# SERVIDOR LIVEKIT SELF-HOSTING DEDICADO ## 🖥️ Setup en servidor dedicado (192.168.1.19) ### Docker Compose para LiveKit Server: ```yaml # docker-compose-livekit-server.yml version: '3.8' services: # LiveKit Server Principal livekit-server: image: livekit/livekit-server:latest container_name: livekit-production restart: unless-stopped ports: # API/WebSocket (EXPONER PÚBLICAMENTE) - "7880:7880" # Rango UDP para WebRTC (EXPONER PÚBLICAMENTE) - "50000-50100:50000-50100/udp" # 100 puertos para ~10 usuarios concurrentes volumes: - ./livekit-production.yaml:/livekit.yaml:ro - ./logs:/app/logs command: --config /livekit.yaml environment: - LIVEKIT_CONFIG=/livekit.yaml networks: - livekit-network depends_on: - redis # Redis para LiveKit redis: image: redis:7-alpine container_name: livekit-redis restart: unless-stopped ports: - "6379:6379" command: redis-server --requirepass ${REDIS_PASSWORD:-livekitredis123} volumes: - redis_data:/data networks: - livekit-network # Nginx SSL Termination (para HTTPS/WSS) nginx-livekit: image: nginx:alpine container_name: livekit-nginx restart: unless-stopped ports: - "443:443" # HTTPS/WSS (EXPONER PÚBLICAMENTE) - "80:80" # HTTP redirect volumes: - ./nginx-livekit.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/nginx/ssl:ro # Certificados SSL depends_on: - livekit-server networks: - livekit-network volumes: redis_data: networks: livekit-network: driver: bridge ``` ### Configuración LiveKit Production: ```yaml # livekit-production.yaml port: 7880 bind_addresses: ["0.0.0.0"] # API Keys seguros keys: production-key: tu-super-secret-de-32-caracteres-o-mas # Redis para scaling y persistence redis: address: "redis:6379" password: "livekitredis123" db: 0 # RTC Configuration para acceso público rtc: # Puertos UDP (coincidir con docker-compose) port_range_start: 50000 port_range_end: 50100 # IP pública/externa (tu IP pública o dominio) use_external_ip: true external_ip: "TU_IP_PUBLICA_O_DOMINIO" # ej: "mi-casa.duckdns.org" # STUN servers para NAT traversal ice_servers: - urls: ["stun:stun.l.google.com:19302"] - urls: ["stun:stun1.l.google.com:19302"] # Room settings para producción room: auto_create: true max_participants: 50 empty_timeout: 600 # 10 minutos # Security webhook: # Opcional: webhook para eventos api_key: "tu-webhook-key" # Logging log_level: info log_format: json # Enable egress (grabaciones) # Automático con Redis ``` ### Nginx SSL para LiveKit: ```nginx # nginx-livekit.conf events { worker_connections 1024; } http { # Redirect HTTP to HTTPS server { listen 80; server_name _; return 301 https://$host$request_uri; } # HTTPS/WSS Server server { listen 443 ssl http2; server_name _; # SSL Configuration ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; # WebSocket support para LiveKit location / { proxy_pass http://livekit-server:7880; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Timeouts para WebRTC proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } } } ``` ## 🔥 Firewall en servidor LiveKit: ```bash # UFW rules para exposición pública segura sudo ufw allow 80/tcp comment "HTTP redirect" sudo ufw allow 443/tcp comment "HTTPS/WSS LiveKit" sudo ufw allow 7880/tcp comment "LiveKit API directo" sudo ufw allow 50000:50100/udp comment "WebRTC UDP range" # Opcional: limitar SSH a red local solamente sudo ufw allow from 192.168.1.0/24 to any port 22 sudo ufw enable sudo ufw status numbered ```