Deploying a Multi-Party Video Call Project with Node.js WebRTC Signaling Server: Implementing STUN and TURN on Ubuntu Server
Introduction
WebRTC (Web Real-Time Communication) has revolutionized how we enable real-time peer-to-peer communication directly within web applications. In this guide, we'll walk through the process of deploying a multi-party video call project utilizing a Node.js WebRTC signaling server. We'll also explore the implementation of STUN and TURN servers to enhance connectivity in challenging network environments.
Step-by-Step Setup
1. Server Setup
Obtain an Ubuntu server, either from a cloud provider (like AWS, Azure, or DigitalOcean) or a local machine.
Install Node.js and npm (Node.js package manager) on the server using the following commands:
sudo apt update
sudo apt install nodejs npm
2. Project Setup: WebRTC Signaling Server
Clone your Node.js project repository onto the server using Git.
git clone https://github.com/aljanabim/simple_webrtc_signaling_server.git
Navigate to the project directory and install project dependencies using npm:
cd your-project-directory
npm install
Configure your server to run the signaling server using Nginx:
server {
listen 80;
server_name video-call.myweb.com;
location / {
proxy_pass http://localhost:3030;
# Other proxy settings
}
add_header Permissions-Policy "geolocation 'self'; camera 'self'; speaker 'self';";
}
3. Run the Application
Use a process manager like PM2 to start and manage your Node.js application:
pm2 start app.js
Peers interact with a signaling server to share the handshakes and start a direct peer-to-peer transmission.
4. Implementing STUN and TURN Servers
Set up your own or use public STUN and TURN servers for network traversal and media relaying.
That's the point when we need a STUN server. It allows to detect peers public network addresses and establish a peer-to-peer connection behind a NAT.
A way to solve this problem is to use a TURN server. It has a public address, so both peers can interact with TURN server even behind firewalls. So when no direct peer-to-peer connection available, TURN server transmits audio/video streams of both peers just like a common media server.
We will be using coturn, free open-source implementation of TURN and STUN Server, evolved from rfc5766-turn-server project with additional new advanced features.
Install and configure the coturn server for TURN:
sudo apt-get -y update
sudo apt-get upgrade
sudo apt-get install coturn
sudo systemctl stop coturn
Configure coturn's settings in /etc/turnserver.conf and start the service:
sudo nano /etc/default/coturn
and remove the # before TURNSERVER_ENABLED.
Let's work on etc/turnserver.conf
First, let's save the current configuration, in case we want to look through the structure later.
sudo mv /etc/turnserver.conf /etc/turnserver.config.backup
# Now paste the following to /etc/turnserver.conf
sudo nano /etc/turnserver.config
# /etc/turnserver.conf
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349
# Require authentication
fingerprint
lt-cred-mech
# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
# use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl.
# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=myweb.com
realm=myweb.com
# Important:
# Create a test user if you want
# You can remove this user after testing
user=admin:mypassword
total-quota=100
stale-nonce=600
# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/letsencrypt/live/stun.myweb.com/cert.pem
pkey=/etc/letsencrypt/live/stun.myweb.com/privkey.pem
# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# Specify the process user and group
proc-user=turnserver
proc-group=turnserver
Remember to Enable port 3478 and 5349 for TCP and UDP incoming connection.
sudo nano /etc/turnserver.conf
sudo systemctl start coturn
5. Web Server Setup
Choose a web server Nginx to serve your Node.js application.
Configure SSL certificates for secure connections (use Let's Encrypt for automatic SSL certificate generation).
We need SSL certificate to configure out TURN server, so let's generate the SSL certificate using Let's Encrypt.
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d stun-call.myweb.com -d turn-call.myweb.com
server {
listen 443 ssl;
server_name stun.myweb.com;
ssl_certificate /etc/letsencrypt/live/stun.myweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stun.myweb.com/privkey.pem;
# Add other SSL settings here if needed
location / {
# Your existing configuration for handling requests
}
}
6. Testing STUN and TURN Servers
Use the Trickle ICE tool to test your STUN and TURN servers.
Ensure that STUN server works with candidates of type "srflx" and TURN server with candidates of type "relay".
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Conclusion
Deploying a multi-party video call project with a Node.js WebRTC signaling server is a powerful way to enable real-time communication within web applications. By implementing STUN and TURN servers, you enhance connectivity even in challenging network environments. Remember to allocate sufficient resources for TURN servers due to their higher processing and bandwidth requirements.
WebRTC continues to transform the way we communicate online, and with these steps, you're well on your way to creating seamless and robust real-time communication experiences.
https://tech.bloggernepal.com/2021/05/setup-stun-and-turn-server-on-ubuntu.html
Top comments (0)