Added most configuration for LiveKit and Element Call.

2024-11-20 20:12:42 +01:00 · 2024-11-20 20:12:42 +01:00 · adbf25d990
commit adbf25d990
parent 2555c583c9
2 changed files with 136 additions and 3 deletions
--- a/matrix/element-call/README.md
+++ b/matrix/element-call/README.md
@ -123,8 +123,8 @@ chgrp -R www-data /etc/lk-jwt-service
 chmod -R o-rwx /etc/lk-jwt-service
 ```

-The contents of `/etc/lk-jwt-service/config` are not fully known yet (see
-further, installation of the actual LiveKit, the SFU), but for now it's enough
+The contents of `/etc/lk-jwt-service/config` are not fully known yet ([see
+further, installation of the actual LiveKit, the SFU](#generatekeys)), but for now it's enough
 to fill it with this:

 ```
@ -140,7 +140,7 @@ Now enable and start this thing:
 systemctl enable --now lk-jwt-service
 ```

-# SFU
+# LiveKit

 The actual SFU, Selective Forwarding Unit, is LiveKit. Downloading and
 installing is easy: download the [binary from Github](https://github.com/livekit/livekit/releases/download/v1.8.0/livekit_1.8.0_linux_amd64.tar.gz)
@ -157,3 +157,107 @@ You can do this as a normal user, it will use sudo to do its job.

 Configuring this thing is [documented
 here](https://docs.livekit.io/home/self-hosting/deployment/).
+
+Create a key and secret: {#generatekeys}
+
+```
+livekit-server generate-keys
+```
+
+This key/secret has to be fed to lk-jwt-service, of course. Create a
+configuration file for livekit, `/etc/livekit/livekit.yaml`:
+
+```
+port: 7880
+bind_addresses:
+    - ""
+rtc:
+    tcp_port: 7881
+    port_range_start: 50000
+    port_range_end: 60000
+    use_external_ip: true
+    enable_loopback_candidate: false
+turn:
+    enabled: true
+    domain: livekit.matrixdev.procolix.com
+    cert_file: /etc/coturn/ssl/fullchain.pem
+    key_file: /etc/coturn/ssl/privkey.pem
+    tls_port: 5349
+    udp_port: 3478
+    external_tls: true
+keys:
+    # KEY: secret were autogenerated by livekit/generate
+    # in the lk-jwt-service environment variables
+    xxxxxxxxxxxxxxx: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+```
+
+Now define a systemd servicefile, like this:
+
+```
+[Unit]
+Description=LiveKit Server
+After=network.target
+Documentation=https://docs.livekit.io
+
+[Service]
+User=turnserver
+Group=turnserver
+LimitNOFILE=500000
+Restart=on-failure
+WorkingDirectory=/etc/livekit
+ExecStart=/usr/local/bin/livekit-server --config /etc/livekit/livekit.yaml
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Enable and start it.
+
+IMPORTANT!
+
+If you're running [coturn](../coturn), you'll have to shut that down!
+Otherwise LiveKit will not be able to claim the ports for TURN and ICE.
+
+And in that case, Synapse will probably not be able to provide clients with
+the correct TURN data, that is still to be researched...
+
+
+# Element Call widget {#widget}
+
+This is a Node.js thingy, so start by installing yarn. Unfortunately both npm
+and `yarnpkg` in Debian are antique, so we need to update them after installation.
+Install Node.js and upgrade everything. Do not do this as root, we'll only
+need to "compile" Element Call once.
+
+See [the Node.js
+website](https://nodejs.org/en/download/package-manager/current) for
+instructions.
+
+
+```
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
+```
+
+Exit and login again to set some environment variables (yes, the installation
+changes .bashrc). Then install and upgrade:
+ 
+```
+nvm install 23
+sudo apt install yarnpkg
+/usr/share/nodejs/yarn/bin/yarn set version stable
+/usr/share/nodejs/yarn/bin/yarn install
+```
+
+Now clone the Element Call repository and "compile" stuff (again: not as
+root):
+
+```
+git clone https://github.com/element-hq/element-call.git
+cd element-call
+/usr/share/nodejs/yarn/bin/yarn
+/usr/share/nodejs/yarn/bin/yarn build
+```
+
+After that, you can find the whole shebang under "dist". Copy that to
+`/var/www/element-call` and point nginx to it ([see nginx](../nginx#callwidget)).
+
--- a/matrix/nginx/README.md
+++ b/matrix/nginx/README.md
@ -227,6 +227,35 @@ server {
 ```


+# Element Call widget {#callwidget}
+
+If you self-host the [Element Call widget](../element-call#widget), this
+should be the configuration to publish that:
+
+```
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+
+	ssl_certificate
+/etc/letsencrypt/live/call.matrixdev.example.com/fullchain.pem;
+	ssl_certificate_key
+/etc/letsencrypt/live/call.matrixdev.example.com/privkey.pem;
+	include /etc/letsencrypt/options-ssl-nginx.conf;
+	ssl_dhparam /etc/ssl/dhparams.pem;
+
+        server_name call.matrixdev.example.com;
+
+        root /var/www/element-call;
+        try_files $uri /$uri /index.html;
+
+
+        access_log /var/log/nginx/call-access.log;
+        error_log /var/log/nginx/call-error.log;
+}
+```
+
+
 # Firewall

 For normal use, at least ports 80 and 443 must be openend, see [Firewall](../firewall).