Coturn is a libre STUN and TURN server software that allows users of internet applications or protocols (Such as XMPP and Matrix) to perform WebRTC voice and video calls despite them being behind NATs.
If you want to add video and voice calling natively to your XMPP or Matrix server (or a myriad of various other applications), you’ll need to install Coturn and configure it appropriately.
Note on ejabberd
If you’re installing ejabberd, then you don’t need Coturn. Ejabberd comes with a TURN server built-in, and you should only setup ejabberd to connect to Coturn if you intend on running multiple chat services like Matrix and XMPP.
Coturn is available in the Debian repositories:
apt install coturn
Coturn's configuration file is
/etc/turnserver.conf. There are a few
aspects that need to be changed in order to get a fully-functioning
Here is an example of some sane defaults:
server-name=turn.example.org realm=turn.example.org listening-ip=your_public_ip listening-port=3478 min-port=10000 max-port=20000 ## The "verbose" option is useful for debugging issues verbose
There are two options for authentication on a turnserver:
- Usernames and passwords
- Authentication secrets
Depending on what self-hosted service is being used in conjunction with Coturn, you may need one or the other of these two options.
Usernames and Passwords
To utilize username and password authentication with Coturn, add the following configuration in
To utilize authentication secrets with Coturn, add the following
TURNS (TLS Encryption)
Some self-hosted services may support the use of TURNS: An encrypted version of TURN, which allows for WebRTC connections to be established with the use of an encrypted TLS tunnel, just like HTTPS allows for encrypted viewing of websites.
Note: This does not affect the encryption of the audio or video feeds. This only makes the requests to the TURN servers encrypted, which is still desireable for security. Any encryption of the call contents will be handled by the client and server of the application you are using.
To utilize TURNS, certificates need to be declared for turn.example.org in
In this example, Letsencrypt certificates generated with
certbot are used.
After all configuration changes are complete, Coturn can be started with its systemd daemon:
systemctl restart coturn
Configuring your application
At this stage, you should look in your application’s own guide on how to set the TURN and STUN server settings. Configure it to point at turn.example.org and use either your username and password pair or your super-secure authentication secret.
- How to configure TURN on ejabberd
- How to configure TURN on Prosody
- How to configure TURN on Matrix Synapse
- How to configure TURN on Matrix Dendrite
Congratulations! You’ve successfully setup a Coturn server!
Written by Denshi.
Donate Monero at: