Table of Contents

Create STUN/TURN server for Talk

Taken from HowTo: Setup Nextcloud Talk with TURN server and modified for Devuan Linux. Devuan is a fork of Debian Linux which does not use system-d.

I've summarized and modified the original article.

Set up your firewall to allow listening port

Whatever firewall you may use, it needs to allow the TURN port to access the server on both UDP and TCP. Default below is port 3478

Install and configure coturn

I'm using coturn as the TURN server, as it has a package on Devuan, and gone with most of the defaults. The script below (run as root)

The following script can be downloaded and run, or simply copy/paste the commands one by one. Note that the lines containing cat down to EOF (on line by itself) are one command

setupcoturn.sh
#! /usr/bin/env bash
 
# install latest version of coturn
apt install -y coturn
# set to enable coturn
sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn
# save the original turnserver.conf file
mv /etc/turnserver.conf /etc/turnserver.conf.original
# create a new turnserver.conf file with most of the stuff filled in
cat <<EOF>/etc/turnserver.conf
# If you change this, you must change the port in your firewall and your nextcloud talk config
listening-port=3478
fingerprint
use-auth-secret
# randomly created key to be used on clients utilizing the server (your Talk server)
static-auth-secret=`openssl rand -hex 32`
realm=`hostname -f`
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
no-stdout-log # turn off logging to STDOUT
log-file=/var/log/turn.log # remove this to not have a separate file
syslog # also use syslog for logging
simple-log
# modify the following if you are behind a NAT
# (change external.ip.address to public IP) and uncomment
#external-ip=`hostname -I | cut -d' ' -f1`/external.ip.address
EOF
service coturn start

Configure Nextcloud Talk server

  1. Log into the NextCloud instance as an administrator
  2. click on the circle in upper right to get menu
  3. Select Administration Settings
  4. Select Talk on left (under Administration)
  5. Scroll down to STUN servers
    1. enter hostname/IP and port in stun (example.org:3478)
    2. note, it auto checks via javascript, so best to copy/paste
  6. Scroll down to TUIRN servers
    1. Select turn:only
    2. enter hostname/IP and port in next block (same as above)
    3. paste key from static-auth-secret on server
    4. select UPD and TCP
  7. both of these (STUN for sure) will throw an error message if the server can not connect.

Test

Simply make a Talk connection between two people, where at least one is behind a firewall. If it works, you've done it correctly.