Fox Mulder Posted May 27 #1 Posted May 27 Hello everyone! It seems this section is rarely updated, but it really should. There are SO MANY great dockers and servers you can run on your xpenology/synology machine! For starters, here is a tutorial for installing and running a zoom-like video conference docker, including signaling functionality (required for this webrtc based application). First, the requirements: Synology/Xpenology Machine. I tested it on a baremetal xpenology machine, running DSM 7.2.2, with a GPU (not that I think it is required for this video server to run) External static IP (because you will need to set it in the configuration files to direct the video correctly) Domain name (can be a dynamic DNS address which you can get for free from sites such as dynu.com) SSH access to your machine, and some pre-knowledge in linux commands and dockers Okay, so Mirotalk is a webrtc based video conferencing repo that has been developed from the ground up to be a peer to peer decentralized solution for video conferencing. It comes in several "flavors" and the P2P is not the most powerful one (the SFU is, if I am not mistaken, but is also much more complex, from what I have seen) It allows for great flexibility, and video quality up to and including 8k/60fps on supporting hardware (as in cameras). It also includes zoom-like features such as whiteboard, speech recognition live transcription, video and audio sharing as well as file sharing and normal chat features. Here is the github repo for Mirotalk P2P: https://github.com/miroslavpejic85/mirotalk and Here is the github repo for Coturn (Turn/Stun signaling server. Needed for Mirotalk to work): https://github.com/coturn/coturn First, if you do not have portainer installed, I highly recommend you install it with this guide. I work mainly with portainer as it makes it much easier to control and maintain my dockers from one central location: https://mariushosting.com/synology-30-second-portainer-install-using-task-scheduler-docker/ After you set up your portainer, if you haven't before, you will need to start off by installing and configuring coturn signaling server. to do this, you will need to have two things first: a place to keep turnserver.conf file that you can access, and letsencrypt certificate for your domain name. For the turnserver.conf file (which I will provide a copy for, that you can edit as per your configuration), you can put it in /etc/coturn (create the coturn folder if you don't have it, and make sure you have access to it using chown command), as that is the default, but it can really be anywhere as long as you point to it correctly. if it is in the "\etc\coturn" folder however, you will need to edit it with commands such as nano. if it is in a shared folder, you'll be able to edit it with the text editor inside the DSM. Whichever you picked, open and edit the turnserver.conf file, paste this into it, and save it: listening-port=3478 tls-listening-port=5349 alt-listening-port=3479 alt-tls-listening-port=5350 listening-ip=x.x.x.x # local LAN IP address (internal) relay-ip=x.x.x.x # local LAN IP address (internal) external-ip=x.x.x.x # public IP address (external) which you get from whatismyip.com min-port=49152 max-port=65535 verbose fingerprint lt-cred-mech user=user:password # you can make it up, but make sure you have it written down to use when accessing the turn server from elsewhere. e.g. mirotalk server-name=mywebsite.com # replace with your own website name that you use realm=x.x.x.x # public IP address (external) which you get from whatismyip.com total-quota=100 stale-nonce=600 cert=/etc/letsencrypt/live/mywebsite.com/ECC-cert.pem # replace with your own website name that you use pkey=/etc/letsencrypt/live/mywebsite.com/ECC-privkey.pem # replace with your own website name that you use cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AE> no-stdout-log you can remove the "#" and whatever comes after them in the same line, once you pasted and edited according to your own IP and domain configuration. Next, you will go into portainer, stacks, + add stack, give the name "coturn" (no quotation marks), and paste this into the editor: version: "3.9" services: coturn: image: coturn/coturn:latest # pin to the current stable tag container_name: coturn network_mode: host user: root restart: unless-stopped ports: # STUN/TURN - 3478:3478 - 3478:3478/udp # TLS-TURN - 5349:5349 - 5349:5349/udp # RTP/RTCP relays (adjust range if you need fewer ports) # - "49152-65535:49152-65535/udp" environment: # Auto-detect public IP so you don’t have to hard-code it DETECT_EXTERNAL_IP: yes # Secure long-term credentials (generate once; keep secret) STATIC_AUTH_SECRET: ${TURN_STATIC_AUTH_SECRET} volumes: # Bind your custom conf + persistent database & logs - /etc/coturn/turnserver.conf:/etc/coturn/turnserver.conf:ro - /etc/letsencrypt/live/mywebsite.com/ECC-cert.pem:/etc/letsencrypt/live/mywebsite.com/ECC-cert.pem - /etc/letsencrypt/live/mywebsite.com/ECC-privkey.pem:/etc/letsencrypt/live/mywebsite.com/ECC-privkey.pem Don't forget to make sure you have the certificate cert and private key PEM files at the designated location. You can create a certificate by opening the 80 and 443 ports temporarily in both the DSM firewall, and your router, and going to control panel/ security/ certificate where you can click add / add a new certificate, then select get a certificatefrom Let's Encrypt and follow the rest. After you've created it, you can export it to a archive.zip file, and extract from that the two ECC files mentioned above, and place them in your system accordingly. Remember that you need an actual domain in order to do that. Also remember that these will need to be renewed and therefore replaced each time, unless you actually pay for proper ones. If you have completed all this, and made sure the turnserver.conf is set up and accessible, you can click on deploy this stack, and let the magic begin. In order to test the configuration, wait a few minutes until the stack is running as well as the container, and enter this address (do not forget to edit it with your own domain and decided user/password from the turnserver.conf file): https://p2p.mirotalk.com/icetest?iceServers=[{"urls":"stun:mywebsite.com:5349"},{"urls":"turn:mywebsite:3478","username":"user","credential":"password"}] If you remembered to open the relevant ports (3478,5349) in both DSM and router under TCP and UDP, you should get something like this: That screenshot above showing the page you should be getting in your browser is the desired result. ignore the last part regarding lookup. it will not affect the video server functionality. Once you have the signaling Turn/Stun server up and running, next is the Mirotalk server installation itself: For this you can already open the necessary port 3000 (TCP) in both the DSM firewall and your router port forwarder (or direct it to another port you choose if you want to use reverse proxy). Now connect via ssh to your synology NAS, go to your docker folder(you can create a docker folder if you don't have one), and clone the mirotalk repo into it, with this command: git clone https://github.com/miroslavpejic85/mirotalk.git Now you can enter the mirotalk folder created, rename ".env.template" to ".env" and then go into /app/src and rename "config.template.js" to "config.js" Next, you will need to go back to the mirotalk root folder (e.g. /volume1/docker/mirotalk), and edit .env file as following: # App environment NODE_ENV=production #development or production # Signaling Server HOST='localhost' # Default to http://localhost:port PORT=3000 # Trust Proxy TRUST_PROXY=true #true or false # Time Zone corresponding to timezone identifiers from the IANA Time Zone Database es Europe/Rome default UTC TZ=UTC # Logs LOGS_DEBUG=true # true or false LOGS_COLORS=true # true or false # Cors # Origin: Allow specified origin es '["https://example.com", "https://subdomain.example.com", "http://localhost:3000"]' or # all origins '*' if not specified as per default. # Methods: Allow only GET and POST methods CORS_ORIGIN='*' CORS_METHODS='["GET", "POST"]' # IP whitelist # Access to the instance is restricted to only the specified IP addresses in the allowed list. This feature is disabled by default. IP_WHITELIST_ENABLED=false # true or false IP_WHITELIST_ALLOWED='["127.0.0.1", "::1"]' # OIDC - OpenID Connect # 1. Sign up for an account at https://auth0.com. # 2. Navigate to https://manage.auth0.com/ to create a new application tailored to your specific requirements. # For those seeking an open-source solution, check out: https://github.com/panva/node-oidc-provider OIDC_ENABLED=false # true or false OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=false # Allow all authenticated users via OIDC to create their own rooms OIDC_BASE_URL_DYNAMIC=false # true or false OIDC_ISSUER_BASE_URL='https://server.example.com' OIDC_BASE_URL='http://localhost:3000' # https://p2p.mirotalk.com OIDC_CLIENT_ID='ClientID' OIDC_CLIENT_SECRET='ClientSecret' OIDC_AUTH_REQUIRED=false # set to true if authentication is required for all routes OIDC_AUTH_LOGOUT=true # controls automatic logout from both your app and Auth0 when set to true SESSION_SECRET='mirotalk-p2p-oidc-secret' # Host protection # HOST_PROTECTED: # - When set to true, it requires a valid username and password from the HOST_USERS list to initialize or join a room. # - When OIDC_ENABLED is utilized alongside host protection, the authenticated user will be recognized as valid.# HOST_USER_AUTH: When set to true, it also requires a valid username and password for joining the room. # HOST_USERS: This is the list of valid users along with their credentials. HOST_PROTECTED=false # true or false HOST_USER_AUTH=true # true or false HOST_USERS='[{"username": "user", "password": "password"}]' # JWT token config JWT_KEY=mirotalkp2p_jwt_secret JWT_EXP=1h # Presenters list # In our virtual room, the first participant to join will assume the role of the presenter. # Additionally, we have the option to include more presenters and co-presenters, each identified by their username. PRESENTERS='["Miroslav Pejic", "miroslav.pejic.85@gmail.com"]' # Ngrok # 1. Goto https://ngrok.com # 2. Get started for free # 3. Copy YourNgrokAuthToken: https://dashboard.ngrok.com/get-started/your-authtoken NGROK_ENABLED=false # true or false NGROK_AUTH_TOKEN=YourNgrokAuthToken # Stun # About: https://bloggeek.me/webrtcglossary/stun/ # Check: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ STUN_SERVER_ENABLED=true # true or false STUN_SERVER_URL=stun:mywebsite.com:5349 # Turn # About: https://bloggeek.me/webrtcglossary/turn/ # Recommended: https://github.com/coturn/coturn # Installation: https://github.com/miroslavpejic85/mirotalk/blob/master/docs/coturn.md # Free one: https://www.metered.ca/tools/openrelay/ (Please, create your own account) # Check: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ TURN_SERVER_ENABLED=true # true or false TURN_SERVER_URL=turn:mywebsite.com:3478 TURN_SERVER_USERNAME=user TURN_SERVER_CREDENTIAL=password # IP lookup # Using GeoJS to get more info about peer by IP # Doc: https://www.geojs.io/docs/v1/endpoints/geo/ IP_LOOKUP_ENABLED=false # true or false # API # The response will give you a entrypoint / Room URL for your meeting. # curl -X POST "http://localhost:3000/api/v1/meeting" -H "authorization: mirotalkp2p_default_secret" -H "Content-Type: application/json" API_KEY_SECRET=mirotalkp2p_default_secret API_DISABLED='["token", "meetings"]' # Survey URL # Using to redirect the client after close the call (feedbacks, website...) SURVEY_ENABLED=true # true or false SURVEY_URL=https://www.questionpro.com/t/AUs7VZq00L # Redirect URL on leave room # Upon leaving the room, users who either opt out of providing feedback or if the survey is disabled # will be redirected to a specified URL. If enabled false the default '/newrcall' URL will be used. REDIRECT_ENABLED=false # true or false REDIRECT_URL='https://p2p.mirotalk.com' # Sentry (optional) # 1. Goto https://sentry.io/ # 2. Create account # 3. Goto Settings/Projects/YourProjectName/Client Keys (DSN) SENTRY_ENABLED=false # true or false SENTRY_DSN=YourClientKeyDSN SENTRY_TRACES_SAMPLE_RATE=1.0 # Slack Integration (optional) # 1. Goto https://api.slack.com/apps/ # 2. Create your app # 3. On Settings - Basic Information - App Credentials chose your Signing Secret # 4. Create a Slash Commands and put as Request URL: https://your.domain.name/slack SLACK_ENABLED=false # true or false SLACK_SIGNING_SECRET=YourSlackSigningSecret # Mattermost Integration (optional) # 1. Navigate to Main Menu > Integrations > Slash Commands in Mattermost. # 2. Click on Add Slash Command and configure the following settings: # - Title: Enter a descriptive title (e.g., `P2P Command`). # - Command Trigger Word: Set the trigger word to `p2p`. # - Callback URLs: Enter the URL for your Express server (e.g., `https://yourserver.com/mattermost`). # - Request Method: Select POST. # - Enable Autocomplete: Check the box for Autocomplete. # - Autocomplete Description: Provide a brief description (e.g., `Get MiroTalk P2P meeting room`). # 3. Save the slash command and copy the generated token here as MATTERMOST_TOKEN. MATTERMOST_ENABLED=false # true or false MATTERMOST_SERVER_URL=YourMattermostServerUrl MATTERMOST_USERNAME=YourMattermostUsername MATTERMOST_PASSWORD=YourMattermostPassword MATTERMOST_TOKEN=YourMettarmostToken MATTERMOST_ROOM_TOKEN_EXPIRE=15m # ChatGPT/OpenAI # 1. Goto https://platform.openai.com/ # 2. Create your account # 3. Generate your APIKey https://platform.openai.com/account/api-keys CHATGPT_ENABLED=false # true or false CHATGPT_BASE_PATH=https://api.openai.com/v1/ CHATGPT_APIKEY=YourOpenAiApiKey CHATGPT_MODEL=gpt-3.5-turbo CHATGPT_MAX_TOKENS=1000 CHATGPT_TEMPERATURE=0 # Configure email settings for notifications or alerts # Refer to the documentation for Gmail configuration: https://support.google.com/mail/answer/185833?hl=en EMAIL_ALERT=false # true or false EMAIL_HOST=mail.mywebsite.com EMAIL_PORT=587 EMAIL_USERNAME=user@mywebsite.com EMAIL_PASSWORD=password EMAIL_SEND_TO=user@mywebsite.com # Stats # Umami: https://github.com/umami-software/umami # We use our Self-hosted Umami to track aggregated usage statistics in order to improve our service. STATS_ENABLED=true # true or false STATS_SCR=https://stats.mirotalk.com/script.js STATS_ID=c7615aa7-ceec-464a-baba-54cb605d7261 Do not forget to edit the following: TZ= (timezone in the format such as Europe/Kiev) , HOST_USERS= (change to your own users and passwords that you wish to allow access to your mirotalk server) , STUN_SERVER_URL= (change in the format stun:mywebsite.com:5349) , and TURN_SERVER_URL=turn:mywebsite.com:3478 TURN_SERVER_USERNAME=user TURN_SERVER_CREDENTIAL=password - remember this should match the coturn server we installed before. Optionally, you can configure EMAIL_ALERT with your mail server details - but that is not really necessary for Mirotalk to work. Don't forget to save the ".env" file Next go back to the stacks section in portainer, new stack, call it mirotalk, and paste the following in the web editor: services: mirotalk: image: mirotalk/p2p:latest container_name: mirotalk hostname: mirotalk volumes: - /volume1/docker/mirotalk/.env:/src/.env:ro # Rebranding: - /volume1/docker/mirotalk/app/src/config.js:/src/app/src/config.js:ro # Optional volumes for real-time updates: - /volume1/docker/mirotalk/app/:/src/app/:ro - /volume1/docker/mirotalk/public/:/src/public/:ro restart: unless-stopped ports: - 3000:3000 # Uncomment below, remove "ports:" section above and configure labels as # needed for LetsEncrypt TLS certificates with Traefik. # See https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/ # expose: # - 3000 # labels: # - "traefik.enable=true" # - "traefik.http.routers.mirotalk.rule=Host(`mirotalk.example.com`)" # - "traefik.http.routers.mirotalk.entrypoints=websecure" # - "traefik.http.routers.mirotalk.tls.certresolver=myresolver" # - "traefik.http.services.mirotalk.loadbalancer.server.port=3000" Assuming your mirotalk repo is cloned under /volume1/docker like mine, no changes are needed here. If you put it elsewhere, edit accordingly. Now simply click deploy the stack, and wait. it will take maybe 10 minutes to deploy the stack. Assuming you kept both the internal port and the external reversed proxy at 3000, you should be able to enter your new mirotalk server via https://mywebsite.com:3000 - be mindful that you must use https, or it won't work. Now you can create any room that you wish, and use any of the users you created/amended in this section in the ".env" file: HOST_PROTECTED=false # true or false HOST_USER_AUTH=true # true or false HOST_USERS='[{"username": "user1", "password": "password1"},{"username": "user2", "password": "password2"}]' I have tested it both from inside my LAN, and from outside it (inside with my windows PC desktop, and outside with my android phone), and it works like a charm. Be aware that it took me weeks of trial and error and asking for help from both mirotalk and coturn developers, and digging in github issues and reddit subs in order to get this working in Synology. This is how the access page to mirotalk should look like. I did not find a webrtc client application so far, but it should work from most web browsers: I do hope it works for you. Please leave your own experiences below. Cheers! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.