Setting Up STUN/TURN Server on meetme.id

1 Reply

This article is about how I setup a STUN/TURN service server on my domain meetme.id, so I do not forget how to do it again later 🙂 You can then use the STUN and/or TURN server on meetme.id from anywhere, any application that requires one or both of them.

meetme.id is a service server that I setup to test and learn the current IP communication technologies such as WebRTC, SIP and XMPP/Jabber. I also try to seriously setup and maintain it so that it can actually be useful to anyone for actual usages on a long-term.

UPDATE:

Actual deployment of STUN/TURN server on meetme.id is different than this manual. Current implementation the STUN/TURN server on meetme.id are using different port than the default setup.

[code lang=text]
Public STUN server address : stun.meetme.id:443

Public TURN server address : turn.meetme.id:443 (UDP/TCP)
Public TURN credential : public
Public TURN username : public
[/code]

This article is divided into three parts:

  • Part 1: Installation
  • Part 2: Basic Configuration
  • Part 3: The Test

The server is using Ubuntu Server 14.04 and the STUN/TURN server software is Coturn.

Just in case you’re wondering why you should need to even use a STUN and/or TURN service server, here are some pages to start with:

  • http://blog.tadhack.com/2015/06/08/turn-to-turn-streamstack/
  • http://piratefsh.github.io/projects/2015/08/27/webrtc-stun-turn-servers.html
  • https://www.webrtc-experiment.com/docs/STUN-or-TURN.html
  • http://www.html5rocks.com/en/tutorials/webrtc/infrastructure/#after-signaling-using-ice-to-cope-with-nats-and-firewalls
  • http://www.avaya.com/blogs/archives/2014/08/understanding-webrtc-media-connections-ice-stun-and-turn.html
  • https://www.youtube.com/watch?v=p2HzZkd2A40

Ready ? Let’s begin.

Part 1: Installation

Update Ubuntu server:

[code lang=bash]
sudo apt-get -y update
sudo apt-get -y upgrade
[/code]

You don’t need to update your server only when you know what you’re doing

Install development packages:

[code lang=bash]
sudo apt-get -y install build-essential libssl-dev libsqlite3-dev libevent-dev libmysqlclient-dev sqlite3
[/code]

Prepare source directory, all coturn related files will be put in this directory:

[code lang=bash]
mkdir -p ~/src
cd ~/src
[/code]

Download, compile and install coturn:

[code lang=bash]
wget -c https://github.com/coturn/coturn/archive/4.5.0.3.tar.gz
tar -zxf 4.5.0.3.tar.gz
cd coturn-4.5.0.3/
./configure
make
sudo make install
[/code]

Installation is finished.

Part 2: Basic Configuration

Make sure your working directory is still in ~/src/coturn-4.5.0.3/:

[code lang=bash]
cd ~/src/coturn-4.5.0.3/
[/code]

Add Linux user and group for coturn:

[code lang=bash]
sudo useradd turnserver
[/code]

Use example config file:

[code lang=bash]
sudo cp examples/etc/turnserver.conf /usr/local/etc
[/code]

Edit turnserver.conf:

[code lang=text]
sudo vi /usr/local/etc/turnserver.conf
[/code]

Add these options, starts from the bottom of the file:

[code lang=text]
min-port=10000
max-port=20000
verbose
lt-cred-mech
server-name=meetme.id
realm=meetme.id
no-stdout-log
log-file=/var/log/turnserver.log
simple-log
proc-user=turnserver
proc-group=turnserver
[/code]

You may of course use your own domain name.

Create sqlite3 database:

[code lang=bash]
sudo rm -f /usr/local/var/db/turndb
cat turndb/schema.sql | sudo sqlite3 /usr/local/var/db/turndb
[/code]

Create an empty log file:

[code lang=bash]
sudo touch /var/log/turnserver.log
[/code]

Prepare self-signed certificate for coturn:

[code lang=bash]
openssl req -new -x509 -newkey rsa:4096 -days 3650 -keyout privkey.pem -out server.pem
openssl rsa -in privkey.pem -out privkey.pem
sudo mv privkey.pem /usr/local/etc/turn_server_pkey.pem
sudo mv server.pem /usr/local/etc/turn_server_cert.pem
[/code]

Please note that I actually use a USD 9 Comodo SSL certificate, not a self-signed. This is just a note should I, you, need to use one.

Set files ownership and permissions:

[code lang=bash]
sudo chown turnserver.turnserver -R /usr/local/etc/turn* /usr/local/var/db /var/log/turnserver.log
[/code]

Verify basic configuration by running turnserver:

[code lang=bash]
sudo turnserver
[/code]

You should see nothing indicating an error.

Exit turnserver for now by pressing Control+C.

Re-run turnserver, this time run as daemon:

[code lang=bash]
sudo turnserver -o
[/code]

Coturn will take 4 UDP and TCP ports on server, they are:

  • Port 3478
  • Port 3479
  • Port 5349
  • Port 5350

Verify ports are taken by coturn:

[code lang=bash]
sudo netstat -lnptu | grep turnserver
[/code]

Add a user for public use, for my test domain meetme.id:

[code lang=bash]
sudo turnadmin -a -u public -r meetme.id -p public
[/code]

Please note that giving the public username and credential is not recommended. I made this a public access because I believe it will benefit us, testers like me, for now.

Coturn has a REST API, and other methods, so that the external app can access it to get coturn setup a new temporary key/credential for a session only, this way only users you allowed to use your TURN service can use and eat your server’s bandwidth.

That is all.

Now everyone can use meetme.id‘s STUN/TURN server with username public and credential public on host/server address meetme.id.

Part 3: The Test

As of now STUN/TURN service is running on my domain meetme.id. Testing the TURN service might be a little complex, maybe you need to build an actual working WebRTC app. But since the STUN service also run by the same application then we can just test the STUN service to see if the service is running properly, for STUN at least.

This is how you can check the STUN service:

  • Install stun client on your PC or on different server, but better in your PC/laptop under a NAT router:

    [code lang=bash]
    sudo apt-get install stun
    [/code]

  • Run it againts meetme.id

    [code lang=bash]
    stun meetme.id
    [/code]

The result should be similar to this:

[code lang=text]
STUN client version 0.97
Primary: Independent Mapping, Independent Filter, random port, no hairpin
Return value is 0x000012
[/code]

In some cases probably you’ll receive response telling that you’re blocked, or some other status.

Update, there is a website that you can use to test your STUN/TURN server, here it is:

  • https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

Visit the website, remove the default google server and add yours.

Author

This article is written by Anton Raharja, the maintainer of meetme.id.

Feedbacks are welcome. Let me know. Thanks.

One thought on “Setting Up STUN/TURN Server on meetme.id

  1. Alan

    Next after habahaba project nih 😀 nice saya cari habahaba ngga ketemu jadinya meetme.id modeling learning project by videoconferencing sepertinya tambah menarik.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *