Setting up Coturn for Jitsi

Taran · April 13, 2021, 11:42pm

Hi, I’m pretty inexperienced, but I’ve been tasked with getting this working for a project I’m working on, and I’m determined to make it work. I need to set up a TURN server for my Jitsi Meet installation. I already have Jitsi hosted and running fine. I didn’t do the setup myself for this server, but I have set up a simple Jitsi Meet server before myself. As I said, I’m pretty inexperienced. I’m trying to get TURN working, as we’re running into the issue that sometimes web filters will cause people to not be able to connect to our system. I’ve done some research (I wouldn’t want to bug anyone with a question before looking it up first, I’m a responsible internet citizen), and I’ve found a few links that appear to be helpful:

I have some questions here, though, that I was hoping someone might be able to answer for me. Firstly, in the /etc/turnserver.conf file, it says it should have this line:

static-auth-secret=<YOUR_SECRET>

I’m not sure what this secret is that it refers to. Is it something that I have to create? Does it already exist? How do I find out what mine is?

It also asks for:

external-ip=<EXTERNAL_IP>/<INTERNAL_IP> #or just the external IP

Is this supposed to be the IP of my Jitsi Meet server, or of the TURN server? I’m a little bit confused about what should go here.

Later, it says that the following should go in the prosody config:

turncredentials_secret = "<YOUR_TURN_SECRET>";

Which secret is this one referring to? Is it the same secret that the other file mentioned above?

Later still, the guide says to do this in the Jitsi config:

    p2p: {
        enabled: true,
        preferH264: true,
        useStunTurn: true, // Using Turn for p2p connections
        stunServers: [
            { urls: "stun:stun.l.google.com:19302" },
            { urls: "stun:stun1.l.google.com:19302" },
            { urls: "stun:stun2.l.google.com:19302" }
        ]
    },
    useStunTurn: true, // Using Turn Server with JVB

This confuses me a little bit. Why are we giving it Google addresses rather than the address of the server we just set up? Is there something I’m missing?

Finally, and I’m pretty sure this is a stupid question, but the TURN server and the Jitsi Meet server should be on separate VPS’s, right? I’m almost positive of that, I just want to make sure before I go giving myself more headaches.

I would greatly appreciate any help anyone is able to provide. Please keep in mind that I’m still super inexperienced with web dev in general and Jitsi in particular. I’m very enthusiastic about this project that I’m working on, and all other aspects of it are coming along wonderfully, I just need a little assistance with setting up my TURN server.

damencho · April 14, 2021, 2:31am

The password from the prosody config: jitsi-meet/prosody.cfg.lua-jvb.example at 12552766cebd1bf88376c9a1936393e1330119de · jitsi/jitsi-meet · GitHub

The turnserver IP.

Taran:

Later, it says that the following should go in the prosody config:
turncredentials_secret = "<YOUR_TURN_SECRET>";
Which secret is this one referring to? Is it the same secret that the other file mentioned above?

Yes the one set to static-auth-secret

You are using some old docs, I think. You can use yours: jitsi-meet/config.js at 12552766cebd1bf88376c9a1936393e1330119de · jitsi/jitsi-meet · GitHub
It has been more than an year since we removed those from the config.

You need to make sure the turnserver can access the public address on port 10000 udp for the bridge, that’s the only requirement for the network.

You can create an new VM and do a clean jitsi-meet install, by default it will configure turnserver to be used on standard turn ports. And you can use those configs to compare with your original ones, to see what needs to be adjusted.