Install the package using the appropriate tool, as
demonstrated in Example 10.1, “Installing reTurnServer on Debian/Ubuntu” and
Example 10.2, “Install reTurnServer on Fedora/RHEL/CentOS”. If the package is not
available for your platform, you may be able to build it using
the instructions in Appendix B, Building reSIProcate RPMs on RHEL and CentOS.
Example 10.1. Installing reTurnServer on Debian/Ubuntu
$ sudo apt-get install resiprocate-turn-server
Edit the configuration file,
/etc/reTurn/reTurnServer.config, there are certain
values that must be changed from
the default values. These are demonstrated in
Example 10.3, “reTurnServer.config entries”.
Example 10.3. reTurnServer.config entries
# your IP addresses go here: TurnAddress = 198.51.100.19 TurnV6Address = 2001:DB8:1000:2000::19 AltStunAddress = 198.51.100.20 AltStunPort = 3479 # your domain goes here, it must match the value used # to hash your passwords if they are already hashed # using the HA1 algorithm: AuthenticationRealm = example.org UserDatabaseFile = /etc/reTurn/users.txt UserDatabaseHashedPasswords = true
The host server1 in this example MUST have
two IP addresses, in the example, 198.51.100.19 and 198.51.100.20.
This is essential for the ICE/STUN/TURN protocols.
Now (re)start the reTurnServer daemon to use
the new settings as demonstrated in
Example 10.4, “Restarting the reTurnServer daemon
(systemd)”
Example 10.4. Restarting the reTurnServer daemon
(systemd)
$ sudo systemctl restart resiprocate-turn-server Restarting TURN relay: reTurnServer. $
The TURN server should now be running and listening for
client connections. You can verify it is running as demonstrated
in Example 10.5, “Using netstat to verify
reTurnServer is running”.
Example 10.5. Using netstat to verify
reTurnServer is running
$ sudo netstat -nlp | grep reTurnServer udp 0 0 198.51.100.19:3478 0.0.0.0:* 2460/reTurnServer udp 0 0 198.51.100.20:3478 0.0.0.0:* 2460/reTurnServer ...
Check the system log for messages or run it in foreground mode on the console if it fails to start.
The reTurnServer daemon expects to load a
list of users and password hashes from a text file specified
by the UserDatabaseFile parameter in
reTurnServer.config.
Note that the order of the columns in this file is not the
same as that used by repro and the htdigest
utility.
The file can be generated by using a script to read values from a database table or LDAP directory.
The reTurnServer caches the file in memory
when it starts. If the file is modified or regenerated while
reTurnServer is running, send it the HUP
signal to reload the file without restarting.
When the users are stored in a PostgreSQL table, such as
the users table used by the repro
daemon, the psql-user-extract script from
reSIProcate can be used to maintain the users.txt
file for reTurnServer.
The script is contained in a separate package or it can be downloaded directly from the source repository.
psql-user-extract can be invoked from
cron, see Example 10.6, “crontab entry for
psql-user-extract”.
Example 10.6. crontab entry for
psql-user-extract
* * * * * /usr/lib/resiprocate/reTurnServer/psql-user-extract
psql-user-extract requires a configuration
file specifying the database connection parameters, see
Example 10.7, “Sample /etc/reTurn/psql-user-extract.config”.
Example 10.7. Sample /etc/reTurn/psql-user-extract.config
psql_conninfo = "dbname=repro user=repro host=localhost password=foobar" # create this directory if it doesn't exist dest_file = "/var/cache/reTurn/users.txt" auth_user_alt = True