Since you are using Nextcloud I suggest that you use the following guide:
If you know enough German you may also want to use the following guides:
https://decatec.de/home-server/nextcloud-talk-mit-eigenem-turn-server-coturn/
There is no need to change the standard port which is
tls-listening-port=5349
Following is a working configuration (of course you have to insert your own subdomain/domain and cert, pkey:
tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=
realm=yournextcloud.yourdomain.de
total-quota=100
bps-capacity=0
stale-nonce=600
cert=/etc/letsencrypt/live/yournextcloud.yourdomain.de/fullchain.pem
pkey=/etc/letsencrypt/live/yournextcloud.yourdomain.de/privkey.pem
cipher-list=“ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384”
dh-file=/etc/ssl/private/dhparam.pem
no-stdout-log
log-file=/var/log/turn.log
syslog
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1