master/coturn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,783 Commits 1 Branch 0 Tags 4.8 MiB
C 90.4%
CMake 4.4%
Shell 1.7%
C++ 1.7%
Makefile 1.1%
Other 0.6%
99984fbccd
Go to file
Copilot 99984fbccd
Add configurable CPU count option for containerized environments (#1717) 
This PR adds a new `--cpus` configuration option to address CPU
detection issues in virtualized and containerized environments where
`_SC_NPROCESSORS_CONF` and `_SC_NPROCESSORS_ONLN` return host CPU counts
instead of allocated container CPUs.

## Problem
In containerized deployments, coturn detects the host's CPU count (e.g.,
128 CPUs) instead of the container's allocated CPUs (e.g., 2 CPUs). This
causes the server to create excessive relay threads and database
connections, leading to resource exhaustion and performance issues.

## Solution
Added a new `cpus` configuration option that allows manual override of
CPU detection:

### Command Line Usage
```bash
turnserver --cpus 2
```

### Configuration File Usage
```ini
# Override system CPU count detection for containers
cpus=2
```

## Key Features
- **Backward Compatible**: No changes needed for existing deployments
- **Input Validation**: Values must be between 1 and 128 with proper
error handling
- **Comprehensive Documentation**: Updated man pages and example config
files
- **Both Interfaces**: Works via command line and configuration file

## Testing
The implementation has been thoroughly tested:

```bash
# Container with 2 allocated CPUs on 128-CPU host
$ turnserver --cpus 2
INFO: System cpu num is 128       # Host detection
INFO: System enable num is 128    # Host detection  
INFO: Configured cpu num is 2     # Override applied
INFO: Total General servers: 2    # Correct thread count
```

-  Command line option: `--cpus 8` creates 8 relay servers
-  Config file option: `cpus=6` creates 6 relay servers  
-  Error handling: Invalid values show appropriate errors
-  Default behavior: Without option, uses system detection
-  RFC5769 tests: All protocol tests still pass

## Files Modified
- `src/apps/relay/mainrelay.c` - Core implementation
- `src/apps/relay/mainrelay.h` - Added configuration flag
- `examples/etc/turnserver.conf` - Added documentation and example
- `man/man1/turnserver.1` - Updated man page

This change directly addresses the resource consumption issues in
containerized environments while maintaining full backward
compatibility.

Fixes #1628.
2025-07-10 15:37:02 +02:00
.github rename and dependency extraction (#1634) 2025-02-20 21:12:24 -08:00
cmake Implement custom prometheus http handler (#1591) 2024-12-10 10:28:43 -08:00
docker Update Debian "bookworm" to 20250630 snapshot in Docker image 2025-07-01 14:34:38 +03:00
docs Add modules diagram to developer doc (#1685) 2025-05-26 13:57:13 +02:00
examples Add configurable CPU count option for containerized environments (#1717) 2025-07-10 15:37:02 +02:00
fuzzing Add the InsertBraces command for clang-format to ensure that all conditionals always have braces (#1408) 2024-01-27 16:38:40 -08:00
man/man1 Add configurable CPU count option for containerized environments (#1717) 2025-07-10 15:37:02 +02:00
rpm Update version to 4.7.0 (#1691) 2025-05-30 14:13:59 -07:00
scripts Update version to 4.7.0 (#1691) 2025-05-30 14:13:59 -07:00
src Add configurable CPU count option for containerized environments (#1717) 2025-07-10 15:37:02 +02:00
turndb Add hash algorithm for key value to redis userdb schema 2021-01-14 09:57:10 -06:00
.clang-format Add the InsertBraces command for clang-format to ensure that all conditionals always have braces (#1408) 2024-01-27 16:38:40 -08:00
.clang-tidy Address various minor clang-tidy warnings (#1513) 2025-05-29 19:12:50 -07:00
.dockerignore Avoid duplication via common rootfs/ dir 2021-04-20 10:36:52 +03:00
.gitignore Support Windows MSVC (#855) 2022-10-28 19:32:23 -07:00
AUTHORS.md Update version to 4.6.3 (#1609) 2024-12-11 10:13:38 -08:00
authors.sh Generate AUTHORS as Markdown, update references (#1102) 2022-11-21 16:23:22 -08:00
ChangeLog Update version to 4.7.0 (#1691) 2025-05-30 14:13:59 -07:00
CMakeLists.txt Add define to disable OAuth support (#1713) 2025-07-02 11:36:50 +02:00
configure Add define to disable OAuth support (#1713) 2025-07-02 11:36:50 +02:00
CONTRIBUTING.md Update CONTRIBUTING.md 2023-01-09 19:27:00 +01:00
INSTALL Move and split documentation files (#1096) 2022-12-22 11:13:24 -08:00
iwyu-ubuntu.imp Add clang-tidy, include-what-you-use, and msvc-analyzer github actions (#1363) 2024-01-16 19:49:30 -08:00
LICENSE initial code import 2014-04-20 21:10:18 +00:00
make-man.sh man pages util fixed 2017-02-20 01:10:38 -08:00
Makefile.in Makefile.in: Don't install sql schema into DOCSDIR (#1684) 2025-05-26 13:51:22 +02:00
postinstall.txt Move and split documentation files (#1096) 2022-12-22 11:13:24 -08:00
README.md Update reference to old draft in README to RFC8016 2025-05-29 13:23:48 +02:00
README.turnadmin Regenerate manual pages from README files (#1117) 2022-12-06 17:04:13 -08:00
README.turnserver [BREAKING] Deprecate response-origin-only-with-rfc5780 (#1690) 2025-05-28 16:37:20 -07:00
README.turnutils Fix typos (#1345) 2024-01-15 18:31:16 -08:00
release.sh Update version to 4.7.0 (#1691) 2025-05-30 14:13:59 -07:00
STATUS.md Update Changelog and Readme (#1087) 2022-11-16 15:12:41 -08:00
vcpkg.json Update version to 4.7.0 (#1691) 2025-05-30 14:13:59 -07:00

README.md

Docker CI Docker Hub

Docker Hub | GitHub Container Registry | Quay.io

Coturn TURN server

coturn is a free open source implementation of TURN and STUN Server. The TURN Server is a VoIP media traffic NAT traversal server and gateway.

Installing / Getting started

Linux distros may have a version of coturn which you can install by

apt install coturn
turnserver --log-file stdout

Or run coturn using docker container:

docker run -d -p 3478:3478 -p 3478:3478/udp -p 5349:5349 -p 5349:5349/udp -p 49152-65535:49152-65535/udp coturn/coturn

See more details about using docker container Docker Readme

Developing

Dependencies

coturn requires following dependencies to be installed first

  • libevent2

Optional

  • openssl (to support TLS and DTLS, authorized STUN and TURN)
  • libmicrohttp and prometheus-client-c (prometheus interface)
  • MariaDB/MySQL (user database)
  • Hiredis (user database, monitoring)
  • SQLite (user database)
  • PostgreSQL (user database)

Building

git clone git@github.com:coturn/coturn.git
cd coturn
./configure
make

Features

STUN specs:

  • RFC 3489 - "classic" STUN
  • RFC 5389 - base "new" STUN specs
  • RFC 5769 - test vectors for STUN protocol testing
  • RFC 5780 - NAT behavior discovery support
  • RFC 7443 - ALPN support for STUN & TURN
  • RFC 7635 - oAuth third-party TURN/STUN authorization

TURN specs:

ICE and related specs:

The implementation fully supports the following client-to-TURN-server protocols:

Relay protocols:

User databases (for user repository, with passwords or keys, if authentication is required):

  • SQLite
  • MariaDB/MySQL
  • PostgreSQL
  • Redis
  • MongoDB

Management interfaces:

  • telnet cli
  • HTTPS interface

Monitoring:

  • Redis can be used for status and statistics storage and notification
  • prometheus interface (unavailable on apt package)

Message integrity digest algorithms:

  • HMAC-SHA1, with MD5-hashed keys (as required by STUN and TURN standards)

TURN authentication mechanisms:

  • 'classic' long-term credentials mechanism;
  • TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications: http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00);
  • experimental third-party oAuth-based client authorization option;

Performance and Load Balancing:

When used as a part of an ICE solution, for VoIP connectivity, this TURN server can handle thousands simultaneous calls per CPU (when TURN protocol is used) or tens of thousands calls when only STUN protocol is used. For virtually unlimited scalability a load balancing scheme can be used. The load balancing can be implemented with the following tools (either one or a combination of them):

  • DNS SRV based load balancing;
  • built-in 300 ALTERNATE-SERVER mechanism (requires 300 response support by the TURN client);
  • network load-balancer server.

Traffic bandwidth limitation and congestion avoidance algorithms implemented.

Target platforms:

  • Linux (Debian, Ubuntu, Mint, CentOS, Fedora, Redhat, Amazon Linux, Arch Linux, OpenSUSE)
  • BSD (FreeBSD, NetBSD, OpenBSD, DragonFlyBSD)
  • Solaris 11
  • Mac OS X
  • Cygwin (for non-production R&D purposes)
  • Windows (native with, e.g., MSVC toolchain)

This project can be successfully used on other *NIX platforms, too, but that is not officially supported.

The implementation is supposed to be simple, easy to install and configure. The project focuses on performance, scalability and simplicity. The aim is to provide an enterprise-grade TURN solution.

To achieve high performance and scalability, the TURN server is implemented with the following features:

  • High-performance industrial-strength Network IO engine libevent2 is used
  • Configurable multi-threading model implemented to allow full usage of available CPU resources (if OS allows multi-threading)
  • Multiple listening and relay addresses can be configured
  • Efficient memory model used
  • The TURN project code can be used in a custom proprietary networking environment. In the TURN server code, an abstract networking API is used. Only couple files in the project have to be re-written to plug-in the TURN server into a proprietary environment. With this project, only implementation for standard UNIX Networking/IO API is provided, but the user can implement any other environment. The TURN server code was originally developed for a high-performance proprietary corporate environment, then adopted for UNIX Networking API
  • The TURN server works as a user space process, without imposing any special requirements on the system

Links