In this guide we will be learning how to run CoTURN in a docker container. COTURN is a free and open source TURN server that can be used for WebRTC video and audio communication and also VoIP services

Prerequisites

  • You should have docker installed on your system. Learning how to install docker on your system is out of the scope of this article
  • Some basic knowledge of docker is recommended but not required

You can use the Metered TURN server for this. You can create a free account

Metered Global TURN servers

  1. API: TURN server management with powerful API. You can do things like Add/ Remove credentials via the API, Retrieve Per User / Credentials and User metrics via the API, Enable/ Disable credentials via the API, Retrieve Usage data by date via the API and much more.
  2. Global Geo-Location targeting: Automatically directs traffic to the nearest servers, for lowest possible latency and highest quality performance.
  3. Servers in 12 Regions of the world: Toronto, Miami, San Francisco, Amsterdam, London, Frankfurt, Bangalore, Singapore,Sydney
  4. Low Latency: less than 50 ms latency, anywhere across the world.
  5. Cost-Effective: pay-as-you-go pricing with bandwidth and volume discounts available.
  6. Easy Administration: Get usage logs, emails when accounts reach threshold limits, billing records and email and phone support.
  7. Standards Compliant: Conforms to RFCs 5389, 5769, 5780, 5766, 6062, 6156, 5245, 5768, 6336, 6544, 5928 over UDP, TCP, TLS, and DTLS.
  8. Multi‑Tenancy: Create multiple credentials and separate the usage by customer, or different apps. Get Usage logs, billing records and threshold alerts.
  9. Reliability: 99.999% Uptime with SLA.
  10. Enterprise Scale: : With no limit on concurrent traffic or total traffic. Metered TURN Servers provide Enterprise Scalability
  11. 50 GB/mo Free: Get 50 GB every month free TURN server usage with the Free Plan

You can create an account on Metered website and get 50GB of Free TURN usage every month

Installation

Docker offers a CoTURN image that can be used to setup the CoTURN server easily in a container

Step 1 Pull the Docker Image

to install the docker coturn. Pull the docker image of the coturn from the cloud repository Docker Hub.

Type the below command in your terminal to pull the docker image

docker pull coturn/coturn

Step 2: Configure the coturn file

Once you have the docker image you can start the docker container by running the following command on your terminal

docker run -d -p 3478:3478 -p 3478:3478/udp -p 5349:5349 -p 5349:5349/udp -p 49152-65535:49152-65535/udp coturn/coturn

What are we doing here

  • -d: runs the docker container in detached mode. That is it will be running in the background
  • -p : specifies the ports on which the TURN server will run we are using the ports 3478, 5349, and port range from 49152-65535

You can also run this in Docker desktop if you have that installed on your computer

just pull the docker image as showed in the step 1 and then

do the similar settings in the docker

The TURN server needs a lot of ports to exchange media this is specified in the RFC 5766

Now that we have setup the TURN server. Let us now configure it in the next step

Step 3: Configuring the TURN server

By default the coturn docker container uses the coturn's default configuration that is specified in the CMD Dockerfile

If we need to edit the default configuration we can do so by specifing the volume command when running the docker container

docker run -d --network=host -v $(pwd)/custom.conf:/etc/coturn/turnserver.conf coturn/coturn

This command maps the custom.conf file on the current directory to the turn server directory '/etc/coturn/turnserver.conf'

What is realm?

Realm is a key that can access a group of addresses with a common owner.

A TURN server has a default realm but can have multiple "named realms" in the database

Each realm has its owners and a username/ password combination to access and identify the users that connect to a specific realm

Step 4: Turn server persistence

CoTURN docker by defaults persists the data in the '/var/lib/coturn/' directory

If we need to store the data in a different directory we can do so by specifing the -mount option in the docker run command

paste the code below in your terminal to specify a different file

docker run -d --network=host --mount type=tmpfs,destination=/var/lib/coturn coturn/coturn

this command mounts the tmfs that is the temporary file system to the docker container and specifies that the coturn write the data in the temporary file system instead of writing the data on the /var/lib/coturn file

You can do this if you do not want the data to be written on your disk thus saving disk space at the cost of having the data on the temporary file system

Step 5: Detecting External IP automatically

The Coturn has an feature called the detect-external-ip that can detect external ip automatically

you can enable this by setting the 'DETECT_EXTERNAL_IP'  environment variable to yes when running the docker run command

docker run -d --network=host -e DETECT_EXTERNAL_IP=yes coturn/coturn

By default it detects the IPv4 but if you want it to detect IPv6 you can set it to detect that you using the below code.

docker run -d --network=host coturn/coturn --external-ip='$(detect-external-ip --ipv6)' --relay-ip='$(detect-external-ip --ipv6)'

Step 6: Getting the Coturn server url from the docker container

Since the docker container runs inside your machine. You will the server url to access the TURN server

First, you will need to know the IP address of your Docker host and the port that you have mapped to the COTURN server inside the Docker Container

In our example above we mapped the Docker container to the port 3478 of our local machine and we are running the docker container on our localhost or 127.0.0.1

So the URL of the Coturn will be

turn:IP_Address_Docker_host:3478

that is

turn:127.0.0.1:3478

If your host address is some other private IP address like 192.1688.1.22 or some other you can easily map it using the above formula.

If you want to know what your local IP is

ip addr show

in you linux or mac terminal

But there is problem here. For us to be able to use the Turn server outside of our local machine we will need to map it to a public IP address

Step 7: Assigning Public IP to docker COTURN

To use the TURN server we need the ability to access it over the internet. Fo that we need a public IP address that we can assign to the TURN server

Here are the steps involved

  1. Get a Public IP address: If you are running the docker container in an AWS, google cloud or some other cloud providers instance they give you a public IP address with the instance

If you are running the docker container in your local machine then you need an IP address from your ISP internet service provider

You can go to websites like IPMango to find out what your public IP address is

2. Configure the PORT forwarding on your router: You need to configure your router if your local machine is behind one to forward all the traffic to your local machine

specify the local ip address and port number usually 3478 in the router.

If you are running the docker container on an aws instance then its not a problem

3. Update the firewall rules: Make sure to allow inbound an outbound traffic on the port number your coturn server is running. If you are running the coturn in the cloud you need to provide the rules in the cloud server

4. Final Step: Configure the Coturn server: you need to configure the coturn server to use the public IP. Open the coturn configuration file and update the  'external-ip' parameter to the external IP of your machine

Step 8 : Testing whether the CoTurn is running

You can test whether the docker coturn server is running in three ways

  1. Trickle ICE
  2. ICE Test

Trickle ICE

go to the website: https://www.metered.ca/turn-server-testing

and add the configuration and click on the add server button to add your TURN server and test it

ICE test for turn server

ICE TEST

Go to ICE Test website : https://icetest.info and enter your turn server credentials to test the TURN server

Step 9: Setting a Domain name for the turn server (optional)

You can set up a domain name for your turn server as well

For this you will need to update your DNS records

Go to a domain registrar like godaddy or namecheap and purchase a domain name then

add the DNS record and wait until they find your service

Step 10: Encryption using the COTURN server using lets encrypt (optional)

We can use the certbot from lets encrypt to easily generate the TLS certificate

enter the following commands in your TURN servers terminal

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

then you can run a certbot commond to generate the certificate. Replace the <turn.example.com> with the domain name of your TURN server

$ sudo certbot certonly --standalone --preferred-challenges http \
    -d <turn.example.com>

Take note that the TCP port 80 needs to be open for that to happen

Currently the cretbot automatically renews by default

to ensure that the certificates are readable by coturn which in turn runs the service turn server let us add a renewable hook to the let's encrypt

let us first create a directory

$ sudo mkdir -p /etc/letsencrypt/renewal-hooks/deploy

next create the file

$ sudo mkdir -p /etc/letsencrypt/renewal-hooks/deploy

with the following contents. Replace teh hostname of your TURN server

#!/bin/bash -e
for certfile in fullchain.pem privkey.pem ; do
	cp -L /etc/letsencrypt/live/<turn.example.com>/"${certfile}" /etc/turnserver/"${certfile}".new
	chown turnserver:turnserver /etc/turnserver/"${certfile}".new
	mv /etc/turnserver/"${certfile}".new /etc/turnserver/"${certfile}"
done
systemctl kill -sUSR2 coturn.service

Make this file executable

$ sudo chmod 0755 /etc/letsencrypt/renewal-hooks/deploy/coturn

and that's it we have added the encryption to the TURN server

Here are some of our other articles that you might be interested in

Conclusion

This is how you can configure the turn server in your docker container. I hope you found the article helpful

Thank you for reading