olcrtc/docker

OlcRTC server Docker image

This image runs olcrtc in server mode. The server does not expose an inbound TCP port; it keeps outbound WebSocket/WebRTC connections to Telemost and relays client traffic through the room.

Build

docker build -t olcrtc/server:local .

For Podman:

podman build -t olcrtc/server:local .

Run

docker run -d \
  --name olcrtc-server \
  --restart unless-stopped \
  -e OLCRTC_ROOM_ID="your-room-id" \
  -e OLCRTC_KEY="64-hex-character-shared-key" \
  -v olcrtc-state:/var/lib/olcrtc \
  olcrtc/server:local

If OLCRTC_KEY is omitted, the entrypoint generates a 32-byte key, stores it in /var/lib/olcrtc/key.hex, and prints it once to the logs:

docker logs olcrtc-server

Use the same key on clients.

Compose

export OLCRTC_ROOM_ID="your-room-id"
export OLCRTC_KEY="64-hex-character-shared-key"
docker compose -f docker-compose.server.yml up -d --build

Optional environment variables:

• OLCRTC_DNS: DNS resolver for outbound TCP dials, default 1.1.1.1:53
• OLCRTC_DUO: set to true for two parallel WebRTC channels
• OLCRTC_DEBUG: set to true for verbose logs
• OLCRTC_KEY_FILE: persistent key path, default /var/lib/olcrtc/key.hex

Operational notes

• The container runs as a non-root olcrtc user.
• The runtime image includes CA certificates for Telemost HTTPS/WSS.
• The healthcheck verifies that the container's PID 1 is the olcrtc process.
• No EXPOSE is declared because server mode does not accept inbound traffic.