Complete NC installation on Debian with Spreed.me and TURN step by step

why can’t you change the port? just edit it in the config file and then in the docker start command. You even can redirect one port from the outside to another to the inside.

Additional, if you look at the recent spreed.me manual on the nextcloud page you will see that the security issue is solved too.

On top of that, you forgot to expose your nextcloud App instance.

for spreedme server you need golang. if the problem was that apache wasnt starting with spreedme running i would think there might be a port conflict. did you run spreedme and apache on the same ports?

and to stop the spreedme script (it isnt a init script just a way to start in the background) you could do a:

ps -e | grep spreed-webrtc-server

it wil give you a line with a process id (like 8992 or something) and then kill it with

kill -9 8992 (change 8992 with your process id)

i dont receive any result with this command
i deleted all to start newly again
(also i tried to add repository of webrtc https://github.com/strukturag/spreed-webrtc/wiki/Ubuntu-Repository )

thanks for help

startup screep is not compatible with ubuntu or not working

If you moved the data folder to the /var/oc_data/ (or nc_data :slight_smile: ) you should add 2 lines to the permissions script:

find ${ncdata} -type f -print0 | xargs -0 chmod 0640
find ${ncdata} -type d -print0 | xargs -0 chmod 0750

I couldnt edit the original post anymore (i think) but needed to add it somehow since it could be a security issue if you don’t. You could get user directory’s with the wrong permissions (rwx-rw-r instead of rwx-r-x- —)

Hi all, my install work perfectly, I will just post some tips for helping :

  • Huge thanks to the author of the topic, it helped me a lot for beginning !
  • First, no need to have two public IPS, all programms run on the same dedicated server (nextcloud, web-rtc, and coturn)
  • Coturn work perfectly, with video calls in 3g, 4g, several machines under differents LANS, etc.
  • I have installed the ubuntu packaged programs, no sources. (just added a depot for web-rtc)
  • my /etc/turnserver.conf (run as a service by uncommenting TURNSERVER_ENABLED=1 in /etc/default/coturn) :

listening-port=8443
alt-listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=6cf6cbc540e9667f3552773df92edbd442eca209a141df1cxxxxxxxxxxxx (generated by openssl rand -hex 32)
realm=mynextcloud.net
total-quota=100
bps-capacity=0
stale-nonce
cipher-list=“ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5”
log-file=/var/log/turn.log
no-loopback-peers
no-multicast-peers
cert=/etc/letsencrypt/live/mynextcloud.net/cert.pem
pkey=/etc/letsencrypt/live/mynextcloud.net/privkey.pem

  • my /etc/spreed/webrtc.conf :slight_smile: (I used the normal way to generate this configuration, in admin panel of nextcloud, just added root=, and turnURIS)

; Minimal Spreed WebRTC configuration for Nextcloud

[http]
root = /usr/share/spreed-webrtc-server/www (if you have the ubuntu version, you have to add this)
listen = 127.0.0.1:8080
basePath = /webrtc/

[app]
sessionSecret = 02819e83254f793608a1a6b1adb11ed657dxxxxxxxxxxxxxxxxxxxxxxxxxxx
encryptionSecret = c3ec0dc5ead5a8c95bcbae94fcde149xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
authorizeRoomJoin = true
serverToken = 9b88f0aee6fde09a749e65d061de84xxxxxxxxxxxxxxxxxxxxx
serverRealm = mynextcloud.net
extra = /var/www/nextcloud/apps/spreedme/extra
plugin = extra/static/owncloud.js

turnURIs = turn:mynextcloud.net:8443?transport=udp turn:mynextcloud.net:8443?transport=tcp
turnSecret = 6cf6cbc540e9667f3552773df92edbd442eca209axxxxxxxxxxxxxxxxxxxxxx

[users]
enabled = true
mode = sharedsecret
sharedsecret_secret = 10b774ef3db23e63a4d80c69b7879193xxxxxxxxxxxxxxxxxxxx

  • Open port 8443 and 3478 TCP and UDP, because coturn use the both protocols.
  • I have also create an admin for coturn by this command : sudo turnadmin -A -u admin -p passwdadmin
    The admin panel of coturn is available by browser at the adress : https://mynextcloud:8443 wich allows me to see the sessions, and add the secret code in section Shared Secrets (for TURN REST API) (don’t know if it’s necessary or not).

EDIT : I use ubuntu server 16.04.1

4 Likes

Just finalized the instruction with the last reply’s of my fellow nextclouders and removed the “remember its not working yet”. thanks for all your input.

@SyS0p3r this should not be done in /var/www for security reasons. Stuff in /var/www should be directly accessible by a web server. As you are proxy’ing everything through Spreed WebRTC, there’s no need to put these files into /var/www.

Ok tnx. I changed it to /opt/spreed-webrtc-master/ (might also be /usr/share but i’m used to /opt)

Excuse me for the beginners question, but what is the reason to use either /opt or /usr/share as root folder for the spreed server? As I remeber reading somewhere the one repo available installs it to /etc. I don’t know what the intention is to put something into one or the other predefined folder of linux systems or what rights/security reasons are there about this, so some explanation would be nice :slight_smile:. Reason is that I want to write a small guide about how to establish a systemd unit to autorun spreed.

€: I self explained it to me by reading http://unix.stackexchange.com/questions/11544/what-is-the-difference-between-opt-and-usr-local#11552. According to this I would also slightly prefer /opt/spreed-webrtc-master as root, as it is downloaded manually here and no files are created outside of this folder by any step.

€€: Guide about setting up a systemd unit for autorun the spreed server is done: [Spreed.ME] Howto autorun "spreed-webrtc-server" step-by-step

Hi there @MichaIng. Let me try to give an awnser to your questions. The /opt folder is for non standard linux software (http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/opt.html) and the /usr/(share) is user binaries and documantation http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/usr.html i gues it depends on the distribution your familiar with what you use (or maybe how old you are :slight_smile: ) and the /etc is for configuration files. http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/etc.html

i gues you can run webrtc as root with chmod 750 rights (rwx-rx---- for root) as it runs in the background and nextcloud connects to it. thats how i would run it.

the auto run part i cant help with so i will be following your guide for that one :+1:

Thanks for the information. Again some more clarification about all of this :slight_smile:.

For the autorun systemd unit you need to create a new user, or at least it would be surely more recommendable than using root for this for security reasons. In this case you could chown -R the spreed server directory to this user or better just give him read and executable permissions: chmod -R 755

Hi and thanks for your guide. I’m not sure if you got a success at the end or not…I read all comments…and this is not clear.
Another tihnk, I try to download the vhost file, but the link seems not work, can you give me new ones?
Thanks in advance.

Hi, the guide should be complete and should be working, but i didnt try the full guide myself anymore. I just tried the vhost file download for me it did work:

https://cloud.serviceprof.nl/index.php/s/2rVme9NFAu1aypi

Hi bros;

sudo su
cd
apt-get install coturn
nano /etc/turnserver.conf

#listening-port=3478
listening-port=8443

#alt-listening-port=0
alt-listening-port=3478

#fingerprint
fingerprint

#lt-cred-mech
lt-cred-mech

#use-auth-secret
use-auth-secret

#http://passwordsgenerator.net/

#static-auth-secret=north
static-auth-secret=zvshmpbkspd9e8yduswv9ze2kn92ta2k9zhyxxxxxxxxxxxx

#(generated by openssl rand -hex 32)

#realm=mycompany.org
realm=cloud.votandoando.com

#total-quota=0
total-quota=100

#bps-capacity=0
bps-capacity=0

#stale-nonce
stale-nonce

#cipher-list="DEFAULT"
cipher-list=“ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5”
#log-file=/var/tmp/turn.log
log-file=/var/log/turn.log

#no-loopback-peers
no-loopback-peers

#no-multicast-peers
no-multicast-peers

#cert=/usr/local/etc/turn_server_cert.pem
cert=/etc/letsencrypt/live/cloud.votandoando.com/cert.pem

#pkey=/usr/local/etc/turn_server_pkey.pem
pkey=/etc/letsencrypt/live/cloud.votandoando.com/privkey.pem

nano /etc/default/coturn

Remove # in front of TURNSERVER_ENABLED=1

im using https://github.com/nextcloud/vm, for install all enviroment, this is my conf files:

/var/snap/spreedme/22/server.conf

[http]
listen = 127.0.0.1:8080
basepath = /webrtc
root = www

[https]

[app]
stunuris = stun:stun.spreed.me:443
sessionsecret = b2a1c8926c7a72dba7895bf8c72f4bceff30xxxxxxxxx
encryptionsecret = c7b84b331b010bb184d536dc9056ba0ea2xxxxxxxx
authorizeroomjoin = true
servertoken = 6d425cefec8c6xxxxxxxxx
serverrealm = local
extra = /usr/share/spreed-webrtc-server/extra
plugin = extra/static/owncloud.js

turnURIs = turn:cloud.votandoando.com:8443?transport=udp turn:cloud.votandoando.com:8443?transport=tcp
turnSecret = zvshmpbkspd9e8yduswv9ze2kn92ta2k9zhyzxxxxxxxxxxx

[modules]

[log]
logfile = spreed-webrtc-server.log

[users]
enabled = true
mode = sharedsecret
sharedsecret_secret = 78e3edefc392ab64dbd447ad6450bbb7xxxxxx

/etc/init.d/coturn restart

[ ok ] Restarting coturn (via systemctl): coturn.service.

And continue show me this:

Video for show you error for send call and recieved.

only work if i do this:

sudo su
cd
wget https://raw.githubusercontent.com/nextcloud/vm/master/apps/spreedme.sh
bash spreedme.sh

Pls help me for this issue

Complete steps in here https://github.com/strukturag/spreed-webrtc/issues/442

Anyone?
Only issue remains is every time user loggin into spreedme or temporary password is created i need restart

And only works if i do this:

root@cloud:~# systemctl restart snap.spreedme.spreed-webrtc.service

But i cant do that each time when my users need to be a call, because i cant everytime put that command, i need independence

Stay alert

anyone, really?

if it is trying to connect from outside your local network, you may need to open two ports on your router.

reed this: Spreedme / webrtc and nextcloud on split host

I quit spreedme, started using jitsi.