How to create and setup a STUN/TURN server on AWS

How to create and setup a STUN/TURN server on AWS

Overview

• Important: You no longer need to use your own STUN/TURN server if your instance does not have a public IP since Genymotion Device Image ver. 13.0.0.
• With Android 8.0 and above Genymotion Device images (PaaS) AMIs, WebRTC connections require a STUN/TURN server.
• To palliate to this, Genymotion Android 8.0+ images forward all WebRTC connections to the Genymotion STUN/TURN server.
• This means Genymotion instances require a public IP and Internet access to reach the STUN/TURN server.
• As a result, you will not be able to get any display (black screen) if your instances don't have a public IP.
• If using a public IP does not comply with your setup or security requirements, the solution is to use your own STUN/TURN server.
• This tutorial will show you how to install and setup a STUN/TURN server on AWS.

Prerequisites

• We recommend using an Ubuntu Server 20.04LTS (Focal) x86_64 instance for General purpose and instance type t3.micro.
• You will also need to add inbound rules to the TURN/STUN server EC2 security group in order to allow inbound connection from Genymotion instance(s) to TCP (HTTPS) and UDP port 443.

Install and configure CoTURN server

• Connect to your Ubuntu server with SSH.
• Add the Universe repository: sudo apt-add-repository universe.
• Update and upgrade Ubuntu: sudo apt update && sudo apt upgrade.
• Reboot the server from the EC2 dashboard or with sudo reboot.
• Install CoTURN server: sudo apt-get install coturn.
• Edit the file /etc/default/coturn and un-comment TURNSERVER_ENABLED=1 to have CoTURN start on boot.
• Edit the file /etc/turnserver.conf, un-comment listening-port=3478 and change it to listening-port=443 to have CoTURN server listen to port 443.
• Note: TURN listener port for UDP and TCP (Default: 3478).
• Note: TLS & DTLS sessions can connect to the "plain" TCP & UDP port(s), too - if allowed by configuration.
• Un-comment listening-ip and replace the default IP with your Ubuntu server private IP: listening-ip=xxx.xxx.xxx.xxx.
• Add a user and password for your Genymotion virtual device by un-commenting user=username1:password1 or by setting a custom user: user=my_username:123456.
• Edit the file /lib/systemd/system/coturn.service and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section.
• Apply the changes and enable the service to start on boot.
• Reboot the instance.
• Verify that the CoTURN server started correctly and is listening to port 443: sudo systemctl status coturn.
• If everything is in order, you should see the COTURN server started and running.

Verify CoTURN server

• The status output should indicate the COTURN STUN/TURN Server started and general server IDs created.
• The status log may show a SQLite DB connection success and related startup messages.

Configuring Genymotion to use your TURN server

• From the instance UI, go to the Configuration panel.
• Fill the TURN & STUN box with your STUN/TURN server URIs, username, and password.
• The TURN URI syntax should be turn:xxx.xxx.xxx.xxx:443.
• The STUN URI should be stun:xxx.xxx.xxx.xxx:443.
• Replace xxx.xxx.xxx.xxx with your server private IP.
• Click APPLY.
• The Genymotion instance now uses your TURN/STUN server on port 443 for WebRTC connections.
• For more details and alternate methods with command line tools, please refer to Genymotion Device image user guide.