elias/vdo.ninja
1
0
Fork 0
mirror of https://github.com/eliasstepanik/vdo.ninja.git synced 2026-01-11 13:48:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
vdo.ninja/turnserver.md
Steve Seguin 17c2ae5fc6
Update turnserver.md
2020-09-10 06:16:38 -04:00

2.2 KiB
Raw Blame History

This install script and config file was used with a standard virtual machine server loaded with Ubuntu 20. GCP/AWS servers might need slightly different settings.

sudo apt-get update
 
sudo apt-get install coturn -y
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot -y

Make sure you have the DNS pointing to your IP address for this next step (ipv4 + ipv6 if possible). You will need to validate that in the next step.

sudo certbot certonly --standalone

Replace turn.obs.ninja with the domain name you registered certbot with. If the file is not found, things did not work.

sudo ls /etc/letsencrypt/live/turn.obs.ninja/fullchain.pem

sudo apt install net-tools

note: If you run into error 701 issues with your TURN server, check that the coturn service has access to your new SSL certificates: see this issue with coturn: https://github.com/coturn/coturn/issues/268

Next, we are going to open up some ports... just in case they are blocked by default.

sudo ufw allow 60000:62000/tcp 
sudo ufw allow 60000:62000/udp

Update turnserver.conf with passwords, domain names, and whatever else that needs changing. Example contents are provided below. Once you have updated it, start the TURN server and ensure it started correctly.

sudo vi /etc/turnserver.conf

sudo systemctl restart coturn
sudo systemctl status coturn
sudo systemctl enable coturn

The follwoing are the contents of an example /etc/turnserver.conf file.

## sudo vi /etc/turnserver.conf

listening-port=3478
tls-listening-port=443


## Update IP addresses; IPv4 is at least needed
external-ip=51.195.41.189
external-ip=2001:41d0:701:1100::287c

min-port=60000
max-port=62000

## Update domain name
realm=turn.obs.ninja
server-name=turn.obs.ninja

# lt-cred-mech
# userdb=/etc/turnuserdb.conf

fingerprint
stale-nonce

no-multicast-peers
# no-stun

# oauth
lt-cred-mech

## Update your credentials
user=USERNAMEHERE:PASSWORDHERE

# max-bps=650000

no-loopback-peers

## use real-valid certificate/privatekey files. Update the location
cert=/etc/letsencrypt/live/turn.obs.ninja/fullchain.pem
pkey=/etc/letsencrypt/live/turn.obs.ninja/privkey.pem

# verbose
no-stdout-log