diff --git a/matrix/element-call/README.md b/matrix/element-call/README.md index 1bb1dab..841277c 100644 --- a/matrix/element-call/README.md +++ b/matrix/element-call/README.md @@ -123,8 +123,8 @@ chgrp -R www-data /etc/lk-jwt-service chmod -R o-rwx /etc/lk-jwt-service ``` -The contents of `/etc/lk-jwt-service/config` are not fully known yet (see -further, installation of the actual LiveKit, the SFU), but for now it's enough +The contents of `/etc/lk-jwt-service/config` are not fully known yet ([see +further, installation of the actual LiveKit, the SFU](#generatekeys)), but for now it's enough to fill it with this: ``` @@ -140,7 +140,7 @@ Now enable and start this thing: systemctl enable --now lk-jwt-service ``` -# SFU +# LiveKit The actual SFU, Selective Forwarding Unit, is LiveKit. Downloading and installing is easy: download the [binary from Github](https://github.com/livekit/livekit/releases/download/v1.8.0/livekit_1.8.0_linux_amd64.tar.gz) @@ -157,3 +157,107 @@ You can do this as a normal user, it will use sudo to do its job. Configuring this thing is [documented here](https://docs.livekit.io/home/self-hosting/deployment/). + +Create a key and secret: {#generatekeys} + +``` +livekit-server generate-keys +``` + +This key/secret has to be fed to lk-jwt-service, of course. Create a +configuration file for livekit, `/etc/livekit/livekit.yaml`: + +``` +port: 7880 +bind_addresses: + - "" +rtc: + tcp_port: 7881 + port_range_start: 50000 + port_range_end: 60000 + use_external_ip: true + enable_loopback_candidate: false +turn: + enabled: true + domain: livekit.matrixdev.procolix.com + cert_file: /etc/coturn/ssl/fullchain.pem + key_file: /etc/coturn/ssl/privkey.pem + tls_port: 5349 + udp_port: 3478 + external_tls: true +keys: + # KEY: secret were autogenerated by livekit/generate + # in the lk-jwt-service environment variables + xxxxxxxxxxxxxxx: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +``` + +Now define a systemd servicefile, like this: + +``` +[Unit] +Description=LiveKit Server +After=network.target +Documentation=https://docs.livekit.io + +[Service] +User=turnserver +Group=turnserver +LimitNOFILE=500000 +Restart=on-failure +WorkingDirectory=/etc/livekit +ExecStart=/usr/local/bin/livekit-server --config /etc/livekit/livekit.yaml + +[Install] +WantedBy=multi-user.target +``` + +Enable and start it. + +IMPORTANT! + +If you're running [coturn](../coturn), you'll have to shut that down! +Otherwise LiveKit will not be able to claim the ports for TURN and ICE. + +And in that case, Synapse will probably not be able to provide clients with +the correct TURN data, that is still to be researched... + + +# Element Call widget {#widget} + +This is a Node.js thingy, so start by installing yarn. Unfortunately both npm +and `yarnpkg` in Debian are antique, so we need to update them after installation. +Install Node.js and upgrade everything. Do not do this as root, we'll only +need to "compile" Element Call once. + +See [the Node.js +website](https://nodejs.org/en/download/package-manager/current) for +instructions. + + +``` +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash +``` + +Exit and login again to set some environment variables (yes, the installation +changes .bashrc). Then install and upgrade: + +``` +nvm install 23 +sudo apt install yarnpkg +/usr/share/nodejs/yarn/bin/yarn set version stable +/usr/share/nodejs/yarn/bin/yarn install +``` + +Now clone the Element Call repository and "compile" stuff (again: not as +root): + +``` +git clone https://github.com/element-hq/element-call.git +cd element-call +/usr/share/nodejs/yarn/bin/yarn +/usr/share/nodejs/yarn/bin/yarn build +``` + +After that, you can find the whole shebang under "dist". Copy that to +`/var/www/element-call` and point nginx to it ([see nginx](../nginx#callwidget)). + diff --git a/matrix/nginx/README.md b/matrix/nginx/README.md index 41d0845..cfcec99 100644 --- a/matrix/nginx/README.md +++ b/matrix/nginx/README.md @@ -227,6 +227,35 @@ server { ``` +# Element Call widget {#callwidget} + +If you self-host the [Element Call widget](../element-call#widget), this +should be the configuration to publish that: + +``` +server { + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate +/etc/letsencrypt/live/call.matrixdev.example.com/fullchain.pem; + ssl_certificate_key +/etc/letsencrypt/live/call.matrixdev.example.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/ssl/dhparams.pem; + + server_name call.matrixdev.example.com; + + root /var/www/element-call; + try_files $uri /$uri /index.html; + + + access_log /var/log/nginx/call-access.log; + error_log /var/log/nginx/call-error.log; +} +``` + + # Firewall For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).