• Be part of the TeaParty!
    Click here for more information

Information Setup the WebClient rightly (TeaServer)

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Hey,
I'm going to show you, how you could correctly setup and configure your server, for the web client.
As well I'll give you a short overview of how the web client works, and where you have to focus on.

1. Overview: How do the WebClient works, and which ports have to be opened
Each virtual server does not only listen on UDP it also listens to TCP.
That's where the WebClient comes into play. The WebClient uses TCP (Secure Web Sockets) to communicate with the TeaSpeak-Server.
So please ensure that you've opened the virtual server port within your firewall for TCP as well.
This TCP based bridge is used for command execution and general management, but not for voice!
For voice, speech in general a protocol known as WebRTC (Web real time communication) is used.
This protocol is UDP based and uses the port range, given within the config.yml (default range is 50000 - 56000).
Please ensure you've allowed this range as well within your firewall.

2. Setup a valid SSL certificate
Because the WebClient uses secure web sockets, you have to use a SSL certificate.
By default, the server generates a self-signed certificate, which first have to be added as an exception to the browser to be able to connect.
This could be easily done by every client by clicking the "here" link within the connect failed dialogue.
But to avoid this in general you could use a valid SSL certificate and register it within the server configurations file.

2.1 Create/register a valid SSL certificate with LetsEncrypt
Please note that these instructions could be different, depending on your system or configuration.
More information could be found here: https://letsencrypt.org/getting-started/
  1. Install certbot
    Code:
    # apt-get install certbot
  2. Create a new certificate
    Code:
    sudo certbot certonly --standalone -d ts.teaspeak.de
    (Replace ts.teaspeak.de with your domain, linked to you TeaSpeak server)
  3. You should be now able to find up2date certificates and keys within /etc/letsencrypt/live/ts.teaspeak.de/
    (ts.teaspeak.de will be your domain, this is just an example)
2.2 Register your SSL certificate within the TeaSpeak server
  1. Open the config.yml with an editor of your chose
  2. Search for the tag web and then ssl. You'll find there two settings (certificate and privatekey)
  3. Paste the path to your certificate within the certificate tag.
    For the example from 2.1 would it be: /etc/letsencrypt/live/ts.teaspeak.de/cert.pem)
  4. Paste the path to your private key within the privatekey tag.
    For the example from 2.1 would it be: /etc/letsencrypt/live/ts.teaspeak.de/privkey.pem)
  5. Restart/start your server and try to connect.
3. Troubleshooting "Failed to apply ICE" (Server console)
Along with TeaSpeak, you're already forced to install libnice.
But on some, mainly older LTS distributions this package is a little bit outdated.
Within the latest version was a breaking change which requires the newest version.
You should be easily able to install the newest working libnice dependency by executing the install_libnice.sh script.
After executing this script you should find a few new libraries within your libs directory.
Restart the server and everything should work then.

4. Summarization
For setting up the server with the web client you've to do the following things:
  • Open the WebRTC UDP port range
  • Open the TCP port for your virtual server
  • Register a valid SSL certificate
  • Ensure you're using the latest libnice version (>= 0.1.15)
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
** Update **
The install_libnice.sh has been improved (less useless dependencies and more compatible systems)
This step will be soon obsolete as well (because it will be linked statically), but an exact date isn't yet decided.
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Small update:
This tutorial will be obsolete soon.
The server is currently already shipped with the newest libnice and will sonly automatically have a valid SSL certificate!
 

dension

Active member
Premium User
It is not working for me. I do anything what you wrote, but after that I can not connect to my server. I tried with webclient, TeaClieant and TS3 but can not to connect.
Certbot install no error, no warning. When I make certificate with Certbot no warning no error. I copied and pasted the cert.pem and privkey.pem rout of files (of course change the domain) the domain ip redirect to my server IP (in DNS) but not working. Debian 10 updated libnice.

Any idea?
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Well over the time there changed some stuff, as I just saw :D
There is a section within the config.yml where you could setup the paths for your certificates for each donain.
This might be missing. As well would you send me your config.yml so I could show where? :D