Nextcloud ready for Talk


“Meetings with colleagues, customers and partners – have a personal conversation with one click. Keep conversations private with Nextcloud Talk” on your own Nextcloud server, based on Ubuntu 18.04, NGINX 1.15 and your own TURN server … based on the Nextcloud installation guide with few amendments only. Don’t wait any longer…


First switch into sudo mode and install coturn as your TURN server:

sudo -s
apt install coturn

Modify the coturn configuration file

vi /etc/default/coturn

by removing the leading ‘#’ at the beginning of “TURNSERVER_ENABLED=1”

#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

Now move the default turnserver.conf and create a new one:

mv /etc/turnserver.conf /etc/turnserver.conf.bak && vi /etc/turnserver.conf

Paste the following rows

tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=1212121212121212121212121212121212121212121212121212121212121212
realm=your.dedyn.io
total-quota=100
bps-capacity=0
stale-nonce=600
cert=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem
pkey=/etc/letsencrypt/live/your.dedyn.io/privkey.pem
dh-file=/etc/ssl/certs/dhparam.pem
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1
no-stdout-log

Create your personal secret by issuing

openssl rand -hex 32

and replace the exemplarily static-auth-secret 1212121212121212121212121212121212121212121212121212121212121212 with your generated one and the dummy url (your.dedyn.io) with your Nextcloud url.

Open the port 5349 (UDP/TCP) in both, your ufw

ufw allow 5349/tcp && ufw allow 5349/udp

and your router.

Then restart your TURN Server and NGINX

service coturn restart && service nginx restart

and enable the Nextcloud Talk app in your Nextcloud.

Add a further entry and fill in your Nextcloud URL followed by the port (your.dedyn.io:5349) twice and paste your generated secret to the turn server section. That’s it!


Enjoy your personal data in your secured and hardened Nextcloud-Server!

Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.

15 Responses

  1. Michel says:

    Vielen Dank für die Anleitung.
    Laut Test https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
    ist der Server erreichbar. Ich bekomme aber immer einen Black Screen (egal welcher Client – im LAN und WAN)
    Hast du eine Idee woran es liegen könnte?

    Habe bereits die turnserver.conf mehrfach überprüft. Ports sind auch offen und die Logfiles geben nichts brauchbares her.
    Ich finde es sehr komisch, dass es auch im LAN nicht funktioniert. Fürs LAN braucht man ja eigentlich nichtmal einen TURN/STUN Server.

    Bin etwas ratlos 🙂

    Über deine Hilfe würde ich mich sehr freuen.
    Viele Grüße
    Michel

  2. Horst Vogel says:

    Hallo,
    kann man einen Turn Server auch hinter einem Reverse Proxy laufen lassen?
    Bei mir läuft die Nextcloud hinter einem HAProxy, für den Turn bräuchte ich sonst das Zertifikat welches aus der Pfsense Firewall kommt.
    Dann müsste die Einträge für TLS, Zertifikate… entfernen? Oder ist das im Prinzip eigentlich schon ein Widerspruch Turn hinter einem Reverse Proxy?
    Danke!

  3. Alex says:

    Is it necessary to have that stun.nextcloud.com:443 record? Isn’t it enough to have the local server one?

    • not necessarry but recommended (more stable/reliable)

      • Alex says:

        The reason I am asking is that I have issues with Talk Interrupted calls. So have to restart it over again. Sometimes need to reload the app (or the browser page(.

        It happen intermittently: every 2 or 4 minutes. Tested configurations – setup on XU4(ARM 7), Nextcloud 15 and 14:

        1) iOS devices(Nextcloud Talk) with PC(via Chrome)
        2) Android with iOS
        3) iOS with iOS

        Sometimes it worked w/o stops for up to 40 mins. NextCloud logs are clean – just say phone call stopped by , when this happens. Problems also appear with UFW disabled. The ports are different to those suggested in this manual, but configured and mapped on the router, the right way. Server isn’t overloaded, so CPU and RAM are fine. Thought of the architecture affected side. It might be stable on Intel systems.. Going to make a clean setup on H2. If the problem still there, it might be the ISP related issue, but all other communicative tools via Internet work just fine.
        Do you have any of those troubles with Talk, or have any suggestions?

  4. Alx says:

    Thanks a lot!!

  5. Lars says:

    Danke ich wusste das da was falsch war. Ports 🙂

  6. Alex D. says:

    Just Wanted to say thanks! I am you follower. Your blog made live easier for me!

  7. Henry says:

    It doesn’t work for me.
    What should the nginx configuration be?
    I would also like to use the talk over port 443, but I don’t know how it works.

    • Sorry, I don’t get your question right? If your Nextcloud is up and running using SSL already, then you won’t have to modify any of your nginx conf files.

  8. I have previously tried to configure Nextcloud Talk support on my server without any success. I will try your steps and see if this time it works. Many thanks for your article!

    Is configuring Nextcloud Talk dependent on the way you installed your Nextcloud server in the first place? I have installed Nextcloud server via its snap package, which I know is a bit more restricted than the traditional install since you cannot manually tweak any configuration file within Nextcloud itself.

    Another question: Do you know if there is a customized COTURN snap package with all Nextcloud-specific configurations already built-in?

    • How to configure the Talk app doesn’t depend on the way you did install your Nextcloud server. You just have to adjust the url and port according to your coturn server installation. I don’t know anything about snap packages, please ask the community @help.nextcloud.com. Happy weekend, Carsten

      • So I tried your steps on my nextcloud-snap install and it worked 🙂 Thank you!

        The only difference from this post was that the key files (those that you should specify in coturn’s config file under cert= and pkey=) are located at

        /var/snap/nextcloud/current/certs/certbot/config/live/example.com/fullchain.pem
        /var/snap/nextcloud/current/certs/certbot/config/live/example.com/privkey.pem

Leave a Reply

Your email address will not be published. Required fields are marked *