HowTo: Setup Nextcloud Talk with TURN server

@CoolJoni @ralfi @anon93002831

Iā€™d kindly like to remind you that this is an international forum where we agreed to use the English language for communication.

So please donā€™t capture an english thread and answer in your native language (you could do that in the referring subforum)ā€¦ this would be considered as highly impolite. And - remember - we do want to treat each other here polite and friendly :slight_smile:

Thanks for your understanding.

3 Likes

FWIW, in case anyone happens to be interested in an alternative to Coturn: eturnal should be compatible with Nextcloud Talk as well.

1 Like

great :slight_smile: what are the benefits over coturn ?

eturnal doesnā€™t really offer notable features above Coturn (yet). Quite the opposite: While Coturn implements all features under the sun (including lots of old cruft thatā€™s no longer in use), eturnal is a minimalistic server that implements just those that are actually used by apps such as Talk. So it might be (even) more straightforward to set up, esp. on distributions that donā€™t offer a Coturn package (thereā€™s no dependencies, you basically just extract the binary tarball, configure the shared secret, and start the systemd service). And as itā€™s written in Erlang, it avoids a class of security-related issues Coturn ran into again just recently.

That said, I think Coturn is totally fine for most users :slight_smile:

Many thanks for sharing. I was always wondering if there were any other TURN servers, but didnā€™t find any so far :laughing:.
Yes while Coturn should be generally fine, it good to have alternatives also in terms of competitive or simply for simpler use cases.

Binaries are btw only available for x86_64 systems, while ARM users need to compile themselves, as long as there is no 3rd party or distro repo providing such.

ā€¦ ah itā€™s actively coded by you in person and just three days released. ProcessOne/ejabberd to give some association. Lets see if this is something to replace Coturn in our DietPi Nextcloud Talk integration where we aim to go lightweight where possible. I would need to build binaries + dpkg/deb packages for armv6hf (RPi) armv7hf and arm64 and would simply create those for x64_64 as well. Might be nice for others as well to give it a (quicker) try, when not being to experienced with source builds.

1 Like

Cool! If you decide to look into it and stumble over anything, feel free to ping me by email (holger@fu.de). I was thinking about offering ARM binaries myself, but have no system for building those and am still unsure whether I want to go for cross-compiling.

Hello everyone,

Just wanted to inform you about this:

2 Likes

Because Nextcloud use PHP, I had hoped someone writes a TURN server in PHP so every Nextcloud Installation could use it.

After update to Ubuntu 20.04 and Nexcloud 20.0.1 i got an ICE server Error. No working ICE candidat

Under Ubuntu 19.04 and Nextcloud 18 and 19.x it works very well.

Some Ideas?

1 Like

Bonjour,
Thanks for this how-to. Everything went well installing the coturn server (on Debian 10)
And here are the status :

ā— coturn.service - coTURN STUN/TURN Server
   Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-12-04 10:57:09 UTC; 24min ago
     Docs: man:coturn(1)
           man:turnadmin(1)
           man:turnserver(1)
  Process: 25469 ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserv
  Process: 25471 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
 Main PID: 25470 (turnserver)
    Tasks: 9 (limit: 4915)
   Memory: 5.5M
   CGroup: /system.slice/coturn.service
           ā””ā”€25470 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: IO method (general relay thread): epoll (with changelist)
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: turn server id=2 created
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: IO method (general relay thread): epoll (with changelist)
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: turn server id=3 created
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: Total General servers: 4
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: IO method (auth thread): epoll (with changelist)
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: IO method (auth thread): epoll (with changelist)
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: IO method (admin thread): epoll (with changelist)
Dec 04 10:57:07 mydomain.tld turnserver[25470]: 0: SQLite DB connection success: /var/lib/turn/turndb
Dec 04 10:57:09 mydomain.tld systemd[1]: Started coTURN STUN/TURN Server. 

But when I add the TURN server URL, with the port on 3478 or 5349 + the secret phrase in the Nextcloud admin page I got a ā€œno working ice candidates returned by the turn serverā€ error.

My Nextcloud is 19.0.3.

Tks for your ideas.

2 Likes

Was just reading a German thread and apparently if you change the browser and test it with Chrome instead of, like in my case, Safari, the test will be succesful. Donā€™t ask me what the heck can be wrong about Safari, but I tried this and itā€™s actually true.

1 Like

follow step by step but get error when testing server
ā€œError: No working ICE candidates returned by the TURN serverā€

Double-check your authentication secret: Talk / Turnserver self test - #2 by anon93002831
Otherwise check you coturn logs.

EDIT: Just read the posts above yours: Some browsers seem to show a wrong result. Not sure why the browser should be involved at all, but if you donā€™t see any errors in the coturn logs, try it with a different browser.

If this is with the very last NC21/Talk11, it is likely meaningless

1 Like

The latest (minor) update Talk 11.2.2 fixes the error message: it now properly qualifies valid TURN servers (coTURN in my case)ā€¦

2 Likes

This would be great. Until now i have only found https://www.reddit.com/r/NextCloud/comments/fxowmg/looking_for_docker_stack_with_nextcloudturnstun/ and it is really insufficiently documented.

If anyone who is reading this and does not want to run their own TURN server, they can use one from https://openrelayproject.org.

It is completely free, and there is no security risk when using a 3rd party TURN server as WebRTC traffic going through the TURN server is already encrypted using DTLS+SRTP

looks interesting, but could not find the ā€œsecretā€ used for the TURN server.
only username and password is provided by the project. So I used the password as the turn secret, which did not work for me.
So if you have a working setup, could you post the information.

Thanks

Please follow the instructions here: Free WebRTC TURN Server - Open Relay Project | Open Relay Project - Free WebRTC TURN Server
Basically NextCloud uses shared secret auth instead of username/password authentication, so for that to work you have to use staticauth.openrelay.metered.ca as the TURN Server URL.

3 Likes

Thanks worked