Update 'content/instant-messaging/server-support-for-audio-video-calls.md'

2020-05-07 17:03:05 +02:00 · 2020-05-07 17:03:05 +02:00 · 38d3f0da33
commit 38d3f0da33
parent b863b4a8a1
1 changed files with 78 additions and 2 deletions
--- a/content/instant-messaging/server-support-for-audio-video-calls.md
+++ b/content/instant-messaging/server-support-for-audio-video-calls.md
@ -11,11 +11,11 @@ Status: draft
 Introduction
 ---

-This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will install and configure `coturn`, a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure `prosody` to talk to `coturn`.
+This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will first install and configure [coturn](https://github.com/coturn/coturn). It is a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure Prosody to talk to `coturn`.

 Like the other guides, this one assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line.

-Furthermore it assumes you have already installed and configured Prosody, if you haven't have a look [at how to do so as well!]({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md)
+Furthermore it assumes you have already installed and configured Prosody. If you haven't, take a look at our guide ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md) first.


 Set up firewall 
@ -36,4 +36,80 @@ First install `coturn`
 	:::console
 	sudo apt-get update && sudo apt-get install coturn

+After installing first make a backup of the existing configuration:
+
+    :::console
+    sudo mv /etc/turnserver.conf /etc/turnserver.conf.bak
+
+Then download the configuration by [the homebrewserver.club](https://homebrewserver.club/downloads/turnserver.conf).
+
+    :::console
+    cd ~
+    wget https://homebrewserver.club/downloads/turnserver.conf -O turnserver.conf
+    
+    
+The file looks like this:
+
+    :::console
+    ## Minimal version of /etc/tunserver.conf 
+    ## For more options and info see the original /etc/turnserver.conf.bak
+
+    # Which porst to listen on, make sure the corresponding ports are accepting UDP connections on your firewall
+    listening-port=3478
+    tls-listening-port=5349
+
+    # Your external IP, needed for some connections
+    listening-ip=CUSTOMIZE THIS
+
+    # Ports that client can connect to. Again make sure they are open for UDP connections on your firewall
+    min-port=49152
+    max-port=65535
+
+    # For the connection with Prosody. Generate a long passphrase for the secret.
+    use-auth-secret
+    static-auth-secret=CUSTOMIZE THIS
+
+    #Paths to Let's Encrypt certificates
+    cert=/etc/letsencrypt/live/myserver.org/cert.pem
+    pkey=/etc/letsencrypt/live/myserver.org/privkey.pem
+
+    # Log to syslog
+    syslog 
+
+    # For security:
+    prod # disallow server fingerprinting
+    no-loopback-peers #dissalow connections on lo interface
+    no-cli # disable command-line access
+    
+
+Now time for some config. Edit file in a few places:
+ 
+Add your external IP-address to `listening-ip`. If you don't know it, you can find out using `curl https://ifconfig.co`.
+
+Set `static-auth-secret` to a decently long passphrase. You can also generate one with: `openssl rand -base64 30`. Take note of it because we will need this secret later.
+
+Finally, edit the paths to the Let's Encrypt certificates to whatever you've set in ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md#enabling-https)
+
+Update & set up Prosody
+---
+
+First update your prosody modules:
+
+    :::console
+    apt-get install mercurial
+    cd /usr/src/prosody-modules
+    hg pull
+    hg update
+
+Then edit your prosody config in `/etc/prosody/prosody.cfg.lua`:
+
+First add `turncredentials` to the `modules_enabled` section.  
+
+Then, before the 'Virtual Hosts' section add:
+
+    :::console
+    turncredentials_host = "localhost"
+    turncredentials_secret="mydecentlylongpassphrase"
+
+And replace the value of `turncredentials_secret` with the value of `static-auth-secret` in `/etc/turnserver.conf`