Daniil Franks Blog | Deploying Your Own Messenger

🎯 Website & Mobile App Development, CRM 💻 Ruby on Rails, React, React Native

🎯 Why You Need Your Own Messenger Based on Nextcloud

A self-hosted messenger on the Nextcloud Talk platform is a solution for teams and organizations that value privacy, independence from third-party services, and the ability to integrate communications with files, calendars, and tasks in a unified space.

Advantages of self-hosting:

Full control over storage and processing of messages, files, and metadata
No limits on the number of users, storage capacity, or call duration
Integration with other Nextcloud services: files, calendars, tasks, notes
Compliance with personal data protection requirements (152-FZ, GDPR)

Self-hosted messenger on the Nextcloud Talk platform

🔧 Server Preparation and Basic Environment Setup

Infrastructure Requirements

VPS or dedicated server with Ubuntu 20.04/22.04 LTS
Minimum 2 GB RAM, 2 CPU cores, 20 GB disk space
Domain name with configured A-record pointing to the server IP
Open ports: 80/443 (web), 3478/5349 (TURN/STUN for calls)

Initial Access and System Update

Connect to the server via SSH and update packages:

ssh root@99.11.123.94
sudo apt update && sudo apt upgrade -y

Installing LAMP Stack and Dependencies

Nextcloud requires a web server, DBMS, and a set of PHP modules:

sudo apt install apache2 mariadb-server libapache2-mod-php php php-mysql php-gd php-xml php-mbstring php-curl php-zip php-bz2 php-intl php-gmp php-bcmath php-imagick php-redis redis-server unzip wget vim -y

🗄️ MariaDB Database Configuration

Secure Database Initialization

sudo mysql_secure_installation

Follow the prompts: set the root password, remove anonymous users, disable remote root login.

Creating Database and User for Nextcloud

sudo mysql -u root -p

In the MySQL console, execute:

CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'f4378fh37fh4f29dh8972hd923';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'myapp'@'localhost';
FLUSH PRIVILEGES;
EXIT;

It is recommended to use a strong password and save it in a password manager.

📦 Installing and Configuring Nextcloud

Downloading and Placing Files

cd /var/www/
sudo wget https://download.nextcloud.com/server/releases/latest.zip
sudo unzip latest.zip
sudo mv nextcloud /var/www/nextcloud
sudo chown -R www-data:www-data /var/www/nextcloud
sudo chmod -R 755 /var/www/nextcloud

Apache Virtual Host Configuration

Create the file /etc/apache2/sites-available/nextcloud.conf:

<VirtualHost *:80>
    ServerName test.ru
    DocumentRoot /var/www/nextcloud
    
    <Directory /var/www/nextcloud/>
        Require all granted
        AllowOverride All
        Options FollowSymLinks MultiViews
    </Directory>
    
    ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
    CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
</VirtualHost>

Activate the configuration and required modules:

sudo a2ensite nextcloud.conf
sudo a2enmod rewrite headers env dir mime
sudo systemctl restart apache2

Setting Up HTTPS via Let's Encrypt

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d test.ru

Follow the instructions: provide your email, agree to the terms, choose HTTPS redirection.

🌐 Initial Nextcloud Setup via Web Interface

Open https://test.ru in your browser
Create an administrator account
In the "Database Setup" section, specify:
- Type: MySQL/MariaDB
- Database name: nextcloud
- User: myapp
- Password: f4378fh37fh4f29dh8972hd923
- Host: localhost
Complete the installation and log in to the control panel

📞 Configuring TURN/STUN Server for Audio and Video Calls

Installing and Configuring Coturn

sudo apt install coturn -y
sudo vim /etc/turnserver.conf

Example configuration:

listening-port=3478
tls-listening-port=5349
listening-ip=99.11.123.94
external-ip=99.11.123.94
relay-ip=99.11.123.94
realm=test.ru
server-name=test.ru
use-auth-secret
static-auth-secret=fdfg5y57j76ge3
user-quota=12
total-quota=1200
stale-nonce=600
cert=/etc/letsencrypt/live/test.ru/fullchain.pem
pkey=/etc/letsencrypt/live/test.ru/privkey.pem
no-loopback-peers
no-multicast-peers

Enable the service:

sudo systemctl enable coturn
sudo systemctl start coturn

Integrating TURN/STUN into Nextcloud Talk

Navigate to Administration → Talk → STUN/TURN servers
Add STUN server: stun:test.ru:3478
Add TURN servers:
- turn:test.ru:3478 (UDP)
- turn:test.ru:5349 (TCP)
Specify the static-auth-secret matching your Coturn settings

Forcing TURN Usage (Optional)

In the file /var/www/nextcloud/config/config.php, add:

'turn.force' => true,

Opening Ports in the Firewall

sudo ufw allow 3478/tcp
sudo ufw allow 3478/udp
sudo ufw allow 5349/tcp
sudo ufw allow 5349/udp

🔐 Server Security and Access Management

Creating a Dedicated Administrative User

sudo adduser newuser

Configuring Secure SSH Access

Change the default port in /etc/ssh/sshd_config:

Port 9070
PermitRootLogin no
AllowUsers newuser

Open the new port in the firewall:
```
sudo ufw allow 9070
```

Restart SSH and verify connection:

sudo systemctl restart sshd
ssh -p 9070 newuser@99.11.123.94

Granting sudo Privileges (If Needed)

sudo visudo

Add the line:

newuser ALL=(ALL:ALL) ALL

📱 Connecting the Nextcloud Talk Mobile App

Installation and Initial Setup

Install the app from the official store:
- Nextcloud Talk for Android
- Nextcloud Talk for iOS
Upon launch, specify your server address: https://test.ru
Log in using the account created in the web interface

Granting Permissions

For calls and notifications to work properly, the app requires:

Access to microphone and camera
Permission to send notifications
Access to contacts (for quick contact search)

Starting Communication

After logging in, tap "+" in the chat list
Enter the username or email of another system user
Select the communication type: text chat, audio call, or video call

🔍 Diagnostics and Common Issues

Checking Service Status

sudo systemctl status apache2
sudo systemctl status mariadb
sudo systemctl status coturn
sudo tail -f /var/log/apache2/error.log

Testing TURN/STUN Ports

telnet test.ru 3478
telnet test.ru 5349

If calls fail to connect:

Ensure ports 3478/5349 are open in the firewall and on the hosting provider side
Verify that the correct external-ip is specified in the Coturn configuration
Ensure the Let's Encrypt certificate is valid and not expired
In Talk settings, enable the "Force TURN usage" option

If files fail to upload:

Check access permissions for the /var/www/nextcloud directory
Ensure appropriate limits are set in php.ini: upload_max_filesize, post_max_size
Check available disk space: df -h

Subscribe to my channel and stay updated on all IT news! @daniilfranxx Subscribe