Coturn is a free and open-source TURN and STUN server for VoIP and WebRTC. In a previous tutorial, we discussed how to install Spreed WebRTC server and how to integrate Spreed WebRTC with NextCloud.
But there’s a problem: WebRTC won’t work if users are behind different NAT devices. It will be blocked. To traverse NAT, we need to set up a TURN server as a relay between Web browsers. TURN stands for Traversal Using Relays around NAT. How it works is beyond the scope of this tutorial.
This tutorial is going to show you how to set up coturn, an open-source implementation of TURN, on Ubuntu 16.04 and how to connect Spreed WebRTC to coturn.
Note: To reduce latency, the TURN server should be close to users and be aware that TURN server consumes lots of bandwidth as it will rely audio and video. Coturn can be on the same machine with Spreed WebRTC or on another machine that are not behind NAT.
How to Set up Coturn Server for Spreed WebRTC
Coturn is available from Ubuntu 16.04, 16.10 and Debian 8 repository, so install it with the following command:
sudo apt install coturn
To let it auto start at system boot time, edit
sudo nano /etc/default/coturn
Find the following line and uncomment it by removing
Save and close the file. Next, edit the main configuration file.
sudo nano /etc/turnserver.conf
By default, all lines in this file are commented out. Below is an example configuration which you can copy and paste into your file. Replace your-domain.com with the domain name for your NextCloud or Spreed WebRTC. Also set a long and secure authenticate secret.
# Run as TURN server only, all STUN requests will be ignored. no-stun # Specify listening port. Change to 80 or 443 to go around some strict NATs. listening-port=8443 tls-listening-port=5349 # Specify listening IP, if not set then Coturn listens on all system IPs. #listening-ip=22.214.171.124 #relay-ip=126.96.36.199 # These lines enable support for WebRTC fingerprint lt-cred-mech realm=your-domain.com # Authentication method use-auth-secret static-auth-secret=your-auth-secret total-quota=100 # Total bytes-per-second bandwidth the TURN server is allowed to allocate # for the sessions, combined (input and output network streams are treated separately). bps-capacity=0 # This line provides extra security. stale-nonce log-file=/var/log/turnserver/turn.log no-loopback-peers no-multicast-peers
Save and close the file. Then start coturn server with:
sudo turnserver -c /etc/turnserver.conf --daemon -v
Now let’s edit Spreed WebRTC configuration file.
sudo nano /etc/spreed/server.conf
Add the following two lines in the
[app] section. Replace red-text accordingly.
turnURIs = turn:coturn-server-ip:8443?transport=udp turnSecret = your-auth-secrect
Save and close the file. Then restart Spreed WebRTC docker container with
sudo docker restart my-spreed-webrtc
or run the following command if you installed Spreed via Ubuntu PPA.
sudo systemctl restart spreed-webrtc
Once coturn is running and Spreed WebRTC is restarted, users who are behind NAT should be able to use audio/video calls normally.