Create STUN TURN Server in Ubuntu 18.04 AWS
In my previous blog i explained how to create WEBRTC video conference, partially i just introduced STUN and TURN concept. in this article we are going to build customized STUN and TURN servers on Ubuntu AWS instance.
So lets study what is exactly STUN and TURN..?
in real world scenario connecting two different devices or peers over the internet is restricted by NAT(Network Address Translation). basically peer behind NAT network those restricting the firewalls. so to overcome these problem STUN and TURN iceframework are using.
basically webrtc will share audio and video data by calling rtcpconnection method, the connection url will pass over STUN (Session Traversal Utilitie NAT) sand TURN (Traversal Using Relay NAT)and these server will allow to conect multiple peers as they available.
at initial stage during signaling ice-framework will try to find which is the best path to connect peers with device IP, if it’s fail STUN server will start the process and will get external Public Network address, if still difficulty to process the connection then a TURN server will be used to relay the traffic and connect the both peers.
Cool…!! hope you guys understand basic concept of STUN and TURN server.lets jump how to create STUN and TURN
first you have to check what and all security group and port which you enable for your aws instance.(will explain how to configure aws server and security group data in my coming post)
80 : TCP # if you need to setup coturn (STUN and TURN) with SSL
443 : TCP # if you need to setup coturn (STUN and TURN) with SSL
3478 : UDPStep 1: install COTURN by running following command on your terminal
sudo apt-get -y update
sudo apt-get -y install coturnif your using linux ec2 instance you can run yum
sudo yum update -y
sudo yum install coturnStep 2:Enable TURNSERVER_ENABLED=1 by running nano or vim which is your favorite
sudo nano/etc/default/coturnNote: we will follow Long Term Credentials Mechanism for STUN and TURN server.
Step 3: open file /etc/turnserver.conf by using nano or vim
realm=coturn.[your domain or IP]
fingerprint
listening-ip=0.0.0.0
external-ip=<EXTERNAL_IP>/<INTERNAL_IP> #or just the external ip
listening-port=3478
min-port=10000
max-port=20000
log-file=/var/log/turnserver.log
verbose
user=<YOUR_USERNAME>:<YOUR_PASSWORD>
lt-cred-mechexternal-ip = means your aws instance public IP
listening-port = which port you want to listen basically for TURN and STUN it will be 3478 and even you can use 443 also.
Note: now i configured STUN and TURN without SSL listener you can create by using SSL listener by follows:
you can install ssl using certbot.eff.org then run follow command:
sudo apt-get -y update &&\
sudo apt-get -y install software-properties-common &&\
sudo add-apt-repository -y universe &&\
sudo add-apt-repository -y ppa:certbot/certbot &&\
sudo apt-get -y update &&\
sudo apt-get -y install certbotwhen ever installing ssl using certbot it will ask few information like your country,email,domain name etc. they will verify all you data and approve your domain with ssl. read more about: certbot.eff.org
once you install ssl just run folowing command
server-name=coturn.[your domain]
cert=/etc/letsencrypt/live/coturn.meetrix.io/cert.pem
pkey=/etc/letsencrypt/live/coturn.meetrix.io/privkey.pem
realm=coturn.meetrix.io
fingerprint
listening-ip=0.0.0.0
external-ip=<EXTERNAL_IP>/<INTERNAL_IP> #or just the external ip
listening-port=443
min-port=10000
max-port=20000
log-file=/var/log/turnserver.log
verbose
user=<YOUR_USERNAME>:<YOUR_PASSWORD>
lt-cred-mechwe are running over ssl so we used 443 as listening port.
step 3: restart your STUN and TURN server
sudo service coturn restartCool…we are done with creation of our STUN and TURN now time to test
For testing we can use Trickle-Ice testing tool visit :trickle-ice
add your TURN and STUN credential then click add server afterwards click Gather Candidates.
once you succeed with creation result will show one realy server as well rtpsrflx with done info.
Cool we are implemented STUN and TURN for exchange data over NAT…now you can use this server ip and credential in your WEBRTC projects…
visit my previous blog how to implement WEBRTC video conference app.
Happy codding..please Clap (like) and follow my Medium for more articles.
Follow me on Twitter for more Technical and web3 threads:
https://twitter.com/rajdxb14
