DerGrumpf/Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0adefff202e7d620d42fae9725e667d9b59255f4
Notes/server.md
T
DerGrumpf 2ce03ca25e vault backup (): 05-05-2026 16:54 
Files Changed: 5
A Dailys/12.05.2026.md server.md, M Dailys/2026/05 Mai/06.05.2026.md, D Test.md conflict-files-obsidian-git.md
2026-05-05 16:54:23 +02:00

93 lines
4.5 KiB
Markdown
Raw Blame History

INFO Server SYS-3 CPU: Intel Xeon-E 2288G - 8c/16t - 3.7 GHz/5 GHz: dedicated server(resurrection)(vehicle)(duel)OVH
ip: 51.91.80.158
SSH password: c9DVSPntoWquzp1X
user: jeff
port: 222
# MatrixRTC / Element Call Troubleshooting Summary
## Infrastructure
- **cyper-proxy**: nginx, livekit, lk-jwt-service
- **cyper-controller**: matrix-synapse 1.151.0, postgresql, element-web, cinny, fluffychat
---
## Changes Made
### synapse.nix (controller)
- Added `msc3401_enabled`, `msc4143_enabled`, `msc4195_enabled` to `experimental_features`
### livekit.nix (proxy)
- `livekitUrl` changed from `ws://127.0.0.1:7880` to `wss://cyperpunk.de/livekit/sfu`
- Added `settings.rtc.use_external_ip = true`
- Added `settings.rtc.tcp_port`, `udp_port`, port ranges
- Added `MATRIX_BASE_URL` and `LIVEKIT_FULL_ACCESS_HOMESERVERS` to environment
### nginx.nix (proxy)
- Fixed `/livekit/jwt` location to use trailing slash on both location and proxyPass to strip prefix correctly
- Added trailing slash to `/livekit/sfu/` proxyPass to strip prefix before forwarding to LiveKit
- Added WebSocket timeouts to `/livekit/sfu` location
### clients.nix (controller)
- Fixed `element_call.url` from JWT service URL to Element Call frontend URL
- Added `livekit.livekit_service_url` pointing to JWT service
- Set `feature_disable_call_per_sender_encryption = true`
- Added `elementCallConfigured` derivation self-hosting Element Call
---
## What Works
- nginx correctly routes `/livekit/jwt/` to lk-jwt-service (confirmed via 405 on GET)
- nginx correctly routes `/livekit/sfu/` to LiveKit (confirmed via 400)
- lk-jwt-service authenticates Matrix users correctly
- lk-jwt-service issues JWTs successfully
- LiveKit SFU WebSocket connection works when JWT contains correct public URL
- Synapse MSC4143 `/rtc/transports` endpoint responds correctly when authenticated
- Hairpin NAT works on cyper-proxy (confirmed via curl returning 400 from LiveKit)
- well-known serves correct `org.matrix.msc4143.rtc_foci`
---
## Remaining Problems
### Problem 1: Room Creation Fails (critical)
**Error:** `Unable to create room on SFU`
**Root cause:** `LIVEKIT_URL` in lk-jwt-service serves two purposes:
1. Used internally by lk-jwt-service to call the LiveKit RoomService API to create rooms
2. Embedded in the JWT token returned to the client for WebSocket connection
These cannot be split in lk-jwt-service v0.4.3 — there is no separate env var for each purpose.
- `ws://127.0.0.1:7880` → room creation works, but client receives `ws://127.0.0.1:7880` in JWT and cannot connect
- `wss://cyperpunk.de/livekit/sfu` → client receives correct URL in JWT, but room creation fails
Room creation fails despite hairpin NAT working. The exact error from lk-jwt-service is only `Unable to create room on SFU` with no further detail in logs. LiveKit logs nothing when this happens, suggesting the request never reaches LiveKit's RoomService. The LiveKit Go SDK converts `wss://` to `https://` for the RoomService Twirp API — it is unclear whether nginx correctly handles this Twirp HTTP/2 traffic through the `/livekit/sfu/` proxy path.
### Problem 2: Element Web Bundles Wrong Element Call Build (critical)
**Error:** `Unknown or unsupported from-widget action: io.element.join`
**Root cause:** The nixpkgs build of Element Web 1.12.10 bundles the **standalone/spa** build of Element Call (`spa-3dms9gnk.js`) at `/widgets/element-call/`, but the correct build for widget embedding is `@element-hq/element-call-embedded@0.16.3`. This is a nixpkgs packaging bug. The standalone build does not use the widget API, so it makes direct Matrix API calls which fail with 401 (no access token) and does not support `io.element.join`/`io.element.close` widget actions.
This affects both Element Web and Cinny.
Using `call.element.io` as the frontend avoids this problem as it serves the correct embedded build, but Problem 1 (room creation) must be resolved first.
---
## Next Steps
1. Determine why lk-jwt-service room creation fails when using `wss://cyperpunk.de/livekit/sfu` — specifically whether nginx is correctly proxying Twirp HTTP/2 traffic to LiveKit's RoomService on port 7880, or whether a separate internal proxy path is needed for the API vs WebSocket traffic.
2. Once room creation works with the public URL, use `call.element.io` as `element_call.url` since it serves the correct embedded build.
3. Long term: track the nixpkgs fix for the embedded Element Call packaging bug, or override the Element Web derivation to inject the correct embedded build.g
Reference in New Issue View Git Blame Copy Permalink