I’m rolling out Nextcloud Talk here at my ISP and everything’s golden except TURN—the dashboard keeps slapping me with that angry red “!” even though STUN and the High-Performance Backend show green.
My setup in a nutshell
Nextcloud 28.0.4 + Talk 17 on its own VM , Let’s Encrypt cert.
nftables lets 3478 TCP/UDP straight through; the edge router forwards the same ports.
What’s weird
Trickle-ICE from the outside does give me relay candidates, and turnutils_uclient from a public VPS works fine.
But from the Nextcloud VM itself nc -vz 191.7.x.x 3478 (TCP and UDP) time-out—coturn log stays completely silent.
So Talk never even asks the TURN box, and the red icon stays.
Feels like a classic hair-pin NAT / NAT-reflection fail, or maybe a sneaky Docker/UFW rule still eating 3478 before coturn sees it.
Anyone run into the same “TURN works externally but not from Nextcloud host” thing?
All tips welcome—I’d love to quit staring at that red exclamation mark!
if I’m not completely wrong Talk “itself” doesn’t require and use TURN. media flows between clients directly. The situatiin changes if you introduce Talk HPB - which acts as “another” client and requires TURN. if this is the case maybe it’s best to deploy HPB at the same machine as TURN. otherwise review if there are any problems besides the red mark - as long your calls are running don’t fix if it’s not broken..
I’ve installed Nextcloud on one VM and the Talk stack (STUN / TURN / HPB) on another. I chose this architecture because I expect a high number of simultaneous users on Talk — around 30 to 50 users in video calls — and I believe a single VM could be overwhelmed in that case. Also, separating the services seems to be the best approach for future scalability.
Both VMs have public IPs, valid domains, and SSL certificates. On the Talk VM, I can get green flags for Stun and High Performance Backend on the Nextcloud admin panel, but TURN always fails — red exclamation mark — no matter what I try.
I followed several online tutorials but couldn’t get it to work. The server is running Debian 12, but I’m open to switching to another OS if needed. I just need a clear guide or a proper solution to make the TURN server work correctly with Nextcloud Talk.
As I mentioned, STUN and HPB are fine, but as soon as I tweak anything related to TURN, something else break usually STUN so I end up in a loop.
If needed, I can provide logs. Any help, ideas, or working tutorials would be greatly appreciated.
you’re definitely not alone when it comes to Talk:HPB challenges!
that sounds interesting… can you be clear about that “stack” and the installation method?
that sounds like a VPS?
yeah, it would be great if there were a “one size fits all” solution! but in reality it just doesn’t work that way.
you did see the official docs though?
your versions are fairly old… consider updating.
It really depends on the clients trying to connect to each other. Generally TURN is recommended (even needed) in most cases. It’s independent of HPB. I’d recommend https://nextcloud-talk.readthedocs.io/en/latest/TURN/ for some infos.
It should show an error, is there any if you hover over the exclamation mark? Otherwise please check the browsers console.
Otherwise please post a screenshot of your turn config in the webui and your coturn config
I started by trying Docker AIO. The containers for signaling, STUN, and TURN started normally, but the health endpoint never returned 200 OK. I always got the error: “HTTP/2 400 Bad Request: malformed Host header.”
Then I switched to the GitHub install script from the sunweaver project (nextcloud-high-performance-backend-setup), also running on Debian 12. The script correctly installs coturn, signaling, nginx, and SSL (Let’s Encrypt). I edited the server.conf file and added:
ini
allowed_origins = ['https://talk.myurl.com']
I restarted the service, but even then the /standalone-signaling/api/v1/welcome endpoint still returns the same 400 error for malformed Host header.
In the Nextcloud admin panel, under Talk > High Performance Backend (HPB), it shows the message “Cannot connect to the server,” even though TURN is working fine (bind tests on UDP/TCP port 3478 are OK).
Searching through the forums, I found that other users also experience the same error, even with the domain and SSL properly configured. From what I understand, the signaling server behind an nginx reverse proxy requires careful configuration for the WebSocket routes, such as /spreed and /api, to correctly forward to the local signaling service at 127.0.0.1:8080.
I’d like to ask the community for advice:
Could this error be related to the nginx reverse proxy configuration? Do the /spreed and /api routes need specific proxy rules?
Does the allowed_origins parameter require a specific format (e.g. including protocol, port, or trailing slash)?
Which method would you recommend for this kind of setup (separate VM with Debian 12 and a public IP)?
Docker AIO
GitHub script (sunweaver)
Manual install (coturn + signaling + nginx)
I just need some quick help in understanding the best way to make it work so it works on the netxcloud vm…
After a lot of digging, testing, and even some DMs, I finally got Nextcloud Talk working properly! I just wanted to say a big thank you to this amazing community, you’re what makes Nextcloud awesome. So many helpful folks and good vibes here.
For anyone facing similar issues, here’s what ended up working for me:
I set up a fresh Debian VM for Nextcloud (latest stable version — I was using an outdated one from a random forum link before and didn’t realize it!)…
I then created a separate VM for Talk(HPB + STUN + TURN), and instead of using the GitHub package setup (which caused me some dependency hell), I went with the Docker approach and I deployed the services one by one: first HPB, then STUN, and finally TURN — which, for me, was the trickiest.
By isolating each service and fixing any issues step by step instead of deploying everything at once, I finally got green checks across the board — Talk is now running smoothly!!! Now I can grow the setup and even migrate the VMs across my Proxmox 3-node cluster — scaling is no longer a bottleneck..
Hello @Paulo_Souza can you explain how you deployed each services one by one ?
I’m trying to create a separated VM, with the docker command and install only talk container, I’ve setting the new URL in my NC, green flag ton TURN settings, but when I’m trying to test a call, it’s calling, but it turn around, and doing a loop (calling, trying, out, callaing, etc…)
don’t fix if it’s not broken..
