forked from Deuxfleurs/infrastructure
Migrate jitsi + WIP backup doc
This commit is contained in:
parent
3563fb5994
commit
a68a1e1da7
10 changed files with 142 additions and 61 deletions
|
@ -50,16 +50,16 @@ services:
|
|||
context: ./jitsi/build/jitsi-meet
|
||||
args:
|
||||
# https://github.com/jitsi/jitsi-meet
|
||||
MEET_TAG: jitsi-meet_5463
|
||||
image: superboum/amd64_jitsi_meet:v4
|
||||
MEET_TAG: stable/jitsi-meet_6826
|
||||
image: superboum/amd64_jitsi_meet:v5
|
||||
|
||||
jitsi-conference-focus:
|
||||
build:
|
||||
context: ./jitsi/build/jitsi-conference-focus
|
||||
args:
|
||||
# https://github.com/jitsi/jicofo
|
||||
JICOFO_TAG: jitsi-meet_5463
|
||||
image: superboum/amd64_jitsi_conference_focus:v8
|
||||
JICOFO_TAG: stable/jitsi-meet_6826
|
||||
image: superboum/amd64_jitsi_conference_focus:v9
|
||||
|
||||
jitsi-videobridge:
|
||||
build:
|
||||
|
@ -67,16 +67,16 @@ services:
|
|||
args:
|
||||
# https://github.com/jitsi/jitsi-videobridge
|
||||
# note: JVB is not tagged with non-stable tags
|
||||
JVB_TAG: stable/jitsi-meet_5390
|
||||
image: superboum/amd64_jitsi_videobridge:v18
|
||||
JVB_TAG: stable/jitsi-meet_6826
|
||||
image: superboum/amd64_jitsi_videobridge:v19
|
||||
|
||||
jitsi-xmpp:
|
||||
build:
|
||||
context: ./jitsi/build/jitsi-xmpp
|
||||
args:
|
||||
MEET_TAG: jitsi-meet_5463
|
||||
PROSODY_VERSION: 0.11.7-1~buster4
|
||||
image: superboum/amd64_jitsi_xmpp:v9
|
||||
MEET_TAG: stable/jitsi-meet_6826
|
||||
PROSODY_VERSION: 0.11.12-1
|
||||
image: superboum/amd64_jitsi_xmpp:v10
|
||||
|
||||
plume:
|
||||
build:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM debian:buster AS builder
|
||||
FROM debian:bookworm AS builder
|
||||
|
||||
# unzip is required when executing the mvn package command
|
||||
RUN apt-get update && \
|
||||
|
@ -15,7 +15,7 @@ RUN mvn package -DskipTests -Dassembly.skipAssembly=false
|
|||
RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||
mv jicofo-1.1-SNAPSHOT /srv/build
|
||||
|
||||
FROM debian:buster
|
||||
FROM debian:bookworm
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openjdk-11-jre-headless ca-certificates
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
FROM debian:buster AS builder
|
||||
FROM debian:bookworm AS builder
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y curl && \
|
||||
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
||||
curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
|
||||
apt-get install -y git nodejs make git unzip
|
||||
|
||||
ARG MEET_TAG
|
||||
|
@ -12,7 +12,7 @@ WORKDIR jitsi-meet
|
|||
RUN npm install && \
|
||||
make
|
||||
|
||||
FROM debian:buster
|
||||
FROM debian:bookworm
|
||||
|
||||
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||
RUN apt-get update && \
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
From b327e580ab83110cdb52bc1d11687a096b8fc1df Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Dufour <quentin@dufour.io>
|
||||
Date: Mon, 1 Feb 2021 07:16:50 +0100
|
||||
Subject: [PATCH] Disable legacy parameters
|
||||
|
||||
---
|
||||
jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt | 8 --------
|
||||
1 file changed, 8 deletions(-)
|
||||
|
||||
diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
index df71f480..8f0ef9a5 100644
|
||||
--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
@@ -62,14 +62,6 @@ fun main(args: Array<String>) {
|
||||
// to be passed.
|
||||
System.setProperty("org.eclipse.jetty.util.log.class", "org.eclipse.jetty.util.log.JavaUtilLog")
|
||||
|
||||
- // Before initializing the application programming interfaces (APIs) of
|
||||
- // Jitsi Videobridge, set any System properties which they use and which
|
||||
- // may be specified by the command-line arguments.
|
||||
- System.setProperty(
|
||||
- Videobridge.REST_API_PNAME,
|
||||
- cmdLine.getOptionValue("--apis").contains(Videobridge.REST_API).toString()
|
||||
- )
|
||||
-
|
||||
// Reload the Typesafe config used by ice4j, because the original was initialized before the new system
|
||||
// properties were set.
|
||||
JitsiConfig.reloadNewConfig()
|
||||
--
|
||||
2.25.1
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
From 01507442620e5a57624c921b508eac7d572440d0 Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Dufour <quentin@deuxfleurs.fr>
|
||||
Date: Tue, 25 Jan 2022 14:46:22 +0100
|
||||
Subject: [PATCH] Remove deprecated argument
|
||||
|
||||
---
|
||||
.../main/kotlin/org/jitsi/videobridge/Main.kt | 17 -----------------
|
||||
1 file changed, 17 deletions(-)
|
||||
|
||||
diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
index 4f6cb78..3db00f2 100644
|
||||
--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||
@@ -52,23 +52,6 @@ import org.jitsi.videobridge.websocket.singleton as webSocketServiceSingleton
|
||||
fun main(args: Array<String>) {
|
||||
val logger = LoggerImpl("org.jitsi.videobridge.Main")
|
||||
|
||||
- // We only support command line arguments for backward compatibility. The --apis options is the last one supported,
|
||||
- // and it is only used to enable/disable the REST API (XMPP is only controlled through the config files).
|
||||
- // TODO: fully remove support for --apis
|
||||
- CmdLine().apply {
|
||||
- parse(args)
|
||||
- getOptionValue("--apis")?.let {
|
||||
- logger.warn(
|
||||
- "A deprecated command line argument (--apis) is present. Please use the config file to control the " +
|
||||
- "REST API instead (see rest.md). Support for --apis will be removed in a future version."
|
||||
- )
|
||||
- System.setProperty(
|
||||
- Videobridge.REST_API_PNAME,
|
||||
- it.contains(Videobridge.REST_API).toString()
|
||||
- )
|
||||
- }
|
||||
- }
|
||||
-
|
||||
setupMetaconfigLogger()
|
||||
|
||||
setSystemPropertyDefaults()
|
||||
--
|
||||
2.33.1
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
FROM debian:buster AS builder
|
||||
FROM debian:bookworm AS builder
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y git unzip maven openjdk-11-jdk-headless
|
||||
|
@ -8,12 +8,12 @@ RUN git clone --depth 1 --branch ${JVB_TAG} https://github.com/jitsi/jitsi-video
|
|||
|
||||
WORKDIR jitsi-videobridge
|
||||
COPY *.patch .
|
||||
RUN git apply 0001-Disable-legacy-parameters.patch
|
||||
RUN git apply 0001-Remove-deprecated-argument.patch
|
||||
RUN mvn package -DskipTests
|
||||
RUN unzip jvb/target/jitsi-videobridge*.zip && \
|
||||
mv jitsi-videobridge-*-SNAPSHOT build
|
||||
|
||||
FROM debian:buster
|
||||
FROM debian:bookworm
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y openjdk-11-jre-headless curl
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM debian:buster as builder
|
||||
FROM debian:bookworm as builder
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y git unzip
|
||||
|
@ -6,7 +6,7 @@ RUN apt-get update && \
|
|||
ARG MEET_TAG
|
||||
RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
|
||||
|
||||
FROM debian:buster
|
||||
FROM debian:bookworm
|
||||
|
||||
ARG PROSODY_VERSION
|
||||
RUN apt-get update && \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
||||
error_log /dev/stderr;
|
||||
error_log /dev/stderr info;
|
||||
|
||||
events {}
|
||||
|
||||
|
@ -39,8 +39,10 @@ http {
|
|||
|
||||
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
||||
server {
|
||||
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
#listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
#listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server;
|
||||
listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server;
|
||||
client_max_body_size 0;
|
||||
server_name _;
|
||||
|
||||
|
@ -48,8 +50,8 @@ http {
|
|||
ssi on;
|
||||
ssi_types application/x-javascript application/javascript;
|
||||
|
||||
ssl_certificate /etc/nginx/jitsi.crt;
|
||||
ssl_certificate_key /etc/nginx/jitsi.key;
|
||||
#ssl_certificate /etc/nginx/jitsi.crt;
|
||||
#ssl_certificate_key /etc/nginx/jitsi.key;
|
||||
root /srv/jitsi-meet;
|
||||
index index.html;
|
||||
error_page 404 /static/404.html;
|
||||
|
@ -90,7 +92,7 @@ http {
|
|||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
|
||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||
proxy_set_header Host \$http_host;
|
||||
#proxy_set_header Host \$http_host;
|
||||
}
|
||||
|
||||
# not used yet VVV
|
||||
|
|
|
@ -21,7 +21,7 @@ job "jitsi" {
|
|||
task "xmpp" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_xmpp:v9"
|
||||
image = "superboum/amd64_jitsi_xmpp:v10"
|
||||
ports = [ "bosh_port", "xmpp_port" ]
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
|
@ -102,7 +102,7 @@ EOF
|
|||
task "front" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_meet:v4"
|
||||
image = "superboum/amd64_jitsi_meet:v5"
|
||||
network_mode = "host"
|
||||
ports = [ "https_port" ]
|
||||
volumes = [
|
||||
|
@ -145,7 +145,7 @@ EOF
|
|||
"traefik.frontend.entryPoints=https",
|
||||
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
||||
"traefik.protocol=https",
|
||||
"tricot-https jitsi.deuxfleurs.fr",
|
||||
"tricot jitsi.deuxfleurs.fr",
|
||||
]
|
||||
port = "https_port"
|
||||
address_mode = "host"
|
||||
|
@ -167,7 +167,7 @@ EOF
|
|||
task "jicofo" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_conference_focus:v8"
|
||||
image = "superboum/amd64_jitsi_conference_focus:v9"
|
||||
network_mode = "host"
|
||||
volumes = [
|
||||
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
||||
|
@ -201,7 +201,7 @@ EOF
|
|||
task "videobridge" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "superboum/amd64_jitsi_videobridge:v18"
|
||||
image = "superboum/amd64_jitsi_videobridge:v19"
|
||||
network_mode = "host"
|
||||
ports = [ "video_port" ]
|
||||
ulimit {
|
||||
|
|
70
op_guide/backup_minio/README.md
Normal file
70
op_guide/backup_minio/README.md
Normal file
|
@ -0,0 +1,70 @@
|
|||
Add the admin account as `deuxfleurs` to your `~/.mc/config` file
|
||||
|
||||
You need to choose some names/identifiers:
|
||||
|
||||
```bash
|
||||
export BUCKET_NAME=example
|
||||
export NEW_ACCESS_KEY_ID=hello
|
||||
|
||||
export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60)
|
||||
export POLICY_NAME="policy-$BUCKET_NAME"
|
||||
```
|
||||
|
||||
Create a new bucket:
|
||||
|
||||
```bash
|
||||
mc mb deuxfleurs/$BUCKET_NAME
|
||||
```
|
||||
|
||||
Create a new user:
|
||||
|
||||
```bash
|
||||
mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
|
||||
```
|
||||
|
||||
Add this new user to your `~/.mc/config.json` file
|
||||
|
||||
---
|
||||
|
||||
Create a policy for this bucket and save it as json:
|
||||
|
||||
```bash
|
||||
cat > /tmp/policy.json <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:ListBucket"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::${BUCKET_NAME}"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:*"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::${BUCKET_NAME}/*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Register it:
|
||||
|
||||
```bash
|
||||
mc admin policy add deuxfleurs $POLICY_NAME /tmp/policy.json
|
||||
```
|
||||
|
||||
Set it to your user:
|
||||
|
||||
```bash
|
||||
mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
|
||||
```
|
||||
|
||||
|
Loading…
Reference in a new issue