matrix-docker-ansible-deploy/docs/configuring-playbook-turn.md

# TURN server

The playbook installs a [Coturn](https://github.com/coturn/coturn) TURN server by default, so that clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks.

By default, the Synapse chat server is configured, so that it points to the Coturn TURN server installed by the playbook.


## Disabling Coturn

If, for some reason, you'd like to prevent the playbook from installing Coturn, you can use the following configuration:

```yaml
matrix_coturn_enabled: false
```

In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail.

## Manually defining your public IP

In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn.

If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server.

```yaml
matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"
```

If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set `matrix_coturn_turn_external_ip_address` to an empty value. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.

If your server has multiple external IP addresses, the Coturn role offers a different variable for specifying them:

```yaml
# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address
matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']
```

## Changing the authentication mechanism

The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better.

To do so, add this override to your configuration:

```yml
matrix_coturn_authentication_method: lt-cred-mech
```

Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and Coturn.

If you're using [Jitsi](./configuring-playbook-jitsi.md), note that switching to `lt-cred-mech` will remove the integration between Jitsi and your own Coturn server, because Jitsi only seems to support the `auth-secret` authentication method.


## Using your own external Coturn server

If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this:

```yaml
# Disable integrated Coturn server
matrix_coturn_enabled: false

# Point Synapse to your other Coturn server
matrix_synapse_turn_uris:
- turns:HOSTNAME_OR_IP?transport=udp
- turns:HOSTNAME_OR_IP?transport=tcp
- turn:HOSTNAME_OR_IP?transport=udp
- turn:HOSTNAME_OR_IP?transport=tcp
```

If you have or want to enable [Jitsi](configuring-playbook-jitsi.md), you might want to enable the TURN server there too.
If you do not do it, Jitsi will fall back to an upstream service.

```yaml
jitsi_web_stun_servers:
- stun:HOSTNAME_OR_IP:PORT
```
You can put multiple host/port combinations if you like.

## Further variables and configuration options
To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml
Add TURN server configuration documentation 2019-04-19 06:57:41 +00:00			`# TURN server`

			`The playbook installs a [Coturn](https://github.com/coturn/coturn) TURN server by default, so that clients can make audio/video calls even from [NAT](https://en.wikipedia.org/wiki/Network_address_translation)-ed networks.`

			`By default, the Synapse chat server is configured, so that it points to the Coturn TURN server installed by the playbook.`


			`## Disabling Coturn`

			`If, for some reason, you'd like to prevent the playbook from installing Coturn, you can use the following configuration:`

			```yaml
			`matrix_coturn_enabled: false`
			```

			`In that case, Synapse would not point to any Coturn servers and audio/video call functionality may fail.`

Explain the option of manually defining your public IP in the documentation for Coturn I was very surprised by the fact that a rather important configuration for coturn was "hidden" in the Hosts file, but not mentioned here. Therefore my suggestion is to explicitly mention it here, as I believe that is that natural for people to look. 2023-07-12 16:10:47 +00:00			`## Manually defining your public IP`
Add support for external-IP-address-autodetection to Coturn 2023-10-10 08:10:21 +00:00
Explain the option of manually defining your public IP in the documentation for Coturn I was very surprised by the fact that a rather important configuration for coturn was "hidden" in the Hosts file, but not mentioned here. Therefore my suggestion is to explicitly mention it here, as I believe that is that natural for people to look. 2023-07-12 16:10:47 +00:00			In the `hosts` file we explicitly ask for your server's external IP address when defining `ansible_host`, because the same value is used for configuring Coturn.
Add support for external-IP-address-autodetection to Coturn 2023-10-10 08:10:21 +00:00
Explain the option of manually defining your public IP in the documentation for Coturn I was very surprised by the fact that a rather important configuration for coturn was "hidden" in the Hosts file, but not mentioned here. Therefore my suggestion is to explicitly mention it here, as I believe that is that natural for people to look. 2023-07-12 16:10:47 +00:00			If you'd rather use a local IP for `ansible_host`, make sure to set up `matrix_coturn_turn_external_ip_address` replacing `YOUR_PUBLIC_IP` with the pubic IP used by the server.

			```yaml
			`matrix_coturn_turn_external_ip_address: "YOUR_PUBLIC_IP"`
			```
Add TURN server configuration documentation 2019-04-19 06:57:41 +00:00
Add support for external-IP-address-autodetection to Coturn 2023-10-10 08:10:21 +00:00			If you'd like to rely on external IP address auto-detection (not recommended unless you need it), set `matrix_coturn_turn_external_ip_address` to an empty value. The playbook will automatically contact an [EchoIP](https://github.com/mpolden/echoip)-compatible service (`https://ifconfig.co/json` by default) to determine your server's IP address. This API endpoint is configurable via the `matrix_coturn_turn_external_ip_address_auto_detection_echoip_service_url` variable.

			`If your server has multiple external IP addresses, the Coturn role offers a different variable for specifying them:`

			```yaml
			`# Note: matrix_coturn_turn_external_ip_addresses is different than matrix_coturn_turn_external_ip_address`
			`matrix_coturn_turn_external_ip_addresses: ['1.2.3.4', '4.5.6.7']`
			```

Add lt-cred-mech authentication mechanism to Coturn All homeserver implementations have been updated to support this as well. It's just Jitsi that possibly doesn't work with anything other than `auth-secret`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191 2024-02-18 07:52:00 +00:00			`## Changing the authentication mechanism`

			The playbook uses the [`auth-secret` authentication method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L186-L199) by default, but you may switch to the [`lt-cred-mech` method](https://github.com/coturn/coturn/blob/873cabd6a2e5edd7e9cc5662cac3ffe47fe87a8e/README.turnserver#L178) which [some report](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3191) to be working better.

			`To do so, add this override to your configuration:`

			```yml
			`matrix_coturn_authentication_method: lt-cred-mech`
			```

			`Regardless of the selected authentication method, the playbook generates secrets automatically and passes them to the homeserver and Coturn.`

			If you're using [Jitsi](./configuring-playbook-jitsi.md), note that switching to `lt-cred-mech` will remove the integration between Jitsi and your own Coturn server, because Jitsi only seems to support the `auth-secret` authentication method.


Add TURN server configuration documentation 2019-04-19 06:57:41 +00:00			`## Using your own external Coturn server`

			`If you'd like to use another TURN server (be it Coturn or some other one), you can configure the playbook like this:`

			```yaml
			`# Disable integrated Coturn server`
			`matrix_coturn_enabled: false`

			`# Point Synapse to your other Coturn server`
			`matrix_synapse_turn_uris:`
			`- turns:HOSTNAME_OR_IP?transport=udp`
			`- turns:HOSTNAME_OR_IP?transport=tcp`
			`- turn:HOSTNAME_OR_IP?transport=udp`
			`- turn:HOSTNAME_OR_IP?transport=tcp`
			```
Added a documentation enhancement regarding external TURN server 2020-05-05 06:42:14 +00:00
			`If you have or want to enable [Jitsi](configuring-playbook-jitsi.md), you might want to enable the TURN server there too.`
			`If you do not do it, Jitsi will fall back to an upstream service.`

			```yaml
Switch to exported Jitsi role 2023-04-03 05:53:46 +00:00			`jitsi_web_stun_servers:`
Added a documentation enhancement regarding external TURN server 2020-05-05 06:42:14 +00:00			`- stun:HOSTNAME_OR_IP:PORT`
			```
			`You can put multiple host/port combinations if you like.`
Explicitly refer users to the relevant roles file Explicitly refer users to the relevant roles file so people know where to find the additional configuration options. 2023-07-12 16:25:20 +00:00
			`## Further variables and configuration options`
Add support for external-IP-address-autodetection to Coturn 2023-10-10 08:10:21 +00:00			`To see all the available configuration options, check roles/custom/matrix-coturn/defaults/main.yml`