Skip to content

Coturn STUN/TURN Server

stunTurn

Requirements

  • Server Selection: Recommended Hetzner (CX11) or Contabo (VPS-S) OS: Ubuntu 22.04 LTS.
  • Use my personal link to receive €⁠20 in cloud credits on Hetzner.
  • Domain or Subdomain Name (e.g., your.domain.name) with a DNS A record pointing to your server's IPv4 address.
  • Certbot to generate cert & pkey for /etc/turnserver.conf.

Installation

Install Coturn:

Bash
$ sudo apt-get -y update
$ sudo apt-get -y install coturn

Install Certbot

certbot

Bash
$ sudo apt-get -y update
$ sudo apt-get -y install certbot

Request SSL Certificate

Replace your.domain.name with your real domain or subdomain name.

Bash
# The certificates can be found in /etc/letsencrypt/live/your.domain.name/
$ sudo certbot certonly --standalone -d your.domain.name

# Automatically renew the certificates
$ sudo certbot renew
# OR if you have running Nginx
$ sudo certbot renew --nginx

Turn_Server config

Open /etc/turnserver.conf and add the following by replacing your.domain.name with your real domain or subdomain name.

INI
listening-port=3478
tls-listening-port=5349

min-port=10000
max-port=20000

fingerprint
lt-cred-mech

user=your.username:your.password

server-name=your.domain.name
realm=your.domain.name

total-quota=100
stale-nonce=600

cert=/etc/letsencrypt/live/your.domain.name/fullchain.pem
pkey=/etc/letsencrypt/live/your.domain.name/privkey.pem

cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"

no-stdout-log

Uncomment the following line to run Coturn as an automatic system service daemon in /etc/default/coturn

INI
TURNSERVER_ENABLED=1

If you can't reach coturn on tls-listening-port, try to edit /etc/systemd/system/multi-user.target.wants/coturn.service

INI
[Service]
User=root
Group=root

Reload daemon:

Bash
$ sudo systemctl daemon-reload

Coturn commands

Bash
$ sudo service coturn status
$ sudo service coturn stop
$ sudo service coturn start
$ sudo service coturn restart

Using Docker

docker

Bash
# Step 1: Pull the Coturn Docker image from Docker Hub (https://hub.docker.com/r/coturn/coturn)
$ docker pull coturn/coturn

# Step 2: Run a Coturn container in detached mode with host network mode
# and mount a local configuration file into the container
docker run -d \
  --network=host \
  -v /etc/turnserver.conf:/etc/turnserver.conf \
  -v /etc/letsencrypt/live/your.domain.name/fullchain.pem:/etc/letsencrypt/live/your.domain.name/fullchain.pem \
  -v /etc/letsencrypt/live/your.domain.name/privkey.pem:/etc/letsencrypt/live/your.domain.name/privkey.pem \
  coturn/coturn

Useful commands:

Bash
# List the currently running Docker containers
$ docker ps

# Stop the Coturn container with the name "compassionate_swanson"
$ docker stop compassionate_swanson

# Start the Coturn container with the name "compassionate_swanson"
$ docker start compassionate_swanson

Test

Test if it's working:

You can also utilize the built-in MiroTalk service by simply replacing your.domain.name, your.username and your.password with your own values in the following URLs:

INI
# Default listening port
https://p2p.mirotalk.com/test?iceServers=[{"urls":"stun:your.domain.name:3478"},{"urls":"turn:your.domain.name:3478","username":"your.username","credential":"your.password"}]

# Tls listening port
https://p2p.mirotalk.com/test?iceServers=[{"urls":"stun:your.domain.name:5349"},{"urls":"turn:your.domain.name:5349","username":"your.username","credential":"your.password"}]