Merge branch 'feature/jitsi'
This commit is contained in:
commit
fd6e6aa141
20 changed files with 824 additions and 7 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
||||||
*.retry
|
*.retry
|
||||||
.git_old/
|
.git_old/
|
||||||
debug/gladdrinfo
|
debug/gladdrinfo
|
||||||
|
*.swp
|
||||||
|
|
|
@ -36,12 +36,12 @@ defaultEntryPoints = ["http", "https"]
|
||||||
dashboard = true
|
dashboard = true
|
||||||
|
|
||||||
[consul]
|
[consul]
|
||||||
endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500"
|
endpoint = "172.17.0.1:8500"
|
||||||
watch = true
|
watch = true
|
||||||
prefix = "traefik"
|
prefix = "traefik"
|
||||||
|
|
||||||
[consulCatalog]
|
[consulCatalog]
|
||||||
endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500"
|
endpoint = "172.17.0.1:8500"
|
||||||
prefix = "traefik"
|
prefix = "traefik"
|
||||||
domain = "web.deuxfleurs.fr"
|
domain = "web.deuxfleurs.fr"
|
||||||
exposedByDefault = false
|
exposedByDefault = false
|
||||||
|
|
8
docker/jitsi/01_gen_certs.yml
Normal file
8
docker/jitsi/01_gen_certs.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
jitsi-xmpp:
|
||||||
|
build: ./jitsi-xmpp
|
||||||
|
command: ["/usr/local/bin/xmpp_gen"]
|
||||||
|
volumes: [ './jitsi-certs/:/certs:rw' ]
|
||||||
|
env_file: [ 'dev.env' ]
|
||||||
|
|
36
docker/jitsi/02_run.yml
Normal file
36
docker/jitsi/02_run.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
jitsi-xmpp:
|
||||||
|
build: ./jitsi-xmpp
|
||||||
|
image: superboum/amd64_jitsi_xmpp:v1
|
||||||
|
network_mode: host
|
||||||
|
ports:
|
||||||
|
- "5222:5222"
|
||||||
|
- "5347:5347"
|
||||||
|
- "5280:5280"
|
||||||
|
env_file: [ 'dev.env' ]
|
||||||
|
volumes: [ './jitsi-certs/:/certs:ro' ]
|
||||||
|
jitsi-front:
|
||||||
|
build: ./jitsi-front
|
||||||
|
image: superboum/amd64_jitsi_front:v1
|
||||||
|
network_mode: host
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
env_file: [ 'dev.env' ]
|
||||||
|
volumes: [ './jitsi-certs/:/certs:ro' ]
|
||||||
|
jitsi-conference-focus:
|
||||||
|
build: ./jitsi-conference-focus
|
||||||
|
image: superboum/amd64_jitsi_conference_focus:v1
|
||||||
|
network_mode: host
|
||||||
|
env_file: [ 'dev.env' ]
|
||||||
|
volumes: [ './jitsi-certs/:/certs:ro' ]
|
||||||
|
jitsi-videobridge:
|
||||||
|
build: ./jitsi-videobridge
|
||||||
|
image: superboum/amd64_jitsi_videobridge:v1
|
||||||
|
network_mode: host
|
||||||
|
ports:
|
||||||
|
- "4443:4443"
|
||||||
|
- "10000:10000/udp"
|
||||||
|
env_file: [ 'dev.env' ]
|
||||||
|
volumes: [ './jitsi-certs/:/certs:ro' ]
|
||||||
|
|
26
docker/jitsi/README.md
Normal file
26
docker/jitsi/README.md
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
|
||||||
|
|
||||||
|
To build images:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose -f 02_run.yml build
|
||||||
|
```
|
||||||
|
|
||||||
|
To gen the certs:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose -f 01_gen_certs.yml up --force-recreate
|
||||||
|
```
|
||||||
|
|
||||||
|
To run the stack:
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose -f 02_run.yml up --force-recreate
|
||||||
|
```
|
||||||
|
|
||||||
|
To push the stack on the docker registry:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose -f 02_run.yml push
|
||||||
|
```
|
9
docker/jitsi/dev.env
Normal file
9
docker/jitsi/dev.env
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
|
||||||
|
JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
|
||||||
|
JITSI_SECRET_JICOFO_USER=S3CR3T03
|
||||||
|
JITSI_PROSODY_BOSH_PORT=5280
|
||||||
|
JITSI_PROSODY_BOSH_HOST=127.0.0.1
|
||||||
|
JITSI_PROSODY_HOST=127.0.0.1
|
||||||
|
JITSI_CERTS_FOLDER=/certs/
|
||||||
|
JITSI_NAT_PUBLIC_IP=77.204.7.239
|
||||||
|
JITSI_NAT_LOCAL_IP=192.168.0.18
|
2
docker/jitsi/jitsi-certs/.gitignore
vendored
Normal file
2
docker/jitsi/jitsi-certs/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
*
|
||||||
|
!.gitignore
|
22
docker/jitsi/jitsi-conference-focus/Dockerfile
Normal file
22
docker/jitsi/jitsi-conference-focus/Dockerfile
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jdk maven git unzip && \
|
||||||
|
git clone --depth=1 https://github.com/jitsi/jicofo.git && \
|
||||||
|
cd jicofo && \
|
||||||
|
mvn package -DskipTests -Dassembly.skipAssembly=false
|
||||||
|
|
||||||
|
RUN cd jicofo && \
|
||||||
|
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||||
|
mv jicofo-1.1-SNAPSHOT /srv/jicofo
|
||||||
|
|
||||||
|
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jdk ca-certificates
|
||||||
|
|
||||||
|
COPY --from=builder /srv/jicofo /srv/jicofo
|
||||||
|
COPY jicofo /usr/local/bin/jicofo
|
||||||
|
|
||||||
|
CMD ["/usr/local/bin/jicofo"]
|
16
docker/jitsi/jitsi-conference-focus/jicofo
Executable file
16
docker/jitsi/jitsi-conference-focus/jicofo
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
|
||||||
|
update-ca-certificates -f
|
||||||
|
|
||||||
|
cat >> /etc/hosts <<EOF
|
||||||
|
${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
|
||||||
|
127.0.0.1 `hostname`
|
||||||
|
EOF
|
||||||
|
|
||||||
|
/srv/jicofo/jicofo.sh \
|
||||||
|
--host=${JITSI_PROSODY_HOST} \
|
||||||
|
--domain=jitsi.deuxfleurs.fr \
|
||||||
|
--secret=${JITSI_SECRET_JICOFO_COMPONENT} \
|
||||||
|
--user_domain=auth.jitsi.deuxfleurs.fr \
|
||||||
|
--user_password=${JITSI_SECRET_JICOFO_USER}
|
20
docker/jitsi/jitsi-front/Dockerfile
Normal file
20
docker/jitsi/jitsi-front/Dockerfile
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y npm git nodejs make && \
|
||||||
|
git clone --depth=1 https://github.com/jitsi/jitsi-meet.git && \
|
||||||
|
cd jitsi-meet && \
|
||||||
|
npm install && \
|
||||||
|
make
|
||||||
|
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y nginx && \
|
||||||
|
rm /etc/nginx/sites-enabled/*
|
||||||
|
|
||||||
|
COPY config.js /srv/jitsi-meet/config.js
|
||||||
|
COPY entrypoint.sh /usr/local/bin/entrypoint
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||||
|
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
|
517
docker/jitsi/jitsi-front/config.js
Normal file
517
docker/jitsi/jitsi-front/config.js
Normal file
|
@ -0,0 +1,517 @@
|
||||||
|
/* eslint-disable no-unused-vars, no-var */
|
||||||
|
|
||||||
|
var config = {
|
||||||
|
// Connection
|
||||||
|
//
|
||||||
|
|
||||||
|
hosts: {
|
||||||
|
// XMPP domain.
|
||||||
|
domain: 'jitsi.deuxfleurs.fr',
|
||||||
|
|
||||||
|
// When using authentication, domain for guest users.
|
||||||
|
// anonymousdomain: 'guest.example.com',
|
||||||
|
|
||||||
|
// Domain for authenticated users. Defaults to <domain>.
|
||||||
|
// authdomain: 'jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// Jirecon recording component domain.
|
||||||
|
// jirecon: 'jirecon.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// Call control component (Jigasi).
|
||||||
|
// call_control: 'callcontrol.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// Focus component domain. Defaults to focus.<domain>.
|
||||||
|
// focus: 'focus.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||||
|
muc: 'conference.jitsi.deuxfleurs.fr'
|
||||||
|
},
|
||||||
|
|
||||||
|
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||||
|
bosh: '//jitsi.deuxfleurs.fr/http-bind',
|
||||||
|
|
||||||
|
// Websocket URL
|
||||||
|
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
|
||||||
|
|
||||||
|
// The name of client node advertised in XEP-0115 'c' stanza
|
||||||
|
clientNode: 'http://jitsi.org/jitsimeet',
|
||||||
|
|
||||||
|
// The real JID of focus participant - can be overridden here
|
||||||
|
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
|
||||||
|
// Testing / experimental features.
|
||||||
|
//
|
||||||
|
|
||||||
|
testing: {
|
||||||
|
// Enables experimental simulcast support on Firefox.
|
||||||
|
enableFirefoxSimulcast: false,
|
||||||
|
|
||||||
|
// P2P test mode disables automatic switching to P2P when there are 2
|
||||||
|
// participants in the conference.
|
||||||
|
p2pTestMode: false
|
||||||
|
|
||||||
|
// Enables the test specific features consumed by jitsi-meet-torture
|
||||||
|
// testMode: false
|
||||||
|
|
||||||
|
// Disables the auto-play behavior of *all* newly created video element.
|
||||||
|
// This is useful when the client runs on a host with limited resources.
|
||||||
|
// noAutoPlayVideo: false
|
||||||
|
},
|
||||||
|
|
||||||
|
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceUdpDisable: false,
|
||||||
|
|
||||||
|
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceTcpDisable: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Media
|
||||||
|
//
|
||||||
|
|
||||||
|
// Audio
|
||||||
|
|
||||||
|
// Disable measuring of audio levels.
|
||||||
|
// disableAudioLevels: false,
|
||||||
|
// audioLevelsInterval: 200,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||||
|
// will notify the user if the current selected microphone has no audio
|
||||||
|
// input and will suggest another valid device if one is present.
|
||||||
|
enableNoAudioDetection: true,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||||
|
// notify the user if there is noise, other than voice, coming from the current
|
||||||
|
// selected microphone. The purpose it to let the user know that the input could
|
||||||
|
// be potentially unpleasant for other meeting participants.
|
||||||
|
enableNoisyMicDetection: true,
|
||||||
|
|
||||||
|
// Start the conference in audio only mode (no video is being received nor
|
||||||
|
// sent).
|
||||||
|
// startAudioOnly: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start audio muted.
|
||||||
|
// startAudioMuted: 10,
|
||||||
|
|
||||||
|
// Start calls with audio muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithAudioMuted: false,
|
||||||
|
|
||||||
|
// Enabling it (with #params) will disable local audio output of remote
|
||||||
|
// participants and to enable it back a reload is needed.
|
||||||
|
// startSilent: false
|
||||||
|
|
||||||
|
// Video
|
||||||
|
|
||||||
|
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||||
|
// resolution: 720,
|
||||||
|
|
||||||
|
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||||
|
// used by browsers that return true from lib-jitsi-meet's
|
||||||
|
// util#browser#usesNewGumFlow. The constraints are independency from
|
||||||
|
// this config's resolution value. Defaults to requesting an ideal aspect
|
||||||
|
// ratio of 16:9 with an ideal resolution of 720.
|
||||||
|
// constraints: {
|
||||||
|
// video: {
|
||||||
|
// aspectRatio: 16 / 9,
|
||||||
|
// height: {
|
||||||
|
// ideal: 720,
|
||||||
|
// max: 720,
|
||||||
|
// min: 240
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Enable / disable simulcast support.
|
||||||
|
// disableSimulcast: false,
|
||||||
|
|
||||||
|
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||||
|
// layers are not in use will be suspended (no longer sent) until they
|
||||||
|
// are requested again.
|
||||||
|
// enableLayerSuspension: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start video muted.
|
||||||
|
// startVideoMuted: 10,
|
||||||
|
|
||||||
|
// Start calls with video muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithVideoMuted: false,
|
||||||
|
|
||||||
|
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||||
|
// Note that it's not recommended to do this because simulcast is not
|
||||||
|
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||||
|
// default and can be toggled in the p2p section.
|
||||||
|
// preferH264: true,
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// Desktop sharing
|
||||||
|
|
||||||
|
// The ID of the jidesha extension for Chrome.
|
||||||
|
desktopSharingChromeExtId: null,
|
||||||
|
|
||||||
|
// Whether desktop sharing should be disabled on Chrome.
|
||||||
|
// desktopSharingChromeDisabled: false,
|
||||||
|
|
||||||
|
// The media sources to use when using screen sharing with the Chrome
|
||||||
|
// extension.
|
||||||
|
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
|
||||||
|
|
||||||
|
// Required version of Chrome extension
|
||||||
|
desktopSharingChromeMinExtVersion: '0.1',
|
||||||
|
|
||||||
|
// Whether desktop sharing should be disabled on Firefox.
|
||||||
|
// desktopSharingFirefoxDisabled: false,
|
||||||
|
|
||||||
|
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||||
|
// desktopSharingFrameRate: {
|
||||||
|
// min: 5,
|
||||||
|
// max: 5
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Try to start calls with screen-sharing instead of camera video.
|
||||||
|
// startScreenSharing: false,
|
||||||
|
|
||||||
|
// Recording
|
||||||
|
|
||||||
|
// Whether to enable file recording or not.
|
||||||
|
// fileRecordingsEnabled: false,
|
||||||
|
// Enable the dropbox integration.
|
||||||
|
// dropbox: {
|
||||||
|
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||||
|
// // A URL to redirect the user to, after authenticating
|
||||||
|
// // by default uses:
|
||||||
|
// // 'https://jitsi-meet.example.com/static/oauth.html'
|
||||||
|
// redirectURI:
|
||||||
|
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
|
||||||
|
// },
|
||||||
|
// When integrations like dropbox are enabled only that will be shown,
|
||||||
|
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||||
|
// and the generic recording service (its configuration and storage type
|
||||||
|
// depends on jibri configuration)
|
||||||
|
// fileRecordingsServiceEnabled: false,
|
||||||
|
// Whether to show the possibility to share file recording with other people
|
||||||
|
// (e.g. meeting participants), based on the actual implementation
|
||||||
|
// on the backend.
|
||||||
|
// fileRecordingsServiceSharingEnabled: false,
|
||||||
|
|
||||||
|
// Whether to enable live streaming or not.
|
||||||
|
// liveStreamingEnabled: false,
|
||||||
|
|
||||||
|
// Transcription (in interface_config,
|
||||||
|
// subtitles and buttons can be configured)
|
||||||
|
// transcribingEnabled: false,
|
||||||
|
|
||||||
|
// Enables automatic turning on captions when recording is started
|
||||||
|
// autoCaptionOnRecord: false,
|
||||||
|
|
||||||
|
// Misc
|
||||||
|
|
||||||
|
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||||
|
channelLastN: -1,
|
||||||
|
|
||||||
|
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||||
|
// disableRtx: false,
|
||||||
|
|
||||||
|
// Disables or enables TCC (the default is in Jicofo and set to true)
|
||||||
|
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
|
||||||
|
// affects congestion control, it practically enables send-side bandwidth
|
||||||
|
// estimations.
|
||||||
|
// enableTcc: true,
|
||||||
|
|
||||||
|
// Disables or enables REMB (the default is in Jicofo and set to false)
|
||||||
|
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
|
||||||
|
// control, it practically enables recv-side bandwidth estimations. When
|
||||||
|
// both TCC and REMB are enabled, TCC takes precedence. When both are
|
||||||
|
// disabled, then bandwidth estimations are disabled.
|
||||||
|
// enableRemb: false,
|
||||||
|
|
||||||
|
// Defines the minimum number of participants to start a call (the default
|
||||||
|
// is set in Jicofo and set to 2).
|
||||||
|
// minParticipants: 2,
|
||||||
|
|
||||||
|
// Use XEP-0215 to fetch STUN and TURN servers.
|
||||||
|
// useStunTurn: true,
|
||||||
|
|
||||||
|
// Enable IPv6 support.
|
||||||
|
// useIPv6: true,
|
||||||
|
|
||||||
|
// Enables / disables a data communication channel with the Videobridge.
|
||||||
|
// Values can be 'datachannel', 'websocket', true (treat it as
|
||||||
|
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
|
||||||
|
// open any channel).
|
||||||
|
// openBridgeChannel: true,
|
||||||
|
|
||||||
|
|
||||||
|
// UI
|
||||||
|
//
|
||||||
|
|
||||||
|
// Use display name as XMPP nickname.
|
||||||
|
// useNicks: false,
|
||||||
|
|
||||||
|
// Require users to always specify a display name.
|
||||||
|
// requireDisplayName: true,
|
||||||
|
|
||||||
|
// Whether to use a welcome page or not. In case it's false a random room
|
||||||
|
// will be joined when no room is specified.
|
||||||
|
enableWelcomePage: true,
|
||||||
|
|
||||||
|
// Enabling the close page will ignore the welcome page redirection when
|
||||||
|
// a call is hangup.
|
||||||
|
// enableClosePage: false,
|
||||||
|
|
||||||
|
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||||
|
// disable1On1Mode: false,
|
||||||
|
|
||||||
|
// Default language for the user interface.
|
||||||
|
// defaultLanguage: 'en',
|
||||||
|
|
||||||
|
// If true all users without a token will be considered guests and all users
|
||||||
|
// with token will be considered non-guests. Only guests will be allowed to
|
||||||
|
// edit their profile.
|
||||||
|
enableUserRolesBasedOnToken: false,
|
||||||
|
|
||||||
|
// Whether or not some features are checked based on token.
|
||||||
|
// enableFeaturesBasedOnToken: false,
|
||||||
|
|
||||||
|
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
|
||||||
|
// lockRoomGuestEnabled: false,
|
||||||
|
|
||||||
|
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||||
|
// roomPasswordNumberOfDigits: 10,
|
||||||
|
// default: roomPasswordNumberOfDigits: false,
|
||||||
|
|
||||||
|
// Message to show the users. Example: 'The service will be down for
|
||||||
|
// maintenance at 01:00 AM GMT,
|
||||||
|
// noticeMessage: '',
|
||||||
|
|
||||||
|
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||||
|
// and microsoftApiApplicationClientID
|
||||||
|
// enableCalendarIntegration: false,
|
||||||
|
|
||||||
|
// Stats
|
||||||
|
//
|
||||||
|
|
||||||
|
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||||
|
// This can be useful for debugging purposes (post-processing/analysis of
|
||||||
|
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||||
|
// estimation tests.
|
||||||
|
// gatherStats: false,
|
||||||
|
|
||||||
|
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||||
|
// pcStatsInterval: 10000,
|
||||||
|
|
||||||
|
// To enable sending statistics to callstats.io you must provide the
|
||||||
|
// Application ID and Secret.
|
||||||
|
// callStatsID: '',
|
||||||
|
// callStatsSecret: '',
|
||||||
|
|
||||||
|
// enables sending participants display name to callstats
|
||||||
|
// enableDisplayNameInStats: false
|
||||||
|
|
||||||
|
// enables sending participants email if available to callstats and other analytics
|
||||||
|
// enableEmailInStats: false
|
||||||
|
|
||||||
|
// Privacy
|
||||||
|
//
|
||||||
|
|
||||||
|
// If third party requests are disabled, no other server will be contacted.
|
||||||
|
// This means avatars will be locally generated and callstats integration
|
||||||
|
// will not function.
|
||||||
|
// disableThirdPartyRequests: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||||
|
//
|
||||||
|
|
||||||
|
p2p: {
|
||||||
|
// Enables peer to peer mode. When enabled the system will try to
|
||||||
|
// establish a direct connection when there are exactly 2 participants
|
||||||
|
// in the room. If that succeeds the conference will stop sending data
|
||||||
|
// through the JVB and use the peer to peer connection instead. When a
|
||||||
|
// 3rd participant joins the conference will be moved back to the JVB
|
||||||
|
// connection.
|
||||||
|
enabled: true,
|
||||||
|
|
||||||
|
// Use XEP-0215 to fetch STUN and TURN servers.
|
||||||
|
// useStunTurn: true,
|
||||||
|
|
||||||
|
// The STUN servers that will be used in the peer to peer connections
|
||||||
|
stunServers: [
|
||||||
|
|
||||||
|
// { urls: 'stun:jitsi-meet.example.com:443' },
|
||||||
|
{ urls: 'stun:stun.l.google.com:19302' },
|
||||||
|
{ urls: 'stun:stun1.l.google.com:19302' },
|
||||||
|
{ urls: 'stun:stun2.l.google.com:19302' }
|
||||||
|
],
|
||||||
|
|
||||||
|
// Sets the ICE transport policy for the p2p connection. At the time
|
||||||
|
// of this writing the list of possible values are 'all' and 'relay',
|
||||||
|
// but that is subject to change in the future. The enum is defined in
|
||||||
|
// the WebRTC standard:
|
||||||
|
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||||
|
// If not set, the effective value is 'all'.
|
||||||
|
// iceTransportPolicy: 'all',
|
||||||
|
|
||||||
|
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||||
|
// is supported).
|
||||||
|
preferH264: true
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// How long we're going to wait, before going back to P2P after the 3rd
|
||||||
|
// participant has left the conference (to filter out page reload).
|
||||||
|
// backToP2PDelay: 5
|
||||||
|
},
|
||||||
|
|
||||||
|
analytics: {
|
||||||
|
// The Google Analytics Tracking ID:
|
||||||
|
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||||
|
|
||||||
|
// The Amplitude APP Key:
|
||||||
|
// amplitudeAPPKey: '<APP_KEY>'
|
||||||
|
|
||||||
|
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||||
|
// scriptURLs: [
|
||||||
|
// "libs/analytics-ga.min.js", // google-analytics
|
||||||
|
// "https://example.com/my-custom-analytics.js"
|
||||||
|
// ],
|
||||||
|
},
|
||||||
|
|
||||||
|
// Information about the jitsi-meet instance we are connecting to, including
|
||||||
|
// the user region as seen by the server.
|
||||||
|
deploymentInfo: {
|
||||||
|
// shard: "shard1",
|
||||||
|
// region: "europe",
|
||||||
|
// userRegion: "asia"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Information for the chrome extension banner
|
||||||
|
// chromeExtensionBanner: {
|
||||||
|
// // The chrome extension to be installed address
|
||||||
|
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
|
||||||
|
// // Extensions info which allows checking if they are installed or not
|
||||||
|
// chromeExtensionsInfo: [
|
||||||
|
// {
|
||||||
|
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
// path: 'jitsi-logo-48x48.png'
|
||||||
|
// }
|
||||||
|
// ]
|
||||||
|
// }
|
||||||
|
|
||||||
|
// Local Recording
|
||||||
|
//
|
||||||
|
|
||||||
|
// localRecording: {
|
||||||
|
// Enables local recording.
|
||||||
|
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||||
|
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||||
|
// button to show up on the toolbar.
|
||||||
|
//
|
||||||
|
// enabled: true,
|
||||||
|
//
|
||||||
|
|
||||||
|
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||||
|
// format: 'flac'
|
||||||
|
//
|
||||||
|
|
||||||
|
// }
|
||||||
|
|
||||||
|
// Options related to end-to-end (participant to participant) ping.
|
||||||
|
// e2eping: {
|
||||||
|
// // The interval in milliseconds at which pings will be sent.
|
||||||
|
// // Defaults to 10000, set to <= 0 to disable.
|
||||||
|
// pingInterval: 10000,
|
||||||
|
//
|
||||||
|
// // The interval in milliseconds at which analytics events
|
||||||
|
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||||
|
// // to <= 0 to disable.
|
||||||
|
// analyticsInterval: 60000,
|
||||||
|
// }
|
||||||
|
|
||||||
|
// If set, will attempt to use the provided video input device label when
|
||||||
|
// triggering a screenshare, instead of proceeding through the normal flow
|
||||||
|
// for obtaining a desktop stream.
|
||||||
|
// NOTE: This option is experimental and is currently intended for internal
|
||||||
|
// use only.
|
||||||
|
// _desktopSharingSourceDevice: 'sample-id-or-label'
|
||||||
|
|
||||||
|
// If true, any checks to handoff to another application will be prevented
|
||||||
|
// and instead the app will continue to display in the current browser.
|
||||||
|
// disableDeepLinking: false
|
||||||
|
|
||||||
|
// A property to disable the right click context menu for localVideo
|
||||||
|
// the menu has option to flip the locally seen video for local presentations
|
||||||
|
// disableLocalVideoFlip: false
|
||||||
|
|
||||||
|
// Deployment specific URLs.
|
||||||
|
// deploymentUrls: {
|
||||||
|
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||||
|
// // user documentation.
|
||||||
|
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||||
|
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||||
|
// // to the specified URL for an app download page.
|
||||||
|
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||||
|
// }
|
||||||
|
|
||||||
|
// List of undocumented settings used in jitsi-meet
|
||||||
|
/**
|
||||||
|
_immediateReloadThreshold
|
||||||
|
autoRecord
|
||||||
|
autoRecordToken
|
||||||
|
debug
|
||||||
|
debugAudioLevels
|
||||||
|
deploymentInfo
|
||||||
|
dialInConfCodeUrl
|
||||||
|
dialInNumbersUrl
|
||||||
|
dialOutAuthUrl
|
||||||
|
dialOutCodesUrl
|
||||||
|
disableRemoteControl
|
||||||
|
displayJids
|
||||||
|
etherpad_base
|
||||||
|
externalConnectUrl
|
||||||
|
firefox_fake_device
|
||||||
|
googleApiApplicationClientID
|
||||||
|
iAmRecorder
|
||||||
|
iAmSipGateway
|
||||||
|
microsoftApiApplicationClientID
|
||||||
|
peopleSearchQueryTypes
|
||||||
|
peopleSearchUrl
|
||||||
|
requireDisplayName
|
||||||
|
tokenAuthUrl
|
||||||
|
*/
|
||||||
|
|
||||||
|
// List of undocumented settings used in lib-jitsi-meet
|
||||||
|
/**
|
||||||
|
_peerConnStatusOutOfLastNTimeout
|
||||||
|
_peerConnStatusRtcMuteTimeout
|
||||||
|
abTesting
|
||||||
|
avgRtpStatsN
|
||||||
|
callStatsConfIDNamespace
|
||||||
|
callStatsCustomScriptUrl
|
||||||
|
desktopSharingSources
|
||||||
|
disableAEC
|
||||||
|
disableAGC
|
||||||
|
disableAP
|
||||||
|
disableHPF
|
||||||
|
disableNS
|
||||||
|
enableLipSync
|
||||||
|
enableTalkWhileMuted
|
||||||
|
forceJVB121Ratio
|
||||||
|
hiddenDomain
|
||||||
|
ignoreStartMuted
|
||||||
|
nick
|
||||||
|
startBitrate
|
||||||
|
*/
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
/* eslint-enable no-unused-vars, no-var */
|
||||||
|
|
38
docker/jitsi/jitsi-front/entrypoint.sh
Executable file
38
docker/jitsi/jitsi-front/entrypoint.sh
Executable file
|
@ -0,0 +1,38 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cat > /etc/nginx/sites-available/jitsi <<EOF
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:443 ssl http2 default_server;
|
||||||
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
server_name _;
|
||||||
|
ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
|
||||||
|
ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;
|
||||||
|
root /srv/jitsi-meet;
|
||||||
|
index index.html;
|
||||||
|
location ~ ^/([a-zA-Z0-9=\?]+)$ {
|
||||||
|
rewrite ^/(.*)$ / break;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
ssi on;
|
||||||
|
}
|
||||||
|
# BOSH, Bidirectional-streams Over Synchronous HTTP
|
||||||
|
# https://en.wikipedia.org/wiki/BOSH_(protocol)
|
||||||
|
location /http-bind {
|
||||||
|
proxy_pass http://${JITSI_PROSODY_BOSH_HOST}:${JITSI_PROSODY_BOSH_PORT}/http-bind;
|
||||||
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
|
proxy_set_header Host \$http_host;
|
||||||
|
}
|
||||||
|
# external_api.js must be accessible from the root of the
|
||||||
|
# installation for the electron version of Jitsi Meet to work
|
||||||
|
# https://github.com/jitsi/jitsi-meet-electron
|
||||||
|
location /external_api.js {
|
||||||
|
alias /srv/jitsi-meet/libs/external_api.min.js;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
ln -sf /etc/nginx/sites-available/jitsi /etc/nginx/sites-enabled/jitsi
|
||||||
|
|
||||||
|
exec "$@"
|
21
docker/jitsi/jitsi-videobridge/Dockerfile
Normal file
21
docker/jitsi/jitsi-videobridge/Dockerfile
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y wget unzip
|
||||||
|
|
||||||
|
ENV VERSION=1132
|
||||||
|
RUN wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-${VERSION}.zip -O jvb.zip && \
|
||||||
|
unzip jvb.zip && \
|
||||||
|
mv jitsi-videobridge-linux-x64-${VERSION} jvb
|
||||||
|
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jdk
|
||||||
|
|
||||||
|
COPY --from=builder /jvb /srv/jvb
|
||||||
|
ENV HOME=/srv/jvb
|
||||||
|
WORKDIR /srv/jvb
|
||||||
|
COPY jvb_run /usr/local/bin/jvb_run
|
||||||
|
|
||||||
|
CMD ["/usr/local/bin/jvb_run"]
|
23
docker/jitsi/jitsi-videobridge/jvb_run
Executable file
23
docker/jitsi/jitsi-videobridge/jvb_run
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cat >> /etc/hosts <<EOF
|
||||||
|
${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
|
||||||
|
127.0.0.1 `hostname`
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cd /srv/jvb
|
||||||
|
|
||||||
|
cat > ~/.sip-communicator/sip-communicator.properties <<EOF
|
||||||
|
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
|
||||||
|
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
|
||||||
|
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
|
||||||
|
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
||||||
|
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
||||||
|
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
./jvb.sh \
|
||||||
|
--host=${JITSI_PROSODY_HOST} \
|
||||||
|
--domain=jitsi.deuxfleurs.fr \
|
||||||
|
--port=5347 \
|
||||||
|
--secret=${JITSI_SECRET_VIDEOBRIDGE}
|
11
docker/jitsi/jitsi-xmpp/Dockerfile
Normal file
11
docker/jitsi/jitsi-xmpp/Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
FROM debian:buster
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y prosody
|
||||||
|
|
||||||
|
COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
|
||||||
|
COPY xmpp_conf /usr/local/bin/xmpp_conf
|
||||||
|
COPY xmpp_gen /usr/local/bin/xmpp_gen
|
||||||
|
COPY xmpp_run /usr/local/bin/xmpp_run
|
||||||
|
|
||||||
|
CMD ["/usr/local/bin/xmpp_run"]
|
2
docker/jitsi/jitsi-xmpp/external_components.cfg.lua
Normal file
2
docker/jitsi/jitsi-xmpp/external_components.cfg.lua
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
component_ports = { 5347 }
|
||||||
|
component_interface = "0.0.0.0"
|
42
docker/jitsi/jitsi-xmpp/xmpp_conf
Executable file
42
docker/jitsi/jitsi-xmpp/xmpp_conf
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cat >> /etc/hosts <<EOF
|
||||||
|
${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
|
||||||
|
127.0.0.1 `hostname`
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mkdir -p /etc/prosody/conf.{d,avail}/
|
||||||
|
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
|
||||||
|
VirtualHost "jitsi.deuxfleurs.fr"
|
||||||
|
authentication = "anonymous"
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
|
||||||
|
certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
|
||||||
|
}
|
||||||
|
modules_enabled = {
|
||||||
|
"bosh";
|
||||||
|
"pubsub";
|
||||||
|
}
|
||||||
|
c2s_require_encryption = false
|
||||||
|
|
||||||
|
VirtualHost "auth.jitsi.deuxfleurs.fr"
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
|
||||||
|
certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
|
||||||
|
}
|
||||||
|
authentication = "internal_plain"
|
||||||
|
|
||||||
|
admins = { "focus@auth.jitsi.deuxfleurs.fr" }
|
||||||
|
|
||||||
|
Component "conference.jitsi.deuxfleurs.fr" "muc"
|
||||||
|
Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
|
||||||
|
component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
|
||||||
|
Component "focus.jitsi.deuxfleurs.fr"
|
||||||
|
component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
ln -sf \
|
||||||
|
/etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
|
||||||
|
/etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
|
||||||
|
|
||||||
|
|
9
docker/jitsi/jitsi-xmpp/xmpp_gen
Executable file
9
docker/jitsi/jitsi-xmpp/xmpp_gen
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
/usr/local/bin/xmpp_conf
|
||||||
|
|
||||||
|
prosodyctl cert generate jitsi.deuxfleurs.fr
|
||||||
|
prosodyctl cert generate auth.jitsi.deuxfleurs.fr
|
||||||
|
|
||||||
|
cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
|
||||||
|
cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}
|
19
docker/jitsi/jitsi-xmpp/xmpp_run
Executable file
19
docker/jitsi/jitsi-xmpp/xmpp_run
Executable file
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
/usr/local/bin/xmpp_conf
|
||||||
|
cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
|
||||||
|
chown -R prosody:prosody /var/lib/prosody
|
||||||
|
|
||||||
|
mkdir -p /usr/local/share/ca-certificates/
|
||||||
|
ln -sf \
|
||||||
|
/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
|
||||||
|
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
|
||||||
|
|
||||||
|
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
|
||||||
|
|
||||||
|
mkdir /run/prosody
|
||||||
|
touch /run/prosody/prosody.pid
|
||||||
|
chown -R prosody:prosody /run/prosody
|
||||||
|
|
||||||
|
cd /var/lib/prosody
|
||||||
|
su - prosody -s /bin/bash -c prosody
|
|
@ -60,11 +60,6 @@ job "frontend" {
|
||||||
data = "{{ key \"configuration/traefik/traefik.toml\" }}"
|
data = "{{ key \"configuration/traefik/traefik.toml\" }}"
|
||||||
destination = "secrets/traefik.toml"
|
destination = "secrets/traefik.toml"
|
||||||
}
|
}
|
||||||
template {
|
|
||||||
data = "{{ key \"configuration/traefik/cloudflare.env\" }}"
|
|
||||||
destination = "secrets/cloudflare.env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue