-
- How to set up a Mumble server
-
- _ _
- | || | ___ __ __ __
- | __ | / _ \ \ V V /
- |_||_| \___/ \_/\_/
-
-
- _
- | |_ ___
- | _| / _ \
- \__| \___/
-
-
- _
- ___ ___ | |_
- (_-< / -_) | _|
- /__/ \___| \__|
-
-
-
- _ _ _ __
- | || | | '_ \
- \_,_| | .__/
- |_|
-
-
- __ _
- / _` |
- \__,_|
-
-
- __ __ _ _
- | \/ | _ _ _ __ | |__ | | ___
- | |\/| | | || | | ' \ | '_ \ | | / -_)
- |_| |_| \_,_| |_|_|_| |_.__/ |_| \___|
-
-
-
- ___ ___ _ _ __ __ ___ _ _
- (_-< / -_) | '_| \ V / / -_) | '_|
- /__/ \___| |_| \_/ \___| |_|
-
-
- ╔─*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──*─╗
- ║1 ........................................ 1║
- ║2* ........................................ *2║
- ║3 ........................................ 3║
- ║1 ...........Posted: 2025-03-08........... 1║
- ║2* ..........Tags: mumble linux ........... *2║
- ║3 ........................................ 3║
- ║1 ........................................ 1║
- ╚────────────────────────────────────────────────╝
-
- Mumble is an old-school, low-latency voice chat app, perfect for games like
- Counter-Strike 1.6. It’s a bit tricky to set up but offers strong encryption and
- full control. My server provides a lightweight, private alternative for
- high-performance voice chat.
-
- I run a Mumble server!
-
- I set this up on my Debian server.
-
- ## Basic setup
-
- Install and configure:
-
- ```
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get install mumble-server
- sudo dpkg-reconfigure mumble-server
- ```
-
- Confirm to start the server on boot and also set your `SuperUser` password,
- which will be used to administer the server (you log in with the username
- `SuperUser`).
-
- The config file is `/etc/mumble-server.ini`. A fun thing to tweak is
- `welcometext`.
-
- ## Firewall
-
- The default port is 64738.
-
- ```
- sudo ufw allow 64738/tcp comment "Allow Mumble server (default port TCP)"
- sudo ufw allow 64738/udp comment "Mumble voice traffic"
- ```
-
- Don't forget to port forward!
-
- ## LetsEncrypt/SSL
-
- Mumble offers a self-signed certificate by default, but I'm a little bit extra
- and want to have my own SSL certificate just for Mumble.
-
- Create `sites-available/mumble.someodd.zip.conf`:
-
- ```
- server {
- listen 8765;
- server_name mumble.someodd.zip;
- root /var/www/mumble.someodd.zip;
-
- location ^~ /.well-known/acme-challenge/ {
- default_type "text/plain";
- root /var/www/mumble.someodd.zip;
- }
-
- location / {
- try_files $uri $uri/ =404;
- }
- }
- ```
-
- Now "enable" the configuration and restart `nginx`:
-
- ```
- mkdir /var/www/mumble.someodd.zip
- sudo ln -s /etc/nginx/sites-available/mumble.someodd.zip.conf /etc/nginx/sites-enabled/
- sudo service nginx restart
- ```
-
- Finally, since the point of setting up this `nginx` virtual host was to allow
- for a webroot during the LetsEncrypt renewal process, let's actually start
- working on LetsEncrypt.
-
- Create the new cert for `mumble.someodd.zip`. Copy the key and cert to a custom
- directory for `mumble-server`. I did this to avoid permission complications.
-
- ```
- sudo certbot certonly --webroot-path="/var/www/mumble.someodd.zip" -d 'mumble.someodd.zip'
- sudo mkdir /etc/mumble-server/
- sudo cp /etc/letsencrypt/live/mumble.someodd.zip/fullchain.pem /etc/mumble-server/
- ```
-
- Set decent security permissions/ensure the files are readable by
- `mumble-server`:
-
- ```
- sudo chown root:mumble-server /etc/mumble-server
- sudo chown root:mumble-server /etc/mumble-server/privkey.pem
- sudo chown root:mumble-server /etc/mumble-server/fullchain.pem
- sudo chmod 750 /etc/mumble-server
- sudo chmod 640 /etc/mumble-server/privkey.pem
- sudo chmod 640 /etc/mumble-server/fullchain.pem
- ```
-
- Point `/etc/mumble-server.ini` to the SSL files:
-
- ```
- sslCert=/etc/mumble-server/fullchain.pem
- sslKey=/etc/mumble-server/privkey.pem
- ```
-
- Update letsencrypt `/etc/letsencrypt/renewal/mumble.someodd.zip.conf` by putting
- this under renewalparams:
-
- ```
- renew_hook = cp /etc/letsencrypt/live/mumble.someodd.zip/privkey.pem /etc/mumble-server/privkey.pem && cp /etc/letsencrypt/live/mumble.someodd.zip/fullchain.pem /etc/mumble-server/fullchain.pem && chown root:mumble-server /etc/mumble-server/*.pem && chmod 640 /etc/mumble-server/*.pem && systemctl restart mumble-server
- ```
-
- Test it out with:
-
- ```
- sudo certbot renew --cert-name mumble.someodd.zip --dry-run
- ```
-
- Although since this is fresh why not just test with:
-
- ```
- sudo certbot renew --cert-name mumble.someodd.zip --force-renewal
- ```
-