4.7 KiB
Title: Prosody server support for A/V calls with Conversations Date: 2020-05-04 Tags: xmpp, chat, coturn, instant messaging, prosody, audio/video calls Slug: server-support-for-audio-video-calls Summary: Configure support for audio/video calls with Prosody, Category: instant messaging Status: draft
[TOC]
Introduction
This is a guide to set up server-side support for audio/video calls over XMPP. To do this we will first install and configure Coturn. It is a libre STUN/TURN server that helps establish peer connections across firewalls for media streams such as calls. Additionally we will configure Prosody to talk to coturn
.
Like the other guides, this one assumes Debian stable running on the server, the fact that you will end up hosting a few of your friends and that you have some basic skills working on a linux command line.
Furthermore it assumes you have already installed and configured Prosody. If you haven't, take a look at our guide 'Configuring an XMPP server for secure, mobile instant messaging' first.
Set up firewall
To make your server communicate make sure following ports are open in your firewall for UDP traffic:
:::console
3478 (TURN)
5349 (TURN + TLS)
49152-65535 (UDP endpoints for clients)
Set up coturn
First install Coturn
:::console
$ sudo apt-get update && sudo apt-get install coturn
After installing first make a backup of the existing configuration:
:::console
$ sudo mv /etc/turnserver.conf /etc/turnserver.conf.bak
Then download the configuration by the homebrewserver.club:
:::console
$ cd ~
$ wget https://homebrewserver.club/downloads/turnserver.conf -O turnserver.conf
The file looks like this:
:::console
## Minimal version of /etc/tunserver.conf
## For more options and info see the original /etc/turnserver.conf.bak
# Which porst to listen on, make sure the corresponding ports are accepting UDP connections on your firewall
listening-port=3478
tls-listening-port=5349
# Your external IP, needed for some connections
listening-ip=CUSTOMIZE THIS
# Ports that client can connect to. Again make sure they are open for UDP connections on your firewall
min-port=49152
max-port=65535
# For the connection with Prosody. Generate a long passphrase for the secret.
use-auth-secret
static-auth-secret=CUSTOMIZE THIS
#Paths to Let's Encrypt certificates
cert=/etc/letsencrypt/live/myserver.org/cert.pem
pkey=/etc/letsencrypt/live/myserver.org/privkey.pem
# Log to syslog
syslog
# For security:
prod # disallow server fingerprinting
no-loopback-peers #dissalow connections on lo interface
no-cli # disable command-line access
Now time for some config. You need to edit /etc/tunserver.conf
in a few places.
First, add your external IP-address to listening-ip
. If you don't know it, you can find out using the following command:
:::console
$ curl https://ifconfig.co
Then, set static-auth-secret
to a decently long passphrase. You can also generate one with:
:::console
$ openssl rand -base64 30
Take note of it because we will need this secret later.
Finally, edit the paths to the Let's Encrypt certificates to whatever you've set in 'Configuring an XMPP server for secure, mobile instant messaging'.
Once you are done move it in to place: ::: console $ sudo mv turnserver.conf /etc/turnserver.conf
Update & set up Prosody
First update your Prosody modules:
:::console
$ apt-get install mercurial
$ cd /usr/src/prosody-modules
$ hg pull
$ hg update
Then edit your prosody config in /etc/prosody/prosody.cfg.lua
:
First add turncredentials
to the modules_enabled
section.
Then, before the 'Virtual Hosts' section add:
:::console
turncredentials_host = "localhost"
turncredentials_secret="mydecentlylongpassphrase"
And replace the value of turncredentials_secret
with the value of static-auth-secret
in /etc/turnserver.conf
Finishing up
Start coturn
and enable it start on boot
:::console
$ sudo systemctl enable --now coturn
Restart prosody
:::console
$ /etc/init.d/prosody restart
Finally to check if it works you can add check your server with the web-based Conversations Compliance tester
Thanks & Acknowledgements
Thanks to the example config of Wiktor and the Prosody documentation