coturn/man/man1/turnadmin.1

.\" Text automatically generated by txt2man
.TH TURN 1 "07 January 2021" "" ""
.SH GENERAL INFORMATION

\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
the user accounts (add/remove users, generate
TURN keys for the users). For security reasons, we do not recommend
storing passwords openly. The better option is to use pre\-processed "keys"
which are then used for authentication. These keys are generated by \fIturnadmin\fP.
Turnadmin is a link to \fIturnserver\fP binary, but \fIturnadmin\fP performs different
functions.
.PP
Options note: \fIturnadmin\fP has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:
.PP
The short form must be used as this (for example):
.PP
.nf
.fam C
  $ turnadmin \-u <username> \.\.\.

.fam T
.fi
The long form equivalent must use the "=" character:
.PP
.nf
.fam C
  $ turnadmin \-\-user=<username> \.\.\.

.fam T
.fi
If this is a flag option (no argument required) then their usage are the same, for example:
.PP
.nf
.fam C
 $ turnadmin \-k \.\.\.

.fam T
.fi
is equivalent to:
.PP
.nf
.fam C
 $ turnadmin \-\-key \.\.\.

.fam T
.fi
You have always the use the \fB\-r\fP <realm> option with commands for long term credentials \-
because data for multiple realms can be stored in the same database.
.PP
=====================================
.SS  NAME
\fB
\fBturnadmin \fP\- a TURN relay administration tool.
\fB
.SS  SYNOPSIS
.nf
.fam C

$ \fIturnadmin\fP [\fIcommand\fP] [\fIoptions\fP]

$ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]

.fam T
.fi
.fam T
.fi
.SS  DESCRIPTION

Commands:
.TP
.B
\fB\-P\fP, \fB\-\-generate\-encrypted\-password\fP
Generate and print to the standard
output an encrypted form of a password (for web admin user or CLI).
The value then can be used as a safe key for the password
storage on disk or in the database. Every invocation for the same password
produces a different result. The format of the encrypted password is:
$5$<\.\.\.salt\.\.\.>$<\.\.\.sha256(salt+password)\.\.\.>. Salt is 16 characters,
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
Only sha256 is supported as the hash function.
.TP
.B
\fB\-k\fP, \fB\-\-key\fP
Generate key for a long\-term credentials mechanism user.
.TP
.B
\fB\-a\fP, \fB\-\-add\fP
Add or update a long\-term user.
.TP
.B
\fB\-A\fP, \fB\-\-add\-admin\fP
Add or update an admin user.
.TP
.B
\fB\-d\fP, \fB\-\-delete\fP
Delete a long\-term user.
.TP
.B
\fB\-D\fP, \fB\-\-delete\-admin\fP
Delete an admin user.
.TP
.B
\fB\-l\fP, \fB\-\-list\fP
List long\-term users in the database.
.TP
.B
\fB\-L\fP, \fB\-\-list\-admin\fP
List admin users in the database.
.PP
\fB\-s\fP, \fB\-\-set\-secret\fP=<value> Add shared secret for TURN REST API
.TP
.B
\fB\-S\fP, \fB\-\-show\-secret\fP
Show stored shared secrets for TURN REST API
.PP
\fB\-X\fP, \fB\-\-delete\-secret\fP=<value> Delete a shared secret.
.RS
.TP
.B
\fB\-\-delete\-all_secrets\fP
Delete all shared secrets for REST API.
.RE
.TP
.B
\fB\-O\fP, \fB\-\-add\-origin\fP
Add origin\-to\-realm relation.
.TP
.B
\fB\-R\fP, \fB\-\-del\-origin\fP
Delete origin\-to\-realm relation.
.TP
.B
\fB\-I\fP, \fB\-\-list\-origins\fP
List origin\-to\-realm relations.
.TP
.B
\fB\-g\fP, \fB\-\-set\-realm\-option\fP
Set realm params: max\-bps, total\-quota, user\-quota.
.TP
.B
\fB\-G\fP, \fB\-\-list\-realm\fP\-\fIoptions\fP
List realm params.
.TP
.B
\fB\-E\fP, \fB\-\-generate\-encrypted\-password\-aes\fP
Generate and print to the standard output
an encrypted form of password with AES\-128
.PP
Options with required values:
.TP
.B
\fB\-b\fP, \fB\-\-db\fP, \fB\-\-userdb\fP
SQLite user database file name (default \- /var/db/turndb or
/usr/local/var/db/turndb or /var/lib/turn/turndb).
See the same option in the \fIturnserver\fP section.
.TP
.B
\fB\-e\fP, \fB\-\-psql\-userdb\fP
PostgreSQL user database connection string.
See the \fB\-\-psql\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-M\fP, \fB\-\-mysql\-userdb\fP
MySQL user database connection string.
See the \fB\-\-mysql\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-J\fP, \fB\-\-mongo\-userdb\fP
MongoDB user database connection string.
See the \fB\-\-mysql\-mongo\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-N\fP, \fB\-\-redis\-userdb\fP
Redis user database connection string.
See the \fB\-\-redis\-userdb\fP option in the \fIturnserver\fP section.
.TP
.B
\fB\-u\fP, \fB\-\-user\fP
User name.
.TP
.B
\fB\-r\fP, \fB\-\-realm\fP
Realm.
.TP
.B
\fB\-p\fP, \fB\-\-password\fP
Password.
.TP
.B
\fB\-x\fP, \fB\-\-key\-path\fP
Generates a 128 bit key into the given path.
.TP
.B
\fB\-f\fP, \fB\-\-file\-key\-path\fP
Contains a 128 bit key in the given path.
.TP
.B
\fB\-v\fP, \fB\-\-verify\fP
Verify a given base64 encrypted type password.
.TP
.B
\fB\-o\fP, \fB\-\-origin\fP
Origin
.TP
.B
\fB\-\-max\-bps\fP
Set value of realm's max\-bps parameter.
.TP
.B
\fB\-\-total\-quota\fP
Set value of realm's total\-quota parameter.
.TP
.B
\fB\-\-user\-quota\fP
Set value of realm's user\-quota parameter.
.TP
.B
\fB\-h\fP, \fB\-\-help\fP
Help.
.PP
Command examples:
.PP
Generate an encrypted form of a password:
.PP
$ \fIturnadmin\fP \fB\-P\fP \fB\-p\fP <password>
.PP
Generate a key:
.PP
$ \fIturnadmin\fP \fB\-k\fP \fB\-u\fP <username> \fB\-r\fP <realm> \fB\-p\fP <password>
.PP
Add/update a user in the in the database:
.PP
$ \fIturnadmin\fP \fB\-a\fP [\fB\-b\fP <userdb\-file> | \fB\-e\fP <db\-connection\-string> | \fB\-M\fP <db\-connection\-string> | \fB\-N\fP <db\-connection\-string> ] \fB\-u\fP <username> \fB\-r\fP <realm> \fB\-p\fP <password>
.PP
Delete a user from the database:
.PP
$ \fIturnadmin\fP \fB\-d\fP [\fB\-b\fP <userdb\-file> | \fB\-e\fP <db\-connection\-string> | \fB\-M\fP <db\-connection\-string> | \fB\-N\fP <db\-connection\-string> ] \fB\-u\fP <username> \fB\-r\fP <realm>
.PP
List all long\-term users in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-l\fP \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
List all admin users in Redis database:
.PP
$ \fIturnadmin\fP \fB\-L\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>"
.PP
Set secret in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-s\fP <secret> \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
Show secret stored in PostgreSQL database:
.PP
$ \fIturnadmin\fP \fB\-S\fP \fB\-\-psql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm>
.PP
Set origin\-to\-realm relation in MySQL database:
.PP
$ \fIturnadmin\fP \fB\-\-mysql\-userdb\fP="<db\-connection\-string>" \fB\-r\fP <realm> \fB\-o\fP <origin>
.PP
Delete origin\-to\-realm relation from Redis DB:
.PP
$ \fIturnadmin\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>" \fB\-o\fP <origin>
.PP
List all origin\-to\-realm relations in Redis DB:
.PP
$ \fIturnadmin\fP \fB\-\-redis\-userdb\fP="<db\-connection\-string>" \fB\-I\fP
.PP
List the origin\-to\-realm relations in PostgreSQL DB for a single realm:
.PP
$ \fIturnadmin\fP \fB\-\-psql\-userdb\fP="<db\-connection\-string>" \fB\-I\fP \fB\-r\fP <realm>
.PP
Create new key file for mysql password encryption:
.PP
$ \fIturnadmin\fP \fB\-E\fP \fB\-\-key\-path\fP <key\-file>
.PP
Create encrypted mysql password:
.PP
$ \fIturnadmin\fP \fB\-E\fP \fB\-\-file\-key\-path\fP <key\-file> \fB\-p\fP <secret>
.PP
Verify/decrypt encrypted password:
.PP
$ \fIturnadmin\fP \fB\-\-file\-key\-path\fP <key\-file> \fB\-v\fP <encrypted>
.RE
.PP

.RS
Help:
.PP
$ \fIturnadmin\fP \fB\-h\fP
.PP
=======================================
.SS  DOCS

After installation, run the \fIcommand\fP:
.PP
$ man \fIturnadmin\fP
.PP
or in the project root directory:
.PP
$ man \fB\-M\fP man \fIturnadmin\fP
.PP
to see the man page.
.PP
=====================================
.SS  FILES

/etc/turnserver.conf
.PP
/var/db/turndb
.PP
/usr/local/var/db/turndb
.PP
/var/lib/turn/turndb
.PP
/usr/local/etc/turnserver.conf
.PP
=====================================
.SS  DIRECTORIES

/usr/local/share/\fIturnserver\fP
.PP
/usr/local/share/doc/\fIturnserver\fP
.PP
/usr/local/share/examples/\fIturnserver\fP
.PP
======================================
.SS  SEE ALSO

\fIturnserver\fP, \fIturnutils\fP
.RE
.PP
======================================
.SS  WEB RESOURCES

project page:
.PP
https://github.com/coturn/coturn/
.PP
Wiki page:
.PP
https://github.com/coturn/coturn/wiki
.PP
forum:
.PP
https://groups.google.com/forum/?fromgroups=#!forum/turn\-server\-project\-rfc5766\-turn\-server/
.RE
.PP
======================================
.SS  AUTHORS

Oleg Moskalenko <[email protected]>
.PP
Gabor Kovesdan http://kovesdan.org/
.PP
Daniel Pocock http://danielpocock.com/
.PP
John Selbie ([email protected])
.PP
Lee Sylvester <[email protected]>
.PP
Erik Johnston <[email protected]>
.PP
Roman Lisagor <[email protected]>
.PP
Vladimir Tsanev <[email protected]>
.PP
Po\-sheng Lin <[email protected]>
.PP
Peter Dunkley <[email protected]>
.PP
Mutsutoshi Yoshimoto <[email protected]>
.PP
Federico Pinna <[email protected]>
.PP
Bradley T. Hughes <[email protected]>
.PP
Mihály Mészáros <[email protected]>
.SS  ACTIVE MAINTAINERS

Mihály Mészáros <[email protected]>