diff options
author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2021-06-17 00:42:44 +0300 |
---|---|---|
committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2021-06-17 00:42:44 +0300 |
commit | 95ebf1f6fb3488715d393011f4985f52fbf461a5 (patch) | |
tree | f0f5f6b68e4330615c498c311369335ed04eec7a /docs | |
parent | 569e2493c59c1d1082dff74af60bf8c589fb9264 (diff) |
Add section about running coTURN on privileged ports
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/TURN.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/TURN.md b/docs/TURN.md index 903967731..2be668b1f 100644 --- a/docs/TURN.md +++ b/docs/TURN.md @@ -43,6 +43,26 @@ It is recommended to install the latest _coTURN_ version; at the very minimum _c - `-o` starts the server in daemon mode, `-c` defines the path to the config file. - There is also an official example available at [https://github.com/coturn/coturn/blob/master/examples/etc/coturn.service](https://github.com/coturn/coturn/blob/master/examples/etc/coturn.service) +##### Running coTURN on privileged ports + +On some GNU/Linux distributions (for example, **Ubuntu Focal and later**) when _coTURN_ is installed from the official package the _coturn_ service is executed as an unprivileged user like _turnserver_. Due to this by default _coTURN_ can not use privileged ports, like port 443. + +Depending on the system configuration Linux kernel capabilities could be used to overcome this limitation. Capabilities can be associated with executable files using _setcap_, so you could allow the _/usr/bin/turnserver_ executable to bind sockets to privileged ports with: +``` +setcap cap_net_bind_service=+ep /usr/bin/turnserver +``` + +Alternatively, if the system configuration does not allow to set the capability, you could configure the _coturn_ service to be executed by root instead of the unprivileged user by executing: +``` +systemctl edit coturn +``` +and then setting the following configuration, which will override the default one: +``` +[Service] +User=root +Group=root +``` + #### 3. Configure `turnserver.conf` for usage with Nextcloud Talk - Next you need to adjust the coTURN configuration file to work with Nextcloud Talk. |