Title: Prosody server support for A/V calls with Conversations Date: 2020-05-04 Tags: xmpp, chat, coturn, instant messaging, prosody, audio/video calls Slug: server-support-for-audio-video-calls Summary: Configure support for audio/video calls with Prosody, Category: instant messaging Status: draft [TOC] Introduction --- This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will first install and configure [coturn](https://github.com/coturn/coturn). It is a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure Prosody to talk to `coturn`. Like the other guides, this one assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line. Furthermore it assumes you have already installed and configured Prosody. If you haven't, take a look at our guide ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md) first. Set up firewall ---- To make your server communicate make sure following ports are open in your firewall for UDP traffic: :::console 3478 (TURN) 5349 (TURN + TLS) 49152-65535 (UDP endpoints for clients) Set up coturn --- First install `coturn` :::console sudo apt-get update && sudo apt-get install coturn After installing first make a backup of the existing configuration: :::console sudo mv /etc/turnserver.conf /etc/turnserver.conf.bak Then download the configuration by [the homebrewserver.club](https://homebrewserver.club/downloads/turnserver.conf). :::console cd ~ wget https://homebrewserver.club/downloads/turnserver.conf -O turnserver.conf The file looks like this: :::console ## Minimal version of /etc/tunserver.conf ## For more options and info see the original /etc/turnserver.conf.bak # Which porst to listen on, make sure the corresponding ports are accepting UDP connections on your firewall listening-port=3478 tls-listening-port=5349 # Your external IP, needed for some connections listening-ip=CUSTOMIZE THIS # Ports that client can connect to. Again make sure they are open for UDP connections on your firewall min-port=49152 max-port=65535 # For the connection with Prosody. Generate a long passphrase for the secret. use-auth-secret static-auth-secret=CUSTOMIZE THIS #Paths to Let's Encrypt certificates cert=/etc/letsencrypt/live/myserver.org/cert.pem pkey=/etc/letsencrypt/live/myserver.org/privkey.pem # Log to syslog syslog # For security: prod # disallow server fingerprinting no-loopback-peers #dissalow connections on lo interface no-cli # disable command-line access Now time for some config. Edit file in a few places: Add your external IP-address to `listening-ip`. If you don't know it, you can find out using `curl https://ifconfig.co`. Set `static-auth-secret` to a decently long passphrase. You can also generate one with: `openssl rand -base64 30`. Take note of it because we will need this secret later. Finally, edit the paths to the Let's Encrypt certificates to whatever you've set in ['Configuring an XMPP server for secure, mobile instant messaging']({filename}instant-messaging/configuring_an_xmpp_server_prosody_0.11.md#enabling-https) Update & set up Prosody --- First update your prosody modules: :::console apt-get install mercurial cd /usr/src/prosody-modules hg pull hg update Then edit your prosody config in `/etc/prosody/prosody.cfg.lua`: First add `turncredentials` to the `modules_enabled` section. Then, before the 'Virtual Hosts' section add: :::console turncredentials_host = "localhost" turncredentials_secret="mydecentlylongpassphrase" And replace the value of `turncredentials_secret` with the value of `static-auth-secret` in `/etc/turnserver.conf`