Kurento Media Server (KMS) can be installed in multiple ways
- Using an EC2 instance in the Amazon Web Services (AWS) cloud service. Using AWS is suggested to users who don’t want to worry about properly configuring a server and all software packages, because the provided setup does all this automatically.
- Using the Docker images provided by the Kurento team. Docker images allow to run Kurento in any host machine, so for example it’s possible to run KMS on top of a Fedora or CentOS system. In theory it could even be possible to run under Windows, but so far that possibility hasn’t been explored, so you would be at your own risk.
- A local installation with
apt-get install, in any Ubuntu machine. This method allows to have total control of the installation process. Besides installing KMS, a common need is to also install a STUN or TURN server, especially if KMS or any of its clients are located behind a NAT firewall.
If you want to try nightly builds of KMS, then head to the section Installing Nightly Builds.
Amazon Web Services¶
The Kurento project provides an AWS CloudFormation template file. It can be used to create an EC2 instance that comes with everything needed and totally pre-configured to run KMS, including a Coturn server.
Note that this template is specifically tailored to be deployed on the default Amazon Virtual Private Cloud (Amazon VPC) network. You need an Amazon VPC to deploy this template.
Follow these steps to use it:
Access the AWS CloudFormation Console.
Click on Create Stack.
Look for the section Choose a template, and choose the option Specify an Amazon S3 template URL. Then, in the text field that gets enabled, paste this URL:
Follow through the steps of the configuration wizard:
4.1. Stack name: A descriptive name for your Stack.
4.2. InstanceType: Choose an appropriate size for your instance. Check the different ones.
4.3. KeyName: You need to create an RSA key beforehand in order to access the instance. Check AWS documentation on how to create one.
4.4. SSHLocation: For security reasons you may need to restrict SSH traffic to allow connections only from specific locations. For example, from your home or office.
4.5. TurnUser: User name for the TURN server.
4.6. TurnPassword: Password required to use the TURN server.
The template file includes Coturn as a TURN server. The default user/password for this server is
kurento. You can optionally change the username, but make sure to change the default password.
Finish the Stack creation process. Wait until the status of the newly created Stack reads CREATE_COMPLETE.
Select the Stack and then open the Outputs tab, where you’ll find the instance’s public IP address, and the Kurento Media Server endpoint URL that must be used by Application Servers.
Kurento’s Docker Hub contains images built from each KMS release. Just head to the kurento-media-server Docker Hub page, and follow the instructions you’ll find there.
With this method, you will install Kurento Media Server from the native Ubuntu package repositories made available by the Kurento project. KMS has explicit support for two Long-Term Support (LTS) versions of Ubuntu: Ubuntu 16.04 (Xenial) and Ubuntu 18.04 (Bionic) (64-bits only).
This section applies only for a first time installation. If you already have installed Kurento and want to upgrade it, follow instead the steps described here: Local Upgrade.
To install KMS, start from a clean machine (with no KMS or any of its dependencies already installed). Open a terminal, and follow these steps:
Make sure that GnuPG is installed.
sudo apt-get update && sudo apt-get install --no-install-recommends --yes \ gnupg
Define what version of Ubuntu is installed in your system.
Run only one of these lines:
# Run ONLY ONE of these lines: DISTRO="xenial" # KMS for Ubuntu 16.04 (Xenial) DISTRO="bionic" # KMS for Ubuntu 18.04 (Bionic)
Add the Kurento repository to your system configuration.
Run these two commands in the same terminal you used in the previous step:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5AFA7A83
sudo tee "/etc/apt/sources.list.d/kurento.list" >/dev/null <<EOF # Kurento Media Server - Release packages deb [arch=amd64] http://ubuntu.openvidu.io/6.13.0 $DISTRO kms6 EOF
sudo apt-get update && sudo apt-get install --yes kurento-media-server
This will install the release KMS version.
The server includes service files which integrate with the Ubuntu init system, so you can use the following commands to start and stop it:
sudo service kurento-media-server start sudo service kurento-media-server stop
Log messages from KMS will be available in
/var/log/kurento-media-server/. For more details about KMS logs, check Debug Logging.
To upgrade a previous installation of Kurento Media Server, you’ll need to edit the file
/etc/apt/sources.list.d/kurento.list, setting the new version number. After this file has been changed, there are 2 options to actually apply the upgrade:
Completely uninstall the old version, and install the new one.
Note however that apt-get doesn’t remove all dependencies that were installed with Kurento. You will need to use aptitude for this, which works better than apt-get:
sudo aptitude remove kurento-media-server sudo apt-get update && sudo apt-get install kurento-media-server
Upgrade all system packages. This makes sure that all packages in the system get to their latest versions after changing any of the files in /etc/apt/sources.list:
sudo apt-get update && sudo apt-get dist-upgrade
Be careful! If you don’t follow one of these methods, then you’ll probably end up with a mixed installation of old and new packages. You don’t want that to happen: it is a surefire way to get wrong behaviors and crashes.
A Kurento installation is composed of several packages:
- And more
When installing a new version, you have to upgrade all of them, not only the first one.
STUN and TURN servers¶
If Kurento Media Server, its Application Server, or any of the clients are located behind a NAT, you need to use a STUN or a TURN server in order to achieve NAT traversal. In most cases, STUN is effective in addressing the NAT issue with most consumer network devices (routers). However, it doesn’t work for many corporate networks, so a TURN server becomes necessary.
Apart from that, you need to open all UDP ports in your system configuration, as STUN will use any random port from the whole [0-65535] range.
The features provided by TURN are a superset of those provided by STUN. This means that you don’t need to configure a STUN server if you are already using a TURN server.
For more information about why and when STUN/TURN is needed, check out the FAQ: When is STUN needed?
To configure a STUN server in KMS, uncomment the following lines in the WebRtcEndpoint configuration file, located at
Be careful since comments inline (with
;) are not allowed for parameters in the configuration files. Thus, the following line is not correct:
stunServerAddress=<serverIp> ; Only IP addresses are supported
… and must be changed to something like this:
; Only IP addresses are supported stunServerAddress=<serverIp>
serverIp should be the public IP address of the STUN server. It must be an IP address, not a domain name.
It should be easy to find some public STUN servers that are made available for free. For example:
184.108.40.206:19302 220.127.116.11:19302 18.104.22.168:19302 22.214.171.124:19302 126.96.36.199:19302 188.8.131.52:3478 184.108.40.206:3478 220.127.116.11:3478 18.104.22.168:3478 22.214.171.124:3478 126.96.36.199:3478 188.8.131.52:3478 184.108.40.206:3478 220.127.116.11:3478 18.104.22.168:3478 22.214.171.124:3478 126.96.36.199:3478 188.8.131.52:3478 184.108.40.206:3478 220.127.116.11:3478 18.104.22.168:3478 22.214.171.124:3478 126.96.36.199:3478 188.8.131.52:3478
To configure a TURN server in KMS, uncomment the following lines in the WebRtcEndpoint configuration file, located at
serverIp should be the public IP address of the TURN server. It must be an IP address, not a domain name.
See some examples of TURN configuration below:
… or using a free access Numb TURN/STUN server:
Note that it is somewhat easy to find free STUN servers available on the net, because their functionality is pretty limited and it is not costly to keep them working for free. However, this doesn’t happen with TURN servers, which act as a media proxy between peers and thus the cost of maintaining one is much higher.
It is rare to find a TURN server which works for free while offering good performance. Usually, each user opts to maintain their own private TURN server instances.
Check your installation¶
To verify that the Kurento process is up and running, use this command and look for the
$ ps -fC kurento-media-server UID PID PPID C STIME TTY TIME CMD kurento 7688 1 0 13:36 ? 00:00:00 /usr/bin/kurento-media-server
Unless configured otherwise, KMS will listen on the IPv6 port
8888 to receive RPC Requests and send RPC Responses by means of the Kurento Protocol. Use this command to verify that this port is open and listening for incoming packets:
$ sudo netstat -tupln | grep -e kurento -e 8888 tcp6 0 0 :::8888 :::* LISTEN 7688/kurento-media-
You can change these parameters in the file /etc/kurento/kurento.conf.json.
Lastly, you can check whether the RPC WebSocket of Kurento is healthy and able to receive and process messages. For this, send a dummy request and check that the response is as expected:
$ curl -i -N \ -H "Connection: Upgrade" \ -H "Upgrade: websocket" \ -H "Host: 127.0.0.1:8888" \ -H "Origin: 127.0.0.1" \ http://127.0.0.1:8888/kurento
You should get a response similar to this one:
HTTP/1.1 500 Internal Server Error Server: WebSocket++/0.7.0
Ignore the error line: it is an expected error, because
curl does not talk the Kurento protocol. We just checked that the
WebSocket++ server is actually up, and listening for connections. If you wanted, you could automate this check with a script similar to healthchecker.sh, the one we use in Kurento Docker images.