in Tools

Install Mumble server on Ubuntu with certificate and PHP API

Mumble is a free open source voice communication software for gamers. It’s very easy to use, cross-platform, highly secured and offers a high quality sound.

The Mumble Server software is pretty easy to install and configure on a Ubuntu server since it’s included in the standard packages. It doesn’t require much system resources since its only limitation is the bandwidth available.

However, things start to get complicated when you want to include a verified certificate (to avoid the end-users being annoyed by warning popups about certificate stuff they don’t understand) and if you want to use or create PHP based applications to manage your server.

This tutorial will teach you how to:

  1. Install and configure a working Mumble server on your Ubuntu box;
  2. Generate a trusted certificate for free to avoid warning popups on the client;
  3. Install the Murmur ICE API on your existing PHP installation.

Install Mumble

Just install the mumble-server package:
sudo apt-get install mumble-server

Now set a the SuperUser password:
sudo dpkg-reconfigure mumble-server

You will be able to log on the server using the client software as SuperUser + the password you provided to administrate your server (channels, users, groups, rights…)

Set your server name in /etc/mumble-server.ini

sudo vim /etc/mumble-server.ini

You can also customize the welcome message. You can use some basic HTML.

When you’re done, just restart the server.
sudo service mumble-server restart

Generate the certificate

To generate a certificate, you should have a hostname for your Mumble server, i.e. mumble.my-guild.net.

Log into your server and create a temporary directory in your home directory where you will generate the key and certificate files.

cd ~
mkdir mumble-cert
cd mumble-cert

Generate the key and the certificate.
openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr

Now go to the Start SSL website, create an account and/or login.

Go to your Control panel then click Validations Wizard. Check Domain Validation and Continue. Go through the wizard to validate the domain name of your Mumble server hostname.

When you’re done with domain validation, go to the Certificates Wizard, select Web Server SSL/TLS Certificate and click Continue. On the first text field, enter the hostname of your Mumble server (i.e. mumble.my-guild.net). On the second text field, copy-paste the contents of the server_mumble.csr file. It should begin with —–BEGIN CERTIFICATE REQUEST—– and end with —–END CERTIFICATE REQUEST—–. Click Submit (don’t check Generated by PKI system).

A .zip file containing certificate files bundles for web servers will be downloaded (you can access your certificates again by clicking Tool Box then Certificate List). Extract the 1_yourhostname.domain.tld_bundle.crt file from NginxServer.zip.

Create a new ssl_mumble.crt file on your server and copy-paste the contents of the 1_yourhostname.domain.tld_bundle.crt file. You should have 2 BEGIN/END CERTIFICATE blocks. The first block is the domain certificate and the second one is the intermediate certificate. (You can also find them in 2 separate files in the OtherServer.zip file).

You’re now ready to integrate your trusted certificate into your Mumble server.
wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
cat sub.class1.server.ca.pem > ssl_mumble_concat.crt
cat ssl_mumble.crt >> ssl_mumble_concat.crt
sudo cp ssl_mumble_concat.crt /etc/ssl_mumble_concat.crt
sudo cp mumble.key /etc/mumble.key

Now edit /etc/mumble-server.ini
vim /etc/mumble-server.ini

And set the sslCert and sslKey values.

Restart the server
sudo service mumble-server restart

You should now be able to log into your server using a regular Mumble client.

☞ If the connection fails, check the log file for a SSL Error
sudo tail -n 10 /var/log/mumble-server/mumble-server.log

If you have the following error:
1 => <1:(-1)> New connection: XXX.XXX.XXX.XXX:XXXXX
1 => <1:(-1)> SSL Error: No certificates could be verified
1 => <1:(-1)> Connection closed: [-1]

Try this:
sudo wget --no-check-certificate -P /etc/ssl/certs/ https://www.startssl.com/certs/ca-bundle.pem

Thanks to Samuel Kadolf for the tip !

Install PHP Ice API

This part is optional. It’s only needed if you plan to install a 3rd party application written un PHP such as MumPI to administrate your server or create your own.

This will be achieved using the ICE interface of the Mumble server (aka Murmur).

Configure Murmur for ICE

Edit mumble-server.ini to disable the bus setting and set a ICE password
sudo vim /etc/mumble-server.ini

Comment the dbus setting

Uncomment/add the ICE settings

Then set the password.

Install PHP ICE extension

sudo apt-get install php-zeros-ice

Enable the extension in php.ini.

sudo vim /etc/php5/apache2/php.ini

And add it to the include_path (change the version number by yours):

You may also want to add the extension for the CLI configuration as well (/etc/php5/cli/php.ini) if you’re using PHP as command-line scripting language.

Restart Apache
sudo service apache2 restart

Generate Murmur.php

You will probably need to generate an up-to-date Murmur.php include file for your application which contains the actual Murmur PHP classes and functions.

Install ICE translators package
sudo apt-get install ice-translators

To generate the Murmur.php file in the current working directory, just type:
sudo slice2php -I/usr/share/Ice-3.5.1/slice /usr/share/slice/Murmur.ice