jyapayne/kaboot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add turn server

Browse source
This commit is contained in:
Joey Yakimowich-Payne 2026-01-19 11:13:13 -07:00
commit d38aeb2f44
No known key found for this signature in database
GPG key ID: DDF6AF5B21B407D4
6 changed files with 163 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

85
scripts/setup-prod.sh
View file

@ -37,6 +37,7 @@ print_header
KABOOT_DOMAIN=""
AUTH_DOMAIN=""
GEMINI_API_KEY=""
TURN_IP=""
while [[ $# -gt 0 ]]; do
case $1 in
@ -52,6 +53,10 @@ while [[ $# -gt 0 ]]; do
GEMINI_API_KEY="$2"
shift 2
;;
--turn-ip)
TURN_IP="$2"
shift 2
;;
--help|-h)
echo "Usage: $0 [OPTIONS]"
echo ""
@ -59,6 +64,7 @@ while [[ $# -gt 0 ]]; do
echo " --domain DOMAIN Main application domain (e.g., kaboot.example.com)"
echo " --auth-domain DOMAIN Authentication domain (e.g., auth.example.com)"
echo " --gemini-key KEY Gemini API key for system AI (optional)"
echo " --turn-ip IP Public IP for TURN server (required for cross-network play)"
echo " --help, -h Show this help message"
echo ""
echo "If options are not provided, you will be prompted for them."
@ -116,6 +122,17 @@ if [ -z "$GEMINI_API_KEY" ]; then
read -p "Enter Gemini API key (or press Enter to skip): " GEMINI_API_KEY
fi
echo ""
echo -e "${BOLD}TURN Server Configuration (Cross-Network Play)${NC}"
echo "────────────────────────────────────────────────────────────"
echo "A TURN server is required for players on different networks"
echo "(behind NAT/firewalls) to connect to each other."
echo ""
if [ -z "$TURN_IP" ]; then
read -p "Enter your server's public IP for TURN (or press Enter to skip): " TURN_IP
fi
echo ""
print_step "Generating secrets..."
@ -124,6 +141,7 @@ AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n' | tr -d '/')
AUTHENTIK_BOOTSTRAP_PASSWORD=$(openssl rand -base64 24 | tr -d '\n' | tr -d '/')
AUTHENTIK_BOOTSTRAP_TOKEN=$(openssl rand -hex 32)
ENCRYPTION_KEY=$(openssl rand -base64 36 | tr -d '\n' | tr -d '/')
TURN_PASSWORD=$(openssl rand -base64 24 | tr -d '\n' | tr -d '/' | tr -d '+')
print_success "Secrets generated"
@ -162,6 +180,11 @@ LOG_REQUESTS=true
# System AI (optional - server-side quiz generation)
GEMINI_API_KEY=${GEMINI_API_KEY}
# TURN Server (for cross-network multiplayer)
VITE_TURN_URL=${TURN_IP:+turn:${TURN_IP}:3478}
VITE_TURN_USERNAME=${TURN_IP:+kaboot}
VITE_TURN_CREDENTIAL=${TURN_IP:+${TURN_PASSWORD}}
EOF
print_success "Created .env"
@ -216,6 +239,32 @@ EOF
print_success "Created Caddyfile"
if [ -n "$TURN_IP" ]; then
print_step "Creating turnserver.conf..."
cat > turnserver.conf << EOF
# Coturn TURN Server Configuration
# Generated by setup-prod.sh on $(date)
listening-port=3478
tls-listening-port=5349
external-ip=${TURN_IP}
realm=${KABOOT_DOMAIN}
lt-cred-mech
user=kaboot:${TURN_PASSWORD}
fingerprint
no-multicast-peers
no-cli
log-file=/var/log/turnserver.log
total-quota=100
stale-nonce=600
min-port=49152
max-port=65535
EOF
print_success "Created turnserver.conf"
fi
print_step "Creating production Authentik blueprint..."
BLUEPRINT_DIR="authentik/blueprints"
@ -241,6 +290,12 @@ else
print_warning "No Gemini API key provided - users must configure their own"
fi
if [ -n "$TURN_IP" ]; then
print_success "TURN server configured for cross-network play"
else
print_warning "No TURN IP provided - cross-network play may not work"
fi
echo ""
echo -e "${GREEN}${BOLD}════════════════════════════════════════════════════════════${NC}"
echo -e "${GREEN}${BOLD} Setup Complete!${NC}"
@ -255,6 +310,11 @@ if [ -n "$GEMINI_API_KEY" ]; then
else
echo -e " System AI: ${YELLOW}Disabled (users need own API key)${NC}"
fi
if [ -n "$TURN_IP" ]; then
echo -e " TURN Server: ${GREEN}${TURN_IP}:3478${NC}"
else
echo -e " TURN Server: ${YELLOW}Not configured${NC}"
fi
echo ""
echo -e "${BOLD}Authentik Admin${NC}"
echo "────────────────────────────────────────────────────────────"
@ -268,6 +328,9 @@ echo -e "${BOLD}Files Created${NC}"
echo "────────────────────────────────────────────────────────────"
echo " .env - Environment variables"
echo " Caddyfile - Reverse proxy config"
if [ -n "$TURN_IP" ]; then
echo " turnserver.conf - TURN server config"
fi
echo " authentik/blueprints/kaboot-setup-production.yaml"
echo ""
echo -e "${BOLD}Next Steps${NC}"
@ -277,6 +340,23 @@ echo " 1. Ensure DNS records point to this server:"
echo -e " ${KABOOT_DOMAIN}${BLUE}<your-server-ip>${NC}"
echo -e " ${AUTH_DOMAIN}${BLUE}<your-server-ip>${NC}"
echo ""
if [ -n "$TURN_IP" ]; then
echo " 2. Open firewall ports for TURN server:"
echo -e " ${YELLOW}sudo ufw allow 3478/tcp && sudo ufw allow 3478/udp${NC}"
echo -e " ${YELLOW}sudo ufw allow 5349/tcp && sudo ufw allow 49152:65535/udp${NC}"
echo ""
echo " 3. Start the TURN server:"
echo -e " ${YELLOW}docker compose -f docker-compose.turn.yml up -d${NC}"
echo ""
echo " 4. Start the production stack:"
echo -e " ${YELLOW}docker compose -f docker-compose.prod.yml -f docker-compose.caddy.yml up -d${NC}"
echo ""
echo " 5. Wait for services to start (~60 seconds for Authentik)"
echo ""
echo " 6. Verify all services are running:"
echo -e " ${YELLOW}docker compose -f docker-compose.prod.yml -f docker-compose.caddy.yml ps${NC}"
echo -e " ${YELLOW}docker compose -f docker-compose.turn.yml ps${NC}"
else
echo " 2. Start the production stack:"
echo -e " ${YELLOW}docker compose -f docker-compose.prod.yml -f docker-compose.caddy.yml up -d${NC}"
echo ""
@ -284,10 +364,11 @@ echo " 3. Wait for services to start (~60 seconds for Authentik)"
echo ""
echo " 4. Verify all services are running:"
echo -e " ${YELLOW}docker compose -f docker-compose.prod.yml -f docker-compose.caddy.yml ps${NC}"
fi
echo ""
echo " 5. Check Authentik blueprint was applied:"
echo " Check Authentik blueprint was applied:"
echo -e " ${YELLOW}docker compose -f docker-compose.prod.yml logs authentik-server | grep -i blueprint${NC}"
echo ""
echo " 6. Access your app at:"
echo " Access your app at:"
echo -e " ${BLUE}https://${KABOOT_DOMAIN}${NC}"
echo ""