編輯

Setting up a STUN/TURN Server in Azure

  • 發行項

Overview

When deploying Unreal Pixel Streaming, some of your clients might be on networks that have settings that prevent a successful WebRTC connection. In these cases, Epic suggests using a STUN server, or a TURN server. More information can be found in the Epic Unreal Pixel Streaming documentation.

Setting up the machine

The walkthrough assumes a deployed Ubuntu 18.04 machine in Azure. If you are looking how to deploy a Linux VM in Azure, have a look at this quickstart on the Microsoft Docs site.

Setting up the STUN/TURN Server

Coturn is an open-source STUN/TURN Server project, with many configuration options. To deploy Coturn, please have a look at this blogpost on OurCodeWorld that perfectly describes the process.

DNS Option

In the walkthrough DNS is configured. In case you need a domain name, you can register one in Azure, and use Azure DNS to host the DNS for your domain.

SSL Certificate Option

There are many ways to obtain an SSL certificate. An easy and cheap way is to use LetsEncrypt. Setting up LetsEncrypt for a server that uses port 80 for a webserver is extremely easy. Since the Coturn server does use port 80, a manual request with a DNS challenge is easiest:

  1. Install CertBot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
  1. Request the certificate
sudo certbot -d *.yourdomain.com --manual --preferred-challenges dns certonly

Follow the steps certbot is guiding you through.

  1. Update the Coturn configuration to point to your newly created certificates and restart the service:
sudo nano /etc/turnserver.conf
sudo systemctl restart coturn

Opening network ports

Depending on what you configure, you’ll need to open some network ports for the STUN and/or TURN Server to be reachable. For TLS the default port is 5349, and it needs to be open for UDP and TCP. To do this, follow these steps:

  1. Go to the Azure Portal at https://portal.azure.com
  2. Go to the Resource Group that contains your STUN/TURN Server deployment
  3. Select the Network Security Group
  4. Click Inbound security rules on the left
  5. Click + Add on the top of the new blade
  6. Use the following settings:
    1. Source: Any
    2. Source port ranges: *
    3. Destination: Any
    4. Service: Custom
    5. Destination port ranges: 5349
    6. Protocol: Any
    7. Action: Allow
    8. Priority: Lower than 65000
    9. Name: A descriptive name like Stun-Turn-Port
  7. Click Add to save the rule

After this your STUN and TURN Server is up and running.