search

nextcloud / all-in-one

📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
https://hub.docker.com/r/nextcloud/all-in-one
GNU Affero General Public License v3.0
5.53k stars 640 forks source link

Can someone document how to use the aio-talk container on its own? #5512

Closed sbe-arg closed 3 days ago

sbe-arg commented 4 days ago

The possible scenarios are:

Setup HPB-talk along with a snap nextcloud, a aio setup non manual, and hybird setup where toy might have nextcloud running on bare metal.

Based on this https://github.com/nextcloud/all-in-one/tree/main/Containers/talk + https://github.com/nextcloud/all-in-one/tree/main/manual-install

Something like this should work if:

EDITED: (removed logs about timeouts as it was a port block issue)

sbe-arg commented 4 days ago

Okay.

To use the aio-talk you have to use the turn only server setup by the aio-talk you cannot use the open relay turns.

I found a bit tricky to use https server endpoint vs wss endpoint specially behind a reverse proxy but it works.

Ill see if I can open a pr with proposed readme notes.

i use bunkerweb as my reverse proxy so might be a bit biased

sbe-arg commented 3 days ago

I use this successfully.

name: 'hpb'

services:

  nc-talk-2:
    container_name: nc_talk_2
    image: nextcloud/aio-talk:latest
    init: true
    ports:
      - 3479:3478/tcp
      - 3479:3478/udp
      - 8281:8081/tcp
    environment:
      - NC_DOMAIN=cloud.domain2.tld
      - TALK_HOST=signal2.somedomain.tld
      - TURN_SECRET=secret
      - SIGNALING_SECRET=secret
      - TZ=Pacific/Auckland
      - TALK_PORT=3478
      - INTERNAL_SECRET=secret
    restart: unless-stopped
    read_only: true
    tmpfs:
      - /var/log/supervisord
      - /var/run/supervisord
      - /opt/eturnal/run
      - /conf
      - /tmp

  nc-talk-1:
    container_name: nc_talk_1
    image: nextcloud/aio-talk:latest
    init: true
    ports:
      - 3478:3478/tcp
      - 3478:3478/udp
      - 8181:8081/tcp
    environment:
      - NC_DOMAIN=cloud.domain1.tld
      - TALK_HOST=signal1.somedomain.tld
      - TURN_SECRET=secret
      - SIGNALING_SECRET=secret
      - TZ=Pacific/Auckland
      - TALK_PORT=3478
      - INTERNAL_SECRET=secret
    restart: unless-stopped
    read_only: true
    tmpfs:
      - /var/log/supervisord
      - /var/run/supervisord
      - /opt/eturnal/run
      - /conf
      - /tmp

You can have as many signal services as you want without having to rebuild from source.

The caviats:

hpb:

https://signal(1,2,3,etc).somedomain.tld [validate SSL]
SIGNALING_SECRET

remove all turn servers:

add TURN-ONLY signal(1,2,3,etc).somedomain.tld:PORT(3478,3479,3480,etc) TURN_SECRET tcp-udp

networking:

make sure your reverse proxy allows http WSS to the endpoints ip1:8181 ip2:8281

make sure you allow inbound bypass of 3478:ip1:3478  3479:ip2:3478 for tcp and udp