How to Install Spreed WebRTC Server on Ubuntu 16.04

Spreed is a free open-source (AGPL) WebRTC audio/video call and conferencing server designed with privacy in mind. WebRTC is a free and open technology allows browsers to talk to each other in a peer-to-peer fashion. Spreed WebRTC server uses end-to-end encryption to protect users’ privacy and security.

Spreed WebRTC allows you to do the following things.

• Secure audio, video and text chat
• Web conferencing
• One to one video chat

This tutorial is going to show you how to install Spreed WebRTC server on Ubuntu 16.04 VPS or dedicated server.

Step 1: Install Spreed WebRTC Server on Ubuntu 16.04 from official PPA

We can easily install Spreed WebRTC server from official PPA on Ubuntu 16.04.

sudo apt-add-repository ppa:strukturag/spreed-webrtc

sudo apt update

sudo apt install spreed-webrtc

Once installed, spreed-webtrc will be automatically started and its built-in web server listens on 127.0.0.1:8080. You can check its status with:

systemctl status spreed-webrtc

Output:

● spreed-webrtc.service - Spreed WebRTC server
   Loaded: loaded (/lib/systemd/system/spreed-webrtc.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2016-12-13 02:28:18 EST; 3min 0s ago
 Main PID: 925 (spreed-webrtc-s)
    Tasks: 5
   Memory: 1.1M
      CPU: 14ms
   CGroup: /system.slice/spreed-webrtc.service
           └─925 /usr/sbin/spreed-webrtc-server -c /etc/spreed/webrtc.conf -l /var/log/spreed/webrtc/server.log

If it isn’t running, then manually start it with:

sudo systemctl start spreed-webrtc

And also enable auto start at boot time:

sudo systemctl enable spreed-webrtc

The main configuration file is /etc/spreed/webrtc.conf.

Step 2: Setting Up Reverse Proxy

Spreed WebRTC by default listens on localhost. To access the web interface from a browser, we need to set up a reverse proxy for it using Nginx or Apache.

Nginx

If you use Nginx, follow these instructions. 

First, install Nginx.

sudo apt install nginx

Then create a server block file for Spreed WebRTC.

sudo nano /etc/nginx/conf.d/spreed-webrtc.conf

Put the following text into the file. Replace spreed.your-domain.com with your preferred domain name and don’t forget to set an A record.

server {
        listen 80;
        server_name spreed.your-domain.com;
        location / {
                proxy_pass http://127.0.0.1:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_buffering             on;
                proxy_ignore_client_abort   off;
                proxy_redirect              off;
                proxy_connect_timeout       90;
                proxy_send_timeout          90;
                proxy_read_timeout          90;
                proxy_buffer_size           4k;
                proxy_buffers               4 32k;
                proxy_busy_buffers_size     64k;
                proxy_temp_file_write_size  64k;
                proxy_next_upstream         error timeout invalid_header http_502 http_503 http_504;
        }

        location ~ /.well-known/acme-challenge {
             root /usr/share/nginx/spreed/;
             allow all;
        }
}

Save and close the file. Then test Nginx configurations and reload.

sudo nginx -t

sudo systemctl reload nginx

Now you should be able to access Spreed WebRTC via a domain name from web browser.

Apache

If you use Apache, following these instructions.

Install Apache web server.

sudo apt install apache2

Then create a virtual host file for Spreed.

sudo nano /etc/apache2/sites-available/spreed-webrtc.conf

Put the following text into the file. Replace spreed.your-domain.com with your preferred domain name and don’t forget to set an A record.

<VirtualHost *:80>
    ServerName spreed.your-domain.com
    <Location />
      ProxyPass http://127.0.0.1:8080/
      ProxyPassReverse http://127.0.0.1:8080/
    </Location>

    <Location /ws>
       ProxyPass ws://127.0.0.1:8080/
    </Location>
    ProxyVia On
    ProxyPreserveHost On
</VirtualHost>

Save and close the file.  Then we need to enable proxy_http module.

sudo a2enmod proxy_http

Next, enable this virtual host.

sudo a2ensite spreed-webrtc.conf

Test configurations and reload Apache

sudo apachectl configtest

sudo systemctl reload apache2

Now you should be able to access Spreed WebRTC via a domain name from web browser.

Step 3: Enabling HTTPS

Now let’s obtain a free TLS certificate from Let’s encrypt. Run the following commands to install Let’s Encrypt client (certbot) from the official certbot PPA.

sudo apt install certbot

If you use Apache web server, then you also need to install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

Then issue the following command to obtain a free TLS/SSL certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d spreed.example.com

If you use Nginx web server, then you need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Then use the Nginx plugin to obtain and install the certificate by running the following command.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d spreed.example.com

You will see the following text indicating that you have successfully obtained a TLS certificate.

Step 4: Install a TURN/STUN Server

WebRTC won’t work if users are behind different NAT devices. It will be blocked. To traverse NAT, we need to set up a TURN/STUN server as a relay between Web browsers. TURN stands for Traversal Using Relays around NAT. Coturn is a free and open-source TURN and STUN server for VoIP and WebRTC.

Coturn is available from the Ubuntu repository, so install it with the following command:

sudo apt install coturn

Once it’s installed, it will be automatically started. You can check its status with:

systemctl status coturn

Sample Output:

If it isn’t running, then manually start it with:

sudo systemctl start coturn

And also enable auto-start at boot time:

sudo systemctl enable coturn

Step 5: Configure Coturn for Spreed WebRTC

Edit the main configuration file.

sudo nano /etc/turnserver.conf

By default, all lines in this file are commented out. Below is an example configuration that you can copy and paste into your file.

• Replace your-domain.com with the domain name for your NextCloud or Spreed WebRTC.
• Replace 12.34.56.78 with the server public IP address.
• Set a long and secure authenticate secret. (You can use the openssl rand -base64 20 command to generate a random string.)

# Run as TURN server only, all STUN requests will be ignored.
no-stun

# Specify listening port. Change to 80 or 443 to go around some strict NATs.
listening-port=8443
tls-listening-port=5349

# Specify listening IP, if not set then Coturn listens on all system IPs. 
listening-ip=12.34.56.78
relay-ip=12.34.56.78

# These lines enable support for WebRTC
fingerprint
lt-cred-mech
realm=your-domain.com

# Authentication method
use-auth-secret
static-auth-secret=your-auth-secret

total-quota=100

# Total bytes-per-second bandwidth the TURN server is allowed to allocate
# for the sessions, combined (input and output network streams are treated separately).
bps-capacity=0

# This line provides extra security.
stale-nonce

log-file=/var/log/turnserver/turn.log
no-loopback-peers
no-multicast-peers

Save and close the file. Then restart coturn server with:

sudo systemctl restart coturn

Coturn runs as the turnserver user. Run the following command and you should see it’s listening on port 8443.

sudo ss -lnpt | grep turnserver

Now let’s edit Spreed WebRTC configuration file.

sudo nano /etc/spreed/server.conf

Add the following two lines in the [app] section. Replace red-text accordingly.

turnURIs = turn:coturn-server-ip:8443?transport=udp

turnSecret = your-auth-secrect

Save and close the file. Then restart Spreed WebRTC server.

sudo systemctl restart spreed-webrtc

You should open TCP and UDP port 8843 in the firewall for Coturn to work. If you use the UFW firewall, run the following commands.

sudo ufw allow 8443/tcp
sudo ufw allow 8443/udp

Once Coturn is running and Spreed WebRTC is restarted, users who are behind NAT should be able to use audio/video calls normally.

Next Step

I hope this tutorial helped you install Spreed WebRTC server on Ubuntu using the Docker image. You may also want to integrate Spreed.Me with NextCloud.

• How to integrate Spreed Me WebRTC with NextCloud

I hope this tutorial helped you install Spreed WebRTC server on Ubuntu 16.04. As always, if you found this post useful, then subscribe to our free newsletter.