In this article we are going to learn how to setup and quickly get running with a webrtc TURN server in Ubuntu under 5 mins
Before installing the TURN server I must mention that there are free and paid alternatives available for turn servers these include
- OpenRelayProject.org (completely free 20GB cap)
- Metered.ca TURN servers ( paid solution with features like global regions, 99.999% uptime etc)
Step 1: Pre-requisites
-
You need a cloud VM, a dual core CPU with 1 GB ram and 50 GB SSD should suffice
-
You will need a static IP address, you can get one with the VM that you are spinning
-
You can get one from any cloud provider AWS or Google Cloud
-
When creating the instance choose Ubuntu as the Operating System
Step 2: Installing and Configuring a TURN server
In this section we are going to install and configure coturn which is an open source turn server and is widely used
- Update the Ubuntu packages
sudo apt update
Install CoTURN
sudo apt install coturn -y
This will install coturn as well as the associated utilities
Configuring the CoTURN
Here we are going to use the configuration file that comes with the coturn and is available at /etc/turnserver.conf to configure the coturn
- Backup the original configuration file (if you need it in the future, this is optional but recommended)
sudo cp /etc/turnserver.conf /etc/turnserver.conf.backup
- Edit the configuration file
Open /etc/turnserver.conf on the nano text editor like so
sudo nano /etc/turnserver.conf
The whole config is commented, remove the # to uncomment the settings which you want to uncomment
here you want to replace the YOUR_STATIC_IP with the static ip that you got for the VM.
here are the settings that you need to do. after this Save and close the file. (If using nano, press Ctrl+X, then Y, then Enter).
# Server's listening IP address for TURN/STUN services.
# CoTURN will listen on this IP on all network interfaces if not specified,
# but explicitly setting it is good practice.
listening-ip=YOUR_STATIC_IP
# Server's relay IP address on the local machine.
# This is the IP address that the relay endpoints will use.
relay-ip=YOUR_STATIC_IP
# External IP address of the server (or NAT gateway).
# This is crucial if your server is behind NAT. For a VPS with a public IP,
# this is the same as listening-ip and relay-ip.
external-ip=YOUR_STATIC_IP
# Main listening port for STUN and TURN (UDP and TCP).
# Default is 3478.
listening-port=3478
# Realm for the server. This can be your domain, or in our IP-only case, the IP itself.
# It helps in distinguishing STUN/TURN services if multiple are on the same IP.
realm=YOUR_STATIC_IP
# server-name is often the same as realm.
server-name=YOUR_STATIC_IP
# === Authentication ===
# We will use a username and password for authentication.
# Replace 'your_turn_username' with your desired username and
# 'your_strong_password' with a strong password you create.
user=your_turn_username:your_strong_password
# === Logging ===
# Log file location. Ensure the directory exists and coturn can write to it.
log-file=/var/log/turnserver.log
# Use simple log file format, not syslog.
simple-log
# Verbose logging - useful for setup and troubleshooting. Can be commented out later.
verbose
# === Relay Ports ===
# Range of UDP ports to be used for relaying media.
# This range should be sufficiently large.
min-port=49152
max-port=65535
# === Security & Performance ===
# Do not allow multicast peers.
no-multicast-peers
# For security reasons, disable older STUN backward compatibility.
no-stun-backward-compatibility
# Only respond to requests that are compliant with RFC5780.
response-origin-only-with-rfc5780
# === Process User/Group ===
# It's good practice to run coturn as a non-root user.
# The package usually creates a 'turnserver' user and group.
proc-user=turnserver
proc-group=turnserver
# === TLS/DTLS Configuration (Important Note) ===
# The prompt requested TLS in the minimal secure config.
# However, it also stated "we do not need self signed cert".
# Proper TLS/DTLS requires certificate files (cert and pkey).
#
# If you have valid SSL certificates, you would uncomment and configure these:
# tls-listening-port=5349 # For TURN over TLS (TCP)
# dtls-listening-port=5349 # For TURN over DTLS (UDP) - can be same as tls-listening-port
# cert=/etc/ssl/certs/your_domain_or_server.crt
# pkey=/etc/ssl/private/your_domain_or_server.key
# no-tlsv1
# no-tlsv1_1
Step 3 Enable CoTURN Daemons
- Edit the default file for CoTURN
sudo nano /etc/default/coturn
# Uncomment the line TURNSERVER_ENABLED=1
- Uncomment the line
TURNSERVER_ENABLED=1
Find the line #TURNSERVER_ENABLED=1 and remove the # to uncomment the line
save and close the file
- Restart and enable the CoTURN service
sudo systemctl restart coturn
sudo systemctl enable coturn # to start the turn server on boot
- Check coturn status
sudo systemctl status coturn
Step 4 Firewall setup
here we need to allow the traffic on TURN ports. The port 3478 is commonly used for TCP and UDP
Important: Enable ssh and allow tcp 22 port in the ufw first
sudo ufw allow OpenSSH
sudo ufw allow 22/tcp
- Allow STUN/TURN port (3478 for UDP and TCP)
sudo ufw allow 3478/udp
sudo ufw allow 3478/tcp # Recommended for TCP fallback
- Allow UDP relay port range as defined in
turnserver.conf
sudo ufw allow 49152:65535/udp
- Enable UFW if its not already active:
sudo ufw enable
if UFW is already active, reload it:
sudo ufw reload
- check UFW status
sudo ufw status verbose
Step 5 Test your TURN server
Using a public WebRTC TURN tester
the https://www.metered.ca/turn-server-testing is good for this
-
Open the tester in your chrome or safari browser
-
enter your server details
-
TURN server URL YOUR_STATIC_IP:3478
-
username The username that you chose
-
Password: The password that you chose
-
Click on add server then click on Launch Server Test
-
you can see the results there
This is a quick and easy guide to get started with Ubuntu TURN server
If you are looking for a complete and comprehensive guide on installing and running your own turn server then
How to setup and configure TURN server using coTURN?
That’s it. this is a simple guide to running your own turn server in Ubuntu. I hope you like the article, thanks for reading.