How to create and setup a STUN/TURN server on AWS?

Important You no longer need to use your own STUN/TURN server if your instance does not have a public IP since Genymotion Device Image ver. 13.0.0. With Android 8.0 and above Genymotion Device images (PaaS) AMIs, WebRTC connections require a STUN/TURN server. To palliate to this, our Android 8.0+ images forward all WebRTC connections to our own STUN/TURN server. This means that Genymotion instances require a public IP and access to the Internet to reach our STUN/TURN server. As a result, you will not be able to get any display (black screen) if your instances don't have a public IP. If using a public IP does not comply with your setup or security requirements, the solution is to use your own STUN/TURN server. This tutorial will show you how to install and setup a STUN/TURN server on AWS.

Prerequisite

We recommend using an Ubuntu Server 20.04LTS (Focal) x86_64 instance for General purpose and instance type

t3.micro:

You will also need to add inbound rules to the TURN/STUN server EC2 security group in order to allow inbound connection from your Genymotion instance(s) to TCP (HTTPS) and UDP port 443:

Install and configure CoTURN server

Connect to your Ubuntu server with ssh

Add the Universe repository:

sudo apt-add-repository universe

Update and upgrade Ubuntu:

sudo apt update && sudo apt upgrade

Reboot the server from the EC2 dashboard or with

sudo reboot

Install CoTURN server:

sudo apt-get install coturn

Edit the file

/etc/default/coturn

and un-comment

TURNSERVER_ENABLED=1

to have CoTURN start on boot.

Edit the file

/etc/turnserver.conf

and un-comment

listening-port=3478

and change it to

listening-port=443

to have CoTURN server listen to port 443:

TURN listener port for UDP and TCP (Default: 3478).

Note: actually, TLS & DTLS sessions can connect to the

"plain" TCP & UDP port(s), too - if allowed by configuration.

listening-port=443

Note

We chose to use TCP prot 443 to ensure best compliance with security requirements.

Un-comment

listening-ip

and replace the default IP with your Ubuntu server private IP:

Specify listening IP, if not set then Coturn listens on all system IPs.

listening-ip=xxx.xxx.xxx.xxx

Add a user and password for your Genymotion virtual device by un-commenting `user=username1:password1` and replace `username1` and `password1` by the username and password of your choice:

'Static' user accounts for long term credentials mechanism, only.

This option cannot be used with TURN REST API.

'Static' user accounts are NOT dynamically checked by the turnserver process,

so that they can NOT be changed while the turnserver is running.

#user=username1:key1

#user=username2:key2

OR:

user=my_username:123456

#user=username2:password2

Edit the file

/lib/systemd/system/coturn.service

and add the line

AmbientCapabilities=CAP_NET_BIND_SERVICE

in the

[Service]

section:

[Service]
User=turnserver
Group=turnserver
Type=forking
RuntimeDirectory=turnserver
PIDFile=/run/turnserver/turnserver.pid
ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
#FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connection.
ExecStartPost=/bin/sleep 2
Restart=on-failure
InaccessibleDirectories=/home
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE

Reboot the instance.

Verify that the CoTURN server started correctly and is listening to port 443:

sudo systemctl status coturn

If everything is in order, you should get the following output:

0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
systemd[1]: Started coTURN STUN/TURN Server.

Configuring the Genymotion instance to use your TURN server

Next, you need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

From the instance UI, go to the Configuration panel: Fill the TURN & STUN box with your STUN/TURN server URIs, username and password. The TURN URI synthax should be

turn:xxx.xxx.xxx.xxx:443

and STUN URI should be

stun:xxx.xxx.xxx.xxx:443

, where xxx.xxx.xxx.xxx is your server private IP: Click APPLY The Genymotion instance now uses your TURN/STUN server on port 443 to for webRTC connections. For more details and alternate methods with command line tools, please refer to Genymotion Device image user guide.

How to create and setup a STUN/TURN server on AWS?

Prerequisite

Install and configure CoTURN server

Connect to your Ubuntu server with ssh

Add the Universe repository:

Update and upgrade Ubuntu:

Reboot the server from the EC2 dashboard or with

Install CoTURN server:

Edit the file

Edit the file

TURN listener port for UDP and TCP (Default: 3478).

Note: actually, TLS & DTLS sessions can connect to the

"plain" TCP & UDP port(s), too - if allowed by configuration.

Specify listening IP, if not set then Coturn listens on all system IPs.

Add a user and password for your Genymotion virtual device by un-commenting user=username1:password1 and replace username1 and password1 by the username and password of your choice:

'Static' user accounts for long term credentials mechanism, only.

This option cannot be used with TURN REST API.

'Static' user accounts are NOT dynamically checked by the turnserver process,

so that they can NOT be changed while the turnserver is running.

OR:

Edit the file

Reboot the instance.

Verify that the CoTURN server started correctly and is listening to port 443:

Configuring the Genymotion instance to use your TURN server

Add a user and password for your Genymotion virtual device by un-commenting `user=username1:password1` and replace `username1` and `password1` by the username and password of your choice: