Nextcloud ready for Talk


“Meetings with colleagues, customers and partners – have a personal conversation with one click. Keep conversations private with Nextcloud Talk” on your own Nextcloud server, based on Debian Stretch and Ubuntu 18.04, NGINX 1.17 and your own (CO)TURN server … based on the Nextcloud installation guide with few amendments only. Don’t wait any longer…


First switch into sudo mode and install coturn as your TURN server:

sudo -s
apt install coturn

Modify the coturn configuration file

vi /etc/default/coturn

by removing the leading ‘#’ at the beginning of “TURNSERVER_ENABLED=1”

#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

Now move the default turnserver.conf and create a new one:

mv /etc/turnserver.conf /etc/turnserver.conf.bak && vi /etc/turnserver.conf

Paste the following rows

tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=1212121212121212121212121212121212121212121212121212121212121212
realm=your.dedyn.io
total-quota=100
bps-capacity=0
stale-nonce=600
cert=/etc/letsencrypt/rsa-certs/fullchain.pem
pkey=/etc/letsencrypt/rsa-certs/privkey.pem
dh-file=/etc/ssl/certs/dhparam.pem
cipher-list="TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384"
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1
no-stdout-log

Create your personal secret by issuing

openssl rand -hex 32

and replace the exemplarily static-auth-secret 1212121212121212121212121212121212121212121212121212121212121212 with your generated one and the dummy url (your.dedyn.io) with your proper Nextcloud url.

Open the port 5349 (UDP/TCP) in both, your ufw

ufw allow 5349/tcp && ufw allow 5349/udp

and your router.

Then restart your TURN Server and NGINX

service coturn restart && service nginx restart

and enable the Nextcloud Talk app in your Nextcloud.

Add a further entry and fill in your Nextcloud URL followed by the port (your.dedyn.io:5349) twice and paste your generated secret to the turn server section. That’s it!


Enjoy your personal data in your secured and hardened Nextcloud-Server!

Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.