Eturnal Signaling server for NS8

oneitonitram · January 19, 2026, 10:30pm

eturnal TURN Server

is a clean, scalable STUN and TURN server for Unix-like operating systems and Microsoft Windows. Clients can connect using UDP, TCP, or TLS over IPv4 or IPv6

It is Developed by Processone here the same maker of our beloved, Ejabberd

Needs
In Ns7, it was possible to make use of the existing ejabberd instance, as a signalling, STUN or TURN server for Nextcloud and many things communication.

Nextcloud requires one, which it does not ship with by default, and potentially many future communication apps, might have a need for one. It is therefore, my request and need that Nethserver, implement a TUN server.

These maters have been discussed before in many articles,

Install TURN server on NS8 for nextcloud - Howto - NethServer Community

Ejabberd on NS8 and Nextcloud Improvements - Feature - NethServer Community

I split this service into another module or not? - Development - NethServer Community

Dockerized.
While an Official Docker image is available here:
Usage — eturnal v1.12.2+1

I previously came accross an all bells and whistles including docker conainer for he same here
tiredofit/docker-eturnal: Dockerized STUN/TURN server
Which seems to include alot more options, that speak NSy

mrmarkuz · January 20, 2026, 9:14am

Here’s how to test eturnal…

Install scratchpad:

add-module ghcr.io/davideprincipi/scratchpad:1.0.0

Setup firewall:

firewall-cmd --permanent --add-port=3478/tcp
firewall-cmd --permanent --add-port=3478/udp
firewall-cmd --permanent --add-port=50000-50500/udp
firewall-cmd --reload

Enter scratchpad:

runagent -m scratchpad1

Get config file:

curl --output eturnal.yml https://raw.githubusercontent.com/processone/eturnal/refs/heads/master/config/eturnal.yml

Run eturnal container:

podman run -d --rm \
    --name eturnal \
    -p 3478:3478 \
    -p 3478:3478/udp \
    -p 50000-50500:50000-50500/udp \
    -e ETURNAL_RELAY_MIN_PORT=50000 \
    -e ETURNAL_RELAY_MAX_PORT=50500 \
    -v ./eturnal.yml:/etc/eturnal.yml:ro \
  ghcr.io/processone/eturnal:1.12.2

Get TURN credentials:

podman exec eturnal eturnalctl credentials

Now you can test STUN and TURN server, see Quick Test — eturnal v1.12.2+1

To remove the eturnal testing environment, just remove scratchpad and the firewall ports:

remove-module --no-preserve scratchpad1
firewall-cmd --permanent --remove-port=3478/tcp
firewall-cmd --permanent --remove-port=3478/udp
firewall-cmd --permanent --remove-port=50000-50500/udp
firewall-cmd --reload

LayLow · January 21, 2026, 1:15pm

How to integrate with NethVoice/Proxy and other communication based apps and to what benefit?

transocean · January 21, 2026, 1:40pm

It would also be interesting for Jitsi. If I’m not mistaken, Jitsi uses Google’s Stun servers by default. In terms of data protection, this is actually suboptimal.

mrmarkuz · January 21, 2026, 1:48pm

It seems it’s part of janus in Nethvoice, see ns8-nethvoice/janus/README.md at 5175cbd0012b2eb67498dedc646a7d22e7b29acd · nethesis/ns8-nethvoice · GitHub and ns8-nethvoice/janus/usr/local/etc/janus/janus.jcfg at 5175cbd0012b2eb67498dedc646a7d22e7b29acd · nethesis/ns8-nethvoice · GitHub

It depends on the app, for example in Nextcloud, if you installed the Talk app, it can be set there.

In general it helps supporting communication between networks using NAT.

@oneitonitram already posted the explanations:

transocean · January 21, 2026, 1:58pm

@mrmarkuz

Where can I find the relevant file in the Jitsi configuration to replace the Google Stun servers?

mrmarkuz · January 21, 2026, 2:14pm

Unfortunately in the jitsi app it’s hardcoded in ../actions/configure-module/10configure_environment_vars so if you reconfigure jitsi in the cluster-admin, it’s set to the default servers again.

You can set the environment variables in jitsi.env…

runagent -m jitsi1 nano jitsi.env

…and restart the jitsi service to apply the new settings:

runagent -m jitsi1 systemctl --user restart jitsi

Following variables are used to setup TURN, see also Self-Hosting Guide - Docker | Jitsi Meet
You can just add them to jitsi.env.

There’s just one variable for STUN:

JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443

Thanks in advance for testing!

transocean · January 21, 2026, 2:41pm

I changed it to stun.nextcloud.com:443. And it works.

LayLow · January 21, 2026, 7:37pm

Seems also to be hardcoded to google services, so same ‘workaround’ as with Jitsi?

mrmarkuz · January 21, 2026, 7:54pm

No, it’s not hardcoded, the Google server is the default.
A STUN server can be configured by adding an environment variable to the environment file.

Enter environment:

runagent -m nethvoice1

Edit the environment file and add for example

STUNSERVER=somestunserver.domain.tld
STUNPORT=1234

Restart NethVoice in Software Center.

TURN seems not needed. From the link that I posted:

Notice that you should NEVER configure a TURN server for Janus unless it’s really what you want! If you want users to use TURN, then you need to configure that on the client side, and NOT in Janus.