Sign In

Using ExpressTURN with PeerJS

Five-minute integration. Drop your credentials in, ICE handles the rest.

What you'll have at the end

A working PeerJS connection that falls back to TURN when your peers can't reach each other directly — so the call still connects on hotel Wi-Fi, mobile carriers, and corporate firewalls.

1. Get credentials

Sign up at expressturn.com/signup, then copy your turn_username and turn_password from the dashboard. Free tier gets you 1 TB/month.

2. Pass them to PeerJS

// npm install peerjs
import { Peer } from 'peerjs';

const peer = new Peer('your-peer-id', {
  config: {
    iceServers: [
      { urls: 'stun:stun.expressturn.com:3478' },
      {
        urls: [
          'turn:relay1.expressturn.com:3478?transport=udp',
          'turn:relay1.expressturn.com:3478?transport=tcp',
          'turns:relay1.expressturn.com:443?transport=tcp'
        ],
        username: 'YOUR_EXPRESSTURN_USERNAME',
        credential: 'YOUR_EXPRESSTURN_PASSWORD'
      }
    ],
    iceTransportPolicy: 'all'
  }
});

peer.on('open', id => console.log('peer ready:', id));
peer.on('connection', conn => {
  conn.on('data', d => console.log('received:', d));
});

3. Verify TURN actually works

The trap with TURN is silent fallback — your dev machine connects directly via local network and you never test the relay path. Force every connection through TURN for testing:

// In dev, set iceTransportPolicy to 'relay' to force TURN
const peer = new Peer({
  config: {
    iceServers: [/* same as above */],
    iceTransportPolicy: 'relay'  // every packet goes through TURN
  }
});

Open chrome://webrtc-internals while testing. You should see the active candidate pair use relay as its candidate type.

Common pitfalls

  • Forgetting iceTransportPolicy: 'all': Default is fine; explicitly setting it makes intent obvious.
  • Hard-coding credentials in client bundle: Free-tier static credentials are fine for hobby use. For production at scale, upgrade to shared-secret auth and mint per-session creds server-side.
  • Skipping TLS-443: Always include turns:relay1.expressturn.com:443 — it's the only path that survives strict corporate firewalls.
  • Wrong port for TURNS: turns://...:443, not turn://...:443. The s matters.

Premium: per-user credentials

If you're running PeerJS at scale and don't want a leaked client bundle to expose your TURN password, mint short-lived credentials server-side using the shared-secret auth example. Your server hands each PeerJS client a fresh username/password pair valid for an hour.

Related: simple-peer recipe · TURN for social apps · TURN for multiplayer games

Done. Ship it.

Get Free TURN Credentials