ZxChat with a TURN server/Annex: Installing a TURN server on Centos 7
From ZeXtras Suite Wiki
|Language:||English • español • português|
- This guide refers to products not developed nor supported by ZeXtras and is intended as a practical example of implementation. Please use this as a guideline and refer to your OS and TURN server's online resources when setting up a production environment.
- A TURN server requires a relevant amount of bandwidth depending on the number of videocalls being handled at the same time.
TURN on CentOS 7 with reTurn
reTurn is a highly efficient C++ open-source STUN/TURN server and client library. It is an implementation of the latest STUN/TURN RFCs: RFC5389 (STUN), and RFC5766 (TURN). It's our platform of choice for internal testing during the development of ZeXtras Chat and for our production environment.
This guide will only focus on the TURN component, as STUN is natively implemented in ZeXtras Suite.
Package information and dependencies
reTurn cannot be found in CentOS' official repository. The resiprocate-turn-server package however can be found in Fedora's EPEL package (albeit this doesn't work out of the box on CentOS)
[root@localhost ~]# yum info resiprocate-turn-server
Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.fastbull.org * epel: mirrors.n-ix.net * extras: centos.fastbull.org * updates: centos.fastbull.org Available Packages Name : resiprocate-turn-server Arch : x86_64 Version : 1.10.0 Release : 21.el7 Size : 195 k Repo : epel/x86_64 Summary : ICE/STUN/TURN server URL : http://www.resiprocate.org License : VSL Description : reTurn is the TURN server developed as part of the reSIProcate project. : TURN (RFC 5766) provides a standardised solution for VoIP applications : to find the most efficient way to route media streams when NAT and : firewall devices may be present. : reTurn provides a high-quality, low maintenance solution for serving : small and large IP telephony installations. It has been used successfully : with a variety of SIP and Jabber applications, including Lumicall, : Jitsi, Empathy and Psi. : reSIProcate is a framework that aims to fully implement the SIP protocol : in first class C++. It is intended for use in other applications, : such as the repro SIP proxy.
Installation and setup
Building the RPM package
[root@localhost ~]# yum -y install rpm-build
Install all the package's dependencies:
[root@localhost ~]# yum install gcc-c++ libtool automake autoconf \ asio-devel boost-devel cajun-jsonapi-devel c-ares-devel \ cppunit-devel gperf db4-cxx-devel db4-devel openssl-devel \ mysql-devel pcre-devel perl popt-devel python-devel \ python-pycxx-devel freeradius-client-devel xerces-c-devel postgresql-devel
Download the latest tgz package from the reSIProcate website at http://www.resiprocate.org/files/pub/reSIProcate/releases/
Build the rpm from the downloaded package:
[root@localhost ~]# rpmbuild -tb reciprocate-1.10.1.tar.gz
Once done, you'll find the appropriate RPM files in rpmbuild/RPMS/x86_64
[root@localhost ~]# rpm -ivh rpmbuild/RPMS/x86_64/resiprocate-turn-server-1.10.1-1.el7.centos.x86_64.rpm
reTurn won't start automatically, so you need to manually start it by running:
[root@localhost ~]# /usr/sbin/reTurnServer /etc/reTurn/reTurnServer.config
Make sure that the server is up by running: [root@localhost ~]# netstat -npl | grep -i turn
The expeted output is something like:
tcp 0 0 0.0.0.0:3478 0.0.0.0:* LISTEN 28885/reTurnServer tcp6 0 0 :::3478 :::* LISTEN 28885/reTurnServer udp 0 0 0.0.0.0:3478 0.0.0.0:* 28885/reTurnServer udp6 0 0 :::3478 :::* 28885/reTurnServer
The main configuration file is /etc/reTurn/reTurnServer.config, and the only strictly required edit to that is the TurnAddress setting which must be set to the IP address of the server. If you wish to set up SSL/TLS check out the # SSL/TLS Certificate Settings section of the file, while network settings can be found in the # Transport Settings one.
Set up a TURN server user
By default, reTurn uses the /etc/reTurn/users.txt file as its user database.
As described in the # Authentication settings section of the config file, the files uses the following format:
furthermore, password hashes are stored by default (UserDatabaseHashedPasswords setting).
ZeXtras Chat authenticates with a single user, specified in the zimlet's comfiguration. I strongly suggest to generate a strong random password using apg:
root@ubuntu:~# apg -M SNCL -m32 -x32 -n1 tixcowdEmEiguc5OxApnalbOmCogfok(
To create a hashed password, you can use the md5sum utility
echo -n user:realm:password | md5sum
root@centos:~# echo -n "zextraschat:reTurn:tixcowdEmEiguc5OxApnalbOmCogfok(" | md5sum
After generating a strong password, add the relevant line to the aforementioned users.txt file, e.g.:
user - zextraschat
hashed pass - 9dc1355c06c65b0b7abaa829a80f8e6c
realm - reTurn (the default realm, can be changed in the config file)
state - authorized
Once the server is running and the user is set up, you can proceed to configure the ZeXtras Chat Zimlet to use your new TURN server.
reTurn's default logfile is located in /var/log/reTurnServer/reTurnServer.log, and the logging settings can be changed in the #Logging Settings section of the config file.