elias/vdo.ninja
1
0
Fork 0
mirror of https://github.com/eliasstepanik/vdo.ninja.git synced 2026-01-23 11:28:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
vdo.ninja/turnserver.md
Steve Seguin c801ceb19a
Update turnserver.md
2020-09-10 01:25:36 -04:00

77 lines
2.2 KiB
Markdown
Raw Blame History

This install script and config file was used with OVH loaded onto a VM with Ubuntu 20.
```
sudo apt-get update
sudo apt-get install coturn -y
set TURNSERVER_ENABLED=1
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot -y
```
Make sure you have the DNS pointing to your IP address for this next step (ipv4 + ipv6 if possible). You will need to validate that in the next step.
```
sudo certbot certonly --standalone
```
Replace turn.obs.ninja with the domain name you registered certbot with. If the file is not found, things did not work.
```
sudo ls /etc/letsencrypt/live/turn.obs.ninja/fullchain.pem
sudo apt install net-tools
```
We are going to open up some ports.
```
sudo ufw allow 60000:62000/tcp
sudo ufw allow 60000:62000/udp
```
Update turnserver.conf with passwords, domain names, and whatever else that needs changing. Example contents are provided below. Once you have updated it, start the TURN server and ensure it started correctly.
```
sudo vi /etc/turnserver.conf
sudo systemctl restart coturn
sudo systemctl status coturn
```
The follwoing are the contents of an example /etc/turnserver.conf file.
```
## sudo vi /etc/turnserver.conf
listening-port=3478
tls-listening-port=443
external-ip = 111.222.333.444 ## external IPv4 address
external-ip = 1111:3333:555:3333::9999 ## External ipv6 address. Add to DNS server as well
min-port=60000 ## ufw is needed to open these ports
max-port=62000 ## default is like 49000 to 60000 or so?
realm=turn.obs.ninja ## Domain name is needed; OVH provides one, but you can add a novelty one for cheap yourself.
server-name=turn.obs.ninja
#lt-cred-mech
#userdb=/etc/turnuserdb.conf ## For server-based credentials, if you want some added security
fingerprint ## security
stale-nonce ## security
no-multicast-peers
no-stun ## you might want this on actually
#oauth
lt-cred-mech
user=USERNAME:PASSWORD ## Change as desired
# max-bps=650000 # Just over 5mbps limit ; use to prevernt DDoS attacks?
no-loopback-peers
# use real-valid certificate/privatekey files
cert=/etc/letsencrypt/live/turn.obs.ninja/fullchain.pem ## update as per certbot
pkey=/etc/letsencrypt/live/turn.obs.ninja/privkey.pem
#verbose
no-stdout-log
```
Reference in New Issue View Git Blame Copy Permalink