diff --git a/README.md b/README.md index b8a5752..0186521 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,9 @@ -# documentation - +# documentation + Here I will start building a list of guides for setting up various open source self-hosted software. If you have any suggestions then please send me a chat request on Reddit (https://reddit.com/u/thisiszeev) -The contents of this repo is licensed under the Creative Commons is free to share in an unaltered state. -If you want to publish one of my guides on your website or in your print publication, then please contact me via Reddit. \ No newline at end of file +The contents of this repo is licensed under the Creative Commons 4.0 Attribution, Non-Commercial, No-Derivative-Works license. You are free to share the documents in an unaltered state. + +If you do wish to publish one of my guides on your website or in your print publication, then please contact me via Reddit to discuss licensing. diff --git a/nextcloud/README.md b/nextcloud/README.md new file mode 100644 index 0000000..13c6873 --- /dev/null +++ b/nextcloud/README.md @@ -0,0 +1,5 @@ +# Documentation relating to Self-Hosted Nextcloud Installs + +| Filename | Description | +|----------|-------------| +| coturn.md | Setting up a TURN server for a Self-Hosted Nextcloud Installation | diff --git a/nextcloud/coturn.md b/nextcloud/coturn.md new file mode 100644 index 0000000..c22be82 --- /dev/null +++ b/nextcloud/coturn.md @@ -0,0 +1,373 @@ +# Setting up a TURN server for a self-hosted Nextcloud installation + +**Document Author:** Ze'ev Schurmann +**Document Version:** v1.0 +**Document License:** CC-4.0-BY-NC-ND + +This document is one of a series I intend to compile for various open source projects that I use, support and believe in. For more info visit https://git.zaks.web.za/thisiszeev/documentation + +If you have any questions or need 1 on 1 support/training then please send me a chat request on Reddit (https://reddit.com/u/thisiszeev) + +Feel free to visit my Git Repo on https://git.zaks.web.za/thisiszeev + +If you find this document useful, please let me know via Reddit, share it with others, and if you can afford it, please consider a small donation at https://paypal.me/thisiszeev + +The contents of this repo is licensed under the Creative Commons 4.0 Attribution, Non-Commercial, No-Derivative-Works license. You are free to share the document in an unaltered state. + +If you do wish to publish this guide or any of my other guides on your website or in your print publication, then please contact me via Reddit to discuss licensing. + +## Contents + +- Before you start (requirements, disclaimer and warnings) +- What is a TURN Server +- What is coTURN +- Installing coTURN +- Configuring coTURN +- Activating coTURN +- Configuring Nextcloud Community Edition (Self-Install) + +## Before you start (requirements, disclaimer and warnings) + +**REQUIREMENTS:** A publically accessible dedicate or virtualized server running Nextcloud. This guide is written for Debian and Debian based operating systems. If you are running a different version of Linux, then please substitute the relevant steps to fit your installation. + +**DISCLAIMER:** I am in no way affiliate with Nextcloud GmbH or any of their associated companies or brands. This guide is created as a labor of love and in no ways is intended to represent the views and/or opinions of Nextcloud GmbH or any of the other community members. + +**WARNING:** You use this guide at your own risk. I assume no responsibility for any damages, loss of data, loss or revenue, or any other outcome of any nature, either implied or not. It is assumed that you have a basic understanding of the Linux command-line, that you have a working Self-Hosted Installation of Nextcloud, along with root/sudo access to the server that your installation is hosted on. + +## What is a TURN Server + +A **TURN server** (Traversal Using Relays around NAT) is a type of server used in **real-time communication**—like video calls, voice chats, or online gaming—when **direct peer-to-peer connections** between users fail due to **strict firewalls or NATs (Network Address Translators)**. + +### What it does: + +- It **relays traffic** between two clients who cannot establish a direct connection. +- Unlike **STUN** (Session Traversal Utilities for NAT), which just helps discover public IPs and ports, **TURN actually passes the media (audio/video/data)** through the server. + +### Why it's needed: + +- Some networks (corporate, mobile, or public WiFi) block incoming peer connections. +- When direct peer-to-peer via STUN isn't possible, TURN is a fallback that ensures communication still works. + +### Common in: + +- **WebRTC applications** (e.g., video conferencing in browsers) +- **VoIP apps**, online games, remote desktop tools, etc. + +### Downsides: + +- It’s **more resource-intensive** than STUN, since the TURN server handles all the data. +- **Latency** may increase a bit because the server is relaying everything. + +### Example use case: + +Imagine two users trying to video call using a WebRTC app: +- If they’re both behind NATs/firewalls that allow STUN, they can talk directly (P2P). +- If not, a TURN server relays their video and audio between them, acting as a middleman. + +## What is coTURN + +**coTURN** is a **free, open-source TURN and STUN server** implementation. It’s one of the most popular and reliable choices for adding NAT traversal support to real-time communication apps, especially **WebRTC**. + +### What coTURN does: + +- Provides both **TURN** and **STUN** services. +- Helps devices behind NAT/firewalls communicate over the internet. +- Acts as a **relay server** when direct peer-to-peer (P2P) connections can’t be established. + +### Key features of coTURN: + +- Supports **UDP, TCP, TLS, and DTLS**. +- **Authentication** (static or dynamic via REST API). +- **IPv4 and IPv6** support. +- Can be used in **high-load** environments. +- Works great for **WebRTC**, **VoIP**, **SIP**, **video conferencing**, etc. + +### Typical usage: + +- You install it on a VPS or server with a **public IP**. +- Configure it via `turnserver.conf`. +- Apps like Jitsi, Nextcloud Talk, BigBlueButton, and custom WebRTC apps use it when clients can't connect directly. + +### Tip: + +Even if you’re just using STUN most of the time, having TURN via coTURN ensures your app **always works**, even in the strictest networks. + +## Installing coTURN + +### With root access + +First make sure that Linux is fully updated. + +``` +apt update && apt -y upgrade +``` + +If updates complete without error, you can install coTURN. + +``` +apt -y install coturn +``` + +### With sudo access + +First make sure that Linux is fully updated. + +``` +sudo apt update && sudo apt -y upgrade +``` + +If updates complete without error, you can install coTURN. + +``` +sudo apt -y install coturn +``` + +## Configuring coTURN + +### With root access + +Open the file `/etc/turnserver.conf` + +``` +nano /etc/turnserver.conf +``` + +### With sudo access + +Open the file `/etc/turnserver.conf` + +``` +sudo nano /etc/turnserver.conf +``` + +### Editing /etc/turnserver.conf + +Press CTRL+W and type `#listening-port` followed by ENTER. You will be taken to a line that looks like this: + +``` +#listening-port=3478 +``` + +Remove the comment `#` so that it looks like this: + +``` +listening-port=3478 +``` + +--- + +Press CTRL+W and type `#tls-listening-port` followed by ENTER. You will be taken to a line that looks like this: + +``` +#tls-listening-port=5349 +``` + +Remove the comment `#` so that it looks like this: + +``` +tls-listening-port=5349 +``` + +--- + +Press CTRL+W and type `#alt-listening-port` followed by ENTER. You will be taken to a line that looks like this: + +``` +#alt-listening-port=0 +``` + +Remove the comment `#` so that it looks like this: + +``` +alt-listening-port=0 +``` + +--- + +Press CTRL+W and type `#alt-tls-listening-port` followed by ENTER. You will be taken to a line that looks like this: + +``` +#alt-tls-listening-port=0 +``` + +Remove the comment `#` so that it looks like this: + +``` +alt-tls-listening-port=0 +``` + +--- + +Press CTRL+W and type `#min-port` followed by ENTER. You will be taken to a line that looks like this: + +``` +#min-port=49152 +``` + +Remove the comment `#` and change the number to `60000` so that it looks like this: + +``` +min-port=60000 +``` + +--- + +The line below `min-port` looks like this: + +``` +#max-port=65535 +``` + +Remove the comment `#` and change the number to `61999` so that it looks like this: + +``` +max-port=61999 +``` + +--- + +Press CTRL+W and type `#fingerprint` followed by ENTER. You will be taken to a line that looks like this: + +``` +#fingerprint +``` + +Remove the comment `#` so that it looks like this: + +``` +fingerprint +``` + +--- + +Press CTRL+W and type `#use-auth-secret` followed by ENTER. You will be taken to a line that looks like this: + +``` +#use-auth-secret +``` + +Remove the comment `#` so that it looks like this: + +``` +use-auth-secret +``` + +--- + +Press CTRL+W and type `#static-auth-secret` followed by ENTER. You will be taken to a line that looks like this: + +``` +#static-auth-secret=north +``` + +Remove the comment `#` and change the string after the equals to a nice long string of about 32 characters so that it looks something like this but with your own secret string in place of `SuperStrongSecretGoesHere`: + +``` +static-auth-secret=SuperStrongSecretGoesHere +``` + +*Save your chosen secret as you will need it when you configure Nextcloud.* + +--- + +Press CTRL+W and type `#realm` followed by ENTER. You will be taken to a line that looks like this: + +``` +#realm=mycompany.org +``` + +Remove the comment `#` and change the domain for the domain you use to access the server that coTURN in installed on, so that it looks like this: + +``` +realm=nextcloud.mydomain.tld +``` + +*If you are installing coTURN on a seperate server then the domain will be different to the domain used for Nextcloud.* + +--- + +Press CTRL+W and type `#total-quota` followed by ENTER. You will be taken to a line that looks like this: + +``` +#total-quota=0 +``` + +Remove the comment `#` so that it looks like this: + +``` +total-quota=0 +``` + +--- + +Press CTRL+W and type `# bps-capacity` followed by ENTER. You will be taken to a line that looks like this: + +``` +# bps-capacity=0 +``` + +Remove the comment `#` so that it looks like this: + +``` +bps-capacity=0 +``` + +*If you want to limit the total at a time network usage for coTURN, you can substiture the `0` for a real value limit in bits per second. 1 Kbps is 1024 bps, 1 Mbps is 1024 Kbps, and so on.* + +--- + +Press CTRL+W and type `#no-multicast-peers` followed by ENTER. You will be taken to a line that looks like this: + +``` +#no-multicast-peers +``` + +Remove the comment `#` so that it looks like this: + +``` +no-multicast-peers +``` + +## Activating coTURN + +coTURN should already be activate. You should only need to restart the service. + +### With root access + +``` +systemctl restart coturn.service +``` + +If you got an error, you will have to start and enable it. + +``` +systemctl start coturn.service +systemctl enable coturn.service +``` + +### With sudo access + +``` +sudo systemctl restart coturn.service +``` + +If you got an error, you will have to start and enable it. + +``` +sudo systemctl start coturn.service +sudo systemctl enable coturn.service +``` + +## Configuring Nextcloud Community Edition (Self-Install) + +1. Log into your Nextcloud Install as the admin user. +2. Click on the user icon in the top right. +3. Click `Administration settings`. +4. Scroll down the settings menu on the left and click on `Talk`. +5. On the right of the screen scroll down to find `TURN servers`. +6. Add a new TURN server and use the following settings: +6. - turn: and turns: +6. - TURN server URL - use the domain name you assigned to the setting `realm=` +6. - TURN server secret - use the long string you assigned to `static-auth-secret=` +6. - UDP and TCP +7. Click the wavey icon on the right. If all is done correctly, it should change to a green checkmark.