When we use webrtc for realtime communication some times we face an issue of audio and video doesn’t connect for some users and this happen because these users network is going through a firewall which doesn’t allow a direct communication to the client to avoid this issue we setup turn and stun server. Here we will use coturn server to make the communication via udp port which is required to make realtime communication in webrtc and same scenario apply for bigbluebutton. Actually turn and stun server bypass the firewall or NAT and client communicate with turn and stun server instead of making a direct communication.
Requirement for coturn server installation:
Below is list to get ready a stun and turn server for webrtc
- Ubuntu 20
- Domain / subdomain name
- port 22 for communication outside
- 80, 443 and 3478 bigbluebutton client to connect
- 32769 – 65535 (range of port) to connect to bigbluebutton server
Install Coturn server :
Use below commands to install coturn turn server :
sudo apt-get update
sudo apt-get install coturn
Now check if you are able to see newly added coturn turn server by following command
sudo systemctl status coturn
Install and configure SSL :
Here we will install let’s encrypt ssl certificate with the help of certbot
Please enter the following commands
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
Now we have certbot and we can use it to generate ssl certificate by following command:
sudo certbot certonly --standalone --preferred-challenges http \
-d <turn.avinyaweb.com>
Make sure the certificate files are readable by coturn user.
Next add the renewal hook , First create a directory
sudo mkdir -p /etc/letsencrypt/renewal-hooks/deploy
Next, create the file /etc/letsencrypt/renewal-hooks/deploy/coturn
with the following contents. Replace with the hostname of your TURN server.
#!/bin/bash -e
for certfile in fullchain.pem privkey.pem ; do
cp -L /etc/letsencrypt/live/<turn.avinyaweb.com>/"${certfile}" /etc/turnserver/"${certfile}".new
chown turnserver:turnserver /etc/turnserver/"${certfile}".new
mv /etc/turnserver/"${certfile}".new /etc/turnserver/"${certfile}"
done
systemctl kill -sUSR2 coturn.service
Now make this file executable to execute it automatically on renewal process
sudo chmod 0755 /etc/letsencrypt/renewal-hooks/deploy/coturn
Configure coturn server
Please edit the following file /etc/turnserver.conf
and replace the below parameters
- update <turn.example.com> with the hostname of your turn server
- update <example.com> with realm of your turn server
- generate a random value with this command
openssl rand -hex 16
and put it at <secret_value>, later we will use this secret value - update <IP> with your turn server external ip
Next step is to create the dhp.pem file using below commands
$ sudo mkdir -p /etc/turnserver
$ sudo openssl dhparam -dsaparam -out /etc/turnserver/dhp.pem 2048
Now create this file with below content /etc/systemd/system/coturn.service.d/override.conf
it will create a service
[Service]
LimitNOFILE=1048576
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=
ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid --no-stdout-log --simple-log --log-file /var/log/turnserver/turnserver.log
Restart=always
Now restart the coturn server make everything implemented and start using new configurations, use below commands to restart for first time
$ sudo /etc/letsencrypt/renewal-hooks/deploy/coturn
$ sudo systemctl daemon-reload
$ sudo systemctl restart coturn
In the future you will be able to restart with simple commands sudo systemctl restart coturn
Configure BigBlueButton to use TURN server:
Edit the following file via terminal or ftp, For terminal use below command
cd /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
- uncomment the beans used for turn server and replace the appropriate values for example replace the value of the index 0 and index 1 in <bean> of id turn0 and turn1 , use the same secret we created above, also make sure both bean have a different of
turn and turns
- now you need to add both beans to the
<property name="turnServers">
- In short Please refer to below image and replace <turn.example.com> and <secret_value>

Now restart the bigbluebutton server using following command sudo bbb-conf --restart
and you are all setup to use turn server