Environment Variables
All configuration lives in docker/.env. Copy .env.example and fill in the required values.
Required Variables
Domain & TLS
| Variable | Example | Description |
|---|---|---|
DOMAIN | rtc.example.com | Your public domain. Caddy uses this for TLS. |
CADDY_EMAIL | admin@example.com | Email for Let's Encrypt certificate registration. |
RTCstack API
| Variable | Example | Description |
|---|---|---|
API_KEY | my-api-key | Key your backend sends in X-Api-Key. |
API_SECRET | 32-char-random | HMAC secret for request signing. Use openssl rand -hex 32. |
LiveKit
| Variable | Example | Description |
|---|---|---|
LIVEKIT_API_KEY | devkey | LiveKit API key (matches livekit.yaml). |
LIVEKIT_API_SECRET | 32-char-secret | LiveKit API secret. Use openssl rand -hex 32. |
LIVEKIT_RTC_EXTERNAL_IP | 203.0.113.10 | Public IP for ICE candidates. Required for non-localhost. |
LIVEKIT_WSS_URL | wss://rtc.example.com/livekit | Full WSS URL returned in token responses. |
Redis
| Variable | Example | Description |
|---|---|---|
REDIS_PASSWORD | changeme | Redis requirepass value. |
MinIO / S3
| Variable | Example | Description |
|---|---|---|
MINIO_ROOT_USER | minioadmin | MinIO root user. |
MINIO_ROOT_PASSWORD | changeme | MinIO root password. |
MINIO_BUCKET | rtcstack-recordings | Bucket for recordings. Created automatically on first start. |
S3_ACCESS_KEY | minioadmin | Same as MINIO_ROOT_USER for local. Use IAM key for AWS S3. |
S3_SECRET_KEY | changeme | Same as MINIO_ROOT_PASSWORD for local. |
S3_ENDPOINT | http://minio:9000 | Internal MinIO endpoint. Set to "" for AWS S3. |
S3_REGION | us-east-1 | Region. Any value works for local MinIO. |
coturn
| Variable | Example | Description |
|---|---|---|
TURN_SECRET | 32-char-random | Shared HMAC secret for coturn auth. Use openssl rand -hex 32. |
TURN_REALM | rtc.example.com | TURN realm — typically your domain. |
Optional Variables
Transcription Add-on
| Variable | Default | Description |
|---|---|---|
TRANSCRIPTION_LIVE_ENABLED | false | Enable live transcription endpoints. |
TRANSCRIPTION_POST_ENABLED | false | Enable post-call transcription queue. |
Token TTL
| Variable | Default | Description |
|---|---|---|
TOKEN_TTL_SECONDS | 21600 | LiveKit JWT lifetime (default 6 hours). |
Generating Secrets
bash
# API secret
openssl rand -hex 32
# LiveKit secret
openssl rand -hex 32
# TURN secret
openssl rand -hex 32Never commit .env to version control. The .gitignore excludes it by default.
Using AWS S3 Instead of MinIO
Set these values in .env:
dotenv
S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
S3_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
S3_ENDPOINT=
S3_REGION=us-east-1
MINIO_BUCKET=my-recordings-bucketLeave S3_ENDPOINT empty — the SDK uses the default AWS endpoint when it's blank.