How to create and setup a STUN/TURN server on AWS

Source:

Published:

Keywords: STUN, TURN, coturn, AWS, Genymotion, WebRTC, Ubuntu 20.04

Document ID: https://support.genymotion.com/hc/en-us/articles/4419469274513#split1

Important

You no longer need to use your own STUN/TURN server if your instance does not have a public IP.

With Android 8.0 and above Genymotion Device images (PaaS) AMIs, WebRTC connections require a STUN/TURN server.

To palliate to this, our Android 8.0+ images forward all WebRTC connections to our own STUN/TURN server.

This means that Genymotion instances require a public IP and access to the Internet to reach our STUN/TURN server.

As a result, you will not be able to get any display (black screen) if your instances don't have a public IP.

If using a public IP does not comply with your setup or security requirements, the solution is to use your own STUN/TURN server.

This tutorial will show you how to install and setup a STUN/TURN server on AWS.

Prerequisites

We recommend using an Ubuntu Server 20.04 LTS (Focal) x86_64 instance for General purpose.

The recommended instance type is t3.micro.

You will also need to add inbound rules to the TURN/STUN server EC2 security group.

This allows inbound connections from Genymotion instances to TCP (HTTPS) port 443.

This also allows inbound connections to UDP port 443.

Install and configure CoTURN server

1. Connect to your Ubuntu server with ssh

2. Add the Universe repository

sudo apt-add-repository universe

3. Update and upgrade Ubuntu

sudo apt update && sudo apt upgrade

4. Reboot the server

Reboot the server from the EC2 dashboard or with sudo reboot

5. Install coturn

sudo apt-get install coturn

6. Edit the file /etc/default/coturn

Un-comment TURNSERVER_ENABLED=1 to have CoTURN start on boot.

7. Edit the file /etc/turnserver.conf

Un-comment listening-port=3478 and change it to listening-port=443 to have CoTURN server listen to port 443.

8. Note

We chose to use TCP prot 443 to ensure best compliance with security requirements.

9. Un-comment listening-ip

Un-comment listening-ip and replace the default IP with your Ubuntu server private IP:

listenING-ip=xxx.xxx.xxx.xxx

10. Add a user and password for your Genymotion virtual device

Un-comment user=username1:password1 and replace username1 and password1 by the username and password of your choice:

user=username1:password1

11. Edit the file /lib/systemd/system/coturn.service

Edit the file and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section:

[Service]

AmbientCapabilities=CAP_NET_BIND_SERVICE

12. Reboot the instance

Reboot the instance to apply changes.

13. Verify the CoTURN server

Verify that the CoTURN server started correctly and is listening to port 443:

sudo systemctl status coturn

If everything is in order, you should get the following output: 0: IO method (general relay thread): epoll (with changelist) 0: turn server id=0 created 0: IO method (general relay thread): epoll (with changelist) 0: turn server id=1 created 0: Total General servers: 2 0: IO method (auth thread): epoll (with changelist) 0: IO method (admin thread): epoll (with changelist) 0: IO method (auth thread): epoll (with changelist) 0: SQLite DB connection success: /var/lib/turn/turndb systemd[1]: Started coTURN STUN/TURN Server.

14. Configuring the Genymotion instance to use your TURN server

Next, you need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

From the instance UI, go to the Configuration panel.

Fill the TURN & STUN box with your STUN/TURN server URIs, username and password. The TURN URI syntax should be turn:xxx.xxx.xxx.xxx:443 and STUN URI should be stun:xxx.xxx.xxx.xxx:443, where xxx.xxx.xxx.xxx is your server private IP.

Click APPLY.

The Genymotion instance now uses your TURN/STUN server on port 443 to for webRTC connections.

For more details and alternate methods with command line tools, please refer to Genymotion Device image user guide.

Was this article helpful? Yes No

3 out of 4 found this helpful

Need more help? Request Technical Support

Related articles