Using Prosody with coturn

coturn is a TURN and STUN server.

Installation

This assumes a Debian system. Commands for installation and config file paths may vary with operating system.

Install coturn

sudo apt install coturn

Check whether it was started automatically,

sudo systemctl status coturn

If not, do so (or wait until after configuring).

sudo systemctl enable --now coturn

Firewall

If you have a firewall enabled, make sure to allow coturn through.

sudo ufw allow Turnserver

Install mod_external_services

This step can be skipped after version 0.12 (trunk) because mod_external_services is included with Prosody.

See page about installing modules.

Configuration

Enable the module in the modules_enabled list:

modules_enabled = {
    -- other modules ...
    "external_services"
}

Generate a suitably strong shared secret and put it both as static-auth-secret in /etc/turnserver.conf and as external_service_secret in Prosodys configuration. A realm is also needed.

realm=turn.example.com
use-auth-secret
static-auth-secret=s1kr3t

In Prosodys configuration, /etc/prosody/prosody.cfg.lua, add:

modules_enabled = {
    -- other modules ...
    "external_services"
}

external_services = {
    {
        type = "stun",
        transport = "udp",
        host = "turn.example.com",
        port = 3478
    }, {
        type = "turn",
        transport = "udp",
        host = "turn.example.com",
        port = 3478,
        secret = "s1kr3t"
    }
}

That should be it! Don’t forget to check out coturns own documentation and skim through the rest of the default configuration file.

Test

By using a client with an XML console, manually request temporary credentials as per XEP-0215. These can be tested using https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/