Skip to content

Instantly share code, notes, and snippets.

@maxidorius

maxidorius/matrix-howto-synapse_coturn.md

Last active June 20, 2024 17:48
Show Gist options
  • Save maxidorius/2b0acc2e707ae9a2d6d0267026a1024f to your computer and use it in GitHub Desktop.
Save maxidorius/2b0acc2e707ae9a2d6d0267026a1024f to your computer and use it in GitHub Desktop.
Download ZIP
Working config for VoIP in Matrix: synapse + coturn
Raw
matrix-howto-synapse_coturn.md

This configuration is provided AS-IS and as an example/reference for those who do not find a working configuration for themselves. It is not always kept up to date and no support is provided.

Assuming:

  • Your Matrix domain: example.org
  • Your TURN domain (arbitrary): turn.example.org
  • Your Public IP: 1.2.3.4
  • Your Private IP for the box hosing the services: 10.11.12.13
  • A shared secret between synapse and coturn: ThisIsASharedSecret-ChangeMe
  • You want Firefox compatiblity (TURNS only is not supported)

synapse

homeserver.yaml:

## Turn ##

# The public URIs of the TURN server to give to clients
turn_uris:
  - "turns:turn.example.org?transport=udp"
  - "turns:turn.example.org?transport=tcp"
  - "turn:turn.example.org?transport=udp"
  - "turn:turn.example.org?transport=tcp"

# The shared secret used to compute passwords for the TURN server
turn_shared_secret: "ThisIsASharedSecret-ChangeMe"

# How long generated TURN credentials last
turn_user_lifetime: "1h"

coturn

turnserver.conf:

syslog

lt-cred-mech
use-auth-secret
static-auth-secret=ThisIsASharedSecret-ChangeMe
realm=example.org

cert=/etc/letsencrypt/live/turn.example.org/fullchain.pem
pkey=/etc/letsencrypt/live/turn.example.org/privkey.pem

no-udp
external-ip=1.2.3.4
min-port=64000
max-port=65535

Firewall

Allow ports:

  • TCP 3478
  • UDP 3478
  • TCP 3479
  • UDP 3479
  • TCP 5349
  • UDP 5349
  • UDP 64000 to 65535
@maxidorius
Copy link
Author

@weiss Don't worry, I didn't think you were criticizing anything here, far from it! But to be precise here, I found in my own experience that non-working guides/howto/advices don't work because they:
a) Are not given as a whole
b) Are not given complete

While I can only be happy and humbled by the fact this gist is still alive and receiving comments after more than 2 years, I do not want to end up in a situation where any of the two points given above become true. Ideally for the comments as well.

So It's great people are giving feedback and advice on how to do it better, but if you do then please also share a configuration that is

  • Whole: All configs that relate to it, the same way I give the coturn, synapse and firewall configs
  • Complete: Give all of the relevant config, not just the changed bits

And I'm sure you can see how my advice "feel free to create a gist of your own!" fits there: you can literally copy/paste it, change whatever you feel is better, test it out on a server, then put a link here. I would be more than happy to include it into the gist itself under a new section!
Vague comments are what made me write this gist, so let's try not to fall into the same issues again :)

Finally: thanks for your input, I would love to see another working config that has your points taken into account. I might use it for myself as well, who knows!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment