HowTo Matrix

Guide to Setting Up Element-Call

Setting up the element call function with JWT and LiveKit

Install LiveKit JWT Service

  1. Navigate to the /opt directory:
1

cd /opt
  1. Clone the repository:
1
2

git clone https://github.com/element-hq/lk-jwt-service.git
cd lk-jwt-service
  1. Build the executable:
1
2

go build -o lk-jwt-service .
/usr/local/go/bin/go build -o lk-jwt-service .
  1. Install the LiveKit CLI tool:
1

curl -sSL https://get.livekit.io | bash

Install and Configure JWT Service

  1. Create the file /etc/systemd/system/lk-jwt-service.service with the following content:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

[Unit]
Description=LiveKit JWT Service
After=network.target
Requires=livekit-server.service

[Service]
Restart=always
WorkingDirectory=/opt/lk-jwt-service
Environment="LIVEKIT_URL=wss://rtc.domain.com"
Environment="LIVEKIT_KEY=xxx"
Environment="LIVEKIT_SECRET=xxx"
Environment="LIVEKIT_JWT_PORT=8080"
ExecStart=/opt/lk-jwt-service/lk-jwt-service

[Install]
WantedBy=multi-user.target
  1. Ensure the executable is in the correct directory:
1

cp lk-jwt-service /opt/lk-jwt-service/

Install and Configure LiveKit Server

  1. Create the file /etc/systemd/system/livekit-server.service with the following content:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

[Unit]
Description=LiveKit Server Container
After=network.target

[Service]
LimitNOFILE=500000
Restart=always
WorkingDirectory=/opt/livekit
ExecStart=livekit-server --config /etc/livekit/livekit.yaml

[Install]
WantedBy=multi-user.target
  1. Create the directory /opt/livekit and copy the LiveKit server binary into it:
1
2

mkdir -p /opt/livekit
cp livekit-server /opt/livekit/
  1. Create the configuration file /etc/livekit/livekit.yaml with the following content:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

port: 7880
bind_addresses:
  - ""
rtc:
  tcp_port: 7881
  port_range_start: 50000
  port_range_end: 50200
  use_external_ip: true
  ips:
    includes:
      - 162.55.131.56/26
      - 192.168.100.39/32
  enable_loopback_candidate: false
turn:
  enabled: false
  domain: rtc-turn.domain.com
  tls_port: 5349
  udp_port: 3478
  external_tls: true
keys:
  xxx: xxx

Enable and Start Systemd Services

  1. Reload the Systemd daemon configuration:
1

systemctl daemon-reload
  1. Enable and start the services:
1

systemctl enable --now lk-jwt-service.service livekit-server.service

Configure NGINX as a Reverse Proxy

  1. Open your NGINX configuration file and add the following sections:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

location ^~ /livekit/jwt/ {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  # JWT Service running at port 8080
  proxy_pass http://localhost:8080/;
}

location ^~ /livekit/sfu/ {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

  proxy_send_timeout 120;
  proxy_read_timeout 120;
  proxy_buffering off;

  proxy_set_header Accept-Encoding gzip;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

  # LiveKit SFU websocket connection running at port 7880
  proxy_pass http://localhost:7880/;
}
  1. Test the NGINX configuration:
1

nginx -t
  1. Reload the NGINX configuration:
1

systemctl reload nginx

Verification

  • Ensure the services are running:
1

systemctl status lk-jwt-service.service livekit-server.service
  • Test the endpoints:
    • JWT Service: http://<your-domain>/livekit/jwt/
    • LiveKit SFU: http://<your-domain>/livekit/sfu/