Jep reasonable thoughts.
However, actually nowadays I think different about the idea to have TURN natively integrated into the Nextcloud Talk app, for the following reasons:
- Indeed having the ability to make video calls across the www through local NAT is a feature that many require, but not all. Generally a modular system, that allows to only load/install the required features, is preferable in terms of system resources and compatibility with different application scenarios. There are also situations thinkable where the company is larger and has different international locations, which are for privacy reasons connected via VPN tunnels. There as well direct P2P video calls are possible without a TURN server.
- Explicitly privacy is a topic when it comes to a TURN server usage. In a native P2P call, the Nextclouds server machine does not even know about details of the video call. It just handles authentication, but afterwards all data streams are just between the two clients via their WebRTC client (browser, Nextcloud Talk mobile App, or other WebRTC client). If you have a TURN server in between, all data steams go though it, can be logged and theoretically decrypted/read in detail. Of course usually you (should) trust the TURN server owner/machine to respect whatever privacy agreement you accepted, but if one want’s to be sure, direct P2P is always preferable, as well in terms of performance/resource usage.
coturnis indeed THE standard TURN server on the open source market. At least I couldn’t find any other for Linux. But integrating it into the Talk app would weaken possible alternative/new solutions from the start, and, is a decision that can be hardly reverted afterwards, e.g. if a better/modern new TURN implementation arises with promising advantages. So it limits flexibility after all.
- On small networks with a low amount of call attendees, having Nextcloud and the TURN server on the same machine works well, but if you need a more reliable setup that as well allows a high amount of users in group video chat, the TURN machine will be quite stressed, perhaps taking important resources from the Nextcloud server/webserver and/or database. As well having both behind the NAT leads to additional resource usage and signal lag. In those cases it is in general recommended to run the TURN server on a dedicated machine, directly attached to the www and not behind the NAT. So in worst case you have two NAT (each client side) instead of four (client1 out > TURN server in > TURN server out > client2 in).
However this has nothing to do with 3rd party distros/solutions to have an integrated installer that does install and setup of Nextcloud + Talk app + TURN server all together.
- The official Nextcloud VM does this.
- This is what we do in DietPi: https://github.com/Fourdee/DietPi
- It can be implemented into Yunohost as well for sure, which seems to have a very similar aim than DietPi (enable simply integrated one-step installers via GUI).
- Just note that the installs/configs enable a certain use case, based on the aim of the OS/solution and surely do not fit in all use cases.
Just a final history note about the Talk app:
- At start, it was separated into a dedicated WebRTC server and a Nextcloud app: Spreed.ME
- You needed to install the dedicated WebRTC server and then configure the app to use it to provide video calls and chat within the Nextcloud interface.
- Nowadays both functionalities are merged into the Talk app, which is already a great enhancement in terms of end user comfort. This also makes (more) sense, since the app is never able to do anything without a WebRTC server in the back. But the TURN server indeed is just an additional functionality, only required in some (although perhaps many) scenarios.
About more details how to install and configure coturn with Nextcloud as automated script, I just link the current code we use in DietPi, for reference. In the Nextcloud VM this looks similar, but both depend moreless on the base system, which might be different on Yunohost:
- APT install of
coturnpackage (valid e.g. on Debian/Ubuntu based distros): https://github.com/Fourdee/DietPi/blob/d3919b8120899a848b20c33f0f2de40b806fb7ba/dietpi/dietpi-software#L3793-L3802
- TURN and Talk app configuration, based on user input (public IP/domain and desired port): https://github.com/Fourdee/DietPi/blob/d3919b8120899a848b20c33f0f2de40b806fb7ba/dietpi/dietpi-software#L8233-L8334
- This uses some internal functions to add settings reliably, prompting whiptail menus with certain standards and error handling.
- As well will enable TLS, if enabled already via DietPi’s CertBot (LetsEncrypt) integration.
- But one can get an idea, and all steps are exactly derived from the HowTo above of course.