diff --git a/.env.sample b/.env.sample index e8f8bb6..949bc09 100644 --- a/.env.sample +++ b/.env.sample @@ -82,7 +82,9 @@ LIVEKIT_NODE_IP= #LIVEKIT_TURN_ENABLED=false ## TURN domain — must resolve to this server's IP. ## Defaults to LIVEKIT_DOMAIN, which works for TURN/UDP setups. -#TURN_DOMAIN=turn.example.com +## NOTE: must be set here, not as a compose-level `:-` default — +## docker-compose does not recursively expand nested `${...}` references. +TURN_DOMAIN=${LIVEKIT_DOMAIN} ## TURN/UDP port (default: 443). Recommended because UDP 443 is rarely ## blocked and doesn't conflict with Traefik's TCP 443. #TURN_UDP_PORT=443 diff --git a/README.md b/README.md index 921a30e..68bc07d 100644 --- a/README.md +++ b/README.md @@ -89,20 +89,53 @@ Then redeploy the app, and automated e-mail sending should work: * **One instance per server.** LiveKit requires host-published ports (7881, 7882, 443, 30000-30009) which can only be bound once per host. * **Server must have a direct public IP.** LiveKit's built-in TURN server does not work on servers behind a NAT gateway due to hairpin NAT issues. Configuring hairpin NAT on the gateway may be possible but has not been successfully tested yet. +* **Mobile browser must be Chrome** - there are various open issues wrt Firefox and WebRTC, so on mobile you have +to use a chromium based browser, else the connections fail! ## Network ports This recipe publishes ports directly on the host for WebRTC media transport. These carry raw RTP media packets and are not routed through Traefik. The WebSocket signaling endpoint (`wss://LIVEKIT_DOMAIN`) is routed through Traefik as normal. -| Port | Protocol | Purpose | -|------|----------|---------| -| 7881 | TCP | WebRTC ICE over TCP (fallback when UDP is blocked) | -| 7882 | UDP | WebRTC ICE over UDP (primary media transport) | -| 443 | UDP | TURN relay (enabled by default via `compose.turn.yml`) | -| 30000-30009 | UDP | TURN relay allocation ports | +- **7881/TCP** — WebRTC ICE over TCP (fallback when UDP is blocked) +- **7882/UDP** — WebRTC ICE over UDP (primary media transport) +- **443/UDP** — TURN relay (enabled by default via `compose.turn.yml`) +- **30000-30009/UDP** — TURN relay allocation ports Your firewall must allow inbound traffic on these ports. +### Host kernel tuning + +LiveKit logs a warning at startup if the kernel's UDP socket buffers are too small: + +``` +WARN livekit rtcconfig/rtc_unix.go:31 UDP receive buffer is too small for a production set-up {"current": 425984, "suggested": 5000000} +``` + +The Linux default (`net.core.rmem_max = 212992`) is well under what LiveKit needs once +several participants are forced through the TURN relay path. The resulting packet +loss shows up as `dtls timeout: read/write timeout: context deadline exceeded` on +publisher transports, intermittent media stalls, or one peer seeing a black tile +while the other sees video. + +These sysctls are read by LiveKit when it opens its UDP sockets, so they must be +set on the **host** (not in the container) before the LiveKit container starts. + +On the host, create `/etc/sysctl.d/99-livekit.conf`: + +``` +net.core.rmem_max = 7500000 +net.core.wmem_max = 7500000 +``` + +Then apply and restart the service: + +``` +sudo sysctl --system +docker service update --force _livekit +``` + +The warning should be gone from the LiveKit boot log. + ### TURN server TURN is enabled by default and helps users behind CGNAT/symmetric NAT connect to video calls. To disable it, remove `compose.turn.yml` from `COMPOSE_FILE` in your app config and set `LIVEKIT_TURN_ENABLED=false`. diff --git a/compose.yml b/compose.yml index 13e1bcb..cee575a 100644 --- a/compose.yml +++ b/compose.yml @@ -191,7 +191,7 @@ services: - LIVEKIT_NODE_IP - LIVEKIT_FORCE_TCP=${LIVEKIT_FORCE_TCP:-false} - LIVEKIT_TURN_ENABLED=${LIVEKIT_TURN_ENABLED:-true} - - TURN_DOMAIN=${TURN_DOMAIN:-${LIVEKIT_DOMAIN}} + - TURN_DOMAIN=${TURN_DOMAIN} - TURN_UDP_PORT=${TURN_UDP_PORT:-443} # WebRTC ICE ports must be published directly on the host. # These carry raw RTP media, not HTTP — cannot be proxied through Traefik without extra traefik compose.