RTCD Setup and Configuration¶

Available on Enterprise and Enterprise Advanced plans

This guide provides detailed instructions for setting up, configuring, and validating a Mattermost Calls deployment using the dedicated RTCD service.

Prerequisites¶

Before deploying RTCD, ensure you have:

A Mattermost Enterprise license
A server or VM with sufficient CPU and network capacity (see the Performance section for sizing guidance)

Network Requirements¶

The following network connectivity is required:

Service	Ports	Protocols	Source	Target	Purpose
API (Calls plugin)	80,443	TCP (incoming)	Mattermost clients (web/desktop/mobile)	Mattermost instance (Calls plugin)	To allow for HTTP and WebSocket connectivity from clients to Calls plugin. This API is exposed on the same connection as Mattermost, so there's likely no need to change anything.
RTC (Calls plugin or `rtcd`)	8443	UDP (incoming)	Mattermost clients (Web/Desktop/Mobile) and calls-offloader	Mattermost instance or `rtcd` service	To allow clients to establish connections that transport calls related media (e.g. audio, video). This should be open on any network component (e.g. NAT, firewalls) in between the instance running the plugin (or `rtcd`) and the clients joining calls so that UDP traffic is correctly routed both ways (from/to clients).
RTC (Calls plugin or `rtcd`)	8443	TCP (incoming)	Mattermost clients (Web/Desktop/Mobile) and calls-offloader	Mattermost instance or `rtcd` service	To allow clients to establish connections that transport calls related media (e.g. audio, video). This should be open on any network component (e.g. NAT, firewalls) in between the instance running the plugin (or `rtcd`) and the clients joining calls so that TCP traffic is correctly routed both ways (from/to clients). This can be used as a backup channel in case clients are unable to connect using UDP. It requires `rtcd` version >= v0.11 and Calls version >= v0.17.
API (`rtcd`)	8045	TCP (incoming)	Mattermost instance(s) (Calls plugin)	`rtcd` service	To allow for HTTP/WebSocket connectivity from Calls plugin to `rtcd` service. Can be expose internally as the service only needs to be reachable by the instance(s) running the Mattermost server.
STUN (Calls plugin or `rtcd`)	3478	UDP (outgoing)	Mattermost Instance(s) (Calls plugin) or `rtcd` service	Configured STUN servers	(Optional) To allow for either Calls plugin or `rtcd` service to discover their instance public IP. Only needed if configuring STUN/TURN servers. This requirement does not apply when manually setting an IP or hostname through the ICE Host Override config option.

Installation and Deployment¶

There are multiple ways to deploy RTCD, depending on your environment. We recommend the following order based on production readiness and operational control:

Bare Metal or VM Deployment (Recommended)¶

This is the recommended deployment method for non-Kubernetes production environments as it provides the best performance and operational control. For Kubernetes deployments, see the Calls Deployment on Kubernetes guide.

Download and install the RTCD binary:

Download the latest release from the RTCD GitHub repository:

# Create the RTCD directory structure
sudo mkdir -p /opt/rtcd

# Download the latest RTCD binary (adjust URL for your architecture)
# For Linux x86_64:
wget https://github.com/mattermost/rtcd/releases/latest/download/rtcd-linux-amd64

# Make the binary executable and move it to the installation directory
chmod +x rtcd-linux-amd64
sudo mv rtcd-linux-amd64 /opt/rtcd/rtcd

Note

Replace rtcd-linux-amd64 with the appropriate binary for your system architecture (e.g., rtcd-linux-arm64 for ARM64 systems). The binary should be placed at /opt/rtcd/rtcd as this is the expected location referenced in systemd service files and other documentation.

Create a configuration file (/opt/rtcd/rtcd.toml):

Mattermost recommends using the official config.sample.toml as a starting point. Download this file and use it as your base configuration.

Create a dedicated user for the RTCD service:

sudo useradd --system --no-create-home --shell /bin/false mattermost

Create the data directory and set ownership:

sudo mkdir -p /opt/rtcd/data/db
sudo chown -R mattermost:mattermost /opt/rtcd

Create a systemd service file (/etc/systemd/system/rtcd.service):

[Unit]
Description=Mattermost RTCD Server
After=network.target

[Service]
Type=simple
User=mattermost
Group=mattermost
ExecStart=/opt/rtcd/rtcd --config /opt/rtcd/rtcd.toml
Restart=always
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable rtcd
sudo systemctl start rtcd

Check the service status:
```
sudo systemctl status rtcd
```

Docker Deployment¶

Docker deployment is suitable for development, testing, or containerized production environments:

Run the RTCD container with basic configuration:
```
docker run -d --name rtcd \
  -e "RTCD_LOGGER_ENABLEFILE=true" \
  -p 8443:8443/udp \
  -p 8443:8443/tcp \
  -p 8045:8045/tcp \
  mattermost/rtcd:latest
```
Note

If you optionally use the RTCD_API_SECURITY_ALLOWSELFREGISTRATION setting, please note that it defaults to false. If enabled, it allows anyone who can connect to the service on the API port (8045) to successfully initiate calls. Understand the security implications of this setting before enabling it.

For debugging purposes, you can enable more detailed logging:

docker run -d --name rtcd \
  -e "RTCD_LOGGER_ENABLEFILE=true" \
  -e "RTCD_LOGGER_CONSOLELEVEL=DEBUG" \
  -p 8443:8443/udp \
  -p 8443:8443/tcp \
  -p 8045:8045/tcp \
  mattermost/rtcd:latest

To view the logs:

docker logs -f rtcd

You can also use a mounted configuration file instead of environment variables:

docker run -d --name rtcd \
  -p 8045:8045 \
  -p 8443:8443/udp \
  -p 8443:8443/tcp \
  -v /path/to/config.toml:/rtcd/config/config.toml \
  mattermost/rtcd:latest

For a complete sample configuration file, see the RTCD config.sample.toml in the official repository.

Kubernetes Deployment¶

For detailed information on deploying RTCD in Kubernetes environments, including Helm chart configurations, resource requirements, and scaling considerations, see the Calls Deployment on Kubernetes guide.

Configuration¶

RTCD Configuration File¶

The RTCD service uses a TOML configuration file. Mattermost recommends using the official config.sample.toml as your base configuration file.

Note

A notable setting to be aware of is ice_host_override under the [rtc] section. You may need to configure this setting explicitly, particularly when RTCD is deployed behind NAT, in complex network topologies, or when automatic address discovery via STUN is unreliable. Setting ice_host_override directly to your server’s public IP address or hostname is the preferred approach.

TURN Configuration¶

For clients behind strict firewalls, you may need to configure TURN servers. In the RTCD configuration file, reference your TURN servers as follows:

[rtc]
# TURN server configuration
   ice_servers = [
     { urls = ["turn:turn.example.com:3478"], username = "turnuser", credential = "turnpassword" }
   ]

We recommend using coturn for your TURN server implementation.

System Tuning¶

For high-volume deployments, tune your Linux system:

Add the following to /etc/sysctl.conf:

# Increase UDP buffer sizes
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.optmem_max = 16777216

Apply the settings:
```
sudo sysctl -p
```

Validation and Testing¶

After deploying RTCD, validate the installation:

Check service status and version:

curl http://YOUR_RTCD_SERVER:8045/version
# Should return a JSON object with service information
# Example: {"build_hash":"abc123","build_date":"2023-01-15T12:00:00Z","build_version":"0.11.0","goVersion":"go1.20.4"}

Test UDP connectivity:

Before testing, ensure the RTCD service is stopped, as it binds to the same port.
```
sudo systemctl stop rtcd
```
On the RTCD server:
```
nc -l -u -p 8443
```
On a client machine:
```
nc -v -u YOUR_RTCD_SERVER 8443
```
Type a message and hit Enter on either side. If messages are received on both ends, UDP connectivity is working.
Test TCP connectivity (if enabled):

Similar to the UDP test, but remove the -u flag from both commands.
Monitor metrics:

Refer to Calls Metrics and Monitoring for setting up Calls metrics and monitoring.

Horizontal Scaling¶

To scale RTCD horizontally:

Deploy multiple RTCD instances:

Deploy multiple RTCD servers, each with their own unique IP address.

Configure DNS-based load balancing:

Set up a DNS record that points to multiple RTCD IP addresses:

rtcd.example.com.    IN A    10.0.0.1
rtcd.example.com.    IN A    10.0.0.2
rtcd.example.com.    IN A    10.0.0.3

Configure health checks:

Set up health checks to automatically remove unhealthy RTCD instances from DNS.
Configure Mattermost:

In the Mattermost System Console, set the RTCD Service URL to your DNS name (e.g., rtcd.example.com).

The Mattermost Calls plugin will distribute calls among the available RTCD hosts. Remember that a single call will always be hosted on one RTCD instance; sessions belonging to the same call are not spread across different instances.

Integration with Mattermost¶

Once RTCD is properly set up and validated, configure Mattermost to use it:

Go to System Console > Plugins > Calls
Enable the Enable RTCD Service option
Set the RTCD Service URL to your RTCD service address (either a single server or DNS load-balanced hostname). Ensure you provide any generated credentials formulated in the URI (e.g., http://clientID:authKey@rtcd.local). For detailed capability/credential configuration, reference the RTCD Service URL documentation.
Save the configuration
Test by creating a new call in any Mattermost channel
Verify that the call is being routed through RTCD by checking the RTCD logs and metrics