We detailed to discuss how to Set Up and Configure Your Own TURN Server Using Coturn? WebRTC uses peer-to-peer connections to transport data, but what if a direct link between two PCs isn’t feasible because they aren’t on the same network or are having issues with NAT or a firewall?
TURN, stands for Traversal Using Relays around NAT, is a method of relaying communication between peers who cannot connect directly. TURN is also essential for security because it obscures the client’s valid address.
This post is about setting up your own TURN server with Coturn and securing it with a username and password. You’ll also discover how to add a domain to your TURN server and run it with Docker.
Prerequisites
You’ll need the following before you start this guide:
• A Linux server with a public IP address
• (Optional): Docker installation for a more easy TURN server construction procedure without the requirement to install Coturn on your server
• (Optional): A custom domain name
Step 1 – Installing Coturn
Coturn is a free, highly flexible, and community-supported open-source STUN and TURN implementation. In this part, you will install Coturn on your machine and enable it to run as an automatic system daemon. First, use the apt-get update command to update your operating system’s repository versions to the most recent version.
sudo apt-get update -y
Then run the following command to continue installing coturn.
sudo apt-get install coturn
If you want Coturn to start automatically when you turn on your server, you must edit the /etc/default/coturn file.
sudo nano /etc/default/coturn
Uncomment the following line to run Coturn as an automated system service daemon.
TURNSERVER_ENABLED=1
When you’re finished, save and exit the file. You should now use the following command to start the coturn service.
systemctl start coturn
Step 2 – Configuring Coturn
Now that Coturn is up and running, it’s time to make some fundamental adjustments, such as defining your external IP-Address and adding basic authentication. Before we start altering, it is best to make a backup of your original configuration so that you can quickly go back if something doesn’t work out.
mv /etc/turnserver.conf /etc/turnserver.conf.backup
The original config file, /etc/turnserver.conf, will be renamed /etc/turnserver.conf.backup with this command. Then, in the same place, we will make an empty file that will hold our configuration.
nano /etc/turnserver.conf
Add the blanks with the following information to define your Coturn server realm and server name. Change the placeholder values to suit your needs.
# TURN server name and realm
realm=<DOMAIN>
server-name=<SERVER_NAME>
Then, add the external-ip key to define your server’s IP-Address and the listening-ip key to describe which IP-Addresses the Coturn server should listen to (0.0.0.0 tells the server to listen to all IP-Addresses).
# IPs the TURN server listens to
listening-ip=0.0.0.0
# External IP-Address of the TURN server
external-ip=IP_ADDRESS
Following that, you may define the port on which your server will listen and the ports for additional configuration.
# Main listening port
listening-port=3478
# Further ports that are open for communication
min-port=10000
max-port=20000
Then you may proceed by specifying a location for your logs and enabling the verbose logging mode.
# Use fingerprint in TURN message
fingerprint
# Log file path
log-file=/var/log/turnserver.log
# Enable verbose logging
verbose
Finally, using the user and lt-cred-mech keys, you may enable authentication for your TURN server.
When you’re finished, save and exit your file. You may further tailor your configuration to your own requirements by altering the values of the provided keys or adding new ones. You can refer to the original configuration, which contains vital documentation for the most relevant settings. After you’ve finished configuring the Coturn server, restart it to make the changes take configuration.
sudo service coturn restart
Step 3 – Testing TURN server
The Trickle ICE may be used to evaluate the functionality of STUN and TURN servers. The tool tests your TURN server functionality by creating a peer connection with your TURN server information and then gathering candidates for the WebRTC session. Candidates will be shown in the text box below if they are gathered. Start by launching your browser and adding your TURN server information into the input field. The structure will be as follows:
turn:TURN_IP:TURN_PORT
Also, make sure you provide the username and password in the appropriate boxes.
After providing information about your TURN server and adding it to the list using the “Add server” button, you can proceed to perform the test by selecting the “Gather candidates” button.
The test results should now be presented at the bottom of the page in a format similar to this:
Congratulations, you have now successfully configured and protected your TURN server, and it is ready for usage in your applications. However, more configuration choices are available, Such as adding a domain and safeguarding the server with SSL certificates, as discussed in the next section.
Instead of the standard deployment, you may alternatively use Docker to deploy Coturn. The docker deployment will make it more effortless to modify the version of your Coturn server and deploy it on different computers, regardless of the operating system.
Step 4 – Adding a Domain to the Coturn Server (Optional)
You may now connect to your TURN server using your public IP address, It’s time to link your domain to the TURN server and protect the connection using an SSL certificate from LetsEncrypt.
When you secure the server, you will also be able to access the TURN server from secure HTTPS sites, which would otherwise be impossible.
Adding DNS Records for Your Domain
First, you’ll add DNS records that redirect your domain to the TURN server’s IP address.
You are now ready to continue after adding the DNS record and waiting the requisite time for the records to be located using DNS lookup.
Creating SSL Certificate
LetsEncrypts certbot may be used to efficiently produce free SSL certificates that renew themselves when they expire.
Certbot may be installed using the following commands:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
After successfully installing certbot, run the following command to generate a certificate.
sudo certbot certonly –standalone –preferred-challenges http \
–deploy-hook “systemctl restart coturn” \
-d <YOUR_DOMAIN>
In this case, we request a solo certificate and instruct certbot to restart coturn whenever the certificate is renewed. It ensures that the TURN server’s certificate is always up to current, but it has the downside of interrupting any active TURN connections.
If you do not want this to happen, you can disable the certificate’s automatic renewal.
Adding the SSL certificate to your config
Now that you’ve created an SSL certificate, it’s time to add it to your configuration. You’ll need to add three parameters to do this:
# SSL certificates
cert=/etc/letsencrypt/live/<DOMAIN>/cert.pem
pkey=/etc/letsencrypt/live/<DOMAIN>/privkey.pem
# 443 for TURN over TLS, which can bypass firewalls
tls-listening-port=443
When paired with the prior configuration, these three settings should result in the following.
Step 5 (Optional) – Running the TURN server using Docker
You may use the following command to run Coturn on Docker instead of installing it and maintaining it as a normal process.
docker run -d –network=host \
-v $(pwd)/turnserver.conf:/etc/coturn/turnserver.conf \
instrumentisto/coturn
You use a volume to give your config and run the official coturn docker image instrumentisto/coturn. The host network option ensures that the container networking is not separated from the host networking and hence does not receive its own IP-Address.
If you do not wish to use the network=host option, you may omit it and instead specify the used ports.
Another method is to define your Docker configuration within a docker-compose file, which allows you to run the same configuration many times.
version: ‘3’
services:
coturn_server:
image: coturn/coturn:4.5.2
restart: always
network_mode: “host”
volumes:
– ./turnserver.conf:/etc/coturn/turnserver.conf
If you do this, you can then start the application with the command below.
docker-compose up -d
You installed and set up Coturn on your Linux server and used the WebRTC Trickle ICE tool to see how it worked. If you want to learn more, consider joining my email list, so you never miss a post. Also, if you want to leave feedback or read my other posts, feel free to do so.