From 4f5602c7915fb46726b787bfad04d0d1ea31458b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 27 Sep 2025 13:51:17 +0200 Subject: [PATCH] Nextcloud Talk: fix TURN/STUN config - Removed duplicate Admin Manual link in README - Fixed turnserver.config.php draft return syntax - Unified onboard port handling in docker-compose and env - Updated vars to define STUN/TURN configs with correct schemas - Ensured spreed plugin config serializes clean JSON arrays Ref: https://chatgpt.com/share/68d7cfa2-7378-800f-9ecf-09b6bb768f13 --- roles/web-app-nextcloud/README.md | 1 - .../config/turnserver.config.php.j2.draft | 8 ++-- .../templates/docker-compose.yml.j2 | 4 +- roles/web-app-nextcloud/templates/env.j2 | 2 +- roles/web-app-nextcloud/vars/main.yml | 38 ++++++++++++++----- .../web-app-nextcloud/vars/plugins/spreed.yml | 31 +++++++++------ 6 files changed, 57 insertions(+), 27 deletions(-) diff --git a/roles/web-app-nextcloud/README.md b/roles/web-app-nextcloud/README.md index a465ca49..d968d227 100644 --- a/roles/web-app-nextcloud/README.md +++ b/roles/web-app-nextcloud/README.md @@ -26,7 +26,6 @@ A detailled documentation for the use and administration of Nextcloud on Infinit - [Nextcloud Official Website](https://nextcloud.com/) - [Nextcloud Docker Documentation](https://github.com/nextcloud/docker) - [Nextcloud Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/) -- [Nextcloud Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/) - [LDAP Integration Guide](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html) - [OIDC Login Plugin (pulsejet)](https://github.com/pulsejet/nextcloud-oidc-login) - [Sociallogin Plugin (Official)](https://apps.nextcloud.com/apps/sociallogin) \ No newline at end of file diff --git a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft b/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft index c937f1bc..4b555db2 100644 --- a/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft +++ b/roles/web-app-nextcloud/templates/config/turnserver.config.php.j2.draft @@ -2,11 +2,13 @@ # Activates the turn server # @see https://nextcloud-talk.readthedocs.io/en/latest/TURN/ -return 'turn_servers' => [ +return [ + 'turn_servers' => [ [ 'host' => 'coturn', - 'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}, + 'port' => {{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}, 'secret' => 'my-secret-key', 'protocols' => 'udp,tcp' - ] + ], + ], ]; \ No newline at end of file diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 index d4b98aee..51e65583 100644 --- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2 @@ -48,8 +48,8 @@ network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }} {% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %} ports: - - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/tcp - - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_STUN_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }}/udp + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/tcp + - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/udp - {{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE }}/udp expose: - "{{ container_port }}" diff --git a/roles/web-app-nextcloud/templates/env.j2 b/roles/web-app-nextcloud/templates/env.j2 index 7b40574a..18586113 100644 --- a/roles/web-app-nextcloud/templates/env.j2 +++ b/roles/web-app-nextcloud/templates/env.j2 @@ -47,7 +47,7 @@ TURN_SECRET={{ NEXTCLOUD_TALK_TURN_ONBOARD_SECRET }} SIGNALING_SECRET={{ NEXTCLOUD_TALK_SIGNALING_SECRET }} INTERNAL_SECRET={{ NEXTCLOUD_TALK_INTERNAL_SECRET }} TZ={{ HOST_TIMEZONE }} -TALK_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT }} +TALK_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }} TURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }} TURN_MAX_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }} COTURN_MIN_PORT={{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }} diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml index 88f0d419..b5499c46 100644 --- a/roles/web-app-nextcloud/vars/main.yml +++ b/roles/web-app-nextcloud/vars/main.yml @@ -66,7 +66,7 @@ NEXTCLOUD_TALK_VERSION: "{{ applications | get_app_conf(applicatio NEXTCLOUD_TALK_PLUGIN_ENABLED: "{{ applications | get_app_conf(application_id, 'plugins.spreed.enabled') }}" NEXTCLOUD_TALK_NETWORK_MODE: "{{ applications | get_app_conf(application_id, 'docker.services.talk.network_mode') }}" NEXTCLOUD_TALK_INTERNAL_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_internal_secret') }}" -NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else (domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE)) }}" +NEXTCLOUD_TALK_DOMAIN: "{{ NEXTCLOUD_DOMAIN }}" #### Signaling NEXTCLOUD_TALK_SIGNALING_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_signaling_secret') }}" @@ -74,20 +74,40 @@ NEXTCLOUD_TALK_SIGNALING_LOCATION: "/standalone-signaling/" NEXTCLOUD_TALK_SIGNALING_PORT: "8081" NEXTCLOUD_TALK_SIGNALING_URL: "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}" -#### Turn (Onboard) -NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" -NEXTCLOUD_TALK_TURN_ONBOARD_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}" -NEXTCLOUD_TALK_TURN_ONBOARD_STUN_PORT: "{{ ports.public.stun_turn[application_id] }}" +#### Talk Turn (Onboard) +NEXTCLOUD_TALK_TURN_ONBOARD_PORT: "{{ ports.public.stun_turn[application_id] }}" +NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.onboard_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" +NEXTCLOUD_TALK_TURN_ONBOARD_SECRET: "{{ applications | get_app_conf(application_id, 'credentials.talk_turn_secret') }}" NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START: "{{ ports.public.relay_port_ranges[application_id ~ '_start'] }}" NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END: "{{ ports.public.relay_port_ranges[application_id ~ '_end' ] }}" NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_RANGE: "{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_START }}-{{ NEXTCLOUD_TALK_TURN_ONBOARD_RELAY_PORT_END }}" - -#### Stun -NEXTCLOUD_TALK_STUN_PORT: "{{ ports.public.stun_turn[application_id] if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}" +NEXTCLOUD_TALK_STUN_ONBOARD_CONFIG: "stun:{{ NEXTCLOUD_TALK_DOMAIN }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}" +NEXTCLOUD_TALK_TURN_ONBOARD_CONFIG: >- + {{ + { + 'server': 'turn:' ~ NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_TURN_ONBOARD_PORT ~ '?transport=udp', + 'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET, + 'ttl': 86400, + 'protocols': 'udp,tcp' + } + }} #### Coturn (Standalone) NEXTCLOUD_TALK_TURN_STANDALONE_ROLE: 'web-svc-coturn' -NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" +NEXTCLOUD_TALK_TURN_STANDALONE_PORT: "{{ ports.public.stun_turn[NEXTCLOUD_TALK_TURN_STANDALONE_ROLE] }}" +NEXTCLOUD_TALK_TURN_STANDALONE_SECRET: "{{ applications | get_app_conf(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE, 'credentials.auth_secret') }}" +NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.talk.turn_server.standalone_enabled') if NEXTCLOUD_TALK_PLUGIN_ENABLED else false }}" +NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN: "{{ domains | get_domain(NEXTCLOUD_TALK_TURN_STANDALONE_ROLE) }}" +NEXTCLOUD_TALK_STUN_STANDALONE_CONFIG: "stun:{{ NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN }}:{{ NEXTCLOUD_TALK_TURN_STANDALONE_PORT }}" +NEXTCLOUD_TALK_TURN_STANDALONE_CONFIG: >- + {{ + { + 'server': 'turn:' ~ NEXTCLOUD_TALK_TURN_STANDALONE_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_TURN_STANDALONE_PORT ~ '?transport=udp', + 'secret': NEXTCLOUD_TALK_TURN_STANDALONE_SECRET, + 'ttl': 86400, + 'protocols': 'udp,tcp' + } + }} ### Whiteboard NEXTCLOUD_WHITEBOARD_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.whiteboard.name') }}" diff --git a/roles/web-app-nextcloud/vars/plugins/spreed.yml b/roles/web-app-nextcloud/vars/plugins/spreed.yml index 97d3a3d5..491aa92f 100644 --- a/roles/web-app-nextcloud/vars/plugins/spreed.yml +++ b/roles/web-app-nextcloud/vars/plugins/spreed.yml @@ -10,21 +10,30 @@ plugin_configuration: # stun_servers: JSON array of strings - appid: "spreed" configkey: "stun_servers" - configvalue: "{{ [ - NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT - ] | to_json }}" + configvalue: >- + {{ + [ + NEXTCLOUD_TALK_STUN_ONBOARD_CONFIG if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else none, + NEXTCLOUD_TALK_STUN_STANDALONE_CONFIG if NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED else none + ] + | select + | list + | to_json + }} # turn_servers: JSON array of objects - appid: "spreed" configkey: "turn_servers" - configvalue: "{{ [ - { - 'server': NEXTCLOUD_TALK_DOMAIN ~ ':' ~ NEXTCLOUD_TALK_STUN_PORT ~ '?transport=udp', - 'secret': NEXTCLOUD_TALK_TURN_ONBOARD_SECRET, - 'ttl': 86400, - 'protocols': 'udp,tcp' - } - ] | to_json }}" + configvalue: >- + {{ + [ + NEXTCLOUD_TALK_TURN_ONBOARD_CONFIG if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED else none, + NEXTCLOUD_TALK_TURN_STANDALONE_CONFIG if NEXTCLOUD_TALK_TURN_STANDALONE_ENABLED else none + ] + | select + | list + | to_json + }} # internal secret (plain string) - appid: "spreed"