169 lines
6.1 KiB
Markdown
169 lines
6.1 KiB
Markdown
Title: Prosody server support for A/V calls with Conversations
|
|
Date: 2020-05-04
|
|
Tags: xmpp, chat, coturn, instant messaging, prosody, audio/video calls
|
|
Slug: server-support-for-audio-video-calls
|
|
Summary: Configure support for audio/video calls with Prosody,
|
|
Category: instant messaging
|
|
Status: Published
|
|
|
|
[TOC]
|
|
|
|
Introduction
|
|
---
|
|
|
|
In april 2020 Conversations [released a new version with support for end-to-end encrypted audio/video calls](https://github.com/iNPUTmice/Conversations/blob/master/CHANGELOG.md#version-280), bringing that functionality to one of the most widely used XMPP clients. For A/V calls to work you need to enable server-side support. This guide will help you doing that.
|
|
|
|
We will first install and configure [Coturn](https://github.com/coturn/coturn). It is a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Then we will configure Prosody so that it can give temporary credentials to an XMPP clients to login to Coturn.
|
|
|
|
Like the other guides, this one assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line.
|
|
|
|
Furthermore it assumes you have already installed and configured Prosody. If you haven't, take a look at our guide ['Configuring an XMPP server for secure, mobile instant messaging']({filename}configuring_an_xmpp_server_prosody_0.11.md) first.
|
|
|
|
|
|
Set up firewall
|
|
----
|
|
|
|
To make your server communicate make sure following ports are open in your firewall for UDP traffic:
|
|
|
|
:::console
|
|
3478 (TURN)
|
|
5349 (TURN + TLS)
|
|
49152-65535 (UDP endpoints for clients)
|
|
|
|
Set up Coturn
|
|
---
|
|
|
|
First install Coturn
|
|
|
|
:::console
|
|
$ sudo apt-get update && sudo apt-get install coturn
|
|
|
|
After installing first make a backup of the existing configuration:
|
|
|
|
:::console
|
|
$ sudo mv /etc/turnserver.conf /etc/turnserver.conf.bak
|
|
|
|
Then download the configuration by [the homebrewserver.club](https://homebrewserver.club/downloads/turnserver.conf):
|
|
|
|
:::console
|
|
$ cd ~
|
|
$ wget https://homebrewserver.club/downloads/turnserver.conf -O turnserver.conf
|
|
|
|
|
|
The file looks like this:
|
|
|
|
:::c
|
|
## Minimal version of /etc/turnserver.conf
|
|
## For more options and info see the original /etc/turnserver.conf.bak
|
|
|
|
# Which porst to listen on, make sure the corresponding ports are accepting UDP connections on your firewall
|
|
listening-port=3478
|
|
tls-listening-port=5349
|
|
|
|
# Your machine's IP addres
|
|
# This is either the external IP or, in the case you are behind a NAT, the IP of the machine in the NAT
|
|
listening-ip=CUSTOMIZE THIS
|
|
|
|
# Your domain name
|
|
realm=myserver.org
|
|
|
|
# Ports that client can connect to. Again make sure they are open for UDP connections on your firewall
|
|
min-port=49152
|
|
max-port=65535
|
|
|
|
# For the connection with Prosody. Generate a long passphrase for the secret.
|
|
use-auth-secret
|
|
static-auth-secret=CUSTOMIZE THIS
|
|
|
|
#Paths to Let's Encrypt certificates
|
|
cert=/etc/letsencrypt/live/myserver.org/cert.pem
|
|
pkey=/etc/letsencrypt/live/myserver.org/privkey.pem
|
|
|
|
# Log to syslog
|
|
syslog
|
|
|
|
# For security:
|
|
# disallow server fingerprinting
|
|
prod
|
|
#dissalow connections on lo interface
|
|
no-loopback-peers
|
|
# disable command-line access
|
|
no-cli
|
|
|
|
|
|
Now time for some config. You need to edit `/etc/tunserver.conf` in a few places.
|
|
|
|
First, add your servers' IP-address to `listening-ip`.
|
|
|
|
In case you are behind a NAT, for example when you are hosting from home and are [making use of port forwarding]({filename}../fundamentals/port_forwarding.md) this will be a local IP adress. If your machine is directly exposed to the internet, that is the external IP-addres.
|
|
|
|
If you don't know it, you can find out using the following command:
|
|
|
|
:::console
|
|
$ ip --oneline addr show primary | grep -E '(en|eth)'
|
|
|
|
|
|
After that make sure `realm` points to the domain name of the server.
|
|
|
|
Then, set `static-auth-secret` to a decently long passphrase. You can also generate one with:
|
|
|
|
:::console
|
|
$ openssl rand -base64 30
|
|
|
|
Take note of it because we will need this secret later.
|
|
|
|
Finally, edit the paths to the Let's Encrypt certificates to whatever you've set in ['Configuring an XMPP server for secure, mobile instant messaging']({filename}configuring_an_xmpp_server_prosody_0.11.md#enabling-https).
|
|
|
|
Once you are done move it in to place:
|
|
|
|
:::console
|
|
$ sudo mv turnserver.conf /etc/turnserver.conf
|
|
|
|
Then uncomment `TURNSERVER_ENABLED=1` in `/etc/default/coturn`.
|
|
|
|
Update & set up Prosody
|
|
---
|
|
|
|
First update your Prosody modules:
|
|
|
|
:::console
|
|
$ apt-get install mercurial
|
|
$ cd /usr/src/prosody-modules
|
|
$ hg pull
|
|
$ hg update
|
|
|
|
Then edit your prosody config in `/etc/prosody/prosody.cfg.lua`:
|
|
|
|
First add `turncredentials` to the `modules_enabled` section.
|
|
|
|
Then, before the 'Virtual Hosts' section, add:
|
|
|
|
:::console
|
|
turncredentials_host = "myserver.org"
|
|
turncredentials_secret="mydecentlylongpassphrase"
|
|
|
|
And replace the value of `turncredentials_secret` with the value of `static-auth-secret` in `/etc/turnserver.conf` and `turncredentials_host` with your domain name.
|
|
|
|
Finishing up
|
|
---
|
|
Start `coturn` and enable it start on boot
|
|
|
|
:::console
|
|
$ sudo systemctl enable --now coturn
|
|
|
|
Restart `prosody`
|
|
|
|
:::console
|
|
$ /etc/init.d/prosody restart
|
|
|
|
Finally to see if it works, you can check your server with the web-based [Conversations Compliance tester](https://compliance.conversations.im/) you should look out for the status of 'XEP-0215' in the
|
|
'Results for informational tests' section.
|
|
|
|
Troubleshooting
|
|
---
|
|
In case you run in to issues have a look at the [notes by Daniel Gultsch](https://gist.github.com/iNPUTmice/a28c438d9bbf3f4a3d4c663ffaa224d9) for how to debug issues.
|
|
Furthermore you can try either the [Conversations.im](xmpp:conversations@conference.siacs.eu?join) or [Homebrewserver.club](xmpp:hbsc@muc.lurk.org?join) channels.
|
|
|
|
Thanks & Acknowledgements
|
|
---
|
|
Based on [example config by Wiktor Kwapisiewicz](https://github.com/wiktor-k/coturn), and the [Prosody documentation](https://prosody.im/doc/coturn) |