# niom-turn

A minimal TURN/STUN server in Rust (Tokio), including long-term authentication (REALM/NONCE + MESSAGE-INTEGRITY) and optional TLS (`turns:`).

## Features

- STUN Binding (basic)
- TURN Allocate / Refresh
- CreatePermission, ChannelBind, Send
- UDP relay + return path as Data Indication or ChannelData
- TCP (`turn:`) and TLS (`turns:`) control plane (stream framing)
- TURN REST credentials (optional)
- Basic limits (allocations/permissions/channel bindings + rate limits)

## Quickstart

```bash
cargo build
cargo test
```

Local start (loads `appsettings.json` from the current working directory):

```bash
cp appsettings.example.json appsettings.json
cargo run --bin niom-turn
```

## Configuration

The current schema is shown in `appsettings.example.json`.
Important: `niom-turn` currently **always** loads `appsettings.json` from the **working directory**.

Details: `docs/config/runtime.md`.

## Deployment

See `docs/deployment.md` for:
- systemd unit (including `WorkingDirectory=/etc/niom-turn`)
- TLS certificate/key paths
- NAT / `relay.advertised_ip`
- debugging with `journalctl`

## Protocol / Interop notes

- `CHANNEL-BIND` can implicitly create the permission for that peer (interop with common clients).
- Responses are signed using an MI mode that matches the accepted request variant.

See `docs/turn_end_to_end_flow.md`.

## Docs

Entry point: `docs/index.md`.

## License

MIT