From b9a18cf73d070a5bf3ceaf9207bdd39752a25dc9 Mon Sep 17 00:00:00 2001
From: afeiszli <alex.feiszli@gmail.com>
Date: Tue, 13 Jun 2023 15:53:24 -0400
Subject: [PATCH 1/2] remove stun

---
 compose/docker-compose.yml             |   2 +-
 docker/Caddyfile                       |   6 -
 docker/Caddyfile-EE                    |   6 -
 main.go                                |   4 -
 scripts/nm-certs.sh                    |   1 -
 scripts/nm-upgrade-0-17-1-to-0-19-0.sh |   1 -
 stun-server/stun-server.go             | 154 -------------------------
 7 files changed, 1 insertion(+), 173 deletions(-)
 delete mode 100644 stun-server/stun-server.go

diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
index 505f4c343..9d6ade696 100644
--- a/compose/docker-compose.yml
+++ b/compose/docker-compose.yml
@@ -12,7 +12,7 @@ services:
       - sqldata:/root/data
     environment:
       # config-dependant vars
-      - STUN_LIST=stun.${NM_DOMAIN}:${STUN_PORT},stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
+      - STUN_LIST=stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
       # The domain/host IP indicating the mq broker address
       - BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
       # The base domain of netmaker
diff --git a/docker/Caddyfile b/docker/Caddyfile
index 8fb768770..8fb74138a 100644
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@@ -26,12 +26,6 @@ https://api.{$NM_DOMAIN} {
 	reverse_proxy http://netmaker:8081
 }
 
-# STUN
-https://stun.{$NM_DOMAIN} {
-	tls /root/certs/fullchain.pem /root/certs/privkey.pem
-	reverse_proxy netmaker:3478
-}
-
 # TURN
 https://turn.{$NM_DOMAIN} {
 	tls /root/certs/fullchain.pem /root/certs/privkey.pem
diff --git a/docker/Caddyfile-EE b/docker/Caddyfile-EE
index ddc5a727a..2b874debc 100644
--- a/docker/Caddyfile-EE
+++ b/docker/Caddyfile-EE
@@ -44,12 +44,6 @@ https://api.{$NM_DOMAIN} {
 	reverse_proxy http://netmaker:8081
 }
 
-# STUN
-https://stun.{$NM_DOMAIN} {
-	tls /root/certs/fullchain.pem /root/certs/privkey.pem
-	reverse_proxy netmaker:3478
-}
-
 # TURN
 https://turn.{$NM_DOMAIN} {
 	tls /root/certs/fullchain.pem /root/certs/privkey.pem
diff --git a/main.go b/main.go
index d63b13a9a..3729c8dd2 100644
--- a/main.go
+++ b/main.go
@@ -26,7 +26,6 @@ import (
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/servercfg"
 	"github.com/gravitl/netmaker/serverctl"
-	stunserver "github.com/gravitl/netmaker/stun-server"
 	"golang.org/x/exp/slog"
 )
 
@@ -147,9 +146,6 @@ func startControllers(wg *sync.WaitGroup, ctx context.Context) {
 		logger.Log(0, "No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.")
 	}
 
-	// starts the stun server
-	wg.Add(1)
-	go stunserver.Start(wg, ctx)
 }
 
 // Should we be using a context vice a waitgroup????????????
diff --git a/scripts/nm-certs.sh b/scripts/nm-certs.sh
index 09e05c685..3ba541af4 100755
--- a/scripts/nm-certs.sh
+++ b/scripts/nm-certs.sh
@@ -31,7 +31,6 @@ CERTBOT_PARAMS=$(cat <<EOF
 certonly --standalone \
 	--non-interactive --agree-tos \
 	-m $NM_EMAIL \
-	-d stun.$NM_DOMAIN \
 	-d api.$NM_DOMAIN \
 	-d broker.$NM_DOMAIN \
 	-d dashboard.$NM_DOMAIN \
diff --git a/scripts/nm-upgrade-0-17-1-to-0-19-0.sh b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh
index 5b0058291..3df9fca97 100644
--- a/scripts/nm-upgrade-0-17-1-to-0-19-0.sh
+++ b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh
@@ -259,7 +259,6 @@ collect_server_settings() {
     esac
   done
 
-  STUN_DOMAIN="stun.$SERVER_NAME"
   TURN_DOMAIN="turn.$SERVER_NAME"
   TURNAPI_DOMAIN="turnapi.$SERVER_NAME"
   echo "-----------------------------------------------------"
diff --git a/stun-server/stun-server.go b/stun-server/stun-server.go
deleted file mode 100644
index 9bc22b14c..000000000
--- a/stun-server/stun-server.go
+++ /dev/null
@@ -1,154 +0,0 @@
-package stunserver
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"strings"
-	"sync"
-
-	"github.com/gravitl/netmaker/logger"
-	"github.com/gravitl/netmaker/servercfg"
-	"github.com/pkg/errors"
-	"gortc.io/stun"
-)
-
-// Server is RFC 5389 basic server implementation.
-//
-// Current implementation is UDP only and not utilizes FINGERPRINT mechanism,
-// nor ALTERNATE-SERVER, nor credentials mechanisms. It does not support
-// backwards compatibility with RFC 3489.
-type Server struct {
-	Addr string
-}
-
-var (
-	software          = stun.NewSoftware("netmaker-stun")
-	errNotSTUNMessage = errors.New("not stun message")
-)
-
-func basicProcess(addr net.Addr, b []byte, req, res *stun.Message) error {
-	if !stun.IsMessage(b) {
-		return errNotSTUNMessage
-	}
-	if _, err := req.Write(b); err != nil {
-		return errors.Wrap(err, "failed to read message")
-	}
-	var (
-		ip   net.IP
-		port int
-	)
-	switch a := addr.(type) {
-	case *net.UDPAddr:
-		ip = a.IP
-		port = a.Port
-	default:
-		panic(fmt.Sprintf("unknown addr: %v", addr))
-	}
-	return res.Build(req,
-		stun.BindingSuccess,
-		software,
-		&stun.XORMappedAddress{
-			IP:   ip,
-			Port: port,
-		},
-		stun.Fingerprint,
-	)
-}
-
-func (s *Server) serveConn(c net.PacketConn, res, req *stun.Message, ctx context.Context) error {
-	if c == nil {
-		return nil
-	}
-	go func(ctx context.Context) {
-		<-ctx.Done()
-		if c != nil {
-			// kill connection on server shutdown
-			c.Close()
-		}
-	}(ctx)
-
-	buf := make([]byte, 1024)
-	n, addr, err := c.ReadFrom(buf) // this be blocky af
-	if err != nil {
-		if !strings.Contains(err.Error(), "use of closed network connection") {
-			logger.Log(1, "STUN read error:", err.Error())
-		}
-		return nil
-	}
-
-	if _, err = req.Write(buf[:n]); err != nil {
-		logger.Log(1, "STUN write error:", err.Error())
-		return err
-	}
-	if err = basicProcess(addr, buf[:n], req, res); err != nil {
-		if err == errNotSTUNMessage {
-			return nil
-		}
-		logger.Log(1, "STUN process error:", err.Error())
-		return nil
-	}
-	_, err = c.WriteTo(res.Raw, addr)
-	if err != nil {
-		logger.Log(1, "STUN response write error", err.Error())
-	}
-	return err
-}
-
-// Serve reads packets from connections and responds to BINDING requests.
-func (s *Server) serve(c net.PacketConn, ctx context.Context) error {
-	var (
-		res = new(stun.Message)
-		req = new(stun.Message)
-	)
-	for {
-		select {
-		case <-ctx.Done():
-			logger.Log(0, "shut down STUN server")
-			return nil
-		default:
-			if err := s.serveConn(c, res, req, ctx); err != nil {
-				logger.Log(1, "serve: %v", err.Error())
-				continue
-			}
-			res.Reset()
-			req.Reset()
-		}
-	}
-}
-
-// listenUDPAndServe listens on laddr and process incoming packets.
-func listenUDPAndServe(ctx context.Context, serverNet, laddr string) error {
-	c, err := net.ListenPacket(serverNet, laddr)
-	if err != nil {
-		return err
-	}
-	s := &Server{
-		Addr: laddr,
-	}
-	return s.serve(c, ctx)
-}
-
-func normalize(address string) string {
-	if len(address) == 0 {
-		address = "0.0.0.0"
-	}
-	if !strings.Contains(address, ":") {
-		address = fmt.Sprintf("%s:%d", address, stun.DefaultPort)
-	}
-	return address
-}
-
-// Start - starts the stun server
-func Start(wg *sync.WaitGroup, ctx context.Context) {
-	defer wg.Done()
-	normalized := normalize(fmt.Sprintf("0.0.0.0:%d", servercfg.GetStunPort()))
-	logger.Log(0, "netmaker-stun listening on", normalized, "via udp")
-	if err := listenUDPAndServe(ctx, "udp", normalized); err != nil {
-		if strings.Contains(err.Error(), "closed network connection") {
-			logger.Log(0, "shutdown STUN server")
-		} else {
-			logger.Log(0, "server: ", err.Error())
-		}
-	}
-}

From 2db60040293894c487eaaef0c582f7be6cae477a Mon Sep 17 00:00:00 2001
From: Alex Feiszli <31018251+afeiszli@users.noreply.github.com>
Date: Wed, 28 Jun 2023 13:54:40 -0400
Subject: [PATCH 2/2] Update docker-compose.yml

remove stun port
---
 compose/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
index 9d6ade696..e7b5db1f5 100644
--- a/compose/docker-compose.yml
+++ b/compose/docker-compose.yml
@@ -26,8 +26,6 @@ services:
       - TURN_SERVER_HOST=turn.${NM_DOMAIN}
       # domain of the turn api server
       - TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN}
-    ports:
-      - "3478:3478/udp"
 
   netmaker-ui:
     container_name: netmaker-ui