Migrate jitsi

This commit is contained in:
Quentin 2020-12-23 15:55:17 +01:00
parent 9117616f02
commit 80dc6ec803
8 changed files with 76 additions and 82 deletions

View file

@ -49,7 +49,7 @@ services:
# https://github.com/jitsi/jitsi-meet # https://github.com/jitsi/jitsi-meet
PREFIXV: stable/jitsi-meet_ PREFIXV: stable/jitsi-meet_
VERSION: 4966 VERSION: 4966
image: superboum/amd64_jitsi_meet:v1 image: superboum/amd64_jitsi_meet:v2
jitsi-conference-focus: jitsi-conference-focus:
build: build:
@ -73,8 +73,8 @@ services:
build: build:
context: ./jitsi-xmpp context: ./jitsi-xmpp
args: args:
VERSION: fake-1 VERSION: 0.11.2-1
image: superboum/amd64_jitsi_xmpp:v4 image: superboum/amd64_jitsi_xmpp:v8
plume: plume:
build: build:

View file

@ -4,8 +4,8 @@ cat > /etc/nginx/sites-available/jitsi <<EOF
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
server { server {
listen 0.0.0.0:443 ssl http2 default_server; listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server;
listen [::]:443 ssl http2 default_server; listen [::]:${NGINX_PORT} ssl http2 default_server;
server_name _; server_name _;
ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt; ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key; ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;

View file

@ -1,7 +1,9 @@
FROM debian:buster FROM debian:buster
ARG VERSION
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y prosody apt-get install -y prosody=${VERSION}
COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
COPY xmpp_conf /usr/local/bin/xmpp_conf COPY xmpp_conf /usr/local/bin/xmpp_conf

View file

@ -7,6 +7,8 @@ EOF
mkdir -p /etc/prosody/conf.{d,avail}/ mkdir -p /etc/prosody/conf.{d,avail}/
cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
VirtualHost "jitsi.deuxfleurs.fr" VirtualHost "jitsi.deuxfleurs.fr"
authentication = "anonymous" authentication = "anonymous"
ssl = { ssl = {

View file

@ -0,0 +1,10 @@
JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }}
JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }}
JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }}
JITSI_PROSODY_BOSH_HOST=127.0.0.1
JITSI_PROSODY_HOST=127.0.0.1
JITSI_CERTS_FOLDER=/secrets/certs/
JITSI_NAT_PUBLIC_IP=82.253.205.190
JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
NGINX_PORT={{ env "NOMAD_PORT_https_port" }}

View file

@ -1,7 +0,0 @@
#!/bin/bash
find {configuration,secrets}/$1 -type f \
| grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \
| while read filename; do
consul kv put "${filename}" "@${filename}"
done

View file

@ -1,9 +0,0 @@
JITSI_SECRET_VIDEOBRIDGE=redacted
JITSI_SECRET_JICOFO_COMPONENT=redacted
JITSI_SECRET_JICOFO_USER=redacted
JITSI_PROSODY_BOSH_PORT=5280
JITSI_PROSODY_BOSH_HOST=127.0.0.1
JITSI_PROSODY_HOST=127.0.0.1
JITSI_CERTS_FOLDER=/secrets/certs/
JITSI_NAT_PUBLIC_IP=redacted
JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}

View file

@ -8,39 +8,50 @@ job "jitsi" {
} }
group "core" { group "core" {
network {
port "bosh_port" { }
port "ext_port" { static = 5347 }
port "xmpp_port" { static = 5222 }
port "https_port" { }
port "video1_port" { static = 8080 }
port "video2_port" { static = 10000 }
}
task "xmpp" { task "xmpp" {
driver = "docker" driver = "docker"
config { config {
image = "superboum/amd64_jitsi_xmpp:v4" image = "superboum/amd64_jitsi_xmpp:v8"
ports = [ "bosh_port", "ext_port", "xmpp_port" ]
network_mode = "host" network_mode = "host"
} }
template {
data = file("../config/configuration/jitsi/global_env.tpl")
destination = "secrets/global_env"
env = true
}
# --- secrets ---
template { template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
} }
template { template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
} }
template { template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
} }
template { template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key" destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources { resources {
cpu = 300 cpu = 300
@ -49,13 +60,12 @@ job "jitsi" {
service { service {
tags = [ "jitsi", "bosh" ] tags = [ "jitsi", "bosh" ]
port = 5280 port = "bosh_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-xmpp-bosh" name = "jitsi-xmpp-bosh"
check { check {
type = "tcp" type = "tcp"
address_mode = "driver" port = "bosh_port"
port = 5280
interval = "60s" interval = "60s"
timeout = "5s" timeout = "5s"
check_restart { check_restart {
@ -68,15 +78,15 @@ job "jitsi" {
service { service {
tags = [ "jitsi", "ext" ] tags = [ "jitsi", "ext" ]
port = 5347 port = "ext_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-ext" name = "jitsi-ext"
} }
service { service {
tags = [ "jitsi", "xmpp" ] tags = [ "jitsi", "xmpp" ]
port = 5222 port = "xmpp_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-xmpp" name = "jitsi-xmpp"
} }
} }
@ -84,10 +94,18 @@ job "jitsi" {
task "front" { task "front" {
driver = "docker" driver = "docker"
config { config {
image = "superboum/amd64_jitsi_meet:v1" image = "superboum/amd64_jitsi_meet:v2"
network_mode = "host" network_mode = "host"
ports = [ "https_port" ]
} }
template {
data = file("../config/configuration/jitsi/global_env.tpl")
destination = "secrets/global_env"
env = true
}
# --- secrets ---
template { template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
@ -96,16 +114,6 @@ job "jitsi" {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.key" destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources { resources {
cpu = 300 cpu = 300
@ -120,13 +128,12 @@ job "jitsi" {
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
"traefik.protocol=https" "traefik.protocol=https"
] ]
port = 443 port = "https_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-front-https" name = "jitsi-front-https"
check { check {
type = "tcp" type = "tcp"
port = 443 port = "https_port"
address_mode = "driver"
interval = "60s" interval = "60s"
timeout = "5s" timeout = "5s"
check_restart { check_restart {
@ -145,24 +152,22 @@ job "jitsi" {
network_mode = "host" network_mode = "host"
} }
template {
data = file("../config/configuration/jitsi/global_env.tpl")
destination = "secrets/global_env"
env = true
}
#--- secrets ---
template { template {
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
} }
template { template {
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template {
source = "secrets/global_env.tpl"
destination = "secrets/global_env"
env = true
}
resources { resources {
cpu = 300 cpu = 300
@ -175,7 +180,7 @@ job "jitsi" {
config { config {
image = "superboum/amd64_jitsi_videobridge:v15" image = "superboum/amd64_jitsi_videobridge:v15"
network_mode = "host" network_mode = "host"
port_map { video1_port = 8080 } # this is a hack, check secrets/jitsi/global_env to understand why ports = [ "video1_port", "video2_port" ]
ulimit { ulimit {
nofile = "1048576:1048576" nofile = "1048576:1048576"
nproc = "65536:65536" nproc = "65536:65536"
@ -188,13 +193,8 @@ job "jitsi" {
VIDEOBRIDGE_MAX_MEMORY = "1450m" VIDEOBRIDGE_MAX_MEMORY = "1450m"
} }
artifact {
source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw"
destination = "secrets/global_env.tpl"
mode = "file"
}
template { template {
source = "secrets/global_env.tpl" data = file("../config/configuration/jitsi/global_env.tpl")
destination = "secrets/global_env" destination = "secrets/global_env"
env = true env = true
} }
@ -202,20 +202,16 @@ job "jitsi" {
resources { resources {
cpu = 900 cpu = 900
memory = 1500 memory = 1500
network {
port "video1_port" { static = "8080" } # this is a hack
}
} }
service { service {
tags = [ "jitsi", "(diplonat (tcp_port 8080))" ] tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
port = 8080 port = "video1_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-videobridge-video1" name = "jitsi-videobridge-video1"
check { check {
type = "tcp" type = "tcp"
port = 8080 port = "video1_port"
address_mode = "driver"
interval = "60s" interval = "60s"
timeout = "5s" timeout = "5s"
check_restart { check_restart {
@ -228,8 +224,8 @@ job "jitsi" {
service { service {
tags = [ "jitsi", "(diplonat (udp_port 10000))" ] tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
port = 10000 port = "video2_port"
address_mode = "driver" address_mode = "host"
name = "jitsi-videobridge-video2" name = "jitsi-videobridge-video2"
} }
} }