Spreedme / webrtc and nextcloud on split host

ℹ️ Support
5

In /apps/spreedme/config/config.php you need to change this

const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = false;

to

const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = true;

and create a key for:

const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY ='xxx...xx'

I used xxd -ps -l 32 -c 32 /dev/random

For the spreedme / webrtc docker
The server.conf in /srv/extra/ needs to be:

; Minimal Spreed WebRTC configuration for Nextcloud, split server, external user invite

[http]
listen = 0.0.0.0:8080
basePath = /webrtc/

[app]
sessionSecret = xxxxxxxxxxxxx
encryptionSecret = xxxxxxxxxxxxx
authorizeRoomJoin = true
serverToken = xxxxxxxxxxxxxxx
serverRealm = nextcloud.com
extra = /srv/extra
plugin = /apps/spreedme/extra/static/owncloud.js

turnURIs = turn:nextcloud.com:8443?transport=udp turn:nextcloud.com:8443?transport=tcp
turnSecret = the key you set in /apps/spreedme/config/config.php when you set it to true

[users]
enabled = true
mode = sharedsecret
sharedsecret_secret = xxxxxxxxxxxxxxx

Copy the contents of /home/share/public_html/apps/spreedme/extra/ on your webserver to folder /srv/extra/ on the server running docker.
Start the docker.

docker run --rm --name my-spreed-webrtc -p 8080:8080 -p 8443:8443 -v /srv/extra:/srv/extra -i -t spreed/webrtc -c /srv/extra/server.conf

Now I installed “coturn” on my webserver. With this in /etc/turnserver.conf

listening-port=8443
alt-listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=the key you set in /apps/spreedme/config/config.php when you set it to true
realm=nextcloud.com
total-quota=100
bps-capacity=0
stale-nonce
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
log-file=/var/log/turn.log
no-loopback-peers
no-multicast-peers
cert=/path_to_nextcloud.com/ssl.cert
pkey=/path_to_nextcloud.com/ssl.key

And (re)started the coturn server.

On my router needed the following ports forwarded to my webservers IP:

  • 8443
  • 3478

Now that made it work in and outside my network: sound, video and screen sharing…