Tutorial Topic: How to Setup a Turn Server for Nextcloud Talk

This tutorial is meant to be a "learning in process". It was created by a guy who is constantly playing with various technologies.

The turn server will be installed on a fresh installation of Debian with domain www.example.com hosted on an Ngix webserver on Linode.

Here are the steps:

  1. Register the domain name www.example.com.
  2. Setup a new linode and point www.example.com to this linode.
  3. Install and Setup Nginx server block for domain www.example.com.
  4. Install and setup UFW and open ports SSH, Nginx Full and Turnserver (Turnsever ports will be opened after installation of Turnserver)
  5. Install and Setup certbot and obtain SSH certificate for turnserver.example.com.
  6. Install Coturn (open source Turn Server)
  7. Configure Coturn
  8. Setup Nextcloud Talk for the new Turn Server.

Steps 1 to 5 will be covered elsewhere. We will only cover steps 6-7 here.

Step # 6: Install Coturn package

$ sudo apt-get install coturn

Step # 7: Edit the coturn file to enable Turnserver

$ sudo nano /etc/default/coturn

uncomment TURNSERVER_ENABLED=1

Default config

Step # 7b: Edit the turnserver.conf file. The conf file is well documentated with examples.

Change the following:

  1. uncomment listening-port=3478

    2. This allows turnserver to listen to UDP port 3478. You can also use another port you may want.

    Open Port 3478
  2. uncomment tls-listening-port=5349

    3. This allows turnserver to listen to TLS port 5349. You can also use another port you may want.

    Open TLS Port 5349
  3. uncomment and add your ip address (this is an example) listening-ip=166.51.103.20
    4. Listening IP
  4. uncomment and add your ip address (this is an example) relay-ip=166.51.103.20
    5. Relay IP
  5. uncomment fingerprint
    6. Fingerprint
  6. uncomment lt-cred-mech**NEED TO RESEARCH THIS**
    7. Long-term credential
  7. uncomment use-auth-secret
    8. Use Authorization Secret
  8. uncomment and add a password static-auth-secret=fakepassword
    9. Authorization Key
  9. uncomment and add your turnserver realm=turnserver.example.com
    10. Turnserver
  10. uncomment and set your total quota. Since I will be using this for personal use, I will make it 100. total-quota=100
    11. Total quota
  11. uncomment and set your stale-nonce. I will make it for 600 seconds. stale-nonce=600
    12. Stale-nonce
  12. uncomment and set the log file. log-file=/var/tmp/turn.log
    13. Log File
  13. uncomment no-multicast-peers
    14. No Multicast Peers