Apq
/
coturn
mirror of https://github.com/coturn/coturn.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248
							GENERAL INFORMATION

turnadmin is a TURN administration tool. This tool can be used to manage
the user accounts (add/remove users, generate
TURN keys for the users). For security reasons, we do not recommend
storing passwords openly. The better option is to use pre-processed "keys"
which are then used for authentication. These keys are generated by turnadmin.
Turnadmin is a link to turnserver binary, but turnadmin performs different
functions.

Options note: turnadmin has long and short option names, for most options.
Some options have only long form, some options have only short form. Their syntax
somewhat different, if an argument is required:

The short form must be used as this (for example):

  $ turnadmin -u <username> ...

The long form equivalent must use the "=" character:

  $ turnadmin --user=<username> ...

If this is a flag option (no argument required) then their usage are the same, for example:

 $ turnadmin -k ...

is equivalent to:

 $ turnadmin --key ...

You have always the use the -r <realm> option with commands for long term credentials -
because data for multiple realms can be stored in the same database.

=====================================

  NAME

turnadmin - a TURN relay administration tool.

  SYNOPSIS

$ turnadmin [command] [options]

$ turnadmin [ -h | --help]

  DESCRIPTION

Commands:

-P, --generate-encrypted-password	Generate and print to the standard
output an encrypted form of a password (for web admin user or CLI).
The value then can be used as a safe key for the password
storage on disk or in the database. Every invocation for the same password
produces a different result. The format of the encrypted password is:
$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters,
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256).
Only sha256 is supported as the hash function.

-k, --key		Generate key for a long-term credentials mechanism user.

-a, --add       	Add or update a long-term user.

-A, --add-admin    	Add or update an admin user.

-d, --delete		Delete a long-term user.

-D, --delete-admin		Delete an admin user.

-l, --list		List long-term users in the database.

-L, --list-admin		List admin users in the database.

-s, --set-secret=<value> Add shared secret for TURN REST API

-S, --show-secret	Show stored shared secrets for TURN REST API

-X, --delete-secret=<value> Delete a shared secret.
	--delete-all_secrets	Delete all shared secrets for REST API.

-O, --add-origin		Add origin-to-realm relation.

-R, --del-origin		Delete origin-to-realm relation.

-I, --list-origins		List origin-to-realm relations.

-g, --set-realm-option		Set realm params: max-bps, total-quota, user-quota.

-G, --list-realm-options	List realm params.
-E, --generate-encrypted-password-aes	Generate and print to the standard output
					an encrypted form of password with AES-128

Options with required values:

-b, --db, --userdb	SQLite user database file name (default - /var/db/turndb or
			/usr/local/var/db/turndb or /var/lib/turn/turndb).
			See the same option in the turnserver section.
-e, --psql-userdb	PostgreSQL user database connection string.
			See the --psql-userdb option in the turnserver section.
-M, --mysql-userdb	MySQL user database connection string.
			See the --mysql-userdb option in the turnserver section.
-J, --mongo-userdb	MongoDB user database connection string.
			See the --mysql-mongo option in the turnserver section.
-N, --redis-userdb	Redis user database connection string.
			See the --redis-userdb option in the turnserver section.
-u, --user		User name.
-r, --realm		Realm.
-p, --password		Password.
-x, --key-path		Generates a 128 bit key into the given path.
-f, --file-key-path	Contains a 128 bit key in the given path.
-v, --verify		Verify a given base64 encrypted type password.
-o, --origin		Origin
--max-bps		Set value of realm's max-bps parameter.
--total-quota	Set value of realm's total-quota parameter.
--user-quota	Set value of realm's user-quota parameter.
-h, --help		Help.

Command examples:

Generate an encrypted form of a password:

$ turnadmin -P -p <password>

Generate a key:

$ turnadmin -k -u <username> -r <realm> -p <password>

Add/update a user in the in the database:

$ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password>

Delete a user from the database:

$ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm>

List all long-term users in MySQL database:

$ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>

List all admin users in Redis database:

$ turnadmin -L --redis-userdb="<db-connection-string>"

Set secret in MySQL database:

$ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm>

Show secret stored in PostgreSQL database:

$ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>

Set origin-to-realm relation in MySQL database:

$ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin>

Delete origin-to-realm relation from Redis DB:

$ turnadmin --redis-userdb="<db-connection-string>" -o <origin>

List all origin-to-realm relations in Redis DB:

$ turnadmin --redis-userdb="<db-connection-string>" -I

List the origin-to-realm relations in PostgreSQL DB for a single realm:

$ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>

Create new key file for mysql password encryption:

$ turnadmin -E --key-path <key-file>

Create encrypted mysql password:

$ turnadmin -E --file-key-path <key-file> -p <secret>

Verify/decrypt encrypted password:

$ turnadmin --file-key-path <key-file> -v <encrypted>


Help:

$ turnadmin -h

=======================================

  DOCS

After installation, run the command:

$ man turnadmin

or in the project root directory:

$ man -M man turnadmin

to see the man page.

=====================================

  FILES

/etc/turnserver.conf

/var/db/turndb

/usr/local/var/db/turndb

/var/lib/turn/turndb

/usr/local/etc/turnserver.conf

=====================================

  DIRECTORIES

/usr/local/share/turnserver

/usr/local/share/doc/turnserver

/usr/local/share/examples/turnserver

======================================

  SEE ALSO

	turnserver, turnutils

======================================

  WEB RESOURCES

	project page:

	https://github.com/coturn/coturn/

	Wiki page:

	https://github.com/coturn/coturn/wiki

	forum:

	https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/

======================================

  AUTHORS

	See the AUTHORS.md file in the coturn source distribution.