Nextcloud talk distribution options

I´d be interested in trying nextcloud talk. Conceptually I think nextcloud talk provides a WebRTC signaling server, a STUN/TURN (which should be unnecessary for two parties only), and probably a SFU in the future.
I´d prefer the signaling server to be on one system in local network and preferably using cocker, whereas the STUN/TURN/SFU obviously should be well connected.
Is there any documentation that details distribution and related configuration options to start with?

A few years back, Markus Weingärtner published a blog post on getting all the TURN/STUN/NATS/JANUS components to work as a pre-req to install standalone signaling.
Here: How to Install Nextcloud Talk High Performance Backend with Stun/Turnserver on Ubuntu – Markus' Blog

morph027_blog did a good job for the same topic too: Setup nextcloud-spreed-signaling standalone server on Ubuntu | morph027_blog

Where both these posts fail to mention is what you need to do to Nextcloud’s brute force/throttling ddos protection mechanism so that the standalone signaling works with Nextcloud properly.

For two parties anywhere in the world (regardless of whether they are on the open internet or behind NAT), you need at least STUN/TURN for them to connect via Talk (and for that matter with any other WebRTC-based solution, such as Jitsi meet).

The standalone signaling is crutial for 1-to-many (broadcast) calls ie. 5+ participants, one talking, others listening - otherwise it gets messy (network bandwidth, cpu utilization) fairly quickly.

For many to many conference calls discussions, we found out Jitsi Meet (integrated with Nextcloud via its plugin) is a more sensible option - though the TURN/STUN sitting on a good network, and preferably having multiple of these available around the globe still makes it all a better user experience.

Thanks.

I should have been more clear with respect to STUN and TURN. Afaik, for two WebRTC participants TURN is unnecessary but STUN is sufficient, and STUN is usually not required with IPv6 as NAT is most likely not used with IPv6. Actually I do have a working STUN server around. Not sure it could stand TURN load though, as it is a very small VPS.

Neither Markus nor Morph really describe where the various server components should be placed. All in one is what I don´t want for sure. But which of the services STUN/TURN, Janus, NATS, and signal-server should be colocated or not, and what ressources do they need?

I did all in one config, but it’s a AMD Ryzen 9500x 24 core 64GB RAM machine with 2x 1gbit bonded NICs. Network bandwidth is still the key there though, other than that, the server itself barely notices.

We realised we had to have STUN/TURN combo to cover all the use cases. Not sure what it was, but we had issues with just STUN. Could have been on our side, committed myself to investigate one day properly.