Nextcloud Talk w/ TURN server behind Reverse Proxy (HAProxy)

  • Nextcloud Version: 28.0.1
  • Talk Version: 18.0.2
  • Custom Signaling server configured: No (Not yet)
  • Custom TURN server configured: No (Not yet)
  • Custom STUN server configured: Uncertain if needed

I’ve just installed Nextcloud Talk and I’m trying to understand the requirements to get Nextcloud Talk functional outside of my primary network. I’ve given a read to the TURN documentation, but it hasn’t answered all of my questions.

I have a reverse proxy in front of Nextcloud.

Internet > Gateway > Reverse Proxy (HAProxy) > Nextcloud

Where does the TURN server fit into this equation?

  • Can I configure TURN on the same guest as my Nextcloud instance?
    • If yes, what’s required for me to complete this, from DNS all the way through to my reverse proxy?
  • Can TURN be routed through my reverse proxy, or is it a hard requirement to port-forward traffic through my WAN interface? I would prefer to not poke holes in my WAN interface other than 443 for my reverse proxy.

I don’t expect to be hosting many large video chats (maximum 6-10 people at one time in a single room). There will never be simultaneous chats; this is a single-user instance of Nextcloud.

TL;DR: Looking for best practices in running a TURN server for Nextcloud Talk when my Nextcloud server is behind a reverse proxy. Uncertain about:

  • If I need a separate virtual machine to host coTURN or if can be run on-top of my Nextcloud LAMP server; and
  • If coTURN is able to be run behind my existing HAProxy reverse proxy, or if I’m required to open ports on my WAN interface and bypass this reverse proxy.