Créer un serveur Mumble sous Docker

Bonjour,

Aujourd’hui on va créer un serveur Mumble sous Docker. Mumble n’a jamais eu le succès qu’il aurait du avoir car son interface graphique est beaucoup trop vintage et ses réglages toujours trop complexes pour le péquin moyen. Mais c’est dommage car en terme de son, ce sont les meilleurs codecs sur le marché. Toujours est-il que ça ne coûte rien d’avoir un petit serveur Mumble qui traîne sous la main !

Pré-requis:

  • Une VM (optionnel mais c’est plus classe).
  • Un Ubuntu server installé ou équivalent.
  • Docker & Docker-compose installés.
  • Traefik installé en tant que reverse proxy.
  • Un network visible depuis le net : frontend.

On va commencer par créer un répertoire pour le container Docker pour avoir une persistance et y mettre le fichier de configuration murmur.ini

mkdir mumble
cd mumble
touch murmur.ini
nano docker-compose.yml

On va remplir le fichier docker-compose du container:

# Installer Mumble server
# https://hub.docker.com/r/mattikus/murmur/
version: "3"
services:
  murmur:
    image: mattikus/murmur
    container_name: mumble
    restart: unless-stopped
    networks:
      - frontend
    ports:
      - 64738:64738
      - 64738:64738/udp
    labels:
      - "traefik.enable=false"
    volumes:
      - ./murmur.ini:/etc/murmur.ini
networks:
  frontend:
    external: true

Il vous reste maintenant à définir le fichier de configuration de votre serveur Mumble, murmur.ini:

nano murmur.ini

Voici le contenu à mettre dans ce fichier. A adapter suivant vos besoins, bien sur:

# Murmur configuration file.
#
# General notes:
# * Settings in this file are default settings and many of them can be overridden
# with virtual server specific configuration via the Ice or DBus interface.
# * Due to the way this configuration file is read some rules have to be
# followed when specifying variable values (as in variable = value):
# * Make sure to quote the value when using commas in strings or passwords.
# NOT variable = super,secret BUT variable = "super,secret"
# * Make sure to escape special characters like '\' or '"' correctly
# NOT variable = """ BUT variable = "\""
# NOT regex = \w* BUT regex = \\w*

# Path to database. If blank, will search for
# murmur.sqlite in default locations or create it if not found.
database=/data/murmur.sqlite

# If you wish to use something other than SQLite, you'll need to set the name
# of the database above, and also uncomment the below.
# Sticking with SQLite is strongly recommended, as it's the most well tested
# and by far the fastest solution.
#
#dbDriver=QMYSQL
#dbUsername=
#dbPassword=
#dbHost=
#dbPort=
#dbPrefix=murmur_
#dbOpts=

# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
# RPC methods available in Murmur, please specify so here.
#
dbus=session

# Alternate D-Bus service name. Only use if you are running distinct
# murmurd processes connected to the same D-Bus daemon.
#dbusservice=net.sourceforge.mumble.murmur

# If you want to use ZeroC Ice to communicate with Murmur, you need
# to specify the endpoint to use. Since there is no authentication
# with ICE, you should only use it if you trust all the users who have
# shell access to your machine.
# Please see the ICE documentation on how to specify endpoints.
#ice="tcp -h 127.0.0.1 -p 6502"

# Ice primarily uses local sockets. This means anyone who has a
# user account on your machine can connect to the Ice services.
# You can set a plaintext "secret" on the Ice connection, and
# any script attempting to access must then have this secret
# (as context with name "secret").
# Access is split in read (look only) and write (modify)
# operations. Write access always includes read access,
# unless read is explicitly denied (see note below).
#
# Note that if this is uncommented and with empty content,
# access will be denied.

#icesecretread=
icesecretwrite=

# How many login attempts do we tolerate from one IP
# inside a given timeframe before we ban the connection?
# Note that this is global (shared between all virtual servers), and that
# it counts both successfull and unsuccessfull connection attempts.
# Set either Attempts or Timeframe to 0 to disable.
autobanAttempts = 20
autobanTimeframe = 120
autobanTime = 300
# Added by Arky / Fichier pour le ban
# banfile = /data/banfile.txt

# Specifies the file Murmur should log to. By default, Murmur
# logs to the file 'murmur.log'. If you leave this field blank
# on Unix-like systems, Murmur will force itself into foreground
# mode which logs to the console.
logfile=murmur.log

# If set, Murmur will write its process ID to this file
# when running in daemon mode (when the -fg flag is not
# specified on the command line). Only available on
# Unix-like systems.
#pidfile=

# The below will be used as defaults for new configured servers.
# If you're just running one server (the default), it's easier to
# configure it here than through D-Bus or Ice.
#
# Welcome message sent to clients when they connect.
welcometext="<br />Welcome to Arky Corporation server running <b>Murmur</b>.<br />Enjoy your stay!<br />"

# Port to bind TCP and UDP sockets to.
port=64738

# Specific IP or hostname to bind to.
# If this is left blank (default), Murmur will bind to all available addresses.
#host=

# Password to join server.
serverpassword=yourpassword

# Maximum bandwidth (in bits per second) clients are allowed
# to send speech at.
bandwidth=256000

# Maximum number of concurrent clients allowed.
users=50

# Amount of users with Opus support needed to force Opus usage, in percent.
# 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients.
#opusthreshold=100

# Maximum depth of channel nesting. Note that some databases like MySQL using
# InnoDB will fail when operating on deeply nested channels.
#channelnestinglimit=10

# Regular expression used to validate channel names.
# (Note that you have to escape backslashes with \ )
#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+

# Added by Arky / Test channels names
# channels = ( {
# name = "╔═══════╛CHAT╘═══════╗";
# parent = "";
# description = "Root channel. No entry.";
# noenter = true;
# },
# );

# Regular expression used to validate user names.
# (Note that you have to escape backslashes with \ )
#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+

# Maximum length of text messages in characters. 0 for no limit.
# textmessagelength=5000

# Maximum length of text messages in characters, with image data. 0 for no limit.
# imagemessagelength=131072

# Allow clients to use HTML in messages, user comments and channel descriptions?
allowhtml=true

# Murmur retains the per-server log entries in an internal database which
# allows it to be accessed over D-Bus/ICE.
# How many days should such entries be kept?
# Set to 0 to keep forever, or -1 to disable logging to the DB.
logdays=31

# To enable public server registration, the serverpassword must be blank, and
# this must all be filled out.
# The password here is used to create a registry for the server name; subsequent
# updates will need the same password. Don't lose your password.
# The URL is your own website, and only set the registerHostname for static IP
# addresses.
# Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
#
registerName=Mumble Server
#registerPassword=secret
#registerUrl=https://www.mumble.info/
#registerHostname=

# If this option is enabled, the server will announce its presence via the
# bonjour service discovery protocol. To change the name announced by bonjour
# adjust the registerName variable.
# See http://developer.apple.com/networking/bonjour/index.html for more information
# about bonjour.
bonjour=True

# If you have a proper SSL certificate, you can provide the filenames here.
# Otherwise, Murmur will create it's own certificate automatically.
#sslCert=
#sslKey=

# The sslCiphers option chooses the cipher suites to make available for use
# in SSL/TLS. This option is server-wide, and cannot be set on a
# per-virtual-server basis.
#
# This option is specified using OpenSSL cipher list notation (see
# https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
#
# It is recommended that you try your cipher string using 'openssl ciphers <string>'
# before setting it here, to get a feel for which cipher suites you will get.
#
# After setting this option, it is recommend that you inspect your Murmur log
# to ensure that Murmur is using the cipher suites that you expected it to.
#
# Note: Changing this option may impact the backwards compatibility of your
# Murmur server, and can remove the ability for older Mumble clients to be able
# to connect to it.
#sslCiphers=EECDH+AESGCM:AES256-SHA:AES128-SHA

# If Murmur is started as root, which user should it switch to?
# This option is ignored if Murmur isn't started with root privileges.
# uname=test

# If this options is enabled, only clients which have a certificate are allowed
# to connect.
#certrequired=False

# If enabled, clients are sent information about the servers version and operating
# system.
sendversion=True

# You can configure any of the configuration options for Ice here. We recommend
# leave the defaults as they are.
# Please note that this section has to be last in the configuration file.
#
[Ice]
Ice.Warn.UnknownProperties=1
Ice.MessageSizeMax=65536

On lance maintenant le container:

docker-compose up -d

Si vous êtes derrière pfsense pensez à faire une règle NAT pour translater le port 64738 sur votre VM (la même pour votre box).

Vous avez maintenant un beau serveur Mumble qui est disponible sur votre serveur ! A noter que le mot de passe admin se trouve dans les logs de votre container que vous pouvez facilement voir avec Portainer.

@+