This is a wiki. Unless you have a good reason to edit (obvious typo, formatting enhancement), thank you for asking first by quoting the part you find problematic and explaining your change.
Installing Murmur
On Debian, this is as simple as running apt install mumble-server.
Configuration
You can then configure the server by editing /etc/mumble-server.ini.
welcometext
One of the nice thing to do is change the welcometext: you can use QT rich text to change it with caveats :
- if you want images, links, etc. to appear, you must skip the quotes around attributes.
- note that it’s better to use the
data-uri scheme to store the image, like if you were sending email.
Configure welcometext to obtain the above result
For example, here is the entry for chat.public.cat:
# Welcome message sent to clients when they connect.
welcometext="<table style=border:none>
<tr>
<td><a href=https://ps.zoethical.org/t/public-voice-service/3526><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAACTpAAAk6
QFQJOf4AAAAB3RJTUUH5AQJEhcg6MbJPgAAC5ZJREFUeNrtXYlzE/cZlW18S/iQfGHAB7bxfVs+8NVypCEZksBkgJCSUggpOQi0TXORhkKZtElhSpomTaYloelBA2nSBgK4DTmgBGxsJJM/qO+tv82oqiQLaS1nre8xb4Sl1e7q9739fsf3pHU4FAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQjHPcLvdBj0eTyqYAmqjLJBgZoA5YA
FYBlaDzWAfuAbcCD4EPgEeAF8Ey1UA9g/m8+AvwdfBk+AZ8Bz4CXgFvA5OgjdBPzgNfgV+BlapAOwfzFvCaaFf6BPeDEG+/jG4RAVg/2DGQu7zQ88MNJg2D2asAjgFLratADSYcZGf4R1pMw2mzYMZqwDekLbWYCYh2VZHwbS4BMA3y0hyrQbTVmQ7H457IUgEsBWc0mDaTgDPMH7M1vEKYJsEVxvWXl3AXomfCiAJyXjtZPzy8/NVAElIdsNb4p4BqABszQ0qgOTlpEz
DVQBJynFwQAWQvP3/VbBDBZC8AvgCrFcBJK8A/m2JGUQFYNs1gPOWmEFUALYVgDVmEBWAbQVgjRkkSgH4AgpCkbbxB21jFpZ8Cewbp4OKVok+B3uZQWYRgNGARZ6iy6WFpW+VuEtOh9nGh20+Lykseac8v/zg8rzleysWVzy2NH/ps3jfm0Xuok/nuIrI/U7hOOdxvN/iuAdwDvuW5S37Ec7nEJ47gdcuqRkkegGYgf+8rLDs17W5tZv6Uvo6GrMb7yx2F48FBJLbfLqk
YMnh+pz69dimc8Qx0jzqGG0adgw3DzmGWvlcfXb93WUFZcfEQ2C1CHwI7kUJ+pMUHQO/wrnigY70jgGeR29qbxfO/TsQwu8sPH6ojGcvM0gYAfBqvoSAvVyXU7dhIGWgbdAx2DrgGGgn8fxxOYEpXPEn0NCbKRA2Pq62FxGA5ysXV+5qyWz51irHqjaS7+9L7evkNtj3FSuDAEG+V5dbdy+vdPx9LSDTjOO1D3DMx3vSenooSgjjKYuOzTa6gv2/D344R8KeezNICAHcY
ApFoz1mps8qV9UOXsUMPq7oFmnEcVz1R/DaTiO9eoquBl0Rk2iYc9h2nzfN200R8P18xHM/xusTFgXhEoJ/D69uZqsQQTA+E871ZYqA4rTgimXGucAM07Woq49ZhsLG818mUAQUwLNxewFCCYCqlj7bSDXs/3mF8yomq53V29GQzzHl8rUIAyzubwKNf8ib6u02BcBAcDxhQSD8yEZHKcoaZ80WWRsPOz6QDPUzK45L8fO4ZobjZ8L46M8J7A6sMYOE6QL8QQH1IdhPmR
+4Pb19EA1Ar+CNKBTP1yfQ+E+YWYAiYsACskasjTBVkVexB2OOJow/NszStUyjuzop3VfcAoCQXmB7mN0iuzfs/20JTKIEYJhBiouL53waSMUfYuA4qEPqe1CutmiD50dGOdec1fxtUwS4YrxosHivmIlqV/V3GYjutO5eZJWTswTgGkTyHyvm4Dj3dzvTOwd4bAwyWzDIXY/POJbg6e5WS+zgUQrgiAigBf3+9wPcwFETff9+czDJR2SVg3EKYBKDzZ08J+yvDWOB+9B
9fRTFWoUltXhe8RwPcdbBbtOWZpAYBbAjBgEwBf+e0zFzMFm1uOrhWIT0P6m4oPygKSpml4bshjtlqjeRgP44eLHJfmaQBArA6AZaM1qHzWlhTW7NZpk+xRwAXvFNWU2rAzMLuxdkhkfw2mmxui/EJW5rzCAJFICxUsjFInM2gZS90YKBoA9X/OsYmK4KyASGEDhY5WoghPAPi9P/wjGDJFIAnCdjOrkxQACbIIAvrWgULkjV5dTdsyrFyC5frznwOK2ZraMYtf80zDqB
nc0gDXYSgDEKx/Tv/qDZxIRV/TEXhTAmONSY1bjOnJ+bQiBxvG1cMl4AIvDJ1/Oq7JYBrpoZgPuR1TOrG8aoC3DBB2ODtRL8dhl4tnLlUrKOnUVgnRlkvsYADAr2eXSOBmimEM5zKZqrdGY24CzEolXIhWEGSfAs4GPOAowBWkb7kAzO/PEGepaGYh3gcOD0E5nnhwsgA1j3yyAJXAc44U31dnEfnKbJUnJchaASd8nfZgkmX7uO4z1snn+lq3JXnOsPC+uXQRK0Evh1P
YHTMwmcfxaVR3IgcQ3g/WpX9fYoystGHYBdAY9fsbji8SiPG02dY3oe3EbW/jLIbQqAo/dtMdQCxhqzG9cxDUvdfirSKhfr+Oir35B6QahaOwXwz7aMtuEoCjzGwLAls2WUn4Gl4TDbT2GfZ+lgomBmExb3yfGElMMTOcW0zgxyuwJgAFl4wd+/kCwQzVUyhav/aQ7EaBULMG2EW9h5jVkCx+roSTVq+M+FyDgUwFkuANELQO9BhPOnAMZaM1tHmrOaV2Pb86EExQJPc2
bz6n5Hf0dvSm8XMsWeMOfKY3/QkN2wvj+lv4NeCclEXyRIBIYZxO12p8yLAKT+7aW5Qq6SSH6AKdbsxTSxX6pxvlkqfA+ywmYu7SJoaxDAT4LeZwwq2zLbhsUPsBVBuRDmXG5x/NGZ3tmPz/GrcMfnjIH2MfMzcnsGOkS7sBx80CwHc0bDQSazRoLKwdaZQWIRABVvrLilDLaxrs/iiwRoPCC1T/CqhEieqcupu1f8gNF0G4YAzMaNIADDksVyMINFwazMWbmB3YZciWb
GoC3sDLcTM8hEhGrlPlN4IoABsXtFFIA5vYQA/pggAVhnBrldAZC1ubX3szG59EqnDwWB1LmGYsBoezdS56N8pC+wvKD8cMDqWzTp0VdWWHasa1FXL4/FFCsWshthZgKf8dx4Lhzk8Xzqs+vv4oIPB3s8F3Y7YtaI1GWxC3gbY4ohU+jcRxibF7uAM01ZTWvMVUZ89s08lwR1ARTArrh/GyjOWcAU7WAYzf+VKZ4OGfbz7Bb4N54/JXaxWKzgE7RXcbBmWMojdxumJf0y
gnIK4nkV73uJjiVmgwDDZjTrDRx8nsb5v8JxCN3Okc6d6xj8rDjmcYj8X7Y0g8S5DuALmjb5b3MaddOi6djNoHOZDvpls1iOG83Uzj9P00DrzCAJLgYpv2lmEBVAkptBVABJbgZRASS5GUQFkORmEBVAkptBVABJbgZRASS5GSQWAVS7qnfEaeZQflPMIDF8N7BlhXPFdgvdvMr5NIMECIAW7a9CLOsaS6ymm4ciiOKbuMq5FcAxy8wgAQLg7WJYzvyLZ+bWMBxo0GQxV
uQu+og/wmBWybyp3h6pq49HWIu/5fn/O44Er9EH34HE59G7kUTjBfi5x8r7BYsAFkm/4nJ73PllBWWlNc6axtrc2p7GrMah/pR+1r0pAFq6W7vTunvQFWxZnrf8EWSHPeX55XtLC0vptXsU3C+GBX779yWxL70GviX9F0V2OkBkF2VuS1vVFSnBXpduZlI8Br6gYlM0QluIIrPWDBIKozP/UkccIy48uvDoRNCdCD4fc/mIbOBc61ibe4fjjtx1jnW5+L8Tjxl85278Y5
26sLDQIUplukoHM02RgfkylSkFl3lm7kS20jNzN7JOz8wdyUYkM90NbgIfAFmKplVrH/i0Z+bmyUdAZqTfgG+CrP3TS/geSEfPWREZf1qVNfvLspxqR5HxmE/OqQBseNPJYJFlg04RmRssAZfK6lkd2CRr6b3gsFTW7vLM3DGNdfbvgT+Qhv4J+IKk3VfAV0F+/fwE+CeQ7ua/g/xdggshRHZNusrJALeULw6R3bLUDKKIDGaxgEyWKl1lRoDI8gJExtu4V4K1YCPYDnr
BQXA1uB68zzNzm5eHwN1i7eKPbh2QX/2iY/m4jPT/AL4bJLKLsg8NzkKBy+UyM1qwyLLAXFn0KQSLRWROFYBCoVAoFAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQqFQKBQKhUKhUCgUCoVCoVAoFAqFQqFQKBQKhUKhUCgUCwP/BZi7Hiv5o7l0AAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDIwLTA0LTA5VDE2OjIzOjMyKzAyOjAwBSeH5gAAACV0RVh0ZGF0ZTptb2RpZnkA
MjAyMC0wNC0wOVQxNjoyMzozMiswMjowMHR6P1oAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAAAAElFTkSuQmCC width=128></a></td>
<td style=vertical-align:middle>
<p>Welcome to petites singularités' PUBLIC voice service (powered by <b>Murmur</b>).
<br />
Enjoy your stay! If you need anything, please refer to the <a href=https://ps.zoethical.org/t/public-voice-service/3526>related topic</a>.</p>
</td>
</tr>
</table>
<p>This is a <a href=https://federated.public.cat>PUBLIC</a> service. We expect you to <i>be excellent to each other</i>.</p>
"
bandwidth
# Maximum bandwidth (in bits per second) clients are allowed
# to send speech at.
bandwidth=72000
@Amolith recommends using 130000 for better sound quality (like streaming music) or maximizing the number of simultaneous speakers. I did not test this setting yet, and have concerns about low-bandwidth situations where some people would boost their sound quality but overflow what’s available on slow links (e.g., UMTS connections) – in my experience so far people seem to be using between 40 - 55 Kpbs for voice for an acceptable quality.
users
# Maximum number of concurrent clients allowed.
users=100
TODO: document how much bandwidth is used per number of users… If we’d like to scale up to 400+ users, how much bandwidth do we need, or put otherwise: how many concurrent users can Murmur support on a 100Mbps link?
channelnestinglimit
Channel nesting is a matter of preference I guess, but I can’t see a good reason to nest rooms tenfold since it will make it hard for humans to find their way through such a maze.
# Maximum depth of channel nesting. Note that some databases like MySQL using
# InnoDB will fail when operating on deeply nested channels.
#channelnestinglimit=10
channelnestinglimit=3
SSL Setup
sslCert and sslKey allow to setup “a proper SSL certificate”. LetsEncrypt is your friend. One limitation of TLS support in Mumble is that it does not support PFS yet. You can use sslCiphers to limit connection to the best available ciphers but it remains suboptimal.
sslCiphers configuration
# The sslCiphers option chooses the cipher suites to make available for use
# in SSL/TLS. This option is server-wide, and cannot be set on a
# per-virtual-server basis.
#
# This option is specified using OpenSSL cipher list notation (see
# https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
#
# It is recommended that you try your cipher string using 'openssl ciphers <string>'
# before setting it here, to get a feel for which cipher suites you will get.
#
# After setting this option, it is recommend that you inspect your Murmur log
# to ensure that Murmur is using the cipher suites that you expected it to.
#
# Note: Changing this option may impact the backwards compatibility of your
# Murmur server, and can remove the ability for older Mumble clients to be able
# to connect to it.
sslCiphers=EECDH+AESGCM:AES256-SHA:AES128-SHA
#sslCiphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-A
ES128-SHA256
TODO: select the best trade-off for compatibility with main Mumble clients, OpenSSL, LetsEncrypt, and security…
obfuscate
The GDPR encourages you to protect the privacy of your clients, so you can use the obfuscate setting to remove the connecting IP addresses from your logs.
# Hide user connected IP addresses in logs (GPDR power)
obfuscate=true
Using Murmur
Access Control Lists
TODO: Murmur has some ACL that are not obvious to pick up, so let’s put some use-cases to clarify their use.
User Registration and Authentication
TODO: Setting passwords, using client certificates, using ICE for SSO…
Integrations
SIP
TODO: how to enable phone conferencing to Mumble
Web
TODO: how to setup a simple Web client
- Create a dedicated user
As root:adduser --system --disabled-login mumble
su - mumble -s /bin/bash
- Clone the
mumble-web repositorygit clone https://github.com/Johni0702/mumble-web
cd mumble-web
npm
- Configure
- edit
dist/config.local.js
- Install
websockify
- Setup service
- Configure Nginx
- cache! The
mumble-web application is very heavy to load (one 1.95MB and another 7.3MB scripts).
Matrix
TODO: how to integrate with a Matrix room so Matrix users can join a Mumble room.
mumble-web documentation tells to use a “jitsi” type and point it to the mumble client instead, but that did not work for me. I tried to use a “custom widget” but failed as well: the $matrix_display_name is not replaced with the user name – probably something to configure for the Synpase service to be able to use the identity service from Riot to fix it… Anyone?
Librehosters Murmur Services
Add your own