diff --git a/content/instant-messaging/server-support-for-audio-video-calls.md b/content/instant-messaging/server-support-for-audio-video-calls.md index ce9b07b..f4666a5 100644 --- a/content/instant-messaging/server-support-for-audio-video-calls.md +++ b/content/instant-messaging/server-support-for-audio-video-calls.md @@ -11,11 +11,11 @@ Status: draft Introduction --- -This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will install and configure `coturn`, a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure `prosody` to talk to `coturn`. +This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will first install and configure [coturn](https://github.com/coturn/coturn). It is a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure Prosody to talk to `coturn`. Like the other guides, this one assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line. -Furthermore it assumes you have already installed and configured Prosody, if you haven't have a look [at how to do so as well!]({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md) +Furthermore it assumes you have already installed and configured Prosody. If you haven't, take a look at our guide ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md) first. Set up firewall @@ -36,4 +36,80 @@ First install `coturn` :::console sudo apt-get update && sudo apt-get install coturn +After installing first make a backup of the existing configuration: + + :::console + sudo mv /etc/turnserver.conf /etc/turnserver.conf.bak + +Then download the configuration by [the homebrewserver.club](https://homebrewserver.club/downloads/turnserver.conf). + + :::console + cd ~ + wget https://homebrewserver.club/downloads/turnserver.conf -O turnserver.conf + + +The file looks like this: + + :::console + ## Minimal version of /etc/tunserver.conf + ## For more options and info see the original /etc/turnserver.conf.bak + + # Which porst to listen on, make sure the corresponding ports are accepting UDP connections on your firewall + listening-port=3478 + tls-listening-port=5349 + + # Your external IP, needed for some connections + listening-ip=CUSTOMIZE THIS + + # Ports that client can connect to. Again make sure they are open for UDP connections on your firewall + min-port=49152 + max-port=65535 + + # For the connection with Prosody. Generate a long passphrase for the secret. + use-auth-secret + static-auth-secret=CUSTOMIZE THIS + + #Paths to Let's Encrypt certificates + cert=/etc/letsencrypt/live/myserver.org/cert.pem + pkey=/etc/letsencrypt/live/myserver.org/privkey.pem + + # Log to syslog + syslog + + # For security: + prod # disallow server fingerprinting + no-loopback-peers #dissalow connections on lo interface + no-cli # disable command-line access + + +Now time for some config. Edit file in a few places: + +Add your external IP-address to `listening-ip`. If you don't know it, you can find out using `curl https://ifconfig.co`. + +Set `static-auth-secret` to a decently long passphrase. You can also generate one with: `openssl rand -base64 30`. Take note of it because we will need this secret later. + +Finally, edit the paths to the Let's Encrypt certificates to whatever you've set in ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md#enabling-https) + +Update & set up Prosody +--- + +First update your prosody modules: + + :::console + apt-get install mercurial + cd /usr/src/prosody-modules + hg pull + hg update + +Then edit your prosody config in `/etc/prosody/prosody.cfg.lua`: + +First add `turncredentials` to the `modules_enabled` section. + +Then, before the 'Virtual Hosts' section add: + + :::console + turncredentials_host = "localhost" + turncredentials_secret="mydecentlylongpassphrase" + +And replace the value of `turncredentials_secret` with the value of `static-auth-secret` in `/etc/turnserver.conf`