TURN Server Deployment Guide
A TURN server is required for NAT traversal of a WebRTC session. A TURN server is a mandatory component when WebRTC is enabled in Hybrid Chat. You can use some cloud based TURN server such as:
- Xirsys
- NUMB TURN Server by Viagenie
- Setup a local TURN Server
This guide covers implementing a local TURN server using Coturn Project. Coturn is a free and open-source implementation of a TURN and STUN server for VoIP and WebRTC. This project evolved from rfc5766-turn-server project. This document covers steps for installing a local TURN server. This TURN server is configured to handle up to 100 concurrent WebRTC sessions. This limit may be increased on demand, though.
TURN Server Deployment Prerequisites
Software Requirements
Requirement | |
|---|---|
| OS | CentsOS 7 / RHEL 7 or above |
| Docker CE | 18+ |
Docker compose | 1.21 or above |
A publicly accessible FQDN | The TURN server IP should be exposed via a public FQDN. |
Here is the information on how to add Type A record to your DNS zone file provided by your domain registrar.
Hardware Requirements
Requirement | |
|---|---|
| CPU | 4 cores |
| RAM | 4 GB |
DISK | 80 GB |
| NIC | 1 NIC per VM |
Important!
TURN server consumes a lot of bandwidth because it has to transmit the media content between the peers. Make sure that you have a wide traffic bandwidth to manage this task. Right now, one connection of TURN server is allowed to use almost 2 Megabits of bandwidth. Which means, an internet connection of 50 Megabits can handle 25 concurrent connections. This limit can be changed according to the requirements in environment_variables.
Installation Steps
- Install Docker and Docker Compose on the host operating system.
- Download the deployment script deployment-turn.sh and place it in the user home or any desired directory.
- To execute the script, you need to execute the commands as follows.
- # docker-compose up -d
- Execution of the script will perform the following actions:
- Delete the
turn-serverdirectory if it exists. - Clone the
turn-serverdirectory.
- Change the
environment_variables.envfile in the directoryturn-server/dockeraccording to your requirements.
| Name | Description |
|---|---|
externalip | Enter the external IP of the machine (Public IP) |
user | Define your username and password for turn server like:
|
realm | Insert your FQDN here (Type A record pointing to that external IP) like:
|
TURN_PORT_START | This is the lower bound of the UDP port range for relay endpoints allocation. Default value is 49152 |
TURN_PORT_END | This is the upper bound of the UDP port range for relay endpoints allocation. Default value is 49252 |
MAX_BYTES | This is maximum bytes allowed per session. By default, Formula for calculating bytes from Megabit is :
Example: if you want to convert 50 Megabits into bytes:
You can also use this website to convert. |
BW_TOTAL | This is the total bandwidth allocated to TURN server sessions. By default, 50 Megabits of bandwidth is allowed which is 6553600 bytes. You can use above formula to calculate bytes from Megabits. |
6. Execute the following commands to allow specific ports exposed.
For CentOS / RedHat Linux
# firewall-cmd --zone=public --add-port=49152-49252/udp --permanent
# firewall-cmd --zone=public --add-port=3478/tcp --permanent
# firewall-cmd --zone=public --add-port=3478/udp --permanent
# firewall-cmd --reloadThe above step of exposing the ports are not required if you are using cloud based TURN server. Please make sure these ports are also allowed in your security group of local firewall.
To start the TURN server, navigate to the turn-server directory and run the script
# ./install.shA container with the name webrtc-turn will run. You can now use the following URL and the credentials of the TURN server.
"url": "turn:<FQDN>:3478",
"username": "<username, you have entered in env variables>",
"credential": "<password, you have entered in env variables>"
Troubleshooting
Logs for the container are available in files, as well as, within the docker daemon. To see the logs for the container, execute, and get the id of the container. Use that id to see the logs using
docker logs <container_id>