Setup your own TURN/STUN signal/relay Server on AWS EC2
So you want to set up your own TURN/STUN server to handle signaling and relaying webRTC calls. Ok, I searched quite a bit and was finally able to build something. Took me hours so hopefully this can help you do it in 30 minutes!
We needed something simple for Mocha Video Chat
- Create an EC2 instance with Amazon Linux AMI 2 (CentOs) or Debian/Ubuntu
2. Configure AWS Security group (Incoming) and Firewall rules:
80 : TCP # if you need to setup with SSL
443 : TCP # if you need to setup with SSL
3478 : UDP
3478 : TCP
10000–20000 : UDP
3. Install CoTurn
Note: on Debian/Ubuntu
sudo apt-get install coturn
Or you can build using the following steps which what you need to for Amazon Linux AMI or any distro that doesn’t include the turn server package
sudo suyum install -y libssl-dev libevent-dev libhiredis-dev make wget -O turn.tar.gz http://turnserver.open-sys.org/downloads/v4.5.0.3/turnserver-4.5.0.3.tar.gz tar -zxvf turn.tar.gz cd turnserver-* #(replaces star with the version number)./configuremake && make install
4. configure
Edit the configuration file. It’s usually in one the following locations based on your linux and installation:
/etc/
/usr/local/etc/
Note: you can also search for it using the very useful search command
search / -name turnserver.conf
realm=meetmocha.com
fingerprint
external-ip=<ec2-public-ip-address>
listening-port=3478
min-port=10000
max-port=20000
log-file=/var/log/turnserver.log
verbose
user=<username>:<password> #don't expose this in clients
Note: you get your ec2 public address in the aws console in your ec2 instance details. You don’t nee the private address flag (-L). it can cause issues.
4. Run
./turnserver -c /path/to/turnserver.conf
5. Test
You can use Trickle to test your turn server once it’s running
url: TURN:<your-ec2-public-ip>:3478
username: <username>
password: <password>
Bonus: Once you tested your server, you want to use time-limited credentials. Very easy to implement and prevent unauthorized usage of your server. Also you can use Supervisor or Systemd to manage and monitor your TurnServer.