Self-host a private Mumble server on Ubuntu (step-by-step)

What you need

• An Ubuntu VPS (or home server) with SSH access
• A provider firewall (recommended) and/or host firewall (UFW)
• A plan for admin access (minimum: non-root sudo user with SSH keys)
• A basic understanding of how to recover access if you misconfigure SSH or firewall rules

Before starting, confirm you have provider console access (DigitalOcean, Hetzner, etc.) in case you lock yourself out.

1) Install the Mumble server

Update and install:

sudo apt update
sudo apt install -y mumble-server

Enable and start the service:

sudo systemctl enable --now mumble-server.service
sudo systemctl status mumble-server.service --no-pager

You should see it running without errors. If it fails here, stop and resolve before proceeding.

2) Set a strong SuperUser password

Mumble creates an admin account called SuperUser. Set its password immediately:

sudo mumble-server -ini /etc/mumble-server.ini -supw 'STRONG_PASSWORD_HERE'

Use a password manager. Do not paste real credentials into chat, tickets, or screenshots. If you forget this password, recovery is possible — but unnecessary friction.

3) Configure a private-by-default server

Open the configuration file:

sudo nano /etc/mumble-server.ini

For small private servers, focus on:

• Do not publicly list the server
• Set a server password (join password) if you want simple shared access
• Keep bandwidth conservative on small VPS plans
• Add a short welcome message with rules

Minimal configuration reduces error surface. Avoid over-tuning at this stage.

After editing:

sudo systemctl restart mumble-server.service

4) Firewall: open only what you need

By default, Mumble uses:

• UDP 64738 (primary)
• TCP 64738 (optional / fallback)

You likely have two firewall layers:

• Provider firewall (cloud control panel)
• Host firewall (UFW)

If either blocks the port, the server is unreachable.

Recommended order:

1. Allow the port at the provider level first
2. Then configure host firewall rules

Example (UFW):

sudo ufw allow 64738/udp
# optional:
# sudo ufw allow 64738/tcp
sudo ufw status

If UFW is inactive but the service still isn’t reachable, check your provider firewall. Cloud rules override permissive host settings.

5) Admin hygiene (real-world use)

Most small servers are compromised through poor access control, not Mumble itself. Best practices:

• Create channels deliberately (avoid default sprawl)
• Use ACLs intentionally
• Register trusted users (certificate-based identity)
• Do not rely solely on a shared join password
• Rotate admin credentials if ever shared

Keep it simple and intentional.

6) Verification checklist

Before inviting users:

• systemctl status mumble-server
• ss -ulpen | grep 64738
• Test connectivity from a different network (mobile data works well)
• Log in as SuperUser and confirm ACL control works

If something feels unclear at this stage, resolve it now — not when five people are waiting to connect.

7) Optional: use a custom domain

For usability, you can connect via:

mumble.yourdomain.com

• At minimum: add a DNS A record pointing to your server IP
• If using Cloudflare: keep the record DNS-only (no orange-cloud proxy for Mumble)

Voice services do not work behind standard HTTP proxies.

A note on responsibility

Self-hosting gives you control — but also responsibility:

• You manage updates
• You manage firewall alignment
• You manage admin access
• You handle outages

For many small groups, that’s perfectly fine. For others, it becomes maintenance overhead over time.