Create turnserver2.conf

this one uses a paid SSL cert
2026-01-15 15:48:27 +00:00 · 2020-09-12 01:41:40 -04:00 · 2020-09-12 01:41:40 -04:00 · 34a6bb49d0
commit 34a6bb49d0
parent 059a575b33
1 changed files with 52 additions and 0 deletions
--- a/turnserver2.conf
+++ b/turnserver2.conf
@ -0,0 +1,52 @@
+listening-port=3478
+alt-listening-port=3479
+
+## TLS needs an SSL certificate and domain, but enables TCP
+tls-listening-port=443
+alt-tls-listening-port=444
+
+# min-port=10000
+# max-port=20000
+
+realm=www.turn.obs.ninja
+server-name=www.turn.obs.ninja
+
+fingerprint
+
+## Lets just use Google since its more reliable
+no-stun
+
+lt-cred-mech
+user=UUUUU:PPPPPPPPPPPPP
+
+stale-nonce=600
+
+## depreciated in newer coturn
+# no-loopback-peers
+
+no-multicast-peers
+
+## 1-gbps/100 users = 1mbps each
+total-quota=100
+
+cert=/var/certs/turn_obs_ninja_chain.crt
+pkey=/var/certs/turn_obs_ninja.key
+
+## Tweaks to fix some lets encrypt errors
+# cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
+# no-sslv3
+# no-tlsv1
+# no-tlsv1_1
+# no-tlsv1_2
+dh2066
+
+# max-bps=650000
+# no-udp
+# no-tcp
+
+#verbose
+no-stdout-log
+
+## bypass the letsencrypt bug; easier than modifying the service
+#proc-user=root
+#proc-group=root