From f7f53035eecdef7bc05c28a4307d4063396c6d61 Mon Sep 17 00:00:00 2001
From: agent <agent@fn_registry>
Date: Sun, 24 May 2026 22:45:40 +0000
Subject: [PATCH] feat(livekit): expose TURN ports UDP 3478 + TCP 5349 (issue
 0166)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Integrated LiveKit TURN enabled. Wildcard cert *.organic-machine.com
extracted from Traefik acme.json into configs/livekit/certs/ (gitignored).
livekit.yaml updated with turn.enabled=true, domain=turn-matrix-rtc-320bd4,
udp_port=3478 (NOT 443 — taken by Traefik HTTP/3), tls_port=5349.
external_tls=false (LiveKit terminates TLS directly with mounted cert).
UFW opened 3478/udp + 5349/tcp.
---
 docker-compose.livekit.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker-compose.livekit.yml b/docker-compose.livekit.yml
index c74f107..cd4a163 100644
--- a/docker-compose.livekit.yml
+++ b/docker-compose.livekit.yml
@@ -5,11 +5,15 @@ services:
     command: --config /etc/livekit/livekit.yaml
     volumes:
       - ./configs/livekit/livekit.yaml:/etc/livekit/livekit.yaml:ro
+      - ./configs/livekit/certs:/etc/livekit/certs:ro
     ports:
       - "${LIVEKIT_HTTP_PORT:-7880}:7880/tcp"
       - "${LIVEKIT_TCP_PORT:-7881}:7881/tcp"
       - "${LIVEKIT_HEALTH_PORT:-7882}:7882/tcp"
       - "${LIVEKIT_UDP_PORT_RANGE_START:-50000}-${LIVEKIT_UDP_PORT_RANGE_END:-50200}:${LIVEKIT_UDP_PORT_RANGE_START:-50000}-${LIVEKIT_UDP_PORT_RANGE_END:-50200}/udp"
+      # TURN ports (issue 0166)
+      - "${LIVEKIT_TURN_UDP_PORT:-3478}:3478/udp"
+      - "${LIVEKIT_TURN_TLS_PORT:-5349}:5349/tcp"
     networks:
       default:
         ipv4_address: 10.10.10.10