Requirements for Nextcloud Talk

Iā€™ve just installed NC 13.0.1 on CentOS 7.4 (well, nethserver indeed)
I know almost nothing about webrtc, but I was reading a bit about STUN/TURN, etc.
So, my question is:

Should I install:

  • STUN server?
  • Turn server?
  • Ice server?

If so, what software would you recommend me?
And what ports should be open/accessible?

I look forward to read your kind help and advice,

Thank in advance

It depends on how you want to use Talk, just within local network or though out www as well?

For local calls you should not need to do anything.

For external calls, to guarantee function, I would install coturn as TURN server:

  • STUN does not need to be installed, it is preconfigured to some public STUN server of the Talk/spreed guys.
  • On most linux distros you should be able to just install coturn via package manager.
  • Configure it according to: https://github.com/nextcloud/spreed/issues/667#issuecomment-372379763
  • On heavy loaded/production servers, it is recommended to install the TURN server on a separate machine with direct internet access (not behind NAT). In this case follow spreedbox guide on how to configure some additional settings within coturn: https://github.com/spreedbox/spreedbox/wiki/Use-TURN-server#turn-server-configuration
  • At the end just enter <domain>:<port> and turn secret into Talk admin settings, as chosen. You can, but not need to, use your coturn as STUN server as well. Just enter same <domain>:<port> as STUN url as well.
1 Like

Sadly, It does not work when both ends are in differents networks, please could you help me? These are my configs:

talk configuration:

 "spreed": {
            "enabled": "yes",
            "installed_version": "3.1.0",
            "signaling_ticket_secret": "Xn56P4Gryim++K+vwISmEp1tzDRqn6Z8I6OTREUqXNUB\/1pPkJalwoh8HDrAOYRghicMsDi3Z0yz2kO2o\/RyxHX7PrJXdOWItaPryTrBwG7e6PMvvw+NSFhyunLA0Pl1htEnHT7i5x6nMnoPIhAfM6BWL+u+y+IWgjMNtT0t4uH22ZbFX3fXNdywyDMIjPt1KwYoAnzMThhuaoRor\/ROtL5b9ICs35VkxF89Mq42iDhzO5+mecXDj2ABy\/zyk+O",
            "stun_servers": "[\"mail.example.com:3478\"]",
            "turn_servers": "[{\"server\":\"mail.example:3478\",\"secret\":\"north\",\"protocols\":\"udp,tcp\"}]",
            "types": "prevent_group_restriction"
        },

And my turnserver.conf:

lt-cred-mech
use-auth-secret
static-auth-secret=north
realm=infoestructura
total-quota=100
no-stdout-log
syslog

no-loopback-peers
no-multicast-peers
pidfile="/var/run/turnserver/turnserver.pid"

Thanks in advance!

Did you follow the linked config, as in yours, at least the part you pasted, some settings are missing:

listening-port=<choose>
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=<choose, in case 'openssl rand -hex 32'>
realm=<yourDomain.org>
total-quota=100
bps-capacity=0
stale-nonce
no-loopback-peers
no-multicast-peers

And php-redis module is installed and shown active (php -m)?

TURN listening-port opened/forwarded?

Coturn default log level is quite verbose, you should be able to see connection (attempts) in your syslog.

@MichaIng In fact, redis was not installed, so I installed. The problem persists. Itā€™s weird as if turnserver was not listeningā€¦

Iā€™ve double checked that 3478 port is forwarded both tcp and udp. But I see no traffic to and from port 3478 :frowning:

Should I configure something further for redis?

syslog says:
Mar 27 15:40:30 neomuteriver turnserver: 0: Domain name:
Mar 27 15:40:30 neomuteriver turnserver: 0: Default realm: infoestructura.local
Mar 27 15:40:30 neomuteriver turnserver: 0: WARNING: cannot find certificate file: turn_server_cert.pem (1)
Mar 27 15:40:30 neomuteriver turnserver: 0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
Mar 27 15:40:30 neomuteriver turnserver: 0: WARNING: cannot find private key file: turn_server_pkey.pem (1)
Mar 27 15:40:30 neomuteriver turnserver: 0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
Mar 27 15:40:30 neomuteriver turnserver: 0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Mar 27 15:40:30 neomuteriver turnserver: 0: ===========Discovering listener addresses: =========
Mar 27 15:40:30 neomuteriver turnserver: 0: Listener address to use: 127.0.0.1
Mar 27 15:40:30 neomuteriver turnserver: 0: Listener address to use: 192.168.50.3
Mar 27 15:40:30 neomuteriver turnserver: 0: Listener address to use: ::1
Mar 27 15:40:30 neomuteriver turnserver: 0: =====================================================
Mar 27 15:40:30 neomuteriver turnserver: 0: Total: 1 ā€˜realā€™ addresses discovered
Mar 27 15:40:30 neomuteriver turnserver: 0: =====================================================
Mar 27 15:40:30 neomuteriver turnserver: 0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Mar 27 15:40:30 neomuteriver turnserver: 0: ===========Discovering relay addresses: =============
Mar 27 15:40:30 neomuteriver turnserver: 0: Relay address to use: 192.168.50.3
Mar 27 15:40:30 neomuteriver turnserver: 0: Relay address to use: ::1
Mar 27 15:40:30 neomuteriver turnserver: 0: =====================================================
Mar 27 15:40:30 neomuteriver turnserver: 0: Total: 2 relay addresses discovered
Mar 27 15:40:30 neomuteriver turnserver: 0: =====================================================
Mar 27 15:40:30 neomuteriver systemd: PID file /var/run/turnserver/turnserver.pid not readable (yet?) after start.
Mar 27 15:40:30 neomuteriver turnserver: 0: pid file created: /var/run/turnserver/turnserver.pid
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (main listener thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: Wait for relay ports initializationā€¦
Mar 27 15:40:30 neomuteriver turnserver: 0: relay 192.168.50.3 initializationā€¦
Mar 27 15:40:30 neomuteriver turnserver: 0: relay 192.168.50.3 initialization done
Mar 27 15:40:30 neomuteriver turnserver: 0: relay ::1 initializationā€¦
Mar 27 15:40:30 neomuteriver turnserver: 0: relay ::1 initialization done
Mar 27 15:40:30 neomuteriver turnserver: 0: Relay ports initialization done
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (general relay thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: turn server id=0 created
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (general relay thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: turn server id=1 created
Mar 27 15:40:30 neomuteriver turnserver: 0: Total General servers: 2
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (auth thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (auth thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: IO method (admin thread): epoll (with changelist)
Mar 27 15:40:30 neomuteriver turnserver: 0: SQLite DB connection success: /var/db/turndb

Thanks in advance!

Whoops, too less sleep last night, too early in the morning, php-redis of course has nothing to do with TURN server, no PHP module needed, sorry for ask you this, you can uninstall php-redis again.

On the other hand, redis-server is a good (actually the only real solution for production systems) backend for transactional file locking: https://docs.nextcloud.com/server/13/admin_manual/configuration_server/caching_configuration.html#small-organization-single-server-setup
For this you need the PHP module to enable access for Nextcloud.

infoestructura.local this isnā€™t your public domain, is it? I am not 100% sure how the realm setting is used by coturn, but I guess the domain/address set, must be accessible from both peers (and/or coturn itself) that want to do video chat. This should currently not be possible for peers outside of local network at least (?).

Does Nextcloud log (Talk app) show some errors? I hope this is produced if the app canā€™t access the TURN server.

OK, Iā€™ve fixed setting public domain.

It works in almost all of the cases

Also Iā€™ve added nat IP as turn address, is it ok?

However in some clients it does not work, can be the type of nat?

Thanks in advance