Coturn is a turn and stun server that can be used for e.g.: VoIP. It allows you to create a connection between clients that are behind a NAT or in different networks.
Data can then be sent through this created connection by your "turn" server.
Coturn can also be used with "NextCloud" or "Matrix server".
Download and compile "coturn"
Go to the folder "/usr/local/":
cd /usr/local
Download the latest release (Recommended)
https://github.com/coturn/coturn/releases
Alternative: You can instead also create "coturn" from the development version, if you want to test the software.
git clone https://github.com/coturn/coturn.git
Extract the "coturn" folder (if you did download "coturn" release as a zip file).
Please go to your "coturn" folder and compile the application.
cd coturn
./configure
make && make install
Please create a folder for the log files
mkdir /var/log/turn
Configure the file "/etc/turnserver.conf"
You can use the turnserver.conf config file, that is available in your downloaded github repository folder ("coturn/examples/etc").
This tutorial however uses a customized config file turnserver.conf, which can be download from this Github repository:
https://github.com/a-dridi/Linux_config-files/blob/master/turnserver/turnserver.conf
vim /etc/turnserver.conf
Edit the settings and adjust the important settings section to your server environment.
Please define also a "static-auth-secret" which is the password to access the turn server and it can be used for e.g. by Matrix server.
Configure your turnserver through the file "/etc/turnserver.conf"
A template version (turnserver.conf.default) is available in the folder where your installation folder is.
An example configuration:
listening-port=3478
tls-listening-port=5349
proc-user=turnserver
proc-group=turnserver
use-auth-secret
static-auth-secret=MY_PASSWORD_SECRET
realm=matrix.myserver.tld
#for debugging:
#verbose
fingerprint
# special case the turn server itself so that client->TURN->TURN->client flows work
allowed-peer-ip=10.0.0.1
#Security
#to avoid risk of DoS
# 200 Simultaneous relayed calls
total-quota=200
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
#Relay Ports: Opened Port range in accord with UFW Firewall
min-port=49152
max-port=49157
cert=/etc/turnserver-ssl/fullchain.pem
pkey=/etc/turnserver-ssl/privkey.pem
# Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
# This is an extra security measure.
#
no-loopback-peers
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
# This is an extra security measure.
#
no-multicast-peers
Activate "coturn"
vim /etc/default/coturn
TURNSERVER_ENABLED=1
Please also setup a "coturn" service
vim /etc/systemd/system/coturn.service
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
Type=forking
User=turnserver
Group=turnserver
RuntimeDirectory=turnserver
RuntimeDirectoryMode=0750
EnvironmentFile=/etc/default/coturn
PIDFile=/run/turnserver/turnserver.pid
ExecStart=/usr/local/coturn/bin/turnserver --daemon --pidfile /run/turnserver/turnserver.pid --syslog -c /etc/turnserver.conf $EXTRA_OPTIONS
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=1000000
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target
Now enable the created service
systemctl enable coturn
Create the user "turnserver" for this program
useradd -d /usr/local/coturn/bin/turnserver -s /bin/false turnserver
chown turnserver:turnserver -R /usr/local/coturn
Restart "coturn"
service coturn restart
Now you can use the "coturn" server. You can access it through the defined ports and public server ip. In this example it is the port "3478".
Coturn
https://github.com/coturn/coturn