以人为本

Core developer of Mixin Network. Passionate about security and privacy.

Deploy a Group Audio Conferencing Service

Jul 21, 2020

A self hosted group audio conferencing service will provide good privacy because the data never leaves your servers, and you will get more excellent performance compared to shared services like Zoom, since you could choose the servers near the participants, and make use of all the system resources and bandwidth.

I don’t use containers for this deployment, only plain old web server manner. To begin, you need to spin up a public server, a cheapest droplet from DigitalOcean is feasible, and you should also buy a domain name, let’s say kraken.fm. And because the browsers force all WebRTC connections to be used in secure connection, to get easy and free TLS it’s recommended to get a Cloudflare account.

Connect to the server with SSH then install required dependencies, including Golang, Git, and Nginx. Then we are ready to install and configure the three components of the conferencing service.

Kraken Server

After Golang correctly installed, it’s pretty easy to get and build the Kraken Server.

git clone https://github.com/MixinNetwork/kraken
cd kraken
go build
mv kraken /usr/local/bin/

Get your Ethernet interface name by running ip addr, a sample output would be.

ethernet

Then the interface name should be ens4, and yours may be different depends on your servers. Now put the configuration file at ~/.kraken/engine.toml.

[engine]
interface = "ens4"
max-peer-count = 1024
log-level = 10

[turn]
host = ""
secret = ""

[rpc]
port = 7000

Next is running the engine by making a file /etc/systemd/system/kraken.service with contents.

[Unit]
Description=Kraken Daemon
After=network.target

[Service]
User=octopus
Type=simple
ExecStart=/usr/local/bin/kraken
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Be sure to change User=octopus according to your own username. And finally enable and start the kraken.

sudo systemctl daemon-reload
sudo systemctl enable kraken.service
sudo systemctl start kraken.service

Coturn Turnserver

Install coturn then make a file /etc/systemd/system/coturn.service with contents.

[Unit]
Description=Coturn Daemon
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/turnserver -a -f --no-stun --listening-port 443 --realm kraken --user webrtc:turnpassword -v
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Then enable and start the turnserver.

sudo systemctl daemon-reload
sudo systemctl enable coturn.service
sudo systemctl start coturn.service

Kraken.FM Web

This is the frontend for people to use, and the easiest to setup. Get the code and modify index.js by changing the KRAKEN_API and TURNSERVER variables to your own.

git clone https://github.com/MixinNetwork/kraken.fm

const KRAKEN_API = 'https://rpc.kraken.fm';
const TURNSERVER = 'turn:35.235.85.40:443';

Make a configuration file /etc/nginx/sites-enabled/kraken.fm to serve the site with nginx.

server {
  listen 80;
  server_name kraken.fm;
  root /home/octopus/kraken.fm;
  index index.html;

  charset utf-8;

  location ~* \.(js|css|ico|png|xml|svg|webmanifest)$ {
    try_files $uri =404;
  }

  location / {
    try_files /index.html =404;
  }
}

Be sure to reload nginx by sudo nginx -s reload after configuration file changed.

Cloudflare

The final step is pointing your domain name to the server IP, and enable HTTPS for your site.

References

  1. GitHub: Kraken Server
  2. GitHub: kraken.fm web
  3. GitHub: Coturn Turnserver

About the Author

Core developer of Mixin Network. Passionate about security and privacy. Strive to formulate elegant code, simple design and friendly machine.

25566 @ Mixin Messenger

[email protected]