Support & information center

Installing a custom TURN machine

qualityRTC relies on TURN servers for some of its network tests. In many cases, these are TURN servers provided by the WebRTC infrastructure being tested. Sometimes, this cannot be achieved. In such cases, customer TURN servers can be installed and used for the relevant network tests.

If you have decided to use custom TURN servers as part of your subscription plan of testRTC, then follow the instructions below to install it.

This is the on premise (self-hosted) version of the Cyara testRTC coturn application. It is a simple turn application that can be run locally for testing, or alternatively, it can be used with an on-prem/on-cloud on ECS/other containerization infrastructure for production use.

Machine preparation

  1. Pick a Machine: Choose a machine that meets the specified hardware and operating system requirements.
  1. Machine Specifications:
    • CPU: Intel i5 with 4 cores or higher.
    • Memory: 16 GB or more.
    • Storage: At least 15 GB of available storage space.
    • Operating System: Linux, preferably Ubuntu.
  1. Network Configuration:
    The machine should have a public IP address and sufficient bandwidth. If you plan to use Coturn in production, you need a public resolvable domain name and the following ports open and forwarded to the Coturn container:
    • TCP port 80
    • TCP + UDP ports 443, 3478, and 5349
    • UDP port range 10000-19999
    • Make sure these ports are accessible from the internet.
  1. Firewall Configuration:
    If you need to set up firewall rules (e.g., port redirection), consult your system’s documentation or administrator for guidance. The provided ‘iptables’ example below is just one way to configure port redirection for Coturn.
    Below example shows how this is done using iptables when redirecting the traffic coming to port range 443 to 5349.
iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 5349
iptables -t nat -I OUTPUT -p tcp --dport 443 -o lo -j REDIRECT --to-port 5349
  1. Docker: Ensure you have Docker installed on your local machine or server.
    • For Windows: Follow the instructions on the Docker for Windows page.
    • For macOS: Follow the instructions on the Docker for Mac page.
    • For Linux: Refer to the official Docker documentation for your specific Linux distribution.

Installation procedure

  1. Login to the Machine: Access the dedicated machine where you plan to install the TURN server.
  2. Change Directory to /tmp: Navigate to the /tmp directory on the machine.
  3. Pull the Coturn Docker image:
docker pull
  1. Create a text file (e.g., env-coturn-on-prem.txt) and add your configuration settings. Replace <password>, <>, <public IP>, and <private IP> with your actual values.

    Note: Ensure that ‘env-coturn-on-prem.txt’ has the permissions ‘0600’ (readable and writable only by the owner).
INTERNAL_IP=<private IP>
  1. Run the Coturn container using the following command:
docker run --rm -d \
    --name=coturn-on-prem \
    --net=host \
    --env-file /path/to/env-coturn-on-prem.txt \
    -v /var/lib/coturn-data:/etc/letsencrypt:Z \

Replace ‘/path/to/env-coturn-on-prem.txt’ with the actual path to your configuration file, and ‘/var/lib/coturn-data’ with the desired local directory for persistent storage.

Note: (Optional for Testing) If you do not need real Let’s Encrypt certificates and want to use self-signed certificates for testing only, run this alternative command:

docker run --rm -d \
    --name=coturn-on-prem \
    --net=host \
    --env "SECRET=<password>" \

That’s it! Coturn is now running on your system. You can use it for network testing within the context of the qualityRTC service. Make sure to configure your client applications to use the Coturn server for TURN services as needed.

Monitor your installation

Our TURN machines offer 3 main interfaces for monitoring needs:

  1. Syslog: Configured during installation
  2. Heartbeat: Available at http://<insalled_ip>:9641
  3. Prometheus metrics: Available at http://<installed_ip>:9641/metrics

Test your installation

Once installed, try it out. Use a machine located outside of that data center – connecting to it from the public internet.

sudo apt install stun-client
stun <ip>

Note: Once you’ve completed this, send us the value of the below environment variables which we will need to configure it from our end for your qualityRTC account;

  • FQDN

Was this article helpful?

Related Articles