Merge pull request #2719 from element-hq/fkwp/docker_compose_non_host…

…network

docker compose non hostnetwork setup

.gitignore

@@ -6,5 +6,6 @@ dist-ssr
 *.local
 .idea/
 public/config.json
+backend/synapse_tmp/*
 /coverage
 yarn-error.log

README.md

@@ -3,17 +3,24 @@
 [![Chat](https://img.shields.io/matrix/webrtc:matrix.org)](https://matrix.to/#/#webrtc:matrix.org)
 [![Localazy](https://img.shields.io/endpoint?url=https%3A%2F%2Fconnect.localazy.com%2Fstatus%2Felement-call%2Fdata%3Fcontent%3Dall%26title%3Dlocalazy%26logo%3Dtrue)](https://localazy.com/p/element-call)
 
-Group calls with WebRTC that leverage [Matrix](https://matrix.org) and an open-source WebRTC toolkit from [LiveKit](https://livekit.io/).
+Group calls with WebRTC that leverage [Matrix](https://matrix.org) and an
+open-source WebRTC toolkit from [LiveKit](https://livekit.io/).
 
-For prior version of the Element Call that relied solely on full-mesh logic, check [`full-mesh`](https://github.com/element-hq/element-call/tree/full-mesh) branch.
+For prior version of the Element Call that relied solely on full-mesh logic,
+check [`full-mesh`](https://github.com/element-hq/element-call/tree/full-mesh)
+branch.
 
 ![A demo of Element Call with six people](demo.jpg)
 
-To try it out, visit our hosted version at [call.element.io](https://call.element.io). You can also find the latest development version continuously deployed to [call.element.dev](https://call.element.dev/).
+To try it out, visit our hosted version at
+[call.element.io](https://call.element.io). You can also find the latest
+development version continuously deployed to
+[call.element.dev](https://call.element.dev/).
 
 ## Host it yourself
 
-Until prebuilt tarballs are available, you'll need to build Element Call from source. First, clone and install the package:
+Until prebuilt tarballs are available, you'll need to build Element Call from
+source. First, clone and install the package:
 
 ```
 git clone https://github.com/element-hq/element-call.git
@@ -22,17 +29,23 @@ yarn
 yarn build
 ```
 
-If all went well, you can now find the build output under `dist` as a series of static files. These can be hosted using any web server that can be configured with custom routes (see below).
+If all went well, you can now find the build output under `dist` as a series of
+static files. These can be hosted using any web server that can be configured
+with custom routes (see below).
 
-You may also wish to add a configuration file (Element Call uses the domain it's hosted on as a Homeserver URL by default,
-but you can change this in the config file). This goes in `public/config.json` - you can use the sample as a starting point:
+You may also wish to add a configuration file (Element Call uses the domain it's
+hosted on as a Homeserver URL by default, but you can change this in the config
+file). This goes in `public/config.json` - you can use the sample as a starting
+point:
 
 ```
 cp config/config.sample.json public/config.json
 # edit public/config.json
 ```
 
-Because Element Call uses client-side routing, your server must be able to route any requests to non-existing paths back to `/index.html`. For example, in Nginx you can achieve this with the `try_files` directive:
+Because Element Call uses client-side routing, your server must be able to route
+any requests to non-existing paths back to `/index.html`. For example, in Nginx
+you can achieve this with the `try_files` directive:
 
 ```
 server {
@@ -44,28 +57,63 @@ server {
 }
 ```
 
-By default, the app expects you to have a Matrix homeserver (such as [Synapse](https://element-hq.github.io/synapse/latest/setup/installation.html)) installed locally and running on port 8008. If you wish to use a homeserver on a different URL or one that is hosted on a different server, you can add a config file as above, and include the homeserver URL that you'd like to use.
+By default, the app expects you to have a Matrix homeserver (such as
+[Synapse](https://element-hq.github.io/synapse/latest/setup/installation.html))
+installed locally and running on port 8008. If you wish to use a homeserver on a
+different URL or one that is hosted on a different server, you can add a config
+file as above, and include the homeserver URL that you'd like to use.
 
-Element Call requires a homeserver with registration enabled without any 3pid or token requirements, if you want it to be used by unregistered users. Furthermore, it is not recommended to use it with an existing homeserver where user accounts have joined normal rooms, as it may not be able to handle those yet and it may behave unreliably.
+Element Call requires a homeserver with registration enabled without any 3pid or
+token requirements, if you want it to be used by unregistered users.
+Furthermore, it is not recommended to use it with an existing homeserver where
+user accounts have joined normal rooms, as it may not be able to handle those
+yet and it may behave unreliably.
 
-Therefore, to use a self-hosted homeserver, this is recommended to be a new server where any user account created has not joined any normal rooms anywhere in the Matrix federated network. The homeserver used can be setup to disable federation, so as to prevent spam registrations (if you keep registrations open) and to ensure Element Call continues to work in case any user decides to log in to their Element Call account using the standard Element app and joins normal rooms that Element Call cannot handle.
+Therefore, to use a self-hosted homeserver, this is recommended to be a new
+server where any user account created has not joined any normal rooms anywhere
+in the Matrix federated network. The homeserver used can be setup to disable
+federation, so as to prevent spam registrations (if you keep registrations open)
+and to ensure Element Call continues to work in case any user decides to log in
+to their Element Call account using the standard Element app and joins normal
+rooms that Element Call cannot handle.
 
 ## Configuration
 
-There are currently two different config files. `.env` holds variables that are used at build time, while `public/config.json` holds variables that are used at runtime. Documentation and default values for `public/config.json` can be found in [ConfigOptions.ts](src/config/ConfigOptions.ts).
+There are currently two different config files. `.env` holds variables that are
+used at build time, while `public/config.json` holds variables that are used at
+runtime. Documentation and default values for `public/config.json` can be found
+in [ConfigOptions.ts](src/config/ConfigOptions.ts).
 
-If you're using [Synapse](https://github.com/element-hq/synapse/), you'll need to additionally add the following to `homeserver.yaml` or Element Call won't work:
+If you're using [Synapse](https://github.com/element-hq/synapse/), you'll need
+to additionally add the following to `homeserver.yaml` or Element Call won't
+work:
 
 ```
 experimental_features:
+    # MSC3266: Room summary API. Used for knocking over federation
     msc3266_enabled: true
+
+# The maximum allowed duration by which sent events can be delayed, as
+# per MSC4140.
+max_event_delay_duration: 24h
+
+rc_message:
+  # This needs to match at least the heart-beat frequency plus a bit of headroom
+  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+  per_second: 0.5
+  burst_count: 30
 ```
 
-MSC3266 allows to request a room summary of rooms you are not joined.
-The summary contains the room join rules. We need that to decide if the user gets prompted with the option to knock ("ask to join"), a cannot join error or the join view.
+MSC3266 allows to request a room summary of rooms you are not joined. The
+summary contains the room join rules. We need that to decide if the user gets
+prompted with the option to knock ("ask to join"), a cannot join error or the
+join view.
 
-Element Call requires a Livekit SFU behind a Livekit jwt service to work. The url to the Livekit jwt service can either be configured in the config of Element Call (fallback/legacy configuration) or be configured by your homeserver via the `.well-known`.
-This is the recommended method.
+Element Call requires a Livekit SFU alongside a [Livekit JWT
+service](https://github.com/element-hq/lk-jwt-service) to work. The url to the
+Livekit JWT service can either be configured in the config of Element Call
+(fallback/legacy configuration) or be configured by your homeserver via the
+`.well-known/matrix/client`. This is the recommended method.
 
 The configuration is a list of Foci configs:
 
@@ -88,13 +136,18 @@ The configuration is a list of Foci configs:
 
 ## Translation
 
-If you'd like to help translate Element Call, head over to [Localazy](https://localazy.com/p/element-call). You're also encouraged to join the [Element Translators](https://matrix.to/#/#translators:element.io) space to discuss and coordinate translation efforts.
+If you'd like to help translate Element Call, head over to
+[Localazy](https://localazy.com/p/element-call). You're also encouraged to join
+the [Element Translators](https://matrix.to/#/#translators:element.io) space to
+discuss and coordinate translation efforts.
 
 ## Development
 
 ### Frontend
 
-Element Call is built against [matrix-js-sdk](https://github.com/matrix-org/matrix-js-sdk/pull/2553). To get started, clone, install, and link the package:
+Element Call is built against
+[matrix-js-sdk](https://github.com/matrix-org/matrix-js-sdk/pull/2553). To get
+started, clone, install, and link the package:
 
 ```
 git clone https://github.com/matrix-org/matrix-js-sdk.git
@@ -112,6 +165,15 @@ yarn
 yarn link matrix-js-sdk
 ```
 
+To use it, create a local config by, e.g., `cp ./config/config.devenv.json
+./public/config.json` and adapt it if necessary. The `config.devenv.json` config
+should work with the backend development environment as outlined in the next
+section out of box.
+
+(Be aware, that this `config.devenv.json` is exposing a deprecated fallback
+LiveKit config key. If the homeserver advertises SFU backend via
+`.well-known/matrix/client` this has precedence.)
+
 You're now ready to launch the development server:
 
 ```
@@ -120,25 +182,25 @@ yarn dev
 
 ### Backend
 
-A docker compose file is provided to start a LiveKit server and auth
-service for development. These use a test 'secret' published in this
-repository, so this must be used only for local development and
-**_never be exposed to the public Internet._**
+A docker compose file `dev-backend-docker-compose.yml` is provided to start the
+whole stack of components which is required for a local development environment:
 
-To use it, add a SFU parameter in your local config `./public/config.json`:
-(Be aware, that this is only the fallback Livekit SFU. If the homeserver
-advertises one in the client well-known, this will not be used.)
+- Minimum Synapse Setup (servername: synapse.localhost)
+- LiveKit JWT Service (Note requires Federation API and hence a TLS reverse proxy)
+- Minimum TLS reverse proxy (servername: synapse.localhost) Note certificates
+  are valid for at least 10 years from now
+- Minimum LiveKit SFU Setup using dev defaults for config
+- Redis db for completness
 
-```json
-"livekit": {
-  "livekit_service_url": "http://localhost:7881"
-},
-```
+These use a test 'secret' published in this repository, so this must be used
+only for local development and **_never be exposed to the public Internet._**
 
 Run backend components:
 
 ```
 yarn backend
+# or  for podman-compose
+# podman-compose -f dev-backend-docker-compose.yml up
 ```
 
 ### Test Coverage
@@ -150,22 +212,25 @@ yarn backend
 To add a new translation key you can do these steps:
 
 1. Add the new key entry to the code where the new key is used: `t("some_new_key")`
-1. Run `yarn i18n` to extract the new key and update the translation files. This will add a skeleton entry to the `public/locales/en-GB/app.json` file:
+1. Run `yarn i18n` to extract the new key and update the translation files. This
+   will add a skeleton entry to the `public/locales/en-GB/app.json` file:
    ```jsonc
    {
        ...
        "some_new_key": "",
        ...
    }
    ```
-1. Update the skeleton entry in the `public/locales/en-GB/app.json` file with the English translation:
-   ```jsonc
+1. Update the skeleton entry in the `public/locales/en-GB/app.json` file with
+   the English translation:
+
+```jsonc
    {
        ...
        "some_new_key": "Some new key",
        ...
    }
-   ```
+```
 
 ## Documentation
 

backend/dev_homeserver.yaml

@@ -0,0 +1,51 @@
+server_name: "synapse.localhost"
+public_baseurl: http://synapse.localhost:8008/
+
+pid_file: /data/homeserver.pid
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation, openid]
+        compress: false
+
+database:
+  name: sqlite3
+  args:
+    database: /data/homeserver.db
+
+media_store_path: /data/media_store
+signing_key_path: "/data/SERVERNAME.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
+
+experimental_features:
+  # MSC3266: Room summary API. Used for knocking over federation
+  msc3266_enabled: true
+
+# The maximum allowed duration by which sent events can be delayed, as
+# per MSC4140. Must be a positive value if set.  Defaults to no
+# duration (null), which disallows sending delayed events.
+max_event_delay_duration: 24h
+
+# Ratelimiting settings for client actions (registration, login, messaging).
+#
+# Each ratelimiting configuration is made of two parameters:
+#   - per_second: number of requests a client can send per second.
+#   - burst_count: number of requests a client can send before being throttled.
+
+rc_message:
+  # This needs to match at least the heart-beat frequency plus a bit of headroom
+  # Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
+  per_second: 0.5
+  burst_count: 30
+
+# Required for Element Call in Single Page Mode due to on-the-fly user registration
+enable_registration: true
+enable_registration_without_verification: true
+
+report_stats: false
+serve_server_wellknown: true

backend/tls_localhost_cert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIUCmJjl3HAeLmrPwRg+/OzikW6peQwDQYJKoZIhvcNAQEL
+BQAwazELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9u
+ZG9uMQ4wDAYDVQQKDAVBbHJvczEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDESMBAG
+A1UEAwwJbG9jYWxob3N0MB4XDTI0MTEwNDIxNDcwMFoXDTM0MTEwMjIxNDcwMFow
+azELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9u
+MQ4wDAYDVQQKDAVBbHJvczEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs368
+ExLSudP8luNoY5UfaPqBSVJUPYBi+JGyd36tyN75p5OI7xSfHTttQxuD4KrExBFP
+C8mAhE1eoZPBVBOZJ4FYWBJfMaQnCjeqU+laP36td65kSJYbUYlKYH1WpxEpCdgx
+wWOKkP/kPX5YXbYqODx9aBJXgoT3yAJW7AniIoL+eLFnS9Xo86TPqCDBTJU9ocwK
+gPIDLhDv60724rhZT1kbGp7ECqRovndoDTQjuws2D3yNMfQ+4rrQGPXHGmP5PcaR
+0R7uueB+6APyC7MJbuhbxxg/+DFHrRi3lJsgwxuh2hi/+vWw8zgKlgYIwHFA9X0l
+cX0UlQdENMH3bgcGIwIDAQABo1MwUTAdBgNVHQ4EFgQUUFGxw7zoiHXGwRqtagjZ
+RPYc85cwHwYDVR0jBBgwFoAUUFGxw7zoiHXGwRqtagjZRPYc85cwDwYDVR0TAQH/
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEALokb1z2lu3qW141b2wm14ilZQKCZ
+reNNuUR95Uom96FXPH4QVEH+mYTXXJ5UrfNhQYKQFpdE+5S4HL/UqEOxtWvbAHpK
+nsLQ62J8m+0+uwiJGqeQpWr03KJgXDAVE9X3XwMlp/+buxSLhc+GIHWuXW56itV2
+jiZJYjhO5SnhhgTWNoVZk93qXuuWEN0yacw7c3Fr1IvFYYYWufbXTk70dbZihPDK
+VD141o8tpp6FerSKHNYDqkVFDyTz3DVOhQQJ59zfMre7bFr+PpTTl4vIuGzXEY+E
+HPjUSlOzwkCoh5fu7Fs3qG55rJt8akhTEoKpiBTaLucgAjVWNHeci1+Yxg==
+-----END CERTIFICATE-----

backend/tls_localhost_key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzfrwTEtK50/yW
+42hjlR9o+oFJUlQ9gGL4kbJ3fq3I3vmnk4jvFJ8dO21DG4PgqsTEEU8LyYCETV6h
+k8FUE5kngVhYEl8xpCcKN6pT6Vo/fq13rmRIlhtRiUpgfVanESkJ2DHBY4qQ/+Q9
+flhdtio4PH1oEleChPfIAlbsCeIigv54sWdL1ejzpM+oIMFMlT2hzAqA8gMuEO/r
+TvbiuFlPWRsansQKpGi+d2gNNCO7CzYPfI0x9D7iutAY9ccaY/k9xpHRHu654H7o
+A/ILswlu6FvHGD/4MUetGLeUmyDDG6HaGL/69bDzOAqWBgjAcUD1fSVxfRSVB0Q0
+wfduBwYjAgMBAAECggEACTqdSExxzJ+LX5ARFaWyOBSWly2GKqSyR14+aInOklhx
+9QgkmfOxJrCf3TvJ8RWhXloW0Aqr8qGDxG0Ixgjn7rG7gskXCey1xn8MNppLS0kj
+ztaG+NB3AR89ABm8XdoHsSY45geh3/Ni9I0i1VardGQafUJhgNLTZqjwIodzkBtJ
+S/bi4uFk1lGNfuvWQvWqzGXUvd1l1YupV6iA4GfhXlUvrSBZwftLBD6xEvQaSqsA
+pHvBxTfMXG4RMAkNPDIElkuQ8++CGi1gIRkJfmrv4OgbbitteMnxqqqGYV0zSNCg
+R/5FG6umIV7lDLBHZCSCk7wmfmq2UUvzhHThHy4yMQKBgQDu4TwFJCIcVIj7Wj4r
+DUBFvz6Lgbltqb+YAMUBtpiDcAQxDJWmedh6dK04ts5CFAFRlRjjuz2uFn7qlVBm
+uye9R7tL+tOv5viqDXU78a4snFywoXub6yzpbxrW8B4W1pdIUvQmhwCcDwvO1V24
+7Vj2vxcM5I9dsk1aCQSi3VY5yQKBgQDAW/VoTRwhU6OUc6sji5Z5dnkMjkP6NZK9
+CSrTWLAMGaLPY+g6fFS7JMNSvfWm/okypD6rcN7p0cxMK3mfFKmMiyPRde0wdrci
+sGFjGxM/2d2D7KTMC9iMYwA0K17UIna+UiYPfhR/muIg/dCyjlkKDFs9Z4jk//r1
+91bmznt2iwKBgFdiYXhn/Wprqih4nKFXGZnqGdEixVhObl4GegrkZuo+AeqHdf8O
+N5ikMfG7PbyCYPEdH5u/FRMn+4mI0X6jHChroyJqQSHp1jEu9yHUiSicknOyvusM
+nsNN932FHRyxp2m3nsSxQhHUlzc0ajKJ8K9iu+XlfmSCIzW6cs25Nh+xAoGBAJro
+M0wIdPPdsCj3sUVRvx8XqknTM6kGhaIYBNXoYPWNm5BaC4U15OJEq8sxUOdnqcMP
+g6x6m/k+S8C3bh0O/a9Bydl/l0BlCfw0gGjYP/s2ju4Tn272xy/e9iYNGzPIgUmp
+TB9D0GwmpZ4d6HgyrD+sTbm4bATGpCp6QhBjDggbAoGBAJVMMtZ4pF8D6mLMRZGR
+pQjNPy+MH13XYmDRc/BSF8KJ4yKk3tohr9LSXzxR0SEB43NoL1bHkucZrNjGyL8x
+jktnwkoIs96kO2mPrl1TqWkXs5RjGkkSTbAJovIcvkRU31SWap/WzN2kHpmRVcQc
+KEFKXT5fUYZCLLWxhgZFlGPp
+-----END PRIVATE KEY-----