diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..4f84b51
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export TURNSERVER_CONF_VERSION=v1
diff --git a/compose.yml b/compose.yml
index a2c3805..562ba56 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: nginx:1.20.0
+    image: screensy/website
     networks:
       - proxy
     deploy:
@@ -11,7 +11,7 @@ services:
         condition: on-failure
       labels:
         - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
@@ -20,13 +20,45 @@ services:
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "coop-cloud.${STACK_NAME}.version="
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 10
+    #   start_period: 1m
+  
+  rendezvous:
+    image: screensy/rendezvous
+    networks:
+      - proxy
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}-rendezvous.loadbalancer.server.port=4000"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && HeadersRegexp(`Connection`, `.*Upgrade.*`) && Headers(`Upgrade`, `websocket`)"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}-rendezvous.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
+  turn:
+    image: "coturn/coturn:4.5.2"
+    # Use the host network directly as Docker performs badly with
+    # large port ranges
+    networks:
+      - host
+    configs:
+      - source: turnserver_conf
+        target: /etc/coturn/turnserver.conf
 
 networks:
   proxy:
     external: true
+  host:
+    external: true
+
+configs:
+  turnserver_conf:
+    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
+    file: turnserver.conf.tmpl
+    template_driver: golang
diff --git a/turnserver.conf.tmpl b/turnserver.conf.tmpl
new file mode 100644
index 0000000..c81d6ef
--- /dev/null
+++ b/turnserver.conf.tmpl
@@ -0,0 +1,27 @@
+# Set the value below to your public IP address or domain.
+external-ip={{ env "DOMAIN" }}
+
+# Set the TURN/STUN server listener port for UDP and TCP.
+listening-port=3478
+
+# Create a default static user account with username "screensy" and password
+# "screensy".
+user=screensy:screensy
+
+# Use long-term credential mechanism to prevent completely anonymous access by
+# spammers.
+lt-cred-mech
+
+# Set the realm to be used for the users. Required by lt-cred-mech.
+realm=screensy
+
+# Turn off the CLI support since we do not support it.
+no-cli
+
+# Do not start TLS client listener since we do not support it. This is not
+# dangerous, since even with an unencrypted TURN server, the WebRTC data cannot
+# be compromised.
+no-tls
+
+# Do not start DTLS client listener since we do not support it.
+no-dtls