agent
f7f53035ee
Integrated LiveKit TURN enabled. Wildcard cert *.organic-machine.com extracted from Traefik acme.json into configs/livekit/certs/ (gitignored). livekit.yaml updated with turn.enabled=true, domain=turn-matrix-rtc-320bd4, udp_port=3478 (NOT 443 — taken by Traefik HTTP/3), tls_port=5349. external_tls=false (LiveKit terminates TLS directly with mounted cert). UFW opened 3478/udp + 5349/tcp.
44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
services:
|
|
livekit:
|
|
image: livekit/livekit-server:latest
|
|
restart: unless-stopped
|
|
command: --config /etc/livekit/livekit.yaml
|
|
volumes:
|
|
- ./configs/livekit/livekit.yaml:/etc/livekit/livekit.yaml:ro
|
|
- ./configs/livekit/certs:/etc/livekit/certs:ro
|
|
ports:
|
|
- "${LIVEKIT_HTTP_PORT:-7880}:7880/tcp"
|
|
- "${LIVEKIT_TCP_PORT:-7881}:7881/tcp"
|
|
- "${LIVEKIT_HEALTH_PORT:-7882}:7882/tcp"
|
|
- "${LIVEKIT_UDP_PORT_RANGE_START:-50000}-${LIVEKIT_UDP_PORT_RANGE_END:-50200}:${LIVEKIT_UDP_PORT_RANGE_START:-50000}-${LIVEKIT_UDP_PORT_RANGE_END:-50200}/udp"
|
|
# TURN ports (issue 0166)
|
|
- "${LIVEKIT_TURN_UDP_PORT:-3478}:3478/udp"
|
|
- "${LIVEKIT_TURN_TLS_PORT:-5349}:5349/tcp"
|
|
networks:
|
|
default:
|
|
ipv4_address: 10.10.10.10
|
|
extra_hosts:
|
|
- "matrix-rtc-320bd4.organic-machine.com:10.10.10.6"
|
|
|
|
livekit-jwt:
|
|
image: ghcr.io/element-hq/lk-jwt-service:latest
|
|
restart: unless-stopped
|
|
environment:
|
|
LIVEKIT_JWT_BIND: ${LIVEKIT_JWT_BIND:-:6080}
|
|
LIVEKIT_URL: ${LIVEKIT_WS_URL}
|
|
LIVEKIT_KEY: ${LIVEKIT_API_KEY}
|
|
LIVEKIT_SECRET: ${LIVEKIT_API_SECRET}
|
|
LIVEKIT_FULL_ACCESS_HOMESERVERS: ${MATRIX_SERVER_NAME}
|
|
LIVEKIT_INSECURE_SKIP_VERIFY_TLS: ${LIVEKIT_INSECURE_SKIP_VERIFY_TLS:-false}
|
|
networks:
|
|
default:
|
|
ipv4_address: 10.10.10.11
|
|
extra_hosts:
|
|
- "matrix-af2f3d.organic-machine.com:10.10.10.6"
|
|
- "matrix-rtc-320bd4.organic-machine.com:10.10.10.6"
|
|
|
|
networks:
|
|
default:
|
|
name: matrix_net
|
|
external: true
|