gortcd
The gortcd is work-in-progress TURN [RFC5776] and STUN [RFC5389] server implementation in go. As part of gortc project, gortcd shares it's goals and principles. Based on gortc/stun package.
The goal is feature parity with coturn. Please use only for experiments until beta.
Install
See releases for latest binaries and packages or snapshot artifacts for bleeding-edge ones.
PIE version
Note that gortcd-*-linux-arm64.tar.gz
archive also contains the
gortcd-pie
binary which is position-independent
executable version. The gortcd-pie
is installed with gortcd-*-linux-arm64.deb
too, but not used by default.
Configuration
Please see gortc.yml
for configuration tips. Server listens on all available interfaces by default,
STUN is public, TURN is private and no credentials are valid (nobody can't auth).
Send SIGUSR2
to reload config or use gortcd reload
command (not all
options support live config reload).
Server searches for gortc.yml
in current directory, in the
/etc/gortcd/
and in home directory.
auth:
# Put here valid credentials.
# So, if you are passing to RTCPeerConnection
# something like that:
# {
# urls: "turn:turnserver.example.org",
# username: "webrtc",
# credential: "turnpassword"
# }
# Use the following:
static:
- username: webrtc
password: turnpassword
If you want TURN without auth, set auth.public
to true
.
Docker
The gortcd docker image is automatically built on every release from
the release.Dockerfile
which is based on scratch
. Also each release
is available as separate tagged image, e.g. gortc/gortcd:v0.5.1
.
# Run with default config:
$ docker run --name turn -d -p 3478:3478/udp gortc/gortcd
# You can supply custom config file, for example `gortcd.yml`
# from current directory:
$ docker run --name turn -d -p 3478:3478/udp \
-v $(pwd)/gortcd.yml:/etc/gortc/gortc.yml \
gortc/gortcd --config /etc/gortc/gortc.yml
# To allow gortcd to listen directly on your public interface instead
# of using docker port publishing, pass --net=host to docker run.
$ docker run --name turn --net=host -d -p 3478:3478/udp
Supported specifications
TURN specs:
- RFC 5766 - base TURN specs
STUN specs:
- RFC 5389 - base "new" STUN specs
- RFC 5769 - test vectors for STUN protocol testing
The implementation fully supports the following client-to-TURN-server protocols:
- UDP (per RFC 5766)
Supported relay protocols:
- UDP (per RFC 5766)
Supported message integrity digest algorithms:
- HMAC-SHA1, with MD5-hashed keys (as required by STUN and TURN standards)
Supported TURN authentication mechanisms:
- 'classic' long-term credentials mechanism;
Project supports all platforms that supports go.
Benchmarks
Currently server is under active development, but some benchmarks are already available. The stun-bench is simple stun benchmark that performs binding request transactions.
Results for gortcd v0.17.4 on Ubuntu 16.04, client and server share one machine with Intel 8700k CPU:
$ ./stun-bench -w 50 -d 5s
workers started
rps: 580606
total: 2903188
The memory consumption was constant 13 348kb
.
Just to compare, the coturn:
$ ./stun-bench -w 50 -d 5s
workers started
rps: 627709
total: 3138656
The memory consumption was constant 15 068kb
.
Please interpret results carefully, the coturn server is much more functional.
Testing
Server behavior is tested and verified in many ways:
- End-To-End with long-term credentials
- webrtc: Two browsers using gortcd as relay for WebRTC data channels (linux)
- gortc: The gortc/turn client (windows)
- coturn: The coturn uclient (linux)
- Bunch of code static checkers (linters)
- Standard unit-tests with coverage reporting (linux {amd64, arm64}, windows)
See TeamCity project and e2e
directory
for more information. Also the Wireshark .pcap
files are available for some of e2e tests in
artifacts for build.
Artifact origin verification
Each release is signed with PGP key 1D14 A82D 2E31 1045
.
$ gpg --keyserver keyserver.ubuntu.com --recv 2E311045
$ gpg --decrypt gortcd-*-checksums.txt.sig
# to check gortcd-*-linux-amd64.deb:
$ grep -F "$(sha256sum gortcd-*-linux-amd64.deb)" gortcd-*-checksums.txt
4316f8f7b66bdba636a991198701914e12d11935748547fca1d97386808ce323 gortcd-0.4.0-linux-amd64.deb
Monitoring
You can export metrics in prometheus format:
server:
prometheus:
addr: localhost:9200
$ curl http://localhost:9200/metrics
# HELP gortcd_allocation_count Total number of allocations.
# TYPE gortcd_allocation_count gauge
gortcd_allocation_count{addr="159.69.47.227:3478"} 0
# HELP gortcd_binding_count Total number of bindings.
# TYPE gortcd_binding_count gauge
gortcd_binding_count{addr="159.69.47.227:3478"} 0
# HELP gortcd_permission_count Total number of permissions.
# TYPE gortcd_permission_count gauge
gortcd_permission_count{addr="159.69.47.227:3478"} 0