====== Create STUN/TURN server for Talk ======

Taken from [[https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794|HowTo: Setup Nextcloud Talk with TURN server]] and modified for [[https://www.devuan.org/|Devuan Linux]]. Devuan is a fork of [[https://debian.org|Debian Linux]] which does not use [[https://en.wikipedia.org/wiki/Systemd|system-d]].

I've summarized and modified the original article.

===== Set up your firewall to allow listening port =====

Whatever firewall you may use, it needs to allow the TURN port to access the server on both UDP and TCP. Default below is port 3478

===== Install and configure coturn =====

I'm using //coturn// as the TURN server, as it has a package on Devuan, and gone with most of the defaults. The script below (run as root) 
  * installs coturn
  * configures it to autostart
  * saves the excellently commented config (adding .original)
  * creates a new config
    * uses the default TURN port of 3478, change that if you want
    * generates a random auth key
    * sets realm to the current hostname
    * modifies logging to use syslog, but also create a separate log file
    * creates a commented external-ip for use if your server is NAT'd
  * starts coturn

The following script can be downloaded and run, or simply copy/paste the commands one by one. Note that the lines containing //cat// down to //EOF// (on line by itself) are one command

<code bash setupcoturn.sh>
#! /usr/bin/env bash

# install latest version of coturn
apt install -y coturn
# set to enable coturn
sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn
# save the original turnserver.conf file
mv /etc/turnserver.conf /etc/turnserver.conf.original
# create a new turnserver.conf file with most of the stuff filled in
cat <<EOF>/etc/turnserver.conf
# If you change this, you must change the port in your firewall and your nextcloud talk config
listening-port=3478
fingerprint
use-auth-secret
# randomly created key to be used on clients utilizing the server (your Talk server)
static-auth-secret=`openssl rand -hex 32`
realm=`hostname -f`
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
no-stdout-log # turn off logging to STDOUT
log-file=/var/log/turn.log # remove this to not have a separate file
syslog # also use syslog for logging
simple-log
# modify the following if you are behind a NAT
# (change external.ip.address to public IP) and uncomment
#external-ip=`hostname -I | cut -d' ' -f1`/external.ip.address
EOF
service coturn start
</code>

===== Configure Nextcloud Talk server =====

  - Log into the NextCloud instance as an administrator
  - click on the circle in upper right to get menu
  - Select Administration Settings
  - Select //Talk// on left (under Administration)
  - Scroll down to STUN servers
    - enter hostname/IP and port in stun (example.org:3478)
    - note, it auto checks via javascript, so best to copy/paste
  - Scroll down to TUIRN servers
    - Select turn:only
    - enter hostname/IP and port in next block (same as above)
    - paste key from //static-auth-secret// on server
    - select UPD and TCP
  - both of these (STUN for sure) will throw an error message if the server can not connect.

===== Test =====

Simply make a Talk connection between two people, where at least one is behind a firewall. If it works, you've done it correctly.

===== Links =====

  * https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794