• Hey Guest, we're evolving the future of TeaSpeak.
    You're invited to join the discussion here!

Setup the WebClient rightly (TeaServer)

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Hey,
I'm happy to announce that this isn't required anymore since the web client works out of the box since version 1.4.8.
You're not required anymore to setup any certificates or libraries.

Best regards
TeaSpeak - Team

Hey,
I'm going to show you, how you could correctly setup and configure your server, for the web client.
As well I'll give you a short overview of how the web client works, and where you have to focus on.

1. Overview: How do the WebClient works, and which ports have to be opened
Each virtual server does not only listen on UDP it also listens to TCP.
That's where the WebClient comes into play. The WebClient uses TCP (Secure Web Sockets) to communicate with the TeaSpeak-Server.
So please ensure that you've opened the virtual server port within your firewall for TCP as well.
This TCP based bridge is used for command execution and general management, but not for voice!
For voice, speech in general a protocol known as WebRTC (Web real time communication) is used.
This protocol is UDP based and uses the port range, given within the config.yml (default range is 50000 - 56000).
Please ensure you've allowed this range as well within your firewall.

2. Setup a valid SSL certificate
Because the WebClient uses secure web sockets, you have to use a SSL certificate.
By default, the server generates a self-signed certificate, which first have to be added as an exception to the browser to be able to connect.
This could be easily done by every client by clicking the "here" link within the connect failed dialogue.
But to avoid this in general you could use a valid SSL certificate and register it within the server configurations file.

2.1 Create/register a valid SSL certificate with LetsEncrypt
Please note that these instructions could be different, depending on your system or configuration.
More information could be found here: https://letsencrypt.org/getting-started/
  1. Install certbot
    Code:
    # apt-get install certbot
  2. Create a new certificate
    Code:
    sudo certbot certonly --standalone -d ts.teaspeak.de
    (Replace ts.teaspeak.de with your domain, linked to you TeaSpeak server)
  3. You should be now able to find up2date certificates and keys within /etc/letsencrypt/live/ts.teaspeak.de/
    (ts.teaspeak.de will be your domain, this is just an example)
2.2 Register your SSL certificate within the TeaSpeak server
  1. Open the config.yml with an editor of your chose
  2. Search for the tag web and then ssl. You'll find there two settings (certificate and privatekey)
  3. Paste the path to your certificate within the certificate tag.
    For the example from 2.1 would it be: /etc/letsencrypt/live/ts.teaspeak.de/cert.pem)
  4. Paste the path to your private key within the privatekey tag.
    For the example from 2.1 would it be: /etc/letsencrypt/live/ts.teaspeak.de/privkey.pem)
  5. Restart/start your server and try to connect.
3. Troubleshooting "Failed to apply ICE" (Server console)
Along with TeaSpeak, you're already forced to install libnice.
But on some, mainly older LTS distributions this package is a little bit outdated.
Within the latest version was a breaking change which requires the newest version.
You should be easily able to install the newest working libnice dependency by executing the install_libnice.sh script.
After executing this script you should find a few new libraries within your libs directory.
Restart the server and everything should work then.

4. Summarization
For setting up the server with the web client you've to do the following things:
  • Open the WebRTC UDP port range
  • Open the TCP port for your virtual server
  • Register a valid SSL certificate
  • Ensure you're using the latest libnice version (>= 0.1.15)
 
Last edited:

WolverinDEV

TeaSpeak Team
Staff member
Administrator
** Update **
The install_libnice.sh has been improved (less useless dependencies and more compatible systems)
This step will be soon obsolete as well (because it will be linked statically), but an exact date isn't yet decided.
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Small update:
This tutorial will be obsolete soon.
The server is currently already shipped with the newest libnice and will sonly automatically have a valid SSL certificate!
 

dension

Active member
Premium User
It is not working for me. I do anything what you wrote, but after that I can not connect to my server. I tried with webclient, TeaClieant and TS3 but can not to connect.
Certbot install no error, no warning. When I make certificate with Certbot no warning no error. I copied and pasted the cert.pem and privkey.pem rout of files (of course change the domain) the domain ip redirect to my server IP (in DNS) but not working. Debian 10 updated libnice.

Any idea?
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Well over the time there changed some stuff, as I just saw :D
There is a section within the config.yml where you could setup the paths for your certificates for each donain.
This might be missing. As well would you send me your config.yml so I could show where? :D
 

dension

Active member
Premium User
//Tutorial edit.
This tutorial is obsolete since 1.4.8.
Hi,

I understand obsolete this.

I installed Centos 7 wich is webserver too.

The domain has lets'encrypt SSL. But when I connect It say no ssl but when I connect to webadmin it has valid.

So as I see the domain has valid SSL but the teaserver not use that.

Can I get some help how solve this problem? I would like to use this, but I can not able to set, I do not know how.

System: VPS: Centos 7 + VestaCP + last updated TeaServer (fresh install, libnice, Lets'Encrypt, ffmpeg, youtube-dl installed)

Bestregards
dension
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Your WebPannel is something different than the TeaSpeak server.
As well sure you're able to connect to the server? (There is a "here" text which is clickable on the error message)
 

dension

Active member
Premium User
Your WebPannel is something different than the TeaSpeak server.
As well sure you're able to connect to the server? (There is a "here" text which is clickable on the error message)
Hi,

"Your WebPannel is something different than the TeaSpeak server." can you explain that how do you mean that? When I type in the browser https://web.teaspeak.de/ and try to connect to server2.silverhost.ml server and click to "here" text and forced the connection (wich is says the IP is not safety because of https certification) I can connect to server. But if you type in the browser the domain alone server2.silverhost.ml you will see it has valid https certification.

If you want to see it inside we can speak that in private, I would like to solve that problem. It would be very good if you can to help for me.

Bestregards,
dension
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Yes because your browser connects to port 80 (or 443 with SSL), your web server.
But with TeaSpeak you connect to port 9987, which is the defaul TeaSpeak server port.
TeaSpeak is not influenced by your webserver at all.

As well normally TeaWeb resolves the URL to an ip address and connects to that.
So its quite interesting that it still shows invalid certificate.
Do you may use an old server version?
 

dension

Active member
Premium User
Yes because your browser connects to port 80 (or 443 with SSL), your web server.
But with TeaSpeak you connect to port 9987, which is the defaul TeaSpeak server port.
TeaSpeak is not influenced by your webserver at all.

As well normally TeaWeb resolves the URL to an ip address and connects to that.
So its quite interesting that it still shows invalid certificate.
Do you may use an old server version?
Hi,

As I wrote above "System: VPS: Centos 7 + VestaCP + last updated TeaServer (fresh install, libnice, Lets'Encrypt, ffmpeg, youtube-dl installed)" also it is fresh install (2020.03.27.)

# Version: 1.4.10
# TeaSpeak version: 1.4.10
# Build version: 0

{"build_name": "1.4.10", "build_version": "1.4.10", "build_index": 0}

Bestregards,
dension
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
Had you may blocked out my licensing server or do you have any outgoing TCP firewall rules?
 

dension

Active member
Premium User
Hi,

I use CSF firewall.

TCP out and in port opened: from 9800 to 9999,30303,10101
UDP out and in port opened: from 9800 to 9999, from 50000 to 56000

And some port opened for webhosting. Everything else closed.

China blocked.

Bestregards,
dension
 

WolverinDEV

TeaSpeak Team
Staff member
Administrator
You've to allow my license server.
Because on license validation the server also receives his certificate for the web client.
 

dension

Active member
Premium User
You've to allow my license server.
Because on license validation the server also receives his certificate for the web client.
Hi,

Can you help me how? Wich one port have to open?

My son would like to sent donate for certificate and give you missing ammount for 2 year key.. ;-) Update: sent donate.

And as I wrote earlier we would like to translate the client to hungarian language.

Bestregards,
dension
 
Last edited:

WolverinDEV

TeaSpeak Team
Staff member
Administrator
hey,
the license server listens on license.teaspeak.de:27786.
Thanks for your donation. I'll finally need to get in the final steps, so windows does not blames anymore due to an unsigned app....
That really sucks....

Best regards.

With the translation you could edit the json here: https://github.com/TeaSpeak/TeaWeb/tree/master/shared/i18n .
I could give you a google translate base if you want to. There is also a tool to easily edit the translation file: https://tools.teaspeak.de/i18n-editor/

Just send me a PM and I could answer all your questions tomorrow (I'm already quite tired).

Update: A lot of thanks to your son :)