ContextQMD
Back to Webrtc Experiment

TURN server installation Guide

docs/TURN-server-installation-guide.html

latest15.1 KB
Original Source

This document is aimed to explain TURN server installation steps for different operating systems.

  1. CoTURN installation on Ubuntu
  2. restund installation on Ubuntu
  3. TURN installation on CentOS
  4. TURN installation on Windows
  5. reTurnServer installation on Ubuntu
  6. Pion TURN server

You can test a TURN here LIVE or use "apt-get install stun" and then "stun domain.com:port".

Top

CoTURN installation on Ubuntu

Example LIVE server

  1. Make sure that you're using latest up-to-dated Ubuntu (TLS 14+)

Find a useful FTP link for your region.

https://packages.debian.org/jessie/amd64/coturn/download

Simply copy the link. Don't try any command yet. 3.

Modify sources.list file:

vi /etc/apt/sources.list

And add above FTP_domain in the sources-list. E.g.

# at the bottom of the sources.list file

# assuming that you found this domain:
# http://ftp.hk.debian.org/debian

deb http://ftp.hk.debian.org/debian jessie main

Make sure you have installed "Aptitude":

# https://wiki.debian.org/Aptitude

# update-to-latest version
aptitude update

If "aptitude update" fails:

# replace "8B48AD6246925553" and "7638D0442B90D010" with the error_key displayed on your OWN-screen

# GPG error: http://ftp.hk.debian.org jessie Release:
# The following signatures could not be verified because the public key is
# not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1

# execute below commands

gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553
gpg -a --export 8B48AD6246925553 | apt-key add -

gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010
gpg -a --export 7638D0442B90D010 | apt-key add -

Try "Aptitude" again if failed on initial try:

aptitude update

Now install "coturn" package using "aptitude":

# below command may require [sudo] privileges
aptitude install coturn

Modify following file after "coturn" installation:

vi /etc/turnserver.conf

Remove all text from the file, and replace with this:

# you can listen ports 3478 and 5349 instead of 80/443
listening-port=80
tls-listening-port=443

listening-ip=your-ip-address

relay-ip=your-ip-address
external-ip=your-ip-address

realm=yourdomain.com
server-name=yourdomain.com

lt-cred-mech
userdb=/etc/turnuserdb.conf

# use real-valid certificate/privatekey files
cert=/etc/ssl/certificate.pem
pkey=/etc/ssl/private.key

no-stdout-log

Modify following file after modifying above "turnserver.conf":

vi /etc/turnuserdb.conf

Remove all text from the file, and replace with this:

yourName:yourPassword

Instead of "turnuserdb.conf", you can try following as well:

# rquires: apt-get install sqlite3 libsqlite3-dev
# now: find / -name 'turndb'

# vi /etc/turnserver.conf

userdb=/var/lib/turn/turndb

# in this case, please add following:
# lt-cred-mech # remove or comment this one
oauth # add this
user=youruser:yourpassword # add this

# source: askubuntu.com/a/819264

Now type following command:

turnserver

Try following if above "turnserver" command fails:

# you can listen ports 3478 and 5349 instead of 80/443

lsof -n -i4TCP:80 | grep LISTEN
lsof -n -i4TCP:443 | grep LISTEN

Kill "existing" processes using this command:

kill processId

Now type following command again and it should work:

turnserver

Make sure that ports 80/443 (or 3478/5349) are opened in the firewall:

# you can listen ports 3478 and 5349 instead of 80/443

iptables -A INPUT -p udp --dport 80 -j ACCEPT
iptables -A INPUT -p udp --dport 443 -j ACCEPT

Run following command:

# pm2 is strongly recommended
# https://github.com/Unitech/pm2
pm2 start turnserver
pm2 save # after: pm2 startup

# if you do not want to use "pm2"
nohup turnserver > /dev/null 2>&1 &

# or simply
nohup turnserver &

Now check all UDP+TCP ports:

# recommended
netstat -tulpn

# or
netstat -nat | grep LISTEN

You will see that port 80/443 is listened by turnserver (both for UDP/TCP). 17.

Otherwise (alternative coTURN installation solutions):

// Please follow this link:
groups.google.com/d/msg/easyrtc/ypjJ5Yu3wZM/u5Lq6VNfabcJ

// or
apt-get install coturn

// or: stackoverflow.com/a/37290864
sudo -i # ignore if you already in admin mode
apt-get update && apt-get install libssl-dev libevent-dev libhiredis-dev make -y # install the dependencies
wget -O turn.tar.gz http://turnserver.open-sys.org/downloads/v4.5.0.3/turnserver-4.5.0.3.tar.gz # Download the source tar
tar -zxvf turn.tar.gz # unzip
cd turnserver-*
./configure
make && make install 

// or: stackoverflow.com/a/52408246

Top

restund installation on Ubuntu (via)

"make" and "gcc" are required. Example LIVE server

Download "re":

mkdir /home/restund
cd /home/restund

# via: http://creytiv.com/pub/
wget http://webrtcweb.com/re-latest.tar.gz
tar zxvf re-latest.tar.gz
cd re-0.4.17
make
make install # "sudo" is preferred

Download "restund":

# via: http://www.creytiv.com/pub/
# choose latest version
# replace "0.4.12" with latesat version (06-Oct-2015)
cd ..
wget http://webrtcweb.com/restund-0.4.12.tar.gz
tar zxvf restund-0.4.12.tar.gz
cd restund-0.4.12
make
make install # "sudo" is preferred

Modify "etc/restund.conf" file:

It will be located at: restund-0.4.12/etc/restund.conf

# cd etc && vi restund.conf
# "etc" is a directory inside "restund-0.4.12"

udp_listen your-ip:4455
tcp_listen your-ip:5544 # different port than UDP

turn_relay_addr your-ip

debug yes
realm yourdomain.com

# you will get a HTTP server for stats
# example stats:
# Version: 0.4.12
# Built: Nov 10 2016 23:39:41
# Uptime: 21 hours 25 mins 56 secs
# LIVE Example: http://webrtcweb.com:4050/

status_udp_addr your-ip
status_udp_port 33000
status_http_addr your-ip
status_http_port 4050

# filedb (your username/password are stored in this file)
filedb_path /etc/restund.auth

# modules (STUN messages are processed in module loading order)
module_path /usr/local/lib/restund/modules
module stat.so
module binding.so
module auth.so
module turn.so
module filedb.so
module syslog.so
module status.so

syncinterval 600
auth_nonce_expiry 3600

Modify "etc/restund.auth" file:

It will be located at: restund-0.4.12/etc/restund.auth

# remove default credentials

First of all, execute this command:

cd ..
util/genha1.sh username yourdomain.com password

Above command will print something. Copy whatever is printed; and paste inside "etc/restund.auth":

cd etc
vi restund.auth

# copy/paste inside the "restund.auth" file
username:sha1

Copy all "etc" files to "/etc/"

cd ..

# move .conf and .auth files to /etc/ directory
cp ./etc/* /etc/

# or use absolute path:
# cp /home/restund/restund-0.4.12/etc/ /etc/

Run the "restund" server

restund

Above command will print something like this:

udp listen: your-ip:4455
tcp listen: your-ip:5544
stat: module loaded
binding: module loaded
auth: module loaded (nonce_expiry=3600s)
turn: lifetime=600 ext=your-ip ext6=::1 bsz=512
filedb: module loaded (/etc/restund.auth)
syslog: module loaded facility=24
status: module loaded (udp=your-ip:33000 http=your-ip:4050)

You can open stats server here: http://your-ip:4050

If webrtc access to "restund" fails:

iptables -I INPUT 1 -i eth0 -p udp --dport 33000 -j ACCEPT

iptables -I INPUT 1 -i eth0 -p udp --dport 4455 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p tcp --dport 4455 -j ACCEPT

iptables -I INPUT 1 -i eth0 -p udp --dport 5544 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p tcp --dport 5544 -j ACCEPT

iptables -I INPUT 1 -i eth0 -p tcp --dport 4050 -j ACCEPT
  1. Now open this: http://your-ip.com:4050/

Top

TURN installation on CentOS

Use "sudo" if you see "permission-denied" errors.

First Step: Download & Install Prerequisite for CentOS

yum install -y make gcc cc gcc-c++ wget
yum install -y openssl-devel libevent libevent-devel mysql-devel mysql-server

Second Step: Download & Install LibEvent modules

wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar xvfz libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable && ./configure
make && make install && cd ..

# you can use "sudo" if permission-denied kind of erros occurred.
# sudo make && sudo make install && cd ..

Third Step: Download & Install TURN modules

wget http://turnserver.open-sys.org/downloads/v3.2.3.8/turnserver-3.2.3.8.tar.gz
tar -xvzf turnserver-3.2.3.8.tar.gz
cd turnserver-3.2.3.8 && ./configure
make && make install

Fifth Step: Configure "turnserver.conf" file

vi /etc/turnserver/turnserver.conf

# setting static accounts
# Remember, "static" accounts are not dynamically checked by the turnserver process.
user=username:password

# listen ports
listening-port=2222
listening-ip=127.1.1

# Now press "insert" key; then "Esc" key
# Then type:
:wq #-- this command will save your settings and close turnserver.conf file

# if you don't want to save settings; and quite. Simply type:
:q

You can:

  1. Use Only STUN

  2. Use Only TURN

  3. Use Both STUN and TURN

  4. Discard requests from all SSL/TLS version of protocols

  5. Use short-live credentials. Other authentication mechanisms coming soon in next few weeks.

  6. You can disable DTLS and TLS.

  7. You can set both static and dynamic accounts.

  8. You can give anonymous access to TURN server as well.

  9. You can set credentials for stun-only option as well; usually STUN-binding requests are anonymous.

Sixth Step: Run TURN server instance

cd /etc/turnserver/

turnserver -v -r ip:port -a -b turnuserdb.conf -c turnserver.conf -u turn-username -r ip:port -p turn-password
  1. Replace "ip:port" with yours! E.g. 127.1.1:2222:
turnserver -v -r 127.1.1:2222 -a -b turnuserdb.conf -c turnserver.conf -u turn-username -r 127.1.1:2222 -p turn-password
  1. Replace "turn-username" with custom-username; and "turn-password" with custom-password.
turnserver -v -r 127.1.1:2222 -a -b turnuserdb.conf -c turnserver.conf -u custom-username -r 127.1.1:2222 -p custom-password

Last Step: "Permanently" run TURN server instance

nohup turnserver -v -r ip:port -a -b turnuserdb.conf -c turnserver.conf -u turn-username -r ip:port -p turn-password &
  1. You can see that the entire TURN execution command is placed between "nohup" and "&".
nohup TURN-execution-command &

Top

TURN installation on Windows

Alternatives: STUNTMAN or C# STUN Client or Pion TURN-server for Windows.

Please check PION link above for a Windows TURN client.

Note: Below section is taken from slideshare; and its credit goes to @amiteshawa!

  1. Install "Cygwin" application

  2. Follow all steps from above section. E.g. install all dependencies; LibEvent and TURN modules.

  3. You'll face some issues when invoking "./configure" command for TURN configuration:

  4. Missing libpq.a, hiredis, postgreSql

  5. You can ignore them, because these modules are optional

  6. During "make" command invocation; you'll face error like " error: 'struct sockaddr_in' has no member named 'sin_len'"

  7. Edit "na_turn_ioaddr.c" and comment line number "169":

vi /turnserver-1.8.4.0/src/client/na_turn_ioaddr.c

# commenting line number #169
# addr->s4.sin_len = sizeof(struct sockaddr_in);
  1. Now, "make" and "make install" commands for TURN modules installation will work.
  2. Then copy "turnserver.conf" file from "../examples/etc/" directory to "/usr/local/etc/":
cp /turnserver-1.8.4.0/examples/etc/turnserver.conf /usr/local/etc/
  1. Now, you can follow "fifth" step from previous section to edit "turnserver.conf" for setting "username", "password", "listening-port" and "listening-ip".

Top

reTurnServer installation on Ubuntu

First Step: Install reTurnServer:

# Ubuntu
apt-get install resiprocate-turn-server

# CentOS
yum install resiprocate-turn-server

Second Step: Edit "/etc/reTurn/reTurnServer.config" file:

TurnAddress = your-first-ip
AltStunAddress = your-second-ip

TurnPort = 3478
AltStunPort = 5349

AuthenticationRealm = domain.com

UserDatabaseFile = /etc/reTurn/users.txt
UserDatabaseHashedPasswords = true # required for HashString

# for more info:
# https://github.com/resiprocate/resiprocate/blob/master/reTurn/reTurnServer.config

Next Step: Edit "/etc/reTurn/users.txt" file:

# first of all, execute this command:
# echo -n username:domain.com:password | md5sum

# you will get a HASH string: 32 chars
# domain.com must match "AuthenticationRealm" above "reTurnServer.config"
username:AboveHashString:domain.com:authorized

# more info:
# https://github.com/resiprocate/resiprocate/blob/master/reTurn/users.txt

Last Step: ReStart reTurnServer:

service resiprocate-turn-server restart
  1. You can check ports and addresses reTurnServer is listenning on:
netstat -nlp | grep reTurnServer
  1. In your HTML-JavaScript file, you will use original password, NOT the HashString:
iceServer => {
  urls: 'turn:domain.com:3478',
  credential: 'orignal-password', // NOT Hash
  username: 'username'
}

Top

Pion TURN server

A simple extendable Golang TURN server for Windows, Linux, Darwin and FreeBSD.

  1. Create a new directory (optional):
mkdir pions
cd pions
  1. Download the TURN server's source: (replace "1.0.3" with latest release)
wget -q https://github.com/pions/turn/releases/download/1.0.3/simple-turn-linux-amd64

# linux: simple-turn-linux-386 or simple-turn-linux-amd64
# darwin: simple-turn-darwin-amd64
# freebsd: simple-turn-freebsd-386 and simple-turn-freebsd-amd64
# windows: simple-turn-windows-386.exe and simple-turn-windows-amd64.exe
  1. Give read-write permissions to the DIR:
chmod +x simple-turn-linux-amd64
  1. Set username, password and port: (using EXPORT commands)
export USERS='username=password'
export REALM=domain.com
export UDP_PORT=3478
  1. Now run the pions turn server:
./simple-turn-linux-amd64

# or use nohup
nohup ./simple-turn-linux-amd64 &
  1. To check latest releases: https://github.com/pions/turn/releases