Skip to main content
Skip table of contents

TURN Server Deployment Guide

A TURN server is required for NAT traversal of a WebRTC session. A TURN server is a mandatory component when WebRTC is enabled in Hybrid Chat. You can use some cloud based TURN server such as: 

  1. Xirsys
  2. NUMB TURN Server by Viagenie 
  3. Setup a local TURN Server

This guide covers implementing a local TURN server using Coturn Project. Coturn is a free and open-source implementation of a TURN and STUN server for VoIP and WebRTC. This project evolved from rfc5766-turn-server project. This document covers steps for installing a local TURN server. This TURN server is configured to handle up to 100 concurrent WebRTC sessions. This limit may be increased on demand, though. 

TURN Server Deployment Prerequisites

Software Requirements


OSCentsOS 7 / RHEL 7 or above
Docker CE18+

Docker compose

1.21 or above

A publicly accessible FQDN

The TURN server IP should be exposed via a public FQDN. 

Here is the information on how to add Type A record to your DNS zone file provided by your domain registrar. 

Hardware Requirements


CPU4 cores

4 GB


80 GB



TURN server consumes a lot of bandwidth because it has to transmit the media content between the peers. Make sure that you have a wide traffic bandwidth to manage this task. Right now, one connection of TURN server is allowed to use almost 2 Megabits of bandwidth. Which means, an internet connection of 50 Megabits can handle 25 concurrent  connections. This limit can be changed according to the requirements in environment_variables.

Installation Steps

  1. Install Docker and Docker Compose on the host operating system.
  2. Download the deployment script and place it in the user home or any desired directory.
  3. To execute the script, you need to execute the commands as follows. 
  1. # docker-compose up -d
  • Execution of the script will perform the following actions:
  1. Delete the turn-server directory if it exists.
  2. Clone the turn-server directory.
  • Change the environment_variables.env file in the directory turn-server/docker according to your requirements.

Enter the external IP of the machine (Public IP)


Define your username and password for turn server like:

user =<user> : <password>



Insert your FQDN here (Type A record pointing to that external IP) like:

TURN_PORT_STARTThis is the lower bound of the UDP port range for relay endpoints allocation. Default value is 49152
TURN_PORT_ENDThis is the upper bound of the UDP port range for relay endpoints allocation. Default value is 49252

This is maximum bytes allowed per session. By default, 2 Megabits per session is allowed which is 262144 bytes.

Formula for calculating bytes from Megabit is : 

1024 x 1024 x <Megabits> / 8

Example: if you want to convert 50 Megabits into bytes:

1024 x 1024 x 50 / 8 = 6553600 

You can also use this website to convert. 

BW_TOTALThis is the total bandwidth allocated to TURN server sessions. By default, 50 Megabits of bandwidth is allowed which is 6553600 bytes. You can use above formula to calculate bytes from Megabits.

6. Execute the following commands to allow specific ports exposed.

For CentOS / RedHat Linux

# firewall-cmd --zone=public --add-port=49152-49252/udp --permanent
# firewall-cmd --zone=public --add-port=3478/tcp --permanent
# firewall-cmd --zone=public --add-port=3478/udp --permanent
# firewall-cmd --reload

The above step of exposing the ports are not required if you are using cloud based TURN server. Please make sure these ports are also allowed in your security group of local firewall.

To start the TURN server, navigate to the turn-server directory and run the script

# ./

A container with the name webrtc-turn will run. You can now use the following URL and the credentials of the TURN server.

"url": "turn:<FQDN>:3478",

        "username": "<username, you have entered in env variables>",

        "credential": "<password, you have entered in env variables>"


Logs for the container are available in files, as well as, within the docker daemon. To see the logs for the container, execute, and get the id of the container. Use that id to see the logs using

docker logs <container_id>

Now to deploy the WebRTC frontend, follow this guide.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.