docs: document /get_token nginx proxy and NPM override risk

LXC 139 NPM proxy host 49 now proxies both /sfu/get and /get_token to lk-jwt-service (port 8070). Note that re-saving via NPM UI will overwrite the conf and require re-adding the location blocks. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-23 20:32:28 -04:00
parent 30bb0e5748
commit b609497179
1 changed files with 2 additions and 1 deletions
@@ -67,7 +67,7 @@ matrix/
 - coturn config: `/etc/turnserver.conf`
 - LiveKit config: `/etc/livekit/config.yaml`
 - LiveKit service: `livekit-server.service`
- lk-jwt-service: `lk-jwt-service.service` (binds `:8070`, serves JWT tokens for MatrixRTC)
+- lk-jwt-service: `lk-jwt-service.service` (binds `:8070`, serves JWT tokens for MatrixRTC at `/sfu/get` and legacy `/get_token`)
 - Hookshot: `/opt/hookshot/`, service: `matrix-hookshot.service`
 - Hookshot config: `/opt/hookshot/config.yml`
 - Hookshot registration: `/etc/matrix-synapse/hookshot-registration.yaml`
@@ -299,6 +299,7 @@ Webhook URL format: `https://matrix.lotusguild.org/webhook/<uuid>`
 - JS transformation functions use hookshot v2 API: `result = { version: "v2", plain, html, msgtype }`
 - The `result` variable must be assigned without `var`/`let`/`const` (QuickJS IIFE sandbox)
 - NPM proxies `https://matrix.lotusguild.org/webhook/*` → `http://10.10.10.29:9003`
+- NPM proxies `/sfu/get` and `/get_token` → `http://10.10.10.29:8070` (lk-jwt-service). Both paths are in `/data/nginx/proxy_host/49.conf` on LXC 139 — **NPM will overwrite these if proxy host 49 is re-saved via the UI; re-add both location blocks after any NPM save**
 - Proxmox sends Discord embed format: `data.embeds[0].{title,description,fields}` — NOT flat fields
 - Transform functions are stored as Matrix room state (`uk.half-shot.matrix-hookshot.generic.hook`) and deployed via `hookshot/deploy.sh`