Reputation: 409
Coturn server not listening on TLS ports on Debian 10
I have a problem connecting to my turnserver on TLS ports. I have upgraded my Debian server to Buster recently and noticed that coturn is only listening port 3478. Both stun and turn work well. However, coturn is not listening 5378 and turns is not working. I tried reinstalling coturn completely, but no success. Certificate is valid, from certbot. The same behavior with default config file. And there are no error message either in verbose or in Verbose modes. Needless to say, there is nothing else listening at the TLS ports. So, now I feel completely stuck with it... Has anybody seen such behavior? Or how can I trace what makes coturn not start listening on TLS?
Upvotes: 1
Views: 2792
Answers (3)
Reputation: 11
I am unable to comment due to reputation however @andrey Kiselev is correct, turnserver user is not able to see the keyfiles generated by certbot/letsencrypt because they are owned by root. To allow coturn to bind to the secure port, I just copied the cert file and private key to a different directory (in my case usr/local/etc though you can make a directory /etc/turnserver/ if you want and paste there). Once copied over I ran:
chown turnserver:turnserver /usr/local/etc/cert.pem
chown turnserver:turnserver /usr/local/etc/privkey.pem
Afterwards, go and update the filepaths to the key files in /etc/turnserver.conf
systemctl restart coturn
I also tested with telnet to turnserver tls port and did a netstat and can confirm turnserver is now listening on my secure port.
Hope this helps!
Upvotes: 1
Reputation: 15
nano /lib/systemd/system/coturn.service
#append this line
User=root
Group=root
Upvotes: 0
Reputation: 409
Looks like I discovered a silly problem: since coturn runs under turnserver user, one has to adjust certificate ownerships, because by default certificates obtained with certbot belong to root with 644 access rights. Bad thing is that coturn didn't digest it when created a symlink to the certificate with proper ownership, so I had to copy actual cert files. Not elegant at all. Otherwise, everything seems to work flawlessly, including web interface.
Upvotes: 10
Related Questions
- How to resolve Coturn Configuration Issues: Unable to Bind fd 29 to 127.0.0.1:3478
- WLST - Cannot connect() with HTTPS - T3S Protocol - Port 9002
- WebRTC: CoTurn can't relay streams
- TLS handshake fail, but communication is not closed
- coturn + webrtc: host behind NAT couldn't connect to turn server
- Can't access turn server built with coturn
- Installing CoTurn 4.5.0.6 on Ubuntu 16.04.3 x64 TLS not working
- Install rfc5766-turn-server, Trying to bind fd to <ip address>: errno=99
- Tls connection not showing messages
- Can't access Coturn web interface