Spreed.me installation help?

I am using the OVA available from tech and me as my nextcloud instance. Nextcloud works perfectly. I am attempting to install and configure Spreed.me for use with nextcloud. I am following the instructions here on structurag’s git for the spreed-webrtc and nextcloud-spreedme in an attempt to get everything working. I am not an expert on Apache, PHP, or webrtc, but I know enough to get by. I believe that I have the spread-webrtc-server installed correctly since I can run that command and get the following output –

server 2016/11/15 12:08:26.819018 Warning: sessionSecret value is not a hex encoded encoding/hex: odd length hex string
server 2016/11/15 12:08:26.819336 Warning: encryptionSecret value is not a hex encoded encoding/hex: invalid byte: U+0074 't’
server 2016/11/15 12:08:26.819781 Enabled modules: [screensharing youtube presentation contacts roomlocking]
server 2016/11/15 12:08:26.821030 Using the number of CPU’s (2) as GOMAXPROCS
server 2016/11/15 12:08:26.821045 Max open files are 65536
server 2016/11/15 12:08:26 Starting HTTP server on
server 2016/11/15 12:08:27 listen tcp bind: address already in use

I believe that I have the Spreed.me nextcloud app installed correctly as well as I have the Spreed.ME option available within the Nextcloud interface from the Files dropdown (along with Gallery, Activity, etc.).

I believe that I simply lack the proper config files, but the two sites with the instructions (mentioned above) have no reference to the file paths where those configuration files should be located.

Please help me out.

Hi @stevemac,

did you install spreed-webrtc via our Ubuntu package or did you compile it yourself?
Depending on which way you went, the config file is found in /etc/spreed/webrtc.conf (if installed via the package) or in the Git repo folder with name server.conf.in (if self-compiled).

Hi @leon,

Since my last post, I have scrapped it all and gone back to the beginning. Below are the steps I have taken so far.

  1. Spun up Nextcloud OVA found at Tech and Me’s website - Nextcloud_Community_10-0-1.ova
  2. Downloaded Spreed.ME app from https://github.com/strukturag/nextcloud-spreedme
  3. Unzipped the zip file to /var/www/nextcloud/apps/spreedme
  4. Ran script found here https://gist.github.com/ezraholm50/cecf009f5576428507cbdd92a050c9b7
  • modified lines 17 & 18 (xxx) to (nextcloud_ssl_domain_self_signed.conf & nextcloud_http_domain_self_signed.conf) respectively,
  • modified lines 25 & 26 to use capital Ls
  • modified line 45 by removing -unstable
  • uncommented line 47
  • modified line 80 to service spreed-webrtc restart
  • modified line 84 from CAT <<-VHOST > to CAT <<-VHOST >> to append the file rather than overwrite it.

After enabling the plugin and running my modified script, I do get farther along, but now, I get “Failed to load app!”

Hi @stevemac,

please check your browser’s developer console:

  1. Open the Spreed.ME app in Nextcloud
  2. Append ?debug to the URL, e.g. https://domain.com/index.php/apps/spreedme/?debug
  3. Now open your browser’s dev console:
  4. Right click on the Nextcloud site
  5. Click “Inspect element” (very bottom)
  6. Check what it says in the console and paste it to https://pastebin.ubuntu.com/
  7. Post the link to your pastie here


Which version of Go are you running? This might be related to Freezing splashscreen webrtc-server with nextcloud-spreedme-app which is caused by Go 1.8 (beta).
Please try this patch: https://github.com/strukturag/spreed-webrtc/pull/398

@leon, I did not have go installed initially, but I did just install version 1.6 (below is the output of “go env”). I restarted apache and spreed-webrtc and still get the same error.

GOGCCFLAGS=”-fPIC -m64 -pthread -fmessage-length=0"

@stevemac I haven’t really checked what the script you’ve used does. Can you please post your webrtc.conf / server.conf, the apps/spreedme/config/config.php and apps/spreedme/extra/static/config/OwnCloudConfig.js file?

It looks like this line is causing problems: https://gist.github.com/ezraholm50/cecf009f5576428507cbdd92a050c9b7#file-install_spreedme_webrtc-sh-L77

I did change the OwnCloudConfig.js – OWNCLOUD_ORIGIN: ‘’ – to reflect the original state of the $SPREEDDOMAIN variable in the script, and after restarting spreed-webrtc and apache2 still ran into the same “Failed to load app!” error.

; Spreed WebRTC server example configuration

; HTTP listener in format ip:port.
listen =
; Full path to directory where to find the server web assets.
root = /usr/share/spreed-webrtc-server/www
; HTTP socket read timeout in seconds.
;readtimeout = 10
; HTTP socket write timeout in seconds.
;writetimeout = 10
; Use basePath if the server does not run on the root path (/) of your server.
basePath = /webrtc/
; Set maximum number of open files (only works when run as root).
;maxfd = 32768
; Enable stats API /api/v1/stats for debugging (not for production use!).
;stats = false
; Enable HTTP listener for golang pprof module. See
; http://golang.org/pkg/net/http/pprof/ for details.
;pprofListen =

; Native HTTPS listener in format ip:port.
;listen =
; Full path to PEM encoded certificate chain.
;certificate = server.crt
; Full path to PEM encoded private key.
;key = server.key
; Mimimal supported encryption standard (SSLv3, TLSv1, TLSv1.1 or TLSv1.2).
;minVersion = SSLv3
; HTTPS socket read timeout in seconds.
;readtimeout = 10
; HTTPS socket write timeout in seconds.
;writetimeout = 10

; HTML page title
;title = Spreed WebRTC
; Version string to use for static resources. This defaults to the server
; version and should only be changed when you use your own way to invalidate
; long cached static resources.
;ver = 1234
; STUN server URIs in format host:port. You can provide multiple seperated by
; space. If you do not have one use a public one like stun.spreed.me:443. If
; you have a TURN server you do not need to set an STUN server as the TURN
; server will provide STUN services.
;stunURIs = stun:stun.spreed.me:443
; TURN server URIs in format host:port?transport=udp|tcp. You can provide
; multiple seperated by space. If you do not have at least one TURN server then
; some users will not be able to use the server as the peer to peer connection
; cannot be established without a TURN server due to firewall reasons. An open
; source TURN server which is fully supported can be found at
; https://code.google.com/p/rfc5766-turn-server/.
;turnURIs = turn:turnserver:port?transport=udp
; Shared secret authentication for TURN user generation if the TURN server is
; protected (which it should be).
; See http://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 for details.
; A supported TURN server is https://code.google.com/p/rfc5766-turn-server/.
;turnSecret = the-default-turn-shared-secret-do-not-keep
; Enable renegotiation support. Set to true to tell clients that they can
; renegotiate peer connections when required. Firefox support is not complete,
; so do not enable if you want compatibility with Firefox clients.
;renegotiation = false
; Session secret to use for session id generator. 32 or 64 bytes of random data
; are recommented (hex encoded). A warning will be logged if hex decode fails.
; You can generate a secret easily with “xxd -ps -l 32 -c 32 /dev/random”.
sessionSecret = REDACTED
; Encryption secret protecting the data in generated server side tokens. Use
; 16, 24, or 32 bytes (hex encoded) to select AES-128, AES-192, or AES-256.
; When you change the encryption secret, stored authentications, sessions and
; contacts become invalid. A warning will be logged if hex decode fails. You
; can generate a secret easily with “xxd -ps -l 32 -c 32 /dev/random”.
encryptionSecret = REDACTED
; Full path to a text file containig client tokens which a user needs to enter
; when accessing the web client. Each line in this file represents a valid
; token.
;tokenFile = tokens.txt
; The name of a global room. If enabled it should be kept secret. Users in that
; room are visible in all other rooms.
;globalRoom = global
; The default room is the room at the root URL of the servers base address and
; all users will join this room if enabled. If it is disabled then a room join
; form will be shown instead.
;defaultRoomEnabled = true
; Whether a user account is required to join a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
authorizeRoomJoin = true
; Whether a user account is required to create a room. This only has an effect
; if user accounts are enabled. Optional, defaults to false.
;authorizeRoomCreation = false
; Wether the pipelines API should be enabled. Optional, defaults to false.
;pipelinesEnabled = false
; Server token is a public random string which is used to enhance security of
; server generated security tokens. When the serverToken is changed all existing
; nonces become invalid. Use 32 or 64 characters (eg. 16 or 32 byte hex).
serverToken = REDACTED
; The server realm is part of the validation chain of tokens and nonces and is
; added as suffix to server created user ids if user creation is enabled. When
; the realm is changed, all existing tokens and nonces become invalid.
serverRealm = local
; Full path to an extra templates directory. Templates in this directory ending
; with .html will be parsed on startup and can be used to fill the supported
; extra-* template slots. If the extra folder has a sub folder “static”, the
; resources in this static folder will be available as /extra/static/…
; relative to your servers base URL.
extra = /var/www/nextcloud/apps/spreedme/extra
; Full path to an extra.d directory. Subfolders in this directory will be
; searched for head.html and body.html on startup. If found, those templates
; will be automatically included for the web client. In addition,
; sub-folder/static will be made available by URL at /extra.d/static//…
; relative to your servers base URL.
; URL relative to the servers base path for a plugin javascript file which is
; automatically loaded on web client start for all users. You can put your
; plugin in the extra/static folder (see above) or provide another folder using
; a front end webserver. Check the doc folder for more info about plugins and
; examples.
;extra.d = /usr/share/spreed-webrtc-server/extra.d
plugin = /var/www/nextcloud/apps/spreedme/extra/static/owncloud.js
; Content-Security-Policy HTTP response header value.
; Spreed WebRTC requires inline styles, WebSocket connection to itself and
; data: URL for images.
; The currently recommended CSP is:
; default-src ‘self’;
; frame-src ‘self’ blob:;
; style-src ‘self’ ‘unsafe-inline’;
; img-src ‘self’ data: blob:;
; connect-src ‘self’ wss://server:port/ws blob:;
; font-src ‘self’ data: blob:;
; media-src ‘self’ blob:;
;contentSecurityPolicy =
; Content-Security-Policy-Report-Only HTTP response header value. Use this
; to test your CSP before putting it into production.
;contentSecurityPolicyReportOnly =

; Modules provide optional functionality. Modules are enabled by default and
; can be disabled by setting false to their corresponding configuration.
;screensharing = true
;youtube = true
;presentation = true
;contacts = true

logfile = /var/log/spreed-webrtc-server.log

; Set to true to enable user functionality.
enabled = true
; Set users authorization mode.
; sharedsecret:
; Validates the userid with a HMAC authentication secret.
; The format goes like this:
; BASE64(HMAC-SHA-256(secret, expirationTimestampInSeconds:userid))
; httpheader:
; The userid is provided as an HTTP header. The server does not do any
; validation. This usually only makes sense with a front end HTTPS proxy which
; does the authentication and injects the user id as HTTP header for sessions
; REST requests. In mode httpheader, allowRegistration should be false.
; certificate:
; The userid is provided as CommonName with a certificate provided with TLS
; client authentication. When you use this with a front end proxy for TLS
; termination, that proxy has to validate the certificate and inject certain
; headers into the proxy connection. While certificate mode offers the highest
; security it is currently considered experimental and the user experience
; varies between browsers and platforms.
mode = sharedsecret
; The shared secred for HMAC validation in “sharedsecret” mode. Best use 32 or
; 64 bytes of random data.
sharedsecret_secret = REDACTED
; The HTTP header name where to find the userid in “httpheader” mode.
;httpheader_header = x-userid
; Full path to PEM encoded private key to use for user creation in “certificate”
; mode. Keep this commented if you do not want the server to sign certificate
; requests.
;certificate_key = userskey.key
; Full path to PEM encoded certificate to use for user validation in
; “certificate” mode. When allowRegistration is true and certificate_key is also
; set then the server will act as a CA and sign incoming user registrations and
; return certificates to users as registration.
;certificate_certificate = usersca.crt
; The HTTP header name where to find if the TLS client authentication was
; successfull. The value of this header is matched to
; certificate_verifiedHeaderValue and only if there is a match, the proxy
; handled TLS client authentication is accepted as success. Make sure to secure
; these headers with your front end proxy (always set them). Do not use these
; settings when not using a front end proxy.
;certificate_verifiedHeader = x-verified
;certificate_verifiedHeaderValue = SUCCESS
; The HTTP header name where to find the PEM encoded certificate authenticated
; by a front end proxy. With Nginx the required value is in $ssl_client_cert.
;certificate_certificateHeader = x-certificate
; The valid duration of generated certificates created in certificate mode when
; allowRegistration is enabled.
;certificate_validForDays = 365
; Organization to set into the created user certificates. Use a readable public
; name to make the certificate easily recognizable as certificate for your
; server so users can choose the correct certificate when prompted.
;certificate_organization= = My Spreed Server
; If enabled the server can create new userids. Set allowRegistration to true to
; enable userid creation/registration. Users are created according the settings
; of the currently configured mode (see above).
;allowRegistration = false

; Set to true, to enable triggering channelling events via NATS
;channelling_trigger = false
;channelling_trigger_subject = channelling.trigger
; NATS server URL
;url = nats://
; NATS connect establish timeout in seconds
;establishTimeout = 60
; Use client_id to distinguish between multipe servers. The value is sent
; together with every NATS request. Defaults to empty.
;client_id =

; You can define room types that should be used for given room names instead of
; the default type “Room”. Use format “RegularExpression = RoomType” and make
; sure the regular expression doesn’t contain any “=” or “:”.
; Available room types:
; “Conference”
; All participants joining the room automatically call each other and are in
; a conference.
; Example (all rooms below “conference/” are conference rooms):
;^conference/.+ = Conference


<?php /** * Nextcloud - spreedme * * This file is licensed under the Affero General Public License version 3 or * later. See the COPYING file. * * @author Leon * @copyright struktur AG 2016 */ namespace OCA\SpreedME\Config; class Config { // Domain of your Spreed WebRTC server (including protocol and optional port number), examples: //const SPREED_WEBRTC_ORIGIN = 'https://mynextcloudserver.com'; //const SPREED_WEBRTC_ORIGIN = 'https://webrtc.mynextcloudserver.com:8080'; // If this is empty or only includes a port (e.g. :8080), host will automatically be determined (current host) const SPREED_WEBRTC_ORIGIN = ''; // This has to be the same `basePath` // you already set in the [http] section of the `server.conf` file from Spreed WebRTC server const SPREED_WEBRTC_BASEPATH = '/webrtc/'; // This has to be the same `sharedsecret_secret` (64-character HEX string) // you already set in the [users] section of the `server.conf` file from Spreed WebRTC server const SPREED_WEBRTC_SHAREDSECRET = 'shared_secret_generated_in_original_script_from_https://gist.github.com/ezraholm50/cecf009f5576428507cbdd92a050c9b7#file-install_spreedme_webrtc-sh-L77'; // Set to true if at least one another Nextcloud instance uses the same Spreed WebRTC server const SPREED_WEBRTC_IS_SHARED_INSTANCE = false; // Set to true if you want to allow access to this app + spreed-webrtc for non-registered users who received a temporary password by an Nextcloud admin. // You can generate such a temporary password at: /index.php/apps/spreedme/admin/tp (Nextcloud admin user account required) const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = false; // If 'OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED' is set to true, you also have to provide a signing key here (64-character HEX string) // Generate it using `xxd -ps -l 32 -c 32 /dev/random` (better) or `openssl rand -hex 32` const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY = 'f20e1b84781d80570fef6e2969f61ba91ccb56922398a45eXXXXXXXXXXXXXXXX'; private function __construct() { } } ---------- **apps/spreedme/extra/static/config/OwnCloudConfig.js** /** * Nextcloud - spreedme * * This file is licensed under the Affero General Public License version 3 or * later. See the COPYING file. * * @author Leon * @copyright struktur AG 2016 */ // This file is loaded in WebRTC context (function(window) { var OwnCloudConfig = function() { return { // Domain of your Nextcloud server (including protocol and optional port number), examples: //OWNCLOUD_ORIGIN: 'https://mynextcloudserver.com', //OWNCLOUD_ORIGIN: 'https://nextcloud.myserver.com:8443', // If this is empty or only includes a port (e.g. :8443), host will automatically be determined (current host) OWNCLOUD_ORIGIN: 'SPREEDDOMAIN', }; }; if (typeof define === "function" && define.amd) { define(OwnCloudConfig); } else { window.OwnCloudConfig = OwnCloudConfig(); } })(window);

listen tcp bind: address already in use

Whoops. I totally missed that. Something already runs on port 8080 on your machine. Please use a different port in webrtc.conf.
Can you please also share your Apache config?