Install Coturn on Ubuntu

Coturn is an open source TURN and STUN server for VoIP and WebRTC.

Update the system and install Coturn

apt-get update && apt-get install coturn

Edit turnserver config

vi /etc/turnserver.conf

listening-port=3478
cli-port=5766
listening-ip=172.17.19.101

Create  a turn secret

• either
  xxd -ps -l 32 -c 32 /dev/random
• or
  openssl rand -hex 32

583bAAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDDDDDEEEEEEEEEEFFFFFFFFFF

Add it to TURN REST API flag section

# This allows TURN credentials to be accounted for a specific user id.
# If you don't have a suitable id, the timestamp alone can be used.
# This option is just turning on secret-based authentication.
# The actual value of the secret is defined either by option static-auth-secret,
# or can be found in the turn_secret table in the database (see below).
#
use-auth-secret

# 'Static' authentication secret value (a string) for TURN REST API only.
# If not set, then the turn server
# will try to use the 'dynamic' value in turn_secret table
# in user database (if present). The database-stored value can be changed on-the-fly
# by a separate program, so this is why that other mode is 'dynamic'.
#
static-auth-secret=583bAAAAAAAAAABBBBBBBBBBCCCCCCCCCCDDDDDDDDDDEEEEEEEEEEFFFFFFFFFF

Add Coturn ports to services

vi /etc/services

stun-turn       3478/tcp                        # Coturn
stun-turn       3478/udp                        # Coturn
stun-turn-tls   5349/tcp                        # Coturn
stun-turn-tls   5349/udp                        # Coturn
turnserver-cli  5766/tcp                        # Coturn

Open ports 3478 and 5349 in the firewall.

Start Coturn server as daemon

vi /etc/default/coturn

# Uncomment it if you want to have the turnserver running as 
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

turnserver -o -v

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2g-fips  1 Mar 2016
0: 
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

netstat -npta | grep turnserver

tcp  0  0 127.0.0.1:5766       0.0.0.0:*    LISTEN   19039/turnserver
tcp  0  0 172.17.19.101:3478   0.0.0.0:*    LISTEN   19039/turnserver

turnserver -h
turnadmin -h

service coturn stop
service coturn start
service coturn restart
service coturn status

● coturn.service - LSB: coturn TURN Server
 Loaded: loaded (/etc/init.d/coturn; bad; vendor preset: enabled)
 Active: active (running) since Mon 2018-05-07 01:26:56 CEST; 3s ago
 Docs: man:systemd-sysv-generator(8)
 Process: 14464 ExecStop=/etc/init.d/coturn stop (code=exited, status=0/SUCCESS)
 Process: 14516 ExecStart=/etc/init.d/coturn start (code=exited, status=0/SUCCESS)
 Tasks: 7
 Memory: 4.4M
 CPU: 52ms
 CGroup: /system.slice/coturn.service
 └─14526 /usr/bin/turnserver -c /etc/turnserver.conf -o -v

Add to DNS

turn.domain.xx → domain.xx
stun.domain.xx → domain.xx

Coturn CLI

telnet localhost 5766

Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TURN Server
Coturn-4.5.0.3 'dan Eider'

Type '?' for help
>

 Coturn webadmin interface

Create admin user

turnadmin -A -u admin -p verysecretpassword

Login to

https://domain.xx:3478

See also

• github.com/coturn/coturn
• https://nextcloud-talk.readthedocs.io/en/latest/TURN/