coturn is a TURN server and gateway for VoIP media traffic dealing with NAT traversal as well by offering STUN capabilities. Communication software like Matrix and Nextcloud Talk use coturn to implement video conferencing.

Before coturn can be used by other services, it needs to be installed according to its documentation.

Note: The coturn guide in UberLab 7 documentation has been removed, because the setup seems to be broken most of the time, nevertheless it's still available on GitHub.

Additionally to basic setup there are some options which seem to be important to run coturn secure, but discreetly.

To enhance privacy logging may be disabled by using no-stdout-log and specifying a log file in combination with simple-log option in coturn's configuration:

no-stdout-log
log-file=/var/log/coturn.log
simple-log

Then drop all logs by creating the log file as symbolic link to /dev/null:

ln -s /dev/null /var/log/coturn.log

Normally coturn is rather integrated in other communication software than used directly.

To enable coturn in Synapse, turn_uris and turn_shared_secret must be configured in homeserver.yaml file:

turn_uris:
  - "turns:<host.domain.tld>:<port1>?transport=udp"
  - "turns:<host.domain.tld>:<port1>?transport=tcp"
  - "turn:<host.domain.tld>:<port1>?transport=udp"
  - "turn:<host.domain.tld>:<port1>?transport=tcp"

turn_shared_secret: "<static-auth-secret>"

Change <host.domain.tld>, <port1> and <static-auth-secret> to fit your needs.

In Nextcloud go to Settings and choose the Talk tab. Use your <host.domain.tld>:<port1> in STUN-Server and TURN-Server configuration. For the later also use your <static-auth-secret> as well as UDP and TCP option. Testing can be done by the little heart beat symbol next to it resulting in a check mark symbol when successful.

Category: Services