- Debian 10
- A server with DMZ privileges or a VPS (Not behind an NAT)
- Your own domain with an A DNS entry set to the public IPv4 address of your server
- Basic UNIX knowledge
Coturn is available in the Debian repositories:
sudo apt install coturn
Coturn's configuration file is
/etc/turnserver.conf. There are a few aspects that need to be changed in order to get a fully-functioning turnserver.
Here is an example of some sane defaults:
server-name=turn.example.org realm=turn.example.org listening-ip=your_public_ip listening-port=3478 min-port=10000 max-port=20000 ## The "verbose" option is useful for debugging issues verbose
There are two options for authentication on a turnserver:
- Usernames and passwords,
- or authentication secrets.
Depending on what self-hosted service is being used in conjunction with Coturn, you may need one or the other of these two options.
Usernames and Passwords
To utilize username and password authentication with Coturn, add the following configuration in
To utilize authentication secrets with Coturn, add the following configuration in
TURNS (TLS Encryption)
Some self-hosted services (such as Matrix and XMPP) may support the use of TURNS: An encrypted version of TURN, which allows for WebRTC connections to be established with the use of an encrypted TLS tunnel, just like HTTPS allows for encrypted viewing of websites.
To utilize TURNS, certificates need to be declared for turn.example.org in
This is assuming that the certs are located in
/etc/certs/DOMAIN and all owned by the
After all configuration changes are complete, Coturn can be started with its systemd daemon:
sudo systemctl restart coturn
Congratulations! You've successfully setup a Coturn server!