WebRTC uses peer-to-peer networks to transfer data, however, if a direct connection between two PCs isn't possible then a turn server is required to start the connection.
TURN, which stands for Traversal Using Relays around NAT, is used to relay the traffic between partners even if they cannot connect straight. TURN is also vital for security reasons because you hide the client's actual address. Before starting the setup you will need a Linux server with a public IP Address
Coturn is an open-source STUN and TURN implementation that is community-driven, customizable, and free.
First, you will update your Operating System's repository versions to the latest version.
sudo apt-get update -y
Then install coturn via aptitude
sudo apt-get install coturn
If you want Coturn to autostart every time you turn on your server, you have to change the
sudo vi /etc/default/coturn
Locate the subsequent line and uncomment it to run Coturn as a programmed system service daemon.
You ought to be able to start the coturn service with the command.
sudo systemctl start coturn
Take a safe copy of your original configuration so you can always revert the changes.
mv /etc/turnserver.conf /etc/turnserver.conf.backup
Create a file in the same directory that will contain our configuration.
Add all the subsequent content to define your Coturn server realm and server name.
-The external IP key to define your server's IP address
-The listening IP key to specify which IP addresses the Coturn server should listen to (
0.0.0.0 tells the server to listen to all IP addresses).
-The port your server will listen on and the ports for further configuration.
-The folder for your logs and enabling the verbose logging mode.
-Enable authentication for your TURN server using the user and
# TURN server name and realm realm=DOMAIN server-name=turnserver # Use fingerprint in TURN message fingerprint # IPs the TURN server listens to listening-ip=0.0.0.0 # External IP-Address of the TURN server external-ip=IP_ADDRESS # Main listening port listening-port=3478 # Further ports that are open for communication min-port=10000 max-port=20000 # Log file path log-file=/var/log/turnserver.log # Enable verbose logging verbose # Specify the user for the TURN authentification user=test:test123 # Enable long-term credential mechanism lt-cred-mech # If running coturn version older than 4.5.2, uncomment these rules and ensure # that you have listening-ip set to ipv4 addresses only. # Prevent Loopback bypass https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p #denied-peer-ip=0.0.0.0-0.255.255.255 #denied-peer-ip=127.0.0.0-127.255.255.255 #denied-peer-ip=::1
Restart the Coturn server to apply the changes.
sudo service coturn restart
To use the turn server, add your TURN server information into the chat application configuration. The format will look like the following:
Also, make sure that you provide the username and password in the respective fields.
Great work, you now have set up and secured your TURN server and are ready to use it in your applications.