From d932935dcf83b21b772cdab5db77bb63346fcc0a Mon Sep 17 00:00:00 2001
From: bvn13 <from.github@bvn13.me>
Date: Sat, 28 Feb 2026 09:40:15 +0300
Subject: [PATCH] fix coturn command variable escaping in docker-compose.yml

Use $$ instead of $ so Docker Compose does not interpolate TURN_SECRET
and SNIKKET_DOMAIN from the host environment. The container shell
expands them at runtime from env_file, which is both correct and avoids
exposing secret values in docker inspect output.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 server/docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/docker-compose.yml b/server/docker-compose.yml
index 75bb728..0f2c649 100644
--- a/server/docker-compose.yml
+++ b/server/docker-compose.yml
@@ -74,12 +74,12 @@ services:
     command: >-
       turnserver
       --use-auth-secret
-      --static-auth-secret=$TURN_SECRET
-      --realm=$SNIKKET_DOMAIN
+      --static-auth-secret=$$TURN_SECRET
+      --realm=$$SNIKKET_DOMAIN
       --listening-port=3478
       --tls-listening-port=5349
-      --cert=/snikket/letsencrypt/live/$SNIKKET_DOMAIN/fullchain.pem
-      --pkey=/snikket/letsencrypt/live/$SNIKKET_DOMAIN/privkey.pem
+      --cert=/snikket/letsencrypt/live/$$SNIKKET_DOMAIN/fullchain.pem
+      --pkey=/snikket/letsencrypt/live/$$SNIKKET_DOMAIN/privkey.pem
       --min-port=49152
       --max-port=65535
       --fingerprint