DEV Community

Cover image for Deploying a Multi-Video Call Project with Node.js WebRTC Signaling Server: using STUN TURN on Ubuntu Server
SyedAsadRazaDevops
SyedAsadRazaDevops

Posted on • Edited on

Deploying a Multi-Video Call Project with Node.js WebRTC Signaling Server: using STUN TURN on Ubuntu Server

Deploying a Multi-Party Video Call Project with Node.js WebRTC Signaling Server: Implementing STUN and TURN on Ubuntu Server

Introduction

WebRTC (Web Real-Time Communication) has revolutionized how we enable real-time peer-to-peer communication directly within web applications. In this guide, we'll walk through the process of deploying a multi-party video call project utilizing a Node.js WebRTC signaling server. We'll also explore the implementation of STUN and TURN servers to enhance connectivity in challenging network environments.

Step-by-Step Setup

1. Server Setup
Obtain an Ubuntu server, either from a cloud provider (like AWS, Azure, or DigitalOcean) or a local machine.

Install Node.js and npm (Node.js package manager) on the server using the following commands:



sudo apt update
sudo apt install nodejs npm


Enter fullscreen mode Exit fullscreen mode

2. Project Setup: WebRTC Signaling Server
Clone your Node.js project repository onto the server using Git.



git clone https://github.com/aljanabim/simple_webrtc_signaling_server.git


Enter fullscreen mode Exit fullscreen mode

Navigate to the project directory and install project dependencies using npm:



cd your-project-directory
npm install


Enter fullscreen mode Exit fullscreen mode

Configure your server to run the signaling server using Nginx:



server {
    listen 80;
    server_name video-call.myweb.com;

    location / {
        proxy_pass http://localhost:3030;
        # Other proxy settings
    }

    add_header Permissions-Policy "geolocation 'self'; camera 'self'; speaker 'self';";
}


Enter fullscreen mode Exit fullscreen mode

3. Run the Application
Use a process manager like PM2 to start and manage your Node.js application:



pm2 start app.js


Enter fullscreen mode Exit fullscreen mode

Peers interact with a signaling server to share the handshakes and start a direct peer-to-peer transmission.

Image description

4. Implementing STUN and TURN Servers
Set up your own or use public STUN and TURN servers for network traversal and media relaying.

That's the point when we need a STUN server. It allows to detect peers public network addresses and establish a peer-to-peer connection behind a NAT.

Image description

A way to solve this problem is to use a TURN server. It has a public address, so both peers can interact with TURN server even behind firewalls. So when no direct peer-to-peer connection available, TURN server transmits audio/video streams of both peers just like a common media server.

Image description

We will be using coturn, free open-source implementation of TURN and STUN Server, evolved from rfc5766-turn-server project with additional new advanced features.

Install and configure the coturn server for TURN:



sudo apt-get -y update
sudo apt-get upgrade
sudo apt-get install coturn
sudo systemctl stop coturn


Enter fullscreen mode Exit fullscreen mode

Configure coturn's settings in /etc/turnserver.conf and start the service:



sudo nano /etc/default/coturn


Enter fullscreen mode Exit fullscreen mode

and remove the # before TURNSERVER_ENABLED.
Let's work on etc/turnserver.conf

First, let's save the current configuration, in case we want to look through the structure later.



sudo  mv /etc/turnserver.conf /etc/turnserver.config.backup
# Now paste the following to /etc/turnserver.conf
sudo nano /etc/turnserver.config


Enter fullscreen mode Exit fullscreen mode


# /etc/turnserver.conf
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349

# Require authentication
fingerprint
lt-cred-mech

# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and 
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
# use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl. 

# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=myweb.com
realm=myweb.com

# Important: 
# Create a test user if you want
# You can remove this user after testing
user=admin:mypassword

total-quota=100
stale-nonce=600

# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/letsencrypt/live/stun.myweb.com/cert.pem
pkey=/etc/letsencrypt/live/stun.myweb.com/privkey.pem

# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"

# Specify the process user and group
proc-user=turnserver
proc-group=turnserver


Enter fullscreen mode Exit fullscreen mode

Remember to Enable port 3478 and 5349 for TCP and UDP incoming connection.



sudo nano /etc/turnserver.conf
sudo systemctl start coturn


Enter fullscreen mode Exit fullscreen mode

5. Web Server Setup
Choose a web server Nginx to serve your Node.js application.
Configure SSL certificates for secure connections (use Let's Encrypt for automatic SSL certificate generation).

We need SSL certificate to configure out TURN server, so let's generate the SSL certificate using Let's Encrypt.



sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d stun-call.myweb.com -d turn-call.myweb.com


Enter fullscreen mode Exit fullscreen mode


server {
    listen 443 ssl;
    server_name stun.myweb.com;

    ssl_certificate /etc/letsencrypt/live/stun.myweb.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/stun.myweb.com/privkey.pem;

    # Add other SSL settings here if needed

    location / {
        # Your existing configuration for handling requests
    }
}



Enter fullscreen mode Exit fullscreen mode

6. Testing STUN and TURN Servers
Use the Trickle ICE tool to test your STUN and TURN servers.
Ensure that STUN server works with candidates of type "srflx" and TURN server with candidates of type "relay".

https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

Conclusion
Deploying a multi-party video call project with a Node.js WebRTC signaling server is a powerful way to enable real-time communication within web applications. By implementing STUN and TURN servers, you enhance connectivity even in challenging network environments. Remember to allocate sufficient resources for TURN servers due to their higher processing and bandwidth requirements.

WebRTC continues to transform the way we communicate online, and with these steps, you're well on your way to creating seamless and robust real-time communication experiences.

https://tech.bloggernepal.com/2021/05/setup-stun-and-turn-server-on-ubuntu.html

Top comments (0)