LotusGuild/matrix
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

docs: mark coturn hardening applied, update action items

Browse Source 
- stale-nonce, user-quota, total-quota, cipher-list applied to /etc/turnserver.conf
- BBR noted as intentionally skipped (HA multi-host setup)
- Storj update and Synapse lag resolved

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-10 14:05:59 -04:00
parent a7d700d06e
commit 0ba095ba03
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -522,14 +522,13 @@ The coturn cert is managed by NPM (cert ID 91, stored at `/etc/letsencrypt/live/
Script compares cert expiry dates between LXC 139 and LXC 151. If they differ (NPM renewed), it copies `fullchain.pem` + `privkey.pem` and restarts coturn. Script compares cert expiry dates between LXC 139 and LXC 151. If they differ (NPM renewed), it copies `fullchain.pem` + `privkey.pem` and restarts coturn.
**Additional coturn hardening (while you're in there):** **Additional coturn hardening — ✅ Applied March 2026:**
``` ```
# /etc/turnserver.conf # /etc/turnserver.conf
stale_nonce=600 # Nonce expires 600s (prevents replay attacks) stale-nonce=600 # Nonce expires 600s (prevents replay attacks)
user-quota=100 # Max concurrent allocations per user user-quota=100 # Max concurrent relay allocations per user
total-quota=1000 # Total allocations on server total-quota=1000 # Total relay allocations server-wide
max-bps=1000000 # 1 Mbps per TURN session cipher-list=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305
cipher-list="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305"
``` ```
--- ---