This article is about how I setup a STUN/TURN service server on my domain meetme.id, so I do not forget how to do it again later :) You can then use the STUN and/or TURN server on
meetme.id from anywhere, any application that requires one or both of them.
meetme.id is a service server that I setup to test and learn the current IP communication technologies such as WebRTC, SIP and XMPP/Jabber. I also try to seriously setup and maintain it so that it can actually be useful to anyone for actual usages on a long-term.
Actual deployment of STUN/TURN server on
meetme.id is different than this manual. Current implementation the STUN/TURN server on
meetme.id are using different port than the default setup.
Public STUN server address : stun.meetme.id:443 Public TURN server address : turn.meetme.id:443 (UDP/TCP) Public TURN credential : public Public TURN username : public
This article is divided into three parts:
- Part 1: Installation
- Part 2: Basic Configuration
- Part 3: The Test
The server is using Ubuntu Server 14.04 and the STUN/TURN server software is Coturn.
Just in case you’re wondering why you should need to even use a STUN and/or TURN service server, here are some pages to start with:
Ready ? Let’s begin.
Part 1: Installation
Update Ubuntu server:
sudo apt-get -y update sudo apt-get -y upgrade
You don’t need to update your server only when you know what you’re doing
Install development packages:
sudo apt-get -y install build-essential libssl-dev libsqlite3-dev libevent-dev libmysqlclient-dev sqlite3
Prepare source directory, all coturn related files will be put in this directory:
mkdir -p ~/src cd ~/src
Download, compile and install coturn:
wget -c https://github.com/coturn/coturn/archive/18.104.22.168.tar.gz tar -zxf 22.214.171.124.tar.gz cd coturn-126.96.36.199/ ./configure make sudo make install
Installation is finished.
Part 2: Basic Configuration
Make sure your working directory is still in
Add Linux user and group for coturn:
sudo useradd turnserver
Use example config file:
sudo cp examples/etc/turnserver.conf /usr/local/etc
sudo vi /usr/local/etc/turnserver.conf
Add these options, starts from the bottom of the file:
min-port=10000 max-port=20000 verbose lt-cred-mech server-name=meetme.id realm=meetme.id no-stdout-log log-file=/var/log/turnserver.log simple-log proc-user=turnserver proc-group=turnserver
You may of course use your own domain name.
Create sqlite3 database:
sudo rm -f /usr/local/var/db/turndb cat turndb/schema.sql | sudo sqlite3 /usr/local/var/db/turndb
Create an empty log file:
sudo touch /var/log/turnserver.log
Prepare self-signed certificate for coturn:
openssl req -new -x509 -newkey rsa:4096 -days 3650 -keyout privkey.pem -out server.pem openssl rsa -in privkey.pem -out privkey.pem sudo mv privkey.pem /usr/local/etc/turn_server_pkey.pem sudo mv server.pem /usr/local/etc/turn_server_cert.pem
Please note that I actually use a USD 9 Comodo SSL certificate, not a self-signed. This is just a note should I, you, need to use one.
Set files ownership and permissions:
sudo chown turnserver.turnserver -R /usr/local/etc/turn* /usr/local/var/db /var/log/turnserver.log
Verify basic configuration by running
You should see nothing indicating an error.
turnserver for now by pressing
turnserver, this time run as daemon:
sudo turnserver -o
Coturn will take 4 UDP and TCP ports on server, they are:
- Port 3478
- Port 3479
- Port 5349
- Port 5350
Verify ports are taken by coturn:
sudo netstat -lnptu | grep turnserver
Add a user for public use, for my test domain
sudo turnadmin -a -u public -r meetme.id -p public
Please note that giving the public username and credential is not recommended. I made this a public access because I believe it will benefit us, testers like me, for now.
Coturn has a REST API, and other methods, so that the external app can access it to get coturn setup a new temporary key/credential for a session only, this way only users you allowed to use your TURN service can use and eat your server’s bandwidth.
That is all.
Now everyone can use
meetme.id‘s STUN/TURN server with username
public and credential
public on host/server address
Part 3: The Test
As of now STUN/TURN service is running on my domain
meetme.id. Testing the TURN service might be a little complex, maybe you need to build an actual working WebRTC app. But since the STUN service also run by the same application then we can just test the STUN service to see if the service is running properly, for STUN at least.
This is how you can check the STUN service:
- Install stun client on your PC or on different server, but better in your PC/laptop under a NAT router:
sudo apt-get install stun
- Run it againts
The result should be similar to this:
STUN client version 0.97 Primary: Independent Mapping, Independent Filter, random port, no hairpin Return value is 0x000012
In some cases probably you’ll receive response telling that you’re blocked, or some other status.
Update, there is a website that you can use to test your STUN/TURN server, here it is:
Visit the website, remove the default google server and add yours.
Feedbacks are welcome. Let me know. Thanks.