Coturn is a turn and stun server that can be used for e.g.: VoIP. It allows you to create a connection between clients that are behind a NAT or in different networks.
Data can then be sent through this created connection by your "turn" server.
Coturn can also be used with "NextCloud" or "Matrix server".
Download and compile "coturn"
Go to the folder "/usr/local/":
Download the latest release (Recommended)
Alternative: You can instead also create "coturn" from the development version, if you want to test the software.
git clone https://github.com/coturn/coturn.git
Extract the "coturn" folder (if you did download "coturn" release as a zip file).
Please go to your "coturn" folder and compile the application.
make && make install
Please create a folder for the log files
Configure the file "/etc/turnserver.conf"
You can use the turnserver.conf config file, that is available in your downloaded github repository folder ("coturn/examples/etc").
This tutorial however uses a customized config file turnserver.conf, which can be download from this Github repository:
Edit the settings and adjust the important settings section to your server environment.
Please define also a "static-auth-secret" which is the password to access the turn server and it can be used for e.g. by Matrix server.
Configure your turnserver through the file "/etc/turnserver.conf"
A template version (turnserver.conf.default) is available in the folder where your installation folder is.
An example configuration:
listening-port=3478 tls-listening-port=5349 proc-user=turnserver proc-group=turnserver use-auth-secret static-auth-secret=MY_PASSWORD_SECRET realm=matrix.myserver.tld #for debugging: #verbose fingerprint # special case the turn server itself so that client->TURN->TURN->client flows work allowed-peer-ip=10.0.0.1 #Security #to avoid risk of DoS # 200 Simultaneous relayed calls total-quota=200 # consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS. user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user. #Relay Ports: Opened Port range in accord with UFW Firewall min-port=49152 max-port=49157 cert=/etc/turnserver-ssl/fullchain.pem pkey=/etc/turnserver-ssl/privkey.pem # Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1). # This is an extra security measure. # no-loopback-peers # Flag that can be used to disallow peers on well-known broadcast addresses (220.127.116.11 and above, and FFXX:*). # This is an extra security measure. # no-multicast-peers
Please also setup a "coturn" service
[Unit] Description=coturn Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) After=syslog.target network.target [Service] Type=forking User=turnserver Group=turnserver RuntimeDirectory=turnserver RuntimeDirectoryMode=0750 EnvironmentFile=/etc/default/coturn PIDFile=/run/turnserver/turnserver.pid ExecStart=/usr/local/coturn/bin/turnserver --daemon --pidfile /run/turnserver/turnserver.pid --syslog -c /etc/turnserver.conf $EXTRA_OPTIONS Restart=on-abort LimitCORE=infinity LimitNOFILE=1000000 LimitNPROC=60000 LimitRTPRIO=infinity LimitRTTIME=7000000 CPUSchedulingPolicy=other UMask=0007 [Install] WantedBy=multi-user.target
Now enable the created service
systemctl enable coturn
Create the user "turnserver" for this program
useradd -d /usr/local/coturn/bin/turnserver -s /bin/false turnserver chown turnserver:turnserver -R /usr/local/coturn
service coturn restart
Now you can use the "coturn" server. You can access it through the defined ports and public server ip. In this example it is the port "3478".