Table of Contents
Create STUN/TURN server for Talk
Taken from HowTo: Setup Nextcloud Talk with TURN server and modified for Devuan Linux. Devuan is a fork of Debian Linux which does not use system-d.
I've summarized and modified the original article.
Set up your firewall to allow listening port
Whatever firewall you may use, it needs to allow the TURN port to access the server on both UDP and TCP. Default below is port 3478
Install and configure coturn
I'm using coturn as the TURN server, as it has a package on Devuan, and gone with most of the defaults. The script below (run as root)
- installs coturn
- configures it to autostart
- saves the excellently commented config (adding .original)
- creates a new config
- uses the default TURN port of 3478, change that if you want
- generates a random auth key
- sets realm to the current hostname
- modifies logging to use syslog, but also create a separate log file
- creates a commented external-ip for use if your server is NAT'd
- starts coturn
The following script can be downloaded and run, or simply copy/paste the commands one by one. Note that the lines containing cat down to EOF (on line by itself) are one command
- setupcoturn.sh
#! /usr/bin/env bash # install latest version of coturn apt install -y coturn # set to enable coturn sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn # save the original turnserver.conf file mv /etc/turnserver.conf /etc/turnserver.conf.original # create a new turnserver.conf file with most of the stuff filled in cat <<EOF>/etc/turnserver.conf # If you change this, you must change the port in your firewall and your nextcloud talk config listening-port=3478 fingerprint use-auth-secret # randomly created key to be used on clients utilizing the server (your Talk server) static-auth-secret=`openssl rand -hex 32` realm=`hostname -f` total-quota=100 bps-capacity=0 stale-nonce no-multicast-peers no-stdout-log # turn off logging to STDOUT log-file=/var/log/turn.log # remove this to not have a separate file syslog # also use syslog for logging simple-log # modify the following if you are behind a NAT # (change external.ip.address to public IP) and uncomment #external-ip=`hostname -I | cut -d' ' -f1`/external.ip.address EOF service coturn start
Configure Nextcloud Talk server
- Log into the NextCloud instance as an administrator
- click on the circle in upper right to get menu
- Select Administration Settings
- Select Talk on left (under Administration)
- Scroll down to STUN servers
- enter hostname/IP and port in stun (example.org:3478)
- note, it auto checks via javascript, so best to copy/paste
- Scroll down to TUIRN servers
- Select turn:only
- enter hostname/IP and port in next block (same as above)
- paste key from static-auth-secret on server
- select UPD and TCP
- both of these (STUN for sure) will throw an error message if the server can not connect.
Test
Simply make a Talk connection between two people, where at least one is behind a firewall. If it works, you've done it correctly.