Install Turn server for Nextcloud Talk on Ubuntu

If you are a user who mostly depend on Nextcloud for almost everything including chat and audio/video calls. Then read on how to install turn server for Nextcloud Talk on Ubuntu 20.04 server.

Note: This setup and installation is carried out on a stand alone Ubuntu server. You can start with a $5 vps from vultr for this.

As usual, do the following before we start:

  • Point your server IP to a domain or sub domain if you don’t want to use an IP.
  • Update server with apt update && apt upgrade.
  • Enable firewall and allow ports, ufw allow 5349 ufw allow 443 ufw allow 80 ufw enable.

Install Turn server

Run the following commands to install coturn and enable it.

apt install coturn
sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn
systemctl enable coturn
systemctl stop coturn

Configure Turn server

We will backup the default configuration file 1st.

mv /etc/turnserver.conf /etc/turnserver.conf.bak

Let’s create a DiffieHellman key exchange file.

openssl dhparam -out /opt/dhparam.pem 4096

Create a new configuration file vim /etc/turnserver.conf and paste the following in it.

Note: Change the text highlighted in bold.

listening-port=5349

fingerprint
lt-cred-mech

use-auth-secret
static-auth-secret=SECRET-KEY

realm=DOMAIN.COM

total-quota=100
bps-capacity=0
stale-nonce

cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"

dh-file=/opt/dhparam.pem
no-tlsv1
no-tlsv1_1

no-stdout-log

log-file=/dev/null

no-loopback-peers
no-multicast-peers

Creating an SSL certificate

You can get a certificate from Let’s encrypt and add a tls section.

snap install certbot --classic

certbot certonly --standalone --preferred-challenges http --deploy-hook "systemctl restart coturn" -d DOMAIN.COM

This will automatically renew the certificate too.

Once you get a certificate, the final configuration will look like below.

listening-port=5349
tls-listening-port=443

fingerprint
lt-cred-mech

use-auth-secret
static-auth-secret=SECRET-KEY

realm=DOMAIN.COM

total-quota=100
bps-capacity=0
stale-nonce

cert=/etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
pkey=/etc/letsencrypt/live/DOMAIN.COM/privkey.pem

cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"

dh-file=/opt/dhparam.pem
no-tlsv1
no-tlsv1_1

no-stdout-log

log-file=/dev/null

no-loopback-peers
no-multicast-peers

Start the turn server.

systemctl start coturn

Test your setup

If you are keen to test out your server, you can do so here.

Configure Nextcloud Talk

If everything is configured properly, you can now go to Talk settings in Nextcloud and configure Talk.

nextcloud-talk-setup

Leave a Reply

Your email address will not be published.