|
|
|
@@ -0,0 +1,93 @@
|
|
|
|
|
INFO Server SYS-3 CPU: Intel Xeon-E 2288G - 8c/16t - 3.7 GHz/5 GHz: dedicated server(resurrection)(vehicle)(duel)OVH
|
|
|
|
|
ip: 51.91.80.158
|
|
|
|
|
SSH password: c9DVSPntoWquzp1X
|
|
|
|
|
user: jeff
|
|
|
|
|
port: 222
|
|
|
|
|
|
|
|
|
|
# MatrixRTC / Element Call Troubleshooting Summary
|
|
|
|
|
|
|
|
|
|
## Infrastructure
|
|
|
|
|
|
|
|
|
|
- **cyper-proxy**: nginx, livekit, lk-jwt-service
|
|
|
|
|
- **cyper-controller**: matrix-synapse 1.151.0, postgresql, element-web, cinny, fluffychat
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## Changes Made
|
|
|
|
|
|
|
|
|
|
### synapse.nix (controller)
|
|
|
|
|
|
|
|
|
|
- Added `msc3401_enabled`, `msc4143_enabled`, `msc4195_enabled` to `experimental_features`
|
|
|
|
|
|
|
|
|
|
### livekit.nix (proxy)
|
|
|
|
|
|
|
|
|
|
- `livekitUrl` changed from `ws://127.0.0.1:7880` to `wss://cyperpunk.de/livekit/sfu`
|
|
|
|
|
- Added `settings.rtc.use_external_ip = true`
|
|
|
|
|
- Added `settings.rtc.tcp_port`, `udp_port`, port ranges
|
|
|
|
|
- Added `MATRIX_BASE_URL` and `LIVEKIT_FULL_ACCESS_HOMESERVERS` to environment
|
|
|
|
|
|
|
|
|
|
### nginx.nix (proxy)
|
|
|
|
|
|
|
|
|
|
- Fixed `/livekit/jwt` location to use trailing slash on both location and proxyPass to strip prefix correctly
|
|
|
|
|
- Added trailing slash to `/livekit/sfu/` proxyPass to strip prefix before forwarding to LiveKit
|
|
|
|
|
- Added WebSocket timeouts to `/livekit/sfu` location
|
|
|
|
|
|
|
|
|
|
### clients.nix (controller)
|
|
|
|
|
|
|
|
|
|
- Fixed `element_call.url` from JWT service URL to Element Call frontend URL
|
|
|
|
|
- Added `livekit.livekit_service_url` pointing to JWT service
|
|
|
|
|
- Set `feature_disable_call_per_sender_encryption = true`
|
|
|
|
|
- Added `elementCallConfigured` derivation self-hosting Element Call
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## What Works
|
|
|
|
|
|
|
|
|
|
- nginx correctly routes `/livekit/jwt/` to lk-jwt-service (confirmed via 405 on GET)
|
|
|
|
|
- nginx correctly routes `/livekit/sfu/` to LiveKit (confirmed via 400)
|
|
|
|
|
- lk-jwt-service authenticates Matrix users correctly
|
|
|
|
|
- lk-jwt-service issues JWTs successfully
|
|
|
|
|
- LiveKit SFU WebSocket connection works when JWT contains correct public URL
|
|
|
|
|
- Synapse MSC4143 `/rtc/transports` endpoint responds correctly when authenticated
|
|
|
|
|
- Hairpin NAT works on cyper-proxy (confirmed via curl returning 400 from LiveKit)
|
|
|
|
|
- well-known serves correct `org.matrix.msc4143.rtc_foci`
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## Remaining Problems
|
|
|
|
|
|
|
|
|
|
### Problem 1: Room Creation Fails (critical)
|
|
|
|
|
|
|
|
|
|
**Error:** `Unable to create room on SFU`
|
|
|
|
|
|
|
|
|
|
**Root cause:** `LIVEKIT_URL` in lk-jwt-service serves two purposes:
|
|
|
|
|
|
|
|
|
|
1. Used internally by lk-jwt-service to call the LiveKit RoomService API to create rooms
|
|
|
|
|
2. Embedded in the JWT token returned to the client for WebSocket connection
|
|
|
|
|
|
|
|
|
|
These cannot be split in lk-jwt-service v0.4.3 — there is no separate env var for each purpose.
|
|
|
|
|
|
|
|
|
|
- `ws://127.0.0.1:7880` → room creation works, but client receives `ws://127.0.0.1:7880` in JWT and cannot connect
|
|
|
|
|
- `wss://cyperpunk.de/livekit/sfu` → client receives correct URL in JWT, but room creation fails
|
|
|
|
|
|
|
|
|
|
Room creation fails despite hairpin NAT working. The exact error from lk-jwt-service is only `Unable to create room on SFU` with no further detail in logs. LiveKit logs nothing when this happens, suggesting the request never reaches LiveKit's RoomService. The LiveKit Go SDK converts `wss://` to `https://` for the RoomService Twirp API — it is unclear whether nginx correctly handles this Twirp HTTP/2 traffic through the `/livekit/sfu/` proxy path.
|
|
|
|
|
|
|
|
|
|
### Problem 2: Element Web Bundles Wrong Element Call Build (critical)
|
|
|
|
|
|
|
|
|
|
**Error:** `Unknown or unsupported from-widget action: io.element.join`
|
|
|
|
|
|
|
|
|
|
**Root cause:** The nixpkgs build of Element Web 1.12.10 bundles the **standalone/spa** build of Element Call (`spa-3dms9gnk.js`) at `/widgets/element-call/`, but the correct build for widget embedding is `@element-hq/element-call-embedded@0.16.3`. This is a nixpkgs packaging bug. The standalone build does not use the widget API, so it makes direct Matrix API calls which fail with 401 (no access token) and does not support `io.element.join`/`io.element.close` widget actions.
|
|
|
|
|
|
|
|
|
|
This affects both Element Web and Cinny.
|
|
|
|
|
|
|
|
|
|
Using `call.element.io` as the frontend avoids this problem as it serves the correct embedded build, but Problem 1 (room creation) must be resolved first.
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## Next Steps
|
|
|
|
|
|
|
|
|
|
1. Determine why lk-jwt-service room creation fails when using `wss://cyperpunk.de/livekit/sfu` — specifically whether nginx is correctly proxying Twirp HTTP/2 traffic to LiveKit's RoomService on port 7880, or whether a separate internal proxy path is needed for the API vs WebSocket traffic.
|
|
|
|
|
|
|
|
|
|
2. Once room creation works with the public URL, use `call.element.io` as `element_call.url` since it serves the correct embedded build.
|
|
|
|
|
|
|
|
|
|
3. Long term: track the nixpkgs fix for the embedded Element Call packaging bug, or override the Element Web derivation to inject the correct embedded build.g
|
