How to Set up Coturn TURN Server for Spreed WebRTC

Coturn is a free and open-source TURN and STUN server for VoIP and WebRTC. In a previous tutorial, we discussed how to install Spreed WebRTC server and how to integrate Spreed WebRTC with NextCloud.

But there’s a problem: WebRTC won’t work if users are behind different NAT devices. It will be blocked. To traverse NAT, we need to set up a TURN server as a relay between Web browsers. TURN stands for Traversal Using Relays around NAT. How it works is beyond the scope of this tutorial.

This tutorial is going to show you how to set up coturn, an open-source implementation of TURN, on Ubuntu and how to connect Spreed WebRTC to coturn.

Note: To reduce latency, the TURN server should be close to users and be aware that TURN server consumes lots of bandwidth as it will rely both audio and video. Coturn can be on the same machine with Spreed WebRTC or on another machine that is not behind NAT.

Install Coturn Server on Ubuntu

Coturn is available from the Ubuntu repository, so install it with the following command:

sudo apt install coturn

Once it’s installed, it will be automatically started. You can check its status with:

systemctl status coturn

Sample Output:

systemctl status coturn

If it isn’t running, then manually start it with:

sudo systemctl start coturn

And also enable auto-start at boot time:

sudo systemctl enable coturn

Configure Coturn for Spreed WebRTC

Edit the main configuration file.

sudo nano /etc/turnserver.conf

By default, all lines in this file are commented out. Below is an example configuration that you can copy and paste into your file.

  • Replace with the domain name for your NextCloud or Spreed WebRTC.
  • Replace with the server public IP address.
  • Set a long and secure authenticate secret. (You can use the openssl rand -base64 20 command to generate a random string.)
# Run as TURN server only, all STUN requests will be ignored.

# Specify listening port. Change to 80 or 443 to go around some strict NATs.

# Specify listening IP, if not set then Coturn listens on all system IPs. 

### The following lines enable support for WebRTC ###
# Use fingerprints in the TURN messages.
# Use long-term credentials mechanism

# Authentication method


# Total bytes-per-second bandwidth the TURN server is allowed to allocate
# for the sessions, combined (input and output network streams are treated separately).

# This line provides extra security.


Save and close the file. Then restart coturn server with:

sudo systemctl restart coturn

Coturn runs as the turnserver user. Run the following command and you should see it’s listening on port 8443.

sudo ss -lnpt | grep turnserver

sudo ss -lnpt | grep turnserver

Now let’s edit Spreed WebRTC configuration file.

sudo nano /etc/spreed/server.conf

Add the following two lines in the [app] section. Replace red-text accordingly.

turnURIs = turn:coturn-server-ip:8443?transport=udp

turnSecret = your-auth-secrect

Save and close the file. Then restart Spreed WebRTC docker container with

sudo docker restart my-spreed-webrtc

or run the following command if you installed Spreed via Ubuntu PPA.

sudo systemctl restart spreed-webrtc

Once Coturn is running and Spreed WebRTC is restarted, users who are behind NAT should be able to use audio/video calls normally.

Open Ports in the Firewall

You should open TCP and UDP port 8843 in the firewall for Coturn to work. If you use the UFW firewall, run the following commands.

sudo ufw allow 8443/tcp
sudo ufw allow 8443/udp

Wrapping Up

That’s it! I hope this tutorial helped you install coturn server for Spreed WebRTC. As always, if you found this post useful, then subscribe to our free newsletter. You can also follow us on Google+ Twitter or like our Facebook page.

Rate this tutorial
[Total: 19 Average: 3.8]

3 Responses to “How to Set up Coturn TURN Server for Spreed WebRTC

  • johnfelipe2014
    3 weeks ago

    I have audio issue in office network,, can u help me with that?

  • Listening ip should be a public ip or a private ip .

  • john dougherty
    3 years ago

    heya – regarding recommended configuration

    # Run as TURN server only, all STUN requests will be ignored.

    I am guessing so that it will always work?
    I do the exact opposite: stun-only

    The bandwidth for TURN can become extraordinary very quickly.
    I have logged 10s of thousands of unauthorized requests daily with TURN disabled.

    If I let them have TURN my hosting provider would pull the plug in half a day.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community ( for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here