- This guide supports both AWS EC2 and Azure VM with Terraform.
# Local and VM
# Clone repository
git clone git@github.com:Arata1202/WorkAdventure.git
cd WorkAdventure
# Install dependencies
make wa-init
Create Resources with Terraform
# Local
# Move to repository
cd WorkAdventure
cd terraform/aws # or terraform/azure
# Prepare and edit variables file
cp variables.tf.example variables.tf
vi variables.tf
# Create resources
terraform init
terraform plan
terraform apply
- Default for AWS is SSM.
- Default for Azure is SSH (Azure Bastion can be costly).
# Local
# Move to repository
cd WorkAdventure
# Prepare and edit .envrc file
cp .envrc.example .envrc
vi .envrc
# Allow direnv to load variables
direnv allow .
# Connect to AWS EC2 via SSM
make ssm
# Switch to ubuntu user
sudo -iu ubuntu
# Required
export EC2_INSTANCE_ID=<EC2_INSTANCE_ID>
- Default for AWS is SSM.
- Default for Azure is SSH (Azure Bastion can be costly).
# Local
# Move to repository
cd WorkAdventure
# Prepare and edit .envrc file
cp .envrc.example .envrc
vi .envrc
# Allow direnv to load variables
direnv allow .
# Connect to VM via SSH
make ssh P=aws # or P=azure
# Sync Repository to VM
make rsync P=aws # or P=azure
# Required
export EC2_SSH_KEY_PATH=<EC2_SSH_KEY_PATH>
export EC2_PUBLIC_IPV4_ADDRESS=<EC2_PUBLIC_IPV4_ADDRESS>
# or
export ARM_SUBSCRIPTION_ID=<AZURE_SUBSCRIPTION_ID>
export AZURE_SSH_KEY_PATH=<AZURE_SSH_KEY_PATH>
export AZURE_PUBLIC_IPV4_ADDRESS=<AZURE_PUBLIC_IPV4_ADDRESS>
Set Up WorkAdventure Server
# VM
# Set up Ubuntu
./ubuntu/setup.sh
# Move to repository
cd WorkAdventure
# Remove existing .env file
rm -f .env
# Generate random strings for .env values
openssl rand -hex 16
openssl rand -hex 32
# Prepare and edit .env file
cp .env.example .env
vi .env
# Encrypt .env file
make encrypt
# Start server
make up
# Required
SECRET_KEY=<UNIQUE_RANDOM_64_HEX>
DOMAIN=<YOUR_FQDN>
MAP_STORAGE_AUTHENTICATION_TOKEN=<UNIQUE_RANDOM_64_HEX>
MAP_STORAGE_AUTHENTICATION_USER=admin
MAP_STORAGE_AUTHENTICATION_PASSWORD=<UNIQUE_RANDOM_32_HEX>
- Add an A record in your DNS provider to point your domain to the VM public IP
| Record Name |
Type |
Value |
TTL |
| <YOUR_FQDN> |
A |
<VM_PUBLIC_IPV4_ADDRESS> |
300 |
Edit .env file for basic settings
# VM
# Move to repository
cd WorkAdventure
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
TZ=Asia/Tokyo
# Optional
ACME_EMAIL=<EMAIL_ADDRESS>
ENABLE_TELEMETRY=true
SECURITY_EMAIL=<EMAIL_ADDRESS>
FEATURE_FLAG_BROADCAST_AREAS=true
Upload a Map Edited with Tiled
# Local
# Move to repository
cd WorkAdventure/maps
# Prepare .env file
cp .env.example .env
# Preview the map locally
make wa-dev
# Edit the map file (office.tmj) using Tiled
# Upload the map
make wa-upload
Please enter your Map storage URL: https://<YOUR_FQDN>/map-storage/
Please enter your API Key: <MAP_STORAGE_AUTHENTICATION_TOKEN>
Upload directory: maps
# VM
# Move to repository
cd WorkAdventure
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
START_ROOM_URL=/~/maps/office.wam
MAP_STORAGE_ENABLE_BEARER_AUTHENTICATION=true
- Access the uploaded map
https://<YOUR_FQDN>
- Configure GitHub Actions secrets
# Required
UPLOAD_MODE=MAP_STORAGE
MAP_STORAGE_URL=https://<YOUR_FQDN>/map-storage/
MAP_STORAGE_API_KEY=<MAP_STORAGE_AUTHENTICATION_TOKEN>
UPLOAD_DIRECTORY=maps
- Access Google Cloud Platform
- Create a new project
- Go to APIs & Services -> OAuth consent screen
- App name: WorkAdventure
- User support email: <EMAIL_ADDRESS>
- User Type: External
- Contact Information: <EMAIL_ADDRESS>
- Go to APIs & Services -> Credentials
- Create OAuth client ID
- Application type: Web application
- Name: WorkAdventure
- Authorized redirect URIs:
https://<YOUR_FQDN>/openid-callback
- Save the Client ID and Client Secret
# VM
# Move to repository
cd WorkAdventure
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
OPENID_CLIENT_ID=<GOOGLE_CLIENT_ID>
OPENID_CLIENT_SECRET=<GOOGLE_CLIENT_SECRET>
OPENID_CLIENT_ISSUER=https://accounts.google.com
OPENID_LOGOUT_REDIRECT_URL=https://<YOUR_FQDN>
OPENID_USERNAME_CLAIM=email
OPENID_SCOPE=openid email profile
# Optional
DISABLE_ANONYMOUS=true
MAP_EDITOR_ALLOWED_USERS=<EMAIL_ADDRESS>
MAP_EDITOR_ALLOW_ALL_USERS=false
# VM
# Move to repository
cd WorkAdventure
# Generate random strings for .env values
openssl rand -hex 32
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
LIVEKIT_HOST=https://livekit.<YOUR_FQDN>
LIVEKIT_API_KEY=<UNIQUE_RANDOM_64_HEX>
LIVEKIT_API_SECRET=<UNIQUE_RANDOM_64_HEX>
# Optional
MAX_PER_GROUP=<NUMBER>
- Add an A record in your DNS provider to point your domain to the VM public IP
| Record Name |
Type |
Value |
TTL |
| livekit.<YOUR_FQDN> |
A |
<VM_PUBLIC_IPV4_ADDRESS> |
300 |
# VM
# Move to repository
cd WorkAdventure
# Generate random strings for .env values
openssl rand -hex 32
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
TURN_SERVER=turn:<YOUR_FQDN>:3478,turns:<YOUR_FQDN>:5349
TURN_STATIC_AUTH_SECRET=<UNIQUE_RANDOM_64_HEX>
STUN_SERVER=stun:stun.l.google.com:19302
- Add the following redirect URI to the existing Google OAuth client used by WorkAdventure (LiveKit configuration).
https://matrix.<YOUR_FQDN>/_synapse/client/oidc/callback
# VM
# Move to repository
cd WorkAdventure
# Generate random strings for .env values
openssl rand -hex 16
openssl rand -hex 32
# Edit .env file
make decrypt
vi .env
make encrypt
# Change /data permissions
npx dotenvx run -- docker compose run --rm --user root --entrypoint sh synapse -lc 'chown -R 991:991 /data'
# Create a Matrix Admin User
npx dotenvx run -- sh -lc 'docker compose exec synapse register_new_matrix_user -c /data/homeserver.yaml -u "$MATRIX_ADMIN_USER" -p "$MATRIX_ADMIN_PASSWORD" --admin http://localhost:8008'
# Restart server
make up-f
# Required
MATRIX_API_URI=http://synapse:8008/
MATRIX_DOMAIN=matrix.<YOUR_FQDN>
MATRIX_PUBLIC_URI=https://matrix.<YOUR_FQDN>
MATRIX_ADMIN_USER=admin
MATRIX_ADMIN_PASSWORD=<UNIQUE_RANDOM_32_HEX>
MATRIX_REGISTRATION_SHARED_SECRET=<UNIQUE_RANDOM_64_HEX>
MATRIX_MACAROON_SECRET_KEY=<UNIQUE_RANDOM_64_HEX>
MATRIX_FORM_SECRET=<UNIQUE_RANDOM_64_HEX>
POSTGRES_DB=synapse
POSTGRES_USER=admin
POSTGRES_PASSWORD=<UNIQUE_RANDOM_32_HEX>
- Add an A record in your DNS provider to point your domain to the VM public IP
| Record Name |
Type |
Value |
TTL |
| matrix.<YOUR_FQDN> |
A |
<VM_PUBLIC_IPV4_ADDRESS> |
300 |
Log in to Matrix using Element
- Access Element Web:
https://element.io
- Click Sign in -> Open Element web
- Click Sign in
- Enter your Matrix homeserver URL:
https://matrix.<YOUR_FQDN>
- Click Continue
- Enter your Matrix credentials:
- Username: admin
- Password: <MATRIX_ADMIN_PASSWORD>
- Click Sign in
- After successful authentication, you will be redirected back to Element and logged in
Set up Egress with RustFS
# VM
# Move to repository
cd WorkAdventure
# Generate random strings for .env values
openssl rand -hex 32
# Edit .env file
make decrypt
vi .env
make encrypt
# Restart server
make up-f
# Required
LIVEKIT_RECORDING_S3_ENDPOINT=http://rustfs-livekit:9000
LIVEKIT_RECORDING_S3_CDN_ENDPOINT=https://cdn-livekit.<YOUR_FQDN>
LIVEKIT_RECORDING_S3_ACCESS_KEY=<UNIQUE_RANDOM_64_HEX>
LIVEKIT_RECORDING_S3_SECRET_KEY=<UNIQUE_RANDOM_64_HEX>
LIVEKIT_RECORDING_S3_BUCKET=livekit-recordings
LIVEKIT_RECORDING_S3_REGION=ap-northeast-1
MAX_USERS_FOR_WEBRTC=0
- Add A records in your DNS provider to point your domain to the VM public IP
| Record Name |
Type |
Value |
TTL |
| cdn-livekit.<YOUR_FQDN> |
A |
<VM_PUBLIC_IPV4_ADDRESS> |
300 |
| rustfs-livekit.<YOUR_FQDN> |
A |
<VM_PUBLIC_IPV4_ADDRESS> |
300 |
- Access RustFS Console:
https://rustfs-livekit.<YOUR_FQDN>
- Enter your RustFS credentials:
- Username: <LIVEKIT_RECORDING_S3_ACCESS_KEY>
- Password: <LIVEKIT_RECORDING_S3_SECRET_KEY>
- Click Sign in
- After successful authentication, you will be logged in