First things first, this is basically a copy/paste of one of my go-to sites for Nextcloud issues, Carsten Rieger's c-rieger.de. This post is for a particular function within Nextcloud, Nextcloud Talk. All credit goes to Carsten, I'm posting this here for my personal use so if his site (or page) goes down I still have something to go by when/if I need to reinstall Talk.
This is one of the best and easiest walk-throughs (like most of his) to get Talk up and running. Note: this is using Ubuntu, I use Ubuntu 18.04 on my RPi. Here's his info (replacing his use of the vi editor with what I use, nano):
First switch into sudo mode and install coturn as your TURN server:
apt install coturn
Modify the coturn configuration file
[remove] the leading ‘#’ at the beginning of “TURNSERVER_ENABLED=1”
# # Uncomment it if you want to have the turnserver running as # an automatic system service daemon # TURNSERVER_ENABLED=1
Create your personal secret by issuing
openssl rand -hex 32
[copy this number and hold on to it for a min]
Now move the default turnserver.conf and create a new one:
mv /etc/turnserver.conf /etc/turnserver.conf.bak && nano /etc/turnserver.conf
Paste the following rows
listening-port=3478 tls-listening-port=5349 fingerprint lt-cred-mech use-auth-secret static-auth-secret=1212121212121212121212121212121212121212121212121212121212121212 realm=your.dedyn.io total-quota=100 bps-capacity=0 stale-nonce cert=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem pkey=/etc/letsencrypt/live/your.dedyn.io/privkey.pem cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5" no-loopback-peers no-multicast-peers
[Replace] the exemplarily static-auth-secret 1212121212121212121212121212121212121212121212121212121212121212 with your generated one and the dummy url (your.dedyn.io, in three places) with your Nextcloud url.
Open ports 3478 and 5349 (UDP & TCP) in ufw (you are running ufw, right?)
ufw allow 3478/tcp && ufw allow 3478/udp && ufw allow 5349/tcp && ufw allow 5349/udp
[You also need to forward your ports above (via your router) to your machine.]
Then restart your TURN Server and NGINX
service coturn restart && service nginx restart
[Now me talking here]
Head to your Apps and add the Talk module. Once that's activated go to your setting page and towards the bottom you should see the Talk menu. It'll look like this(ish)
Using the above, section 1 and section 2 will be the address of your Nextcloud server (e.g., cloud.nextcloud.com) with the added port of 5349. So, for this example, it should read cloud.nextcloud.com:5349. Section 3 above you will paste the hex 32 code that you generated earlier. That's it (leave the Signaling server section alone).
You can now download and open the Nextcloud Talk app on iOS and Android, login with your Nextcloud credentials, and have a secure conversation with the meta-data remaining on YOUR server. And it's all encrypted. Win!