thisiszeev
/
documentation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added coturn.md

This commit is contained in:
ZAKS Web 2025-04-23 00:31:00 +02:00
parent d555d7b5bd
commit 3fe0829f7f
3 changed files with 383 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -1,8 +1,9 @@
# documentation
# documentation
Here I will start building a list of guides for setting up various open source self-hosted software.
If you have any suggestions then please send me a chat request on Reddit (https://reddit.com/u/thisiszeev)
The contents of this repo is licensed under the Creative Commons is free to share in an unaltered state.
If you want to publish one of my guides on your website or in your print publication, then please contact me via Reddit.
The contents of this repo is licensed under the Creative Commons 4.0 Attribution, Non-Commercial, No-Derivative-Works license. You are free to share the documents in an unaltered state.
If you do wish to publish one of my guides on your website or in your print publication, then please contact me via Reddit to discuss licensing.

5
nextcloud/README.md Normal file
View File

@ -0,0 +1,5 @@
# Documentation relating to Self-Hosted Nextcloud Installs
| Filename | Description |
|----------|-------------|
| coturn.md | Setting up a TURN server for a Self-Hosted Nextcloud Installation |

373
nextcloud/coturn.md Normal file
View File

@ -0,0 +1,373 @@
# Setting up a TURN server for a self-hosted Nextcloud installation
**Document Author:** Ze'ev Schurmann
**Document Version:** v1.0
**Document License:** CC-4.0-BY-NC-ND
This document is one of a series I intend to compile for various open source projects that I use, support and believe in. For more info visit https://git.zaks.web.za/thisiszeev/documentation
If you have any questions or need 1 on 1 support/training then please send me a chat request on Reddit (https://reddit.com/u/thisiszeev)
Feel free to visit my Git Repo on https://git.zaks.web.za/thisiszeev
If you find this document useful, please let me know via Reddit, share it with others, and if you can afford it, please consider a small donation at https://paypal.me/thisiszeev
The contents of this repo is licensed under the Creative Commons 4.0 Attribution, Non-Commercial, No-Derivative-Works license. You are free to share the document in an unaltered state.
If you do wish to publish this guide or any of my other guides on your website or in your print publication, then please contact me via Reddit to discuss licensing.
## Contents
- Before you start (requirements, disclaimer and warnings)
- What is a TURN Server
- What is coTURN
- Installing coTURN
- Configuring coTURN
- Activating coTURN
- Configuring Nextcloud Community Edition (Self-Install)
## Before you start (requirements, disclaimer and warnings)
**REQUIREMENTS:** A publically accessible dedicate or virtualized server running Nextcloud. This guide is written for Debian and Debian based operating systems. If you are running a different version of Linux, then please substitute the relevant steps to fit your installation.
**DISCLAIMER:** I am in no way affiliate with Nextcloud GmbH or any of their associated companies or brands. This guide is created as a labor of love and in no ways is intended to represent the views and/or opinions of Nextcloud GmbH or any of the other community members.
**WARNING:** You use this guide at your own risk. I assume no responsibility for any damages, loss of data, loss or revenue, or any other outcome of any nature, either implied or not. It is assumed that you have a basic understanding of the Linux command-line, that you have a working Self-Hosted Installation of Nextcloud, along with root/sudo access to the server that your installation is hosted on.
## What is a TURN Server
A **TURN server** (Traversal Using Relays around NAT) is a type of server used in **real-time communication**—like video calls, voice chats, or online gaming—when **direct peer-to-peer connections** between users fail due to **strict firewalls or NATs (Network Address Translators)**.
### What it does:
- It **relays traffic** between two clients who cannot establish a direct connection.
- Unlike **STUN** (Session Traversal Utilities for NAT), which just helps discover public IPs and ports, **TURN actually passes the media (audio/video/data)** through the server.
### Why it's needed:
- Some networks (corporate, mobile, or public WiFi) block incoming peer connections.
- When direct peer-to-peer via STUN isn't possible, TURN is a fallback that ensures communication still works.
### Common in:
- **WebRTC applications** (e.g., video conferencing in browsers)
- **VoIP apps**, online games, remote desktop tools, etc.
### Downsides:
- Its **more resource-intensive** than STUN, since the TURN server handles all the data.
- **Latency** may increase a bit because the server is relaying everything.
### Example use case:
Imagine two users trying to video call using a WebRTC app:
- If theyre both behind NATs/firewalls that allow STUN, they can talk directly (P2P).
- If not, a TURN server relays their video and audio between them, acting as a middleman.
## What is coTURN
**coTURN** is a **free, open-source TURN and STUN server** implementation. Its one of the most popular and reliable choices for adding NAT traversal support to real-time communication apps, especially **WebRTC**.
### What coTURN does:
- Provides both **TURN** and **STUN** services.
- Helps devices behind NAT/firewalls communicate over the internet.
- Acts as a **relay server** when direct peer-to-peer (P2P) connections cant be established.
### Key features of coTURN:
- Supports **UDP, TCP, TLS, and DTLS**.
- **Authentication** (static or dynamic via REST API).
- **IPv4 and IPv6** support.
- Can be used in **high-load** environments.
- Works great for **WebRTC**, **VoIP**, **SIP**, **video conferencing**, etc.
### Typical usage:
- You install it on a VPS or server with a **public IP**.
- Configure it via `turnserver.conf`.
- Apps like Jitsi, Nextcloud Talk, BigBlueButton, and custom WebRTC apps use it when clients can't connect directly.
### Tip:
Even if youre just using STUN most of the time, having TURN via coTURN ensures your app **always works**, even in the strictest networks.
## Installing coTURN
### With root access
First make sure that Linux is fully updated.
```
apt update && apt -y upgrade
```
If updates complete without error, you can install coTURN.
```
apt -y install coturn
```
### With sudo access
First make sure that Linux is fully updated.
```
sudo apt update && sudo apt -y upgrade
```
If updates complete without error, you can install coTURN.
```
sudo apt -y install coturn
```
## Configuring coTURN
### With root access
Open the file `/etc/turnserver.conf`
```
nano /etc/turnserver.conf
```
### With sudo access
Open the file `/etc/turnserver.conf`
```
sudo nano /etc/turnserver.conf
```
### Editing /etc/turnserver.conf
Press CTRL+W and type `#listening-port` followed by ENTER. You will be taken to a line that looks like this:
```
#listening-port=3478
```
Remove the comment `#` so that it looks like this:
```
listening-port=3478
```
---
Press CTRL+W and type `#tls-listening-port` followed by ENTER. You will be taken to a line that looks like this:
```
#tls-listening-port=5349
```
Remove the comment `#` so that it looks like this:
```
tls-listening-port=5349
```
---
Press CTRL+W and type `#alt-listening-port` followed by ENTER. You will be taken to a line that looks like this:
```
#alt-listening-port=0
```
Remove the comment `#` so that it looks like this:
```
alt-listening-port=0
```
---
Press CTRL+W and type `#alt-tls-listening-port` followed by ENTER. You will be taken to a line that looks like this:
```
#alt-tls-listening-port=0
```
Remove the comment `#` so that it looks like this:
```
alt-tls-listening-port=0
```
---
Press CTRL+W and type `#min-port` followed by ENTER. You will be taken to a line that looks like this:
```
#min-port=49152
```
Remove the comment `#` and change the number to `60000` so that it looks like this:
```
min-port=60000
```
---
The line below `min-port` looks like this:
```
#max-port=65535
```
Remove the comment `#` and change the number to `61999` so that it looks like this:
```
max-port=61999
```
---
Press CTRL+W and type `#fingerprint` followed by ENTER. You will be taken to a line that looks like this:
```
#fingerprint
```
Remove the comment `#` so that it looks like this:
```
fingerprint
```
---
Press CTRL+W and type `#use-auth-secret` followed by ENTER. You will be taken to a line that looks like this:
```
#use-auth-secret
```
Remove the comment `#` so that it looks like this:
```
use-auth-secret
```
---
Press CTRL+W and type `#static-auth-secret` followed by ENTER. You will be taken to a line that looks like this:
```
#static-auth-secret=north
```
Remove the comment `#` and change the string after the equals to a nice long string of about 32 characters so that it looks something like this but with your own secret string in place of `SuperStrongSecretGoesHere`:
```
static-auth-secret=SuperStrongSecretGoesHere
```
*Save your chosen secret as you will need it when you configure Nextcloud.*
---
Press CTRL+W and type `#realm` followed by ENTER. You will be taken to a line that looks like this:
```
#realm=mycompany.org
```
Remove the comment `#` and change the domain for the domain you use to access the server that coTURN in installed on, so that it looks like this:
```
realm=nextcloud.mydomain.tld
```
*If you are installing coTURN on a seperate server then the domain will be different to the domain used for Nextcloud.*
---
Press CTRL+W and type `#total-quota` followed by ENTER. You will be taken to a line that looks like this:
```
#total-quota=0
```
Remove the comment `#` so that it looks like this:
```
total-quota=0
```
---
Press CTRL+W and type `# bps-capacity` followed by ENTER. You will be taken to a line that looks like this:
```
# bps-capacity=0
```
Remove the comment `#` so that it looks like this:
```
bps-capacity=0
```
*If you want to limit the total at a time network usage for coTURN, you can substiture the `0` for a real value limit in bits per second. 1 Kbps is 1024 bps, 1 Mbps is 1024 Kbps, and so on.*
---
Press CTRL+W and type `#no-multicast-peers` followed by ENTER. You will be taken to a line that looks like this:
```
#no-multicast-peers
```
Remove the comment `#` so that it looks like this:
```
no-multicast-peers
```
## Activating coTURN
coTURN should already be activate. You should only need to restart the service.
### With root access
```
systemctl restart coturn.service
```
If you got an error, you will have to start and enable it.
```
systemctl start coturn.service
systemctl enable coturn.service
```
### With sudo access
```
sudo systemctl restart coturn.service
```
If you got an error, you will have to start and enable it.
```
sudo systemctl start coturn.service
sudo systemctl enable coturn.service
```
## Configuring Nextcloud Community Edition (Self-Install)
1. Log into your Nextcloud Install as the admin user.
2. Click on the user icon in the top right.
3. Click `Administration settings`.
4. Scroll down the settings menu on the left and click on `Talk`.
5. On the right of the screen scroll down to find `TURN servers`.
6. Add a new TURN server and use the following settings:
6. - turn: and turns:
6. - TURN server URL - use the domain name you assigned to the setting `realm=`
6. - TURN server secret - use the long string you assigned to `static-auth-secret=`
6. - UDP and TCP
7. Click the wavey icon on the right. If all is done correctly, it should change to a green checkmark.