Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Nextcloud
  3. Manual coturn install for Nextcloud?

Manual coturn install for Nextcloud?

Scheduled Pinned Locked Moved Solved Nextcloud
nextcloud
11 Posts 5 Posters 2.4k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I Offline
    I Offline
    iqweb
    wrote on last edited by girish
    #1

    I have seen that there is already a app wishlist entry for a turn server for Nextcloud Talk. Has anyone been able to install anything manually in the meantime so that webrtc can work on Nextcloud Talk? Either on the cloudron server directly - or on another server?

    It's a bit of a blocker for us at the moment. We could setup Nextcloud & a turn server on Ubuntu directly without cloudron, but as we're a small NGO, cloudron is a much easier solution to support without a dedicated IT department.

    Does anyone have any ideas?

    1 Reply Last reply
    3
    • yusfY Offline
      yusfY Offline
      yusf
      wrote on last edited by
      #2

      The Matrix app comes with a TURN server built-in, which should be of guidance if implemented into the Nextcloud app.

      1 Reply Last reply
      0
      • I Offline
        I Offline
        iqweb
        wrote on last edited by
        #3

        The Nextcloud forum has a decent guide & the official Nextcloud VM has an install script available.

        Would be ok to manually install coturn on the Cloudron server as per their instructions? If so, how would I open the coturn port on the server without messing up any cloudron security?

        1 Reply Last reply
        0
        • I Offline
          I Offline
          iqweb
          wrote on last edited by
          #4

          Apologies for bumping a month-old thread. Has anyone been able to get this working?

          I have tried installing coturn on the host, adding iptable entries to open the tcp/udp ports, made them persistent & still no go. I'm not sure if I've setup the certs correctly. I pointed the config file to the host certs in /home/yellowtent/boxdata/certs. I have also tried without tls - still no go.

          Anyone? I would of thought that many people using Nextcloud in a company/organisational setting would definitely benefit from Nextcloud Talk.

          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #5

            Thanks for checking again. We haven't looked into this but it's definitely something we want to support out of the box. Will update this post after we check out the installation instructions.

            1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #6

              @iqweb It seems that coturn may not work very well in a reverse proxy setup (like cloudron). So, we have to use another VPS server and install coturn there atm.

              I found some good tutorials - https://meetrix.io/blog/webrtc/coturn/installation.html. I will keep looking for ideas on how to install coturn in a reverse proxy setup like https://github.com/coturn/coturn/issues/43

              1 Reply Last reply
              0
              • fbartelsF Offline
                fbartelsF Offline
                fbartels
                App Dev
                wrote on last edited by
                #7

                @girish while its surely beneficial in very restricted networks to have the turn server available on port 443, its not really a requirement. Similar to the openvpn app you could have the turn server simply listening on its own port.

                I have for another project identified https://github.com/instrumentisto/coturn-docker-image as a good base for running coturn (but actually did not yet get to implement it). This image is actively maintained and because of its alpine base quite small.

                1 Reply Last reply
                0
                • I Offline
                  I Offline
                  iqweb
                  wrote on last edited by
                  #8

                  I have good news! I have manged to get it working - voice/screensharing tested successfully! I haven't tested video yet but I'm pretty sure it should work. I'm on the road at the moment but I'll post a write up in the next day or so.

                  Just to clarify - it is working with tls on coturn, installed & configured on the same vps as the cloudron install. It was very simple - just needed to get the turnserver.conf correct with a generated dh file & host certs in the yellowtent/boxdata/certs folder.

                  1 Reply Last reply
                  0
                  • girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by girish
                    #9

                    @iqweb Do you think you can put in some more detailed instructions on how to do this, so I can integrate it into Cloudron itself?

                    never mind, you mentioned that as the first line of your comment.

                    1 Reply Last reply
                    0
                    • I Offline
                      I Offline
                      iqweb
                      wrote on last edited by
                      #10

                      Ok - here's how I got it working. This was worked out by checking out various posts on the Nextcloud and also an excellent, simple tutorial on my vps host's tutorial site, Hetzner.

                      This is a detailed how-to to enable voice/video/screensharing support in Nextcloud Talk installed in Nextcloud on Cloudron that is available from outside the local network by installing coturn turn/stun server.

                      Prequisites:
                      Nextcloud and Nextcloud Talk installed on Cloudron
                      'A' record setup on your DNS registrar's admin panel pointing to your cloudron server's public ip address with a name record chosen by you e.g. 'turn'

                      All the below commands should be run as root or with sudo.

                      1. Install coturn and persistent iptables:
                      apt-get install coturn iptables-persistent
                      
                      1. Temporarily stop coturn:
                      systemctl stop coturn
                      
                      1. Open ports for use with coturn (default ports in this example)
                      iptables -I INPUT -p tcp --dport 5349 -j ACCEPT
                      iptables -I INPUT -p udp --dport 5349 -j ACCEPT
                      iptables-save > /etc/iptables/rules.v4
                      
                      1. Enable coturn daemon

                      Open the file /etc/default/coturn and remove the # in front of TURNSERVER_ENABLED=1 (i.e. uncomment it)

                      1. Make a backup of the original turnserver.conf file:
                      mv /etc/turnserver.conf /etc/turnserver.conf.orig
                      
                      1. Create new /etc/turnserver.conf using nano or vim or whatever editor you choose as below referring to the comments for changes to be made for your installation:
                      #the port that you opened using iptables
                      tls-listening-port=5349
                      
                      fingerprint
                      lt-cred-mech
                      
                      use-auth-secret
                      # this is created by running the sed command in the detailed instrucions
                      static-auth-secret=replace-this-secret
                      
                      # the domain that you create an A record for
                      realm=aaa.bbb.ccc
                      
                      total-quota=100
                      stale-nonce=600
                      
                      # the host domain certs that were created by cloudron on installation
                      cert=/home/yellowtent/boxdata/certs/xxx.yyy.host.cert
                      pkey=/home/yellowtent/boxdata/certs/xxx.yyy.host.key
                      # this will be created using openssl
                      dh-file=/home/yellowtent/boxdata/certs/dhparam.pem
                      
                      cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
                      
                      no-sslv3
                      no-tlsv1
                      no-tlsv1_1
                      
                      
                      no-stdout-log
                      
                      # this can be watched using tail -f for troubleshooting
                      log-file=/var/tmp/turn.log
                      
                      # once everything is confirmed working you can comment out the above line & uncomment the following
                      
                      #log-file=/dev/null
                      
                      no-loopback-peers
                      no-multicast-peers
                      
                      proc-user=turnserver
                      proc-group=turnserver
                      
                      1. Create DiffieHellman (dhparam.pem) key exchange file for better TLS security. (this can take sometime - be patient)
                      openssl dhparam -out /home/yellowtent/boxdata/certs/dhparam.pem 4096
                      
                      1. Start coturn
                      systemctl status coturn
                      
                      1. In Nextcloud, login as an admin & go to the settings page & scroll down to the Talk settings. Add a new TURN server using the domain name you created an A record that appears in your turnserver.conf file after realm= followed by a colon with the tls-listening-port number that you opened - e.g. aaa.bbb.ccc:5349 and for secret enter the static-auth-secret in your turnserver.conf. Choose UDP and TCP. It should then check that it is working and a checkmark will temporarily appear confirming it works. You can also optionally enter the same server:port combination for adding your own STUN server.

                      You can go ahead & test a voice & or video chat between 2 clients. To troubleshoot you can tail the latest log file while attempting a chat e.g.

                      tail -f /var/tmp/turn_2019-08-23.log
                      
                      jdaviescoatesJ 1 Reply Last reply
                      1
                      • I iqweb

                        Ok - here's how I got it working. This was worked out by checking out various posts on the Nextcloud and also an excellent, simple tutorial on my vps host's tutorial site, Hetzner.

                        This is a detailed how-to to enable voice/video/screensharing support in Nextcloud Talk installed in Nextcloud on Cloudron that is available from outside the local network by installing coturn turn/stun server.

                        Prequisites:
                        Nextcloud and Nextcloud Talk installed on Cloudron
                        'A' record setup on your DNS registrar's admin panel pointing to your cloudron server's public ip address with a name record chosen by you e.g. 'turn'

                        All the below commands should be run as root or with sudo.

                        1. Install coturn and persistent iptables:
                        apt-get install coturn iptables-persistent
                        
                        1. Temporarily stop coturn:
                        systemctl stop coturn
                        
                        1. Open ports for use with coturn (default ports in this example)
                        iptables -I INPUT -p tcp --dport 5349 -j ACCEPT
                        iptables -I INPUT -p udp --dport 5349 -j ACCEPT
                        iptables-save > /etc/iptables/rules.v4
                        
                        1. Enable coturn daemon

                        Open the file /etc/default/coturn and remove the # in front of TURNSERVER_ENABLED=1 (i.e. uncomment it)

                        1. Make a backup of the original turnserver.conf file:
                        mv /etc/turnserver.conf /etc/turnserver.conf.orig
                        
                        1. Create new /etc/turnserver.conf using nano or vim or whatever editor you choose as below referring to the comments for changes to be made for your installation:
                        #the port that you opened using iptables
                        tls-listening-port=5349
                        
                        fingerprint
                        lt-cred-mech
                        
                        use-auth-secret
                        # this is created by running the sed command in the detailed instrucions
                        static-auth-secret=replace-this-secret
                        
                        # the domain that you create an A record for
                        realm=aaa.bbb.ccc
                        
                        total-quota=100
                        stale-nonce=600
                        
                        # the host domain certs that were created by cloudron on installation
                        cert=/home/yellowtent/boxdata/certs/xxx.yyy.host.cert
                        pkey=/home/yellowtent/boxdata/certs/xxx.yyy.host.key
                        # this will be created using openssl
                        dh-file=/home/yellowtent/boxdata/certs/dhparam.pem
                        
                        cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
                        
                        no-sslv3
                        no-tlsv1
                        no-tlsv1_1
                        
                        
                        no-stdout-log
                        
                        # this can be watched using tail -f for troubleshooting
                        log-file=/var/tmp/turn.log
                        
                        # once everything is confirmed working you can comment out the above line & uncomment the following
                        
                        #log-file=/dev/null
                        
                        no-loopback-peers
                        no-multicast-peers
                        
                        proc-user=turnserver
                        proc-group=turnserver
                        
                        1. Create DiffieHellman (dhparam.pem) key exchange file for better TLS security. (this can take sometime - be patient)
                        openssl dhparam -out /home/yellowtent/boxdata/certs/dhparam.pem 4096
                        
                        1. Start coturn
                        systemctl status coturn
                        
                        1. In Nextcloud, login as an admin & go to the settings page & scroll down to the Talk settings. Add a new TURN server using the domain name you created an A record that appears in your turnserver.conf file after realm= followed by a colon with the tls-listening-port number that you opened - e.g. aaa.bbb.ccc:5349 and for secret enter the static-auth-secret in your turnserver.conf. Choose UDP and TCP. It should then check that it is working and a checkmark will temporarily appear confirming it works. You can also optionally enter the same server:port combination for adding your own STUN server.

                        You can go ahead & test a voice & or video chat between 2 clients. To troubleshoot you can tail the latest log file while attempting a chat e.g.

                        tail -f /var/tmp/turn_2019-08-23.log
                        
                        jdaviescoatesJ Online
                        jdaviescoatesJ Online
                        jdaviescoates
                        wrote on last edited by
                        #11

                        @iqweb I've not looked at it yet but also just seen this tutorial https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794

                        I use Cloudron with Gandi & Hetzner

                        1 Reply Last reply
                        0
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search