# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2018-2026, Slavi Pantaleev, Aine Etke, MDAD community members
# This file is distributed under the same license as the matrix-docker-ansible-deploy package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: matrix-docker-ansible-deploy \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2026-03-31 05:49+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#: ../../../docs/configuring-playbook-livekit-server.md:8
msgid "Setting up LiveKit Server (optional)"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:10
msgid "The playbook can install and configure [LiveKit Server](https://github.com/livekit/livekit) for you."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:12
msgid "LiveKit Server is an open source project that provides scalable, multi-user conferencing based on WebRTC. It's designed to provide everything you need to build real-time video audio data capabilities in your applications."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:14
msgid "💡 LiveKit Server is automatically installed and configured when either [Element Call](configuring-playbook-element-call.md) or the [Matrix RTC stack](configuring-playbook-matrix-rtc.md) is enabled, so you don't need to do anything extra."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:16
msgid "The [Ansible role for LiveKit Server](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server) is developed and maintained by [the MASH (mother-of-all-self-hosting) project](https://github.com/mother-of-all-self-hosting). For details about configuring LiveKit Server, you can check them via:"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:17
msgid "🌐 [the role's documentation at the MASH project](https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server/blob/main/docs/configuring-livekit-server.md) online"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:18
msgid "📁 `roles/galaxy/livekit_server/docs/configuring-livekit-server.md` locally, if you have [fetched the Ansible roles](installing.md#update-ansible-roles)"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:20
msgid "Adjusting firewall rules"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:22
msgid "To ensure LiveKit Server functions correctly, the following firewall rules and port forwarding settings are required:"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:24
msgid "`7881/tcp`: ICE/TCP"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:26
msgid "`7882/udp`: ICE/UDP Mux"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:28
msgid "`3479/udp`: TURN/UDP. Also see the [Limitations](#limitations) section below."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:30
msgid "`5350/tcp`: TURN/TCP. Also see the [Limitations](#limitations) section below."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:32
msgid "`30000-30020/udp`: TURN relay range used by LiveKit's embedded TURN server."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:34
msgid "💡 The suggestions above are inspired by the upstream [Ports and Firewall](https://docs.livekit.io/home/self-hosting/ports-firewall/) documentation based on how LiveKit is configured in the playbook. If you're using custom configuration for the LiveKit Server role, you may need to adjust firewall rules accordingly."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:36
msgid "TURN TLS handling"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:38
msgid "When `matrix_playbook_reverse_proxy_type` is `playbook-managed-traefik` (which is the default for this playbook), TURN over TCP is terminated by Traefik and forwarded to LiveKit with `turn.external_tls = true`. In this playbook default, this mode is enabled automatically when SSL is enabled and TURN is enabled."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:40
msgid "The playbook installs a dedicated Traefik TCP entrypoint for TURN (`matrix-livekit-turn`) by default and binds it to `tcp/5350`."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:41
msgid "`livekit_server_config_turn_external_tls` is automatically enabled for this setup."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:42
msgid "Because Traefik handles TLS, LiveKit no longer needs certificate-file paths for TURN in this mode."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:44
msgid "To opt out and keep TURN TLS termination in LiveKit itself, set:"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:50
msgid "In this playbook, certificate paths are managed automatically via `group_vars/matrix_servers` when certificate dumping is enabled."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:52
msgid "If your setup uses `other-traefik-container` or [another reverse-proxy](./configuring-playbook-own-webserver.md), behavior is unchanged by default and still relies on certificates being available inside the container as before."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:54
msgid "Deployments using `other-traefik-container` can opt into the same Traefik-terminated mode there, by setting:"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:62
msgid "and configuring their own Traefik TCP entrypoint dedicated to LiveKit TURN traffic."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:64
msgid "Limitations"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:66
msgid "LiveKit Server's TURN listener behavior depends on where TLS is terminated:"
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:68
msgid "Direct LiveKit TURN listeners (`livekit_server_config_turn_external_tls: false`) still use IPv4-only sockets for `3479/udp` and `5350/tcp`, so IPv6 connectivity to these endpoints is not possible."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:69
msgid "With [TURN TLS handling](#turn-tls-handling) (`livekit_server_config_turn_external_tls: true`), the playbook's dedicated `matrix-livekit-turn` TCP entrypoint can still listen on both IPv4 and IPv6. Traefik then forwards TURN/TCP to LiveKit."
msgstr ""

#: ../../../docs/configuring-playbook-livekit-server.md:71
msgid "It appears that LiveKit Server intentionally only listens on `udp4` and `tcp4` in direct mode, as seen [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L128) and [here](https://github.com/livekit/livekit/blob/154b4d26b769c68a03c096124094b97bf61a996f/pkg/service/turn.go#L92)."
msgstr ""