Spreedme / webrtc and nextcloud on split host

I would like to add spreedme features to my nextcloud setup.

I read https://nextcloud.com/webrtc/ and the settings are based on same host environment.

Can I also do as follows? Run the docker in https://hub.docker.com/r/spreed/webrtc/
And change the IP in the vhost file sample to the servers IP running the docker container?
Or am I missing something important then?

Does it have hardware config requirements (such as x86-64/amd64 for the Collabora docker)?

Tx,

If you use a split host approach you’ll loose screen share capabilities and it’s a more complex setup.
It misses documentation but it is possible.

Also, you need to install a TURN server or you’ll end up with internal network (NAT) conference only.

(Found the hardware requirements… AMD64…)

Ok, with same host you mean physical same server in this case right?
Nothing I can do like with Collabora and a reverse proxy :frowning:

It is talking about different origin, but with this in my nextcloud hosts file:

<Location /webrtc>
	ProxyPass http://xxx.xxx.xxx.xx2:8080/webrtc
	ProxyPassReverse /webrtc
</Location>

<Location /webrtc/ws>
	ProxyPass ws://xxx.xxx.xxx.xx2:8080/webrtc/ws
</Location>

ProxyVia On
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS

Installing the docker on my secondary server xxx.xxx.xxx.xx2

Having this pre generated server.conf in /srv/extra/

; Minimal Spreed WebRTC configuration for Nextcloud

[http]
listen = 0.0.0.0:8080
basePath = /webrtc/
;root = /usr/share/spreed-webrtc-server/www

[app]
sessionSecret = xxxxxxxxxxxxx
encryptionSecret = xxxxxxxxxxxxx
authorizeRoomJoin = true
serverToken = xxxxxxxxxxxxxxx
serverRealm = local
;extra = /home/share/public_html/apps/spreedme/extra
;plugin = extra/static/owncloud.js

[users]
enabled = true
mode = sharedsecret
sharedsecret_secret = xxxxxxxxxxxxxxx

Running docker as

docker run --rm --name my-spreed-webrtc -p 8080:8080 -p 8443:8443 -v /srv/extra:/srv/extra -i -t spreed/webrtc -c /srv/extra/server.conf

On my nextcloud server renamed both spreed app config/config.php.in and extra/static/config/OwnCloudConfig.js.to config.php and OwnCloudConfig.js (removed the in and set the shared secret.

In the server.conf I changed the ip to 0.0.0.0. Root is commented. Now the paths in ‘extra’ and ‘plugin’ have values that cannot match as they refer to the primary. Changing them to URLS does’nt work either. I get error messages starting the docker. When I comment them out, I do get Spreed visible in my nextcloud setup. :slight_smile:

But the message says I need to sign in to create a room.

Do I need to set a serverRealm than local? What do I do with “extra” and “plugin”?

I feel I am close… I am missing something…

Indeed I am close.

allowing

plugin = /apps/spreedme/extra/static/owncloud.js

allowed me in and even I could make calls to registered users (when they are logged in into nextcloud)
the “extra” line I had to leave commented.
This leaves me with a

"Configured extra ‘/home/share/public_html/apps/spreedme/extra’ is not a directory.

message.


Also I cannot see the “key” icon though to invite (external/temp) users though.Does that come with TURN server installed? Where would I install that? On the machine running the spreed me docker or the machine running nextcloud?

It seems a bit different, admin user has the key icon, normal user does not. I need to create a group where all users in that group are group admins (see manual on https://github.com/strukturag/nextcloud-spreedme)
The modal popping up seems too small for all content (form fields and create button are not visible in chrome, FF shows scrollbar), you can scroll, but the create button does not work (yet).

In /apps/spreedme/config/config.php you need to change this

const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = false;

to

const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = true;

and create a key for:

const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY ='xxx...xx'

I used xxd -ps -l 32 -c 32 /dev/random

For the spreedme / webrtc docker
The server.conf in /srv/extra/ needs to be:

; Minimal Spreed WebRTC configuration for Nextcloud, split server, external user invite

[http]
listen = 0.0.0.0:8080
basePath = /webrtc/

[app]
sessionSecret = xxxxxxxxxxxxx
encryptionSecret = xxxxxxxxxxxxx
authorizeRoomJoin = true
serverToken = xxxxxxxxxxxxxxx
serverRealm = nextcloud.com
extra = /srv/extra
plugin = /apps/spreedme/extra/static/owncloud.js

turnURIs = turn:nextcloud.com:8443?transport=udp turn:nextcloud.com:8443?transport=tcp
turnSecret = the key you set in /apps/spreedme/config/config.php when you set it to true

[users]
enabled = true
mode = sharedsecret
sharedsecret_secret = xxxxxxxxxxxxxxx

Copy the contents of /home/share/public_html/apps/spreedme/extra/ on your webserver to folder /srv/extra/ on the server running docker.
Start the docker.

docker run --rm --name my-spreed-webrtc -p 8080:8080 -p 8443:8443 -v /srv/extra:/srv/extra -i -t spreed/webrtc -c /srv/extra/server.conf

Now I installed “coturn” on my webserver. With this in /etc/turnserver.conf

listening-port=8443
alt-listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=the key you set in /apps/spreedme/config/config.php when you set it to true
realm=nextcloud.com
total-quota=100
bps-capacity=0
stale-nonce
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
log-file=/var/log/turn.log
no-loopback-peers
no-multicast-peers
cert=/path_to_nextcloud.com/ssl.cert
pkey=/path_to_nextcloud.com/ssl.key

And (re)started the coturn server.

On my router needed the following ports forwarded to my webservers IP:

  • 8443
  • 3478

Now that made it work in and outside my network: sound, video and screen sharing…

Glad to know :wink:
Cheers!

Yes and there is more to know :wink:

Interesting…

As I migrated to another server for my nextcloud instance I discovered my spreed.me failed me.
It appeared FirewallD, new in my debian switch on an up-board with webmin/virtualmin, was blocking it.
Adding the ports 8443 and 3478 to allowed made it work again…