to run the process. After the initialization, the turnserver process
# will make an attempt to change the current user ID to that user.
#
# 用戶名運行程序。初始化後,turnserver程序將試圖改變當前用戶的用戶ID。
#
#proc-user=<user-name>

# Group name to run the process. After the initialization, the turnserver process
# will make an attempt to change the current group ID to that group.
#
# 組名運行程序。初始化後,turnserver程序將試圖改變當前組的組ID。
#
#proc-group=<group-name>

# Turn OFF the CLI support.
# By default it is always ON.
# See also options cli-ip and cli-port.
#
# 關掉CLI的支持。
# 默認狀況下它老是ON。
# 參閱選項cli-ip和cli-port。
#
#no-cli

#Local system IP address to be used for CLI server endpoint. Default value
# is 127.0.0.1.
#
# 本地系統的IP地址將用於CLI服務器端點。默認值是127.0.0.1。
#
#cli-ip=127.0.0.1

# CLI server port. Default is 5766.
#
# CLI服務器端口。默認是5766。
#
#cli-port=5766

# CLI access password. Default is empty (no password).
#
# CLI訪問密碼。默認是空的(沒有密碼)。
#
#cli-password=logen

# Server relay. NON-STANDARD AND DANGEROUS OPTION.
# Only for those applications when we want to run
# server applications on the relay endpoints.
# This option eliminates the IP permissions check on
# the packets incoming to the relay endpoints.
#
# 中繼服務器。NON-STANDARD和DANGEROUS的選擇。
# 只對這些應用程序時,咱們想在中繼服務器上運行服務器應用程序端點。
# 這個選項能夠消除IP權限檢查傳遞的數據包傳入的端點。
#
#server-relay

# Maximum number of output sessions in ps CLI command.
# This value can be changed on-the-fly in CLI. The default value is 256.
#
# 最大數量的輸出會議在ps CLI命令。
# 這個值能夠動態改變在CLI。默認值是256。
#
#cli-max-output-sessions

# Set network engine type for the process (for internal purposes).
#
# 設置網絡引擎類型(用於內部目的)的過程。
#
#ne=[1|2|3]

# Do not allow an SSL/TLS version of protocol
#
# 不容許一個SSL/TLS版本的協議
#
#no-sslv2
#no-sslv3
#no-tlsv1
#no-tlsv1_1
#no-tlsv1_2