in Tools

Install Mumble server on Ubuntu with certificate and PHP API

Mumble is a free open source voice communication software for gamers. It’s very easy to use, cross-platform, highly secured and offers a high quality sound.

The Mumble Server software is pretty easy to install and configure on a Ubuntu server since it’s included in the standard packages. It doesn’t require much system resources since its only limitation is the bandwidth available.

However, things start to get complicated when you want to include a verified certificate (to avoid the end-users being annoyed by warning popups about certificate stuff they don’t understand) and if you want to use or create PHP based applications to manage your server.

This tutorial will teach you how to:

  1. Install and configure a working Mumble server on your Ubuntu box;
  2. Generate a trusted certificate for free to avoid warning popups on the client;
  3. Install the Murmur ICE API on your existing PHP installation.

Install Mumble

Just install the mumble-server package:
sudo apt-get install mumble-server

Now set a the SuperUser password:
sudo dpkg-reconfigure mumble-server

You will be able to log on the server using the client software as SuperUser + the password you provided to administrate your server (channels, users, groups, rights…)

Set your server name in /etc/mumble-server.ini

sudo vim /etc/mumble-server.ini

# To enable public server registration, the serverpassword must be blank, and
# this must all be filled out.
# The password here is used to create a registry for the server name; subsequent
# updates will need the same password. Don't lose your password.
# The URL is your own website, and only set the registerHostname for static IP
# addresses.
# Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
#
registerName=My Guild Mumble server

You can also customize the welcome message. You can use some basic HTML.

# The below will be used as defaults for new configured servers.
# If you're just running one server (the default), it's easier to
# configure it here than through D-Bus or Ice.
#
# Welcome message sent to clients when they connect.
welcometext="<br />Welcome to My Guild Mumble server!<br /><img src=\"http://www.my-guild.net/images/my-guild-logo.png\" /><br />"

When you’re done, just restart the server.
sudo service mumble-server restart

Generate the certificate

To generate a certificate, you should have a hostname for your Mumble server, i.e. mumble.my-guild.net.

Log into your server and create a temporary directory in your home directory where you will generate the key and certificate files.

cd ~
mkdir mumble-cert
cd mumble-cert

Generate the key and the certificate.
openssl req -nodes -newkey rsa:2048 -nodes -keyout mumble.key -out server_mumble.csr

Now go to the Start SSL website, create an account and/or login.

Go to your Control panel then click Validations Wizard. Check Domain Validation and Continue. Go through the wizard to validate the domain name of your Mumble server hostname.

When you’re done with domain validation, go to the Certificates Wizard, select Web Server SSL/TLS Certificate and click Continue. On the first text field, enter the hostname of your Mumble server (i.e. mumble.my-guild.net). On the second text field, copy-paste the contents of the server_mumble.csr file. It should begin with —–BEGIN CERTIFICATE REQUEST—– and end with —–END CERTIFICATE REQUEST—–. Click Submit (don’t check Generated by PKI system).

A .zip file containing certificate files bundles for web servers will be downloaded (you can access your certificates again by clicking Tool Box then Certificate List). Extract the 1_yourhostname.domain.tld_bundle.crt file from NginxServer.zip.

Create a new ssl_mumble.crt file on your server and copy-paste the contents of the 1_yourhostname.domain.tld_bundle.crt file. You should have 2 BEGIN/END CERTIFICATE blocks. The first block is the domain certificate and the second one is the intermediate certificate. (You can also find them in 2 separate files in the OtherServer.zip file).

You’re now ready to integrate your trusted certificate into your Mumble server.
wget --no-check-certificate https://www.startssl.com/certs/sub.class1.server.ca.pem
cat sub.class1.server.ca.pem > ssl_mumble_concat.crt
cat ssl_mumble.crt >> ssl_mumble_concat.crt
sudo cp ssl_mumble_concat.crt /etc/ssl_mumble_concat.crt
sudo cp mumble.key /etc/mumble.key

Now edit /etc/mumble-server.ini
vim /etc/mumble-server.ini

And set the sslCert and sslKey values.

# If you have a proper SSL certificate, you can provide the filenames here.
# Otherwise, Murmur will create it's own certificate automatically.
sslCert=ssl_mumble_concat.crt
sslKey=mumble.key

Restart the server
sudo service mumble-server restart

You should now be able to log into your server using a regular Mumble client.

☞ If the connection fails, check the log file for a SSL Error
sudo tail -n 10 /var/log/mumble-server/mumble-server.log

If you have the following error:
1 => <1:(-1)> New connection: XXX.XXX.XXX.XXX:XXXXX
1 => <1:(-1)> SSL Error: No certificates could be verified
1 => <1:(-1)> Connection closed: [-1]

Try this:
sudo wget --no-check-certificate -P /etc/ssl/certs/ https://www.startssl.com/certs/ca-bundle.pem

Thanks to Samuel Kadolf for the tip !

Install PHP Ice API

This part is optional. It’s only needed if you plan to install a 3rd party application written un PHP such as MumPI to administrate your server or create your own.

This will be achieved using the ICE interface of the Mumble server (aka Murmur).

Configure Murmur for ICE

Edit mumble-server.ini to disable the bus setting and set a ICE password
sudo vim /etc/mumble-server.ini

Comment the dbus setting

# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
# RPC methods available in Murmur, please specify so here.
#
#dbus=system

Uncomment/add the ICE settings

# If you want to use ZeroC Ice to communicate with Murmur, you need
# to specify the endpoint to use. Since there is no authentication
# with ICE, you should only use it if you trust all the users who have
# shell access to your machine.
# Please see the ICE documentation on how to specify endpoints.
ice="tcp -h 127.0.0.1 -p 6502"

Then set the password.

# Ice primarily uses local sockets. This means anyone who has a
# user account on your machine can connect to the Ice services.
# You can set a plaintext "secret" on the Ice connection, and
# any script attempting to access must then have this secret
# (as context with name "secret").
# Access is split in read (look only) and write (modify) 
# operations. Write access always includes read access,
# unless read is explicitly denied (see note below).
#
# Note that if this is uncommented and with empty content,
# access will be denied.

#icesecretread=
icesecretwrite=topsecret007

Install PHP ICE extension

sudo apt-get install php-zeros-ice

Enable the extension in php.ini.

sudo vim /etc/php5/apache2/php.ini

;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;

extension=IcePHP.so

And add it to the include_path (change the version number by yours):

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;

; UNIX: "/path1:/path2"
include_path = ".:/usr/share/Ice-3.5.1/php/lib"

You may also want to add the extension for the CLI configuration as well (/etc/php5/cli/php.ini) if you’re using PHP as command-line scripting language.

Restart Apache
sudo service apache2 restart

Generate Murmur.php

You will probably need to generate an up-to-date Murmur.php include file for your application which contains the actual Murmur PHP classes and functions.

Install ICE translators package
sudo apt-get install ice-translators

To generate the Murmur.php file in the current working directory, just type:
sudo slice2php -I/usr/share/Ice-3.5.1/slice /usr/share/slice/Murmur.ice