Anagastes/continuwuity
4
0
Fork 0
forked from continuwuation/continuwuity
Code Pull requests 1 Activity
continuwuity/docs/livekit.md
Anagastes 388532155c WIP: Added experimental LiveKit (dockerless) 
If you have an dockerless environment and want to use LiveKit
2025-09-29 14:14:38 +00:00

3.3 KiB
Raw Permalink Blame History

Install/compile livekit and MatrixRTC

Warning

Very experimental. Currently in the testing phase. Please only let us know if you have corrections/improvements.

I assume that an environment exists where the go compiler is set up. (Compiling is used here as an example; it should be done in a secure environment.)

#!/bin/bash
mkdir /opt/livekit-jwt /etc/livekit

latest=$(curl -s https://api.github.com/repos/element-hq/lk-jwt-service/releases/latest | jq -r '.tag_name')
wget2 https://github.com/element-hq/lk-jwt-service/archive/refs/tags/"${latest}".tar.gz
tar -xvf "${latest}".tar.gz
cd lk-jwt-service-*
go build -o lk-jwt-service /opt/livekit-jwt/
chown -R www-data:www-data /opt/livekit-jwt/

livekit conf

port: 7880
bind_addresses: [ 127.0.0.1 ]
rtc:
  tcp_port: 7881 # WebRTC over TCP
  port_range_start: 50000 # UDP port range for WebRTC
  port_range_end: 50100
  use_external_ip: false # Set to true if not behind NAT/proxy handling external IP
turn:
  enabled: true
  domain: TURN-DOMAN # Must match your cert
  tls_port: 5349 # TURN/TLS
  udp_port: 3478 # TURN/UDP
  external_tls: false
  cert_file: PATH-TO-CRT
  key_file: PATH-TO-KEY
keys:
  REPLACE_KEY: REPLACE_SECRET
logging:
  level: info

SystemD-Files

LiveKit service

vim /etc/systemd/system/livekit.service

[Unit]
Description=LiveKit Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/opt/livekit
ExecStart=/usr/local/bin/livekit-server --config /opt/livekit/livekit.yaml
Restart=on-failure
RestartSec=5s
User=root
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

JWT Service

Note

Its for fast testing, your credentials should be in auth-files. Not directly in the env. :)

vim /etc/systemd/system/livekit-jwt.service

[Unit]
Description=LiveKit JWT Service
After=network.target

[Service]
Restart=always
User=www-data
Group=www-data
WorkingDirectory=/opt/livekit-jwt
Environment="LIVEKIT_URL=wss://LIVEKIT-DOMAIN"
Environment="LIVEKIT_SECRET=REPLACE_KEY"
Environment="LIVEKIT_KEY=REPLACE_SECRET"
Environment="LIVEKIT_JWT_PORT=8080"
ExecStart=/opt/livekit-jwt/lk-jwt-service

[Install]
WantedBy=multi-user.target

NGINX with socket example

upstream livekit {
    server 127.0.0.1:7880;
}

upstream livekit-jwt {
    server 127.0.0.1:8080;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name LIVEKIT-DOMAIN;

  location /jwt {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # MatrixRTC Authorization Service running at port 8080
    proxy_pass http://livekit-jwt/;
  }


  #and this is livekit
  location / {
    proxy_pass http://livekit/;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_send_timeout 120;
    proxy_read_timeout 120;
    proxy_buffering off;

    proxy_set_header Accept-Encoding gzip;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}

Online Tester

Must look like this.

Example output