# STUN/TURN services (insecure STUN + secure authenticated STUN/TURN)
#
#  * TURN_IP must be the public IP of the listening port
#  * TURN relay requires authentication
#  * _tls proto (in DNS below) is nonstandard but maybe used in the wild
#  * stuns service (in DNS below) is legacy but maybe used in the wild
#
# Sample DNS entries:
#  @            IN NAPTR 10  0 "s" "RELAY:turn.tls" "" stun
#  stun         IN A     192.0.2.1
#  _stun._udp   IN SRV    0  0 3478 stun
#  _stun._tcp   IN SRV    0  0 3478 stun
#  _stuns._tcp  IN SRV    0  0 5349 stun
#  _stun._tls   IN SRV    0  0 5349 stun
#  _turns._tcp  IN SRV    0  0 5349 stun
#  _turn._tls   IN SRV    0  0 5349 stun
#
# Depends: erlang-p1-stun

listen:
  -
    port: 3478
    transport: udp
    module: ejabberd_stun
    use_turn: false
  -
    port: 3478
    module: ejabberd_stun
    use_turn: false
  -
    port: 5349
    module: ejabberd_stun
    tls: true
    certfile: 'CERT_PATH'
    auth_type: user
    turn_ip: 'TURN_IP'