Fast & Easy Tutorial - Setup Teamspeak Server on Debian 9.7

February 18, 2019 901 views
Getting Started Deployment Open Source Debian 9

Two years ago, someone asked me to write a tutorial about how to setup a teamspeak server on Ubuntu 15.04. Since then I have been maintaining tutorials on DO for setting up Teamspeak servers.

This tutorial will be for the ones that want a teamspeak server fast & easy without any extra's. I will however also explain all the lovely options withing teamspeak servers.

Old tutorials:
Setting up on Ubuntu 15.04
Setting up on Debian 9.3

If you got any problems after using this tutorial, please make a comment. I made this tutorial in a way I think is the best, if you got any improvements or want to use something else please tell me.

Prerequisites

  • A droplet with Debian 9.x ( $5 is enough for a ts server) --> Use my referral link for a free $10

  • An SSH client / SFTP client ( I am using PuTTY and WinSCP )

What we will do

  1. Setting up our server (securing, understanding, updating) Optional
  2. Downloading and installing Teamspeak
  3. Creating an auto(re)start script
  4. Troubleshooting & Upgrading Teamspeak
  5. Optional configuring Teamspeak

Connect to the droplet

First we need to connect to the droplet we created. Once the droplet is created, you will get an email with all the credentials in it. Open PuTTY and use these credentials to login; the first time you login you need to change the password. To make this server secure, I always like to use a RSA key. We will look into setting that up now.

Securing the droplet

Once you are logged in, there are multiple small things you can change to harden your system:

  1. SSH: Securing SSH with RSA, Disabling root login, Changing the SSH port
  2. Updates: Always keep your server up-to-date
  3. Setting up a firewall
  4. Checking for backdoors, rootkits and exploits with rkhunter

1. Securing the SSH service

You can secure your droplet by hardening the SSH service. The SSH service is used to connect to your droplet with an ssh client (like Putty) and runs on port 22. Hackers are known to scan the internet for port 22 and breach your server. Because of that it is important to always secure your server with just a few steps.

Let's first setup SSH keys. When you are not using an SSH key, it means you are using a plain password. Once a hacker has found your new server with SSH running on port 22, it will try to crack this plain password.

An SSH key will ensure the connection between the client - server is encrypted with a specific key. Only with this key you will be able to login. To setup SSH keys check out my post here: Securing a Debian Server 9.X – Hardening SSH with keys

Also disabling the root login and changing the SSH daemon port will help to atleast slow down / limit the availablity for hackers. Since the default SSH port is 22, scripts will search the internet for that port first. Changing this will slow down this script. As well as disabling the root user to login.
Check out this post here: Disabling root login and changing the SSH port

2. Updating your remote server

The first thing in the IT world: always update your servers --> **However* you have to make sure the new updates are compatible with anything running on your server.
The most feared problem of an IT administrator, is those services suddenly not working anymore after an update. So yes, I do recommend you update your servers, but make sure it's all tested & working.

apt-get update && apt-get upgrade

3. Setting up a firewall

A firewall could mean the world to you, but it could also give you alot of pain. I have seen alot of problems where you might think a service or configuration is the problem, but actually the firewall was actually blocking data. So I would recommend you:

  1. Make a list of ports you need (in)
  2. Think about if you like all data to go out, or only specifc ports?
  3. If there are specific IP's that need to always be allowed
  4. If there are specific IP's you would always like to block

The most easy and fast Firewall I think there is, is UFW. UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall.

If you're looking to get started securing your network, and you're not sure which tool to use, UFW may be the right choice for you. Take a look at this post to setup UFW: Setting up UFW on Debian 9.X

4. Scanning our server with Rkhunter
Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems that scans backdoors, rootkits and local exploits on your systems.

It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/. To setup Rkhunter and start scanning your system, check out this post here: Securing a Debian Server 9.X – Scanning for malicious items (Rkhunter)

Downloading and installing teamspeak

For this tutorial I would like to keep the installation of teamspeak quick and simple. You will have your teamspeak up and running within 5 minutes!

Because of the fast setup, we will use SQLite as a database and no configuration file. I will however explain later on how to use MariaDB as a database and edit your teamspeak configuration.

Downloading & installing
Download the latest teamspeak server you can find on the teamspeak website.

cd /tmp
wget https://files.teamspeak-services.com/releases/server/3.6.1/teamspeak3-server_linux_amd64-3.6.1.tar.bz2
tar -xf teamspeak3-server_linux_amd64-3.6.1.tar.bz2

Now let's move it somewhere on a safe and proper location.

mkdir /opt/teamspeak-server
mv teamspeak3-server_linux_amd64/* /opt/teamspeak-server
cd /opt/teamspeak-server

To keep our server secure, we will create another user and let it run the server.

useradd -d /opt/teamspeak-server teamspeak-user
chown -R teamspeak-user:teamspeak-user /opt/teamspeak-server

Thats the installation, now we can move on to starting the Teamspeak server.

Accepting the license and starting teamspeak

Before you run the teamspeak 3 server it is required that you agree to our license. This license
can be found in the file "license.txt" or "LICENSE" (depending on your platform), which is located
in the same location as the ts3server binary (the main folder).

We can do this by creating a specific file.

su teamspeak-user
touch .ts3server_license_accepted

Thats it, we should now be able to start the Teamspeak server with a free license.

./ts3server_startscript.sh start

The output should give you a token, that will looke something like this:

token=HhPRunideGIrFTClyxR6dn0N9fzLX6jFvOZjRJqa

The token you see above can be used once, and will give you administration access. You can now connect to your teamspeak server by using the IP of your server.

Creating an auto(re)start script

For all that want a auto-restart script using systemd

To create a script that auto-restarts, you could setup a systemd script. systemd is a system and service manager for Linux which has become the de facto initialization daemon for most new Linux distributions.
First implemented in Fedora, systemd now comes with RHEL 7 and its derivatives like CentOS 7. Ubuntu 15.04 ships with native systemd as well. Other distributions have either incorporated systemd, or announced they will soon.

Follow the next steps to create this script. Make sure you are root user!!
To exit as the teamspeak-user user, hit CTRL + D

Create the new script:

cat > /etc/systemd/system/teamspeak.service << EOF
[Unit]
Description=TeamSpeak3 Server
Wants=network-online.target
After=syslog.target network.target

[Service]
WorkingDirectory=/opt/teamspeak-server
User=teamspeak-user
Type=forking
Restart=always
ExecStart=/opt/teamspeak-server/ts3server_startscript.sh start
ExecStop=/opt/teamspeak-server/ts3server_startscript.sh stop
ExecReload=/opt/teamspeak-server/ts3server_startscript.sh reload
PIDFile=/opt/teamspeak-server/ts3server.pid

[Install]
WantedBy=multi-user.target
EOF

Hit Enter

Now stop the current server and enable the systemd script

./ts3server_startscript.sh stop
systemctl enable teamspeak
systemctl start teamspeak

Troubleshooting

In some cases, the server process terminates on startup and the error message reads

Server() error while starting servermanager, error: instance check error

As long as you do not use a license key Teamspeak makes sure you only run exactly one instance of the TS3
server free unregistered version. It uses shared memory to facilitate the communication to detect
other running instances, which requires tmpfs to be mounted at
/dev/shm.

If you (for whatever reason) do not have this mounted, the above error will occur. To fix this
problem, the following commands or file edits need to be done as root user (or using something like
sudo). This is a temporary fix until your next reboot.

mount -t tmpfs tmpfs /dev/shm

Now, to make sure this mount is done automatically upon reboot edit the file /etc/fstab and add the
line:

tmpfs /dev/shm tmpfs defaults 0 0

Upgrading

When a new version comes out, you can easily upgrade the Teamspeak server. The steps that are needed:

  • Stop the Teamspeak server
  • Download the latest version
  • Move the files to the proper location
  • Run the Teamspeak server

1 Shutdown the server:

systemctl stop teamspeak

2 Download the latest version (which you can find on their website), extract it, move it and change the permissions:

cd /tmp
wget https://files.teamspeak-services.com/releases/server/3.6.1/teamspeak3-server_linux_amd64-3.6.1.tar.bz2
tar -xf teamspeak3-server_linux_amd64-3.6.1.tar.bz2

You can easily find the proper name of the tarbal, by typing the first 2-3 characters of the name and then hitting TAB. Debian will search the rest for you.

Now lets move the files to the opt directory, and remove all the downloaded files:

cp -rf teamspeak3-server_linux_amd64/* /opt/teamspeak-server/
chown -R teamspeak-user:teamspeak-user /opt/teamspeak-server
rm -rf teamspeak3-server*

3 Start the server again:

systemctl start teamspeak

Other Teamspeak options

If you would like to play a bit more with Teamspeak, you could change the setup a bit and edit some configurations. For example, you can use a MariaDB database instead of a sqlite file. Or you can customize your teamspeak configuration.

Install MariaDB

MariaDB is a replacement for MySQL with a better performance. The database will hold all users/settings etc. of the Teamspeak server instead of SQLlite. Check out this great article about why and if.

If you already have a SQL database running, skip the first few steps and continue on making a new user for the teamspeak server.
Before we can install MariaDB, we need to update & upgrade the packages. So run the following:

apt-get update && apt-get upgrade

Now thats done, we can install MariaDB:

apt-get install mariadb-client mariadb-server

Hit Y when they want you to confirm

Once the install process is finished, you have to setup your MariaDB install with new root password (default is blank). Issue this command:

/usr/bin/mysql_secure_installation
Enter current password for root (enter for none): Enter
Set root password? [Y/n]  y
New password: PassWordGoesHere
Remove anonymous users? [Y/n]  y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n]   y
Reload privilege tables now? [Y/n]   y

Now the MariaDB service should be running with a new root password.

Lets configure the database now. We will create a new user and database for the Teamspeak server. Create the database with your own password:

mysql -u root -p 
Enter the root user password
create database teamspeak;
GRANT ALL PRIVILEGES ON teamspeak.* TO 'teamspeak'@'localhost' IDENTIFIED BY 'TeamspeakUserPasswordGoesHere';
flush privileges;
quit

Change TeamspeakUserPasswordGoesHere with a secure password

Configuring teamspeak to use MariaDB

To get the MariaDB working we need to do some extra work. First we have to add a library for teamspeak to use. Symlink the libmariadb.so.2 library from /redist folder to TeamSpeak3 server directory.

ln -s /opt/teamspeak-server/redist/libmariadb.so.2 /opt/teamspeak-server/libmariadb.so.2

Run ldd to prints the shared libraries required by TeamSpeak3 server.

ldd /opt/teamspeak3-server/libts3db_mariadb.so

If libmariadb.so.2 ==> not found shows, use the following command:

apt-get install libmariadb2

Configure Teamspeak

We are going to configure TeamSpeak3 server with the MySQL-MariaDB database,
We have to manually create configfiles:

ts3server.ini
ts3db_mariadb.ini

Create the configfile with the MySQL-MariaDB database option.

nano /opt/teamspeak-server/ts3server.ini

With the following inside of it:

machine_id=
default_voice_port=9987
voice_ip=0.0.0.0
licensepath=
filetransfer_port=30033
filetransfer_ip=0.0.0.0
query_port=10011
query_ip=0.0.0.0
query_ip_whitelist=query_ip_whitelist.txt
query_ip_blacklist=query_ip_blacklist.txt
dbsqlpath=sql/
dbplugin=ts3db_mariadb
dbsqlcreatepath=create_mariadb/
dbpluginparameter=ts3db_mariadb.ini
dbconnections=10
logpath=logs
logquerycommands=0
dbclientkeepdays=30
logappend=0
query_skipbruteforcecheck=0

To save: Hit CTRL + X --> Y

If you like to know more about possible options for the teamspeak server, check out the server_quickstart.txt inside the doc folder.

Creating the configfile for the database for the TeamSpeak3 server.
Change PASSWORD to the same password you have created configuring the MySQL database.

nano /opt/teamspeak-server/ts3db_mariadb.ini

[config]
host=127.0.0.1
port=3306
username=teamspeak3
password=PASSWORD
database=teamspeak3
socket=

Now you need to change permissions of the new config files:

sudo chown -R teamspeak-user:teamspeak-user /opt/teamspeak-server

That's it!

If you have any questions, please do not hesistate to ask them.

1 Answer

Hey friend,

Thanks for sharing! Looks like you have several other tutorials as well, and it's not spam if I advertise your blog for you :)

https://justsometech.com/

Jarland

Have another answer? Share your knowledge.