reTurnServer from reSIProcate


Install the package using the appropriate tool, as demonstrated in Example 10.1, “Installing reTurnServer on Debian/Ubuntu” and Example 10.2, “Install reTurnServer on Fedora/RHEL/CentOS”. If the package is not available for your platform, you may be able to build it using the instructions in Appendix B, Building reSIProcate RPMs on RHEL and CentOS.

Example 10.1. Installing reTurnServer on Debian/Ubuntu

$ sudo apt-get install resiprocate-turn-server 

Example 10.2. Install reTurnServer on Fedora/RHEL/CentOS

$ sudo yum install resiprocate-turn-server 


Edit the configuration file, /etc/reTurn/reTurnServer.config, there are certain values that must be changed from the default values. These are demonstrated in Example 10.3, “reTurnServer.config entries”.

Example 10.3. reTurnServer.config entries

# your IP addresses go here:
TurnAddress =
TurnV6Address = 2001:DB8:1000:2000::19
AltStunAddress =
AltStunPort = 3479
# your domain goes here, it must match the value used
# to hash your passwords if they are already hashed
# using the HA1 algorithm:
AuthenticationRealm =

UserDatabaseFile = /etc/reTurn/users.txt
UserDatabaseHashedPasswords = true 

The host server1 in this example MUST have two IP addresses, in the example, and This is essential for the ICE/STUN/TURN protocols.

Now (re)start the reTurnServer daemon to use the new settings as demonstrated in Example 10.4, “Restarting the reTurnServer daemon (systemd)”

Example 10.4. Restarting the reTurnServer daemon (systemd)

$ sudo systemctl restart resiprocate-turn-server
Restarting TURN relay: reTurnServer.

The TURN server should now be running and listening for client connections. You can verify it is running as demonstrated in Example 10.5, “Using netstat to verify reTurnServer is running”.

Example 10.5. Using netstat to verify reTurnServer is running

$ sudo netstat -nlp | grep reTurnServer
udp   0   0*              2460/reTurnServer
udp   0   0*              2460/reTurnServer

Check the system log for messages or run it in foreground mode on the console if it fails to start.

Provisioning users

The reTurnServer daemon expects to load a list of users and password hashes from a text file specified by the UserDatabaseFile parameter in reTurnServer.config.

Note that the order of the columns in this file is not the same as that used by repro and the htdigest utility.

The file can be generated by using a script to read values from a database table or LDAP directory.

The reTurnServer caches the file in memory when it starts. If the file is modified or regenerated while reTurnServer is running, send it the HUP signal to reload the file without restarting.

Synchronizing users from a PostgreSQL table

When the users are stored in a PostgreSQL table, such as the users table used by the repro daemon, the psql-user-extract script from reSIProcate can be used to maintain the users.txt file for reTurnServer.

The script is contained in a separate package or it can be downloaded directly from the source repository.

psql-user-extract can be invoked from cron, see Example 10.6, “crontab entry for psql-user-extract.

Example 10.6. crontab entry for psql-user-extract

* * * * * /usr/lib/resiprocate/reTurnServer/psql-user-extract 

psql-user-extract requires a configuration file specifying the database connection parameters, see Example 10.7, “Sample /etc/reTurn/psql-user-extract.config.

Example 10.7. Sample /etc/reTurn/psql-user-extract.config

psql_conninfo = "dbname=repro user=repro host=localhost password=foobar"

# create this directory if it doesn't exist
dest_file = "/var/cache/reTurn/users.txt"

auth_user_alt = True