Complete reference for the bedrud command-line interface.
Synopsis
# Subcommand style
bedrud <command> [flags]
# Flag style
bedrud --livekit --config <path>
bedrud --run --config <path>Commands
run / server
Start the Bedrud meeting server with API, embedded web frontend, and embedded LiveKit (if configured).
bedrud run [--config <path>]
bedrud server [--config <path>]| Flag | Default | Description |
|---|---|---|
--config | $CONFIG_PATH env var → "config.yaml" | Path to Bedrud YAML config file |
Behavior:
- Loads config from specified path or defaults
- Starts embedded LiveKit if configured for internal mode
- Initializes SQLite/PostgreSQL database and runs migrations
- Creates Fiber HTTP server with all API routes
- Serves embedded React frontend
- Supports ACME (Let’s Encrypt), self-signed TLS, manual TLS, or plain HTTP
- Graceful shutdown on SIGTERM/SIGINT
Implementation: server/internal/server/server.go
--livekit
Start the embedded LiveKit media server only. Extracts binary from Go embed to a temporary directory.
bedrud --livekit --config <path>| Flag | Default | Description |
|---|---|---|
--config | (required) | Path to LiveKit YAML config file |
Used by: systemd livekit.service created by bedrud install
Implementation: server/internal/livekit/server.go
--run
Alias for bedrud run with same --config flag behavior. Used by systemd bedrud.service.
bedrud --run --config <path>install
Install Bedrud on a Debian/Linux system. Creates systemd services, config files, directories, and TLS certificates.
bedrud install [flags]| Flag | Default | Description |
|---|---|---|
--tls | false | Enable HTTPS (same as --self-signed) |
--self-signed | false | Generate self-signed TLS certificate |
--no-tls | false | Disable TLS entirely (plain HTTP). Overrides --tls and --self-signed |
--ip | auto-detected | Override auto-detected server IP address |
--domain | "" | Domain name for Let’s Encrypt or self-signed cert |
--email | "" | Email for Let’s Encrypt registration |
--port | "443" (TLS) / "8090" (HTTP) | Override listening port |
--cert | "" | Path to existing PEM certificate file |
--key | "" | Path to existing PEM private key file |
--lk-port | "7880" | Override LiveKit API/WebSocket port |
--lk-tcp-port | "7881" | Override LiveKit RTC TCP port |
--lk-udp-port | "7882" | Override LiveKit RTC UDP port |
--fresh | false | Remove existing installation before installing |
--behind-proxy | false | Server is behind CDN/reverse-proxy (Cloudflare, nginx) |
--external-livekit | "" | URL of fully external LiveKit server (different machine) |
--livekit-domain | "" | Separate domain for local LiveKit server (bypasses CDN) |
What it does:
- Stops and removes prior installation if
--fresh - Prompts for IP, domain, email, TLS mode (if non-interactive and flags not provided)
- Creates directories:
/etc/bedrud,/var/lib/bedrud,/var/lib/bedrud/certs,/var/log/bedrud - Copies binary to
/usr/local/bin/bedrud - Generates Bedrud server config at
/etc/bedrud/config.yaml - Generates LiveKit media server config at
/etc/bedrud/livekit.yaml - Generates self-signed certs at
/etc/bedrud/cert.pem+/etc/bedrud/key.pem(if TLS enabled and no custom certs) - Creates systemd
livekit.service(unless using external LiveKit) - Creates systemd
bedrud.service - Runs
systemctl daemon-reload, enables, and starts both services - Prints access URLs
TLS options:
--domain+--email→ ACME (Let’s Encrypt)--self-signedor--tls→ self-signed certificate--cert+--key→ custom certificates--no-tls→ plain HTTP only
LiveKit topology:
- Default (embedded): LiveKit runs locally, proxied through Bedrud at
/livekit --livekit-domain: LiveKit runs locally but clients connect directly via its own domain--external-livekit: No local LiveKit; connects to remote server
Implementation: server/internal/install/debian.go
Related docs: Installation Guide • Deployment Guide • Backend Deployment Logic
uninstall
Remove Bedrud from the system.
bedrud uninstallRemoves:
- Stops and disables systemd services:
bedrud,livekit - Removes systemd unit files from
/etc/systemd/system/ - Removes binary:
/usr/local/bin/bedrud,/tmp/bedrud,/tmp/bedrud-livekit-server - Removes directories:
/etc/bedrud,/var/lib/bedrud,/var/log/bedrud
Implementation: server/internal/install/debian.go
Related docs: Installation Guide - Uninstalling
user
Manage users in the Bedrud database.
bedrud user <subcommand> [--config <path>] <flags>| Global Flag | Default | Description |
|---|---|---|
--config | /etc/bedrud/config.yaml | Path to Bedrud config file (to locate database) |
create
Create a new user with local authentication (bcrypt hashed password).
bedrud user create --email <email> --password <password> --name <name>Required flags:
--email: User email address--password: User password, hashed with bcrypt before storage--name: User display name
Access level: user (not superadmin). Use promote to grant admin rights.
delete
Delete a user by email address.
bedrud user delete --email <email>promote
Grant superadmin access to a user.
bedrud user promote --email <email>demote
Remove superadmin access from a user (reverts to user level).
bedrud user demote --email <email>Implementation: server/internal/usercli/usercli.go
help
Show usage message with all commands and flags.
bedrud helpAlso triggered when no arguments are provided. Displays the printUsage() output.
Examples
Basic dev server start
# Run with default config.yaml in current directory
bedrud run
# Run with custom config
bedrud run --config /path/to/config.yaml
# Via env var (fallback)
export CONFIG_PATH=/etc/bedrud/config.yaml
bedrud runInteractive installation (prompts for inputs)
bedrud installNon-interactive installation with Let’s Encrypt
bedrud install --domain example.com --email admin@example.comSelf-signed TLS with custom ports
bedrud install --self-signed --port 8443 --lk-port 7880 --lk-tcp-port 7881 --lk-udp-port 7882Behind CDN with separate LiveKit domain
bedrud install --domain bedrud.example.com --email admin@example.com --livekit-domain lk.example.com --behind-proxyFresh reinstall
bedrud install --fresh --domain example.com --email admin@example.comUser management
# Create first admin user
bedrud user create --email admin@example.com --password secret123 --name "Admin User"
# Grant superadmin access
bedrud user promote --email admin@example.com
# Create regular user
bedrud user create --email user@example.com --password pass456 --name "Regular User"
# Remove a user
bedrud user delete --email user@example.com
# Remove admin access
bedrud user demote --email admin@example.comRelated Documentation
- Installation Guide - Detailed
bedrud installwalkthrough, TLS topologies, post-install steps - Configuration Reference - Server and LiveKit config file structure
- Backend Deployment Logic - How
installanduninstallwork internally - Deployment Guide - Full deployment options including systemd services