TURN Server Deployment
The Genesys WebRTC Service has been tested with the coTURN TURN server, which is a free, high-performance open-source TURN and STUN server implementation. Genesys currently recommends v220.127.116.11 of the coTURN TURN server; however, more recent versions may exist.
If a TURN server is already deployed in your network or you are planning to deploy a TURN server other than coTURN, you can skip the following steps.
- RHEL/CentOS 6.6+
- At least two vCPUs, 4GB Memory. SSD may be used, but is not mandatory.
- The most important factor is the networking performance. Make sure that your network has:
- High packet per second (PPS) performance
- Low network jitter (<= 30ms)
- Low latencies (<= 150ms)
For example, if you are deploying the TURN server in an AWS instance, then Enhanced Networking is only available on instances launched with HVM AMIs. Preferably, use C3/C4/R3 instances. For details on AWS EC2 instance types, check here.
Installation and Configuration
Download and install the latest version of TURN server from this link.
You must install the TURN server on a separate server. If you want to install the TURN server in the same machine as the WebRTC Gateway, make sure there is no port conflict.
You must have super-user access to install the TURN server.
- Download the TURN server installation package from the above link, and unzip the file into a temporary folder.
- Run the install.sh file to install the TURN server:
# chmod +x install.sh # ./install.sh
- The installation creates a turnserver user, and the TURN server runs from this account. To enable the TURN server to bind lower ports (<1024), set the following:
# setcap 'cap_net_bind_service=+ep' /usr/bin/turnserver
- Update the parameters in the following configuration file:
- listening-port: set to 443
- external-ip: set to the <public-ip>[/private-ip] for this VM; for example 18.104.22.168/10.157.156.67. The assumption is that the TURN server will be behind NAT in most of the deployments.
- Uncomment fingerprint
- Uncomment lt-cred-mech
- user: set to <user>:<password>; for example genesys:genesys. The same user/password you need to configure for your web application.
- realm: simply set it to yourdomain.com (for example ec2-54-145-183-203.compute-1.amazonaws.com)
- Start the process:
# service turnserver start
- Check if the TURN server is running:
# ps -elf | grep turnserver 5 S 498 24882 1 0 80 0 - 138025 ep_pol 23:44 ? 00:00:00 /usr/bin/turnserver -o -c /etc/turnserver/turnserver.conf
- For additional details on the TURN server parameters and configuration, you can check here.
Verifying your TURN Server
To verify whether your TURN server is running properly and is accessible, go to this demo page.
This page tests the trickle ICE functionality in a WebRTC implementation. It creates a PeerConnection with the specified STUN/TURN servers, and then starts candidate gathering for a session with a single audio stream. As candidates are gathered, they are displayed in a text box, along with an indication when candidate gathering is complete.
Select and remove the default STUN server that is populated in this page, and then add your TURN server(s) instead. For example, if you have installed the Genesys TURN server in turn.example.net and set password as genesys for genesys user, add both:
- turn:turn.example.net:443 (and user/password as genesys/genesys)
- turn:turn.example.net:443?transport=tcp (and user/password as genesys/genesys)
Then press Gather candidates and specifically check for relay candidates in the result (see example below). If no relay candidates are generated, either your TURN server is not running properly or is not accessible from your network.
Also, the type of candidates released to the application can be controlled via the IceTransports constraint.