TURN server (coturn) configuration template for Nextcloud VM with Let's Encrypt

turnserver.conf

# this will make your Talk WebRTC videocalls work well across NAT firewalls
# tested on Nextcloud VM 13.0.3 with Let's Encrypt certificate already in place
# install coturn (apt-get install coturn)
# set TURNSERVER_ENABLED=1 in /etc/default/coturn
# edit this file /etc/turnserver.conf using this template (change "your.nextcloud.fqdn" string to your actual domain)
# then start coturn (systemctl start coturn)
# define in https://your.nextcloud.fqdn/settings/admin/talk:
# Server STUN = your.nextcloud.fqdn:587  (port used in this example = 587, you can set it to another, but this is generally open outbound on most networks)
# Server TURN = your.nextcloud.fqdn:587
# TURN Shared Secret = your_ultra_freaking_strong_secret
# TURN Listen to = TCP and UDP
# of course you need to open the listening port on your firewall, enjoy

tls-listening-port=587
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=your_ultra_freaking_strong_secret
realm=your.nextcloud.fqdn
total-quota=100
bps-capacity=0
stale-nonce
cert=/etc/letsencrypt/live/your.nextcloud.fqdn/fullchain.pem
pkey=/etc/letsencrypt/live/your.nextcloud.fqdn/privkey.pem
dh-file=/etc/letsencrypt/live/your.nextcloud.fqdn/dhparam.pem
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1
no-stdout-log
simple-log
log-file=/var/log/turnserver.log