# Mumble Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And it is better. I may be slightly biased. :::{note} Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly, it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor. ::: ## Bare Metal Installations ### Alliance Auth Dependencies Mumble requires an additional python package `zero-ice`, you can either install it manually, or use a helper built into the alliance auth package to install the required dependencies. ```shell pip install allianceauth[mumble] ``` ### Installing Mumble Server The mumble-server package can be retrieved from a repository, which we need to add: ::::{tabs} :::{group-tab} CentOS Stream 9, 10 sudo yum install epel-release sudo yum update ::: :::: Now three packages need to be installed: ::::{tabs} :::{group-tab} Ubuntu 2204, 2404 ```shell sudo apt-get install software-properties-common mumble-server libqt5sql5-mysql ``` ::: :::{group-tab} CentOS Stream 9, 10 sudo yum install mumble-server ::: :::: ## Configuring Mumble Server Mumble ships with a configuration file that needs customization. By default, it's located at `/etc/mumble-server.ini`. Open it with your favorite text editor: ```shell sudo nano /etc/mumble-server.ini ``` We need to enable the ICE authenticator. Edit the following: - `icesecretwrite=MY_CLEVER_PASSWORD`, obviously choosing a secure password - ensure the line containing `Ice="tcp -h 127.0.0.1 -p 6502"` is uncommented To name your root channel, uncomment and set `registerName=` to whatever cool name you want Save and close the file. To get Mumble superuser account credentials, run the following: ```shell sudo dpkg-reconfigure mumble-server ``` Set the password to something you'll remember and write it down. This is your superuser password and later needed to manage ACLs. Now restart the server to see the changes reflected. ```shell sudo service mumble-server restart ``` That's it! Your server is ready to be connected to at example.com:64738 ## Configuring Auth In your auth project's settings file (`myauth/settings/local.py`), do the following: - Add `'allianceauth.services.modules.mumble',` to your `INSTALLED_APPS` list - set `MUMBLE_URL` to the public address of your mumble server. Do not include any leading `http://` or `mumble://`. Example config: ```python # Installed apps INSTALLED_APPS += [ # ... 'allianceauth.services.modules.mumble' # ... ] # Mumble Configuration MUMBLE_URL = "mumble.example.com" ``` Finally, run migrations and restart your supervisor to complete the setup: ```shell python /home/allianceserver/myauth/manage.py migrate supervisorctl restart myauth: ``` ## Configuring Authenticator The Authenticator is configured via Django Admin, visit `/admin/mumble/mumbleserverserver/` to add a virtual server. Ensure you enter the Ice Secret here, that you set earlier as `icesecretwrite` in `murmur.ini` and select the Slice that matches your Mumble server version. `Host` and `Endpoint IP` may need to be changed if you are running a remote Mumble server. ### Virtual Servers Virtual Server's will either be a `1`, `0` or a custom list if you know what you are doing. - Mumble-Server 1.5 Defaults to `1` - Mumble-Server 1.6 Defaults to `0` You can sanity check this later in your Mumble-Authenticator logs if you are unsure. ```log [24/Mar/2026 02:27:49] INFO [mumble_authenticator:239] Found Virtual Servers:[1], Connecting To:[1] ``` ## Running Authenticator The authenticator needs to be running 24/7 to validate users on Mumble. This can be achieved by adding a section to your auth project's supervisor config file like the following example: ```ini [program:authenticator] command=/home/allianceserver/venv/auth/bin/python manage.py mumble_authenticator --server_id=1 directory=/home/allianceserver/myauth/ stdout_logfile=/home/allianceserver/myauth/log/authenticator.log stderr_logfile=/home/allianceserver/myauth/log/authenticator.log autostart=true autorestart=true startsecs=10 priority=996 ``` In addition, we'd recommend adding the authenticator to Auth's restart group in your supervisor conf. For that, you need to add it to the group line as shown in the following example: ```ini [group:myauth] programs=beat,worker,gunicorn,authenticator priority=999 ``` To enable the changes in your supervisor configuration, you need to restart the supervisor process itself. And before we do that, we are shutting down the current Auth supervisors gracefully: ```shell sudo supervisor stop myauth: sudo systemctl restart supervisor ``` ## Permissions To use this service, users will require some of the following. ```{eval-rst} +---------------------------------------+------------------+--------------------------------------------------------------------------+ | Permission | Admin Site | Auth Site | +=======================================+==================+==========================================================================+ | mumble.access_mumble | None | Can Access the Mumble Service | +---------------------------------------+------------------+--------------------------------------------------------------------------+ ``` ## ACL configuration On a freshly installed mumble server only your superuser has the right to configure ACLs and create channels. The credentials for logging in with your superuser are: - user: `SuperUser` - password: *what you defined when configuring your mumble server* ## Enabling Templinks Since AA v5 Templinks are now built-in and require no additional community apps, but they do require a setting to expose the Templink page publicly, as this feature is not enabled by default. In `local.py` you need to add `mumble` to `APPS_WITH_PUBLIC_VIEWS`. This list might already contain additional apps so add as needed. ```python APPS_WITH_PUBLIC_VIEWS = [ "mumble", ] ``` Restart Auth via supervisor for the changes to take effect ## Optimizing a Mumble Server The needs and available resources will vary between Alliance Auth installations. Consider yours when applying these settings. ### Bandwidth This is likely the most important setting for scaling a Mumble installation, The default maximum Bandwidth is 72000bps Per User. Reducing this value will cause your clients to automatically scale back their bandwidth transmitted, while causing a reduction in voice quality. A value that's still high may cause robotic voices or users with bad connections to drop due entirely due to the network load. Please tune this value to your individual needs, the below scale may provide a rough starting point. `72000` - Superior voice quality - Less than 50 users. `54000` - No noticeable reduction in quality - 50+ Users or many channels with active audio. `36000` - Mild reduction in quality - 100+ Users `30000` - Noticeable reduction in quality but not function - 250+ Users ### Forcing Opus A Mumble server, by default, will fall back to the older CELT codec as soon as a single user connects with an old client. This will significantly reduce your audio quality and likely place a higher load on your server. We *highly* recommend setting this to Zero, to force OPUS to be used at all times. Be aware any users with Mumble clients prior to 1.2.4 (From 2013...) Will not hear any audio. `opusthreshold=0` ### AutoBan and Rate Limiting The AutoBan feature has some sensible settings by default. You may wish to tune these if your users keep locking themselves out by opening two clients by mistake, or if you are receiving unwanted attention This, too, is set to a sensible configuration by default. Take note on upgrading older installs, as this may actually be set too restrictively and will rate-limit your admins accidentally, take note of the configuration in ### "Suggest" Options There is no way to force your users to update their clients or use Push to Talk, but these options will throw an error into their Mumble Client. We suggest using Mumble 1.4.0+ for your server and Clients, you can tune this to the latest Patch version. `suggestVersion=1.4.287` If Push to Talk is to your tastes, configure the suggestion as follows `suggestPushToTalk=true` ## General notes ### Setting a server password With the default configuration, your mumble server is public. Meaning that everyone who has the address can at least connect to it and might also be able to join all channels that don't have any permissions set (Depending on your ACL configured for the root channel). If you want only registered member being able to join your mumble, you have to set a server password. To do so open your mumble server configuration which is by default located at `/etc/mumble-server.ini`. ```shell sudo nano /etc/mumble-server.ini ``` Now search for `serverpassword=` and set your password here. If there is no such line, add it. ```ini serverpassword=YourSuperSecretServerPassword ``` Save the file and restart your mumble server afterward. ```shell sudo service mumble-server restart ``` It is not recommended to share/use this password, instead use the Mumble Authenticator whenever possible.