forked from Fediversity/Fediversity
Added most configuration for LiveKit and Element Call.
This commit is contained in:
parent
2555c583c9
commit
adbf25d990
|
|
@ -123,8 +123,8 @@ chgrp -R www-data /etc/lk-jwt-service
|
|||
chmod -R o-rwx /etc/lk-jwt-service
|
||||
```
|
||||
|
||||
The contents of `/etc/lk-jwt-service/config` are not fully known yet (see
|
||||
further, installation of the actual LiveKit, the SFU), but for now it's enough
|
||||
The contents of `/etc/lk-jwt-service/config` are not fully known yet ([see
|
||||
further, installation of the actual LiveKit, the SFU](#generatekeys)), but for now it's enough
|
||||
to fill it with this:
|
||||
|
||||
```
|
||||
|
|
@ -140,7 +140,7 @@ Now enable and start this thing:
|
|||
systemctl enable --now lk-jwt-service
|
||||
```
|
||||
|
||||
# SFU
|
||||
# LiveKit
|
||||
|
||||
The actual SFU, Selective Forwarding Unit, is LiveKit. Downloading and
|
||||
installing is easy: download the [binary from Github](https://github.com/livekit/livekit/releases/download/v1.8.0/livekit_1.8.0_linux_amd64.tar.gz)
|
||||
|
|
@ -157,3 +157,107 @@ You can do this as a normal user, it will use sudo to do its job.
|
|||
|
||||
Configuring this thing is [documented
|
||||
here](https://docs.livekit.io/home/self-hosting/deployment/).
|
||||
|
||||
Create a key and secret: {#generatekeys}
|
||||
|
||||
```
|
||||
livekit-server generate-keys
|
||||
```
|
||||
|
||||
This key/secret has to be fed to lk-jwt-service, of course. Create a
|
||||
configuration file for livekit, `/etc/livekit/livekit.yaml`:
|
||||
|
||||
```
|
||||
port: 7880
|
||||
bind_addresses:
|
||||
- ""
|
||||
rtc:
|
||||
tcp_port: 7881
|
||||
port_range_start: 50000
|
||||
port_range_end: 60000
|
||||
use_external_ip: true
|
||||
enable_loopback_candidate: false
|
||||
turn:
|
||||
enabled: true
|
||||
domain: livekit.matrixdev.procolix.com
|
||||
cert_file: /etc/coturn/ssl/fullchain.pem
|
||||
key_file: /etc/coturn/ssl/privkey.pem
|
||||
tls_port: 5349
|
||||
udp_port: 3478
|
||||
external_tls: true
|
||||
keys:
|
||||
# KEY: secret were autogenerated by livekit/generate
|
||||
# in the lk-jwt-service environment variables
|
||||
xxxxxxxxxxxxxxx: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
```
|
||||
|
||||
Now define a systemd servicefile, like this:
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=LiveKit Server
|
||||
After=network.target
|
||||
Documentation=https://docs.livekit.io
|
||||
|
||||
[Service]
|
||||
User=turnserver
|
||||
Group=turnserver
|
||||
LimitNOFILE=500000
|
||||
Restart=on-failure
|
||||
WorkingDirectory=/etc/livekit
|
||||
ExecStart=/usr/local/bin/livekit-server --config /etc/livekit/livekit.yaml
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Enable and start it.
|
||||
|
||||
IMPORTANT!
|
||||
|
||||
If you're running [coturn](../coturn), you'll have to shut that down!
|
||||
Otherwise LiveKit will not be able to claim the ports for TURN and ICE.
|
||||
|
||||
And in that case, Synapse will probably not be able to provide clients with
|
||||
the correct TURN data, that is still to be researched...
|
||||
|
||||
|
||||
# Element Call widget {#widget}
|
||||
|
||||
This is a Node.js thingy, so start by installing yarn. Unfortunately both npm
|
||||
and `yarnpkg` in Debian are antique, so we need to update them after installation.
|
||||
Install Node.js and upgrade everything. Do not do this as root, we'll only
|
||||
need to "compile" Element Call once.
|
||||
|
||||
See [the Node.js
|
||||
website](https://nodejs.org/en/download/package-manager/current) for
|
||||
instructions.
|
||||
|
||||
|
||||
```
|
||||
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
|
||||
```
|
||||
|
||||
Exit and login again to set some environment variables (yes, the installation
|
||||
changes .bashrc). Then install and upgrade:
|
||||
|
||||
```
|
||||
nvm install 23
|
||||
sudo apt install yarnpkg
|
||||
/usr/share/nodejs/yarn/bin/yarn set version stable
|
||||
/usr/share/nodejs/yarn/bin/yarn install
|
||||
```
|
||||
|
||||
Now clone the Element Call repository and "compile" stuff (again: not as
|
||||
root):
|
||||
|
||||
```
|
||||
git clone https://github.com/element-hq/element-call.git
|
||||
cd element-call
|
||||
/usr/share/nodejs/yarn/bin/yarn
|
||||
/usr/share/nodejs/yarn/bin/yarn build
|
||||
```
|
||||
|
||||
After that, you can find the whole shebang under "dist". Copy that to
|
||||
`/var/www/element-call` and point nginx to it ([see nginx](../nginx#callwidget)).
|
||||
|
||||
|
|
|
|||
|
|
@ -227,6 +227,35 @@ server {
|
|||
```
|
||||
|
||||
|
||||
# Element Call widget {#callwidget}
|
||||
|
||||
If you self-host the [Element Call widget](../element-call#widget), this
|
||||
should be the configuration to publish that:
|
||||
|
||||
```
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate
|
||||
/etc/letsencrypt/live/call.matrixdev.example.com/fullchain.pem;
|
||||
ssl_certificate_key
|
||||
/etc/letsencrypt/live/call.matrixdev.example.com/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/ssl/dhparams.pem;
|
||||
|
||||
server_name call.matrixdev.example.com;
|
||||
|
||||
root /var/www/element-call;
|
||||
try_files $uri /$uri /index.html;
|
||||
|
||||
|
||||
access_log /var/log/nginx/call-access.log;
|
||||
error_log /var/log/nginx/call-error.log;
|
||||
}
|
||||
```
|
||||
|
||||
|
||||
# Firewall
|
||||
|
||||
For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).
|
||||
|
|
|
|||
Loading…
Reference in a new issue