fix: add livekit_server_container_http_host_bind_port for nginx-on-ho…#4961
Open
AlexanderBrolin wants to merge 6 commits intospantaleev:masterfrom
Open
fix: add livekit_server_container_http_host_bind_port for nginx-on-ho…#4961AlexanderBrolin wants to merge 6 commits intospantaleev:masterfrom
AlexanderBrolin wants to merge 6 commits intospantaleev:masterfrom
Conversation
…st setups
The upstream galaxy/livekit_server role never publishes port 7880 (HTTP
signaling) to the host — it assumes a Traefik container on the same Docker
network. This breaks setups where nginx runs on a separate host and proxies
to the Matrix server over LAN.
Changes:
- Fork galaxy/livekit_server → roles/custom/livekit_server/ so the patch
survives `make roles` (which wipes roles/galaxy/)
- Add livekit_server_container_http_host_bind_port variable (defaults to "")
in defaults/main.yml; when set, publishes the HTTP port via -p flag
- Add {% if livekit_server_container_http_host_bind_port %} block in the
systemd service template to conditionally map the port
- Guard network-creation tasks with `and livekit_server_container_network != 'host'`
to prevent 403 errors when network: host is configured
- Update setup.yml: galaxy/livekit_server → custom/livekit_server
Usage in vars.yml:
livekit_server_container_http_host_bind_port: '192.168.90.83:7880'
https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB
Author
|
1 |
- Revert setup.yml to use galaxy/livekit_server (avoids loading all
uninstalled galaxy roles when running with --tags)
- Add livekit.yml: minimal standalone playbook that only includes
galaxy/systemd_docker_base and custom/livekit_server, so livekit
setup can run independently without requiring all other galaxy roles
Usage:
ansible-playbook -i inventory/hosts livekit.yml \
--tags=setup-livekit-server,start-group-services
https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB
matrix_user_uid/gid, matrix_server_fqn_matrix, matrix_addons_container_network are all defined by custom/matrix-base and required by livekit_server role. https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB
devture_playbook_help_container_retries_count/delay are defined by galaxy/playbook_help and required by install.yml image pull tasks. https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB
When using an external nginx (e.g. on a separate host) to reverse-proxy the LiveKit JWT Service at a path prefix, the nginx location block MUST include a trailing slash. Without it: `location ^~ /livekit-jwt-service` + `proxy_pass .../;` replaces `/livekit-jwt-service` with `/`, producing `//get_token` (double slash). Go's net/http issues a 301 redirect to normalize the path. Element Call follows the redirect to the wrong URL, fails to get a JWT token, and the call establishes at the Matrix signaling level but without any audio or video. With trailing slash: `location ^~ /livekit-jwt-service/` replaces the prefix correctly, producing `/get_token` with a single slash. The same trailing-slash rule applies to the livekit-server location block to avoid path issues for any sub-paths. The built-in Traefik setup is unaffected (uses stripprefix middleware). https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…st setups
The upstream galaxy/livekit_server role never publishes port 7880 (HTTP signaling) to the host — it assumes a Traefik container on the same Docker network. This breaks setups where nginx runs on a separate host and proxies to the Matrix server over LAN.
Changes:
make roles(which wipes roles/galaxy/)and livekit_server_container_network != 'host'to prevent 403 errors when network: host is configuredUsage in vars.yml:
livekit_server_container_http_host_bind_port: '192.168.90.83:7880'
https://claude.ai/code/session_01SbRgWsRDKpTZ2TTbWDhtEB