coturn #98

Supports: bionic focal


The TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server and gateway.

Anbox Cloud - Coturn

Anbox Cloud offers a software stack that runs Android applications in any cloud enabling high-performance streaming of graphics to desktop and mobile client devices.

At its heart, it uses lightweight container technology instead of full virtual machines to achieve higher density and better performance per host while ensuring security and isolation of each container. Depending on the target platform, payload, and desired application performance (e.g. frame rate), more than 100 containers can be run on a single machine.

For containerization of Android, Anbox Cloud uses the well established and secure container hypervisor LXD. LXD is secure by design, scales to a large number of containers and provides advanced resource management for hosted containers.

Also have a look at the official Anbox Cloud website for more information.


Coturn is an open source (project page) TURN server. It is used to enable WebRTC in the streaming stack.

$ juju deploy cs:~anbox-charmers/coturn-30
$ juju relate anbox-stream-agent coturn

For more information about streaming, visit the official documentation on


(string) Authentication realm for coturn
(boolean) Block various non public IP subnets from being specified in the XOR-PEER-ADDRES attribute of TURN requests.
(boolean) Enable relaying traffic via TURN over TCP
(boolean) Enable relaying traffic via TURN over UDP. This will need the UDP port range to be accessible on the public endpoint
(boolean) Take external addresses of the server from the configured location. This will let the charm resolve the given DNS name and add all found addresses as external ones to the coturn configuration.
(string) Space separated list of extra deb packages to install.
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
(string) Comma separated list of additional internal addresses to consider when establishing an address mapping for coturn. Each external address will be mapped onto each given internal address. The special value "private-address" will be replaced with the units private address. See for more details on how coturn uses the mappings.
(string) Location the coturn is available on. If not set its public address will be used.
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
(int) Port coturn listens on for incoming connections
(string) Identifies which network interface to use for the public address
(string) Path to the TLS certificate on the machine coturn is deployed to
(string) Path to the TLS private key on the machine coturn is deployed to
(string) Port range Coturn will use when relaying TURN traffic
(boolean) Enable support for authenticated STUN. As per RFC 5389 authenticated STUN is not recommended as it takes more effort to process authentication than it takes to process the binding request. Also not every WebRTC client implementation support authenticated STUN.