How to use Coturn to Set up and Configure your own TURN Server

Set up and Configure your own TURN Server

We detailed to discuss how to Set Up and Configure Your Own TURN Server Using Coturn? WebRTC uses peer-to-peer connections to transport data, but what if a direct link between two PCs isn’t feasible because they aren’t on the same network or are having issues with NAT or a firewall?

 

TURN, stands for Traversal Using Relays around NAT, is a method of relaying communication between peers who cannot connect directly. TURN is also essential for security because it obscures the client’s valid address.

 

This post is about setting up your own TURN server with Coturn and securing it with a username and password. You’ll also discover how to add a domain to your TURN server and run it with Docker.

 

Prerequisites

 

You’ll need the following before you start this guide:

• A Linux server with a public IP address

• (Optional): Docker installation for a more easy TURN server construction procedure without the requirement to install Coturn on your server

• (Optional): A custom domain name

 

Step 1 – Installing Coturn

Coturn is a free, highly flexible, and community-supported open-source STUN and TURN implementation. In this part, you will install Coturn on your machine and enable it to run as an automatic system daemon. First, use the apt-get update command to update your operating system’s repository versions to the most recent version.

 

sudo apt-get update -y

 

Then run the following command to continue installing coturn.

 

sudo apt-get install coturn

 

If you want Coturn to start automatically when you turn on your server, you must edit the /etc/default/coturn file.

 

sudo nano /etc/default/coturn

 

Uncomment the following line to run Coturn as an automated system service daemon.

 

TURNSERVER_ENABLED=1

 

When you’re finished, save and exit the file. You should now use the following command to start the coturn service.

 

systemctl start coturn

 

Step 2 – Configuring Coturn

Now that Coturn is up and running, it’s time to make some fundamental adjustments, such as defining your external IP-Address and adding basic authentication. Before we start altering, it is best to make a backup of your original configuration so that you can quickly go back if something doesn’t work out.

 

mv /etc/turnserver.conf /etc/turnserver.conf.backup

 

The original config file, /etc/turnserver.conf, will be renamed /etc/turnserver.conf.backup with this command. Then, in the same place, we will make an empty file that will hold our configuration.

 

nano /etc/turnserver.conf

 

Add the blanks with the following information to define your Coturn server realm and server name. Change the placeholder values to suit your needs.

 

# TURN server name and realm

realm=<DOMAIN>

server-name=<SERVER_NAME>

 

Then, add the external-ip key to define your server’s IP-Address and the listening-ip key to describe which IP-Addresses the Coturn server should listen to (0.0.0.0 tells the server to listen to all IP-Addresses).

 

ALSO READ:  How to Fix Dwm.exe Causes High CPU Usage in Windows 10

# IPs the TURN server listens to

listening-ip=0.0.0.0

# External IP-Address of the TURN server

external-ip=IP_ADDRESS

 

Following that, you may define the port on which your server will listen and the ports for additional configuration.

 

# Main listening port

listening-port=3478

# Further ports that are open for communication

min-port=10000

max-port=20000

 

Then you may proceed by specifying a location for your logs and enabling the verbose logging mode.

 

# Use fingerprint in TURN message

fingerprint

# Log file path

log-file=/var/log/turnserver.log

# Enable verbose logging

verbose

 

Finally, using the user and lt-cred-mech keys, you may enable authentication for your TURN server.

 

Configuring Coturn

 

When you’re finished, save and exit your file. You may further tailor your configuration to your own requirements by altering the values of the provided keys or adding new ones. You can refer to the original configuration, which contains vital documentation for the most relevant settings. After you’ve finished configuring the Coturn server, restart it to make the changes take configuration.

 

sudo service coturn restart

 

Step 3 – Testing TURN server

The Trickle ICE may be used to evaluate the functionality of STUN and TURN servers. The tool tests your TURN server functionality by creating a peer connection with your TURN server information and then gathering candidates for the WebRTC session. Candidates will be shown in the text box below if they are gathered. Start by launching your browser and adding your TURN server information into the input field. The structure will be as follows:

 

turn:TURN_IP:TURN_PORT

 

Also, make sure you provide the username and password in the appropriate boxes.

 

Testing TURN server

 

After providing information about your TURN server and adding it to the list using the “Add server” button, you can proceed to perform the test by selecting the “Gather candidates” button.

ICE servers

The test results should now be presented at the bottom of the page in a format similar to this:

ICE option

 

Congratulations, you have now successfully configured and protected your TURN server, and it is ready for usage in your applications. However, more configuration choices are available, Such as adding a domain and safeguarding the server with SSL certificates, as discussed in the next section.

 

Instead of the standard deployment, you may alternatively use Docker to deploy Coturn. The docker deployment will make it more effortless to modify the version of your Coturn server and deploy it on different computers, regardless of the operating system.

 

Step 4 – Adding a Domain to the Coturn Server (Optional)

You may now connect to your TURN server using your public IP address, It’s time to link your domain to the TURN server and protect the connection using an SSL certificate from LetsEncrypt.

 

When you secure the server, you will also be able to access the TURN server from secure HTTPS sites, which would otherwise be impossible.

ALSO READ:  10 Best Market Research Software In 2020

 

Adding DNS Records for Your Domain

First, you’ll add DNS records that redirect your domain to the TURN server’s IP address.

You are now ready to continue after adding the DNS record and waiting the requisite time for the records to be located using DNS lookup.

 

Creating SSL Certificate

LetsEncrypts certbot may be used to efficiently produce free SSL certificates that renew themselves when they expire.

Certbot may be installed using the following commands:

 

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install certbot

After successfully installing certbot, run the following command to generate a certificate.

sudo certbot certonly –standalone –preferred-challenges http \

    –deploy-hook “systemctl restart coturn” \

    -d <YOUR_DOMAIN>

 

In this case, we request a solo certificate and instruct certbot to restart coturn whenever the certificate is renewed. It ensures that the TURN server’s certificate is always up to current, but it has the downside of interrupting any active TURN connections.

 

If you do not want this to happen, you can disable the certificate’s automatic renewal.

 

Adding the SSL certificate to your config

Now that you’ve created an SSL certificate, it’s time to add it to your configuration. You’ll need to add three parameters to do this:

 

# SSL certificates

cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem

pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem

# 443 for TURN over TLS, which can bypass firewalls

tls-listening-port=443

 

When paired with the prior configuration, these three settings should result in the following.

 

SSL certificate to config

 

Step 5 (Optional) – Running the TURN server using Docker

You may use the following command to run Coturn on Docker instead of installing it and maintaining it as a normal process.

 

docker run -d –network=host \

            -v $(pwd)/turnserver.conf:/etc/coturn/turnserver.conf \

        instrumentisto/coturn

 

You use a volume to give your config and run the official coturn docker image instrumentisto/coturn. The host network option ensures that the container networking is not separated from the host networking and hence does not receive its own IP-Address.

 

If you do not wish to use the network=host option, you may omit it and instead specify the used ports.

 

Another method is to define your Docker configuration within a docker-compose file, which allows you to run the same configuration many times.

 

version: ‘3’

services:

  coturn_server:

    image: coturn/coturn:4.5.2

    restart: always

    network_mode: “host”

    volumes:

      – ./turnserver.conf:/etc/coturn/turnserver.conf

 

If you do this, you can then start the application with the command below.

 

docker-compose up -d

 

You installed and set up Coturn on your Linux server and used the WebRTC Trickle ICE tool to see how it worked. If you want to learn more, consider joining my email list, so you never miss a post. Also, if you want to leave feedback or read my other posts, feel free to do so.

You May Also Like

Leave a Reply

Your email address will not be published.