WebRTC uses peer-to-peer networks to transfer data, however, if a direct connection between two PCs isn't possible then a turn server is required to start the connection.
TURN, which stands for Traversal Using Relays around NAT, is used to relay the traffic between partners even if they cannot connect straight. TURN is also vital for security reasons because you hide the client's actual address. Before starting the setup you will need a Linux server with a public IP Address
Install Coturn
Coturn is an open-source STUN and TURN implementation that is community-driven, customizable, and free.
First, you will update your Operating System's repository versions to the latest version.
sudo apt-get update -y
Then install coturn via aptitude
sudo apt-get install coturn
If you want Coturn to autostart every time you turn on your server, you have to change the /etc/default/coturn file.
sudo vi /etc/default/coturn
Locate the subsequent line and uncomment it to run Coturn as a programmed system service daemon.
TURNSERVER_ENABLED=1
You ought to be able to start the coturn service with the command.
sudo systemctl start coturn
Configure Coturn
Take a safe copy of your original configuration so you can always revert the changes.
mv /etc/turnserver.conf /etc/turnserver.conf.backup
Create a file in the same directory that will contain our configuration.
touch /etc/turnserver.conf
Add all the subsequent content to define your Coturn server realm and server name.
-The external IP key to define your server's IP address
-The listening IP key to specify which IP addresses the Coturn server should listen to (0.0.0.0 tells the server to listen to all IP addresses).
-The port your server will listen on and the ports for further configuration.
-The folder for your logs and enabling the verbose logging mode.
-Enable authentication for your TURN server using the user and lt-cred-mech keys.
# TURN server name and realm
realm=DOMAIN
server-name=turnserver
# Use fingerprint in TURN message
fingerprint
# IPs the TURN server listens to
listening-ip=0.0.0.0
# External IP-Address of the TURN server
external-ip=IP_ADDRESS
# Main listening port
listening-port=3478
# Further ports that are open for communication
min-port=10000
max-port=20000
# Log file path
log-file=/var/log/turnserver.log
# Enable verbose logging
verbose
# Specify the user for the TURN authentification
user=test:test123
# Enable long-term credential mechanism
lt-cred-mech
# If running coturn version older than 4.5.2, uncomment these rules and ensure
# that you have listening-ip set to ipv4 addresses only.
# Prevent Loopback bypass https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
#denied-peer-ip=0.0.0.0-0.255.255.255
#denied-peer-ip=127.0.0.0-127.255.255.255
#denied-peer-ip=::1
Restart the Coturn server to apply the changes.
sudo service coturn restart
Test Coturn
To use the turn server, add your TURN server information into the chat application configuration. The format will look like the following:
turn:TURN_IP:TURN_PORT
Also, make sure that you provide the username and password in the respective fields.
Great work, you now have set up and secured your TURN server and are ready to use it in your applications.
Top comments (0)