RSS

Tuwunel – Matrix Chat and Voice/Video/Screen Conferencing for Groups

unethical_ban1 pts0 comments

Tuwunel - Matrix Chat + Voice/Video/Screen Conferencing for Groups [Notes from Zeropolis]

tech:tuwunel

Table of Contents

Tuwunel - Matrix Chat + Voice/Video/Screen Conferencing for Groups

DNS Configuration

Tuwunel installation

Livekit Installation

livekit-server

lk-jwt-service

Enable systemd services

Caddy Configuration

Open Firewall Ports / Port Forwarding

Start all services

First Use / Client access

Epilogue - Clients and encryption

Tuwunel - Matrix Chat + Voice/Video/Screen Conferencing for Groups

This is the instruction for configuring a standalone, non-federated Matrix server with voice/video conferencing. For private groups, this could be a suitable, privacy-oriented alternative to Discord.

I used Fedora as the OS. The instructions mostly apply regardless of distribution.

My setup uses two servers: One that hosts all the services, and a separate server for caddy's proxy. Adjust your caddy config to point to localhost if you run it all on one machine.

I disabled SELinux which is probably stupid. Try getting things running without doing that. If you run into issues, that might be it.

High level:

DNS entries: matrix. , matrix-rtc. , chat.

Tuwunel RPM installation

Configure toml

Listens on matrix.example.com 443 and 8448

chown files

Livekit-server curl installation

Configure yaml

chown files

systemd file

lk-jwt-service

download static, move to /usr/local/bin

configure .env

chown file

systemd file

Caddy config

Start all services

DNS Configuration

You will need two domains/subdomains at a minimum; three if you setup your own web client hosting.

matrix.example.com - Matrix server location

matrix-rtc.exapmle.com - RTC and JWT location

chat.example.com - Optional, not covered here - self-hosted web app location.

Set these up now, so by the time you're ready to stand up your caddy config, everything works right away.

Tuwunel installation

https://github.com/matrix-construct/tuwunel

Install tuwunel - static RPM for fedora, static DEB for Debian. Packages for arch and some others.

The RPM builds the config directory, data directory and installs the binary.

This is a sample config block of /etc/tuwunel/tuwunel.conf.

Modify any line with “example.com” and change the token value to something secure - passphrase is good so you can easily share with friends.

[global]<br>server_name = "matrix.example.com"<br>registration_token = ""<br>database_path = "/var/lib/tuwunel"<br>new_user_displayname_suffix = ""<br>address = ["0.0.0.0"]<br>port = 8008<br>ip_source = "rightmost_x_forwarded_for"

allow_registration = true<br>allow_encryption = true<br>allow_federation = false<br>allow_public_room_directory_over_federation = false<br>allow_public_room_directory_without_auth = false<br>allow_guest_registration = false

[global.well_known]<br>client = "https://matrix.example.com"<br>server = "matrix.example.com:443"<br>livekit_url = "matrix-rtc.zeropolis.net"

After installation, lock tuwunel files down a bit.

find /var/lib/tuwunel -type d -exec chmod 750 {} + && find /var/lib/tuwunel -type f -exec chmod 640 {} +

Livekit Installation

Livekit has two components: The main RTC server and a JWT server that bonds RTC to Tuwunel.

livekit-server

Download livekit-server at https://docs.livekit.io/transport/self-hosting/local/ - I trusted the curl command.

This extracts to /usr/local/bin/livekit-server.

Create user

useradd –system –no-create-home –shell /sbin/nologin –comment “Service account for livekit” livekit

Create /etc/systemd/system/livekit-server.service

[Unit]<br>Description=LiveKit Server<br>After=network.target<br>Wants=network-online.target

[Service]<br>ExecStart=/usr/local/bin/livekit-server --config /etc/livekit-server.yaml<br>Restart=on-failure<br>RestartSec=5s<br>StandardOutput=journal<br>StandardError=journal<br>SyslogIdentifier=livekit

# Run as a dedicated user if one exists, otherwise remove these two lines<br>User=livekit<br>Group=livekit

[Install]<br>WantedBy=multi-user.target

Configure /etc/livekit-server.yaml and chown to livekit

port: 7880<br>log_level: info<br>rtc:<br>tcp_port: 7881<br>port_range_start: 50100<br>port_range_end: 50200<br># use_external_ip should be set to true for most cloud environments where<br># the host has a public IP address, but is not exposed to the process.<br># LiveKit will attempt to use STUN to discover the true IP, and advertise<br># that IP with its clients<br>use_external_ip: true<br>keys:

lk-jwt-service

Download binary at https://github.com/element-hq/lk-jwt-service

Move to /usr/local/bin

Create /etc/systemd/system/lk-jwt-service.service

[Unit]<br>Description=LiveKit JWT Service<br>After=network.target<br>Wants=network-online.target

[Service]<br>ExecStart=/usr/local/bin/lk-jwt-service<br>EnvironmentFile=/etc/lk-jwt.env<br>Restart=on-failure<br>RestartSec=5s<br>StandardOutput=journal<br>StandardError=journal<br>SyslogIdentifier=lk-jwt-service<br>User=livekit<br>Group=livekit

[Install]<br>WantedBy=multi-user.target

Create /etc/lk-jwt-service.env and chown to...

livekit tuwunel matrix server service installation

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.