You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in the group: Users.
== Description == Mumble is a server for holding audio conferences. Since March 2020, the PPBe is hosting a Mumble server together with a web client on https://talk.parley.be or https://mumble.parley.be It is also possible to connect through [https://www.mumble.info/downloads/ another Mumble client] either at <code>mumble.parley.be</code> or <code>talk.parley.be</code> with port <code>64738</code>. To connect you can give the username you wish. No password is needed, although we could decide to setup a password if we see that there are too much spam. == Install == '''Note:''' We are setting two domain names. However, you can as well use a single domain name for both applications, or a domain name for the web client and another for the Mumble server. Indeed, the Mumble server listens on port 64738, while the client listens on ports 80 and 443, so they won't conflict ;) Just reuse the same certificate for both applications and you should be fine. Since December 2020, we are using our Ansible role to install both the web client and the Mumble server: https://github.com/L-P/ansible-role-murmur Therefore, the below install procedure won't be updated anymore. You can see how we configured our instance here: https://dev.parley.be/PPBe/ansible-infra === Server === '''Note''' This install procedure is for the umurmur server, which is a lightweight Mumble server. However, we switched to the official murmur server, as the latest umurmur release is becoming old and outdated. Install dependencies: apt install git build-essential cmake libconfig-dev libprotobuf-c-dev libmbedtls-dev ssl-cert Create the directory for the server sources: mkdir /opt/umurmur cd /opt/umurmur Clone the umurmur git repository: git clone https://github.com/umurmur/umurmur.git . Checkout to the latest version (see the [https://github.com/umurmur/umurmur/releases releases list]): git checkout 0.2.17 Create the build directory: mkdir ./build cd ./build Build the sources: cmake .. -DSSL=mbedtls make Install the umurmur binary on the system: make install You can now edit the configuration file at <code>/usr/local/etc/umurmur.conf</code>. Check the doc for an example. We will define the certificates later on. You can setup a password if you wish. Generate a random password for the admin: pwgen -s 42 1 And copy/paste this password to the umurmur config file. Create the systemd service unit (just copy/paste this block): <nowiki> cat > /etc/systemd/system/umurmur.service << EOF [Unit] Description=Minimalistic Mumble server After=network.target [Service] Type=simple User=nobody Group=ssl-cert Restart=on-failure RestartSec=3 PIDFile=/run/umurmurd.pid ExecStartPre=/usr/local/bin/umurmurd -t -c /usr/local/etc/umurmur.conf ExecStart=/usr/local/bin/umurmurd -d -r -c /usr/local/etc/umurmur.conf ExecReload=/bin/kill -HUP $MAINPID PrivateDevices=yes PrivateTmp=yes ProtectSystem=strict ReadWriteDirectories=/usr/local/etc/ ProtectHome=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes NoNewPrivileges=yes LimitRTPRIO=1 [Install] WantedBy=multi-user.target EOF</nowiki> Reload the systemd service unit config: systemctl daemon-reload === Web client === Install nodejs repository (LTS is v0.12.x): curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - Install nodejs and websockify: apt install nodejs websockify Create the directory for mumble-web: mkdir /var/www/mumble-web cd /var/www/mumble-web Clone the mumble-web git repository: git clone https://github.com/Johni0702/mumble-web.git . Build the sources: npm install npm audit fix Build the assets and config: npm run build Edit the configuration file at <code>./dist/config.local.js</code>. Add the following options in the config file: <nowiki> // Which fields to show on the Connect to Server dialog config.connectDialog.address = false config.connectDialog.port = false config.connectDialog.token = false config.connectDialog.password = false // Default values for user settings config.settings.pttKey = 'shift' // Default values (can be changed by passing a query parameter of the same name) config.defaults.address = 'talk.parley.be/mumble'</nowiki> This will tell the client to only ask for an username. If you setup a password for the server, you can set it to true. The config also indicates to which address the client should connect. The <code>/mumble</code> path will be defined later in the Nginx section, but basically we will create a websocket proxy to the mumble server. Create the systemd service unit (just copy paste this block): <nowiki> cat > /etc/systemd/system/mumble-web.service << EOF [Unit] Description=Mumble web client using websockets After=network.target [Service] Type=simple User=nobody Group=nogroup Restart=on-failure RestartSec=3 PIDFile=/run/mumble-web.pid ExecStart=/usr/bin/websockify --ssl-target 64737 localhost:64738 ExecReload=/bin/kill -HUP $MAINPID PrivateDevices=yes PrivateTmp=yes ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes NoNewPrivileges=yes LimitRTPRIO=1 [Install] WantedBy=multi-user.target EOF</nowiki> Reload the systemd service unit config: systemctl daemon-reload === Nginx === Install nginx: apt install nginx Create the config for your web client (just copy/paste this block): <nowiki> cat > /etc/nginx/sites-available/mumble.conf << EOF server { listen 80; listen [::]:80; server_name talk.parley.be mumble.parley.be; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name talk.parley.be; ssl_certificate /etc/letsencrypt/live/talk.parley.be/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/talk.parley.be/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; location / { root /var/www/mumble-web/dist/; } location /mumble { proxy_pass http://127.0.0.1:64737; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } map $http_upgrade $connection_upgrade { default upgrade; '' close; } EOF</nowiki> Install certbot for managing the certificates ([https://certbot.eff.org check on their website] if you need to install the certbot repository): apt install certbot python-certbot-nginx Add the following hook in <code>/etc/letsencrypt/cli.ini</code>: post-hook = chmod 0640 /etc/letsencrypt/archive/*/privkey*.pem && chmod g+rx /etc/letsencrypt/live /etc/letsencrypt/archive && chown -R root:ssl-cert /etc/letsencrypt/live /etc/letsencrypt/archive This will give the read permissions for the group <code>ssl-certs</code>. It is required for the umurmur server which will be run as member of that group. Generate two certificates, one for the client and one for the server: certbot certonly --nginx -d talk.parley.be certbot certonly --nginx -d mumble.parley.be Enable the nginx configuration: ln -s /etc/nginx/sites-available/mumble.conf /etc/nginx/sites-enabled/ Check that everything is fine: nginx -t Reload the nginx server: systemctl reload nginx Change the certificates for umurmur in the config file <code>/usr/local/etc/umurmur.conf</code>. The paths should be something like: certificate = "/etc/letsencrypt/live/mumble.parley.be/fullchain.pem"; private_key = "/etc/letsencrypt/live/mumble.parley.be/privkey.pem"; You can finally start the client and server: systemctl start umurmur systemctl start mumble-web Don't forget to open the port <code>64738</code> of your firewall if you want to allow people connecting from the desktop Mumble client! When everything looks good, enable the services: systemctl enable umurmur mumble-web Enjoy!
Summary:
This is a minor edit Watch this page
Cancel