Install and Configure stun, turn server – coturn- webRTC – BigBlueButton

webrtc stun and turn server

When we use webrtc for realtime communication some times we face an issue of audio and video doesn’t connect for some users and this happen because these users network is going through a firewall which doesn’t allow a direct communication to the client to avoid this issue we setup turn and stun server. Here we will use coturn server to make the communication via udp port which is required to make realtime communication in webrtc and same scenario apply for bigbluebutton. Actually turn and stun server bypass the firewall or NAT and client communicate with turn and stun server instead of making a direct communication.

Requirement for coturn server installation:

Below is list to get ready a stun and turn server for webrtc

  • Ubuntu 20
  • Domain / subdomain name
  • port 22 for communication outside
  • 80, 443 and 3478 bigbluebutton client to connect
  • 32769 – 65535 (range of port) to connect to bigbluebutton server

Install Coturn server :

Use below commands to install coturn turn server :

sudo apt-get update
sudo apt-get install coturn

Now check if you are able to see newly added coturn turn server by following command

sudo systemctl status coturn

Install and configure SSL :

Here we will install let’s encrypt ssl certificate with the help of certbot

Please enter the following commands

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

Now we have certbot and we can use it to generate ssl certificate by following command:

sudo certbot certonly --standalone --preferred-challenges http \
    -d <turn.avinyaweb.com>

Make sure the certificate files are readable by coturn user.

Next add the renewal hook , First create a directory

sudo mkdir -p /etc/letsencrypt/renewal-hooks/deploy

Next, create the file /etc/letsencrypt/renewal-hooks/deploy/coturn with the following contents. Replace with the hostname of your TURN server.

#!/bin/bash -e
for certfile in fullchain.pem privkey.pem ; do
	cp -L /etc/letsencrypt/live/<turn.avinyaweb.com>/"${certfile}" /etc/turnserver/"${certfile}".new
	chown turnserver:turnserver /etc/turnserver/"${certfile}".new
	mv /etc/turnserver/"${certfile}".new /etc/turnserver/"${certfile}"
done
systemctl kill -sUSR2 coturn.service

Now make this file executable to execute it automatically on renewal process

sudo chmod 0755 /etc/letsencrypt/renewal-hooks/deploy/coturn

Configure coturn server

Please edit the following file /etc/turnserver.conf and replace the below parameters

  • update <turn.example.com> with the hostname of your turn server
  • update <example.com> with realm of your turn server
  • generate a random value with this command openssl rand -hex 16 and put it at <secret_value>, later we will use this secret value
  • update <IP> with your turn server external ip

Next step is to create the dhp.pem file using below commands

$ sudo mkdir -p /etc/turnserver
$ sudo openssl dhparam -dsaparam  -out /etc/turnserver/dhp.pem 2048

Now create this file with below content /etc/systemd/system/coturn.service.d/override.conf it will create a service

[Service]
LimitNOFILE=1048576
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=
ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid --no-stdout-log --simple-log --log-file /var/log/turnserver/turnserver.log
Restart=always

Now restart the coturn server make everything implemented and start using new configurations, use below commands to restart for first time

$ sudo /etc/letsencrypt/renewal-hooks/deploy/coturn    
$ sudo systemctl daemon-reload                        
$ sudo systemctl restart coturn                       

In the future you will be able to restart with simple commands sudo systemctl restart coturn

Configure BigBlueButton to use TURN server:

Edit the following file via terminal or ftp, For terminal use below command

cd /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml

  • uncomment the beans used for turn server and replace the appropriate values for example replace the value of the index 0 and index 1 in <bean> of id turn0 and turn1 , use the same secret we created above, also make sure both bean have a different of turn and turns
  • now you need to add both beans to the <property name="turnServers">
  • In short Please refer to below image and replace <turn.example.com> and <secret_value>
turn server configuration in bigbluebutton
turn server configuration in bigbluebutton

Now restart the bigbluebutton server using following command sudo bbb-conf --restart and you are all setup to use turn server

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.