4.2 KiB
4.2 KiB
SERVIDOR LIVEKIT SELF-HOSTING DEDICADO
🖥️ Setup en servidor dedicado (192.168.1.19)
Docker Compose para LiveKit Server:
# docker-compose-livekit-server.yml
version: '3.8'
services:
# LiveKit Server Principal
livekit-server:
image: livekit/livekit-server:latest
container_name: livekit-production
restart: unless-stopped
ports:
# API/WebSocket (EXPONER PÚBLICAMENTE)
- "7880:7880"
# Rango UDP para WebRTC (EXPONER PÚBLICAMENTE)
- "50000-50100:50000-50100/udp" # 100 puertos para ~10 usuarios concurrentes
volumes:
- ./livekit-production.yaml:/livekit.yaml:ro
- ./logs:/app/logs
command: --config /livekit.yaml
environment:
- LIVEKIT_CONFIG=/livekit.yaml
networks:
- livekit-network
depends_on:
- redis
# Redis para LiveKit
redis:
image: redis:7-alpine
container_name: livekit-redis
restart: unless-stopped
ports:
- "6379:6379"
command: redis-server --requirepass ${REDIS_PASSWORD:-livekitredis123}
volumes:
- redis_data:/data
networks:
- livekit-network
# Nginx SSL Termination (para HTTPS/WSS)
nginx-livekit:
image: nginx:alpine
container_name: livekit-nginx
restart: unless-stopped
ports:
- "443:443" # HTTPS/WSS (EXPONER PÚBLICAMENTE)
- "80:80" # HTTP redirect
volumes:
- ./nginx-livekit.conf:/etc/nginx/nginx.conf:ro
- ./ssl:/etc/nginx/ssl:ro # Certificados SSL
depends_on:
- livekit-server
networks:
- livekit-network
volumes:
redis_data:
networks:
livekit-network:
driver: bridge
Configuración LiveKit Production:
# livekit-production.yaml
port: 7880
bind_addresses: ["0.0.0.0"]
# API Keys seguros
keys:
production-key: tu-super-secret-de-32-caracteres-o-mas
# Redis para scaling y persistence
redis:
address: "redis:6379"
password: "livekitredis123"
db: 0
# RTC Configuration para acceso público
rtc:
# Puertos UDP (coincidir con docker-compose)
port_range_start: 50000
port_range_end: 50100
# IP pública/externa (tu IP pública o dominio)
use_external_ip: true
external_ip: "TU_IP_PUBLICA_O_DOMINIO" # ej: "mi-casa.duckdns.org"
# STUN servers para NAT traversal
ice_servers:
- urls: ["stun:stun.l.google.com:19302"]
- urls: ["stun:stun1.l.google.com:19302"]
# Room settings para producción
room:
auto_create: true
max_participants: 50
empty_timeout: 600 # 10 minutos
# Security
webhook:
# Opcional: webhook para eventos
api_key: "tu-webhook-key"
# Logging
log_level: info
log_format: json
# Enable egress (grabaciones)
# Automático con Redis
Nginx SSL para LiveKit:
# nginx-livekit.conf
events {
worker_connections 1024;
}
http {
# Redirect HTTP to HTTPS
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
# HTTPS/WSS Server
server {
listen 443 ssl http2;
server_name _;
# SSL Configuration
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# WebSocket support para LiveKit
location / {
proxy_pass http://livekit-server:7880;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeouts para WebRTC
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}
}
🔥 Firewall en servidor LiveKit:
# UFW rules para exposición pública segura
sudo ufw allow 80/tcp comment "HTTP redirect"
sudo ufw allow 443/tcp comment "HTTPS/WSS LiveKit"
sudo ufw allow 7880/tcp comment "LiveKit API directo"
sudo ufw allow 50000:50100/udp comment "WebRTC UDP range"
# Opcional: limitar SSH a red local solamente
sudo ufw allow from 192.168.1.0/24 to any port 22
sudo ufw enable
sudo ufw status numbered