Manual coturn install for Nextcloud?
I have seen that there is already a app wishlist entry for a turn server for Nextcloud Talk. Has anyone been able to install anything manually in the meantime so that webrtc can work on Nextcloud Talk? Either on the cloudron server directly - or on another server?
It's a bit of a blocker for us at the moment. We could setup Nextcloud & a turn server on Ubuntu directly without cloudron, but as we're a small NGO, cloudron is a much easier solution to support without a dedicated IT department.
Does anyone have any ideas?
Apologies for bumping a month-old thread. Has anyone been able to get this working?
I have tried installing coturn on the host, adding iptable entries to open the tcp/udp ports, made them persistent & still no go. I'm not sure if I've setup the certs correctly. I pointed the config file to the host certs in /home/yellowtent/boxdata/certs. I have also tried without tls - still no go.
Anyone? I would of thought that many people using Nextcloud in a company/organisational setting would definitely benefit from Nextcloud Talk.
@iqweb It seems that coturn may not work very well in a reverse proxy setup (like cloudron). So, we have to use another VPS server and install coturn there atm.
I found some good tutorials - https://meetrix.io/blog/webrtc/coturn/installation.html. I will keep looking for ideas on how to install coturn in a reverse proxy setup like https://github.com/coturn/coturn/issues/43
@girish while its surely beneficial in very restricted networks to have the turn server available on port 443, its not really a requirement. Similar to the openvpn app you could have the turn server simply listening on its own port.
I have for another project identified https://github.com/instrumentisto/coturn-docker-image as a good base for running coturn (but actually did not yet get to implement it). This image is actively maintained and because of its alpine base quite small.
I have good news! I have manged to get it working - voice/screensharing tested successfully! I haven't tested video yet but I'm pretty sure it should work. I'm on the road at the moment but I'll post a write up in the next day or so.
Just to clarify - it is working with tls on coturn, installed & configured on the same vps as the cloudron install. It was very simple - just needed to get the turnserver.conf correct with a generated dh file & host certs in the yellowtent/boxdata/certs folder.
Ok - here's how I got it working. This was worked out by checking out various posts on the Nextcloud and also an excellent, simple tutorial on my vps host's tutorial site, Hetzner.
This is a detailed how-to to enable voice/video/screensharing support in Nextcloud Talk installed in Nextcloud on Cloudron that is available from outside the local network by installing coturn turn/stun server.
Nextcloud and Nextcloud Talk installed on Cloudron
'A' record setup on your DNS registrar's admin panel pointing to your cloudron server's public ip address with a name record chosen by you e.g. 'turn'
All the below commands should be run as root or with sudo.
- Install coturn and persistent iptables:
apt-get install coturn iptables-persistent
- Temporarily stop coturn:
systemctl stop coturn
- Open ports for use with coturn (default ports in this example)
iptables -I INPUT -p tcp --dport 5349 -j ACCEPT iptables -I INPUT -p udp --dport 5349 -j ACCEPT iptables-save > /etc/iptables/rules.v4
- Enable coturn daemon
Open the file /etc/default/coturn and remove the # in front of TURNSERVER_ENABLED=1 (i.e. uncomment it)
- Make a backup of the original turnserver.conf file:
mv /etc/turnserver.conf /etc/turnserver.conf.orig
- Create new /etc/turnserver.conf using nano or vim or whatever editor you choose as below referring to the comments for changes to be made for your installation:
#the port that you opened using iptables tls-listening-port=5349 fingerprint lt-cred-mech use-auth-secret # this is created by running the sed command in the detailed instrucions static-auth-secret=replace-this-secret # the domain that you create an A record for realm=aaa.bbb.ccc total-quota=100 stale-nonce=600 # the host domain certs that were created by cloudron on installation cert=/home/yellowtent/boxdata/certs/xxx.yyy.host.cert pkey=/home/yellowtent/boxdata/certs/xxx.yyy.host.key # this will be created using openssl dh-file=/home/yellowtent/boxdata/certs/dhparam.pem cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384" no-sslv3 no-tlsv1 no-tlsv1_1 no-stdout-log # this can be watched using tail -f for troubleshooting log-file=/var/tmp/turn.log # once everything is confirmed working you can comment out the above line & uncomment the following #log-file=/dev/null no-loopback-peers no-multicast-peers proc-user=turnserver proc-group=turnserver
- Create DiffieHellman (dhparam.pem) key exchange file for better TLS security. (this can take sometime - be patient)
openssl dhparam -out /home/yellowtent/boxdata/certs/dhparam.pem 4096
- Start coturn
systemctl status coturn
- In Nextcloud, login as an admin & go to the settings page & scroll down to the Talk settings. Add a new TURN server using the domain name you created an A record that appears in your turnserver.conf file after realm= followed by a colon with the tls-listening-port number that you opened - e.g. aaa.bbb.ccc:5349 and for secret enter the static-auth-secret in your turnserver.conf. Choose UDP and TCP. It should then check that it is working and a checkmark will temporarily appear confirming it works. You can also optionally enter the same server:port combination for adding your own STUN server.
You can go ahead & test a voice & or video chat between 2 clients. To troubleshoot you can tail the latest log file while attempting a chat e.g.
tail -f /var/tmp/turn_2019-08-23.log