Added most configuration for LiveKit and Element Call.

This commit is contained in:
Hans van Zijst 2024-11-20 20:12:42 +01:00 committed by Valentin Gagarin
parent 2555c583c9
commit adbf25d990
2 changed files with 136 additions and 3 deletions

View file

@ -123,8 +123,8 @@ chgrp -R www-data /etc/lk-jwt-service
chmod -R o-rwx /etc/lk-jwt-service
```
The contents of `/etc/lk-jwt-service/config` are not fully known yet (see
further, installation of the actual LiveKit, the SFU), but for now it's enough
The contents of `/etc/lk-jwt-service/config` are not fully known yet ([see
further, installation of the actual LiveKit, the SFU](#generatekeys)), but for now it's enough
to fill it with this:
```
@ -140,7 +140,7 @@ Now enable and start this thing:
systemctl enable --now lk-jwt-service
```
# SFU
# LiveKit
The actual SFU, Selective Forwarding Unit, is LiveKit. Downloading and
installing is easy: download the [binary from Github](https://github.com/livekit/livekit/releases/download/v1.8.0/livekit_1.8.0_linux_amd64.tar.gz)
@ -157,3 +157,107 @@ You can do this as a normal user, it will use sudo to do its job.
Configuring this thing is [documented
here](https://docs.livekit.io/home/self-hosting/deployment/).
Create a key and secret: {#generatekeys}
```
livekit-server generate-keys
```
This key/secret has to be fed to lk-jwt-service, of course. Create a
configuration file for livekit, `/etc/livekit/livekit.yaml`:
```
port: 7880
bind_addresses:
- ""
rtc:
tcp_port: 7881
port_range_start: 50000
port_range_end: 60000
use_external_ip: true
enable_loopback_candidate: false
turn:
enabled: true
domain: livekit.matrixdev.procolix.com
cert_file: /etc/coturn/ssl/fullchain.pem
key_file: /etc/coturn/ssl/privkey.pem
tls_port: 5349
udp_port: 3478
external_tls: true
keys:
# KEY: secret were autogenerated by livekit/generate
# in the lk-jwt-service environment variables
xxxxxxxxxxxxxxx: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
Now define a systemd servicefile, like this:
```
[Unit]
Description=LiveKit Server
After=network.target
Documentation=https://docs.livekit.io
[Service]
User=turnserver
Group=turnserver
LimitNOFILE=500000
Restart=on-failure
WorkingDirectory=/etc/livekit
ExecStart=/usr/local/bin/livekit-server --config /etc/livekit/livekit.yaml
[Install]
WantedBy=multi-user.target
```
Enable and start it.
IMPORTANT!
If you're running [coturn](../coturn), you'll have to shut that down!
Otherwise LiveKit will not be able to claim the ports for TURN and ICE.
And in that case, Synapse will probably not be able to provide clients with
the correct TURN data, that is still to be researched...
# Element Call widget {#widget}
This is a Node.js thingy, so start by installing yarn. Unfortunately both npm
and `yarnpkg` in Debian are antique, so we need to update them after installation.
Install Node.js and upgrade everything. Do not do this as root, we'll only
need to "compile" Element Call once.
See [the Node.js
website](https://nodejs.org/en/download/package-manager/current) for
instructions.
```
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
```
Exit and login again to set some environment variables (yes, the installation
changes .bashrc). Then install and upgrade:
```
nvm install 23
sudo apt install yarnpkg
/usr/share/nodejs/yarn/bin/yarn set version stable
/usr/share/nodejs/yarn/bin/yarn install
```
Now clone the Element Call repository and "compile" stuff (again: not as
root):
```
git clone https://github.com/element-hq/element-call.git
cd element-call
/usr/share/nodejs/yarn/bin/yarn
/usr/share/nodejs/yarn/bin/yarn build
```
After that, you can find the whole shebang under "dist". Copy that to
`/var/www/element-call` and point nginx to it ([see nginx](../nginx#callwidget)).

View file

@ -227,6 +227,35 @@ server {
```
# Element Call widget {#callwidget}
If you self-host the [Element Call widget](../element-call#widget), this
should be the configuration to publish that:
```
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate
/etc/letsencrypt/live/call.matrixdev.example.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/call.matrixdev.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name call.matrixdev.example.com;
root /var/www/element-call;
try_files $uri /$uri /index.html;
access_log /var/log/nginx/call-access.log;
error_log /var/log/nginx/call-error.log;
}
```
# Firewall
For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).