Turn Server Configuration

Install & Config
#1

Hello,

I have observed that when i make a p2p connection if upload bandwidth is low i cannot make good calls and so many connectivity issues… But with the same line if it goes via jvb or if i it goes via turn server like beta.meet.jit.si i can make calls even with low bandwidth; it may be low resolution but it keeps that adaptive bit rate , simulcast… … I have read some suggestions in community to use Turn servers for a better ferformance on P2P so that i wanted to enable Turn server, but with no luck…checked so many entries in forum like One way media only (NAT issues) after upgrade but stuck at some point .

Can you help what may be missing? Here are my configurations:

• vi /etc/jitsi/meet/meet4.mysite.com-config.js
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,

    // Use XEP-0215 to fetch STUN and TURN servers.
    useStunTurn: true,

    // The STUN servers that will be used in the peer to peer connections
    stunServers: [
        { urls: 'stun:stun.l.google.com:19302' },
        { urls: 'stun:stun1.l.google.com:19302' },
        { urls: 'stun:stun2.l.google.com:19302' }
       // { urls: 'turn:coturn.turnserver.co', credential: 'something', password: 'something' }

    ],

And
// Use XEP-0215 to fetch STUN and TURN servers.
useStunTurn: true,

and

 resolution: 720,
 constraints: {
     video: {
         aspectRatio: 16 / 9,
         height: {
             ideal: 720,
             max: 720,
             min: 240
         }
         width: {
                 ideal:1280,
                 max: 1280,
                 min:320
     }
 },

// Enable / disable simulcast support.
 disableSimulcast: false,

    // If set to true, it will prefer to use H.264 for P2P calls (if H.264
    // is supported).
    preferH264: true

    // If set to true, disable H.264 video codec by stripping it out of the
    // SDP.
     disableH264: true,

• About mod_turncredentials document, i have used the one on https://github.com/otalk/mod_turncredentials/blob/master/mod_turncredentials.lua as adviced
• vi /usr/share/jitsi-meet/prosody-plugins/mod_turncredentials.lua

turncredentials_secret = “xxx”;
turncredentials = {
– { type = “stun”, host = “8.8.8.8” },
– { type = “turn”, host = “8.8.8.8”, port = 3478 },
– { type = “turn”, host = “8.8.8.8”, port = 80, transport = “tcp” }
{ type = “stun”, host = “coturn. turnserver.co”, port = 443 },
{ type = “turn”, host = “coturn. turnserver.co”, port = 443, transport = “udp” },
{ type = “turns”, host = “coturn.turnserver.co”, port = 443, transport = “tcp” }
}

Same file is copied to /usr/lib/prosody/modules/ path as well…I don’t know the difference between these two folders, just to be on the safe side…

• vi /etc/prosody/prosody.cfg.lua i have added module “turncredentials” , not sure if needed on this config file or not…

modules_enabled = {

    -- Generally required
            "roster"; -- Allow users to have a roster. Recommended ;)
            "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
            "tls"; -- Add support for secure TLS on c2s/s2s connections
            "dialback"; -- s2s dialback support
            "disco"; -- Service discovery
            "turncredentials";

}

• vi /etc/prosody/conf.d/meet4.mysite.com.cfg.lua at the end of the file i have added

turncredentials_secret = “xxx”;
turncredentials = {
{ type = “stun”, host = “coturn. turnserver.co”, port = 443},
{ type = “turn”, host = “coturn. turnserver.co”, port = 443, transport = “udp”},
{ type = “turns”, host = “coturn. turnserver.co”, port = 443, transport = “tcp”},
};
modules_enabled = {
“turncredentials”;
}

• in coturn server

listening-port=443
tls-listening-port=443
lt-cred-mech
use-auth-secret
static-auth-secret=xxx

but when i connect two browsers and check on chrome://webrts-internals i don’t see my turn server listed on both connections, and i don’t see stun server on the second browser…

Browser 1
https://meet4.mysite.com/5d652504adaecc001836c25d, { iceServers: [stun:stun.l.google.com:19302, stun:stun1.l.google.com:19302, stun:stun2.l.google.com:19302], iceTransportPolicy: all, bundlePolicy: balanced, rtcpMuxPolicy: require, iceCandidatePoolSize: 0, sdpSemantics: “plan-b” }, {advanced: [{googHighStartBitrate: {exact: 0}}, {googPayloadPadding: {exact: true}}, {googScreencastMinBitrate: {exact: 100}}, {googCpuOveruseDetection: {exact: true}}, {googCpuOveruseEncodeUsage: {exact: true}}, {googCpuUnderuseThreshold: {exact: 55}}, {googCpuOveruseThreshold: {exact: 85}}]}
Browser 2
https://meet4.mysite.com/5d652504adaecc001836c25d, { iceServers: , iceTransportPolicy: all, bundlePolicy: balanced, rtcpMuxPolicy: require, iceCandidatePoolSize: 0, sdpSemantics: “plan-b” }, {advanced: [{googHighStartBitrate: {exact: 0}}, {googPayloadPadding: {exact: true}}, {googScreencastMinBitrate: {exact: 100}}, {googCpuOveruseDetection: {exact: true}}, {googCpuOveruseEncodeUsage: {exact: true}}, {googCpuUnderuseThreshold: {exact: 55}}, {googCpuOveruseThreshold: {exact: 85}}]}
Thanks

#2

Have you checked for errors in prosody logs when restarting prosody?
You need to enable the module only in the global modules, in the general part of the config, not need to enable it under your virtual host.

Turn server is not used for better performance it is used as a fallback to be able to make p2p work, when direct connection is not possible. And the second use case for it is handling tcp traffic in cases where the udp is disabled in some corporate networks.

#3

Hi,

after restart prosody i have following errors:

Oct 27 11:53:28 auth.mysite.com:turncredentials error turncredentials not configured
Oct 27 11:56:40 mysite.com:turncredentials error turncredentials not configured
Oct 27 11:56:40 localhost:turncredentials error turncredentials not configured

a few things to check, can you please confirm the following:

  • I am copying mod_turncredentials.lua file from github otalk and copy to /usr/lib/prosody/modules/ and don’t make any changes on the file

  • when you say enable it in the global modules, do you mean /etc/prosody/prosody.cfg.lua file and adding “turncredentials” under
    modules_enabled = {

      -- Generally required
          "roster"; -- Allow users to have a roster. Recommended ;)
          "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
          "tls"; -- Add support for secure TLS on c2s/s2s connections
          "dialback"; -- s2s dialback support
          "disco"; -- Service discovery
          "turncredentials";

  • where should i add the secret and coturn details ? in /etc/prosody/prosody.cfg.lua file or in the config file under conf.d folder ?

  • Is the following syntax correct?

turncredentials_secret = “xxx”;
turncredentials = {
{ type = “stun”, host = “coturn.diskas.club” },
{ type = “turn”, host = “coturn.diskas.club”, port = 443, transport = “udp”},
{ type = “turns”, host = “coturn.diskas.club”, port = 443, transport = “tcp”},
};

Many thanks

#4

That is ok.

Yes.

Add it in /etc/prosody/prosody.cfg.lua.

Yes.

#5

It worked!!
Thank you very much Damian for your support…

Moving all the config from conf.d to main prosody.cfg file and using correct syntax as you advised helped… now i can see my stun, turn and turns :+1:

Many Thanks

Configure turn/stun for p2p calls
#6

Did you have to make any changes to the /etc/turnserver.conf file?