Tweaking coturn service, removing TCP and fixing TLS (enforcing >TLS1.2)

matrix/config/turnserver.conf

 
 # Do not allow an TLS/DTLS version of protocol
 #
-#no-tlsv1
-#no-tlsv1_1
-#no-tlsv1_2
+no-tlsv1
+no-tlsv1_1

matrix/coturn.service

+[Unit]
+Description=coTURN STUN/TURN Server
+Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
+After=network.target
+
+[Service]
+User=root
+Group=root
+Type=notify
+ExecStart=/usr/bin/turnserver -c /etc/turnserver.conf --pidfile=
+Restart=on-failure
+InaccessibleDirectories=/home
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target

matrix/install.sh

 ufw allow 8448/tcp
 
 # Coturn Ports
-ufw allow 3478/tcp
-ufw allow 5443/tcp
+ufw allow 3478/udp
+ufw allow 5443/udp
 ufw allow 49152:65535/udp
 
 # Enable firewall
 sed -i "s|EXTERNAL_IP|${EXTERNAL_IP}|g" /etc/turnserver.conf
 sed -i "s|STATIC_SECRET|${TURN_STATIC_SECRET}|g" /etc/turnserver.conf
 
+# Custom coturn SystemD service file to allow coturn access to Letsencrypt SSL certs
+cp "${BASE_DIR}/coturn.service" /lib/systemd/system/coturn.service
+systemctl daemon-reload
+
 # Add Docker's official GPG key
 echo -e "Install docker\n"