Open alexander-potemkin opened 3 months ago
Bumping this up...
I scraped at the documentation to get element call server going. I have tested this to call between ElementX android <> ElementX android; ElementX android <> Element Web (nightly).
Here are my instructions. If you find something needs to change do point that out.
I am assuming that the domain name is mydomain.com. Make sure the following dns names have public ip/FQDN:
The following assumes that the elementcall docker container is running at 192.168.1.2. The following config forwards the call to element call/livekit running via docker.
server {
server_name call.mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_pass http://192.168.1.2:8093;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name sfu.mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg #image/gif image/png application/wasm;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
error_page 405 =200 $uri;
default_type application/wasm;
location / {
proxy_pass http://192.168.1.2:7880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name sfu-jwt.mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_dhparam /etc/ssl/dhparam.pem;
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_pass http://192.168.1.2:8881;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Use the following docker compose:
$ cat docker-compose.yaml
networks:
lkbackend:
services:
element-call:
image: ghcr.io/element-hq/element-call:latest
container_name: element-call
hostname: element-call
ports:
- 8093:8080
volumes:
- /home/ubuntu/dockerdata/volumes/elementcall/config.json:/app/config.json
restart: unless-stopped
networks:
- lkbackend
jwt-service:
image: ghcr.io/element-hq/lk-jwt-service:latest-ci
container_name: lk-jwt-service
hostname: lk-jwt-service
ports:
- 8881:8080
environment:
- LIVEKIT_SECRET=somestrongstring
- LIVEKIT_URL=wss://sfu.mydomain.com:443
- LIVEKIT_KEY=devkey
deploy:
restart_policy:
condition: on-failure
networks:
- lkbackend
livekit:
image: livekit/livekit-server:latest
command: --dev --config /etc/livekit.yaml
restart: unless-stopped
volumes:
- /home/ubuntu/dockerdata/volumes/elementcall/backend/livekit.yaml:/etc/livekit.yaml
network_mode: "host"
redis:
image: redis:6-alpine
command: redis-server /etc/redis.conf
ports:
- 6379:6379
volumes:
- /home/ubuntu/dockerdata/volumes/elementcall/backend/redis.conf:/etc/redis.conf
networks:
- lkbackend
Here are the supporting files: config.json
cat /home/ubuntu/dockerdata/volumes/elementcall/config.json
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.mydomain.com",
"server_name": "mydomain.com"
}
},
"livekit": {
"livekit_service_url": "https://sfu-jwt.mydomain.com"
}
}
livekit.yaml
$ cat /home/ubuntu/dockerdata/volumes/elementcall/backend/livekit.yaml
port: 7880
bind_addresses:
- "0.0.0.0"
rtc:
tcp_port: 7881
port_range_start: 50100
port_range_end: 50200
use_external_ip: false
turn:
enabled: false
domain: localhost
cert_file: ""
key_file: ""
tls_port: 5349
udp_port: 443
external_tls: true
keys:
devkey: "somestrongstring"
logging:
redis.conf
$ cat /home/ubuntu/dockerdata/volumes/elementcall/backend/redis.conf
bind 0.0.0.0
protected-mode yes
port 6379
timeout 0
tcp-keepalive 300
set the following in homeserver.yaml
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation,openid]
compress: false
#https://github.com/element-hq/element-call/issues/2005
serve_server_wellknown: true
From https://docs.livekit.io/home/self-hosting/ports-firewall/ Forward UDP ports 50100:50200 to docker instance 192.168.1.2 Forward TCP port 7881 to docker instance 192.168.1.2
Forward TCP port 443 to Nginx server
@rajil , thanks. My question was not about setting up Element call - it's done, no problems - a bit different from your approach, but I believe, it's a matter of taste.
My question is about making Mobile & Desktop apps to use self-hosted version, because for now they use call.element.io without any possibility to change that in the settings. I'm sorry if my original post was misleading.
@alexander-potemkin The nightly version of ElementX Android already allows changing from call.element.io. And so does the nightly version of Element Desktop.
@rajil , my hopes were for Element "Classic"... Anyway, thanks for letting know! If that's not too much to ask, could you please, let me know how it's handled? Does it follow .well-known
or DNS directives? Or it relies on end user to apply the changes manually?
Element Classic is no longer being developed AFAIK. I had to apply the change manually in the EX client settings (not sure if there is a .well-known for it).
Thank you. My question remains then:
It seems that .well-known support is on the way
As it's a commit into element-call, it's the only service that is affected; if they push it to JS SDK - it might affect Desktop clients, but not mobiles. Unless I'm missing something.
Mobile is also supported.
Will see!
Your use case
What would you like to do?
I would like to configure my own element-call support on the server side, so that all of the clients would pick it up instead of call.element.io
Why would you like to do it?
To facilitate self-hosted calls.
How would you like to achieve it?
Ideally, that element call service would be populated through the server; but .well-known approach, like it's done for Jitsi, works too.
Have you considered any alternatives?
Yes. The alternative - it's to rebuild and repackage and publish all of the Element clients. Doable, but feels a bit unreasonable.
Additional context
https://github.com/element-hq/element-call/issues/2228 https://github.com/element-hq/element-desktop/issues/1566