DerGrumpf/Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Notes/server.md
T
DerGrumpf 2ce03ca25e vault backup (): 05-05-2026 16:54 
Files Changed: 5
A Dailys/12.05.2026.md server.md, M Dailys/2026/05 Mai/06.05.2026.md, D Test.md conflict-files-obsidian-git.md
2026-05-05 16:54:23 +02:00

4.5 KiB
Raw Permalink Blame History

INFO Server SYS-3 CPU: Intel Xeon-E 2288G - 8c/16t - 3.7 GHz/5 GHz: dedicated server(resurrection)(vehicle)(duel)OVH ip: 51.91.80.158 SSH password: c9DVSPntoWquzp1X user: jeff port: 222

MatrixRTC / Element Call Troubleshooting Summary

Infrastructure

  • cyper-proxy: nginx, livekit, lk-jwt-service
  • cyper-controller: matrix-synapse 1.151.0, postgresql, element-web, cinny, fluffychat

Changes Made

synapse.nix (controller)

  • Added msc3401_enabled, msc4143_enabled, msc4195_enabled to experimental_features

livekit.nix (proxy)

  • livekitUrl changed from ws://127.0.0.1:7880 to wss://cyperpunk.de/livekit/sfu
  • Added settings.rtc.use_external_ip = true
  • Added settings.rtc.tcp_port, udp_port, port ranges
  • Added MATRIX_BASE_URL and LIVEKIT_FULL_ACCESS_HOMESERVERS to environment

nginx.nix (proxy)

  • Fixed /livekit/jwt location to use trailing slash on both location and proxyPass to strip prefix correctly
  • Added trailing slash to /livekit/sfu/ proxyPass to strip prefix before forwarding to LiveKit
  • Added WebSocket timeouts to /livekit/sfu location

clients.nix (controller)

  • Fixed element_call.url from JWT service URL to Element Call frontend URL
  • Added livekit.livekit_service_url pointing to JWT service
  • Set feature_disable_call_per_sender_encryption = true
  • Added elementCallConfigured derivation self-hosting Element Call

What Works

  • nginx correctly routes /livekit/jwt/ to lk-jwt-service (confirmed via 405 on GET)
  • nginx correctly routes /livekit/sfu/ to LiveKit (confirmed via 400)
  • lk-jwt-service authenticates Matrix users correctly
  • lk-jwt-service issues JWTs successfully
  • LiveKit SFU WebSocket connection works when JWT contains correct public URL
  • Synapse MSC4143 /rtc/transports endpoint responds correctly when authenticated
  • Hairpin NAT works on cyper-proxy (confirmed via curl returning 400 from LiveKit)
  • well-known serves correct org.matrix.msc4143.rtc_foci

Remaining Problems

Problem 1: Room Creation Fails (critical)

Error: Unable to create room on SFU

Root cause: LIVEKIT_URL in lk-jwt-service serves two purposes:

  1. Used internally by lk-jwt-service to call the LiveKit RoomService API to create rooms
  2. Embedded in the JWT token returned to the client for WebSocket connection

These cannot be split in lk-jwt-service v0.4.3 — there is no separate env var for each purpose.

  • ws://127.0.0.1:7880 → room creation works, but client receives ws://127.0.0.1:7880 in JWT and cannot connect
  • wss://cyperpunk.de/livekit/sfu → client receives correct URL in JWT, but room creation fails

Room creation fails despite hairpin NAT working. The exact error from lk-jwt-service is only Unable to create room on SFU with no further detail in logs. LiveKit logs nothing when this happens, suggesting the request never reaches LiveKit's RoomService. The LiveKit Go SDK converts wss:// to https:// for the RoomService Twirp API — it is unclear whether nginx correctly handles this Twirp HTTP/2 traffic through the /livekit/sfu/ proxy path.

Problem 2: Element Web Bundles Wrong Element Call Build (critical)

Error: Unknown or unsupported from-widget action: io.element.join

Root cause: The nixpkgs build of Element Web 1.12.10 bundles the standalone/spa build of Element Call (spa-3dms9gnk.js) at /widgets/element-call/, but the correct build for widget embedding is @element-hq/element-call-embedded@0.16.3. This is a nixpkgs packaging bug. The standalone build does not use the widget API, so it makes direct Matrix API calls which fail with 401 (no access token) and does not support io.element.join/io.element.close widget actions.

This affects both Element Web and Cinny.

Using call.element.io as the frontend avoids this problem as it serves the correct embedded build, but Problem 1 (room creation) must be resolved first.

Next Steps

  1. Determine why lk-jwt-service room creation fails when using wss://cyperpunk.de/livekit/sfu — specifically whether nginx is correctly proxying Twirp HTTP/2 traffic to LiveKit's RoomService on port 7880, or whether a separate internal proxy path is needed for the API vs WebSocket traffic.

  2. Once room creation works with the public URL, use call.element.io as element_call.url since it serves the correct embedded build.

  3. Long term: track the nixpkgs fix for the embedded Element Call packaging bug, or override the Element Web derivation to inject the correct embedded build.g

Reference in New Issue View Git Blame Copy Permalink