From caf772f76c3291aa8d970575fe4577a06880b7a2 Mon Sep 17 00:00:00 2001 From: Linus Gasser Date: Fri, 29 May 2026 09:22:45 +0200 Subject: [PATCH] fix: resolve TURN_DOMAIN default at .env layer docker-compose does not recursively expand nested `${...}` in `:-` defaults, so `TURN_DOMAIN=${TURN_DOMAIN:-${LIVEKIT_DOMAIN}}` leaked the literal string `${LIVEKIT_DOMAIN}` into the container, breaking TURN and WebRTC connectivity. Set the default in .env.sample where abra shell-expands it before docker-compose sees it. Co-Authored-By: Claude Opus 4.7 (1M context) --- .env.sample | 4 +++- compose.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index e8f8bb6..949bc09 100644 --- a/.env.sample +++ b/.env.sample @@ -82,7 +82,9 @@ LIVEKIT_NODE_IP= #LIVEKIT_TURN_ENABLED=false ## TURN domain — must resolve to this server's IP. ## Defaults to LIVEKIT_DOMAIN, which works for TURN/UDP setups. -#TURN_DOMAIN=turn.example.com +## NOTE: must be set here, not as a compose-level `:-` default — +## docker-compose does not recursively expand nested `${...}` references. +TURN_DOMAIN=${LIVEKIT_DOMAIN} ## TURN/UDP port (default: 443). Recommended because UDP 443 is rarely ## blocked and doesn't conflict with Traefik's TCP 443. #TURN_UDP_PORT=443 diff --git a/compose.yml b/compose.yml index 13e1bcb..cee575a 100644 --- a/compose.yml +++ b/compose.yml @@ -191,7 +191,7 @@ services: - LIVEKIT_NODE_IP - LIVEKIT_FORCE_TCP=${LIVEKIT_FORCE_TCP:-false} - LIVEKIT_TURN_ENABLED=${LIVEKIT_TURN_ENABLED:-true} - - TURN_DOMAIN=${TURN_DOMAIN:-${LIVEKIT_DOMAIN}} + - TURN_DOMAIN=${TURN_DOMAIN} - TURN_UDP_PORT=${TURN_UDP_PORT:-443} # WebRTC ICE ports must be published directly on the host. # These carry raw RTP media, not HTTP — cannot be proxied through Traefik without extra traefik compose.