Nextcloud Installation - Part 12 Setup TURN Server for Nextcloud Talk
HTML-код
- Опубликовано: 14 окт 2024
- We setup a TURN server to use with nextcloud TALK APP.
Nextcloud document:
nextcloud-talk...
Commands available here:
geek2gether.co...
Config file:
/etc/turnserver.conf
STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
Allow connection on the UDP port 3478
#listening-port=3478
and 5349 for TLS (secure)
tls-listening-port=5349
Require authentication
fingerprint
lt-cred-mech
We will use the longterm authentication mechanism, but if
you want to use the auth-secret mechanism, comment lt-cred-mech and
uncomment use-auth-secret
Check: github.com/cot...
#The static auth secret needs to be changed, in this tutorial
we'll generate a token using OpenSSL
use-auth-secret
static-auth-secret=paste secret
----
If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
This will replace the replace-this-secret text on the file with the generated token using openssl.
Specify the server name and the realm that will be used
if is your first time configuring, just use the domain as name
server-name=server name
realm=server name
Important:
Create a test user if you want
You can remove this user after testing
#user=guest:somepassword
total-quota=100
stale-nonce=600
Path to the SSL certificate and private key. In this example we will use
the letsencrypt generated certificate files.
cert=cert path
pkey=private key path
Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
Specify the process user and group
proc-user=turnserver
proc-group=turnserver
#end
For questions and discussions about errors or if you need further assistance, please join our discussion community at:
geek2gether.co...
The coturn server doesnt open 5349 port in "tls-listening-port". If i declare the same port at "listening-port" it woks
Thank you for watching. Before trying to open the tls port do you have a certificate setup for tls?
Hello! I have VPS where I have Nextcloud running in a docker container. I have configured the TURN server in the same host where I am running the Nextcloud container? Is it possible? Or should I use a different server to configure TURN? I am wondering because in service is up and running but I am not able to configure the TURN server in the Talk configuration. Help please :)
Thank you for watching. It is possible but I don’t recommend it. It will work if you install turn on thesame server as long as all the port is accessible and the turn setup is completed. When you say it doesn’t work, what error do you get?
So, I set up a turn server in a virtual machine (proxmox), and I set up my pfSense with a NAT rule and a route rule to direct port 5349 to my turn server. I'm using Traefik as a reverse proxy for Nextcloud, but I did not configure the Turn server to use Traefik, because pfSens is routing the data directly. When I try to connect my turn server in Nextcloud it just spins until it eventually times out. On the coturn server box, I tried running 'systemctl status coturn', and it reports that the server is active (running). But, if I run 'ss -lntu' it shows that I'm listening on port 3478 (I had enabled both stun and turn in the config file), but it doesn't appear to be listening on 5349. Is there a good way for me to determine if the stun server is working?
BTW, I forgot to mention in this post that I don't have a lot of confidence in my config file, because I couldn't find an easy way to copy the one you provided. Since it is in pdf format, my copy and paste copied everything as one line, and I had to insert linefeeds throughout. It's possible that I merged two line together, or left an important line in a comment. Is it possible to get the configuration file in the same format that you used in your earlier videos? Thanks!
Thank you for watching. Did you add the option tls-listening-port in the config file and set a certificate and a private key as well?
Did you set the server-name and realm option as well?
About the config file I don’t have that anymore as my videos use a vm for lab purposes and are deleted after.
If you are using LE to gen your certs, you will not have rights to the pem files as coturn runs under the user turnserver. Your /var/log/syslog should confirm this. This is why it's falling back to the default 3478. The real question is, do you add turnserver to the root group, or change the permissions on the certs each time you update them?
@@geek2gether469, thanks for your response. Yes, I just double checked those parameters, and they look correct. I suspect this is a problem doing this through NAT, so I'm currently trying to set it up again on the free tier of an Oracle VM. I don't know if it will be powerful enough, but maybe I can see Nextcloud accept it.
Meanwhile, @Bass-xv7rp just replied with a suggestion, and I'll reply to his post. But please look it over and let me know what you suggest. Thanks!
Please can I possible install a TURN setup and onlyoffice setup on same EC2 instance? Thanks for the videos once again.
Yes you can, but not recommended. But if your EC2 instance has enough memory then go for it. Follow the tutorial for only office and after do thesame for TURN server. Make sure you have the necessary ports for the TURN service and Onlyoffice open for inbound connections.
@@geek2gether469 Thanks. I have watched all your nextcloud videos. They are so helpful. I only just needed a yes to be able to continue to use same EC2 instance for onlyoffice and TURN. Thanks for the response
@@geek2gether469 I think this is the point I'm having issues. Don't think I have set the right ports and after I saved, the coturn server failed a restart. What do I do? Can you help specify the necessary ports for the security group?
Do you have logs ? The logs will tell us why it is failing to start and then I can use that information to provide you with a solution.
@@geek2gether469 I found the error. I wanted guests to be able to join Talk videos so I used chatGPT suggestion which led to the error. But after removing that, it was all resolved.
I still need it but I'll leave that for now. Thanks for the response
This tutorial should have been "Part 12". You already have part 11 written for the Gmail SSO video
Great Catch, thank you. I made the correction.
@@geek2gether469 Seen it