How to Install Spreed WebRTC Server on Ubuntu with Docker

Spreed is a free open-source (AGPL) WebRTC audio/video call and conferencing server designed with privacy in mind. WebRTC is a free and open technology allows browsers to talk to each other in a peer-to-peer fashion. Spreed WebRTC server uses end-to-end encryption to protect users’ privacy and security.

Spreed WebRTC allows you to do the following things.

  • Secure audio, video and text chat
  • Web conferencing
  • One to one video chat

In a previous tutorial, we discussed how to install Spreed WebRTC server on Ubuntu 16.04 using the official PPA. This tutorial is going to show you how to install Spreed WebRTC server on Ubuntu using Docker image.

Why use Docker? The Spreed PPA only works on Ubuntu 16.04, so if you use Ubuntu 20.04, 18.04, or any other distro, you can’t use the PPA. The advantage of Docker is that it doesn’t matter whether you are using Debian, Ubuntu, CentOS, Redhat, SUSE, or whatever, as long as your distribution can run Docker engine, you can install Spreed WebRTC on it.

Step 1: Install Docker on Ubuntu

If you want the latest Docker version, you can install Docker from Docker’s APT repository. For simplicity, this tutorial installs Docker from the default Ubuntu software repository.

sudo apt update
sudo apt install docker.io

Once installed, the Docker daemon should be automatically started. You can check its status with:

systemctl status docker

systemctl status docker

Hint: If the above command doesn’t quit immediately, you can press the Q key to make it quit.

If it’s not running, then start the daemon with this command:

sudo systemctl start docker

And enable autostart at boot time:

sudo systemctl enable docker

Step 2: Install Spreed WebRTC Server on Ubuntu Using Docker Image

Once you have Docker installed, run the following command to create a directory for Spreed WebRTC and download a server.conf file to that directory.  This file allows you to provide customized parameters to Spreed WebRTC server when running the Docker image.

sudo mkdir /etc/spreed/

cd /etc/spreed/

sudo wget https://raw.githubusercontent.com/strukturag/spreed-webrtc/master/server.conf.in -O server.conf

Then edit the file with a command-line text editor like Nano.

sudo nano /etc/spreed/server.conf

Find the following line.

listen = 127.0.0.1:8080

Spreed needs to listen to 0.0.0.0:8080 in the Docker container, so it can receive requests from the host.

listen = 0.0.0.0:8080

Save and close the file.

Before running the Spreed WebRTC Docker container, we need to create enough entropy for server secrets generation. we can use rng-tools to create entropy.

sudo apt install rng-tools

Once installed, run

sudo rngd -r /dev/urandom

Then issue the following command to run the spreed/webrtc docker image with your server.conf file.

sudo docker run -d --name my-spreed-webrtc -p 127.0.0.1:8080:8080 -v /etc/spreed:/etc/spreed -i -t spreed/webrtc -c /etc/spreed/server.conf

Where:

  • -d: Detached mode makes the container run in the background.
  • --name: Give your Docker container a custom name.
  • -p: Publish a container’s port to the host. The first port if the host port, the second is the container’s port. Spreed also listens on port 8443 in the Docker container for HTTPS request, but we will use Apache/Nginx to terminate TLS connection, so we don’t need to pubish the 8443 port to the host.
  • -v: Create a bind mount. Docker bind mounts /etc/spreed/ in the host to /etc/spreed/ in the Docker container.
  • -t: Allocate a pseudo-TTY.
  • -c: Override the default /etc/spreed/server.conf file in the Docker container.

Now Spreed WebRTC server is listening on 127.0.0.1:8080, as can be seen with:

sudo ss -lnpt | grep docker

spreed me webtrc docker ubuntu

Step 3: Set up Reverse Proxy

To access the Spreed web interface via a domain name, we need to set up a reverse proxy for it using Apache or Nginx. It will also allow you to enable HTTPS, so the connection can be encrypted.

Apache

Install Apache web server on Ubuntu.

sudo apt install apache2

Then create a virtual host file for Spreed.

sudo nano /etc/apache2/sites-available/spreed-webrtc.conf

Put the following text into the file. Replace spreed.example.com with your preferred hostname and don’t forget to set a DNS A record for this hostname.

<VirtualHost *:80>
    ServerName spreed.example.com
    <Location />
      ProxyPass http://127.0.0.1:8080/
      ProxyPassReverse http://127.0.0.1:8080/
    </Location>

    <Location /ws>
       ProxyPass ws://127.0.0.1:8080/
    </Location>
    ProxyVia On
    ProxyPreserveHost On
</VirtualHost>

Save and close the file.  Then we need to enable proxy_http module.

sudo a2enmod proxy_http

Next, enable this virtual host.

sudo a2ensite spreed-webrtc.conf

Test configurations and reload Apache

sudo apachectl configtest

sudo systemctl reload apache2

Now you should be able to access Spreed WebRTC via http://spreed.example.com in web browser.

spreed webrtc server

Nginx

First, install Nginx on Ubuntu.

sudo apt install nginx

Then create a server block file for Spreed WebRTC.

sudo nano /etc/nginx/conf.d/spreed-webrtc.conf

Put the following text into the file. Replace spreed.example.com with your preferred hostname and don’t forget to set DNS A record for this hostname.

server {
        listen 80;
        listen [::]:80;
        server_name spreed.example.com;
        error_log /var/log/nginx/spreed.error;
        location / {
                proxy_pass http://127.0.0.1:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_buffering             on;
                proxy_ignore_client_abort   off;
                proxy_redirect              off;
                proxy_connect_timeout       90;
                proxy_send_timeout          90;
                proxy_read_timeout          90;
                proxy_buffer_size           4k;
                proxy_buffers               4 32k;
                proxy_busy_buffers_size     64k;
                proxy_temp_file_write_size  64k;
                proxy_next_upstream         error timeout invalid_header http_502 http_503 http_504;
        }

        location ~ /.well-known/acme-challenge {
             root /usr/share/nginx/spreed/;
             allow all;
        }
}

Save and close the file. Then test Nginx configurations and reload.

sudo nginx -t

sudo systemctl reload nginx

Now you should be able to access Spreed WebRTC via http://spreed.example.com in web browser.

spreed webrtc server

Step 4: Obtain and Install TLS Certificate

Now let’s obtain a free TLS certificate from Let’s encrypt. Run the following commands to install Let’s Encrypt client (certbot) from the official certbot PPA.

sudo apt install certbot

If you use Apache web server, then you also need to install the Certbot Apache plugin.

sudo apt install python3-certbot-apache

Then issue the following command to obtain a free TLS/SSL certificate.

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d spreed.example.com

If you use Nginx web server, then you need to install the Certbot Nginx plugin.

sudo apt install python3-certbot-nginx

Then use the Nginx plugin to obtain and install the certificate by running the following command.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d spreed.example.com

You will see the following text indicating that you have successfully obtained a TLS certificate.

spreed webtrc certbot https

Step 5: Install a TURN/STUN Server

WebRTC won’t work if users are behind different NAT devices. It will be blocked. To traverse NAT, we need to set up a TURN/STUN server as a relay between Web browsers. TURN stands for Traversal Using Relays around NAT. Coturn is a free and open-source TURN and STUN server for VoIP and WebRTC.

Coturn is available from the Ubuntu repository, so install it with the following command:

sudo apt install coturn

Once it’s installed, it will be automatically started. You can check its status with:

systemctl status coturn

Sample Output:

systemctl status coturn

If it isn’t running, then manually start it with:

sudo systemctl start coturn

And also enable auto-start at boot time:

sudo systemctl enable coturn

Step 6: Configure Coturn for Spreed WebRTC

Edit the main configuration file.

sudo nano /etc/turnserver.conf

By default, all lines in this file are commented out. Below is an example configuration that you can copy and paste into your file.

  • Replace your-domain.com with the domain name for your NextCloud or Spreed WebRTC.
  • Replace 12.34.56.78 with the server public IP address.
  • Set a long and secure authenticate secret. (You can use the openssl rand -base64 20 command to generate a random string.)
# Run as TURN server only, all STUN requests will be ignored.
no-stun

# Specify listening port. Change to 80 or 443 to go around some strict NATs.
listening-port=8443
tls-listening-port=5349

# Specify listening IP, if not set then Coturn listens on all system IPs. 
listening-ip=12.34.56.78
relay-ip=12.34.56.78

# These lines enable support for WebRTC
fingerprint
lt-cred-mech
realm=your-domain.com

# Authentication method
use-auth-secret
static-auth-secret=your-auth-secret

total-quota=100

# Total bytes-per-second bandwidth the TURN server is allowed to allocate
# for the sessions, combined (input and output network streams are treated separately).
bps-capacity=0

# This line provides extra security.
stale-nonce

log-file=/var/log/turnserver/turn.log
no-loopback-peers
no-multicast-peers

Save and close the file. Then restart coturn server with:

sudo systemctl restart coturn

Coturn runs as the turnserver user. Run the following command and you should see it’s listening on port 8443.

sudo ss -lnpt | grep turnserver

sudo ss -lnpt | grep turnserver

Now let’s edit Spreed WebRTC configuration file.

sudo nano /etc/spreed/server.conf

Add the following two lines in the [app] section. Replace red-text accordingly.

turnURIs = turn:coturn-server-ip:8443?transport=udp

turnSecret = your-auth-secrect

Save and close the file. Then restart Spreed WebRTC docker container with

sudo docker restart my-spreed-webrtc

You should open TCP and UDP port 8843 in the firewall for Coturn to work. If you use the UFW firewall, run the following commands.

sudo ufw allow 8443/tcp
sudo ufw allow 8443/udp

Once Coturn is running and Spreed WebRTC is restarted, users who are behind NAT should be able to use audio/video calls normally.

Next Step

I hope this tutorial helped you install Spreed WebRTC server on Ubuntu using the Docker image. You may also want to integrate Spreed.Me with NextCloud.

As always, if you found this post useful, then subscribe to our free newsletter.

Rate this tutorial
[Total: 2 Average: 5]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image.