services:
  auth-service:
    image: ghcr.io/element-hq/lk-jwt-service:latest
    container_name: element-call-jwt
    hostname: auth-server
    environment:
      - LK_JWT_PORT=8080
      - LIVEKIT_URL=https://matrix-rtc.example.com/livekit/sfu  # Update with valid registered domain name.
      - LIVEKIT_KEY=devkey
      - LIVEKIT_SECRET=${LIVEKIT_SECRET}
      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com  # Update with valid registered domain name.
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"

      # HTTPS router for JWT
      - "traefik.http.routers.matrix-auth-https.entrypoints=https"
      - "traefik.http.routers.matrix-auth-https.rule=Host(`matrix-rtc.example.com`) && PathPrefix(`/livekit/jwt`)"  # Update with valid registered domain name.
      - "traefik.http.routers.matrix-auth-https.tls=true"
      - "traefik.http.routers.matrix-auth-https.tls.certresolver=http"
      - "traefik.http.routers.matrix-auth-https.middlewares=matrix-auth-strip-prefix"

      # Inline middleware to strip /livekit/jwt
      - "traefik.http.middlewares.matrix-auth-strip-prefix.stripPrefix.prefixes=/livekit/jwt"

      - "traefik.http.services.auth-service.loadbalancer.server.port=8080"
    networks:
      - proxy

  livekit:
    image: livekit/livekit-server:latest
    container_name: element-call-livekit
    command: --config /etc/livekit.yaml
    restart: unless-stopped
    volumes:
      - ./data/livekit/config.yaml:/etc/livekit.yaml:ro
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"

      # HTTPS router for SFU
      - "traefik.http.routers.livekit-https.entrypoints=https"
      - "traefik.http.routers.livekit-https.rule=Host(`matrix-rtc.example.com`) && PathPrefix(`/livekit/sfu`)"  # Update with valid registered domain name.
      - "traefik.http.routers.livekit-https.tls=true"
      - "traefik.http.routers.livekit-https.tls.certresolver=http"
      - "traefik.http.routers.livekit-https.middlewares=livekit-strip-prefix"

      # Inline middleware to strip /livekit/sfu
      - "traefik.http.middlewares.livekit-strip-prefix.stripPrefix.prefixes=/livekit/sfu"

      - "traefik.http.services.livekit.loadbalancer.server.port=7880"
    networks:
      - proxy
    ports:
      - 7880:7880/tcp
      - 7881:7881/tcp
      - 50100-50200:50100-50200/udp

networks:
  proxy:
    external: true