Example configuration for coturn on AWS

turnserver.conf.awk

/^external-ip=/ { 
    print "external-ip=" PUBLIC "/" PRIVATE
    next
}
/^static-auth-secret=/ {
    print "static-auth-secret=" SECRET
    next
}
{ print }

turnserver.conf.example

external-ip=PUBLIC/PRIVATE
static-auth-secret=SECRET
listening-port 443
alt-listening-port 3478
fingerprint
lt-cred-mech
stale-nonce
use-auth-secret
realm=example.com
no-loopback-peers
no-multicast-peers
syslog
verbose
tls-listening-port 443
alt-tls-listening-port 3478
cert /usr/local/etc/turnserver.crt
pkey /usr/local/etc/turnserver.key
cipher-list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
no-sslv2
no-sslv3

turnserver.js

"use strict";

const assert = require("assert");
const crypto = require("crypto");

const secret = process.argv[2];
assert.ok(secret, "Missing static-auth-secret argument");

// generated credentials expire 4 hours from now
const expiration = Math.floor((Date.now() / 1000) + (4 * 60 * 60));
const username = "example:" + expiration;
const hmacsha1 = crypto.createHmac("sha1", secret);
hmacsha1.setEncoding("base64");
hmacsha1.write(username);
hmacsha1.end();
const password = hmacsha1.read();

console.log("TURN username:", username);
console.log("TURN password:", password);

Run turnserver.js like this to generate TURN credentials:

$ node turnserver.js paO4faXUbg2wiCLIirgC

TURN username: example:1495627810
TURN password: tnPplWKVaTzW1LYS+uguhaaAujQ=

Note that these credentials expire 4 hours after they are generated. You can change the expiration time in turnserver.js if desired.