HowTo

Docker Mumble Servers

Setting up a Mumble server with Let's Encrypt certificates in Docker

In this article, I’ll guide you through setting up a Mumble server using Docker, with automatic Let’s Encrypt certificates for secure connections. We’ll use Docker Compose, Certbot, and environment variables to make the configuration flexible and straightforward.

What Does This Configuration Do?

  1. Certbot:

    • Certbot is a tool that generates and renews certificates from Let’s Encrypt. It runs in standalone mode to generate an SSL/TLS certificate for your Mumble server.
    • The certificate is stored in a local directory and used by the Mumble server to enable encrypted connections.

  2. Mumble Server:

    • The Mumble server runs in a Docker container and is configured to use the certificate generated by Certbot for secure connections.
    • It waits for Certbot to generate the certificate before starting.

  3. Environment Variables:

    • The configuration uses environment variables for the email address and domain. This makes it easy to change the settings without directly modifying the Docker Compose file.

Prerequisites

  1. Docker and Docker Compose:

    • Ensure Docker and Docker Compose are installed on your server. You can verify this with the following commands:
      1
2

      docker --version
docker-compose --version

  2. Domain:

    • You need a domain that points to your server’s IP address. In this example, we use the domain domain.server.de.

  3. Ports:

    • Ensure ports 80 (HTTP) and 64738 (Mumble) are open on your server.

Step-by-Step Guide

1. Create a Project Directory

Create a new directory for your project and navigate into it:

1
2

mkdir mumble-docker
cd mumble-docker

2. Create the Docker Compose File

Create a file named docker-compose.yml and add the following configuration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

services:
  certbot:
    image: certbot/certbot:latest
    container_name: certbot
    ports:
      - 80:80
    volumes:
      - ./data/letsencrypt:/etc/letsencrypt
    entrypoint: >
      sh -c "certbot certonly --standalone --non-interactive --agree-tos --email
      ${CERTBOT_EMAIL} -d ${CERTBOT_DOMAIN} && tail -f /dev/null"
    restart: no

  mumble-server:
    image: mumblevoip/mumble-server:latest
    container_name: mumble-server
    ports:
      - 64738:64738
    volumes:
      - ./data:/data
      - ./letsencrypt:/letsencrypt
    environment:
      - MUMBLE_CONFIG_SSL_CERT=/letsencrypt/live/${CERTBOT_DOMAIN}/fullchain.pem
      - MUMBLE_CONFIG_SSL_KEY=/letsencrypt/live/${CERTBOT_DOMAIN}/privkey.pem
    restart: always
    depends_on:
      - certbot

networks: {}
x-dockge:
  urls:
    - mumble://${CERTBOT_DOMAIN}?version=1.2.0
    - http://162.55.131.56:64738

3. Define Environment Variables

Create a file named .env in the same directory and add the following variables:

1
2

CERTBOT_EMAIL=mailadresse@server.de
CERTBOT_DOMAIN=domain.server.de

This file will be automatically loaded by Docker Compose and replace the variables in the docker-compose.yml.

4. Prepare the Directory Structure

Create the necessary directories for certificates and data:

1

mkdir -p data/letsencrypt

5. Start the Services

Start the services using Docker Compose:

1

docker-compose up
  • The Certbot container will start and generate a certificate for the specified domain.
  • The Mumble server container will wait until the certificate is available and then start with the configuration for encrypted connections.

6. Verify Everything Works

  • Open your Mumble client and connect to mumble://domain.server.de.
  • Your Mumble server should now be running with a valid SSL certificate.

Automatic Certificate Renewal

Let’s Encrypt certificates are only valid for 90 days. To renew the certificates, you can restart the container to renew the certificates:

1

docker-compose run certbot