openvidu/DOMINIO-PROPIO-CONFIG.md

# CONFIGURACIÓN DOMINIO PROPIO PARA LIVEKIT

## 🏠 Dominio propio (ej: livekit.midominio.com)

### Opción A: Subdominio de tu dominio existente

#### Paso 1: Configurar DNS
```
Tipo: A
Nombre: livekit
Valor: TU_IP_PUBLICA
TTL: 300

Resultado: livekit.midominio.com → TU_IP_PUBLICA
```

#### Paso 2: Port forwarding en router
```
Puerto 80 → 192.168.1.19:80     # HTTP para Let's Encrypt
Puerto 443 → 192.168.1.19:443   # HTTPS/WSS
Puerto 7880 → 192.168.1.19:7880 # LiveKit API directo
Puerto 50000-50100 (UDP) → 192.168.1.19:50000-50100  # WebRTC
```

#### Paso 3: SSL con Let's Encrypt
```bash
# Instalar certbot
sudo apt update
sudo apt install certbot nginx

# Configurar Nginx básico
sudo tee /etc/nginx/sites-available/livekit << 'EOF'
server {
    listen 80;
    server_name livekit.midominio.com;
    
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }
    
    location / {
        return 301 https://$server_name$request_uri;
    }
}
EOF

sudo ln -s /etc/nginx/sites-available/livekit /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl restart nginx

# Generar certificado SSL
sudo certbot --nginx -d livekit.midominio.com

# Resultado: certificados en /etc/letsencrypt/live/livekit.midominio.com/
```

#### Paso 4: Configurar Nginx para LiveKit
```nginx
# /etc/nginx/sites-available/livekit
server {
    listen 443 ssl http2;
    server_name livekit.midominio.com;
    
    ssl_certificate /etc/letsencrypt/live/livekit.midominio.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/livekit.midominio.com/privkey.pem;
    
    # WebSocket proxy para LiveKit
    location / {
        proxy_pass http://localhost:7880;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Timeouts para WebRTC
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}

server {
    listen 80;
    server_name livekit.midominio.com;
    return 301 https://$server_name$request_uri;
}
```

#### Paso 5: Auto-renovación SSL
```bash
# Agregar a crontab
sudo crontab -e

# Renovar certificados automáticamente
0 12 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx
```

### URLs finales:
- **LiveKit WSS**: `wss://livekit.midominio.com`
- **API HTTPS**: `https://livekit.midominio.com`

### Configurar en OpenVidu Meet:
```env
LIVEKIT_URL=wss://livekit.midominio.com
```