Getting turn server to work

I followed this https://blog.wydler.eu/2020/04/04/eigener-turn-server-fuer-jitsi-meet-bereitstellen/ instructions.

I have got fqdn and for external ip and relay ip I used my public wan IP.

but I am getting this error on strting the service

Aug 11 17:48:21 localhost turnserver[85404]: 0: Trying to bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443, again...
Aug 11 17:48:21 localhost turnserver[85404]: 0: Trying to bind fd 21 to <xxx.xxx.xxx.xx:443>: errno=98
Aug 11 17:48:21 localhost turnserver[85404]: 0: Cannot bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443
Aug 11 17:48:21 localhost turnserver[85404]: 0: Trying to bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443, again...
Aug 11 17:48:22 localhost turnserver[85404]: 0: Trying to bind fd 13 to <xxx.xxx.xxx.xx:443>: errno=98
Aug 11 17:48:22 localhost turnserver[85404]: 0: Cannot bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443
Aug 11 17:48:22 localhost turnserver[85404]: 0: Trying to bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443, again...
Aug 11 17:48:22 localhost turnserver[85404]: 0: Trying to bind fd 21 to <xxx.xxx.xxx.xx:443>: errno=98
Aug 11 17:48:22 localhost turnserver[85404]: 0: Cannot bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443
Aug 11 17:48:22 localhost turnserver[85404]: 0: Trying to bind TLS/TCP listener socket to addr xxx.xxx.xxx.xx:443, again...

Not sure where to start troubleshooting

That error would typically mean that another service is already listening on the port you want (443). Do you have a web server or another service listening on this port? Is there maybe another coturn process already running?
You can use ss -l4 to see what ports your services are listening to in the IPv4 space, and you can use ps -A|grep coturn to look specifically for other coturn processes.

Another possibility is that the user account that’s running coturn doesn’t have permission to run on low-numbered ports. Did you follow the instructions below “Anpassung des systemd für die Bindung von Coturn auf eine Port < 1024.” in the article?

If your server is running behind NAT, it won’t be able to listen on the WAN IP. In that case, the config section for AWS (and other NAT) users might be helpful. There’s also this how-to on the forums, which you can compare against your article to see what’s different.

Thank you for quick reply , I had haproxy occupying the port 443, now I have changed it to port 3478 , now the service is not throwing error but in the next cloud I get a message saying

Error: No Working ICE candidate returned by TURN server

Service is otherwise running.

coturn.service - coTURN STUN/TURN Server
     Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-08-11 18:07:27 UTC; 1h 16min ago
       Docs: man:coturn(1)
             man:turnadmin(1)
             man:turnserver(1)
    Process: 85746 ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid (code=ex>
    Process: 85748 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
   Main PID: 85747 (turnserver)
      Tasks: 7 (limit: 1062)
     Memory: 4.0M
     CGroup: /system.slice/coturn.service
             └─85747 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid

Aug 11 18:07:25 localhost turnserver[85747]: 0: turn server id=0 created
Aug 11 18:07:25 localhost turnserver[85747]: 0: IPv4. UDP listener opened on: xxx.xxx.xxx.xx:3478
Aug 11 18:07:25 localhost turnserver[85747]: 0: Total General servers: 2
Aug 11 18:07:25 localhost turnserver[85747]: 0: IPv4. SCTP listener opened on : xxx.xxx.xxx.xx:3478
Aug 11 18:07:25 localhost turnserver[85747]: 0: IPv4. TCP listener opened on : xxx.xxx.xxx.xx:3478
Aug 11 18:07:25 localhost turnserver[85747]: 0: IO method (admin thread): epoll (with changelist)
Aug 11 18:07:25 localhost turnserver[85747]: 0: IO method (auth thread): epoll (with changelist)
Aug 11 18:07:25 localhost turnserver[85747]: 0: IO method (auth thread): epoll (with changelist)
Aug 11 18:07:25 localhost turnserver[85747]: 0: SQLite DB connection success: /var/lib/turn/turndb
Aug 11 18:07:27 localhost systemd[1]: Started coTURN STUN/TURN Server.

Since you are using Nextcloud I suggest that you use the following guide:

If you know enough German you may also want to use the following guides:
https://adminforge.de/nextcloud/nextcloud-talk-mit-eigenem-turn-server/

There is no need to change the standard port which is
tls-listening-port=5349

Following is a working configuration (of course you have to insert your own subdomain/domain and cert, pkey:
tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=
realm=yournextcloud.yourdomain.de
total-quota=100
bps-capacity=0
stale-nonce=600
cert=/etc/letsencrypt/live/yournextcloud.yourdomain.de/fullchain.pem
pkey=/etc/letsencrypt/live/yournextcloud.yourdomain.de/privkey.pem
cipher-list=“ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384”
dh-file=/etc/ssl/private/dhparam.pem
no-stdout-log
log-file=/var/log/turn.log
syslog
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1

I have used a german one already but I can try this one too doesnt look much different other than the port numbers.

one doubt I have is , I have coturn server running on linode and on the same node I have haproxy that is hosting my website usnig port 80 and 443, although I am using different server for turnserver , I have domain name pointing this node that is running haproxy . So my doubt is like in above example do I really need to havea sub domain ? I have not created subdomain ? I think creaitng new subdomain would mean runnnig new node with different ip that should run coturn !

So I got it working. Successfully tested video call between two iphones over nextcloud talk. I hope I can have more than one turns server , would that improve quality ?

So what I make is nextcloud talk app on iphone needs some good work.
There is no cancel button how silly is that !

Sorry to revive the thread, but would you mind posting the haproxy configuration you used to get this working?

https://blog.wydler.eu/2020/04/04/eigener-turn-server-fuer-jitsi-meet-bereitstellen/
this is basically I followed.

1 Like

Yes it worked also for me. Anyway I see a lot people that need to specify the port they are going to use for TURN Server. First to not be used for something else like apache2 or Ngix. And in the instance provider they open the port in firewall rules. And if they follow the instrucions then it it will get it worked.