# TURN server name and realm
realm=xyz.dyn-dns.org
server-name=xyz.dyn-dns.org

# IPs the TURN server listens to
listening-ip=0.0.0.0

# External IP-Address of the TURN server
external-ip=<externe IP>

# Main listening port
listening-port=3478

# Further ports that are open for communication
min-port=10000
max-port=20000

# Use fingerprint in TURN message
fingerprint

# Log file path
log-file=/var/log/turnserver.log

# Enable verbose logging
verbose

# Enable long-term credential mechanism
#lt-cred-mech # Only on coTURN below v4.5.0.8!

# SSL certificates
cert=/etc/letsencrypt/live/xyz.dyn-snd.org/cert.pem
pkey=/etc/letsencrypt/live/xyz.dyn-dns.org/privkey.pem

#dhparam generieren mit "openssl dhparam -out /etc/ssl/private/dhparam.pem 4096" (dauert auf 'nem Pi ewig)
dh-file=/etc/ssl/private/dhparam.pem
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"

# 443 for TURN over TLS, which can bypass firewalls
tls-listening-port=5349

use-auth-secret
static-auth-secret=<output von "openssl rand -hex 32">
total-quota=100
bps-capacity=0
stale-nonce=600
no-multicast-peers

no-tlsv1
no-tlsv1_1
no-stdout-log
syslog