From 3b92e1979d84e7202f82427a6e16585ffebb31a1 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 22 Mar 2020 11:32:48 +0100 Subject: [PATCH 1/9] Change Traefik conf + WIP jitsi --- consul/configuration/traefik/traefik.toml | 4 +- docker/jitsi/Dockerfile | 11 +++++ docker/jitsi/jitsi-key.gpg.key | 51 +++++++++++++++++++++++ docker/jitsi/jitsi-stable.list | 1 + nomad/traefik.hcl | 5 --- 5 files changed, 65 insertions(+), 7 deletions(-) create mode 100644 docker/jitsi/Dockerfile create mode 100644 docker/jitsi/jitsi-key.gpg.key create mode 100644 docker/jitsi/jitsi-stable.list diff --git a/consul/configuration/traefik/traefik.toml b/consul/configuration/traefik/traefik.toml index ce50532..6145ffb 100644 --- a/consul/configuration/traefik/traefik.toml +++ b/consul/configuration/traefik/traefik.toml @@ -36,12 +36,12 @@ defaultEntryPoints = ["http", "https"] dashboard = true [consul] - endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500" + endpoint = "172.17.0.1:8500" watch = true prefix = "traefik" [consulCatalog] - endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500" + endpoint = "172.17.0.1:8500" prefix = "traefik" domain = "web.deuxfleurs.fr" exposedByDefault = false diff --git a/docker/jitsi/Dockerfile b/docker/jitsi/Dockerfile new file mode 100644 index 0000000..af96be2 --- /dev/null +++ b/docker/jitsi/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y apt-transport-https gnupg2 ca-certificates + +COPY jitsi-stable.list /etc/apt/sources.list.d/jitsi-stable.list +COPY jitsi-key.gpg.key /tmp/jitsi-key.gpg.key + +RUN apt-key add /tmp/jitsi-key.gpg.key && \ + apt-get update && \ + apt-get install -y jitsi-meet diff --git a/docker/jitsi/jitsi-key.gpg.key b/docker/jitsi/jitsi-key.gpg.key new file mode 100644 index 0000000..5a78785 --- /dev/null +++ b/docker/jitsi/jitsi-key.gpg.key @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFdrVgMBEACzVgG0ThyeWB4SpWFH2H80EJS2U1cgPfovwvsN5Ar/DvWE0vAO +4Ti5jfKTtG5fRMF1xvTP1lB7DOmhvuMyV4/Z0C2+PLY5COh/U0+S3WKtUejd0to0 ++I59AVAoa9H3Z5knME23FsHY4vQFY/vFEDVVvbFERFmmPLTi/m3A+15yaE1hIPub +U5qDxkCLJVt5EtTDRqr+u3jIVtJ6WhRdP90H6nij7zpli9uoEefOf1WTdV7JkNXo +oW7Mcy8cxiYJ9sSfRN3m3HClufOhyRCb4DEPfSRdz8AR0edRJefoyVMgHI+in9+0 +B80zYMhEq/dSTuyo/0yrW2jT3z4cR+RzO99ukA0a3j2cn/O2ILsE5AD5Ig3hamiu +3Q2glleYOVlBE7Pp7V5cNMPhxsI3rIif1kanbGozhup1WCaidopNp8MeVwqq0cLD +J1IoUoEB6F45dBL+CrFc02AHefyfYzlWdxusQR9vSXsM5cfTUkZqtdH8G3idEVQt +ok8yIrKdirOEhmb+MIop8royz6vElAQbekRetKPsba1MzGf6WSW+FnVuVYg7vB/8 +8mWt6fimXl3cn3yoBjdDQvUS3Op5mYxq4xqf/ejX5iFIecm+b5cBexJrOerPj7ob +a1cXdY3ru95PncVmXgwuB+MEFnv6rIDCA3UumQrjHDbfDHg49+xapOm0pQARAQAB +tBVKaXRzaSA8ZGV2QGppdHNpLm9yZz6JAjcEEwEKACEFAldrVgMCGwMFCwkIBwMF +FQoJCAsFFgMCAQACHgECF4AACgkQ74tHni3BOJy37g/+KPw7NqgEXwi5xgQJFGRA +1yKgMkoevSMygZy7pRu4AO1sy+IIRRRKNDd7O4CvQNvhKpKfG7Glx/yQ0fjbz9+9 +yvK2KTM57S98G9555ruSBWfeYep71br+qVeB5Dfp9Ua16yb03IaCY2eGEdG7CIQ7 +39a0fdntc00mHSRtx7KoIAW6S05TE2JEZR5NKkap3rL7pvvVkxz6i4cS/x4V1yuz +EheOptBZtBHh5XqO1CjseUSDF/14fEQyeu6+r2N31HVy44S2wwLHtgEknZqK48hn ++eLQTiV9+Vg2Mtc/1zmnCxOhmlHFFznKzC6NXaV6/RUyfp8Lvd1Hkb+mSyQ+ah7D +Ls8Y4jaOKtGL5M9ME0dASOMn5hun9bqqmlZPdK5cwZLgNEjLj8Dys5EBSNfHo9XH +bpQXI9M7JI64XTyVG1FoAHpu3HybsBfW18Vt63ctDTtjvzzmJ+mgDmFt9s0cw5XQ +o1iPUMSgsJ3BhF/2961e+92t5oNALOJNio1+lAiYUiPl8WYANQmFtLwNITH8KvUM +gEY7cm9SzjFrWQZ4n38+QTGz3J9JJlA2+tasqMliSr2sZ+qp2V4TjkjR647sopcc +x0d2/Brb9tgeGDpk4xcXD2U8eFCFLPrCwuw3QadPLC5z29rA/0fx9v6CisXPyZIm +geoI+3cy1kpZHsGOrj14wb+5Ag0EV2tWAwEQAO9Y2pHJjtoBoH/YRlFZDiQ0+URj +rojatIsNSNb2tIWaBuf1pFBvwOrSo0klDnKBbWWlTzr6KNNQODfORGUCwXwjqfDM +mbA3lC0BVcPDWAN8t73pt14EXiMy0TOxizaVp57q0UQYJzF9Fscq0nqw8wEqkYUx +Q1lHGBiEhCew1JAMje0EbPz6Hu1Uun408b1A6Xn8egcYlkkvBalowVo2mSKUMApE +sXqVof0nFsw1sfV7k7x830iuiLuh8Jp3eRTqQY43OrMuKoTEwRRMxxSLCqnoM63U +ywzuN5ucsuEYZTzGiEXfP4+0cCmjQOWR9RStUswVpH2uyUIULxvSot2Vz45myUES +rOiTnhS0/YHuKMSCHULu9nO7qUcjKnkUeDthbrpoG8yZrTZwviXdNSHFFha9SSvq +DX7w/ln1K/PeQuvgomo6iKMrNAoDesW/IOoY3oEUdUwv6Y88MNBnHFkuYOyi4Uc2 +oR+aQAIqvL69lGF5UQEJ6Q0kzQrGpx1+dR6cqkAEylWurRU/hepEwlebNxBPwPLi +ncbPT1x0X0N5MjfX9XfSxzGaoohIiZVqe7HIWkqJL8RV1Tbizj522HM2LYzCwMZI +XsX8+rXdmveN27zxVXB63ye31mnDedPS85kaNZi+cVNoUVPH/Ai37SsQ3sVMHlRv +aTq4Z4HNw5ywNb9NABEBAAGJAh8EGAEKAAkFAldrVgMCGwwACgkQ74tHni3BOJyP +ew/9FAsVHZHauM+GqblFNJz5OIKFosQ3UsVcXH4EfVUWvyru3lDb6Z5EWP+kdym6 +ZIaxE4oV4Z/WsSYDbY80TQXc6TO0dgkTk82/nNNR4JlZR101D0QmO+4TG7uI+oX/ +sqBfLqyHy3Zi10GeaF2+5q48NVb9jEX0p9fmPraG5CJqD21Pa5oORrED8RyksK7s +8KnhNdU3XNgh1HqsscviCq3X+WRrMKXT/Wk3Gz45wDKA5taH9iYZ4ybJMRsbEl1T +O2avpHAi6JaByL6+qLL3OZaRPkNHRuQjJvwsnJ4IDsBLg0GbUuEZMieje5W6sLvM +Mgs+xyyc1Cm85572xVjBQ6Li6o2Jqziz09lipgb1xoSe3csXlCBbtgTbylvZi17N +frsn/xk805u++NdAMKKziPEnETGV7MGyxvz/X7OLjNIeo1I4lhiZWaqa9Hma2KvQ +vHNhunHXwCjeXnS8eQYuV8m2Obfot9xbbdFu3AvoaVttuEla3l7rtrPsDSiMop9r +NC1uy/ZOHOSqceRYUf+W2mdwf2O+De1xR1ETg35r2fQS6P2rEL35tlY8W2xQIjXn +0L3JhAxjhKZJmJZ+o4VgVaSY5uQ7hGivUwXtt9tkzreqcNK/GhTkt0G1hDqRO4/K +8K1FOZY5vG6jO1ZEBb6yX3HS4dYDAXG82AYt/nQlWDPQZQg= +=xG9N +-----END PGP PUBLIC KEY BLOCK----- diff --git a/docker/jitsi/jitsi-stable.list b/docker/jitsi/jitsi-stable.list new file mode 100644 index 0000000..9a838c5 --- /dev/null +++ b/docker/jitsi/jitsi-stable.list @@ -0,0 +1 @@ +deb https://download.jitsi.org stable/ diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl index 8b9788e..3796c2d 100644 --- a/nomad/traefik.hcl +++ b/nomad/traefik.hcl @@ -60,11 +60,6 @@ job "frontend" { data = "{{ key \"configuration/traefik/traefik.toml\" }}" destination = "secrets/traefik.toml" } - template { - data = "{{ key \"configuration/traefik/cloudflare.env\" }}" - destination = "secrets/cloudflare.env" - env = true - } } } } From d2c743b7420b897116755d21fcd67630612a2b81 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 22 Mar 2020 14:32:10 +0100 Subject: [PATCH 2/9] Move to a more manual jitsi installation --- docker/jitsi/Dockerfile | 11 ---- docker/jitsi/README.md | 1 + .../jitsi/jitsi-conference-focus/Dockerfile | 0 docker/jitsi/jitsi-front/Dockerfile | 0 docker/jitsi/jitsi-key.gpg.key | 51 ------------------- docker/jitsi/jitsi-stable.list | 1 - docker/jitsi/jitsi-videobridge/Dockerfile | 0 docker/jitsi/jitsi-xmpp/Dockerfile | 6 +++ docker/jitsi/jitsi-xmpp/entrypoint.sh | 46 +++++++++++++++++ 9 files changed, 53 insertions(+), 63 deletions(-) delete mode 100644 docker/jitsi/Dockerfile create mode 100644 docker/jitsi/README.md create mode 100644 docker/jitsi/jitsi-conference-focus/Dockerfile create mode 100644 docker/jitsi/jitsi-front/Dockerfile delete mode 100644 docker/jitsi/jitsi-key.gpg.key delete mode 100644 docker/jitsi/jitsi-stable.list create mode 100644 docker/jitsi/jitsi-videobridge/Dockerfile create mode 100644 docker/jitsi/jitsi-xmpp/Dockerfile create mode 100755 docker/jitsi/jitsi-xmpp/entrypoint.sh diff --git a/docker/jitsi/Dockerfile b/docker/jitsi/Dockerfile deleted file mode 100644 index af96be2..0000000 --- a/docker/jitsi/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM debian:buster - -RUN apt-get update && \ - apt-get install -y apt-transport-https gnupg2 ca-certificates - -COPY jitsi-stable.list /etc/apt/sources.list.d/jitsi-stable.list -COPY jitsi-key.gpg.key /tmp/jitsi-key.gpg.key - -RUN apt-key add /tmp/jitsi-key.gpg.key && \ - apt-get update && \ - apt-get install -y jitsi-meet diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md new file mode 100644 index 0000000..d18a85b --- /dev/null +++ b/docker/jitsi/README.md @@ -0,0 +1 @@ +This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md diff --git a/docker/jitsi/jitsi-conference-focus/Dockerfile b/docker/jitsi/jitsi-conference-focus/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/docker/jitsi/jitsi-front/Dockerfile b/docker/jitsi/jitsi-front/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/docker/jitsi/jitsi-key.gpg.key b/docker/jitsi/jitsi-key.gpg.key deleted file mode 100644 index 5a78785..0000000 --- a/docker/jitsi/jitsi-key.gpg.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBFdrVgMBEACzVgG0ThyeWB4SpWFH2H80EJS2U1cgPfovwvsN5Ar/DvWE0vAO -4Ti5jfKTtG5fRMF1xvTP1lB7DOmhvuMyV4/Z0C2+PLY5COh/U0+S3WKtUejd0to0 -+I59AVAoa9H3Z5knME23FsHY4vQFY/vFEDVVvbFERFmmPLTi/m3A+15yaE1hIPub -U5qDxkCLJVt5EtTDRqr+u3jIVtJ6WhRdP90H6nij7zpli9uoEefOf1WTdV7JkNXo -oW7Mcy8cxiYJ9sSfRN3m3HClufOhyRCb4DEPfSRdz8AR0edRJefoyVMgHI+in9+0 -B80zYMhEq/dSTuyo/0yrW2jT3z4cR+RzO99ukA0a3j2cn/O2ILsE5AD5Ig3hamiu -3Q2glleYOVlBE7Pp7V5cNMPhxsI3rIif1kanbGozhup1WCaidopNp8MeVwqq0cLD -J1IoUoEB6F45dBL+CrFc02AHefyfYzlWdxusQR9vSXsM5cfTUkZqtdH8G3idEVQt -ok8yIrKdirOEhmb+MIop8royz6vElAQbekRetKPsba1MzGf6WSW+FnVuVYg7vB/8 -8mWt6fimXl3cn3yoBjdDQvUS3Op5mYxq4xqf/ejX5iFIecm+b5cBexJrOerPj7ob -a1cXdY3ru95PncVmXgwuB+MEFnv6rIDCA3UumQrjHDbfDHg49+xapOm0pQARAQAB -tBVKaXRzaSA8ZGV2QGppdHNpLm9yZz6JAjcEEwEKACEFAldrVgMCGwMFCwkIBwMF -FQoJCAsFFgMCAQACHgECF4AACgkQ74tHni3BOJy37g/+KPw7NqgEXwi5xgQJFGRA -1yKgMkoevSMygZy7pRu4AO1sy+IIRRRKNDd7O4CvQNvhKpKfG7Glx/yQ0fjbz9+9 -yvK2KTM57S98G9555ruSBWfeYep71br+qVeB5Dfp9Ua16yb03IaCY2eGEdG7CIQ7 -39a0fdntc00mHSRtx7KoIAW6S05TE2JEZR5NKkap3rL7pvvVkxz6i4cS/x4V1yuz -EheOptBZtBHh5XqO1CjseUSDF/14fEQyeu6+r2N31HVy44S2wwLHtgEknZqK48hn -+eLQTiV9+Vg2Mtc/1zmnCxOhmlHFFznKzC6NXaV6/RUyfp8Lvd1Hkb+mSyQ+ah7D -Ls8Y4jaOKtGL5M9ME0dASOMn5hun9bqqmlZPdK5cwZLgNEjLj8Dys5EBSNfHo9XH -bpQXI9M7JI64XTyVG1FoAHpu3HybsBfW18Vt63ctDTtjvzzmJ+mgDmFt9s0cw5XQ -o1iPUMSgsJ3BhF/2961e+92t5oNALOJNio1+lAiYUiPl8WYANQmFtLwNITH8KvUM -gEY7cm9SzjFrWQZ4n38+QTGz3J9JJlA2+tasqMliSr2sZ+qp2V4TjkjR647sopcc -x0d2/Brb9tgeGDpk4xcXD2U8eFCFLPrCwuw3QadPLC5z29rA/0fx9v6CisXPyZIm -geoI+3cy1kpZHsGOrj14wb+5Ag0EV2tWAwEQAO9Y2pHJjtoBoH/YRlFZDiQ0+URj -rojatIsNSNb2tIWaBuf1pFBvwOrSo0klDnKBbWWlTzr6KNNQODfORGUCwXwjqfDM -mbA3lC0BVcPDWAN8t73pt14EXiMy0TOxizaVp57q0UQYJzF9Fscq0nqw8wEqkYUx -Q1lHGBiEhCew1JAMje0EbPz6Hu1Uun408b1A6Xn8egcYlkkvBalowVo2mSKUMApE -sXqVof0nFsw1sfV7k7x830iuiLuh8Jp3eRTqQY43OrMuKoTEwRRMxxSLCqnoM63U -ywzuN5ucsuEYZTzGiEXfP4+0cCmjQOWR9RStUswVpH2uyUIULxvSot2Vz45myUES -rOiTnhS0/YHuKMSCHULu9nO7qUcjKnkUeDthbrpoG8yZrTZwviXdNSHFFha9SSvq -DX7w/ln1K/PeQuvgomo6iKMrNAoDesW/IOoY3oEUdUwv6Y88MNBnHFkuYOyi4Uc2 -oR+aQAIqvL69lGF5UQEJ6Q0kzQrGpx1+dR6cqkAEylWurRU/hepEwlebNxBPwPLi -ncbPT1x0X0N5MjfX9XfSxzGaoohIiZVqe7HIWkqJL8RV1Tbizj522HM2LYzCwMZI -XsX8+rXdmveN27zxVXB63ye31mnDedPS85kaNZi+cVNoUVPH/Ai37SsQ3sVMHlRv -aTq4Z4HNw5ywNb9NABEBAAGJAh8EGAEKAAkFAldrVgMCGwwACgkQ74tHni3BOJyP -ew/9FAsVHZHauM+GqblFNJz5OIKFosQ3UsVcXH4EfVUWvyru3lDb6Z5EWP+kdym6 -ZIaxE4oV4Z/WsSYDbY80TQXc6TO0dgkTk82/nNNR4JlZR101D0QmO+4TG7uI+oX/ -sqBfLqyHy3Zi10GeaF2+5q48NVb9jEX0p9fmPraG5CJqD21Pa5oORrED8RyksK7s -8KnhNdU3XNgh1HqsscviCq3X+WRrMKXT/Wk3Gz45wDKA5taH9iYZ4ybJMRsbEl1T -O2avpHAi6JaByL6+qLL3OZaRPkNHRuQjJvwsnJ4IDsBLg0GbUuEZMieje5W6sLvM -Mgs+xyyc1Cm85572xVjBQ6Li6o2Jqziz09lipgb1xoSe3csXlCBbtgTbylvZi17N -frsn/xk805u++NdAMKKziPEnETGV7MGyxvz/X7OLjNIeo1I4lhiZWaqa9Hma2KvQ -vHNhunHXwCjeXnS8eQYuV8m2Obfot9xbbdFu3AvoaVttuEla3l7rtrPsDSiMop9r -NC1uy/ZOHOSqceRYUf+W2mdwf2O+De1xR1ETg35r2fQS6P2rEL35tlY8W2xQIjXn -0L3JhAxjhKZJmJZ+o4VgVaSY5uQ7hGivUwXtt9tkzreqcNK/GhTkt0G1hDqRO4/K -8K1FOZY5vG6jO1ZEBb6yX3HS4dYDAXG82AYt/nQlWDPQZQg= -=xG9N ------END PGP PUBLIC KEY BLOCK----- diff --git a/docker/jitsi/jitsi-stable.list b/docker/jitsi/jitsi-stable.list deleted file mode 100644 index 9a838c5..0000000 --- a/docker/jitsi/jitsi-stable.list +++ /dev/null @@ -1 +0,0 @@ -deb https://download.jitsi.org stable/ diff --git a/docker/jitsi/jitsi-videobridge/Dockerfile b/docker/jitsi/jitsi-videobridge/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/docker/jitsi/jitsi-xmpp/Dockerfile b/docker/jitsi/jitsi-xmpp/Dockerfile new file mode 100644 index 0000000..03bb8f3 --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/Dockerfile @@ -0,0 +1,6 @@ +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y prosody + + diff --git a/docker/jitsi/jitsi-xmpp/entrypoint.sh b/docker/jitsi/jitsi-xmpp/entrypoint.sh new file mode 100755 index 0000000..017a756 --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/entrypoint.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +mkdir -p /etc/prosody/conf.{d,avail}/ +cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua < Date: Sun, 22 Mar 2020 15:09:20 +0100 Subject: [PATCH 3/9] Configured jitsi-xmpp --- docker/jitsi/README.md | 12 ++++++++++++ docker/jitsi/docker-compose.yml | 13 +++++++++++++ docker/jitsi/jitsi-xmpp/Dockerfile | 5 ++++- docker/jitsi/jitsi-xmpp/entrypoint.sh | 10 ++++++++-- docker/jitsi/jitsi-xmpp/external_components.cfg.lua | 2 ++ 5 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 docker/jitsi/docker-compose.yml create mode 100644 docker/jitsi/jitsi-xmpp/external_components.cfg.lua diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md index d18a85b..738a63d 100644 --- a/docker/jitsi/README.md +++ b/docker/jitsi/README.md @@ -1 +1,13 @@ This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md + +To build images: + +``` +docker-compose build +``` + +To run stack: + +``` +docker-compose up +``` diff --git a/docker/jitsi/docker-compose.yml b/docker/jitsi/docker-compose.yml new file mode 100644 index 0000000..0f3adcf --- /dev/null +++ b/docker/jitsi/docker-compose.yml @@ -0,0 +1,13 @@ +version: '2.0' +services: + jitsi-xmpp: + build: ./jitsi-xmpp + ports: + - "5222:5222" + - "5347:5347" + - "5280:5280" + environment: + - JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 + - JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 + - JITSI_SECRET_JICOFO_USER=S3CR3T03 + diff --git a/docker/jitsi/jitsi-xmpp/Dockerfile b/docker/jitsi/jitsi-xmpp/Dockerfile index 03bb8f3..4d71a13 100644 --- a/docker/jitsi/jitsi-xmpp/Dockerfile +++ b/docker/jitsi/jitsi-xmpp/Dockerfile @@ -3,4 +3,7 @@ FROM debian:buster RUN apt-get update && \ apt-get install -y prosody - +COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua +COPY entrypoint.sh /usr/local/bin/entrypoint +ENTRYPOINT ["/usr/local/bin/entrypoint"] +CMD ["/usr/bin/prosody"] diff --git a/docker/jitsi/jitsi-xmpp/entrypoint.sh b/docker/jitsi/jitsi-xmpp/entrypoint.sh index 017a756..e6ab4e5 100755 --- a/docker/jitsi/jitsi-xmpp/entrypoint.sh +++ b/docker/jitsi/jitsi-xmpp/entrypoint.sh @@ -37,10 +37,16 @@ ln -sf \ prosodyctl cert generate jitsi.deuxfleurs.fr prosodyctl cert generate auth.jitsi.deuxfleurs.fr +mkdir -p /usr/local/share/ca-certificates/ ln -sf \ - /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt + /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} -exec "$@" +mkdir /run/prosody +touch /run/prosody/prosody.pid +chown -R prosody:prosody /run/prosody + +cd /var/lib/prosody +su - prosody -s /bin/bash -c "$@" diff --git a/docker/jitsi/jitsi-xmpp/external_components.cfg.lua b/docker/jitsi/jitsi-xmpp/external_components.cfg.lua new file mode 100644 index 0000000..beaaa87 --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/external_components.cfg.lua @@ -0,0 +1,2 @@ +component_ports = { 5347 } +component_interface = "0.0.0.0" From e24522d8285878240ee0d873616bc177313aa7ba Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 22 Mar 2020 16:05:42 +0100 Subject: [PATCH 4/9] Jitsi front seems ok --- docker/jitsi/README.md | 2 +- docker/jitsi/docker-compose.yml | 7 + docker/jitsi/jitsi-front/Dockerfile | 20 + docker/jitsi/jitsi-front/config.js | 517 +++++++++++++++++++++++++ docker/jitsi/jitsi-front/entrypoint.sh | 36 ++ 5 files changed, 581 insertions(+), 1 deletion(-) create mode 100644 docker/jitsi/jitsi-front/config.js create mode 100755 docker/jitsi/jitsi-front/entrypoint.sh diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md index 738a63d..8ca8ec5 100644 --- a/docker/jitsi/README.md +++ b/docker/jitsi/README.md @@ -9,5 +9,5 @@ docker-compose build To run stack: ``` -docker-compose up +docker-compose up --force-recreate ``` diff --git a/docker/jitsi/docker-compose.yml b/docker/jitsi/docker-compose.yml index 0f3adcf..2cc7e62 100644 --- a/docker/jitsi/docker-compose.yml +++ b/docker/jitsi/docker-compose.yml @@ -10,4 +10,11 @@ services: - JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 - JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 - JITSI_SECRET_JICOFO_USER=S3CR3T03 + jitsi-front: + build: ./jitsi-front + ports: + - "80:80" + environment: + - JITSI_PROSODY_BOSH_PORT=5280 + - JITSI_PROSODY_BOSH_HOST=172.17.0.1 diff --git a/docker/jitsi/jitsi-front/Dockerfile b/docker/jitsi/jitsi-front/Dockerfile index e69de29..239372e 100644 --- a/docker/jitsi/jitsi-front/Dockerfile +++ b/docker/jitsi/jitsi-front/Dockerfile @@ -0,0 +1,20 @@ +FROM debian:buster AS builder + +RUN apt-get update && \ + apt-get install -y npm git nodejs make && \ + git clone --depth=1 https://github.com/jitsi/jitsi-meet.git && \ + cd jitsi-meet && \ + npm install && \ + make + +FROM debian:buster + +COPY --from=builder /jitsi-meet /srv/jitsi-meet +RUN apt-get update && \ + apt-get install -y nginx && \ + rm /etc/nginx/sites-enabled/* + +COPY config.js /srv/jitsi-meet/config.js +COPY entrypoint.sh /usr/local/bin/entrypoint +ENTRYPOINT ["/usr/local/bin/entrypoint"] +CMD ["/usr/sbin/nginx", "-g", "daemon off;"] diff --git a/docker/jitsi/jitsi-front/config.js b/docker/jitsi/jitsi-front/config.js new file mode 100644 index 0000000..34f0662 --- /dev/null +++ b/docker/jitsi/jitsi-front/config.js @@ -0,0 +1,517 @@ +/* eslint-disable no-unused-vars, no-var */ + +var config = { + // Connection + // + + hosts: { + // XMPP domain. + domain: 'jitsi.deuxfleurs.fr', + + // When using authentication, domain for guest users. + // anonymousdomain: 'guest.example.com', + + // Domain for authenticated users. Defaults to . + // authdomain: 'jitsi-meet.example.com', + + // Jirecon recording component domain. + // jirecon: 'jirecon.jitsi-meet.example.com', + + // Call control component (Jigasi). + // call_control: 'callcontrol.jitsi-meet.example.com', + + // Focus component domain. Defaults to focus.. + // focus: 'focus.jitsi-meet.example.com', + + // XMPP MUC domain. FIXME: use XEP-0030 to discover it. + muc: 'conference.jitsi.deuxfleurs.fr' + }, + + // BOSH URL. FIXME: use XEP-0156 to discover it. + bosh: '//jitsi.deuxfleurs.fr/http-bind', + + // Websocket URL + // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', + + // The name of client node advertised in XEP-0115 'c' stanza + clientNode: 'http://jitsi.org/jitsimeet', + + // The real JID of focus participant - can be overridden here + // focusUserJid: 'focus@auth.jitsi-meet.example.com', + + + // Testing / experimental features. + // + + testing: { + // Enables experimental simulcast support on Firefox. + enableFirefoxSimulcast: false, + + // P2P test mode disables automatic switching to P2P when there are 2 + // participants in the conference. + p2pTestMode: false + + // Enables the test specific features consumed by jitsi-meet-torture + // testMode: false + + // Disables the auto-play behavior of *all* newly created video element. + // This is useful when the client runs on a host with limited resources. + // noAutoPlayVideo: false + }, + + // Disables ICE/UDP by filtering out local and remote UDP candidates in + // signalling. + // webrtcIceUdpDisable: false, + + // Disables ICE/TCP by filtering out local and remote TCP candidates in + // signalling. + // webrtcIceTcpDisable: false, + + + // Media + // + + // Audio + + // Disable measuring of audio levels. + // disableAudioLevels: false, + // audioLevelsInterval: 200, + + // Enabling this will run the lib-jitsi-meet no audio detection module which + // will notify the user if the current selected microphone has no audio + // input and will suggest another valid device if one is present. + enableNoAudioDetection: true, + + // Enabling this will run the lib-jitsi-meet noise detection module which will + // notify the user if there is noise, other than voice, coming from the current + // selected microphone. The purpose it to let the user know that the input could + // be potentially unpleasant for other meeting participants. + enableNoisyMicDetection: true, + + // Start the conference in audio only mode (no video is being received nor + // sent). + // startAudioOnly: false, + + // Every participant after the Nth will start audio muted. + // startAudioMuted: 10, + + // Start calls with audio muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithAudioMuted: false, + + // Enabling it (with #params) will disable local audio output of remote + // participants and to enable it back a reload is needed. + // startSilent: false + + // Video + + // Sets the preferred resolution (height) for local video. Defaults to 720. + // resolution: 720, + + // w3c spec-compliant video constraints to use for video capture. Currently + // used by browsers that return true from lib-jitsi-meet's + // util#browser#usesNewGumFlow. The constraints are independency from + // this config's resolution value. Defaults to requesting an ideal aspect + // ratio of 16:9 with an ideal resolution of 720. + // constraints: { + // video: { + // aspectRatio: 16 / 9, + // height: { + // ideal: 720, + // max: 720, + // min: 240 + // } + // } + // }, + + // Enable / disable simulcast support. + // disableSimulcast: false, + + // Enable / disable layer suspension. If enabled, endpoints whose HD + // layers are not in use will be suspended (no longer sent) until they + // are requested again. + // enableLayerSuspension: false, + + // Every participant after the Nth will start video muted. + // startVideoMuted: 10, + + // Start calls with video muted. Unlike the option above, this one is only + // applied locally. FIXME: having these 2 options is confusing. + // startWithVideoMuted: false, + + // If set to true, prefer to use the H.264 video codec (if supported). + // Note that it's not recommended to do this because simulcast is not + // supported when using H.264. For 1-to-1 calls this setting is enabled by + // default and can be toggled in the p2p section. + // preferH264: true, + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // Desktop sharing + + // The ID of the jidesha extension for Chrome. + desktopSharingChromeExtId: null, + + // Whether desktop sharing should be disabled on Chrome. + // desktopSharingChromeDisabled: false, + + // The media sources to use when using screen sharing with the Chrome + // extension. + desktopSharingChromeSources: [ 'screen', 'window', 'tab' ], + + // Required version of Chrome extension + desktopSharingChromeMinExtVersion: '0.1', + + // Whether desktop sharing should be disabled on Firefox. + // desktopSharingFirefoxDisabled: false, + + // Optional desktop sharing frame rate options. Default value: min:5, max:5. + // desktopSharingFrameRate: { + // min: 5, + // max: 5 + // }, + + // Try to start calls with screen-sharing instead of camera video. + // startScreenSharing: false, + + // Recording + + // Whether to enable file recording or not. + // fileRecordingsEnabled: false, + // Enable the dropbox integration. + // dropbox: { + // appKey: '' // Specify your app key here. + // // A URL to redirect the user to, after authenticating + // // by default uses: + // // 'https://jitsi-meet.example.com/static/oauth.html' + // redirectURI: + // 'https://jitsi-meet.example.com/subfolder/static/oauth.html' + // }, + // When integrations like dropbox are enabled only that will be shown, + // by enabling fileRecordingsServiceEnabled, we show both the integrations + // and the generic recording service (its configuration and storage type + // depends on jibri configuration) + // fileRecordingsServiceEnabled: false, + // Whether to show the possibility to share file recording with other people + // (e.g. meeting participants), based on the actual implementation + // on the backend. + // fileRecordingsServiceSharingEnabled: false, + + // Whether to enable live streaming or not. + // liveStreamingEnabled: false, + + // Transcription (in interface_config, + // subtitles and buttons can be configured) + // transcribingEnabled: false, + + // Enables automatic turning on captions when recording is started + // autoCaptionOnRecord: false, + + // Misc + + // Default value for the channel "last N" attribute. -1 for unlimited. + channelLastN: -1, + + // Disables or enables RTX (RFC 4588) (defaults to false). + // disableRtx: false, + + // Disables or enables TCC (the default is in Jicofo and set to true) + // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting + // affects congestion control, it practically enables send-side bandwidth + // estimations. + // enableTcc: true, + + // Disables or enables REMB (the default is in Jicofo and set to false) + // (draft-alvestrand-rmcat-remb-03). This setting affects congestion + // control, it practically enables recv-side bandwidth estimations. When + // both TCC and REMB are enabled, TCC takes precedence. When both are + // disabled, then bandwidth estimations are disabled. + // enableRemb: false, + + // Defines the minimum number of participants to start a call (the default + // is set in Jicofo and set to 2). + // minParticipants: 2, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // Enable IPv6 support. + // useIPv6: true, + + // Enables / disables a data communication channel with the Videobridge. + // Values can be 'datachannel', 'websocket', true (treat it as + // 'datachannel'), undefined (treat it as 'datachannel') and false (don't + // open any channel). + // openBridgeChannel: true, + + + // UI + // + + // Use display name as XMPP nickname. + // useNicks: false, + + // Require users to always specify a display name. + // requireDisplayName: true, + + // Whether to use a welcome page or not. In case it's false a random room + // will be joined when no room is specified. + enableWelcomePage: true, + + // Enabling the close page will ignore the welcome page redirection when + // a call is hangup. + // enableClosePage: false, + + // Disable hiding of remote thumbnails when in a 1-on-1 conference call. + // disable1On1Mode: false, + + // Default language for the user interface. + // defaultLanguage: 'en', + + // If true all users without a token will be considered guests and all users + // with token will be considered non-guests. Only guests will be allowed to + // edit their profile. + enableUserRolesBasedOnToken: false, + + // Whether or not some features are checked based on token. + // enableFeaturesBasedOnToken: false, + + // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests. + // lockRoomGuestEnabled: false, + + // When enabled the password used for locking a room is restricted to up to the number of digits specified + // roomPasswordNumberOfDigits: 10, + // default: roomPasswordNumberOfDigits: false, + + // Message to show the users. Example: 'The service will be down for + // maintenance at 01:00 AM GMT, + // noticeMessage: '', + + // Enables calendar integration, depends on googleApiApplicationClientID + // and microsoftApiApplicationClientID + // enableCalendarIntegration: false, + + // Stats + // + + // Whether to enable stats collection or not in the TraceablePeerConnection. + // This can be useful for debugging purposes (post-processing/analysis of + // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth + // estimation tests. + // gatherStats: false, + + // The interval at which PeerConnection.getStats() is called. Defaults to 10000 + // pcStatsInterval: 10000, + + // To enable sending statistics to callstats.io you must provide the + // Application ID and Secret. + // callStatsID: '', + // callStatsSecret: '', + + // enables sending participants display name to callstats + // enableDisplayNameInStats: false + + // enables sending participants email if available to callstats and other analytics + // enableEmailInStats: false + + // Privacy + // + + // If third party requests are disabled, no other server will be contacted. + // This means avatars will be locally generated and callstats integration + // will not function. + // disableThirdPartyRequests: false, + + + // Peer-To-Peer mode: used (if enabled) when there are just 2 participants. + // + + p2p: { + // Enables peer to peer mode. When enabled the system will try to + // establish a direct connection when there are exactly 2 participants + // in the room. If that succeeds the conference will stop sending data + // through the JVB and use the peer to peer connection instead. When a + // 3rd participant joins the conference will be moved back to the JVB + // connection. + enabled: true, + + // Use XEP-0215 to fetch STUN and TURN servers. + // useStunTurn: true, + + // The STUN servers that will be used in the peer to peer connections + stunServers: [ + + // { urls: 'stun:jitsi-meet.example.com:443' }, + { urls: 'stun:stun.l.google.com:19302' }, + { urls: 'stun:stun1.l.google.com:19302' }, + { urls: 'stun:stun2.l.google.com:19302' } + ], + + // Sets the ICE transport policy for the p2p connection. At the time + // of this writing the list of possible values are 'all' and 'relay', + // but that is subject to change in the future. The enum is defined in + // the WebRTC standard: + // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum. + // If not set, the effective value is 'all'. + // iceTransportPolicy: 'all', + + // If set to true, it will prefer to use H.264 for P2P calls (if H.264 + // is supported). + preferH264: true + + // If set to true, disable H.264 video codec by stripping it out of the + // SDP. + // disableH264: false, + + // How long we're going to wait, before going back to P2P after the 3rd + // participant has left the conference (to filter out page reload). + // backToP2PDelay: 5 + }, + + analytics: { + // The Google Analytics Tracking ID: + // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1' + + // The Amplitude APP Key: + // amplitudeAPPKey: '' + + // Array of script URLs to load as lib-jitsi-meet "analytics handlers". + // scriptURLs: [ + // "libs/analytics-ga.min.js", // google-analytics + // "https://example.com/my-custom-analytics.js" + // ], + }, + + // Information about the jitsi-meet instance we are connecting to, including + // the user region as seen by the server. + deploymentInfo: { + // shard: "shard1", + // region: "europe", + // userRegion: "asia" + } + + // Information for the chrome extension banner + // chromeExtensionBanner: { + // // The chrome extension to be installed address + // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb', + + // // Extensions info which allows checking if they are installed or not + // chromeExtensionsInfo: [ + // { + // id: 'kglhbbefdnlheedjiejgomgmfplipfeb', + // path: 'jitsi-logo-48x48.png' + // } + // ] + // } + + // Local Recording + // + + // localRecording: { + // Enables local recording. + // Additionally, 'localrecording' (all lowercase) needs to be added to + // TOOLBAR_BUTTONS in interface_config.js for the Local Recording + // button to show up on the toolbar. + // + // enabled: true, + // + + // The recording format, can be one of 'ogg', 'flac' or 'wav'. + // format: 'flac' + // + + // } + + // Options related to end-to-end (participant to participant) ping. + // e2eping: { + // // The interval in milliseconds at which pings will be sent. + // // Defaults to 10000, set to <= 0 to disable. + // pingInterval: 10000, + // + // // The interval in milliseconds at which analytics events + // // with the measured RTT will be sent. Defaults to 60000, set + // // to <= 0 to disable. + // analyticsInterval: 60000, + // } + + // If set, will attempt to use the provided video input device label when + // triggering a screenshare, instead of proceeding through the normal flow + // for obtaining a desktop stream. + // NOTE: This option is experimental and is currently intended for internal + // use only. + // _desktopSharingSourceDevice: 'sample-id-or-label' + + // If true, any checks to handoff to another application will be prevented + // and instead the app will continue to display in the current browser. + // disableDeepLinking: false + + // A property to disable the right click context menu for localVideo + // the menu has option to flip the locally seen video for local presentations + // disableLocalVideoFlip: false + + // Deployment specific URLs. + // deploymentUrls: { + // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for + // // user documentation. + // userDocumentationURL: 'https://docs.example.com/video-meetings.html', + // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link + // // to the specified URL for an app download page. + // downloadAppsUrl: 'https://docs.example.com/our-apps.html' + // } + + // List of undocumented settings used in jitsi-meet + /** + _immediateReloadThreshold + autoRecord + autoRecordToken + debug + debugAudioLevels + deploymentInfo + dialInConfCodeUrl + dialInNumbersUrl + dialOutAuthUrl + dialOutCodesUrl + disableRemoteControl + displayJids + etherpad_base + externalConnectUrl + firefox_fake_device + googleApiApplicationClientID + iAmRecorder + iAmSipGateway + microsoftApiApplicationClientID + peopleSearchQueryTypes + peopleSearchUrl + requireDisplayName + tokenAuthUrl + */ + + // List of undocumented settings used in lib-jitsi-meet + /** + _peerConnStatusOutOfLastNTimeout + _peerConnStatusRtcMuteTimeout + abTesting + avgRtpStatsN + callStatsConfIDNamespace + callStatsCustomScriptUrl + desktopSharingSources + disableAEC + disableAGC + disableAP + disableHPF + disableNS + enableLipSync + enableTalkWhileMuted + forceJVB121Ratio + hiddenDomain + ignoreStartMuted + nick + startBitrate + */ + +}; + +/* eslint-enable no-unused-vars, no-var */ + diff --git a/docker/jitsi/jitsi-front/entrypoint.sh b/docker/jitsi/jitsi-front/entrypoint.sh new file mode 100755 index 0000000..f3c9971 --- /dev/null +++ b/docker/jitsi/jitsi-front/entrypoint.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +cat > /etc/nginx/sites-available/jitsi < Date: Sun, 22 Mar 2020 18:01:54 +0100 Subject: [PATCH 5/9] Rework jitsi-xmpp to support cert gen --- .gitignore | 1 + docker/jitsi/01_gen_certs.yml | 8 +++++++ docker/jitsi/02_run.yml | 17 ++++++++++++++ docker/jitsi/README.md | 13 ++++++++--- docker/jitsi/dev.env | 7 ++++++ docker/jitsi/docker-compose.yml | 20 ----------------- docker/jitsi/jitsi-certs/.gitignore | 2 ++ .../jitsi/jitsi-conference-focus/Dockerfile | 22 +++++++++++++++++++ docker/jitsi/jitsi-conference-focus/jicofo | 8 +++++++ docker/jitsi/jitsi-videobridge/Dockerfile | 15 +++++++++++++ docker/jitsi/jitsi-xmpp/Dockerfile | 8 ++++--- .../jitsi-xmpp/{entrypoint.sh => xmpp_conf} | 15 ------------- docker/jitsi/jitsi-xmpp/xmpp_gen | 9 ++++++++ docker/jitsi/jitsi-xmpp/xmpp_run | 18 +++++++++++++++ 14 files changed, 122 insertions(+), 41 deletions(-) create mode 100644 docker/jitsi/01_gen_certs.yml create mode 100644 docker/jitsi/02_run.yml create mode 100644 docker/jitsi/dev.env delete mode 100644 docker/jitsi/docker-compose.yml create mode 100644 docker/jitsi/jitsi-certs/.gitignore create mode 100755 docker/jitsi/jitsi-conference-focus/jicofo rename docker/jitsi/jitsi-xmpp/{entrypoint.sh => xmpp_conf} (68%) create mode 100755 docker/jitsi/jitsi-xmpp/xmpp_gen create mode 100755 docker/jitsi/jitsi-xmpp/xmpp_run diff --git a/.gitignore b/.gitignore index 55145d5..189f683 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.retry .git_old/ debug/gladdrinfo +*.swp diff --git a/docker/jitsi/01_gen_certs.yml b/docker/jitsi/01_gen_certs.yml new file mode 100644 index 0000000..8c97384 --- /dev/null +++ b/docker/jitsi/01_gen_certs.yml @@ -0,0 +1,8 @@ +version: '3' +services: + jitsi-xmpp: + build: ./jitsi-xmpp + command: ["/usr/local/bin/xmpp_gen"] + volumes: [ './jitsi-certs/:/certs:rw' ] + env_file: [ 'dev.env' ] + diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml new file mode 100644 index 0000000..f2ec9e9 --- /dev/null +++ b/docker/jitsi/02_run.yml @@ -0,0 +1,17 @@ +version: '3' +services: + jitsi-xmpp: + build: ./jitsi-xmpp + ports: + - "5222:5222" + - "5347:5347" + - "5280:5280" + env_file: [ 'dev.env' ] + jitsi-front: + build: ./jitsi-front + ports: + - "80:80" + env_file: [ 'dev.env' ] + jitsi-conference-focus: + build: ./jitsi-conference-focus + env_file: [ 'dev.env' ] diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md index 8ca8ec5..ea90274 100644 --- a/docker/jitsi/README.md +++ b/docker/jitsi/README.md @@ -3,11 +3,18 @@ This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/maste To build images: ``` -docker-compose build +docker-compose -f 02_run.yml build ``` -To run stack: +To gen the certs: ``` -docker-compose up --force-recreate +docker-compose -f 01_gen_certs.yml up --force-recreate +``` + +To run the stack: + + +``` +docker-compose -f 02_run.yml up --force-recreate ``` diff --git a/docker/jitsi/dev.env b/docker/jitsi/dev.env new file mode 100644 index 0000000..6fe8ed1 --- /dev/null +++ b/docker/jitsi/dev.env @@ -0,0 +1,7 @@ +JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 +JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 +JITSI_SECRET_JICOFO_USER=S3CR3T03 +JITSI_PROSODY_BOSH_PORT=5280 +JITSI_PROSODY_BOSH_HOST=172.17.0.1 +JITSI_PROSODY_HOST=172.17.0.1 +JITSI_CERTS_FOLDER=/certs/ diff --git a/docker/jitsi/docker-compose.yml b/docker/jitsi/docker-compose.yml deleted file mode 100644 index 2cc7e62..0000000 --- a/docker/jitsi/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: '2.0' -services: - jitsi-xmpp: - build: ./jitsi-xmpp - ports: - - "5222:5222" - - "5347:5347" - - "5280:5280" - environment: - - JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 - - JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 - - JITSI_SECRET_JICOFO_USER=S3CR3T03 - jitsi-front: - build: ./jitsi-front - ports: - - "80:80" - environment: - - JITSI_PROSODY_BOSH_PORT=5280 - - JITSI_PROSODY_BOSH_HOST=172.17.0.1 - diff --git a/docker/jitsi/jitsi-certs/.gitignore b/docker/jitsi/jitsi-certs/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/docker/jitsi/jitsi-certs/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/docker/jitsi/jitsi-conference-focus/Dockerfile b/docker/jitsi/jitsi-conference-focus/Dockerfile index e69de29..7933ed9 100644 --- a/docker/jitsi/jitsi-conference-focus/Dockerfile +++ b/docker/jitsi/jitsi-conference-focus/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:buster AS builder + +RUN apt-get update && \ + apt-get install -y openjdk-11-jdk maven git unzip && \ + git clone --depth=1 https://github.com/jitsi/jicofo.git && \ + cd jicofo && \ + mvn package -DskipTests -Dassembly.skipAssembly=false + +RUN cd jicofo && \ + unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \ + mv jicofo-1.1-SNAPSHOT /srv/jicofo + + +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y openjdk-11-jdk + +COPY --from=builder /srv/jicofo /srv/jicofo +COPY jicofo /usr/local/bin/jicofo + +CMD ["/usr/local/bin/jicofo"] diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo new file mode 100755 index 0000000..34b5548 --- /dev/null +++ b/docker/jitsi/jitsi-conference-focus/jicofo @@ -0,0 +1,8 @@ +#!/bin/bash + +/srv/jicofo/jicofo.sh \ + --host=${JITSI_PROSODY_HOST} \ + --domain=jitsi.deuxfleurs.fr \ + --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ + --user_domain=auth.jitsi.deuxfleurs.fr \ + --user_password=${JITSI_SECRET_JICOFO_USER} diff --git a/docker/jitsi/jitsi-videobridge/Dockerfile b/docker/jitsi/jitsi-videobridge/Dockerfile index e69de29..7216b8c 100644 --- a/docker/jitsi/jitsi-videobridge/Dockerfile +++ b/docker/jitsi/jitsi-videobridge/Dockerfile @@ -0,0 +1,15 @@ +FROM debian:buster AS builder + +RUN apt-get update && \ + apt-get install -y wget unzip + +ENV VERSION=1132 +RUN wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-${VERSION}.zip -O jvb.zip && \ + unzip jvb.zip && \ + mv jitsi-videobridge-linux-x64-${VERSION} jvb + +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y + diff --git a/docker/jitsi/jitsi-xmpp/Dockerfile b/docker/jitsi/jitsi-xmpp/Dockerfile index 4d71a13..3733d49 100644 --- a/docker/jitsi/jitsi-xmpp/Dockerfile +++ b/docker/jitsi/jitsi-xmpp/Dockerfile @@ -4,6 +4,8 @@ RUN apt-get update && \ apt-get install -y prosody COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua -COPY entrypoint.sh /usr/local/bin/entrypoint -ENTRYPOINT ["/usr/local/bin/entrypoint"] -CMD ["/usr/bin/prosody"] +COPY xmpp_conf /usr/local/bin/xmpp_conf +COPY xmpp_gen /usr/local/bin/xmpp_gen +COPY xmpp_run /usr/local/bin/xmpp_run + +CMD ["/usr/local/bin/xmpp_run"] diff --git a/docker/jitsi/jitsi-xmpp/entrypoint.sh b/docker/jitsi/jitsi-xmpp/xmpp_conf similarity index 68% rename from docker/jitsi/jitsi-xmpp/entrypoint.sh rename to docker/jitsi/jitsi-xmpp/xmpp_conf index e6ab4e5..c7534ba 100755 --- a/docker/jitsi/jitsi-xmpp/entrypoint.sh +++ b/docker/jitsi/jitsi-xmpp/xmpp_conf @@ -34,19 +34,4 @@ ln -sf \ /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \ /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua -prosodyctl cert generate jitsi.deuxfleurs.fr -prosodyctl cert generate auth.jitsi.deuxfleurs.fr -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ - /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt - -prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} - -mkdir /run/prosody -touch /run/prosody/prosody.pid -chown -R prosody:prosody /run/prosody - -cd /var/lib/prosody -su - prosody -s /bin/bash -c "$@" diff --git a/docker/jitsi/jitsi-xmpp/xmpp_gen b/docker/jitsi/jitsi-xmpp/xmpp_gen new file mode 100755 index 0000000..3a2e04a --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/xmpp_gen @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf + +prosodyctl cert generate jitsi.deuxfleurs.fr +prosodyctl cert generate auth.jitsi.deuxfleurs.fr + +cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER} +cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER} diff --git a/docker/jitsi/jitsi-xmpp/xmpp_run b/docker/jitsi/jitsi-xmpp/xmpp_run new file mode 100755 index 0000000..ca2b7cf --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/xmpp_run @@ -0,0 +1,18 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf +cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ + +mkdir -p /usr/local/share/ca-certificates/ +ln -sf \ + /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ + /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt + +prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} + +mkdir /run/prosody +touch /run/prosody/prosody.pid +chown -R prosody:prosody /run/prosody + +cd /var/lib/prosody +su - prosody -s /bin/bash -c prosody From 51b656e937aa469e8f09a43bd51dbdabdd4eea1f Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 22 Mar 2020 18:14:16 +0100 Subject: [PATCH 6/9] jicofo seems to work --- docker/jitsi/02_run.yml | 2 ++ docker/jitsi/jitsi-conference-focus/Dockerfile | 2 +- docker/jitsi/jitsi-conference-focus/jicofo | 3 +++ docker/jitsi/jitsi-xmpp/xmpp_run | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml index f2ec9e9..ccf1878 100644 --- a/docker/jitsi/02_run.yml +++ b/docker/jitsi/02_run.yml @@ -7,6 +7,7 @@ services: - "5347:5347" - "5280:5280" env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] jitsi-front: build: ./jitsi-front ports: @@ -15,3 +16,4 @@ services: jitsi-conference-focus: build: ./jitsi-conference-focus env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] diff --git a/docker/jitsi/jitsi-conference-focus/Dockerfile b/docker/jitsi/jitsi-conference-focus/Dockerfile index 7933ed9..190010e 100644 --- a/docker/jitsi/jitsi-conference-focus/Dockerfile +++ b/docker/jitsi/jitsi-conference-focus/Dockerfile @@ -14,7 +14,7 @@ RUN cd jicofo && \ FROM debian:buster RUN apt-get update && \ - apt-get install -y openjdk-11-jdk + apt-get install -y openjdk-11-jdk ca-certificates COPY --from=builder /srv/jicofo /srv/jicofo COPY jicofo /usr/local/bin/jicofo diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo index 34b5548..30fc870 100755 --- a/docker/jitsi/jitsi-conference-focus/jicofo +++ b/docker/jitsi/jitsi-conference-focus/jicofo @@ -1,5 +1,8 @@ #!/bin/bash +cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt +update-ca-certificates -f + /srv/jicofo/jicofo.sh \ --host=${JITSI_PROSODY_HOST} \ --domain=jitsi.deuxfleurs.fr \ diff --git a/docker/jitsi/jitsi-xmpp/xmpp_run b/docker/jitsi/jitsi-xmpp/xmpp_run index ca2b7cf..8dfdf86 100755 --- a/docker/jitsi/jitsi-xmpp/xmpp_run +++ b/docker/jitsi/jitsi-xmpp/xmpp_run @@ -2,6 +2,7 @@ /usr/local/bin/xmpp_conf cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ +chown -R prosody:prosody /var/lib/prosody mkdir -p /usr/local/share/ca-certificates/ ln -sf \ From ceb8a8b930f5cacf572a2ac8382e199b86dd8da8 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 22 Mar 2020 18:21:32 +0100 Subject: [PATCH 7/9] Migrate to HTTPS to test in browser --- docker/jitsi/02_run.yml | 3 ++- docker/jitsi/jitsi-front/entrypoint.sh | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml index ccf1878..62c468d 100644 --- a/docker/jitsi/02_run.yml +++ b/docker/jitsi/02_run.yml @@ -11,8 +11,9 @@ services: jitsi-front: build: ./jitsi-front ports: - - "80:80" + - "443:443" env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] jitsi-conference-focus: build: ./jitsi-conference-focus env_file: [ 'dev.env' ] diff --git a/docker/jitsi/jitsi-front/entrypoint.sh b/docker/jitsi/jitsi-front/entrypoint.sh index f3c9971..1e18bd1 100755 --- a/docker/jitsi/jitsi-front/entrypoint.sh +++ b/docker/jitsi/jitsi-front/entrypoint.sh @@ -4,9 +4,11 @@ cat > /etc/nginx/sites-available/jitsi < Date: Sun, 22 Mar 2020 19:47:10 +0100 Subject: [PATCH 8/9] WIP videobridge --- docker/jitsi/02_run.yml | 8 ++++++++ docker/jitsi/dev.env | 2 ++ docker/jitsi/jitsi-conference-focus/jicofo | 4 ++++ docker/jitsi/jitsi-videobridge/Dockerfile | 8 +++++++- docker/jitsi/jitsi-videobridge/jvb_run | 22 ++++++++++++++++++++++ docker/jitsi/jitsi-xmpp/xmpp_conf | 4 ++++ 6 files changed, 47 insertions(+), 1 deletion(-) create mode 100755 docker/jitsi/jitsi-videobridge/jvb_run diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml index 62c468d..297682c 100644 --- a/docker/jitsi/02_run.yml +++ b/docker/jitsi/02_run.yml @@ -18,3 +18,11 @@ services: build: ./jitsi-conference-focus env_file: [ 'dev.env' ] volumes: [ './jitsi-certs/:/certs:ro' ] + jitsi-videobridge: + build: ./jitsi-videobridge + ports: + - "4443:4443" + - "10000:10000/udp" + env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] + diff --git a/docker/jitsi/dev.env b/docker/jitsi/dev.env index 6fe8ed1..cebe2a7 100644 --- a/docker/jitsi/dev.env +++ b/docker/jitsi/dev.env @@ -5,3 +5,5 @@ JITSI_PROSODY_BOSH_PORT=5280 JITSI_PROSODY_BOSH_HOST=172.17.0.1 JITSI_PROSODY_HOST=172.17.0.1 JITSI_CERTS_FOLDER=/certs/ +JITSI_NAT_PUBLIC_IP=77.204.7.239 +JITSI_NAT_LOCAL_IP=192.168.0.18 diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo index 30fc870..88ea76c 100755 --- a/docker/jitsi/jitsi-conference-focus/jicofo +++ b/docker/jitsi/jitsi-conference-focus/jicofo @@ -3,6 +3,10 @@ cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt update-ca-certificates -f +cat >> /etc/hosts <> /etc/hosts < ~/.sip-communicator/sip-communicator.properties <> /etc/hosts < /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua < Date: Fri, 27 Mar 2020 09:02:49 +0100 Subject: [PATCH 9/9] Add tags and hostname --- docker/jitsi/02_run.yml | 8 ++++++++ docker/jitsi/README.md | 6 ++++++ docker/jitsi/dev.env | 4 ++-- docker/jitsi/jitsi-conference-focus/jicofo | 1 + docker/jitsi/jitsi-videobridge/jvb_run | 1 + docker/jitsi/jitsi-xmpp/xmpp_conf | 1 + 6 files changed, 19 insertions(+), 2 deletions(-) diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml index 297682c..af615a9 100644 --- a/docker/jitsi/02_run.yml +++ b/docker/jitsi/02_run.yml @@ -2,6 +2,8 @@ version: '3' services: jitsi-xmpp: build: ./jitsi-xmpp + image: superboum/amd64_jitsi_xmpp:v1 + network_mode: host ports: - "5222:5222" - "5347:5347" @@ -10,16 +12,22 @@ services: volumes: [ './jitsi-certs/:/certs:ro' ] jitsi-front: build: ./jitsi-front + image: superboum/amd64_jitsi_front:v1 + network_mode: host ports: - "443:443" env_file: [ 'dev.env' ] volumes: [ './jitsi-certs/:/certs:ro' ] jitsi-conference-focus: build: ./jitsi-conference-focus + image: superboum/amd64_jitsi_conference_focus:v1 + network_mode: host env_file: [ 'dev.env' ] volumes: [ './jitsi-certs/:/certs:ro' ] jitsi-videobridge: build: ./jitsi-videobridge + image: superboum/amd64_jitsi_videobridge:v1 + network_mode: host ports: - "4443:4443" - "10000:10000/udp" diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md index ea90274..70b59fc 100644 --- a/docker/jitsi/README.md +++ b/docker/jitsi/README.md @@ -18,3 +18,9 @@ To run the stack: ``` docker-compose -f 02_run.yml up --force-recreate ``` + +To push the stack on the docker registry: + +``` +docker-compose -f 02_run.yml push +``` diff --git a/docker/jitsi/dev.env b/docker/jitsi/dev.env index cebe2a7..722ca1d 100644 --- a/docker/jitsi/dev.env +++ b/docker/jitsi/dev.env @@ -2,8 +2,8 @@ JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 JITSI_SECRET_JICOFO_USER=S3CR3T03 JITSI_PROSODY_BOSH_PORT=5280 -JITSI_PROSODY_BOSH_HOST=172.17.0.1 -JITSI_PROSODY_HOST=172.17.0.1 +JITSI_PROSODY_BOSH_HOST=127.0.0.1 +JITSI_PROSODY_HOST=127.0.0.1 JITSI_CERTS_FOLDER=/certs/ JITSI_NAT_PUBLIC_IP=77.204.7.239 JITSI_NAT_LOCAL_IP=192.168.0.18 diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo index 88ea76c..2bc6e3f 100755 --- a/docker/jitsi/jitsi-conference-focus/jicofo +++ b/docker/jitsi/jitsi-conference-focus/jicofo @@ -5,6 +5,7 @@ update-ca-certificates -f cat >> /etc/hosts <> /etc/hosts <> /etc/hosts <