elias/vdo.ninja
1
0
Fork 0
mirror of https://github.com/eliasstepanik/vdo.ninja.git synced 2026-01-11 13:48:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
vdo.ninja/turnserver.md
Steve Seguin c801ceb19a
Update turnserver.md
2020-09-10 01:25:36 -04:00

2.2 KiB
Raw Blame History

This install script and config file was used with OVH loaded onto a VM with Ubuntu 20.

sudo apt-get update
 
sudo apt-get install coturn -y
set TURNSERVER_ENABLED=1

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot -y

Make sure you have the DNS pointing to your IP address for this next step (ipv4 + ipv6 if possible). You will need to validate that in the next step.

sudo certbot certonly --standalone

Replace turn.obs.ninja with the domain name you registered certbot with. If the file is not found, things did not work.

sudo ls /etc/letsencrypt/live/turn.obs.ninja/fullchain.pem

sudo apt install net-tools

We are going to open up some ports.

sudo ufw allow 60000:62000/tcp 
sudo ufw allow 60000:62000/udp

Update turnserver.conf with passwords, domain names, and whatever else that needs changing. Example contents are provided below. Once you have updated it, start the TURN server and ensure it started correctly.

sudo vi /etc/turnserver.conf
sudo systemctl restart coturn
sudo systemctl status coturn

The follwoing are the contents of an example /etc/turnserver.conf file.

## sudo vi /etc/turnserver.conf

listening-port=3478
tls-listening-port=443

external-ip = 111.222.333.444      ## external IPv4 address
external-ip = 1111:3333:555:3333::9999  ## External ipv6 address.  Add to DNS server as well

min-port=60000 ## ufw is needed to open these ports
max-port=62000 ## default is like 49000 to 60000 or so?

realm=turn.obs.ninja	## Domain name is needed; OVH provides one, but you can add a novelty one for cheap yourself.
server-name=turn.obs.ninja

#lt-cred-mech
#userdb=/etc/turnuserdb.conf  ## For server-based credentials, if you want some added security

fingerprint ## security
stale-nonce ## security

no-multicast-peers
no-stun  ## you might want this on actually

#oauth
lt-cred-mech
user=USERNAME:PASSWORD ## Change as desired

# max-bps=650000 # Just over 5mbps limit ; use to prevernt DDoS attacks?

no-loopback-peers

# use real-valid certificate/privatekey files
cert=/etc/letsencrypt/live/turn.obs.ninja/fullchain.pem ## update as per certbot
pkey=/etc/letsencrypt/live/turn.obs.ninja/privkey.pem

#verbose
no-stdout-log