forked from continuwuation/continuwuity
143 lines
No EOL
3.3 KiB
Markdown
143 lines
No EOL
3.3 KiB
Markdown
# Install/compile livekit and MatrixRTC
|
|
|
|
> [!WARNING]
|
|
> Very experimental. Currently in the testing phase. Please only let us know if you have corrections/improvements.
|
|
|
|
I assume that an environment exists where the go compiler is set up. (Compiling is used here as an example; it should be done in a secure environment.)
|
|
|
|
```bash
|
|
#!/bin/bash
|
|
mkdir /opt/livekit-jwt /etc/livekit
|
|
|
|
latest=$(curl -s https://api.github.com/repos/element-hq/lk-jwt-service/releases/latest | jq -r '.tag_name')
|
|
wget2 https://github.com/element-hq/lk-jwt-service/archive/refs/tags/"${latest}".tar.gz
|
|
tar -xvf "${latest}".tar.gz
|
|
cd lk-jwt-service-*
|
|
go build -o lk-jwt-service /opt/livekit-jwt/
|
|
chown -R www-data:www-data /opt/livekit-jwt/
|
|
```
|
|
|
|
# livekit conf
|
|
|
|
```yaml
|
|
port: 7880
|
|
bind_addresses: [ 127.0.0.1 ]
|
|
rtc:
|
|
tcp_port: 7881 # WebRTC over TCP
|
|
port_range_start: 50000 # UDP port range for WebRTC
|
|
port_range_end: 50100
|
|
use_external_ip: false # Set to true if not behind NAT/proxy handling external IP
|
|
turn:
|
|
enabled: true
|
|
domain: TURN-DOMAN # Must match your cert
|
|
tls_port: 5349 # TURN/TLS
|
|
udp_port: 3478 # TURN/UDP
|
|
external_tls: false
|
|
cert_file: PATH-TO-CRT
|
|
key_file: PATH-TO-KEY
|
|
keys:
|
|
REPLACE_KEY: REPLACE_SECRET
|
|
logging:
|
|
level: info
|
|
```
|
|
## SystemD-Files
|
|
|
|
### LiveKit service
|
|
|
|
`vim /etc/systemd/system/livekit.service`
|
|
|
|
```ini
|
|
[Unit]
|
|
Description=LiveKit Server
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
WorkingDirectory=/opt/livekit
|
|
ExecStart=/usr/local/bin/livekit-server --config /opt/livekit/livekit.yaml
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
User=root
|
|
LimitNOFILE=65536
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
### JWT Service
|
|
|
|
> [!NOTE]
|
|
> Its for fast testing, your credentials should be in auth-files. Not directly in the env. :)
|
|
|
|
`vim /etc/systemd/system/livekit-jwt.service`
|
|
|
|
```ini
|
|
[Unit]
|
|
Description=LiveKit JWT Service
|
|
After=network.target
|
|
|
|
[Service]
|
|
Restart=always
|
|
User=www-data
|
|
Group=www-data
|
|
WorkingDirectory=/opt/livekit-jwt
|
|
Environment="LIVEKIT_URL=wss://LIVEKIT-DOMAIN"
|
|
Environment="LIVEKIT_SECRET=REPLACE_KEY"
|
|
Environment="LIVEKIT_KEY=REPLACE_SECRET"
|
|
Environment="LIVEKIT_JWT_PORT=8080"
|
|
ExecStart=/opt/livekit-jwt/lk-jwt-service
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
### NGINX with socket example
|
|
|
|
```nginx
|
|
upstream livekit {
|
|
server 127.0.0.1:7880;
|
|
}
|
|
|
|
upstream livekit-jwt {
|
|
server 127.0.0.1:8080;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name LIVEKIT-DOMAIN;
|
|
|
|
location /jwt {
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# MatrixRTC Authorization Service running at port 8080
|
|
proxy_pass http://livekit-jwt/;
|
|
}
|
|
|
|
|
|
#and this is livekit
|
|
location / {
|
|
proxy_pass http://livekit/;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_send_timeout 120;
|
|
proxy_read_timeout 120;
|
|
proxy_buffering off;
|
|
|
|
proxy_set_header Accept-Encoding gzip;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
}
|
|
```
|
|
|
|
[Online Tester](https://livekit.io/connection-test)
|
|
|
|
Must look like this.
|
|
|
|
 |