fbpx Skip to main content

WebRTC: Turn & Stun with Coturn on Ubuntu

Overview

In WebRTC establishing a connection with another peer can seem complicated. Part of the process involves the local peer to find out their location on the web so they can send it to the other peer or peers to establish a connection. The Ice framework aids in this process by first going to the local network to find this out. If the peer is behind a complicated network though then this is when a stun or even turn server is required. The stun server further aids in location discovery and should cover the majority of cases. They are also widely available and you can even find some online. If in any case the peer can’t break through the network then a turn server will be required to relay the data. This, of course, is not available like stun is as there are costs involved for relaying the data. There are hosted solutions like Twilio and Xirsys you can use but If you are looking into a custom setup then there is another option called Coturn. Coturn is an open-source implementation of stun and turn and simplifies the process of getting your own server setup. In this article, I’m going to run you through the process of getting this set up on an Ubuntu Linux server.

Requirements

Okay, you’ll need a server with Ubuntu Linux installed. I tested this on an 18.04 LTS version on AWS but I think it should work on other versions as well. Let me know if it doesn’t and I’ll update this information here. Ideally, you want to run this on a sandbox machine or a server that you’re not actively using before moving it into production. Even then managing peers and relaying information can be resource-intensive so I recommend to keep it on its own machine. You should have some sense on navigating terminal or even the command prompt on windows. If not this might be a good opportunity for you to learn but you should run through some minor tutorials before you proceed.

Terminal Install

To start you’ll want to get access to the terminal within the Linux environment. If your server is remote you’ll most likely need to connect to it via SSH. If you have local access through a desktop version then there are several ways to access the terminal. Once you have that open and ready you are going to use the internal packaging system to update all packages on the server.

sudo apt-get -y update

With all packages updated you are going to go ahead and install Coturn.

sudo apt-get -y install coturn

With that Coturn should now be installed on the server. We’re not done yet though we still need to configure this thing.

Configuring

Next, you’ll want to edit the turnserver.conf.

sudo nano /etc/turnserver.conf

Clear out the settings or comment out the ones that are enabled and replace them with the following setup.

listening-port=3478

fingerprint
lt-cred-mech

user=<YOUR-USER>:<YOUR-PASSWORD>
realm=<yourdomain.com>

You’ll want to enter your information under user and realm. Realm could be any domain you have registered. For example, turn.joejustcodes.com, this is mainly used with the long term credential mechanism. User basically holds the credentials you will use to connect using the turn server.

You also have the option to create users to access the turn part of the server. Bandwidth on turn relays can get expensive so you definitely don’t want to leave that open for anyone to connect. You can use the turn admin for this which by default uses an SQ Lite database. 

turnadmin -k -u <YOUR-USER> -p <YOUR-PASSWORD> -r <yourdomain.com>

There is also an option to use other databases like MySQL or Mongo. Check out the settings for more information. In any case save the conf file and close it.

We then want to make sure Coturn can run in the background as a service and that it starts on system startup. To do this open the coturn file.

sudo nano /etc/default/coturn

You should only find one line in there. Make sure you take off the # symbol to uncomment the line. Save and close to return back. With that set up go ahead and start/restart the coturn service.

sudo service coturn restart

If you get an error that it wasn’t started then just use start instead.

We’re almost ready but we still need one last item. You’ll need to configure your firewall for access. I tend to use ufw only for its ease of use but if you need a more specific setup then go with ip tables. In this case, we’re going to open the necessary ports in order to be able to connect to the Coturn stun and turn servers. Note, if you don’t have it set up make sure you allow SSH (usually port 22) before you activate the firewall or you’ll lock yourself out if you are on a remote server. If you already use ufw then check the status command to check the ports and status of the firewall.

sudo ufw status

Go ahead and allow the listening ports the Coturn server requires to establish a connection.

sudo ufw allow 3478

If the firewall is inactive you’ll need to enable it. Again before you do this, if you haven’t done so, then allow ssh port 22 so you don’t lock yourself out. If you have then go ahead and activate.

sudo ufw enable

With this, the server should be set up to allow traffic to connect. Note, If you are on a remote server hosted by either Azure or AWS there are usually security policies attached to a server. You’ll need to configure these as well to allow traffic into the server on target ports or else you won’t get a connection.

Testing

To test the setup we’ll use trickle-ice. Go to the page and enter the server details. For turn make sure you enter the credentials you entered during setup. Run the test and it should respond with a done. If it gives you an unreachable error make sure to go through each step again. You’ll specifically want to check on issues with the firewall and security policies. If you got a successful connection then you are setup. There are still a ton of cool features the server offers. I encourage you to check out the wiki and fine-tune what you got setup. Hope this helps and I’ll catch you guys next time!