Skip to main content

How to create and setup a STUN/TURN server on AWS?

  • Updated

Important

This is no longer required since Genymotion Device Image ver. 13.0.0.

With Android 8.0 and above Genymotion Device images (PaaS) on AWS, WebRTC connections require a STUN/TURN server. To palliate to this, our Android 8.0+ images forward all WebRTC connections to our own STUN/TURN server.

This means that Genymotion instances require a public IP and access to the Internet to reach our STUN/TURN server. As a result, you will not be able to get any display (black screen) if your instances don't have a public IP.

If using a public IP does not comply with your setup or security requirements, the solution is to use your own STUN/TURN server.

This tutorial will show you how to install and setup a STUN/TURN server on AWS.

Prerequisite

We recommend using an Ubuntu Server 20.04LTS (Focal) x86_64 instance for General purpose and instance type t3.micro:

Ubuntu_server_marketplace.png

You will also need to add inbound rules to the TURN/STUN server EC2 security group in order to allow inbound connection from your Genymotion instance(s) to TCP (HTTPS) and UDP port 443:

EC2_firewall_rules.png

Install and configure CoTURN server

  1. Connect to your Ubuntu server with ssh
  2. Add the Universe repository: 
    sudo apt-add-repository universe
  3. Update and upgrade Ubuntu: 
    sudo apt update && sudo apt upgrade
  4. Reboot the server from the EC2 dashboard or with sudo reboot
  5. Install CoTURN server: 
    sudo apt-get install coturn
  6. Edit the file /etc/default/coturn and un-comment TURNSERVER_ENABLED=1 to have CoTURN start on boot.
  7. Edit the file `/etc/turnserver.conf`, un-comment listening-port=3478 and change it to listening-port=443 to have CoTURN server listen to port 443: 
    # TURN listener port for UDP and TCP (Default: 3478).
# Note: actually, TLS & DTLS sessions can connect to the 
# "plain" TCP & UDP port(s), too - if allowed by configuration.
#
listening-port=443

    Note

    We chose to use TCP prot 443 to ensure best compliance with security requirements.

  8. Un-comment listening-ip and replace the default IP with your Ubuntu server private IP: 
    # Specify listening IP, if not set then Coturn listens on all system IPs. 
listening-ip=xxx.xxx.xxx.xxx
  9. Add a user and password for your Genymotion virtual device by un-commenting `user=username1:password1` and replace `username1` and `password1` by the username and password of your choice: 
    # 'Static' user accounts for long term credentials mechanism, only.
# This option cannot be used with TURN REST API.
# 'Static' user accounts are NOT dynamically checked by the turnserver process, 
# so that they can NOT be changed while the turnserver is running.
#
#user=username1:key1
#user=username2:key2
# OR:
user=my_username:123456
#user=username2:password2
  10. Edit the file /lib/systemd/system/coturn.service and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section: 
    [Service]
User=turnserver
Group=turnserver
Type=forking
RuntimeDirectory=turnserver
PIDFile=/run/turnserver/turnserver.pid
ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
#FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connection.
ExecStartPost=/bin/sleep 2
Restart=on-failure
InaccessibleDirectories=/home
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE
  11. Reboot the instance.
  12. Verify that the CoTURN server started correctly and is listening to port 443: 
    sudo systemctl status coturn

If everything is in order, you should get the following output:

0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
systemd[1]: Started coTURN STUN/TURN Server.

Configuring the Genymotion instance to use your TURN server

Next, you need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

  1. From the instance UI, go to the Configuration panel:
    configuration.png
  2. Fill the TURN & STUN box with your STUN/TURN server URIs, username and password. The TURN URI synthax should be turn:xxx.xxx.xxx.xxx:443 and STUN URI should be stun:xxx.xxx.xxx.xxx:443, where xxx.xxx.xxx.xxx is your server private IP:
    turn-stun.png
  3. Click APPLY

The Genymotion instance now uses your TURN/STUN server on port 443 to for webRTC connections.

For more details and alternate methods with command line tools, please refer to Genymotion Device image user guide.

Related articles