3
3
At the present time, several operation systems have this project pre-packaged:
5
1) FreeBSD (and PC-BSD) have this project as a "port", named "turnserver",
6
in /usr/ports/net/turnserver directory. Installation is very simple:
8
# optional commands, to update the ports tree:
10
$ sudo portsnap update
12
# Build and install the TURN Server:
13
$ cd /usr/ports/net/turnserver
14
$ sudo make install clean
16
2) Debian "jessie" (and the recent version of Ubuntu and Mint)
17
have the predecessor of this project packaged as "rfc5766-turn-server", see the link:
19
http://packages.qa.debian.org/r/rfc5766-turn-server.html
21
In the new Debian "jessie", and in the related Ubuntu and Mint, you will
22
be able to just select rfc5766-turn-server from the packages list and
23
install it through Synaptic or through the package manager.
25
If you are using the Debian package from the project download site, then follow these instructions:
5
1) New Linuxes in Debian family have package "coturn":
7
http://packages.qa.debian.org/r/coturn.html
9
If you are using the Debian package from the project download site,
10
then follow these instructions:
27
12
Unpack the archive:
82
63
It will create a Makefile customized for your system.
84
By default, the generated Makefile will be set to install everything
65
By default, the generated Makefile will install everything to:
87
68
- /usr/pkg on NetBSD.
88
69
- /usr/local everywhere else.
90
The binaries will be copied in bin subdirectory of the installation
91
destination, config files copied to etc subdirectory. There will be
71
The binaries will be copied to the bin subdirectory of the installation
72
destination, config files copied to etc subdirectory. The default SQLite database
73
will be created in var/db/turndb. There will be
92
74
also documents, examples and some other files, in separate directories.
94
You can change the root configured destination directory by
76
You can change the root configured destination directory by
95
77
setting PREFIX variable in the
96
78
configure command line. For example:
102
84
$ ./configure --prefix=/opt
104
86
You can change the auxiliary configured destination sub-directories by
105
setting BINDIR, CONFDIR, MANPREFIX, EXAMPLESDIR, DOCSDIR, LIBDIR, SCHEMADIR
106
and TURNINCLUDEDIR variables in the
87
setting BINDIR, CONFDIR, MANPREFIX, EXAMPLESDIR, DOCSDIR, LIBDIR, SCHEMADIR,
88
LOCALSTATEDIR and TURNINCLUDEDIR variables in the
107
89
configure command line. For example:
109
91
$ PREFIX=/opt BINDIR=/opt/bin64 CONFDIR=/opt/conf ./configure
203
189
In this example, the root installation directory will be /opt/usr.
205
191
The "configure" script by default generates a Makefile with "rpath" option
206
set for the binaries linking (if your compiler allows that option). If that
207
is not desirable (like in some OS packaging procedures), then run the
208
"configure" script with --disable-rpath option.
192
set for the dynamic libraries linking (if your system and your compiler
193
allow that option). If that is not desirable (like in some OS packaging
194
procedures), then run the "configure" script with --disable-rpath option.
210
If you do not want to use the rpath linking option, or you OS or compiler
211
do not allows that, then after the installation, you may have to adjust the
212
system-wide shared library search path by using "ldconfig -n <libdirname>"
213
(Linux), "ldconfig -m <libdirname>" (BSD) or "crle -u -l <libdirname>"
214
(Solaris). Your system must be able to find the libevent2, openssl and
215
(optionally) PostgreSQL and/or MySQL (MariaDB) and/or MongoDB and/or Redis
216
shared libraries, either with the help of the system-wide library search
217
configuration or by using LD_LIBRARY_PATH. "make install" will make a
218
non-garantied effort to add automatically PREFIX/lib and /usr/local/lib to
219
the libraries search path, but if you have some libraries in different
220
non-default directories you will have to add them manually to the search
221
path, or you will have to adjust LD_LIBRARY_PATH.
196
If you are not using the rpath linking option, then after the installation,
197
you may have to adjust the system-wide shared library search path with
198
"ldconfig -n <libdirname>" (Linux), "ldconfig -m <libdirname>" (BSD) or
199
"crle -u -l <libdirname>" (Solaris). Your system must be able to find the
200
libevent2, openssl and (optionally) SQLite and/or PostgreSQL and/or MySQL
201
(MariaDB) and/or MongoDB and/or Redis shared libraries, either with the
202
help of the system-wide library search configuration or by using
203
LD_LIBRARY_PATH. "make install" will make a non-guaranteed effort to add
204
automatically PREFIX/lib and /usr/local/lib to the libraries search path,
205
but if you have some libraries in different non-default directories then
206
you will have to add them manually to the search path, or you will have
207
to adjust LD_LIBRARY_PATH.
225
211
The TURN Server is using generic *NIX system APIs and is supposed to be
226
212
usable on wide range of *NIX systems.
228
The following platforms have been used in the development:
230
- Linux Ubuntu 11.x and 12.x, i386 and x86_64
235
- Linux CentOS / Red Hat Enterprise Edition 6.x-7.0, x86_64 (i386 & amd64)
236
- Linux Debian 'Squeeze', i386
237
- Linux Mint 14.1 'Nadia', i386
238
- Linux Mint 16 'Petra', i386
239
- Linux Debian 'Wheezy', x86_64
243
- Amazon Linux, x86_64
244
- Mac OS X Mountain Lion
246
- Fedora 19 and 20, x86_64
247
- OpenSUSE 12.3, x86_64
249
It must work on many other *NIXes, as well. The configure script and/or
214
The following platforms are supported
215
(both i386 and x86_64 variants when applicable):
218
- BSD family (Mac OS X, FreeBSD, NetBSD, OpenBSD),
222
It must work on other *NIXes, as well. The configure script and/or
250
223
Makefile may need adjustments for other *NIXes not mentioned above.
252
225
The code of the client messaging library can be compiled and used on
276
249
In addition to common *NIX OS services and libraries, to compile this code,
277
250
OpenSSL (version 1.0.0a or better recommended) and libevent2 (version 2.0.5
278
or better) are required, the PostgreSQL C client development setup is
279
optional, the MySQL (MariaDB) C client development setup is optional, the MongoDB
280
C Driver and the Hiredis development files for Redis database access are optional.
281
For fully functional build, the extra set of libraries must be installed
282
in full version (the development headers and the libraries to link with).
283
For runtime, only runtime setup is required. If the build is modified for
251
or better) are required, SQLite C development library and header is optional,
252
the PostgreSQL C client development setup is optional,
253
the MySQL (MariaDB) C client development setup is optional,
254
the MongoDB C Driver and the Hiredis development files for Redis database
255
access are all optional. For development build, the development headers and
256
the libraries to link with, are to be installed. For the runtime, only the
257
runtime setup is required. If the build is modified for
284
258
static linking, then even runtime installation is not needed.
286
OpenSSL, libevent2, PostgreSQL, MySQL (or MariaDB) and Hiredis
260
OpenSSL, SQLite, libevent2, PostgreSQL, MySQL (or MariaDB) and Hiredis
287
261
libraries can be downloaded from their web sites:
288
262
- http://www.openssl.org (required);
289
263
- http://www.libevent.org (required);
264
- http://www.sqlite.org (optional);
290
265
- http://www.postgresql.org (optional);
291
266
- http://www.mysql.org (or http://mariadb.org) (optional);
292
267
- https://github.com/mongodb/mongo-c-driver (optional);
298
273
installed in their default locations. If not, then you will have to modify
301
Most modern popular systems (FreeBSD / PC-BSD, Linux Ubuntu 11.10+, Debian Wheezy,
302
Linux Mint 14+, Amazon Linux, Fedora) have a simpler way of the third party tools
276
Most modern popular systems (FreeBSD, Linux Ubuntu/Debian/Mint, Amazon Linux, Fedora)
277
have a simpler way of the third party tools installation:
305
*) PC-BSD or FreeBSD (the FRESH ports database is assumed to be installed, with
279
*) FreeBSD (the FRESH ports database is assumed to be installed, with
306
280
the turnserver port included):
308
282
$ cd /usr/ports/net/turnserver
409
388
2) Before the compilation, check the dynamic libraries and adjust their identification names,
410
389
if necessary, to the absolute library path or to @rpath/<library-file-name>.
411
For exmple, the MySQL dynamic library may need that adjustment. You will have to use
390
For example, the MySQL dynamic library may need that adjustment. You will have to use
412
391
"adjust_name_tool" with -id option for that; OR
414
3) After the compilation, you can use the same tool, "adjust_name_tool", with option -change,
415
to adjust the library paths values in the binary, where necessary. All library paths must be
416
absolute paths or @rpath/... .
393
3) After the compilation, you can use the same tool, "adjust_name_tool",
394
with option -change, to adjust the library paths values in the binary,
395
where necessary. All library paths must be absolute paths or @rpath/... .
418
397
See also the next section.
420
NOTE: See "PostgreSQL setup" and "MySQL setup" and "MongoDB setup" and
421
"Redis setup" sections below for more database setup information.
399
NOTE: See "SQLite setup" and "PostgreSQL setup" and "MySQL setup" and
400
"MongoDB setup" and "Redis setup" sections below for more database setup
423
NOTE: If you do not install PostgreSQL or MySQL or MongoDB or Redis then you will
424
be limited to flat files for user database. It will work great for
425
smaller user databases (like 100 users) but for larger systems you
426
will need PostgreSQL or MySQL or MongoDB or Redis.
403
NOTE: If you do not install SQLite or PostgreSQL or MySQL or MongoDB or Redis,
404
then you will be limited to the command-line options for user database.
405
It will work great for development setup, but for real runtime systems you
406
will need SQLite or PostgreSQL or MySQL or MongoDB or Redis.
428
408
NOTE: To run PostgreSQL or MySQL or MongoDB or Redis server on the same system,
429
409
you will also have to install a corresponding PostgreSQL or MySQL or
623
606
subdirectory of the original archive tree. After the installation, it will
624
607
be placed in PREFIX/share/doc/turnserver/html.
626
XIV. PostgreSQL setup
628
The site http://www.postgresql.org site has excellent extensive documentation.
629
For a quick-start guide, you can take a look into this page:
630
http://www.freebsddiary.org/postgresql.php. That page is written for
631
FreeBSD users, but it has lots of generic information applicable to other
634
For the psql-userdb TURN server parameter, you can either set a PostgreSQL
635
connection string, or a PostgreSQL URI, see the link:
637
For 8.4 PostgreSQL version:
638
http://www.postgresql.org/docs/8.4/static/libpq-connect.html
640
For newer 9.x versions:
641
http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING.
643
In the PostgreSQL connection string or URI, you can set the host, the
644
access port, the database name, the user, and the user password
645
(if the access is secured). Numerous other parameters can be set,
646
see the links above. The TURN server will blindly use that connection
647
string without any modifications. You are responsible for the right
648
connection string format.
650
Below are the steps to setup the PostgreSQL database server from scratch:
652
1) Install PostgreSQL server.
654
2) Find and edit Postgres' pg_hba.conf file to set the access options
655
(see docs). On different systems, it may be located in different places.
656
Set the lines for local access as "trust" for now (you can change it later),
657
for TCP/IP access set the value as "md5".
658
To set TCP/IP access from any host, use "0.0.0.0/0" for IPv4, and "::/0"
661
3) Edit postgresql.conf file to allow TCP/IP access - uncomment and edit
662
the "listen_addresses" option (see docs). On different systems, this file
663
may be located in different places.
665
4) Restart your system or restart the postgresql server, for example:
667
$ sudo /etc/init.d/postgresql stop
668
$ sudo /etc/init.d/postgresql start
670
5) Check /etc/passwd file to find out which user account is used for the
671
PostgreSQL admin access on your system (it may be "pgsql", or "postgres",
672
or "postgresql"). Let's assume that this is "postgres" account.
674
6) Create a database for the TURN purposes, with name, say, "turn":
676
$ createdb -U postgres turn
678
7) Create a user for the TURN with name, say, "turn":
679
$ psql -U postgres turn
680
turn=# create user turn with password 'turn';
684
8) Create the TURN users database schema.
611
The site http://www.sqlite.org site has excellent extensive documentation.
613
The default SQLite database location for the TURN Server is
614
/usr/local/var/db/turndb or /var/db/turndb (depending on the platform).
686
616
The database schema for the TURN server is very minimalistic and is located
687
617
in project's turndb/schema.sql file, or in the system's
688
618
PREFIX/share/turnserver/schema.sql file after the turnserver installation:
690
$ cat turndb/schema.sql | psql -U turn turn
691
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "turnusers_lt_pkey" for table "turnusers_lt"
693
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "turnusers_st_pkey" for table "turnusers_st"
620
If you would like to created a new fresh SQLite TURN database:
622
$ sqlite3 <your-db-file-name> < turndb/schema.sql
698
624
The schema description:
826
752
turnadmin to add/modify/delete users, or you can use turnadmin to produce
827
753
the hmac keys and modify the database with your favorite tools.
755
When starting the turnserver, the --db parameter will be, for example:
757
turnserver ... --db="/var/db/turndb"
759
You will have to use the program turnadmin to fill the
760
database, or you can do that manually with psql.
762
Fill in users, for example:
764
Shared secret for the TURN REST API (realm north.gov):
766
$ bin/turnadmin -s logen -r north.gov -b "/var/db/turndb"
768
Long-term credentials mechanism:
770
$ bin/turnadmin -a -b "/var/db/turndb" -u gorst -r north.gov -p hero
771
$ bin/turnadmin -a -b "/var/db/turndb" -u ninefingers -r north.gov -p youhavetoberealistic
773
Long-term credentials mechanism with SHA256 extention:
774
$ bin/turnadmin -a -b "/var/db/turndb" -u bethod -r north.gov -p king-of-north --sha256
776
Short-term credentials mechanism:
778
$ bin/turnadmin -A -b "/var/db/turndb" -u gorst -p hero
779
$ bin/turnadmin -A -b "/var/db/turndb" -u ninefingers -p youhavetoberealistic
783
The site http://www.postgresql.org site has excellent extensive documentation.
784
For a quick-start guide, you can take a look into this page:
785
http://www.freebsddiary.org/postgresql.php. That page is written for
786
FreeBSD users, but it has lots of generic information applicable to other
789
For the psql-userdb TURN server parameter, you can either set a PostgreSQL
790
connection string, or a PostgreSQL URI, see the link:
792
For 8.4 PostgreSQL version:
793
http://www.postgresql.org/docs/8.4/static/libpq-connect.html
795
For newer 9.x versions:
796
http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING.
798
In the PostgreSQL connection string or URI, you can set the host, the
799
access port, the database name, the user, and the user password
800
(if the access is secured). Numerous other parameters can be set,
801
see the links above. The TURN server will blindly use that connection
802
string without any modifications. You are responsible for the right
803
connection string format.
805
Below are the steps to setup the PostgreSQL database server from scratch:
807
1) Install PostgreSQL server.
809
2) Find and edit Postgres' pg_hba.conf file to set the access options
810
(see docs). On different systems, it may be located in different places.
811
Set the lines for local access as "trust" for now (you can change it later),
812
for TCP/IP access set the value as "md5".
813
To set TCP/IP access from any host, use "0.0.0.0/0" for IPv4, and "::/0"
816
3) Edit postgresql.conf file to allow TCP/IP access - uncomment and edit
817
the "listen_addresses" option (see docs). On different systems, this file
818
may be located in different places.
820
4) Restart your system or restart the postgresql server, for example:
822
$ sudo /etc/init.d/postgresql stop
823
$ sudo /etc/init.d/postgresql start
825
5) Check /etc/passwd file to find out which user account is used for the
826
PostgreSQL admin access on your system (it may be "pgsql", or "postgres",
827
or "postgresql"). Let's assume that this is "postgres" account.
829
6) Create a database for the TURN purposes, with name, say, "turn":
831
$ createdb -U postgres turn
833
7) Create a user for the TURN with name, say, "turn":
834
$ psql -U postgres turn
835
turn=# create user turn with password 'turn';
839
8) Create the TURN users database schema.
841
The database schema for the TURN server is very minimalistic and is located
842
in project's turndb/schema.sql file, or in the system's
843
PREFIX/share/turnserver/schema.sql file after the turnserver installation:
845
$ cat turndb/schema.sql | psql -U turn turn
846
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "turnusers_lt_pkey" for table "turnusers_lt"
848
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "turnusers_st_pkey" for table "turnusers_st"
852
See the SQLite section for the detailed database schema explanation.
854
You can use turnadmin program to manage the database - you can either use
855
turnadmin to add/modify/delete users, or you can use turnadmin to produce
856
the hmac keys and modify the database with your favorite tools.
829
858
More examples of database schema creation:
831
860
psql -h <host> -U <db-user> -d <database-name> < turndb/schema.sql
1022
1051
traffic notifications.
1024
1053
See the explanation in the turndb/schema.stats.redis file, and an example in
1025
turndb/testredisdbsetup.sh file. One special thing about TURN Redis security setup
1026
is that you can store open passwords for long-term credentials in Redis.
1027
You cannot set open passwords for long-term credentials in MySQL and PostgreSQL -
1028
with those DBs, you have to use the keys only. With Redis, you have a choice -
1029
keys or open passwords.
1054
turndb/testredisdbsetup.sh file. One special thing about TURN Redis security
1055
setup is that you can store open passwords for long-term credentials in Redis.
1056
You cannot set open passwords for long-term credentials in SQLite or MySQL or
1057
PostgreSQL - with those DBs, you have to use the keys only. With Redis, you
1058
have a choice - keys or open passwords.
1031
1060
You also have to take care about Redis connection parameters, the timeout and the
1032
1061
keepalive. The following settings must be in your Redis config file
1055
1084
Short-term credentials mechanism:
1057
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -r north.gov -p hero
1058
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -r north.gov -p youhavetoberealistic
1086
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u gorst -p hero
1087
$ bin/turnadmin -A -N "host=localhost dbname=2 user=turn password=turn" -u ninefingers -p youhavetoberealistic
1060
1089
See the file testredisdbsetup.sh for the data structure examples.
1062
XVIII. Performance tuning
1091
XIX. Performance tuning
1064
1093
This topic is covered in the wiki page:
1066
1095
http://code.google.com/p/coturn/wiki/turn_performance_and_load_balance
1068
XIX. TURN Server setup
1097
XX. TURN Server setup
1070
1099
Read the project wiki pages: http://code.google.com/p/coturn/w/list
1072
1101
Also, check the project from page links to the TURN/WebRTC configuration examples.
1073
1102
It may give you an idea how it can be done.
1075
XX. Management interface
1104
XXI. Management interface
1077
1106
You have a telnet interface (enabled by default) to access the turnserver process,
1078
1107
to view its state, to gather some statistical information, and to make some changes