Self host Mumble on a VPS

// 01 What you are installing

The Mumble project ships two things: the client people talk with, and the server (historically called Murmur, now sometimes mumble-server) that everyone connects to. You only run the server on your VPS. Players grab whichever client suits them: the official Mumble desktop client, Mumla on Android, and any other client that speaks the Mumble protocol.

Murmur is a single process. It speaks its own protocol over UDP for voice and TCP for control, defaults to port 64738 for both, uses the Opus codec for high quality low bitrate audio, and stores its small state in a SQLite file by default. You can run it on a 512 MB VPS without breaking a sweat.

// 02 Prerequisites

• A Linux VPS. Debian or Ubuntu is what this guide targets. 1 GB RAM is plenty. Mumble runs on less.
• Root or sudo access over SSH.
• A way to point clients at the box: either the VPS public IP directly, or a subdomain like voice.yourdomain.com.

Need a VPS first? See the host picks. Contabo for lots of RAM on the cheap, Kamatera for hourly billing and region choice.

// 03 Install the server

On Debian and Ubuntu the package is mumble-server. Update apt and install it.

root@voice-host:~$ apt update
root@voice-host:~$ apt install -y mumble-server
# pulls in the binary, config, and a systemd unit named mumble-server

Some older documentation calls this package murmur. On current Debian and Ubuntu the name is mumble-server. Same software, newer packaging.

// 04 Configure Murmur

The config file lives at /etc/mumble-server.ini. Open it and set the values that matter for a real server. The defaults work but you want to change a few.

# name shown at the top of the channel tree
registerName=My Crew

# welcome message shown on connect. plain text or simple markup.
welcometext="<br /><b>welcome to my mumble</b><br />mind your mic."

# port for voice (UDP) and control (TCP). default is 64738.
port=64738

# max users. be realistic. 100 is plenty for a clan.
users=100

# bandwidth per user in bits/sec. 72000 is high quality opus.
bandwidth=72000

# where the sqlite db lives. leave default unless you have a reason.
database=/var/lib/mumble-server/mumble-server.sqlite

# if you have a TLS cert (see the TLS step), point these at it.
#sslCert=/etc/ssl/mumble/fullchain.pem
#sslKey=/etc/ssl/mumble/privkey.pem

Save and restart the service.

root@voice-host:~$ systemctl restart mumble-server
root@voice-host:~$ systemctl status mumble-server
Active: active (running)

// 05 SuperUser password

Murmur comes with a built in admin account called SuperUser. It cannot speak in channels but it has full rights to manage them, set permissions, and register your server. Set its password before anything else.

root@voice-host:~$ mumble-server -supw 'pick-a-long-random-password'
SuperUser password set

You only do this once. The password is stored in the database. Keep it somewhere safe. You log in as SuperUser from a client later to configure channels.

// 06 Firewall and DNS

Murmur listens on port 64738 for both UDP (voice) and TCP (control). Open both. If you use UFW:

root@voice-host:~$ ufw allow 64738/udp
root@voice-host:~$ ufw allow 64738/tcp
root@voice-host:~$ ufw reload
root@voice-host:~$ ufw status numbered

For DNS, add an A record for the subdomain you want clients to use, for example voice.discord-alternative.com, pointing at the VPS public IP. Set it to DNS only (grey cloud) if you are on Cloudflare. Voice ports do not work through the proxy.

Verify the port is actually listening before you chase client problems:

root@voice-host:~$ ss -lunp | grep 64738
udp  UNRECV 0  0  0.0.0.0:64738  0.0.0.0:*  users:(("mumble-server",pid=...))
root@voice-host:~$ ss -ltnp | grep 64738
tcp  LISTEN 0  0  0.0.0.0:64738  0.0.0.0:*  users:(("mumble-server",pid=...))

// 07 Connect with a client

Grab the official Mumble client from mumble.info for Windows, macOS, or Linux. On a phone look for Mumla (Android) or MumbleAF (iOS). Any client that speaks the Mumble protocol works.

Steps once it's installed:

1. Open the audio wizard first

   The first run wizard calibrates input volume, sets your push to talk or voice activation threshold, and picks your output device. This is worth doing right. Mumble's audio quality comes mostly from clean input settings on the client side.

2. Run the certificate wizard

   Mumble uses client certificates for identity instead of passwords. The wizard generates a self signed cert for you. You can also import a Let's Encrypt cert if you want, but the default is fine.

3. Connect to your server

   Server → Connect. Add a new favorite. Address: voice.yourdomain.com (or the VPS IP). Port: 64738. Username: anything for a normal user. Connect. If the server is reachable you should land straight in.

4. Right click the root and register

   Right click the server name at the top of the channel tree and choose Register. This ties your certificate to a stored identity on the server, so you keep the same name and permissions next time.

Mumble will warn that the server certificate is self signed on first connect. That is expected without a real TLS cert (see the next section). Accept it once for your own server. Do not train yourself to accept that warning on random servers.

// 08 Channels and permissions

Log in as SuperUser from a client to manage the server. Server → Connect, username SuperUser, password the one you set with -supw.

Once in as SuperUser, right click the root channel and:

• Add... creates a channel. Channels nest. You can build a tree like a file system.
• Edit on a channel sets a password, max users, talk priority, and which codec quality is allowed.
• The Groups and ACL tabs set who can do what. Build a small admin group, give it write permissions, and you mostly never need to log in as SuperUser again.
• Right click a user and Register to add them to a group by certificate.

Permissions in Mumble are powerful but the model is different from Discord. There are no roles in the Discord sense. You build groups of registered users and apply ACLs to channels. Spend ten minutes reading the in client tooltips and it clicks.

// 09 Optional: TLS certificate

By default clients see a self signed cert warning. A real cert removes the warning and lets the client verify the server. If you pointed a subdomain at the box, the easiest route is Let's Encrypt with certbot.

root@voice-host:~$ apt install -y certbot
# get a cert for the voice subdomain. stop anything on port 80 first if needed.
root@voice-host:~$ certbot certonly --standalone -d voice.yourdomain.com

Then in /etc/mumble-server.ini uncomment and set:

sslCert=/etc/letsencrypt/live/voice.yourdomain.com/fullchain.pem
sslKey=/etc/letsencrypt/live/voice.yourdomain.com/privkey.pem

The mumble-server user needs to read those files. Easiest fix is to give the group read access and add the user to the ssl-cert group, or copy the files to /etc/ssl/mumble/ owned by the mumble-server user and renew with a deploy hook. Then restart: systemctl restart mumble-server.

// 10 Where to go next

You now have a working self hosted Mumble server. A few things worth doing once it's live:

• Back up /var/lib/mumble-server/mumble-server.sqlite periodically. That file holds channels, users, and ACLs.
• Tune bandwidth down (try 40000) if players are on bad connections. Opus still sounds great at lower bitrates.
• Enable positional audio in the client for supported games. Hearing people by where they stand in-game is the feature Discord never matched.
• Set up a second tiny box in another region for failover if your group is serious about uptime.