forked from Deuxfleurs/infrastructure
Migrate jitsi + WIP backup doc
This commit is contained in:
parent
3563fb5994
commit
a68a1e1da7
10 changed files with 142 additions and 61 deletions
|
@ -50,16 +50,16 @@ services:
|
||||||
context: ./jitsi/build/jitsi-meet
|
context: ./jitsi/build/jitsi-meet
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jitsi-meet
|
# https://github.com/jitsi/jitsi-meet
|
||||||
MEET_TAG: jitsi-meet_5463
|
MEET_TAG: stable/jitsi-meet_6826
|
||||||
image: superboum/amd64_jitsi_meet:v4
|
image: superboum/amd64_jitsi_meet:v5
|
||||||
|
|
||||||
jitsi-conference-focus:
|
jitsi-conference-focus:
|
||||||
build:
|
build:
|
||||||
context: ./jitsi/build/jitsi-conference-focus
|
context: ./jitsi/build/jitsi-conference-focus
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jicofo
|
# https://github.com/jitsi/jicofo
|
||||||
JICOFO_TAG: jitsi-meet_5463
|
JICOFO_TAG: stable/jitsi-meet_6826
|
||||||
image: superboum/amd64_jitsi_conference_focus:v8
|
image: superboum/amd64_jitsi_conference_focus:v9
|
||||||
|
|
||||||
jitsi-videobridge:
|
jitsi-videobridge:
|
||||||
build:
|
build:
|
||||||
|
@ -67,16 +67,16 @@ services:
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jitsi-videobridge
|
# https://github.com/jitsi/jitsi-videobridge
|
||||||
# note: JVB is not tagged with non-stable tags
|
# note: JVB is not tagged with non-stable tags
|
||||||
JVB_TAG: stable/jitsi-meet_5390
|
JVB_TAG: stable/jitsi-meet_6826
|
||||||
image: superboum/amd64_jitsi_videobridge:v18
|
image: superboum/amd64_jitsi_videobridge:v19
|
||||||
|
|
||||||
jitsi-xmpp:
|
jitsi-xmpp:
|
||||||
build:
|
build:
|
||||||
context: ./jitsi/build/jitsi-xmpp
|
context: ./jitsi/build/jitsi-xmpp
|
||||||
args:
|
args:
|
||||||
MEET_TAG: jitsi-meet_5463
|
MEET_TAG: stable/jitsi-meet_6826
|
||||||
PROSODY_VERSION: 0.11.7-1~buster4
|
PROSODY_VERSION: 0.11.12-1
|
||||||
image: superboum/amd64_jitsi_xmpp:v9
|
image: superboum/amd64_jitsi_xmpp:v10
|
||||||
|
|
||||||
plume:
|
plume:
|
||||||
build:
|
build:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:bookworm AS builder
|
||||||
|
|
||||||
# unzip is required when executing the mvn package command
|
# unzip is required when executing the mvn package command
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
|
@ -15,7 +15,7 @@ RUN mvn package -DskipTests -Dassembly.skipAssembly=false
|
||||||
RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||||
mv jicofo-1.1-SNAPSHOT /srv/build
|
mv jicofo-1.1-SNAPSHOT /srv/build
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:bookworm
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y openjdk-11-jre-headless ca-certificates
|
apt-get install -y openjdk-11-jre-headless ca-certificates
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:bookworm AS builder
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y curl && \
|
apt-get install -y curl && \
|
||||||
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
|
||||||
apt-get install -y git nodejs make git unzip
|
apt-get install -y git nodejs make git unzip
|
||||||
|
|
||||||
ARG MEET_TAG
|
ARG MEET_TAG
|
||||||
|
@ -12,7 +12,7 @@ WORKDIR jitsi-meet
|
||||||
RUN npm install && \
|
RUN npm install && \
|
||||||
make
|
make
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:bookworm
|
||||||
|
|
||||||
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
From b327e580ab83110cdb52bc1d11687a096b8fc1df Mon Sep 17 00:00:00 2001
|
|
||||||
From: Quentin Dufour <quentin@dufour.io>
|
|
||||||
Date: Mon, 1 Feb 2021 07:16:50 +0100
|
|
||||||
Subject: [PATCH] Disable legacy parameters
|
|
||||||
|
|
||||||
---
|
|
||||||
jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt | 8 --------
|
|
||||||
1 file changed, 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
|
||||||
index df71f480..8f0ef9a5 100644
|
|
||||||
--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
|
||||||
+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
|
||||||
@@ -62,14 +62,6 @@ fun main(args: Array<String>) {
|
|
||||||
// to be passed.
|
|
||||||
System.setProperty("org.eclipse.jetty.util.log.class", "org.eclipse.jetty.util.log.JavaUtilLog")
|
|
||||||
|
|
||||||
- // Before initializing the application programming interfaces (APIs) of
|
|
||||||
- // Jitsi Videobridge, set any System properties which they use and which
|
|
||||||
- // may be specified by the command-line arguments.
|
|
||||||
- System.setProperty(
|
|
||||||
- Videobridge.REST_API_PNAME,
|
|
||||||
- cmdLine.getOptionValue("--apis").contains(Videobridge.REST_API).toString()
|
|
||||||
- )
|
|
||||||
-
|
|
||||||
// Reload the Typesafe config used by ice4j, because the original was initialized before the new system
|
|
||||||
// properties were set.
|
|
||||||
JitsiConfig.reloadNewConfig()
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
From 01507442620e5a57624c921b508eac7d572440d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Dufour <quentin@deuxfleurs.fr>
|
||||||
|
Date: Tue, 25 Jan 2022 14:46:22 +0100
|
||||||
|
Subject: [PATCH] Remove deprecated argument
|
||||||
|
|
||||||
|
---
|
||||||
|
.../main/kotlin/org/jitsi/videobridge/Main.kt | 17 -----------------
|
||||||
|
1 file changed, 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
index 4f6cb78..3db00f2 100644
|
||||||
|
--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
@@ -52,23 +52,6 @@ import org.jitsi.videobridge.websocket.singleton as webSocketServiceSingleton
|
||||||
|
fun main(args: Array<String>) {
|
||||||
|
val logger = LoggerImpl("org.jitsi.videobridge.Main")
|
||||||
|
|
||||||
|
- // We only support command line arguments for backward compatibility. The --apis options is the last one supported,
|
||||||
|
- // and it is only used to enable/disable the REST API (XMPP is only controlled through the config files).
|
||||||
|
- // TODO: fully remove support for --apis
|
||||||
|
- CmdLine().apply {
|
||||||
|
- parse(args)
|
||||||
|
- getOptionValue("--apis")?.let {
|
||||||
|
- logger.warn(
|
||||||
|
- "A deprecated command line argument (--apis) is present. Please use the config file to control the " +
|
||||||
|
- "REST API instead (see rest.md). Support for --apis will be removed in a future version."
|
||||||
|
- )
|
||||||
|
- System.setProperty(
|
||||||
|
- Videobridge.REST_API_PNAME,
|
||||||
|
- it.contains(Videobridge.REST_API).toString()
|
||||||
|
- )
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
setupMetaconfigLogger()
|
||||||
|
|
||||||
|
setSystemPropertyDefaults()
|
||||||
|
--
|
||||||
|
2.33.1
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:bookworm AS builder
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y git unzip maven openjdk-11-jdk-headless
|
apt-get install -y git unzip maven openjdk-11-jdk-headless
|
||||||
|
@ -8,12 +8,12 @@ RUN git clone --depth 1 --branch ${JVB_TAG} https://github.com/jitsi/jitsi-video
|
||||||
|
|
||||||
WORKDIR jitsi-videobridge
|
WORKDIR jitsi-videobridge
|
||||||
COPY *.patch .
|
COPY *.patch .
|
||||||
RUN git apply 0001-Disable-legacy-parameters.patch
|
RUN git apply 0001-Remove-deprecated-argument.patch
|
||||||
RUN mvn package -DskipTests
|
RUN mvn package -DskipTests
|
||||||
RUN unzip jvb/target/jitsi-videobridge*.zip && \
|
RUN unzip jvb/target/jitsi-videobridge*.zip && \
|
||||||
mv jitsi-videobridge-*-SNAPSHOT build
|
mv jitsi-videobridge-*-SNAPSHOT build
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:bookworm
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y openjdk-11-jre-headless curl
|
apt-get install -y openjdk-11-jre-headless curl
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM debian:buster as builder
|
FROM debian:bookworm as builder
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y git unzip
|
apt-get install -y git unzip
|
||||||
|
@ -6,7 +6,7 @@ RUN apt-get update && \
|
||||||
ARG MEET_TAG
|
ARG MEET_TAG
|
||||||
RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
|
RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:bookworm
|
||||||
|
|
||||||
ARG PROSODY_VERSION
|
ARG PROSODY_VERSION
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
||||||
error_log /dev/stderr;
|
error_log /dev/stderr info;
|
||||||
|
|
||||||
events {}
|
events {}
|
||||||
|
|
||||||
|
@ -39,8 +39,10 @@ http {
|
||||||
|
|
||||||
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
||||||
server {
|
server {
|
||||||
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
#listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||||
listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
#listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||||
|
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server;
|
||||||
|
listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
|
@ -48,8 +50,8 @@ http {
|
||||||
ssi on;
|
ssi on;
|
||||||
ssi_types application/x-javascript application/javascript;
|
ssi_types application/x-javascript application/javascript;
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/jitsi.crt;
|
#ssl_certificate /etc/nginx/jitsi.crt;
|
||||||
ssl_certificate_key /etc/nginx/jitsi.key;
|
#ssl_certificate_key /etc/nginx/jitsi.key;
|
||||||
root /srv/jitsi-meet;
|
root /srv/jitsi-meet;
|
||||||
index index.html;
|
index index.html;
|
||||||
error_page 404 /static/404.html;
|
error_page 404 /static/404.html;
|
||||||
|
@ -90,7 +92,7 @@ http {
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
|
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
proxy_set_header Host \$http_host;
|
#proxy_set_header Host \$http_host;
|
||||||
}
|
}
|
||||||
|
|
||||||
# not used yet VVV
|
# not used yet VVV
|
||||||
|
|
|
@ -21,7 +21,7 @@ job "jitsi" {
|
||||||
task "xmpp" {
|
task "xmpp" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_xmpp:v9"
|
image = "superboum/amd64_jitsi_xmpp:v10"
|
||||||
ports = [ "bosh_port", "xmpp_port" ]
|
ports = [ "bosh_port", "xmpp_port" ]
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -102,7 +102,7 @@ EOF
|
||||||
task "front" {
|
task "front" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_meet:v4"
|
image = "superboum/amd64_jitsi_meet:v5"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "https_port" ]
|
ports = [ "https_port" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
|
@ -145,7 +145,7 @@ EOF
|
||||||
"traefik.frontend.entryPoints=https",
|
"traefik.frontend.entryPoints=https",
|
||||||
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
||||||
"traefik.protocol=https",
|
"traefik.protocol=https",
|
||||||
"tricot-https jitsi.deuxfleurs.fr",
|
"tricot jitsi.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
port = "https_port"
|
port = "https_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
|
@ -167,7 +167,7 @@ EOF
|
||||||
task "jicofo" {
|
task "jicofo" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_conference_focus:v8"
|
image = "superboum/amd64_jitsi_conference_focus:v9"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
||||||
|
@ -201,7 +201,7 @@ EOF
|
||||||
task "videobridge" {
|
task "videobridge" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_videobridge:v18"
|
image = "superboum/amd64_jitsi_videobridge:v19"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "video_port" ]
|
ports = [ "video_port" ]
|
||||||
ulimit {
|
ulimit {
|
||||||
|
|
70
op_guide/backup_minio/README.md
Normal file
70
op_guide/backup_minio/README.md
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
Add the admin account as `deuxfleurs` to your `~/.mc/config` file
|
||||||
|
|
||||||
|
You need to choose some names/identifiers:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export BUCKET_NAME=example
|
||||||
|
export NEW_ACCESS_KEY_ID=hello
|
||||||
|
|
||||||
|
export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60)
|
||||||
|
export POLICY_NAME="policy-$BUCKET_NAME"
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a new bucket:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc mb deuxfleurs/$BUCKET_NAME
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a new user:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
|
||||||
|
```
|
||||||
|
|
||||||
|
Add this new user to your `~/.mc/config.json` file
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Create a policy for this bucket and save it as json:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cat > /tmp/policy.json <<EOF
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"s3:ListBucket"
|
||||||
|
],
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::${BUCKET_NAME}"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": [
|
||||||
|
"s3:*"
|
||||||
|
],
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::${BUCKET_NAME}/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Register it:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc admin policy add deuxfleurs $POLICY_NAME /tmp/policy.json
|
||||||
|
```
|
||||||
|
|
||||||
|
Set it to your user:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
Loading…
Add table
Reference in a new issue