TURN server security

I’m running NC AIO in Docker on a VPS, NextCloud is running behind Cloudflare, but the TURN server is running with no proxy and with the port 3478 opened and the TURN server in NC is set to my VPS’s public IP. I’m guessing getting TURN to work behind Cloudflare is just asking for problems (or is it?). The TURN server is also running on the same VPS as a container.

Since there’s a port opened for TURN, are there any measures I can take to limit the possibility of any exploits or breaches? How safe is it to run TURN in this kind of a setup? Thanks!

Hi, look at the last point of GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.