From b94f5b596366e52fc50e0a1db88a065337749651 Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 18:17:37 +0700 Subject: [PATCH 1/7] Update reverse-proxy-traefik.md include adding to traefik network --- docs/deploying/reverse-proxy-traefik.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/deploying/reverse-proxy-traefik.md b/docs/deploying/reverse-proxy-traefik.md index e1edf515..0b10ebff 100644 --- a/docs/deploying/reverse-proxy-traefik.md +++ b/docs/deploying/reverse-proxy-traefik.md @@ -11,10 +11,12 @@ Install Traefik via your preferred method. You can read the official [docker qui You can setup auto renewing certificates with different kinds of [acme challenges](https://doc.traefik.io/traefik/reference/install-configuration/tls/certificate-resolvers/acme/). ### Router configurations -You only have to do any one of these methods. +Add tuwunel to your traefik's network. Be sure to change the `your.server.name` to your actual tuwunel domain. and the `yourcertresolver` should be changed to whatever you named it in your traefik config. +You only have to do any one of these methods below. + ### Labels To use labels with traefik you need to configure a [docker provider](https://doc.traefik.io/traefik/reference/install-configuration/providers/docker/). From 6e87758cf6c4d7c82cb3410198acc519ee456579 Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 19:33:51 +0700 Subject: [PATCH 2/7] add traefik network example --- docs/deploying/reverse-proxy-traefik.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/deploying/reverse-proxy-traefik.md b/docs/deploying/reverse-proxy-traefik.md index 0b10ebff..eddd6a38 100644 --- a/docs/deploying/reverse-proxy-traefik.md +++ b/docs/deploying/reverse-proxy-traefik.md @@ -13,6 +13,17 @@ You can setup auto renewing certificates with different kinds of [acme challenge ### Router configurations Add tuwunel to your traefik's network. +```yaml +services: + tuwunel: + # ... + networks: + - proxy # your traefik network name +networks: + proxy: # your traefik network name + external: true +``` + Be sure to change the `your.server.name` to your actual tuwunel domain. and the `yourcertresolver` should be changed to whatever you named it in your traefik config. You only have to do any one of these methods below. From 0aa9160af78f6fd981cc1da13319e0809ec1e47c Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 19:51:27 +0700 Subject: [PATCH 3/7] Add Traefik setup for matrix-rtc docs --- docs/matrix_rtc.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/docs/matrix_rtc.md b/docs/matrix_rtc.md index b7eac234..3b00d379 100644 --- a/docs/matrix_rtc.md +++ b/docs/matrix_rtc.md @@ -188,6 +188,82 @@ server { ``` 2. Restart Nginx. +#### 5.3. Traefik +1. Add your `matrix-rtc-jwt` `matrix-rtc-livekit` to your traefik's network +```yaml +services: + matrix-rtc-jwt: + # ... + networks: + - proxy # your traefik network name + + matrix-rtc-livekit: + # ... + networks: + - proxy # your traefik network name + +networks: + proxy: # your traefik network name + external: true +``` +2. Configure with either one of the methods below +2.1 Labels +```yaml +services: + matrix-rtc-jwt: + # ... + labels: + - "traefik.enable=true" + - "traefik.http.routers.matrixrtcjwt.entrypoints=https" + - "traefik.http.routers.matrixrtcjwt.rule=Host(`matrix-rtc.yourdomain.com`) && PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`)" + - "traefik.http.routers.matrixrtcjwt.tls=true" + - "traefik.http.routers.matrixrtcjwt.service=matrixrtcjwt" + - "traefik.http.services.matrixrtcjwt.loadbalancer.server.port=8081" + - "traefik.http.routers.matrixrtcjwt.tls.certresolver=yourcertresolver" + - "traefik.docker.network=proxy" # your traefik network name + + matrix-rtc-livekit: + # ... + labels: + - "traefik.enable=true" + - "traefik.http.routers.livekit-secure.entrypoints=https" + - "traefik.http.routers.livekit-secure.rule=Host(`matrix-rtc.yourdomain.com`)" + - "traefik.http.routers.livekit-secure.tls=true" + - "traefik.http.routers.livekit-secure.service=livekit" + - "traefik.http.services.livekit.loadbalancer.server.port=7880" + - "traefik.http.routers.livekit-secure.tls.certresolver=yourcertresolver" + - "traefik.docker.network=proxy" # your traefik network name +``` +2.2 Config file +```yaml +http: + routers: + matrixrtcjwt: + entryPoints: + - "websecure" + rule: "Host(`matrix-rtc.yourdomain.com`) && PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`)" + tls: + certResolver: "yourcertresolver" + service: matrixrtcjwt + livekit: + entryPoints: + - "websecure" + rule: "Host(`matrix-rtc.yourdomain.com`)" + tls: + certResolver: "yourcertresolver" + service: livekit + services: + matrixrtcjwt: + loadBalancer: + servers: + - url: "http://matrix-rtc-jwt:8081" + passHostHeader: true + livekit: + loadBalancer: + servers: + - url: "http://matrix-rtc-livekit:7880" + passHostHeader: true +``` ### 6. Start Docker Containers 1. Ensure you are in your matrix-rtc directory. e.g. `cd /opt/matrix-rtc`. 2. Start containers: `docker compose up -d`. From cdf188a7767342a80b2b1e50403928ee4fbd489f Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 19:53:31 +0700 Subject: [PATCH 4/7] Update matrix_rtc.md --- docs/matrix_rtc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/matrix_rtc.md b/docs/matrix_rtc.md index 3b00d379..1ff27866 100644 --- a/docs/matrix_rtc.md +++ b/docs/matrix_rtc.md @@ -214,7 +214,7 @@ services: # ... labels: - "traefik.enable=true" - - "traefik.http.routers.matrixrtcjwt.entrypoints=https" + - "traefik.http.routers.matrixrtcjwt.entrypoints=websecure" - "traefik.http.routers.matrixrtcjwt.rule=Host(`matrix-rtc.yourdomain.com`) && PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`)" - "traefik.http.routers.matrixrtcjwt.tls=true" - "traefik.http.routers.matrixrtcjwt.service=matrixrtcjwt" @@ -226,7 +226,7 @@ services: # ... labels: - "traefik.enable=true" - - "traefik.http.routers.livekit-secure.entrypoints=https" + - "traefik.http.routers.livekit-secure.entrypoints=websecure" - "traefik.http.routers.livekit-secure.rule=Host(`matrix-rtc.yourdomain.com`)" - "traefik.http.routers.livekit-secure.tls=true" - "traefik.http.routers.livekit-secure.service=livekit" From a2e5d61745bb8421abd66e1c218ed423441a0134 Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 19:54:13 +0700 Subject: [PATCH 5/7] fix formatting --- docs/matrix_rtc.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/matrix_rtc.md b/docs/matrix_rtc.md index 1ff27866..9010402a 100644 --- a/docs/matrix_rtc.md +++ b/docs/matrix_rtc.md @@ -207,6 +207,7 @@ networks: external: true ``` 2. Configure with either one of the methods below + 2.1 Labels ```yaml services: From c27fb45dc8e8fe017a76f5a45103e8cd65406613 Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 20:01:03 +0700 Subject: [PATCH 6/7] Update matrix_rtc.md --- docs/matrix_rtc.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/matrix_rtc.md b/docs/matrix_rtc.md index 9010402a..5bb6025f 100644 --- a/docs/matrix_rtc.md +++ b/docs/matrix_rtc.md @@ -227,12 +227,12 @@ services: # ... labels: - "traefik.enable=true" - - "traefik.http.routers.livekit-secure.entrypoints=websecure" - - "traefik.http.routers.livekit-secure.rule=Host(`matrix-rtc.yourdomain.com`)" - - "traefik.http.routers.livekit-secure.tls=true" - - "traefik.http.routers.livekit-secure.service=livekit" + - "traefik.http.routers.livekit.entrypoints=websecure" + - "traefik.http.routers.livekit.rule=Host(`matrix-rtc.yourdomain.com`)" + - "traefik.http.routers.livekit.tls=true" + - "traefik.http.routers.livekit.service=livekit" - "traefik.http.services.livekit.loadbalancer.server.port=7880" - - "traefik.http.routers.livekit-secure.tls.certresolver=yourcertresolver" + - "traefik.http.routers.livekit.tls.certresolver=yourcertresolver" - "traefik.docker.network=proxy" # your traefik network name ``` 2.2 Config file From 7e426e5fc826cb20f44a0085c9363c78f62368d1 Mon Sep 17 00:00:00 2001 From: Xerusion Date: Sat, 31 Jan 2026 20:06:58 +0700 Subject: [PATCH 7/7] clarify yourcertresolver --- docs/matrix_rtc.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/matrix_rtc.md b/docs/matrix_rtc.md index 5bb6025f..5e71a5e0 100644 --- a/docs/matrix_rtc.md +++ b/docs/matrix_rtc.md @@ -220,7 +220,7 @@ services: - "traefik.http.routers.matrixrtcjwt.tls=true" - "traefik.http.routers.matrixrtcjwt.service=matrixrtcjwt" - "traefik.http.services.matrixrtcjwt.loadbalancer.server.port=8081" - - "traefik.http.routers.matrixrtcjwt.tls.certresolver=yourcertresolver" + - "traefik.http.routers.matrixrtcjwt.tls.certresolver=yourcertresolver" # change to your cert resolver's name - "traefik.docker.network=proxy" # your traefik network name matrix-rtc-livekit: @@ -232,7 +232,7 @@ services: - "traefik.http.routers.livekit.tls=true" - "traefik.http.routers.livekit.service=livekit" - "traefik.http.services.livekit.loadbalancer.server.port=7880" - - "traefik.http.routers.livekit.tls.certresolver=yourcertresolver" + - "traefik.http.routers.livekit.tls.certresolver=yourcertresolver" # change to your cert resolver's name - "traefik.docker.network=proxy" # your traefik network name ``` 2.2 Config file @@ -244,14 +244,14 @@ http: - "websecure" rule: "Host(`matrix-rtc.yourdomain.com`) && PathPrefix(`/sfu/get`) || PathPrefix(`/healthz`)" tls: - certResolver: "yourcertresolver" + certResolver: "yourcertresolver" # change to your cert resolver's name service: matrixrtcjwt livekit: entryPoints: - "websecure" rule: "Host(`matrix-rtc.yourdomain.com`)" tls: - certResolver: "yourcertresolver" + certResolver: "yourcertresolver" # change to your cert resolver's name service: livekit services: matrixrtcjwt: