LiveKit Integration

The platform uses a self-hosted LiveKit server for real-time video consultations between editors and clients.

Server Infrastructure

Setting Value
EC2 Instance i-0a25a2bdec066d084
Elastic IP 3.93.221.174
Pending DNS meet.dissertation-editor.com
Protocol WebSocket Secure (WSS)
Security Group sg-02dae563ae475c9a9

The LiveKit server runs on an EC2 instance in us-east-1. Once DNS is configured, the server will be accessible at meet.dissertation-editor.com. Until then, the IP address 3.93.221.174 is used directly.

Authentication Flow

LiveKit uses JWT tokens for authentication. The flow is:

Browser -> GET /token?room=xyz&participant=Jane
  -> Lambda (tokenGenerator)
    -> Read API key + secret from SSM
    -> Generate JWT with room grant
  <- Return {token, url, room, participant}
Browser -> Connect to LiveKit via WSS with JWT

Token Generation

The tokenGenerator Lambda function:

  1. Reads the LiveKit API key and secret from SSM parameters:
    • /dissertation-editor/livekit/api-key
    • /dissertation-editor/livekit/api-secret
  2. Reads the LiveKit URL from SSM:
    • /dissertation-editor/livekit/url
  3. Creates a JWT with the following grants:
    • roomJoin: true -- participant can join the specified room
    • room: <roomName> -- token is scoped to the requested room
    • canPublish: true -- participant can share audio and video
    • canSubscribe: true -- participant can receive others' audio and video
  4. Signs the JWT with the API secret and returns it to the browser.

Tokens are short-lived (typically 6 hours) to limit the window of misuse if a token is leaked.

Room Model

LiveKit rooms are created on-demand. When the first participant connects to a room name, LiveKit creates it. When the last participant leaves, the room is automatically destroyed. No pre-provisioning is needed.

Room names are arbitrary strings. The platform does not enforce a naming convention, so editors and clients agree on a room name out of band (e.g., via email).

Frontend Integration

The frontend uses @livekit/components-react for the video UI:

'use client';

import { LiveKitRoom, VideoConference } from '@livekit/components-react';
import '@livekit/components-styles';

export default function Room({ token, url }: { token: string; url: string }) {
  return (
    <LiveKitRoom serverUrl={url} token={token} connect={true}>
      <VideoConference />
    </LiveKitRoom>
  );
}

The VideoConference component provides a complete video calling UI with participant tiles, mute/unmute controls, camera toggle, and screen sharing.

Network Requirements

LiveKit requires the following network access:

Port Protocol Purpose
443 TCP HTTPS/WSS signaling
7880 TCP LiveKit HTTP API
7881 TCP LiveKit RTC signaling
50000-60000 UDP WebRTC media transport

Clients behind restrictive firewalls may have issues if UDP ports 50000-60000 are blocked. LiveKit will attempt to fall back to TCP, but video quality may be reduced.

Server Management

SSH Access

ssh -i <your-key.pem> ec2-user@3.93.221.174

SSH access is restricted to specific IPs in the security group. Update sg-02dae563ae475c9a9 to add your IP if needed.

Checking Server Status

# On the EC2 instance
sudo systemctl status livekit-server

Viewing Server Logs

# On the EC2 instance
sudo journalctl -u livekit-server -f

Future Improvements

  • Configure DNS record for meet.dissertation-editor.com pointing to the Elastic IP
  • Add TURN server configuration for clients behind restrictive firewalls
  • Enable room recording for consultation archives