Skip to main content

Setting up Element Call

Introduction

Element Call is Element's next generation of video calling, set to replace Jitsi in the future. Element Call is currently an experimental feature so please use it accordingly; it is not expected to replace Jitsi yet.

How to set up Element Call

Required domains

In addition to the core set of domains for any ESS deployment, an Element Call installation on ESS uses the following domains:

  • Required:
    • Element Call Domain: the domain of the Element Call web client.
    • Element Call SFU Domain: the domain of the SFU (Selective Forwarding Unit) for forwarding media streams between call participants.
  • Optional:
    • Coturn Domain: the domain of a Coturn instance hosted by your ESS installation. Required for airgapped environments.

Ensure you have acquired DNS records for these domains before installing Element Call on your ESS instance.

Required ports

Ensure that any firewalls in front of your ESS instance allow external traffic on the following ports:

  • Required:
    • 443/tcp for accessing the Element Call web client.
    • 30881/tcp and 30882/udp, for exposing the self-hosted Livekit SFU.
  • Optional:
    • 80/http for acquiring LetsEncrypt certificates for Element Call domains.
    • UDP (and possibly TCP) ports you choose for STUN TURN and/or the UDP relay of a self-hosted Coturn.

Basic installation

In the Admin Console, visit the Configure page, select Integrations on the left sidebar, and select Element Call (Experimental).

On the next page, the SFU > Networking section must be configured. Read the descriptions of the available networking modes to decide which is appropriate for your ESS instance.

Next, click the Advanced button at the bottom of the page, then to show the Kubernetes section, then click the Show button in that section.

In the section that appears, configure the Ingress and Ingresses > SFU sections with the Element Call Domain and Element Call SFU Domain (respectively) that you acquired earlier, as well as their TLS sections to associate those domain names with an SSL certificate for secure connections.

Other settings on the page may be left at their defaults, or set to your preference.

How to set up Element Call for airgapped environments

Your ESS instance must host Coturn in order for Element Call to function in airgapped environments. To do this, click Install next to Coturn from the integrations page.

On the Coturn integration page, set the External IP of your ESS instance that clients should be able to reach it at, the Coturn Domain, and at least STUN TURN.

Then, within the Element Call integration page, ensure SFU Networking has no STUN Servers defined. This will cause the deployed Coturn to be used by connecting users as the STUN server to discover their public IP address.

Element Call with guest access

By default, Element Call shares the same user access restrictions as the Synapse homeserver. This means that unless Synapse has been configured to allow guest users, calls on Element Call are accessible only to Matrix users registered on the Synapse homeserver. However, enabling guest users in Synapse to allow unregistered access to Element Call opens up the entire homeserver to guest account creation, which may be undesirable.

To solve the needs of allowing guest access to Element Call while blocking guest account creation on the homeserver, it is possible to grant guess access via federation with an additional dedicated homeserver, managed by an additional ESS instance. This involves a total of two ESS instances:

  • The main instance: an existing fully-featured ESS instance where registered accounts are homed & all integrations, including Element Call, are installed. Has Synapse configured with closed or restricted registration.
  • The guest instance: an additional ESS instance used only to host guest accounts, and to provide its own deployment of Element Call for unregistered/guest access. Has Synapse configured with open registration.

Guest access to Element Call is achieved via a closed federation between the two instances: the main instance federates with the guest instance and any other homeservers it wishes to federate with, and the guest homeserver federates only with the main instance. This allows unregistered users to join Element Call on the main instance by creating an account on the guest instance with open registration, while preventing these guest accounts from being used to reach any other homeservers.

How to set up Element Call with guest access

  • Install Element Call on your existing ESS instance by following the prior instructions on this page. This will be your main instance.
  • Prepare another ESS instance, then follow the prior instructions to install Element Call on it. This will be your guest instance.
  • Set custom images for Element Web and Element Call:
    • Log into each instance via SSH and follow these steps:
      • Save a file with the following content:
        • on the main instance:
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: element-call-main-overrides
          namespace: element-onprem
        data:
          images_digests: |
            element_web:
              element_web:
                image_repository_server: docker.io
                image_repository_path: vectorim/element-web
                image_tag: develop
                image_digest: sha256:0c5a025a4097a14f95077befad417f4a5af501cc2bc1dbda5ce0b055af0514eb
        
        • on the guest instance:
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: element-call-guest-overrides
          namespace: element-onprem
        data:
          images_digests: |
            element_call:
              element_call:
                image_repository_server: ghcr.io
                image_repository_path: element-hq/element-call
                image_tag: latest-ci
                image_digest: sha256:a9fbf8049567c2c11b4ddf8afbf98586a528e799d7f95266c7ae2ed16f250a56
        
      • Run kubectl -n element-onprem apply -f <path-to-saved-file>
    • In the admin console of each instance:
      • Set Cluster > Advanced > Config > Image Digests Config Map to:
        • element-call-main-overrides on the main instance
        • element-call-guest-overrides on the guest instance
      • In Synapse > Advanced > Additional, add this YAML content:
      experimental_features:
        msc3266_enabled: true
      
  • In the admin console of the main instance:
    • In Element Web > Advanced > Additional configuration, add this JSON content:
    {
      "features": {
        "feature_new_room_decoration_ui": true,
        "feature_ask_to_join": true
      },
      "element_call": {
        "guest_spa_url": "https://<guest-instance-element-call-domain>"
      }
    }
    
    • To limit federation to only the guest instance, apply these settings in the Synapse section:
      • Set Profile > Federation Type to Limited
      • Set Config > Registration to Closed
      • Set Advanced > Allow List to include the the guest instance's Synapse Domain
  • In the admin console of the guest instance:
    • In Synapse > Advanced > Additional, add this YAML content:
    experimental_features:
      msc3266_enabled: true
    
    • To limit federation to only the main instance, apply these settings in the Synapse section:
      • Set Profile > Federation Type to Limited
      • Set Config > Registration to Closed
      • Set Advanced > Allow List to include the main instance's Synapse Domain
    • In Integrations > Element Call > Additional configuration, add this JSON content:
    { 
      "livekit": { 
        "livekit_service_url": "https://<main-instance-sfu-domain>"
      } 
    }