Nextcloud ready for Talk (Ubuntu/NGINX)


“Meetings with colleagues, customers and partners – have a personal conversation with one click. Keep conversations private with Nextcloud Talk” on your own Nextcloud server, based on Ubuntu 18.04, NGINX 1.15 and your own TURN server … based on the Nextcloud installation guide with few amendments only. Don’t wait any longer…


First switch into sudo mode and install coturn as your TURN server:

sudo -s
apt install coturn

Modify the coturn configuration file

vi /etc/default/coturn

by removing the leading ‘#’ at the beginning of “TURNSERVER_ENABLED=1”

#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

Now move the default turnserver.conf and create a new one:

mv /etc/turnserver.conf /etc/turnserver.conf.bak && vi /etc/turnserver.conf

Paste the following rows

listening-port=3478
tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=1212121212121212121212121212121212121212121212121212121212121212
realm=your.dedyn.io
total-quota=100
bps-capacity=0
stale-nonce
cert=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem
pkey=/etc/letsencrypt/live/your.dedyn.io/privkey.pem
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
no-loopback-peers
no-multicast-peers

Create your personal secret by issuing

openssl rand -hex 32

and replace the exemplarily static-auth-secret 1212121212121212121212121212121212121212121212121212121212121212 with your generated one and the dummy url (your.dedyn.io) with your Nextcloud url.

Open the ports 3478 and 5349 (UDP/TCP) in both, your ufw

ufw allow 3478/tcp && ufw allow 3478/udp && ufw allow 5349/tcp && ufw allow 5349/udp

and your router.

Then restart your TURN Server and NGINX

service coturn restart && service nginx restart

and enable the Nextcloud Talk app in your Nextcloud.

Fill in your Nextcloud URL followed by the port (your.dedyn.io:5349) twice and paste your generated secret to the turn server section. That’s it! Enjoy your secured Talk within your Nextcloud!



Carsten Rieger

10 Responses

  1. Alx says:

    Thanks a lot!!

  2. Lars says:

    Danke ich wusste das da was falsch war. Ports 🙂

  3. Alex D. says:

    Just Wanted to say thanks! I am you follower. Your blog made live easier for me!

  4. Henry says:

    It doesn’t work for me.
    What should the nginx configuration be?
    I would also like to use the talk over port 443, but I don’t know how it works.

    • Sorry, I don’t get your question right? If your Nextcloud is up and running using SSL already, then you won’t have to modify any of your nginx conf files.

  5. I have previously tried to configure Nextcloud Talk support on my server without any success. I will try your steps and see if this time it works. Many thanks for your article!

    Is configuring Nextcloud Talk dependent on the way you installed your Nextcloud server in the first place? I have installed Nextcloud server via its snap package, which I know is a bit more restricted than the traditional install since you cannot manually tweak any configuration file within Nextcloud itself.

    Another question: Do you know if there is a customized COTURN snap package with all Nextcloud-specific configurations already built-in?

    • How to configure the Talk app doesn’t depend on the way you did install your Nextcloud server. You just have to adjust the url and port according to your coturn server installation. I don’t know anything about snap packages, please ask the community @help.nextcloud.com. Happy weekend, Carsten

      • So I tried your steps on my nextcloud-snap install and it worked 🙂 Thank you!

        The only difference from this post was that the key files (those that you should specify in coturn’s config file under cert= and pkey=) are located at

        /var/snap/nextcloud/current/certs/certbot/config/live/example.com/fullchain.pem
        /var/snap/nextcloud/current/certs/certbot/config/live/example.com/privkey.pem

Leave a Reply

Your email address will not be published. Required fields are marked *