iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-05-18 17:40:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update LiveKit Server role to v1.12.0-0

Browse Source 
LiveKit v1.12.0 tightens TURN security: credentials now carry a TTL,
and TURN no longer relays to restricted peer CIDRs by default. The
role defaults match upstream's secure defaults and are appropriate
for typical playbook deployments.

Bumps the migration-validation gate accordingly so users are pointed
at the CHANGELOG entry on next run.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
2026-05-18 09:25:30 +03:00
parent 3ce630830c
commit eb79e2180d
5 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/configuring-playbook-livekit-server.md
+6
View File
@@ -61,6 +61,12 @@ livekit_server_container_labels_turn_traefik_entrypoints: "<your-livekit-turn-tr
and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic.
## TURN access controls
LiveKit's embedded TURN server enforces a credential TTL and restricts which peer CIDRs it will relay to. The playbook leaves these at the role's secure defaults, which are appropriate for typical deployments where TURN peers live on the public Internet.
If your setup needs TURN to relay to private/restricted ranges, or you want to override the credential TTL, see the [TURN access controls and credential TTL](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md#turn-access-controls-and-credential-ttl) section of the role's documentation.
## Limitations
LiveKit Server's TURN listener behavior depends on where TLS is terminated: