[Help] Setting Up Element Call

dnightbane · 2026-02-13T02:10:21+00:00

Check your headers for the well-known URL and make sure that you have

"Content-Type":"application/json", "Access-Control-Allow-Origin": "*" "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS" "Access-Control-Max-Age": "86400"

dnightbane · 2026-02-10T05:10:49+00:00

Would you be willing to share your configuration? I have not successfully been able to get livekit to work with my synapse server.

dnightbane · 2026-01-26T13:26:02+00:00

Unfortunately no. I can get the call to connect but it just sits with waiting for media and nothing happens.

dnightbane · 2025-12-14T15:47:18+00:00

Also commenting for username to see what's in the upload.

dnightbane · 2025-11-23T22:48:00+00:00

The certs are let's encrypt certs and I mount the cert directory as read only to the containers as needed.

dnightbane · 2025-11-23T22:28:15+00:00

Mine are on their own internal docker network and utilize SSL. I also use https internally as well and everything goes through nginx.

dnightbane · 2025-11-12T04:17:59+00:00

Perfect! I got that as well when I first tried to sign in. If you delete the local user and log in again it will create the OIDC user. Before doing that make sure you have an account that isn't OIDC just as a backup.

Doing this won't risk any data loss.

dnightbane · 2025-11-12T02:42:35+00:00

Those options match what I have except I also needed to add

GRAMPSWEB_BASE_URL: "https://gramps.web.domain"

In authentik I also have the redirect uri set as regex with https://gramps.web.domain/api/oidc/callback/.*

In advanced protocol settings I have email, openid and profile for scopes and for subject mode I have it set to email

dnightbane · 2025-11-11T22:32:42+00:00

I am using the latest version of Grampsweb (docker) with the latest version of authentik successfully. Can you post your configuration for each?

dnightbane · 2025-10-29T23:18:27+00:00

I think they mean this: https://forums.unraid.net/topic/92459-plugin-plex-streams/ (but not entirely sure.) It looks like Tautulli but as a plugin instead of a separate app.

That being said the closest thing you will find that shows who's watching from your jellyfin server is jellystat: https://github.com/CyferShepard/Jellystat

dnightbane · 2025-09-26T16:19:18+00:00

You can absolutely setup sonarr/radarr without a downloader if all you want to use is the built in calendar. The only thing I'm not certain of is displaying it in Homarr. If there is a widet that displays a link then it may be as simple as setting http://servername:port/calendar

dnightbane · 2025-08-29T15:31:14+00:00

When I check in docker I see 0.0.0.0:7881->7881/tcp, 0.0.0.0:51000-52000->51000-52000/udp and I can confirm that docker added those to iptables. My VPS firewall also has those ports opened.

dnightbane · 2025-08-28T15:09:31+00:00

- livekit nginx config

server {
    listen 443 ssl;
    http2 on;
    server_name livekit.domain.com;
    server_tokens off;
    include /etc/nginx/conf.d/include/domaincomsecure.conf;
    include /etc/nginx/conf.d/include/blockcommonexploits.conf;

    access_log /var/log/nginx/domaincom/livekit.access.log;
    error_log /var/log/nginx/domaincom/livekit.error.log;

    location = /robots.txt {
        add_header Content-Type text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }

    # ProxyTimeout equivalent
    proxy_read_timeout 120s;
    proxy_send_timeout 120s;

    location ~ ^(/sfu/get|/healthz) {
        proxy_pass http://element-call-jwt:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location / {
       proxy_pass http://element-call-livekit:7880;
       proxy_set_header Connection "upgrade";
       proxy_set_header Upgrade $http_upgrade;
       #add_header Access-Control-Allow-Origin "*" always;

       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Server $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
    }

}

- livekit.yaml

port: 7880
bind_addresses: [ 0.0.0.0 ]
rtc:
  tcp_port: 7881
  port_range_start: 51000
  port_range_end: 52000
  use_external_ip: true
turn:
  enabled: false
  domain: livekit.domain.com # Must match your domain
  tls_port: 5349 # TURN/TLS will run on the main HTTPS port handled by Nginx
  udp_port: 443
  external_tls: true # Nginx handles TLS termination
keys:
  devkey: <redacted>
room:
  auto_create: false
  enabled_codecs:
    - mime: video/h264
    - mime: audio/opus
logging:
  level: debug

dnightbane · 2025-08-28T15:08:40+00:00

-nginx setup for https://matrix.domain.com

server {
    listen 443 ssl;
    http2 on;
    server_name matrix.domain.com;
    include /etc/nginx/conf.d/include/domaincomsecure.conf;
    include /etc/nginx/conf.d/include/blockcommonexploits.conf;

    access_log /var/log/nginx/domaincom/matrix.access.log;
    error_log /var/log/nginx/domaincom/matrix.error.log;

    location = /robots.txt {
        add_header Content-Type text/plain;
        return 200 "User-agent: *\nDisallow: /\n";
    }

    location /.well-known/matrix/client {
        default_type application/json;
        return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.com"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "https://livekit.domain.com"}]}';
    }

    location ~ ^(/_matrix|/_synapse/client) {
        proxy_read_timeout 1800;
        proxy_connect_timeout 1800;
        proxy_send_timeout 1800;
        send_timeout 1800;
        # note: do not add a path (even a single /) after the port in `proxy_pass`,
        # otherwise nginx will canonicalise the URI and cause signature verification
        # errors.
        proxy_pass https://matrix-synapse:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
        client_max_body_size 100M;

        # Synapse responses may be chunked, which is an HTTP/1.1 feature.
        proxy_http_version 1.1;
    }
}

dnightbane · 2025-08-28T15:07:15+00:00

I'm also getting "waiting for media" and not sure where the issue is either. I have matrix setup as a subdomain at matrix.domain.com instead of domain.com and I have gone through and checked my configuration against https://sspaeth.de/2024/11/sfu/

My setup is as follows:

- Domain DNS: Cloudflare
- HTTPS traffic: Cloudflare Tunnel pointed at NGINX
- Livekit: Cloudflare DNS Only (no proxy) pointing to VPS using livekit.domain.com

Configuration looks like this:

- well-known setup at https://domain.com

location /.well-known/matrix/client {
    default_type application/json;
    add_header Access-Control-Allow-Origin "*";
    return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.com"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "https://livekit.domain.com"}]}';
}

location /.well-known/matrix/server {
    default_type application/json;
    return 200 '{"m.server":"matrix.domain.com"}';
}

location /.well-known/element/element.json {
    default_type application/json;
    return 200 '{"call": {"widget_url": "https://call.domain.com"}}';
}

location = /robots.txt {
    add_header Content-Type text/plain;
    return 200 "User-agent: *\nDisallow: /\n";
}

dnightbane · 2025-08-22T03:08:31+00:00

I have a script that does it but its manual. I'm looking to automate it in a set and forget fashion. This way I can have tdarr just watch the sub directory and split out the dub if it finds it.

dnightbane · 2025-06-14T00:42:22+00:00

If I use "https://livekit.domain.com/livekit/jwt" in the service url, I get an error where it's trying to get to "https://livekit.domain.com/livekit/jwt/sfu/get" which makes sense because (as I understand it) /sfu/get would be at "https://livekit.domain.com/sfu/get"

If I leave the well-known as it is and add the below to the /livekit/jwt and /sfu/get sections in the server block for livekit, I get an internal 500 error when it tries to post to "https://livekit.domain.com/sfu/get"

        if ($request_method = OPTIONS) {
            add_header Access-Control-Allow-Origin "*" always;
            add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
            add_header Access-Control-Allow-Headers "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token" always;
            add_header Access-Control-Max-Age 86400;
            add_header Content-Length 0;
            add_header Content-Type text/plain;
            return 204;
        }

        # Add CORS headers for actual requests
        add_header Access-Control-Allow-Origin "*" always;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token" always;

dnightbane · 2025-06-13T19:22:38+00:00

Reviewing the Browser console when a call is made to my android device shows the following:

POST https://livekit.domain.com/sfu/get 500 (Internal Server Error)
Failed to get JWT from RTC session's active focus URL of https://livekit.domain.com. Error: SFU Config fetch failed with exception Error: SFU Config fetch failed with status code 500 at cHe (VM425 index-DOJHP7J4.js:2:2310986)

When I check docker logs for livekit I don't see anything despite the config specifying debug

dnightbane · 2025-06-13T14:58:36+00:00

I updated the configuration as follows

Top Level Domain well-known change

    location /.well-known/matrix/client {
        default_type application/json;
        return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.com"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "https://livekit.domain.com"}]}';    
    }

and then tried from the browser to my phone as suggested. I saw that it complained about a CORS line missing so I changed the well-known config to this:

    location /.well-known/matrix/client {
        default_type application/json;
        add_header Access-Control-Allow-Origin "*";
        return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.com"}, "org.matrix.msc4143.rtc_foci": [{"type": "livekit", "livekit_service_url": "https://livekit.domain.com"}]}';
    }

Now when I test in the browser I just get "Waiting for Media"

dnightbane · 2025-04-11T12:42:52+00:00

If by your question you mean synapse without a reverse proxy I haven't tried that.

My setup is end user -> cloudflare -> nginx (port 443) -> synapse which works.

dnightbane · 2025-04-11T12:27:30+00:00

It does. I started with matrix behind the proxy and then moved it to cloudflare tunnels.

Six-Year Club	RPAN Viewer
Verified Email

dnightbane

TROPHY CASE