Coturn

From DenshiWiki
Jump to navigation Jump to search

Coturn is a libre STUN and TURN server software that allows users of chat protcols (Such as XMPP and Matrix) to perform WebRTC voice and video calls despite them being behind NATs.

Almost every self-hosted voice and video conferencing program (such as Jitsi and Nextcloud's Talk app) will require Coturn or some other equivalent turnserver to function properly.

Tutorial Video[edit]

Prerequisites[edit]

  • Debian 10
  • A server with DMZ privileges or a VPS (Not behind an NAT)
  • Your own domain with an A DNS entry set to the public IPv4 address of your server
  • Basic UNIX knowledge

Installation[edit]

Coturn is available in the Debian repositories:

sudo apt install coturn

Configuration[edit]

Base configuration[edit]

Coturn's configuration file is /etc/turnserver.conf. There are a few aspects that need to be changed in order to get a fully-functioning turnserver.

Here is an example of some sane defaults:

server-name=turn.example.org
realm=turn.example.org
listening-ip=your_public_ip

listening-port=3478
min-port=10000
max-port=20000

## The "verbose" option is useful for debugging issues
verbose

Authentication[edit]

There are two options for authentication on a turnserver:

  1. Usernames and passwords,
  2. or authentication secrets.

Depending on what self-hosted service is being used in conjunction with Coturn, you may need one or the other of these two options.

Usernames and Passwords[edit]

To utilize username and password authentication with Coturn, add the following configuration in turnserver.conf:

lt-cred-mech
user=username:password

Authentication Secrets[edit]

To utilize authentication secrets with Coturn, add the following configuration in turnserver.conf:

use-auth-secret
static-auth-secret=your_auth_secret

TURNS (TLS Encryption)[edit]

Some self-hosted services (such as Matrix and XMPP) may support the use of TURNS: An encrypted version of TURN, which allows for WebRTC connections to be established with the use of an encrypted TLS tunnel, just like HTTPS allows for encrypted viewing of websites.

To utilize TURNS, certificates need to be declared for turn.example.org in turnserver.conf:

cert=/etc/certs/turn.example.org/fullchain.pem
pkey=/etc/certs/turn.example.org/privkey.pem

This is assuming that the certs are located in /etc/certs/DOMAIN and all owned by the turnserver user.

Starting Coturn[edit]

After all configuration changes are complete, Coturn can be started with its systemd daemon:

sudo systemctl restart coturn

Congratulations! You've successfully setup a Coturn server!