 |
|
|
How to set up a Mumble server |
|
|
|
_ _ |
|
| || | ___ __ __ __ |
|
| __ | / _ \ \ V V / |
|
|_||_| \___/ \_/\_/ |
|
|
|
|
|
_ |
|
| |_ ___ |
|
| _| / _ \ |
|
\__| \___/ |
|
|
|
|
|
_ |
|
___ ___ | |_ |
|
(_-< / -_) | _| |
|
/__/ \___| \__| |
|
|
|
|
|
|
|
_ _ _ __ |
|
| || | | '_ \ |
|
\_,_| | .__/ |
|
|_| |
|
|
|
|
|
__ _ |
|
/ _` | |
|
\__,_| |
|
|
|
|
|
__ __ _ _ |
|
| \/ | _ _ _ __ | |__ | | ___ |
|
| |\/| | | || | | ' \ | '_ \ | | / -_) |
|
|_| |_| \_,_| |_|_|_| |_.__/ |_| \___| |
|
|
|
|
|
|
|
___ ___ _ _ __ __ ___ _ _ |
|
(_-< / -_) | '_| \ V / / -_) | '_| |
|
/__/ \___| |_| \_/ \___| |_| |
|
|
|
|
|
╔─*──*──*──*──*──*──*──*──*──*──*�… |
|
║1 ........................................ 1║ |
|
║2* ........................................ *2║ |
|
║3 ........................................ 3║ |
|
║1 ...........Posted: 2025-03-08........... 1║ |
|
║2* ..........Tags: mumble linux ........... *2║ |
|
║3 ........................................ 3║ |
|
║1 ........................................ 1║ |
|
╚─────────────────────────�… |
|
|
|
Mumble is an old-school, low-latency voice chat app, perfect for games like |
|
Counter-Strike 1.6. It’s a bit tricky to set up but offers strong encryption … |
|
full control. My server provides a lightweight, private alternative for |
|
high-performance voice chat. |
|
|
 |
I run a Mumble server! |
|
|
|
I set this up on my Debian server. |
|
|
|
## Basic setup |
|
|
|
Install and configure: |
|
|
|
``` |
|
sudo apt-get update && sudo apt-get upgrade |
|
sudo apt-get install mumble-server |
|
sudo dpkg-reconfigure mumble-server |
|
``` |
|
|
|
Confirm to start the server on boot and also set your `SuperUser` password, |
|
which will be used to administer the server (you log in with the username |
|
`SuperUser`). |
|
|
|
The config file is `/etc/mumble-server.ini`. A fun thing to tweak is |
|
`welcometext`. |
|
|
|
## Firewall |
|
|
|
The default port is 64738. |
|
|
|
``` |
|
sudo ufw allow 64738/tcp comment "Allow Mumble server (default port TCP)" |
|
sudo ufw allow 64738/udp comment "Mumble voice traffic" |
|
``` |
|
|
|
Don't forget to port forward! |
|
|
|
## LetsEncrypt/SSL |
|
|
|
Mumble offers a self-signed certificate by default, but I'm a little bit extra |
|
and want to have my own SSL certificate just for Mumble. |
|
|
|
Create `sites-available/mumble.someodd.zip.conf`: |
|
|
|
``` |
|
server { |
|
listen 8765; |
|
server_name mumble.someodd.zip; |
|
root /var/www/mumble.someodd.zip; |
|
|
|
location ^~ /.well-known/acme-challenge/ { |
|
default_type "text/plain"; |
|
root /var/www/mumble.someodd.zip; |
|
} |
|
|
|
location / { |
|
try_files $uri $uri/ =404; |
|
} |
|
} |
|
``` |
|
|
|
Now "enable" the configuration and restart `nginx`: |
|
|
|
``` |
|
mkdir /var/www/mumble.someodd.zip |
|
sudo ln -s /etc/nginx/sites-available/mumble.someodd.zip.conf /etc/nginx/sites-… |
|
sudo service nginx restart |
|
``` |
|
|
|
Finally, since the point of setting up this `nginx` virtual host was to allow |
|
for a webroot during the LetsEncrypt renewal process, let's actually start |
|
working on LetsEncrypt. |
|
|
|
Create the new cert for `mumble.someodd.zip`. Copy the key and cert to a custom |
|
directory for `mumble-server`. I did this to avoid permission complications. |
|
|
|
``` |
|
sudo certbot certonly --webroot-path="/var/www/mumble.someodd.zip" -d 'mumble.s… |
|
sudo mkdir /etc/mumble-server/ |
|
sudo cp /etc/letsencrypt/live/mumble.someodd.zip/fullchain.pem /etc/mumble-serv… |
|
``` |
|
|
|
Set decent security permissions/ensure the files are readable by |
|
`mumble-server`: |
|
|
|
``` |
|
sudo chown root:mumble-server /etc/mumble-server |
|
sudo chown root:mumble-server /etc/mumble-server/privkey.pem |
|
sudo chown root:mumble-server /etc/mumble-server/fullchain.pem |
|
sudo chmod 750 /etc/mumble-server |
|
sudo chmod 640 /etc/mumble-server/privkey.pem |
|
sudo chmod 640 /etc/mumble-server/fullchain.pem |
|
``` |
|
|
|
Point `/etc/mumble-server.ini` to the SSL files: |
|
|
|
``` |
|
sslCert=/etc/mumble-server/fullchain.pem |
|
sslKey=/etc/mumble-server/privkey.pem |
|
``` |
|
|
|
Update letsencrypt `/etc/letsencrypt/renewal/mumble.someodd.zip.conf` by putting |
|
this under renewalparams: |
|
|
|
``` |
|
renew_hook = cp /etc/letsencrypt/live/mumble.someodd.zip/privkey.pem /etc/mumbl… |
|
``` |
|
|
|
Test it out with: |
|
|
|
``` |
|
sudo certbot renew --cert-name mumble.someodd.zip --dry-run |
|
``` |
|
|
|
Although since this is fresh why not just test with: |
|
|
|
``` |
|
sudo certbot renew --cert-name mumble.someodd.zip --force-renewal |
|
``` |
|
