Murmur Server
2021-11-16 · 860 words · 5 min

Designation:

ApplicationDescription
MumbleClient Voice Chat Application
MurmurServer-Part for Mumble

Machine: OpenBSD 6.9
$uname -srp 
OpenBSD 6.9 amd64

We install the package murmur.

There is also a featherweight-version called umurmur, but it looks like development is losing steam there. Version 0.2.20 more than 7 months ago and the OpenBSD package is currently version 0.2.18.

$doas pkg_add murmur

Which version do we actually run?

$pkg_info -Q murmur
debug-murmur-1.3.4
murmur-1.3.4 (installed) 
umurmur-0.2.18

Ok, let's start the daemon.

$doas rcctl start murmurd
murmurd(ok)

In case of a reboot, ...

$doas rcctl enable murmurd

No feedback, but the daemon is enabled, as we can see:

$cat /etc/rc.conf.local
httpd_flags= 
pkg_scripts=prosody murmurd 
sndiod_flags=NO 

For further configuration, we have to adapt /etc/murmur.ini to the wishes.

$doas cat /etc/murmur.ini

database=/var/murmur/murmur.sqlite
logfile=/var/murmur/murmur.log
welcometext="<br><b>*** välkommen till min privata murmur-server *** </b></br> "
;welcometextfile=.txt
sendversion=true
port=64738
host=__put-SERVER-IP-here__
serverpassword=__your-own-passwd-here__
registerName=*** northern lights ***
bandwidth=100000
timeout=30
users=10
;usersperchannel=0

messageburst=5
messagelimit=1
allowping=true
opusthreshold=0
;channelnestinglimit=10
;channelcountlimit=1000

; Regular expression used to validate channel names.
; (Note that you have to escape backslashes with \ )
;channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
; Regular expression used to validate user names.
; (Note that you have to escape backslashes with \ )
;username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+

; If a user has no stored channel 
;defaultchannel=0
;rememberchannel=true
;textmessagelength=5000
;imagemessagelength=131072
;allowhtml=true

; Murmur retains the per-server log entries in an internal database which
; allows it to be accessed over D-Bus/ICE.
; Set to 0 to keep forever, or -1 to disable logging to the DB.
logdays=-1

;registerName=Mumble Server
;registerPassword=secret
;registerUrl=http://www.mumble.info/
;registerHostname=
;registerLocation=

;bonjour=True

; sslCert=/.pem
; sslKey=/.key
; sslPassPhrase=

; If your certificate is signed by an authority that uses a sub-signed or
; "intermediate" certificate, you probably need to bundle it with your
; certificate in order to get Murmur to accept it. You can either concatenate
; the two certificates into one file, or you can put it in a file by itself and
; put the path to that PEM-file in sslCA.
;sslCA=

; The sslDHParams option allows you to specify a PEM-encoded file with
; Diffie-Hellman parameters, which will be used as the default Diffie-
; Hellman parameters for all virtual servers.
;
; Instead of pointing sslDHParams to a file, you can also use the option
; to specify a named set of Diffie-Hellman parameters for Murmur to use.
; Murmur comes bundled with the Diffie-Hellman parameters from RFC 7919.
; These parameters are available by using the following names:
;
; @ffdhe2048, @ffdhe3072, @ffdhe4096, @ffdhe6144, @ffdhe8192
;
; By default, Murmur uses @ffdhe2048.
;sslDHParams=@ffdhe2048

; The sslCiphers option chooses the cipher suites to make available for use
; in SSL/TLS. This option is server-wide, and cannot be set on a
; per-virtual-server basis.
;
; This option is specified using OpenSSL cipher list notation (see
; https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
;
; It is recommended that you try your cipher string using 'openssl ciphers <string>'
; before setting it here, to get a feel for which cipher suites you will get.
;
; After setting this option, it is recommend that you inspect your Murmur log
; to ensure that Murmur is using the cipher suites that you expected it to.
;
; Note: Changing this option may impact the backwards compatibility of your
; Murmur server, and can remove the ability for older Mumble clients to be able
; to connect to it.
;sslCiphers=EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA

; If Murmur is started as root, which user should it switch to?
; This option is ignored if Murmur isn't started with root privileges.
;uname=

; By default, in log files and in the user status window for privileged users,
; Mumble will show IP addresses - in some situations you may find this unwanted
; behavior. If obfuscate is set to true, Murmur will randomize the IP addresses
; of connecting users.
;
; The obfuscate function only affects the log file and DOES NOT effect the user
; information section in the client window.
;obfuscate=false

; If this options is enabled, only clients which have a certificate are allowed
; to connect.
;certrequired=False

;suggestVersion=x.x.x
;suggestPositional=true
;suggestPushToTalk=true
;legacyPasswordHash=false
;kdfIterations=-1

; If a client attempts autobanAttempts connections in autobanTimeframe seconds,
; they will be banned for autobanTime seconds. This is a global ban, from all
; virtual servers on the Murmur process. It will not show up in any of the
; ban-lists on the server, and they can't be removed without restarting the
; Murmur process - just let them expire. A single, properly functioning client
; should not trip these bans.
;
; To disable, set autobanAttempts or autobanTimeframe to 0. Commenting these
; settings out will cause Murmur to use the defaults:
;
;autobanAttempts=10
;autobanTimeframe=120
;autobanTime=300

Port 64738 is default, i currently going to use TCP over this one and have not explicit opened for UDP. TCP is fallback in case UDP is not available. This comes with advantages and disadvantages. Maybe it get's to noisy without UDP, i have to play with the settings in future.

tech · about · visual · contact · home