Nextcloud ready for Talk
“Meetings with colleagues, customers and partners – have a personal conversation with one click. Keep conversations private with Nextcloud Talk” on your own Nextcloud server, based on Ubuntu 18.04, NGINX 1.15 and your own TURN server … based on the Nextcloud installation guide with few amendments only. Don’t wait any longer…
First switch into sudo mode and install coturn as your TURN server:
sudo -s apt install coturn
Modify the coturn configuration file
by removing the leading ‘#’ at the beginning of “TURNSERVER_ENABLED=1”
# # Uncomment it if you want to have the turnserver running as # an automatic system service daemon # TURNSERVER_ENABLED=1
Now move the default turnserver.conf and create a new one:
mv /etc/turnserver.conf /etc/turnserver.conf.bak && vi /etc/turnserver.conf
Paste the following rows
tls-listening-port=5349 fingerprint lt-cred-mech use-auth-secret static-auth-secret=1212121212121212121212121212121212121212121212121212121212121212 realm=your.dedyn.io total-quota=100 bps-capacity=0 stale-nonce=600 cert=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem pkey=/etc/letsencrypt/live/your.dedyn.io/privkey.pem dh-file=/etc/ssl/certs/dhparam.pem cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384" # alternatively (TLS v1.3) # cipher-list="TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384" no-loopback-peers no-multicast-peers no-tlsv1 no-tlsv1_1 no-stdout-log
Create your personal secret by issuing
openssl rand -hex 32
and replace the exemplarily static-auth-secret 1212121212121212121212121212121212121212121212121212121212121212 with your generated one and the dummy url (your.dedyn.io) with your Nextcloud url.
Open the port 5349 (UDP/TCP) in both, your ufw
ufw allow 5349/tcp && ufw allow 5349/udp
and your router.
Then restart your TURN Server and NGINX
service coturn restart && service nginx restart
and enable the Nextcloud Talk app in your Nextcloud.
Add a further entry and fill in your Nextcloud URL followed by the port (your.dedyn.io:5349) twice and paste your generated secret to the turn server section. That’s it!
Enjoy your personal data in your secured and hardened Nextcloud-Server!
Don’t forget to backup your Nextcloud
Find more instructions here: Nextcloud Backup and Restore