coop-cloud/lasuite-meet
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
5 Commits 2 Branches 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
notplants 5290c8b24f working turn
2026-02-27 23:55:20 -05:00
docs
Initial recipe: lasuite-meet 0.1.0+1.8.0
2026-02-27 16:48:29 +00:00
.env.sample
Working on public server
2026-02-27 22:25:04 -05:00
abra-entrypoint.sh
Initial recipe: lasuite-meet 0.1.0+1.8.0
2026-02-27 16:48:29 +00:00
abra.sh
Working on public server
2026-02-27 22:25:04 -05:00
compose.turn.yml
working turn
2026-02-27 23:55:20 -05:00
compose.yml
Working on public server
2026-02-27 22:25:04 -05:00
livekit-server.yaml.tmpl
Working on public server
2026-02-27 22:25:04 -05:00
migrate.sh
Initial recipe: lasuite-meet 0.1.0+1.8.0
2026-02-27 16:48:29 +00:00
nginx.conf.tmpl
fix: resolver-based nginx config and env vars for template configs
2026-02-27 19:30:57 +00:00
pg_backup.sh
Initial recipe: lasuite-meet 0.1.0+1.8.0
2026-02-27 16:48:29 +00:00
README.md
Working on public server
2026-02-27 22:25:04 -05:00

README.md

lasuite-meet

Meet (part of La Suite Numerique) for Co-op Cloud

  • Category: Apps
  • Status: 2, beta
  • Image: lasuite/meet-backend, 4, upstream
  • Healthcheck: Yes
  • Backups: Yes
  • Email: 3
  • Tests: 2
  • SSO: Yes

Quick start

Setting up domains

This recipe requires two domains: one for the app and one for LiveKit WebSocket signaling (e.g. meet.yourdomain.tld and livekit.meet.yourdomain.tld). Both domains need an A record pointing to your server's IP address.

Installation steps

  • abra app new lasuite-meet --secrets
  • abra app config <app-name>
    • set LIVEKIT_NODE_IP to your server's public IP address
  • abra app deploy <app-name>

You should then be able to visit the landing page of your app, but not yet login. To login, you need to deploy and integrate single sign on (described below in the "Configure Authentication" section).

Configure Authentication

lasuite-meet requires an OpenID Connect (OIDC) single sign-on provider; deployment has been tested with Keycloak, which we recommend, or you could also try Authentik, both of which are installable using Co-op Cloud.

Instructions for integrating keycloak with meet after deploying it, are below.

  • In keycloak, create a realm (save the name of this realm, you will need it later)

  • Within that realm, create a client

    • during client creation, ensure:
      • Standard flow: True
      • Direct access grants: True
      • Authorization: True
      • Client authentication: True
      • PKCE method: none

  • Within the client tab, for your client, click on "Credentials". Click on the copy button to copy "Client Secret" so you can insert this into your coop cloud deployment in the next step.

  • abra app secret insert <app-name> oidc_rpcs v2 <yoursecret>

  • abra app config <app-name> # set SECRET_OIDC_RPCS_VERSION=v2

  • Now create a user for this client within keycloak. Within the Users tab, click "Add User". Any username and password works. Save this info.

You then additionally need to modify the config of meet to point to your keycloak deployment.

  • abra app config <app-name>
OIDC_REALM=<the realm you configured in keycloak>
AUTH_DOMAIN=<the domain of your keycloak instance>
OIDC_RP_CLIENT_ID=<yourkeycloakclientid>

then redeploy meet: abra app deploy <app-name> --force

At this point, when you go to your meet url, you should be able to click "login" and login with the username and password for the user you created in keycloak.

You can make additional users in keycloak for this "client" and they will all be able to login to meet and create video calls.

Configure E-Mail

Using abra app config <app-name> you need to set the following for your smtp server:

DJANGO_EMAIL_HOST="yourmailserver.com"
DJANGO_EMAIL_PORT=587
DJANGO_EMAIL_FROM=meet@example.com

You then need to insert the password for your smtp server as a secret:

  • abra app secret insert <app-name> email_pass v2 <youremailpass>
  • abra app config <app-name> # set SECRET_EMAIL_PASS_VERSION=v2

Then redeploy the app, and automated e-mail sending should work:

abra app deploy <app-name> --force

Limitations

  • One instance per server. LiveKit requires host-published ports (7881, 7882, 443, 30000-30009) which can only be bound once per host.
  • Server must have a direct public IP. LiveKit's built-in TURN server does not work on servers behind a NAT gateway due to hairpin NAT issues. Configuring hairpin NAT on the gateway may be possible but has not been successfully tested yet.

Network ports

This recipe publishes ports directly on the host for WebRTC media transport. These carry raw RTP media packets and are not routed through Traefik. The WebSocket signaling endpoint (wss://LIVEKIT_DOMAIN) is routed through Traefik as normal.

Port Protocol Purpose
7881 TCP WebRTC ICE over TCP (fallback when UDP is blocked)
7882 UDP WebRTC ICE over UDP (primary media transport)
443 UDP TURN relay (enabled by default via compose.turn.yml)
30000-30009 UDP TURN relay allocation ports

Your firewall must allow inbound traffic on these ports.

TURN server

TURN is enabled by default and helps users behind CGNAT/symmetric NAT connect to video calls. To disable it, remove compose.turn.yml from COMPOSE_FILE in your app config and set LIVEKIT_TURN_ENABLED=false.

See docs/multinode.md for multi-node deployment considerations.

Maintainers

coop cloud recipe maintained by @notplants

Description
No description provided
Readme 50 KiB
Languages
Shell 100%