Ok - here's how I got it working. This was worked out by checking out various posts on the Nextcloud and also an excellent, simple tutorial on my vps host's tutorial site, Hetzner.
This is a detailed how-to to enable voice/video/screensharing support in Nextcloud Talk installed in Nextcloud on Cloudron that is available from outside the local network by installing coturn turn/stun server.
Nextcloud and Nextcloud Talk installed on Cloudron
'A' record setup on your DNS registrar's admin panel pointing to your cloudron server's public ip address with a name record chosen by you e.g. 'turn'
All the below commands should be run as root or with sudo.
- Install coturn and persistent iptables:
apt-get install coturn iptables-persistent
- Temporarily stop coturn:
systemctl stop coturn
- Open ports for use with coturn (default ports in this example)
iptables -I INPUT -p tcp --dport 5349 -j ACCEPT
iptables -I INPUT -p udp --dport 5349 -j ACCEPT
iptables-save > /etc/iptables/rules.v4
- Enable coturn daemon
Open the file /etc/default/coturn and remove the # in front of TURNSERVER_ENABLED=1 (i.e. uncomment it)
- Make a backup of the original turnserver.conf file:
mv /etc/turnserver.conf /etc/turnserver.conf.orig
- Create new /etc/turnserver.conf using nano or vim or whatever editor you choose as below referring to the comments for changes to be made for your installation:
#the port that you opened using iptables
# this is created by running the sed command in the detailed instrucions
# the domain that you create an A record for
# the host domain certs that were created by cloudron on installation
# this will be created using openssl
# this can be watched using tail -f for troubleshooting
# once everything is confirmed working you can comment out the above line & uncomment the following
- Create DiffieHellman (dhparam.pem) key exchange file for better TLS security. (this can take sometime - be patient)
openssl dhparam -out /home/yellowtent/boxdata/certs/dhparam.pem 4096
- Start coturn
systemctl status coturn
- In Nextcloud, login as an admin & go to the settings page & scroll down to the Talk settings. Add a new TURN server using the domain name you created an A record that appears in your turnserver.conf file after realm= followed by a colon with the tls-listening-port number that you opened - e.g. aaa.bbb.ccc:5349 and for secret enter the static-auth-secret in your turnserver.conf. Choose UDP and TCP. It should then check that it is working and a checkmark will temporarily appear confirming it works. You can also optionally enter the same server:port combination for adding your own STUN server.
You can go ahead & test a voice & or video chat between 2 clients. To troubleshoot you can tail the latest log file while attempting a chat e.g.
tail -f /var/tmp/turn_2019-08-23.log