forked from Deuxfleurs/infrastructure
Compare commits
80 commits
master
...
hammerhead
Author | SHA1 | Date | |
---|---|---|---|
c9e3f01b34 | |||
|
9acdec272b | ||
|
6aa3369341 | ||
|
1beced4c65 | ||
|
213e42f4ad | ||
|
66818430bb | ||
|
8c565aac6f | ||
|
7275c5b156 | ||
|
560e1f1d90 | ||
|
fab59e7a7a | ||
|
efd6069af4 | ||
1f15d29eab | |||
6754cfef81 | |||
3df53eaa94 | |||
51b5295ba8 | |||
925639b678 | |||
68575d2654 | |||
338a8ec7da | |||
3135c38505 | |||
87303033d1 | |||
9dfff86cd2 | |||
b851ca0c95 | |||
fae36c7ef6 | |||
4ecda8cc8d | |||
2ef1a9df5d | |||
1df83c6064 | |||
0b4c61dfe1 | |||
e979434970 | |||
474c4575f4 | |||
5126868e30 | |||
4ad6376aa8 | |||
e197429531 | |||
|
d67a6c363a | ||
573a86b87c | |||
c586633613 | |||
e806e24fea | |||
a84f4c8f87 | |||
b42e42faaa | |||
d6bdfbed5f | |||
255e3fd2d7 | |||
eb3f64df41 | |||
35ddbd9f20 | |||
4f296808e8 | |||
4d7470b2fd | |||
b608567648 | |||
a69efd9b31 | |||
96f2978a7f | |||
224c0a23a3 | |||
c0d86cb0a1 | |||
d1a4ed0f79 | |||
27963ca089 | |||
1c5b1f2e5b | |||
fada3f6ed1 | |||
987cefeba0 | |||
71971143c4 | |||
89133ddbea | |||
59623243c8 | |||
2958fbae1b | |||
c2d3c543b9 | |||
9c2232cebc | |||
9c060b3c28 | |||
b6b812c011 | |||
5fb05f0b7e | |||
5babe6fad1 | |||
34c5544ef5 | |||
847540f7b7 | |||
9337129336 | |||
088c9df20c | |||
0a87d26e47 | |||
cb69a1123c | |||
c2960f75b7 | |||
56cf9c1e55 | |||
a3f62d1f30 | |||
09e1e641a7 | |||
9ea066d6df | |||
59ca97e2a9 | |||
83d8668a59 | |||
952d7c0510 | |||
7bdea77811 | |||
cee95ad061 |
86 changed files with 4059 additions and 939 deletions
22
app/backup/build/backup-matrix/Dockerfile
Normal file
22
app/backup/build/backup-matrix/Dockerfile
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
FROM golang:buster as builder
|
||||||
|
|
||||||
|
WORKDIR /root
|
||||||
|
RUN git clone https://filippo.io/age && cd age/cmd/age && go build -o age .
|
||||||
|
|
||||||
|
FROM amd64/debian:buster
|
||||||
|
|
||||||
|
COPY --from=builder /root/age/cmd/age/age /usr/local/bin/age
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get -qq -y full-upgrade && \
|
||||||
|
apt-get install -y rsync wget openssh-client postgresql-client && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -f /var/lib/apt/lists/*_*
|
||||||
|
|
||||||
|
RUN mkdir -p /root/.ssh
|
||||||
|
WORKDIR /root
|
||||||
|
|
||||||
|
COPY do_backup.sh /root/do_backup.sh
|
||||||
|
|
||||||
|
CMD "/root/do_backup.sh"
|
||||||
|
|
40
app/backup/build/backup-matrix/do_backup.sh
Executable file
40
app/backup/build/backup-matrix/do_backup.sh
Executable file
|
@ -0,0 +1,40 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -x -e
|
||||||
|
|
||||||
|
cd /root
|
||||||
|
|
||||||
|
chmod 0600 .ssh/id_ed25519
|
||||||
|
|
||||||
|
cat > .ssh/config <<EOF
|
||||||
|
Host backuphost
|
||||||
|
HostName $TARGET_SSH_HOST
|
||||||
|
Port $TARGET_SSH_PORT
|
||||||
|
User $TARGET_SSH_USER
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "export sql"
|
||||||
|
export PGPASSWORD=$REPL_PSQL_PWD
|
||||||
|
pg_basebackup \
|
||||||
|
--pgdata=- \
|
||||||
|
--format=tar \
|
||||||
|
--max-rate=1M \
|
||||||
|
--no-slot \
|
||||||
|
--wal-method=none \
|
||||||
|
--gzip \
|
||||||
|
--compress=8 \
|
||||||
|
--checkpoint=spread \
|
||||||
|
--progress \
|
||||||
|
--verbose \
|
||||||
|
--status-interval=10 \
|
||||||
|
--username=$REPL_PSQL_USER \
|
||||||
|
--port=5432 \
|
||||||
|
--host=psql-proxy.service.2.cluster.deuxfleurs.fr | \
|
||||||
|
age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
|
||||||
|
ssh backuphost "cat > $TARGET_SSH_DIR/matrix/db-$(date --iso-8601=minute).gz.age"
|
||||||
|
|
||||||
|
MATRIX_MEDIA="/mnt/glusterfs/chat/matrix/synapse/media"
|
||||||
|
echo "export local_content"
|
||||||
|
tar -vzcf - ${MATRIX_MEDIA} | \
|
||||||
|
age -r "$(cat /root/.ssh/id_ed25519.pub)" | \
|
||||||
|
ssh backuphost "cat > $TARGET_SSH_DIR/matrix/media-$(date --iso-8601=minute).gz.age"
|
62
app/backup/deploy/backup-matrix.hcl
Normal file
62
app/backup/deploy/backup-matrix.hcl
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
job "backup_manual_matrix" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
|
||||||
|
type = "batch"
|
||||||
|
|
||||||
|
task "backup-matrix" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "superboum/backup_matrix:4"
|
||||||
|
volumes = [
|
||||||
|
"secrets/id_ed25519:/root/.ssh/id_ed25519",
|
||||||
|
"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
|
||||||
|
"secrets/known_hosts:/root/.ssh/known_hosts",
|
||||||
|
"/mnt/glusterfs/chat/matrix/synapse/media:/mnt/glusterfs/chat/matrix/synapse/media"
|
||||||
|
]
|
||||||
|
network_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
|
||||||
|
TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
|
||||||
|
TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
|
||||||
|
TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
|
||||||
|
REPL_PSQL_USER={{ key "secrets/postgres/keeper/pg_repl_username" }}
|
||||||
|
REPL_PSQL_PWD={{ key "secrets/postgres/keeper/pg_repl_pwd" }}
|
||||||
|
EOH
|
||||||
|
|
||||||
|
destination = "secrets/env_vars"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/backup/id_ed25519\" }}"
|
||||||
|
destination = "secrets/id_ed25519"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
|
||||||
|
destination = "secrets/id_ed25519.pub"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
|
||||||
|
destination = "secrets/known_hosts"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 200
|
||||||
|
}
|
||||||
|
|
||||||
|
restart {
|
||||||
|
attempts = 2
|
||||||
|
interval = "30m"
|
||||||
|
delay = "15s"
|
||||||
|
mode = "fail"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -18,7 +18,7 @@
|
||||||
],
|
],
|
||||||
|
|
||||||
"web_address": "https://guichet.deuxfleurs.fr",
|
"web_address": "https://guichet.deuxfleurs.fr",
|
||||||
"mail_from": "coucou@deuxfleurs.fr",
|
"mail_from": "deuxfleurs-bienvenue@adnab.me",
|
||||||
"smtp_server": "adnab.me:25",
|
"smtp_server": "adnab.me:25",
|
||||||
"smtp_username": "{{ key "secrets/directory/guichet/smtp_user" | trimSpace }}",
|
"smtp_username": "{{ key "secrets/directory/guichet/smtp_user" | trimSpace }}",
|
||||||
"smtp_password": "{{ key "secrets/directory/guichet/smtp_pass" | trimSpace }}",
|
"smtp_password": "{{ key "secrets/directory/guichet/smtp_pass" | trimSpace }}",
|
||||||
|
|
|
@ -21,7 +21,7 @@ job "directory" {
|
||||||
task "bottin" {
|
task "bottin" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "lxpz/bottin_amd64:20"
|
image = "lxpz/bottin_amd64:21"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "ldap_port" ]
|
ports = [ "ldap_port" ]
|
||||||
|
|
|
@ -14,16 +14,16 @@ services:
|
||||||
context: ./im/build/riotweb
|
context: ./im/build/riotweb
|
||||||
args:
|
args:
|
||||||
# https://github.com/vector-im/riot-web/releases
|
# https://github.com/vector-im/riot-web/releases
|
||||||
VERSION: 1.7.18
|
VERSION: 1.7.24
|
||||||
image: particallydone/amd64_riotweb:v20
|
image: superboum/amd64_riotweb:v22
|
||||||
|
|
||||||
synapse:
|
synapse:
|
||||||
build:
|
build:
|
||||||
context: ./im/build/matrix-synapse
|
context: ./im/build/matrix-synapse
|
||||||
args:
|
args:
|
||||||
# https://github.com/matrix-org/synapse/releases
|
# https://github.com/matrix-org/synapse/releases
|
||||||
VERSION: 1.26.0
|
VERSION: 1.31.0
|
||||||
image: particallydone/amd64_synapse:v41
|
image: superboum/amd64_synapse:v43
|
||||||
|
|
||||||
# Email
|
# Email
|
||||||
sogo:
|
sogo:
|
||||||
|
@ -38,7 +38,7 @@ services:
|
||||||
build:
|
build:
|
||||||
context: ./email/build/alps
|
context: ./email/build/alps
|
||||||
args:
|
args:
|
||||||
VERSION: 5cef0aaff2b8b6ee3e00b566123517e241d8cfb8
|
VERSION: 9bafa64b9d
|
||||||
image: superboum/amd64_alps:v1
|
image: superboum/amd64_alps:v1
|
||||||
|
|
||||||
# VoIP
|
# VoIP
|
||||||
|
@ -47,8 +47,7 @@ services:
|
||||||
context: ./jitsi/build/jitsi-meet
|
context: ./jitsi/build/jitsi-meet
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jitsi-meet
|
# https://github.com/jitsi/jitsi-meet
|
||||||
PREFIXV: stable/jitsi-meet_
|
MEET_TAG: jitsi-meet_5463
|
||||||
VERSION: 5463
|
|
||||||
image: superboum/amd64_jitsi_meet:v4
|
image: superboum/amd64_jitsi_meet:v4
|
||||||
|
|
||||||
jitsi-conference-focus:
|
jitsi-conference-focus:
|
||||||
|
@ -56,8 +55,7 @@ services:
|
||||||
context: ./jitsi/build/jitsi-conference-focus
|
context: ./jitsi/build/jitsi-conference-focus
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jicofo
|
# https://github.com/jitsi/jicofo
|
||||||
PREFIXV: jitsi-meet_
|
JICOFO_TAG: jitsi-meet_5463
|
||||||
VERSION: 5463
|
|
||||||
image: superboum/amd64_jitsi_conference_focus:v7
|
image: superboum/amd64_jitsi_conference_focus:v7
|
||||||
|
|
||||||
jitsi-videobridge:
|
jitsi-videobridge:
|
||||||
|
@ -65,16 +63,15 @@ services:
|
||||||
context: ./jitsi/build/jitsi-videobridge
|
context: ./jitsi/build/jitsi-videobridge
|
||||||
args:
|
args:
|
||||||
# https://github.com/jitsi/jitsi-videobridge
|
# https://github.com/jitsi/jitsi-videobridge
|
||||||
PREFIXV: jitsi-meet_
|
# note: JVB is not tagged with non-stable tags
|
||||||
VERSION: 5463
|
JVB_TAG: stable/jitsi-meet_5390
|
||||||
image: superboum/amd64_jitsi_videobridge:v17
|
image: superboum/amd64_jitsi_videobridge:v17
|
||||||
|
|
||||||
jitsi-xmpp:
|
jitsi-xmpp:
|
||||||
build:
|
build:
|
||||||
context: ./jitsi/build/jitsi-xmpp
|
context: ./jitsi/build/jitsi-xmpp
|
||||||
args:
|
args:
|
||||||
PREFIXV: jitsi-meet_
|
MEET_TAG: jitsi-meet_5463
|
||||||
MEET_VERSION: 5463
|
|
||||||
PROSODY_VERSION: 0.11.7-1~buster4
|
PROSODY_VERSION: 0.11.7-1~buster4
|
||||||
image: superboum/amd64_jitsi_xmpp:v9
|
image: superboum/amd64_jitsi_xmpp:v9
|
||||||
|
|
||||||
|
@ -82,8 +79,8 @@ services:
|
||||||
build:
|
build:
|
||||||
context: ./plume/build/plume
|
context: ./plume/build/plume
|
||||||
args:
|
args:
|
||||||
VERSION: 0.6.0
|
VERSION: 5424f9110f8749eb7d9f01b44ac8074fc13e0e68
|
||||||
image: superboum/plume:v2
|
image: superboum/plume:v3
|
||||||
|
|
||||||
postfix:
|
postfix:
|
||||||
build:
|
build:
|
||||||
|
@ -92,3 +89,23 @@ services:
|
||||||
# https://packages.debian.org/fr/buster/postfix
|
# https://packages.debian.org/fr/buster/postfix
|
||||||
VERSION: 3.4.14-0+deb10u1
|
VERSION: 3.4.14-0+deb10u1
|
||||||
image: superboum/amd64_postfix:v3
|
image: superboum/amd64_postfix:v3
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
build:
|
||||||
|
args:
|
||||||
|
# https://github.com/sorintlab/stolon/releases
|
||||||
|
STOLON_VERSION: 2d0b8e516a4eaec01f3a9509cdc50a1d4ce8709c
|
||||||
|
# https://packages.debian.org/fr/stretch/postgresql-all
|
||||||
|
PG_VERSION: 9.6+181+deb9u3
|
||||||
|
context: ./postgres/build/postgres
|
||||||
|
image: superboum/amd64_postgres:v5
|
||||||
|
|
||||||
|
backup-consul:
|
||||||
|
build:
|
||||||
|
context: ./backup/build/backup-consul
|
||||||
|
image: lxpz/backup_consul:12
|
||||||
|
|
||||||
|
backup-matrix:
|
||||||
|
build:
|
||||||
|
context: ./backup/build/backup-matrix
|
||||||
|
image: superboum/backup_matrix:4
|
||||||
|
|
125
app/drone-ci/deploy/drone.hcl
Normal file
125
app/drone-ci/deploy/drone.hcl
Normal file
|
@ -0,0 +1,125 @@
|
||||||
|
job "drone-ci" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "service"
|
||||||
|
|
||||||
|
group "server" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "web_port" {
|
||||||
|
to = 80
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "drone_server" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "drone/drone:latest"
|
||||||
|
ports = [ "web_port" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
DRONE_GITEA_SERVER=https://git.deuxfleurs.fr
|
||||||
|
DRONE_GITEA_CLIENT_ID={{ key "secrets/drone-ci/oauth_client_id" }}
|
||||||
|
DRONE_GITEA_CLIENT_SECRET={{ key "secrets/drone-ci/oauth_client_secret" }}
|
||||||
|
DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }}
|
||||||
|
DRONE_SERVER_HOST=drone.deuxfleurs.fr
|
||||||
|
DRONE_SERVER_PROTO=https
|
||||||
|
DRONE_DATABASE_SECRET={{ key "secrets/drone-ci/db_enc_secret" }}
|
||||||
|
DRONE_COOKIE_SECRET={{ key "secrets/drone-ci/cookie_secret" }}
|
||||||
|
AWS_ACCESS_KEY_ID={{ key "secrets/drone-ci/s3_ak" }}
|
||||||
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/drone-ci/s3_sk" }}
|
||||||
|
AWS_DEFAULT_REGION=garage
|
||||||
|
AWS_REGION=garage
|
||||||
|
DRONE_S3_BUCKET={{ key "secrets/drone-ci/s3_bucket" }}
|
||||||
|
DRONE_S3_ENDPOINT=https://garage.deuxfleurs.fr
|
||||||
|
DRONE_S3_PATH_STYLE=true
|
||||||
|
DRONE_DATABASE_DRIVER=postgres
|
||||||
|
DRONE_DATABASE_DATASOURCE=postgres://{{ key "secrets/drone-ci/db_user" }}:{{ key "secrets/drone-ci/db_pass" }}@psql-proxy.service.2.cluster.deuxfleurs.fr:5432/drone?sslmode=disable
|
||||||
|
DRONE_USER_CREATE=username:lx-admin,admin:true
|
||||||
|
DRONE_LOGS_TEXT=true
|
||||||
|
DRONE_LOGS_PRETTY=true
|
||||||
|
DRONE_LOGS_DEBUG=true
|
||||||
|
DOCKER_API_VERSION=1.39
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 100
|
||||||
|
memory = 100
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "drone"
|
||||||
|
tags = [
|
||||||
|
"drone",
|
||||||
|
"traefik.enable=true",
|
||||||
|
"traefik.frontend.entryPoints=https,http",
|
||||||
|
"traefik.frontend.rule=Host:drone.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
port = "web_port"
|
||||||
|
address_mode = "host"
|
||||||
|
check {
|
||||||
|
type = "http"
|
||||||
|
protocol = "http"
|
||||||
|
port = "web_port"
|
||||||
|
path = "/"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "600s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
group "runner" {
|
||||||
|
count = 3
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
operator = "distinct_hosts"
|
||||||
|
value = "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
task "drone_runner" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
network_mode = "host"
|
||||||
|
|
||||||
|
#image = "drone/drone-runner-nomad:latest"
|
||||||
|
image = "drone/drone-runner-docker:1.6.3"
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOH
|
||||||
|
DRONE_RPC_SECRET={{ key "secrets/drone-ci/rpc_secret" }}
|
||||||
|
DRONE_RPC_HOST=drone.deuxfleurs.fr
|
||||||
|
DRONE_RPC_PROTO=https
|
||||||
|
DRONE_RUNNER_NAME={{ env "node.unique.name" }}
|
||||||
|
DRONE_DEBUG=true
|
||||||
|
NOMAD_ADDR=http://nomad-client.service.2.cluster.deuxfleurs.fr:4646
|
||||||
|
DOCKER_API_VERSION=1.39
|
||||||
|
EOH
|
||||||
|
destination = "secrets/env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 40
|
||||||
|
cpu = 50
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
1
app/drone-ci/secrets/drone-ci/cookie_secret
Normal file
1
app/drone-ci/secrets/drone-ci/cookie_secret
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -hex 16
|
1
app/drone-ci/secrets/drone-ci/db_enc_secret
Normal file
1
app/drone-ci/secrets/drone-ci/db_enc_secret
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD_ONCE openssl rand -hex 16
|
1
app/drone-ci/secrets/drone-ci/db_pass
Normal file
1
app/drone-ci/secrets/drone-ci/db_pass
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SERVICE_PASSWORD drone
|
1
app/drone-ci/secrets/drone-ci/db_user
Normal file
1
app/drone-ci/secrets/drone-ci/db_user
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CONST drone
|
1
app/drone-ci/secrets/drone-ci/oauth_client_id
Normal file
1
app/drone-ci/secrets/drone-ci/oauth_client_id
Normal file
|
@ -0,0 +1 @@
|
||||||
|
USER OAuth client ID (on Gitea)
|
1
app/drone-ci/secrets/drone-ci/oauth_client_secret
Normal file
1
app/drone-ci/secrets/drone-ci/oauth_client_secret
Normal file
|
@ -0,0 +1 @@
|
||||||
|
USER OAuth client secret (for gitea)
|
1
app/drone-ci/secrets/drone-ci/rpc_secret
Normal file
1
app/drone-ci/secrets/drone-ci/rpc_secret
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -hex 16
|
1
app/drone-ci/secrets/drone-ci/s3_ak
Normal file
1
app/drone-ci/secrets/drone-ci/s3_ak
Normal file
|
@ -0,0 +1 @@
|
||||||
|
USER S3 (garage) access key for Drone
|
1
app/drone-ci/secrets/drone-ci/s3_bucket
Normal file
1
app/drone-ci/secrets/drone-ci/s3_bucket
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CONST drone
|
1
app/drone-ci/secrets/drone-ci/s3_sk
Normal file
1
app/drone-ci/secrets/drone-ci/s3_sk
Normal file
|
@ -0,0 +1 @@
|
||||||
|
USER S3 (garage) secret key for Drone
|
|
@ -6,16 +6,14 @@ ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
|
||||||
WORKDIR /tmp/alps
|
WORKDIR /tmp/alps
|
||||||
|
|
||||||
RUN git init && \
|
RUN git init && \
|
||||||
git remote add origin https://git.sr.ht/~migadu/alps && \
|
git remote add origin https://git.deuxfleurs.fr/Deuxfleurs/alps.git && \
|
||||||
git fetch --depth 1 origin ${VERSION} && \
|
git fetch --depth 1 origin ${VERSION} && \
|
||||||
git checkout FETCH_HEAD
|
git checkout FETCH_HEAD
|
||||||
|
|
||||||
COPY skipverify.patch skipverify.patch
|
RUN go build -a -o /usr/local/bin/alps ./cmd/alps
|
||||||
|
|
||||||
RUN git apply skipverify.patch && \
|
|
||||||
go build -a -o /usr/local/bin/alps ./cmd/alps
|
|
||||||
|
|
||||||
FROM scratch
|
FROM scratch
|
||||||
COPY --from=builder /usr/local/bin/alps /alps
|
COPY --from=builder /usr/local/bin/alps /alps
|
||||||
COPY --from=builder /tmp/alps/themes /themes
|
COPY --from=builder /tmp/alps/themes /themes
|
||||||
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||||
ENTRYPOINT ["/alps"]
|
ENTRYPOINT ["/alps"]
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
From 47765c10f1af2013556f76dc63dfa056167ae5e8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Quentin <quentin@deuxfleurs.fr>
|
|
||||||
Date: Fri, 4 Dec 2020 13:19:24 +0100
|
|
||||||
Subject: [PATCH] Skip CA verification
|
|
||||||
|
|
||||||
---
|
|
||||||
imap.go | 3 ++-
|
|
||||||
smtp.go | 3 ++-
|
|
||||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/imap.go b/imap.go
|
|
||||||
index 7554331..1a4931d 100644
|
|
||||||
--- a/imap.go
|
|
||||||
+++ b/imap.go
|
|
||||||
@@ -3,6 +3,7 @@ package alps
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
+ "crypto/tls"
|
|
||||||
"github.com/emersion/go-imap"
|
|
||||||
imapclient "github.com/emersion/go-imap/client"
|
|
||||||
"github.com/emersion/go-message/charset"
|
|
||||||
@@ -16,7 +17,7 @@ func (s *Server) dialIMAP() (*imapclient.Client, error) {
|
|
||||||
var c *imapclient.Client
|
|
||||||
var err error
|
|
||||||
if s.imap.tls {
|
|
||||||
- c, err = imapclient.DialTLS(s.imap.host, nil)
|
|
||||||
+ c, err = imapclient.DialTLS(s.imap.host, &tls.Config{InsecureSkipVerify: true})
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to connect to IMAPS server: %v", err)
|
|
||||||
}
|
|
||||||
diff --git a/smtp.go b/smtp.go
|
|
||||||
index 5e178f2..8d22f1d 100644
|
|
||||||
--- a/smtp.go
|
|
||||||
+++ b/smtp.go
|
|
||||||
@@ -3,6 +3,7 @@ package alps
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
+ "crypto/tls"
|
|
||||||
"github.com/emersion/go-smtp"
|
|
||||||
)
|
|
||||||
|
|
||||||
@@ -14,7 +15,7 @@ func (s *Server) dialSMTP() (*smtp.Client, error) {
|
|
||||||
var c *smtp.Client
|
|
||||||
var err error
|
|
||||||
if s.smtp.tls {
|
|
||||||
- c, err = smtp.DialTLS(s.smtp.host, nil)
|
|
||||||
+ c, err = smtp.DialTLS(s.smtp.host, &tls.Config{InsecureSkipVerify: true})
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to connect to SMTPS server: %v", err)
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.28.0
|
|
||||||
|
|
|
@ -393,16 +393,21 @@ job "email" {
|
||||||
task "main" {
|
task "main" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_alps:v1"
|
image = "lxpz/alps_amd64:v2"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "alps_web_port" ]
|
ports = [ "alps_web_port" ]
|
||||||
command = "-theme"
|
args = [
|
||||||
args = [ "alps", "imaps://imap.deuxfleurs.fr:993", "smtps://smtp.deuxfleurs.fr:465" ]
|
"-skiptlsverification",
|
||||||
|
"-theme",
|
||||||
|
"alps",
|
||||||
|
"imaps://imap.deuxfleurs.fr:993",
|
||||||
|
"smtps://smtp.deuxfleurs.fr:465"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 50
|
cpu = 100
|
||||||
memory = 40
|
memory = 100
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
job "garage" {
|
job "garage" {
|
||||||
datacenters = ["dc1", "belair", "saturne"]
|
datacenters = ["dc1", "belair", "saturne"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 40
|
priority = 80
|
||||||
|
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.cpu.arch}"
|
attribute = "${attr.cpu.arch}"
|
||||||
|
@ -15,11 +15,17 @@ job "garage" {
|
||||||
port "web" { static = 3902 }
|
port "web" { static = 3902 }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update {
|
||||||
|
max_parallel = 1
|
||||||
|
min_healthy_time = "30s"
|
||||||
|
healthy_deadline = "5m"
|
||||||
|
}
|
||||||
|
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
advertise_ipv6_address = true
|
advertise_ipv6_address = true
|
||||||
image = "lxpz/garage_amd64:v0.1.1b"
|
image = "lxpz/garage_amd64:v0.2.1.6"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
volumes = [
|
volumes = [
|
||||||
"/mnt/storage/garage/data:/garage/data",
|
"/mnt/storage/garage/data:/garage/data",
|
||||||
|
@ -51,10 +57,13 @@ job "garage" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 500
|
memory = 800
|
||||||
cpu = 1000
|
cpu = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
|
kill_signal = "SIGINT"
|
||||||
|
kill_timeout = "20s"
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [
|
tags = [
|
||||||
"garage_api",
|
"garage_api",
|
||||||
|
|
|
@ -15,7 +15,7 @@ job "im" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "particallydone/amd64_synapse:v41"
|
image = "superboum/amd64_synapse:v43"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
ports = [ "client_port", "federation_port" ]
|
ports = [ "client_port", "federation_port" ]
|
||||||
|
@ -162,8 +162,8 @@ job "im" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
memory = 500
|
memory = 250
|
||||||
cpu = 1000
|
cpu = 100
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
@ -220,7 +220,7 @@ job "im" {
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "particallydone/amd64_riotweb:v20"
|
image = "superboum/amd64_riotweb:v22"
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/config.json:/srv/http/config.json"
|
"secrets/config.json:/srv/http/config.json"
|
||||||
|
|
|
@ -0,0 +1,91 @@
|
||||||
|
From 3da458fc04560e8ddd597f7910c4f53b714d58ab Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Dufour <quentin@dufour.io>
|
||||||
|
Date: Mon, 1 Feb 2021 06:53:21 +0100
|
||||||
|
Subject: [PATCH] Remove broken command line args parameters setting
|
||||||
|
|
||||||
|
---
|
||||||
|
src/main/java/org/jitsi/jicofo/Main.java | 61 ------------------------
|
||||||
|
1 file changed, 61 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/main/java/org/jitsi/jicofo/Main.java b/src/main/java/org/jitsi/jicofo/Main.java
|
||||||
|
index 558d1b3..59e04bb 100644
|
||||||
|
--- a/src/main/java/org/jitsi/jicofo/Main.java
|
||||||
|
+++ b/src/main/java/org/jitsi/jicofo/Main.java
|
||||||
|
@@ -50,7 +50,6 @@ public static void main(String[] args)
|
||||||
|
logger.error("An uncaught exception occurred in thread=" + t, e));
|
||||||
|
|
||||||
|
setupMetaconfigLogger();
|
||||||
|
- setSystemProperties(args);
|
||||||
|
JitsiConfig.Companion.reloadNewConfig();
|
||||||
|
|
||||||
|
// Make sure that passwords are not printed by ConfigurationService
|
||||||
|
@@ -80,66 +79,6 @@ public static void main(String[] args)
|
||||||
|
JicofoServices.jicofoServicesSingleton = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /**
|
||||||
|
- * Read the command line arguments and env variables, and set the corresponding system properties used for
|
||||||
|
- * configuration of the XMPP component and client connections.
|
||||||
|
- */
|
||||||
|
- private static void setSystemProperties(String[] args)
|
||||||
|
- throws ParseException
|
||||||
|
- {
|
||||||
|
- CmdLine cmdLine = new CmdLine();
|
||||||
|
-
|
||||||
|
- // We may end execution here if one of required arguments is missing
|
||||||
|
- cmdLine.parse(args);
|
||||||
|
-
|
||||||
|
- // XMPP host/domain
|
||||||
|
- String host;
|
||||||
|
- String componentDomain;
|
||||||
|
- // Try to get domain, can be null after this call(we'll fix that later)
|
||||||
|
- componentDomain = cmdLine.getOptionValue("domain");
|
||||||
|
- // Host name
|
||||||
|
- host = cmdLine.getOptionValue("--host", componentDomain == null ? "localhost" : componentDomain);
|
||||||
|
- // Try to fix component domain
|
||||||
|
- if (isBlank(componentDomain))
|
||||||
|
- {
|
||||||
|
- componentDomain = host;
|
||||||
|
- }
|
||||||
|
- if (componentDomain != null)
|
||||||
|
- {
|
||||||
|
- // For backward compat, the "--domain" command line argument controls the domain for the XMPP component
|
||||||
|
- // as well as XMPP client connection.
|
||||||
|
- System.setProperty(XmppClientConnectionConfig.legacyXmppDomainPropertyName, componentDomain);
|
||||||
|
- }
|
||||||
|
- if (host != null)
|
||||||
|
- {
|
||||||
|
- // For backward compat, the "--host" command line argument controls the hostname for the XMPP component
|
||||||
|
- // as well as XMPP client connection.
|
||||||
|
- System.setProperty(XmppClientConnectionConfig.legacyHostnamePropertyName, host);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // XMPP client connection
|
||||||
|
- String focusDomain = cmdLine.getOptionValue("--user_domain");
|
||||||
|
- String focusUserName = cmdLine.getOptionValue("--user_name");
|
||||||
|
- String focusPassword = cmdLine.getOptionValue("--user_password");
|
||||||
|
- if (isBlank(focusPassword))
|
||||||
|
- {
|
||||||
|
- focusPassword = System.getenv("JICOFO_AUTH_PASSWORD");
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (focusDomain != null)
|
||||||
|
- {
|
||||||
|
- System.setProperty(XmppClientConnectionConfig.legacyDomainPropertyName, focusDomain);
|
||||||
|
- }
|
||||||
|
- if (focusUserName != null)
|
||||||
|
- {
|
||||||
|
- System.setProperty(XmppClientConnectionConfig.legacyUsernamePropertyName, focusUserName);
|
||||||
|
- }
|
||||||
|
- if (isNotBlank(focusPassword))
|
||||||
|
- {
|
||||||
|
- System.setProperty(XmppClientConnectionConfig.legacyPasswordPropertyName, focusPassword);
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
private static void setupMetaconfigLogger()
|
||||||
|
{
|
||||||
|
org.jitsi.utils.logging2.Logger configLogger = new org.jitsi.utils.logging2.LoggerImpl("org.jitsi.config");
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
|
@ -1,18 +1,21 @@
|
||||||
FROM fedora:33 AS builder
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
RUN dnf install -y java-latest-openjdk-headless maven wget unzip
|
# unzip is required when executing the mvn package command
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y openjdk-11-jdk-headless maven git unzip
|
||||||
|
|
||||||
ARG PREFIXV
|
ARG JICOFO_TAG
|
||||||
ARG VERSION
|
RUN git clone --depth 1 --branch $JICOFO_TAG https://github.com/jitsi/jicofo
|
||||||
RUN wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
|
|
||||||
RUN unzip jicofo.zip && \
|
WORKDIR jicofo
|
||||||
mv jicofo*${VERSION} jicofo && \
|
COPY *.patch .
|
||||||
cd jicofo && \
|
RUN git apply 0001-Remove-broken-command-line-args-parameters-setting.patch
|
||||||
mvn package -DskipTests -Dassembly.skipAssembly=false && \
|
RUN mvn package -DskipTests -Dassembly.skipAssembly=false
|
||||||
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
|
||||||
|
RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
|
||||||
mv jicofo-1.1-SNAPSHOT /srv/build
|
mv jicofo-1.1-SNAPSHOT /srv/build
|
||||||
|
|
||||||
FROM debian:bullseye
|
FROM debian:buster
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y openjdk-11-jre-headless ca-certificates
|
apt-get install -y openjdk-11-jre-headless ca-certificates
|
||||||
|
|
|
@ -3,9 +3,6 @@
|
||||||
update-ca-certificates -f
|
update-ca-certificates -f
|
||||||
|
|
||||||
exec java \
|
exec java \
|
||||||
-Xmx400m \
|
|
||||||
-XX:+HeapDumpOnOutOfMemoryError \
|
|
||||||
-XX:HeapDumpPath=/tmp \
|
|
||||||
-Djdk.tls.ephemeralDHKeySize=2048 \
|
-Djdk.tls.ephemeralDHKeySize=2048 \
|
||||||
-Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \
|
-Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \
|
||||||
-Dconfig.file=/etc/jitsi/jicofo.conf \
|
-Dconfig.file=/etc/jitsi/jicofo.conf \
|
||||||
|
|
|
@ -1,18 +1,15 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
ARG PREFIXV
|
|
||||||
ARG VERSION
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y curl && \
|
apt-get install -y curl && \
|
||||||
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
||||||
apt-get install -y git nodejs make wget unzip && \
|
apt-get install -y git nodejs make git unzip
|
||||||
wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
|
|
||||||
|
|
||||||
RUN unzip jitsi-meet.zip && \
|
ARG MEET_TAG
|
||||||
mv jitsi-meet-*${VERSION} jitsi-meet && \
|
RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet
|
||||||
cd jitsi-meet && \
|
|
||||||
npm install && \
|
WORKDIR jitsi-meet
|
||||||
|
RUN npm install && \
|
||||||
make
|
make
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:buster
|
||||||
|
@ -20,9 +17,7 @@ FROM debian:buster
|
||||||
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
COPY --from=builder /jitsi-meet /srv/jitsi-meet
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y nginx && \
|
apt-get install -y nginx && \
|
||||||
rm /etc/nginx/sites-enabled/*
|
rm /etc/nginx/sites-enabled/* && \
|
||||||
|
rm /etc/nginx/nginx.conf
|
||||||
|
|
||||||
COPY config.js /srv/jitsi-meet/config.js
|
|
||||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
|
||||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
|
||||||
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
|
CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
|
||||||
|
|
|
@ -1,517 +0,0 @@
|
||||||
/* eslint-disable no-unused-vars, no-var */
|
|
||||||
|
|
||||||
var config = {
|
|
||||||
// Connection
|
|
||||||
//
|
|
||||||
|
|
||||||
hosts: {
|
|
||||||
// XMPP domain.
|
|
||||||
domain: 'jitsi.deuxfleurs.fr',
|
|
||||||
|
|
||||||
// When using authentication, domain for guest users.
|
|
||||||
// anonymousdomain: 'guest.example.com',
|
|
||||||
|
|
||||||
// Domain for authenticated users. Defaults to <domain>.
|
|
||||||
// authdomain: 'jitsi-meet.example.com',
|
|
||||||
|
|
||||||
// Jirecon recording component domain.
|
|
||||||
// jirecon: 'jirecon.jitsi-meet.example.com',
|
|
||||||
|
|
||||||
// Call control component (Jigasi).
|
|
||||||
// call_control: 'callcontrol.jitsi-meet.example.com',
|
|
||||||
|
|
||||||
// Focus component domain. Defaults to focus.<domain>.
|
|
||||||
// focus: 'focus.jitsi-meet.example.com',
|
|
||||||
|
|
||||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
|
||||||
muc: 'conference.jitsi.deuxfleurs.fr'
|
|
||||||
},
|
|
||||||
|
|
||||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
|
||||||
bosh: '//jitsi.deuxfleurs.fr/http-bind',
|
|
||||||
|
|
||||||
// Websocket URL
|
|
||||||
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
|
|
||||||
|
|
||||||
// The name of client node advertised in XEP-0115 'c' stanza
|
|
||||||
clientNode: 'http://jitsi.org/jitsimeet',
|
|
||||||
|
|
||||||
// The real JID of focus participant - can be overridden here
|
|
||||||
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
|
|
||||||
|
|
||||||
|
|
||||||
// Testing / experimental features.
|
|
||||||
//
|
|
||||||
|
|
||||||
testing: {
|
|
||||||
// Enables experimental simulcast support on Firefox.
|
|
||||||
enableFirefoxSimulcast: false,
|
|
||||||
|
|
||||||
// P2P test mode disables automatic switching to P2P when there are 2
|
|
||||||
// participants in the conference.
|
|
||||||
p2pTestMode: false
|
|
||||||
|
|
||||||
// Enables the test specific features consumed by jitsi-meet-torture
|
|
||||||
// testMode: false
|
|
||||||
|
|
||||||
// Disables the auto-play behavior of *all* newly created video element.
|
|
||||||
// This is useful when the client runs on a host with limited resources.
|
|
||||||
// noAutoPlayVideo: false
|
|
||||||
},
|
|
||||||
|
|
||||||
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
|
||||||
// signalling.
|
|
||||||
// webrtcIceUdpDisable: false,
|
|
||||||
|
|
||||||
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
|
||||||
// signalling.
|
|
||||||
// webrtcIceTcpDisable: false,
|
|
||||||
|
|
||||||
|
|
||||||
// Media
|
|
||||||
//
|
|
||||||
|
|
||||||
// Audio
|
|
||||||
|
|
||||||
// Disable measuring of audio levels.
|
|
||||||
// disableAudioLevels: false,
|
|
||||||
// audioLevelsInterval: 200,
|
|
||||||
|
|
||||||
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
|
||||||
// will notify the user if the current selected microphone has no audio
|
|
||||||
// input and will suggest another valid device if one is present.
|
|
||||||
enableNoAudioDetection: true,
|
|
||||||
|
|
||||||
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
|
||||||
// notify the user if there is noise, other than voice, coming from the current
|
|
||||||
// selected microphone. The purpose it to let the user know that the input could
|
|
||||||
// be potentially unpleasant for other meeting participants.
|
|
||||||
enableNoisyMicDetection: true,
|
|
||||||
|
|
||||||
// Start the conference in audio only mode (no video is being received nor
|
|
||||||
// sent).
|
|
||||||
// startAudioOnly: false,
|
|
||||||
|
|
||||||
// Every participant after the Nth will start audio muted.
|
|
||||||
// startAudioMuted: 10,
|
|
||||||
|
|
||||||
// Start calls with audio muted. Unlike the option above, this one is only
|
|
||||||
// applied locally. FIXME: having these 2 options is confusing.
|
|
||||||
// startWithAudioMuted: false,
|
|
||||||
|
|
||||||
// Enabling it (with #params) will disable local audio output of remote
|
|
||||||
// participants and to enable it back a reload is needed.
|
|
||||||
// startSilent: false
|
|
||||||
|
|
||||||
// Video
|
|
||||||
|
|
||||||
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
|
||||||
resolution: 480,
|
|
||||||
|
|
||||||
// w3c spec-compliant video constraints to use for video capture. Currently
|
|
||||||
// used by browsers that return true from lib-jitsi-meet's
|
|
||||||
// util#browser#usesNewGumFlow. The constraints are independency from
|
|
||||||
// this config's resolution value. Defaults to requesting an ideal aspect
|
|
||||||
// ratio of 16:9 with an ideal resolution of 720.
|
|
||||||
constraints: {
|
|
||||||
video: {
|
|
||||||
aspectRatio: 16 / 9,
|
|
||||||
height: {
|
|
||||||
ideal: 480,
|
|
||||||
max: 720,
|
|
||||||
min: 240
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
// Enable / disable simulcast support.
|
|
||||||
// disableSimulcast: false,
|
|
||||||
|
|
||||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
|
||||||
// layers are not in use will be suspended (no longer sent) until they
|
|
||||||
// are requested again.
|
|
||||||
// enableLayerSuspension: false,
|
|
||||||
|
|
||||||
// Every participant after the Nth will start video muted.
|
|
||||||
// startVideoMuted: 10,
|
|
||||||
|
|
||||||
// Start calls with video muted. Unlike the option above, this one is only
|
|
||||||
// applied locally. FIXME: having these 2 options is confusing.
|
|
||||||
// startWithVideoMuted: false,
|
|
||||||
|
|
||||||
// If set to true, prefer to use the H.264 video codec (if supported).
|
|
||||||
// Note that it's not recommended to do this because simulcast is not
|
|
||||||
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
|
||||||
// default and can be toggled in the p2p section.
|
|
||||||
// preferH264: true,
|
|
||||||
|
|
||||||
// If set to true, disable H.264 video codec by stripping it out of the
|
|
||||||
// SDP.
|
|
||||||
// disableH264: false,
|
|
||||||
|
|
||||||
// Desktop sharing
|
|
||||||
|
|
||||||
// The ID of the jidesha extension for Chrome.
|
|
||||||
desktopSharingChromeExtId: null,
|
|
||||||
|
|
||||||
// Whether desktop sharing should be disabled on Chrome.
|
|
||||||
// desktopSharingChromeDisabled: false,
|
|
||||||
|
|
||||||
// The media sources to use when using screen sharing with the Chrome
|
|
||||||
// extension.
|
|
||||||
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
|
|
||||||
|
|
||||||
// Required version of Chrome extension
|
|
||||||
desktopSharingChromeMinExtVersion: '0.1',
|
|
||||||
|
|
||||||
// Whether desktop sharing should be disabled on Firefox.
|
|
||||||
// desktopSharingFirefoxDisabled: false,
|
|
||||||
|
|
||||||
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
|
||||||
// desktopSharingFrameRate: {
|
|
||||||
// min: 5,
|
|
||||||
// max: 5
|
|
||||||
// },
|
|
||||||
|
|
||||||
// Try to start calls with screen-sharing instead of camera video.
|
|
||||||
// startScreenSharing: false,
|
|
||||||
|
|
||||||
// Recording
|
|
||||||
|
|
||||||
// Whether to enable file recording or not.
|
|
||||||
// fileRecordingsEnabled: false,
|
|
||||||
// Enable the dropbox integration.
|
|
||||||
// dropbox: {
|
|
||||||
// appKey: '<APP_KEY>' // Specify your app key here.
|
|
||||||
// // A URL to redirect the user to, after authenticating
|
|
||||||
// // by default uses:
|
|
||||||
// // 'https://jitsi-meet.example.com/static/oauth.html'
|
|
||||||
// redirectURI:
|
|
||||||
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
|
|
||||||
// },
|
|
||||||
// When integrations like dropbox are enabled only that will be shown,
|
|
||||||
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
|
||||||
// and the generic recording service (its configuration and storage type
|
|
||||||
// depends on jibri configuration)
|
|
||||||
// fileRecordingsServiceEnabled: false,
|
|
||||||
// Whether to show the possibility to share file recording with other people
|
|
||||||
// (e.g. meeting participants), based on the actual implementation
|
|
||||||
// on the backend.
|
|
||||||
// fileRecordingsServiceSharingEnabled: false,
|
|
||||||
|
|
||||||
// Whether to enable live streaming or not.
|
|
||||||
// liveStreamingEnabled: false,
|
|
||||||
|
|
||||||
// Transcription (in interface_config,
|
|
||||||
// subtitles and buttons can be configured)
|
|
||||||
// transcribingEnabled: false,
|
|
||||||
|
|
||||||
// Enables automatic turning on captions when recording is started
|
|
||||||
// autoCaptionOnRecord: false,
|
|
||||||
|
|
||||||
// Misc
|
|
||||||
|
|
||||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
|
||||||
channelLastN: -1,
|
|
||||||
|
|
||||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
|
||||||
// disableRtx: false,
|
|
||||||
|
|
||||||
// Disables or enables TCC (the default is in Jicofo and set to true)
|
|
||||||
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
|
|
||||||
// affects congestion control, it practically enables send-side bandwidth
|
|
||||||
// estimations.
|
|
||||||
// enableTcc: true,
|
|
||||||
|
|
||||||
// Disables or enables REMB (the default is in Jicofo and set to false)
|
|
||||||
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
|
|
||||||
// control, it practically enables recv-side bandwidth estimations. When
|
|
||||||
// both TCC and REMB are enabled, TCC takes precedence. When both are
|
|
||||||
// disabled, then bandwidth estimations are disabled.
|
|
||||||
// enableRemb: false,
|
|
||||||
|
|
||||||
// Defines the minimum number of participants to start a call (the default
|
|
||||||
// is set in Jicofo and set to 2).
|
|
||||||
// minParticipants: 2,
|
|
||||||
|
|
||||||
// Use XEP-0215 to fetch STUN and TURN servers.
|
|
||||||
// useStunTurn: true,
|
|
||||||
|
|
||||||
// Enable IPv6 support.
|
|
||||||
// useIPv6: true,
|
|
||||||
|
|
||||||
// Enables / disables a data communication channel with the Videobridge.
|
|
||||||
// Values can be 'datachannel', 'websocket', true (treat it as
|
|
||||||
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
|
|
||||||
// open any channel).
|
|
||||||
// openBridgeChannel: true,
|
|
||||||
|
|
||||||
|
|
||||||
// UI
|
|
||||||
//
|
|
||||||
|
|
||||||
// Use display name as XMPP nickname.
|
|
||||||
// useNicks: false,
|
|
||||||
|
|
||||||
// Require users to always specify a display name.
|
|
||||||
// requireDisplayName: true,
|
|
||||||
|
|
||||||
// Whether to use a welcome page or not. In case it's false a random room
|
|
||||||
// will be joined when no room is specified.
|
|
||||||
enableWelcomePage: true,
|
|
||||||
|
|
||||||
// Enabling the close page will ignore the welcome page redirection when
|
|
||||||
// a call is hangup.
|
|
||||||
// enableClosePage: false,
|
|
||||||
|
|
||||||
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
|
||||||
// disable1On1Mode: false,
|
|
||||||
|
|
||||||
// Default language for the user interface.
|
|
||||||
defaultLanguage: 'fr',
|
|
||||||
|
|
||||||
// If true all users without a token will be considered guests and all users
|
|
||||||
// with token will be considered non-guests. Only guests will be allowed to
|
|
||||||
// edit their profile.
|
|
||||||
enableUserRolesBasedOnToken: false,
|
|
||||||
|
|
||||||
// Whether or not some features are checked based on token.
|
|
||||||
// enableFeaturesBasedOnToken: false,
|
|
||||||
|
|
||||||
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
|
|
||||||
// lockRoomGuestEnabled: false,
|
|
||||||
|
|
||||||
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
|
||||||
// roomPasswordNumberOfDigits: 10,
|
|
||||||
// default: roomPasswordNumberOfDigits: false,
|
|
||||||
|
|
||||||
// Message to show the users. Example: 'The service will be down for
|
|
||||||
// maintenance at 01:00 AM GMT,
|
|
||||||
// noticeMessage: '',
|
|
||||||
|
|
||||||
// Enables calendar integration, depends on googleApiApplicationClientID
|
|
||||||
// and microsoftApiApplicationClientID
|
|
||||||
// enableCalendarIntegration: false,
|
|
||||||
|
|
||||||
// Stats
|
|
||||||
//
|
|
||||||
|
|
||||||
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
|
||||||
// This can be useful for debugging purposes (post-processing/analysis of
|
|
||||||
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
|
||||||
// estimation tests.
|
|
||||||
// gatherStats: false,
|
|
||||||
|
|
||||||
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
|
||||||
// pcStatsInterval: 10000,
|
|
||||||
|
|
||||||
// To enable sending statistics to callstats.io you must provide the
|
|
||||||
// Application ID and Secret.
|
|
||||||
// callStatsID: '',
|
|
||||||
// callStatsSecret: '',
|
|
||||||
|
|
||||||
// enables sending participants display name to callstats
|
|
||||||
// enableDisplayNameInStats: false
|
|
||||||
|
|
||||||
// enables sending participants email if available to callstats and other analytics
|
|
||||||
// enableEmailInStats: false
|
|
||||||
|
|
||||||
// Privacy
|
|
||||||
//
|
|
||||||
|
|
||||||
// If third party requests are disabled, no other server will be contacted.
|
|
||||||
// This means avatars will be locally generated and callstats integration
|
|
||||||
// will not function.
|
|
||||||
// disableThirdPartyRequests: false,
|
|
||||||
|
|
||||||
|
|
||||||
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
|
||||||
//
|
|
||||||
|
|
||||||
p2p: {
|
|
||||||
// Enables peer to peer mode. When enabled the system will try to
|
|
||||||
// establish a direct connection when there are exactly 2 participants
|
|
||||||
// in the room. If that succeeds the conference will stop sending data
|
|
||||||
// through the JVB and use the peer to peer connection instead. When a
|
|
||||||
// 3rd participant joins the conference will be moved back to the JVB
|
|
||||||
// connection.
|
|
||||||
enabled: true,
|
|
||||||
|
|
||||||
// Use XEP-0215 to fetch STUN and TURN servers.
|
|
||||||
// useStunTurn: true,
|
|
||||||
|
|
||||||
// The STUN servers that will be used in the peer to peer connections
|
|
||||||
stunServers: [
|
|
||||||
|
|
||||||
// { urls: 'stun:jitsi-meet.example.com:443' },
|
|
||||||
{ urls: 'stun:stun.l.google.com:19302' },
|
|
||||||
{ urls: 'stun:stun1.l.google.com:19302' },
|
|
||||||
{ urls: 'stun:stun2.l.google.com:19302' }
|
|
||||||
],
|
|
||||||
|
|
||||||
// Sets the ICE transport policy for the p2p connection. At the time
|
|
||||||
// of this writing the list of possible values are 'all' and 'relay',
|
|
||||||
// but that is subject to change in the future. The enum is defined in
|
|
||||||
// the WebRTC standard:
|
|
||||||
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
|
||||||
// If not set, the effective value is 'all'.
|
|
||||||
// iceTransportPolicy: 'all',
|
|
||||||
|
|
||||||
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
|
||||||
// is supported).
|
|
||||||
preferH264: true,
|
|
||||||
|
|
||||||
// If set to true, disable H.264 video codec by stripping it out of the
|
|
||||||
// SDP.
|
|
||||||
// disableH264: false,
|
|
||||||
|
|
||||||
// How long we're going to wait, before going back to P2P after the 3rd
|
|
||||||
// participant has left the conference (to filter out page reload).
|
|
||||||
backToP2PDelay: 60
|
|
||||||
},
|
|
||||||
|
|
||||||
analytics: {
|
|
||||||
// The Google Analytics Tracking ID:
|
|
||||||
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
|
||||||
|
|
||||||
// The Amplitude APP Key:
|
|
||||||
// amplitudeAPPKey: '<APP_KEY>'
|
|
||||||
|
|
||||||
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
|
||||||
// scriptURLs: [
|
|
||||||
// "libs/analytics-ga.min.js", // google-analytics
|
|
||||||
// "https://example.com/my-custom-analytics.js"
|
|
||||||
// ],
|
|
||||||
},
|
|
||||||
|
|
||||||
// Information about the jitsi-meet instance we are connecting to, including
|
|
||||||
// the user region as seen by the server.
|
|
||||||
deploymentInfo: {
|
|
||||||
// shard: "shard1",
|
|
||||||
// region: "europe",
|
|
||||||
// userRegion: "asia"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Information for the chrome extension banner
|
|
||||||
// chromeExtensionBanner: {
|
|
||||||
// // The chrome extension to be installed address
|
|
||||||
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
|
||||||
|
|
||||||
// // Extensions info which allows checking if they are installed or not
|
|
||||||
// chromeExtensionsInfo: [
|
|
||||||
// {
|
|
||||||
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
|
||||||
// path: 'jitsi-logo-48x48.png'
|
|
||||||
// }
|
|
||||||
// ]
|
|
||||||
// }
|
|
||||||
|
|
||||||
// Local Recording
|
|
||||||
//
|
|
||||||
|
|
||||||
// localRecording: {
|
|
||||||
// Enables local recording.
|
|
||||||
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
|
||||||
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
|
||||||
// button to show up on the toolbar.
|
|
||||||
//
|
|
||||||
// enabled: true,
|
|
||||||
//
|
|
||||||
|
|
||||||
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
|
||||||
// format: 'flac'
|
|
||||||
//
|
|
||||||
|
|
||||||
// }
|
|
||||||
|
|
||||||
// Options related to end-to-end (participant to participant) ping.
|
|
||||||
// e2eping: {
|
|
||||||
// // The interval in milliseconds at which pings will be sent.
|
|
||||||
// // Defaults to 10000, set to <= 0 to disable.
|
|
||||||
// pingInterval: 10000,
|
|
||||||
//
|
|
||||||
// // The interval in milliseconds at which analytics events
|
|
||||||
// // with the measured RTT will be sent. Defaults to 60000, set
|
|
||||||
// // to <= 0 to disable.
|
|
||||||
// analyticsInterval: 60000,
|
|
||||||
// }
|
|
||||||
|
|
||||||
// If set, will attempt to use the provided video input device label when
|
|
||||||
// triggering a screenshare, instead of proceeding through the normal flow
|
|
||||||
// for obtaining a desktop stream.
|
|
||||||
// NOTE: This option is experimental and is currently intended for internal
|
|
||||||
// use only.
|
|
||||||
// _desktopSharingSourceDevice: 'sample-id-or-label'
|
|
||||||
|
|
||||||
// If true, any checks to handoff to another application will be prevented
|
|
||||||
// and instead the app will continue to display in the current browser.
|
|
||||||
// disableDeepLinking: false
|
|
||||||
|
|
||||||
// A property to disable the right click context menu for localVideo
|
|
||||||
// the menu has option to flip the locally seen video for local presentations
|
|
||||||
// disableLocalVideoFlip: false
|
|
||||||
|
|
||||||
// Deployment specific URLs.
|
|
||||||
// deploymentUrls: {
|
|
||||||
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
|
||||||
// // user documentation.
|
|
||||||
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
|
||||||
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
|
||||||
// // to the specified URL for an app download page.
|
|
||||||
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
|
||||||
// }
|
|
||||||
|
|
||||||
// List of undocumented settings used in jitsi-meet
|
|
||||||
/**
|
|
||||||
_immediateReloadThreshold
|
|
||||||
autoRecord
|
|
||||||
autoRecordToken
|
|
||||||
debug
|
|
||||||
debugAudioLevels
|
|
||||||
deploymentInfo
|
|
||||||
dialInConfCodeUrl
|
|
||||||
dialInNumbersUrl
|
|
||||||
dialOutAuthUrl
|
|
||||||
dialOutCodesUrl
|
|
||||||
disableRemoteControl
|
|
||||||
displayJids
|
|
||||||
etherpad_base
|
|
||||||
externalConnectUrl
|
|
||||||
firefox_fake_device
|
|
||||||
googleApiApplicationClientID
|
|
||||||
iAmRecorder
|
|
||||||
iAmSipGateway
|
|
||||||
microsoftApiApplicationClientID
|
|
||||||
peopleSearchQueryTypes
|
|
||||||
peopleSearchUrl
|
|
||||||
requireDisplayName
|
|
||||||
tokenAuthUrl
|
|
||||||
*/
|
|
||||||
|
|
||||||
// List of undocumented settings used in lib-jitsi-meet
|
|
||||||
/**
|
|
||||||
_peerConnStatusOutOfLastNTimeout
|
|
||||||
_peerConnStatusRtcMuteTimeout
|
|
||||||
abTesting
|
|
||||||
avgRtpStatsN
|
|
||||||
callStatsConfIDNamespace
|
|
||||||
callStatsCustomScriptUrl
|
|
||||||
desktopSharingSources
|
|
||||||
disableAEC
|
|
||||||
disableAGC
|
|
||||||
disableAP
|
|
||||||
disableHPF
|
|
||||||
disableNS
|
|
||||||
enableLipSync
|
|
||||||
enableTalkWhileMuted
|
|
||||||
forceJVB121Ratio
|
|
||||||
hiddenDomain
|
|
||||||
ignoreStartMuted
|
|
||||||
nick
|
|
||||||
startBitrate
|
|
||||||
*/
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
/* eslint-enable no-unused-vars, no-var */
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
cat > /etc/nginx/sites-available/jitsi <<EOF
|
|
||||||
server_names_hash_bucket_size 64;
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server;
|
|
||||||
listen [::]:${NGINX_PORT} ssl http2 default_server;
|
|
||||||
server_name _;
|
|
||||||
ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
|
|
||||||
ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;
|
|
||||||
root /srv/jitsi-meet;
|
|
||||||
index index.html;
|
|
||||||
location ~ ^/([a-zA-Z0-9=\?]+)$ {
|
|
||||||
rewrite ^/(.*)$ / break;
|
|
||||||
}
|
|
||||||
location / {
|
|
||||||
ssi on;
|
|
||||||
}
|
|
||||||
# BOSH, Bidirectional-streams Over Synchronous HTTP
|
|
||||||
# https://en.wikipedia.org/wiki/BOSH_(protocol)
|
|
||||||
location /http-bind {
|
|
||||||
proxy_pass http://${JITSI_PROSODY_BOSH_HOST}:${JITSI_PROSODY_BOSH_PORT}/http-bind;
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
proxy_set_header Host \$http_host;
|
|
||||||
}
|
|
||||||
# external_api.js must be accessible from the root of the
|
|
||||||
# installation for the electron version of Jitsi Meet to work
|
|
||||||
# https://github.com/jitsi/jitsi-meet-electron
|
|
||||||
location /external_api.js {
|
|
||||||
alias /srv/jitsi-meet/libs/external_api.min.js;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
ln -sf /etc/nginx/sites-available/jitsi /etc/nginx/sites-enabled/jitsi
|
|
||||||
|
|
||||||
exec "$@"
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
From b327e580ab83110cdb52bc1d11687a096b8fc1df Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Dufour <quentin@dufour.io>
|
||||||
|
Date: Mon, 1 Feb 2021 07:16:50 +0100
|
||||||
|
Subject: [PATCH] Disable legacy parameters
|
||||||
|
|
||||||
|
---
|
||||||
|
jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt | 8 --------
|
||||||
|
1 file changed, 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
index df71f480..8f0ef9a5 100644
|
||||||
|
--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
|
||||||
|
@@ -62,14 +62,6 @@ fun main(args: Array<String>) {
|
||||||
|
// to be passed.
|
||||||
|
System.setProperty("org.eclipse.jetty.util.log.class", "org.eclipse.jetty.util.log.JavaUtilLog")
|
||||||
|
|
||||||
|
- // Before initializing the application programming interfaces (APIs) of
|
||||||
|
- // Jitsi Videobridge, set any System properties which they use and which
|
||||||
|
- // may be specified by the command-line arguments.
|
||||||
|
- System.setProperty(
|
||||||
|
- Videobridge.REST_API_PNAME,
|
||||||
|
- cmdLine.getOptionValue("--apis").contains(Videobridge.REST_API).toString()
|
||||||
|
- )
|
||||||
|
-
|
||||||
|
// Reload the Typesafe config used by ice4j, because the original was initialized before the new system
|
||||||
|
// properties were set.
|
||||||
|
JitsiConfig.reloadNewConfig()
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
|
@ -1,30 +1,24 @@
|
||||||
FROM debian:buster AS builder
|
FROM debian:buster AS builder
|
||||||
|
|
||||||
ARG PREFIXV
|
|
||||||
ARG VERSION
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y wget unzip maven openjdk-11-jdk && \
|
apt-get install -y git unzip maven openjdk-11-jdk-headless
|
||||||
wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
|
|
||||||
|
|
||||||
RUN unzip jvb.zip && \
|
ARG JVB_TAG
|
||||||
mv jitsi-videobridge*${VERSION} jvb && \
|
RUN git clone --depth 1 --branch ${JVB_TAG} https://github.com/jitsi/jitsi-videobridge
|
||||||
cd jvb && \
|
|
||||||
mvn package -DskipTests && \
|
WORKDIR jitsi-videobridge
|
||||||
ls jvb/target && \
|
COPY *.patch .
|
||||||
unzip jvb/target/jitsi-videobridge*.zip && \
|
RUN git apply 0001-Disable-legacy-parameters.patch
|
||||||
|
RUN mvn package -DskipTests
|
||||||
|
RUN unzip jvb/target/jitsi-videobridge*.zip && \
|
||||||
mv jitsi-videobridge-*-SNAPSHOT build
|
mv jitsi-videobridge-*-SNAPSHOT build
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:buster
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y openjdk-11-jre-headless
|
apt-get install -y openjdk-11-jre-headless curl
|
||||||
|
|
||||||
COPY --from=builder /jvb/build /srv/jvb
|
COPY --from=builder /jitsi-videobridge/build /usr/share/jvb
|
||||||
ENV HOME=/root
|
|
||||||
WORKDIR /root
|
|
||||||
COPY jvb_run /usr/local/bin/jvb_run
|
COPY jvb_run /usr/local/bin/jvb_run
|
||||||
|
|
||||||
ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
|
|
||||||
|
|
||||||
CMD ["/usr/local/bin/jvb_run"]
|
CMD ["/usr/local/bin/jvb_run"]
|
||||||
|
|
|
@ -1,54 +1,21 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
update-ca-certificates -f
|
||||||
|
|
||||||
cat >> /etc/hosts <<EOF
|
if [ -z "${JITSI_NAT_LOCAL_IP}" ]; then
|
||||||
${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
|
JITSI_NAT_LOCAL_IP=$(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
|
||||||
127.0.0.1 `hostname`
|
fi
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /root/.sip-communicator
|
if [ -z "${JITSI_NAT_PUBLIC_IP}" ]; then
|
||||||
|
JITSI_NAT_PUBLIC_IP=$(curl https://ifconfig.me)
|
||||||
|
fi
|
||||||
|
|
||||||
cat > /root/.sip-communicator/sip-communicator.properties <<EOF
|
echo "NAT config: ${JITSI_NAT_LOCAL_IP} -> ${JITSI_NAT_PUBLIC_IP}"
|
||||||
# Enable broadcasting stats/presence in a MUC
|
|
||||||
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
|
||||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
|
|
||||||
|
|
||||||
# Connect to the first XMPP server
|
exec java \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
|
-Djdk.tls.ephemeralDHKeySize=2048 \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
|
-Djava.util.logging.config.file=/usr/share/jvb/lib/logging.properties \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
-Dconfig.file=/etc/jitsi/videobridge.conf \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
|
-Dorg.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP} \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
-Dorg.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP} \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
|
-cp '/usr/share/jvb/jitsi-videobridge.jar:/usr/share/jvb/lib/*' \
|
||||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
|
org.jitsi.videobridge.MainKt
|
||||||
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
|
|
||||||
|
|
||||||
# Do we need it? @FIXME
|
|
||||||
org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
|
|
||||||
|
|
||||||
# NAT things, two times just in case...
|
|
||||||
org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
|
|
||||||
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
|
||||||
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
|
||||||
org.jitsi.videobridge.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
|
|
||||||
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
|
|
||||||
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
|
|
||||||
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
|
|
||||||
EOF
|
|
||||||
|
|
||||||
[ -v JITSI_DEBUG ] && cat >> /root/.sip-communicator/sip-communicator.properties <<EOF
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ARBITRARY_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_SIP_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_JABBER_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_RTP_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ICE4j_ENABLED=true
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_COUNT=1
|
|
||||||
net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_SIZE=-1
|
|
||||||
EOF
|
|
||||||
|
|
||||||
/srv/jvb/jvb.sh \
|
|
||||||
--host=${JITSI_PROSODY_HOST} \
|
|
||||||
--domain=jitsi.deuxfleurs.fr \
|
|
||||||
--port=5347 \
|
|
||||||
--secret=${JITSI_SECRET_VIDEOBRIDGE} \
|
|
||||||
--apis=xmpp,rest
|
|
||||||
|
|
|
@ -1,13 +1,10 @@
|
||||||
FROM debian:buster as builder
|
FROM debian:buster as builder
|
||||||
|
|
||||||
WORKDIR /tmp
|
|
||||||
ARG MEET_VERSION
|
|
||||||
ARG PREFIXV
|
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y wget unzip
|
apt-get install -y git unzip
|
||||||
RUN wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${MEET_VERSION}.zip -O meet.zip
|
|
||||||
RUN unzip meet.zip && \
|
ARG MEET_TAG
|
||||||
mv jitsi-meet-* jitsi-meet
|
RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
|
||||||
|
|
||||||
FROM debian:buster
|
FROM debian:buster
|
||||||
|
|
||||||
|
@ -30,7 +27,7 @@ RUN mkdir -p /usr/local/share/ca-certificates/ && \
|
||||||
mkdir -p /var/lib/prosody && \
|
mkdir -p /var/lib/prosody && \
|
||||||
chown -R prosody:prosody /var/lib/prosody /run/prosody
|
chown -R prosody:prosody /var/lib/prosody /run/prosody
|
||||||
|
|
||||||
COPY --from=builder /tmp/jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/
|
COPY --from=builder /jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/
|
||||||
COPY xmpp_prosody /usr/local/bin/xmpp_prosody
|
COPY xmpp_prosody /usr/local/bin/xmpp_prosody
|
||||||
|
|
||||||
WORKDIR /var/lib/prosody
|
WORKDIR /var/lib/prosody
|
||||||
|
|
773
app/jitsi/config/config.js
Normal file
773
app/jitsi/config/config.js
Normal file
|
@ -0,0 +1,773 @@
|
||||||
|
/* eslint-disable no-unused-vars, no-var */
|
||||||
|
|
||||||
|
var config = {
|
||||||
|
// Connection
|
||||||
|
//
|
||||||
|
|
||||||
|
hosts: {
|
||||||
|
// XMPP domain.
|
||||||
|
domain: 'jitsi',
|
||||||
|
|
||||||
|
// When using authentication, domain for guest users.
|
||||||
|
// anonymousdomain: 'guest.example.com',
|
||||||
|
|
||||||
|
// Domain for authenticated users. Defaults to <domain>.
|
||||||
|
// authdomain: 'jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// Focus component domain. Defaults to focus.<domain>.
|
||||||
|
// focus: 'focus.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||||
|
muc: 'conference.jitsi'
|
||||||
|
},
|
||||||
|
|
||||||
|
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||||
|
bosh: '//jitsi.deuxfleurs.fr/http-bind',
|
||||||
|
|
||||||
|
// Websocket URL
|
||||||
|
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
|
||||||
|
|
||||||
|
// The name of client node advertised in XEP-0115 'c' stanza
|
||||||
|
clientNode: 'http://jitsi.org/jitsimeet',
|
||||||
|
|
||||||
|
// The real JID of focus participant - can be overridden here
|
||||||
|
// Do not change username - FIXME: Make focus username configurable
|
||||||
|
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||||
|
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
|
||||||
|
// Testing / experimental features.
|
||||||
|
//
|
||||||
|
|
||||||
|
testing: {
|
||||||
|
// Disables the End to End Encryption feature. Useful for debugging
|
||||||
|
// issues related to insertable streams.
|
||||||
|
// disableE2EE: false,
|
||||||
|
|
||||||
|
// P2P test mode disables automatic switching to P2P when there are 2
|
||||||
|
// participants in the conference.
|
||||||
|
p2pTestMode: false
|
||||||
|
|
||||||
|
// Enables the test specific features consumed by jitsi-meet-torture
|
||||||
|
// testMode: false
|
||||||
|
|
||||||
|
// Disables the auto-play behavior of *all* newly created video element.
|
||||||
|
// This is useful when the client runs on a host with limited resources.
|
||||||
|
// noAutoPlayVideo: false
|
||||||
|
|
||||||
|
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
|
||||||
|
// simulcast is turned off for the desktop share. If presenter is turned
|
||||||
|
// on while screensharing is in progress, the max bitrate is automatically
|
||||||
|
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
|
||||||
|
// the probability for this to be enabled.
|
||||||
|
// capScreenshareBitrate: 1 // 0 to disable
|
||||||
|
|
||||||
|
// Enable callstats only for a percentage of users.
|
||||||
|
// This takes a value between 0 and 100 which determines the probability for
|
||||||
|
// the callstats to be enabled.
|
||||||
|
// callStatsThreshold: 5 // enable callstats for 5% of the users.
|
||||||
|
},
|
||||||
|
|
||||||
|
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceUdpDisable: false,
|
||||||
|
|
||||||
|
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceTcpDisable: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Media
|
||||||
|
//
|
||||||
|
|
||||||
|
// Audio
|
||||||
|
|
||||||
|
// Disable measuring of audio levels.
|
||||||
|
// disableAudioLevels: false,
|
||||||
|
// audioLevelsInterval: 200,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||||
|
// will notify the user if the current selected microphone has no audio
|
||||||
|
// input and will suggest another valid device if one is present.
|
||||||
|
enableNoAudioDetection: true,
|
||||||
|
|
||||||
|
// Enabling this will show a "Save Logs" link in the GSM popover that can be
|
||||||
|
// used to collect debug information (XMPP IQs, SDP offer/answer cycles)
|
||||||
|
// about the call.
|
||||||
|
// enableSaveLogs: false,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||||
|
// notify the user if there is noise, other than voice, coming from the current
|
||||||
|
// selected microphone. The purpose it to let the user know that the input could
|
||||||
|
// be potentially unpleasant for other meeting participants.
|
||||||
|
enableNoisyMicDetection: false,
|
||||||
|
|
||||||
|
// Start the conference in audio only mode (no video is being received nor
|
||||||
|
// sent).
|
||||||
|
startAudioOnly: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start audio muted.
|
||||||
|
startAudioMuted: 5,
|
||||||
|
|
||||||
|
// Start calls with audio muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithAudioMuted: false,
|
||||||
|
|
||||||
|
// Enabling it (with #params) will disable local audio output of remote
|
||||||
|
// participants and to enable it back a reload is needed.
|
||||||
|
// startSilent: false
|
||||||
|
|
||||||
|
// Sets the preferred target bitrate for the Opus audio codec by setting its
|
||||||
|
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
|
||||||
|
// Valid values are in the range 6000 to 510000
|
||||||
|
// opusMaxAverageBitrate: 20000,
|
||||||
|
|
||||||
|
// Enables support for opus-red (redundancy for Opus).
|
||||||
|
// enableOpusRed: false
|
||||||
|
|
||||||
|
// Video
|
||||||
|
|
||||||
|
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||||
|
// resolution: 720,
|
||||||
|
|
||||||
|
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||||
|
// Use -1 to disable.
|
||||||
|
// maxFullResolutionParticipants: 2,
|
||||||
|
|
||||||
|
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||||
|
// used by browsers that return true from lib-jitsi-meet's
|
||||||
|
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||||
|
// this config's resolution value. Defaults to requesting an ideal
|
||||||
|
// resolution of 720p.
|
||||||
|
// constraints: {
|
||||||
|
// video: {
|
||||||
|
// height: {
|
||||||
|
// ideal: 720,
|
||||||
|
// max: 720,
|
||||||
|
// min: 240
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Enable / disable simulcast support.
|
||||||
|
// disableSimulcast: false,
|
||||||
|
|
||||||
|
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||||
|
// layers are not in use will be suspended (no longer sent) until they
|
||||||
|
// are requested again.
|
||||||
|
// enableLayerSuspension: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start video muted.
|
||||||
|
startVideoMuted: 5,
|
||||||
|
|
||||||
|
// Start calls with video muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithVideoMuted: false,
|
||||||
|
|
||||||
|
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||||
|
// Note that it's not recommended to do this because simulcast is not
|
||||||
|
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||||
|
// default and can be toggled in the p2p section.
|
||||||
|
// This option has been deprecated, use preferredCodec under videoQuality section instead.
|
||||||
|
// preferH264: true,
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// Desktop sharing
|
||||||
|
|
||||||
|
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||||
|
// desktopSharingFrameRate: {
|
||||||
|
// min: 5,
|
||||||
|
// max: 5
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Try to start calls with screen-sharing instead of camera video.
|
||||||
|
// startScreenSharing: false,
|
||||||
|
|
||||||
|
// Recording
|
||||||
|
|
||||||
|
// Whether to enable file recording or not.
|
||||||
|
// fileRecordingsEnabled: false,
|
||||||
|
// Enable the dropbox integration.
|
||||||
|
// dropbox: {
|
||||||
|
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||||
|
// // A URL to redirect the user to, after authenticating
|
||||||
|
// // by default uses:
|
||||||
|
// // 'https://jitsi-meet.example.com/static/oauth.html'
|
||||||
|
// redirectURI:
|
||||||
|
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
|
||||||
|
// },
|
||||||
|
// When integrations like dropbox are enabled only that will be shown,
|
||||||
|
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||||
|
// and the generic recording service (its configuration and storage type
|
||||||
|
// depends on jibri configuration)
|
||||||
|
// fileRecordingsServiceEnabled: false,
|
||||||
|
// Whether to show the possibility to share file recording with other people
|
||||||
|
// (e.g. meeting participants), based on the actual implementation
|
||||||
|
// on the backend.
|
||||||
|
// fileRecordingsServiceSharingEnabled: false,
|
||||||
|
|
||||||
|
// Whether to enable live streaming or not.
|
||||||
|
// liveStreamingEnabled: false,
|
||||||
|
|
||||||
|
// Transcription (in interface_config,
|
||||||
|
// subtitles and buttons can be configured)
|
||||||
|
// transcribingEnabled: false,
|
||||||
|
|
||||||
|
// Enables automatic turning on captions when recording is started
|
||||||
|
// autoCaptionOnRecord: false,
|
||||||
|
|
||||||
|
// Misc
|
||||||
|
|
||||||
|
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||||
|
channelLastN: -1,
|
||||||
|
|
||||||
|
// Provides a way to use different "last N" values based on the number of participants in the conference.
|
||||||
|
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
|
||||||
|
// participants gets to or above the number.
|
||||||
|
//
|
||||||
|
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
|
||||||
|
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
|
||||||
|
// will be used as default until the first threshold is reached.
|
||||||
|
//
|
||||||
|
// lastNLimits: {
|
||||||
|
// 5: 20,
|
||||||
|
// 30: 15,
|
||||||
|
// 50: 10,
|
||||||
|
// 70: 5,
|
||||||
|
// 90: 2
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Specify the settings for video quality optimizations on the client.
|
||||||
|
// videoQuality: {
|
||||||
|
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||||
|
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||||
|
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||||
|
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||||
|
// disabledCodec: 'H264',
|
||||||
|
//
|
||||||
|
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||||
|
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||||
|
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||||
|
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||||
|
// // to take effect.
|
||||||
|
// preferredCodec: 'VP8',
|
||||||
|
//
|
||||||
|
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||||
|
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||||
|
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||||
|
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||||
|
// // This is currently not implemented on app based clients on mobile.
|
||||||
|
// maxBitratesVideo: {
|
||||||
|
// low: 200000,
|
||||||
|
// standard: 500000,
|
||||||
|
// high: 1500000
|
||||||
|
// },
|
||||||
|
//
|
||||||
|
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||||
|
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||||
|
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||||
|
// // 'standard' - for the medium quality level (360p)
|
||||||
|
// // 'high' - for the high quality level (720p)
|
||||||
|
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||||
|
// //
|
||||||
|
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||||
|
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||||
|
// // the high quality.
|
||||||
|
// minHeightForQualityLvl: {
|
||||||
|
// 360: 'standard',
|
||||||
|
// 720: 'high'
|
||||||
|
// },
|
||||||
|
//
|
||||||
|
// // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas
|
||||||
|
// // for the presenter mode (camera picture-in-picture mode with screenshare).
|
||||||
|
// resizeDesktopForPresenter: false
|
||||||
|
// },
|
||||||
|
|
||||||
|
// // Options for the recording limit notification.
|
||||||
|
// recordingLimit: {
|
||||||
|
//
|
||||||
|
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||||
|
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||||
|
// // jibri!
|
||||||
|
// limit: 60,
|
||||||
|
//
|
||||||
|
// // The name of the app with unlimited recordings.
|
||||||
|
// appName: 'Unlimited recordings APP',
|
||||||
|
//
|
||||||
|
// // The URL of the app with unlimited recordings.
|
||||||
|
// appURL: 'https://unlimited.recordings.app.com/'
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||||
|
// disableRtx: false,
|
||||||
|
|
||||||
|
// Disables or enables TCC support in this client (default: enabled).
|
||||||
|
// enableTcc: true,
|
||||||
|
|
||||||
|
// Disables or enables REMB support in this client (default: enabled).
|
||||||
|
// enableRemb: true,
|
||||||
|
|
||||||
|
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||||
|
// ICE failure. Current disabled by default because it's causing issues with
|
||||||
|
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||||
|
// not a real ICE restart), the client maintains the TCC sequence number
|
||||||
|
// counter, but the bridge resets it. The bridge sends media packets with
|
||||||
|
// TCC sequence numbers starting from 0.
|
||||||
|
// enableIceRestart: false,
|
||||||
|
|
||||||
|
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||||
|
// we filter out TURN/UDP because it is usually not needed since the
|
||||||
|
// bridge itself is reachable via UDP)
|
||||||
|
// useTurnUdp: false
|
||||||
|
|
||||||
|
// UI
|
||||||
|
//
|
||||||
|
|
||||||
|
// Disables responsive tiles.
|
||||||
|
// disableResponsiveTiles: false,
|
||||||
|
|
||||||
|
// Hides lobby button
|
||||||
|
// hideLobbyButton: false,
|
||||||
|
|
||||||
|
// Require users to always specify a display name.
|
||||||
|
// requireDisplayName: true,
|
||||||
|
|
||||||
|
// Whether to use a welcome page or not. In case it's false a random room
|
||||||
|
// will be joined when no room is specified.
|
||||||
|
enableWelcomePage: true,
|
||||||
|
|
||||||
|
// Disable app shortcuts that are registered upon joining a conference
|
||||||
|
// disableShortcuts: false,
|
||||||
|
|
||||||
|
// Disable initial browser getUserMedia requests.
|
||||||
|
// This is useful for scenarios where users might want to start a conference for screensharing only
|
||||||
|
// disableInitialGUM: false,
|
||||||
|
|
||||||
|
// Enabling the close page will ignore the welcome page redirection when
|
||||||
|
// a call is hangup.
|
||||||
|
// enableClosePage: false,
|
||||||
|
|
||||||
|
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||||
|
// disable1On1Mode: false,
|
||||||
|
|
||||||
|
// Default language for the user interface.
|
||||||
|
defaultLanguage: 'fr',
|
||||||
|
|
||||||
|
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||||
|
// disableProfile: false,
|
||||||
|
|
||||||
|
// Whether or not some features are checked based on token.
|
||||||
|
// enableFeaturesBasedOnToken: false,
|
||||||
|
|
||||||
|
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||||
|
// roomPasswordNumberOfDigits: 10,
|
||||||
|
// default: roomPasswordNumberOfDigits: false,
|
||||||
|
|
||||||
|
// Message to show the users. Example: 'The service will be down for
|
||||||
|
// maintenance at 01:00 AM GMT,
|
||||||
|
// noticeMessage: '',
|
||||||
|
|
||||||
|
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||||
|
// and microsoftApiApplicationClientID
|
||||||
|
// enableCalendarIntegration: false,
|
||||||
|
|
||||||
|
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||||
|
prejoinPageEnabled: true,
|
||||||
|
|
||||||
|
// If etherpad integration is enabled, setting this to true will
|
||||||
|
// automatically open the etherpad when a participant joins. This
|
||||||
|
// does not affect the mobile app since opening an etherpad
|
||||||
|
// obscures the conference controls -- it's better to let users
|
||||||
|
// choose to open the pad on their own in that case.
|
||||||
|
// openSharedDocumentOnJoin: false,
|
||||||
|
|
||||||
|
// If true, shows the unsafe room name warning label when a room name is
|
||||||
|
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||||
|
// set or the lobby is not enabled.
|
||||||
|
// enableInsecureRoomNameWarning: false,
|
||||||
|
|
||||||
|
// Whether to automatically copy invitation URL after creating a room.
|
||||||
|
// Document should be focused for this option to work
|
||||||
|
// enableAutomaticUrlCopy: false,
|
||||||
|
|
||||||
|
// Base URL for a Gravatar-compatible service. Defaults to libravatar.
|
||||||
|
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/';
|
||||||
|
|
||||||
|
// Stats
|
||||||
|
//
|
||||||
|
|
||||||
|
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||||
|
// This can be useful for debugging purposes (post-processing/analysis of
|
||||||
|
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||||
|
// estimation tests.
|
||||||
|
// gatherStats: false,
|
||||||
|
|
||||||
|
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||||
|
// pcStatsInterval: 10000,
|
||||||
|
|
||||||
|
// To enable sending statistics to callstats.io you must provide the
|
||||||
|
// Application ID and Secret.
|
||||||
|
// callStatsID: '',
|
||||||
|
// callStatsSecret: '',
|
||||||
|
|
||||||
|
// Enables sending participants' display names to callstats
|
||||||
|
// enableDisplayNameInStats: false,
|
||||||
|
|
||||||
|
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||||
|
// enableEmailInStats: false,
|
||||||
|
|
||||||
|
// Privacy
|
||||||
|
//
|
||||||
|
|
||||||
|
// If third party requests are disabled, no other server will be contacted.
|
||||||
|
// This means avatars will be locally generated and callstats integration
|
||||||
|
// will not function.
|
||||||
|
// disableThirdPartyRequests: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||||
|
//
|
||||||
|
|
||||||
|
p2p: {
|
||||||
|
// Enables peer to peer mode. When enabled the system will try to
|
||||||
|
// establish a direct connection when there are exactly 2 participants
|
||||||
|
// in the room. If that succeeds the conference will stop sending data
|
||||||
|
// through the JVB and use the peer to peer connection instead. When a
|
||||||
|
// 3rd participant joins the conference will be moved back to the JVB
|
||||||
|
// connection.
|
||||||
|
enabled: true,
|
||||||
|
|
||||||
|
// The STUN servers that will be used in the peer to peer connections
|
||||||
|
stunServers: [
|
||||||
|
|
||||||
|
// { urls: 'stun:jitsi-meet.example.com:3478' },
|
||||||
|
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
|
||||||
|
]
|
||||||
|
|
||||||
|
// Sets the ICE transport policy for the p2p connection. At the time
|
||||||
|
// of this writing the list of possible values are 'all' and 'relay',
|
||||||
|
// but that is subject to change in the future. The enum is defined in
|
||||||
|
// the WebRTC standard:
|
||||||
|
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||||
|
// If not set, the effective value is 'all'.
|
||||||
|
// iceTransportPolicy: 'all',
|
||||||
|
|
||||||
|
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||||
|
// is supported). This setting is deprecated, use preferredCodec instead.
|
||||||
|
// preferH264: true
|
||||||
|
|
||||||
|
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||||
|
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||||
|
// preferredCodec: 'H264',
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP. This setting is deprecated, use disabledCodec instead.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||||
|
// disabledCodec: '',
|
||||||
|
|
||||||
|
// How long we're going to wait, before going back to P2P after the 3rd
|
||||||
|
// participant has left the conference (to filter out page reload).
|
||||||
|
// backToP2PDelay: 5
|
||||||
|
},
|
||||||
|
|
||||||
|
analytics: {
|
||||||
|
// The Google Analytics Tracking ID:
|
||||||
|
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||||
|
|
||||||
|
// Matomo configuration:
|
||||||
|
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||||
|
// matomoSiteID: '42',
|
||||||
|
|
||||||
|
// The Amplitude APP Key:
|
||||||
|
// amplitudeAPPKey: '<APP_KEY>'
|
||||||
|
|
||||||
|
// Configuration for the rtcstats server:
|
||||||
|
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||||
|
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||||
|
// PeerConnection states along with getStats metrics polled at the specified
|
||||||
|
// interval.
|
||||||
|
// rtcstatsEnabled: true,
|
||||||
|
|
||||||
|
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||||
|
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||||
|
|
||||||
|
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
|
||||||
|
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||||
|
// will only send data related to RTCPeerConnection events.
|
||||||
|
// rtcstatsPolIInterval: 1000
|
||||||
|
|
||||||
|
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||||
|
// scriptURLs: [
|
||||||
|
// "libs/analytics-ga.min.js", // google-analytics
|
||||||
|
// "https://example.com/my-custom-analytics.js"
|
||||||
|
// ],
|
||||||
|
},
|
||||||
|
|
||||||
|
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||||
|
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||||
|
|
||||||
|
// Information about the jitsi-meet instance we are connecting to, including
|
||||||
|
// the user region as seen by the server.
|
||||||
|
deploymentInfo: {
|
||||||
|
// shard: "shard1",
|
||||||
|
// region: "europe",
|
||||||
|
// userRegion: "asia"
|
||||||
|
},
|
||||||
|
|
||||||
|
// Decides whether the start/stop recording audio notifications should play on record.
|
||||||
|
// disableRecordAudioNotification: false,
|
||||||
|
|
||||||
|
// Information for the chrome extension banner
|
||||||
|
// chromeExtensionBanner: {
|
||||||
|
// // The chrome extension to be installed address
|
||||||
|
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
|
||||||
|
// // Extensions info which allows checking if they are installed or not
|
||||||
|
// chromeExtensionsInfo: [
|
||||||
|
// {
|
||||||
|
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
// path: 'jitsi-logo-48x48.png'
|
||||||
|
// }
|
||||||
|
// ]
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Local Recording
|
||||||
|
//
|
||||||
|
|
||||||
|
// localRecording: {
|
||||||
|
// Enables local recording.
|
||||||
|
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||||
|
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||||
|
// button to show up on the toolbar.
|
||||||
|
//
|
||||||
|
// enabled: true,
|
||||||
|
//
|
||||||
|
|
||||||
|
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||||
|
// format: 'flac'
|
||||||
|
//
|
||||||
|
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Options related to end-to-end (participant to participant) ping.
|
||||||
|
// e2eping: {
|
||||||
|
// // The interval in milliseconds at which pings will be sent.
|
||||||
|
// // Defaults to 10000, set to <= 0 to disable.
|
||||||
|
// pingInterval: 10000,
|
||||||
|
//
|
||||||
|
// // The interval in milliseconds at which analytics events
|
||||||
|
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||||
|
// // to <= 0 to disable.
|
||||||
|
// analyticsInterval: 60000,
|
||||||
|
// },
|
||||||
|
|
||||||
|
// If set, will attempt to use the provided video input device label when
|
||||||
|
// triggering a screenshare, instead of proceeding through the normal flow
|
||||||
|
// for obtaining a desktop stream.
|
||||||
|
// NOTE: This option is experimental and is currently intended for internal
|
||||||
|
// use only.
|
||||||
|
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||||
|
|
||||||
|
// If true, any checks to handoff to another application will be prevented
|
||||||
|
// and instead the app will continue to display in the current browser.
|
||||||
|
// disableDeepLinking: false,
|
||||||
|
|
||||||
|
// A property to disable the right click context menu for localVideo
|
||||||
|
// the menu has option to flip the locally seen video for local presentations
|
||||||
|
// disableLocalVideoFlip: false,
|
||||||
|
|
||||||
|
// Mainly privacy related settings
|
||||||
|
|
||||||
|
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||||
|
// disableInviteFunctions: true,
|
||||||
|
|
||||||
|
// Disables storing the room name to the recents list
|
||||||
|
// doNotStoreRoom: true,
|
||||||
|
|
||||||
|
// Deployment specific URLs.
|
||||||
|
// deploymentUrls: {
|
||||||
|
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||||
|
// // user documentation.
|
||||||
|
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||||
|
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||||
|
// // to the specified URL for an app download page.
|
||||||
|
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Options related to the remote participant menu.
|
||||||
|
// remoteVideoMenu: {
|
||||||
|
// // If set to true the 'Kick out' button will be disabled.
|
||||||
|
// disableKick: true
|
||||||
|
// },
|
||||||
|
|
||||||
|
// If set to true all muting operations of remote participants will be disabled.
|
||||||
|
// disableRemoteMute: true,
|
||||||
|
|
||||||
|
// Enables support for lip-sync for this client (if the browser supports it).
|
||||||
|
// enableLipSync: false
|
||||||
|
|
||||||
|
/**
|
||||||
|
External API url used to receive branding specific information.
|
||||||
|
If there is no url set or there are missing fields, the defaults are applied.
|
||||||
|
None of the fields are mandatory and the response must have the shape:
|
||||||
|
{
|
||||||
|
// The hex value for the colour used as background
|
||||||
|
backgroundColor: '#fff',
|
||||||
|
// The url for the image used as background
|
||||||
|
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||||
|
// The anchor url used when clicking the logo image
|
||||||
|
logoClickUrl: 'https://example-company.org',
|
||||||
|
// The url used for the image used as logo
|
||||||
|
logoImageUrl: 'https://example.com/logo-img.png'
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
// dynamicBrandingUrl: '',
|
||||||
|
|
||||||
|
// The URL of the moderated rooms microservice, if available. If it
|
||||||
|
// is present, a link to the service will be rendered on the welcome page,
|
||||||
|
// otherwise the app doesn't render it.
|
||||||
|
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||||
|
// disableTileView: true,
|
||||||
|
|
||||||
|
// Hides the conference subject
|
||||||
|
// hideConferenceSubject: true
|
||||||
|
|
||||||
|
// Hides the conference timer.
|
||||||
|
// hideConferenceTimer: true,
|
||||||
|
|
||||||
|
// Hides the participants stats
|
||||||
|
// hideParticipantsStats: true
|
||||||
|
|
||||||
|
// Sets the conference subject
|
||||||
|
// subject: 'Conference Subject',
|
||||||
|
|
||||||
|
// List of undocumented settings used in jitsi-meet
|
||||||
|
/**
|
||||||
|
_immediateReloadThreshold
|
||||||
|
debug
|
||||||
|
debugAudioLevels
|
||||||
|
deploymentInfo
|
||||||
|
dialInConfCodeUrl
|
||||||
|
dialInNumbersUrl
|
||||||
|
dialOutAuthUrl
|
||||||
|
dialOutCodesUrl
|
||||||
|
disableRemoteControl
|
||||||
|
displayJids
|
||||||
|
etherpad_base
|
||||||
|
externalConnectUrl
|
||||||
|
firefox_fake_device
|
||||||
|
googleApiApplicationClientID
|
||||||
|
iAmRecorder
|
||||||
|
iAmSipGateway
|
||||||
|
microsoftApiApplicationClientID
|
||||||
|
peopleSearchQueryTypes
|
||||||
|
peopleSearchUrl
|
||||||
|
requireDisplayName
|
||||||
|
tokenAuthUrl
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||||
|
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||||
|
* can become https://brandedDomain/roomAlias)
|
||||||
|
*/
|
||||||
|
// brandingRoomAlias: null,
|
||||||
|
|
||||||
|
// List of undocumented settings used in lib-jitsi-meet
|
||||||
|
/**
|
||||||
|
_peerConnStatusOutOfLastNTimeout
|
||||||
|
_peerConnStatusRtcMuteTimeout
|
||||||
|
abTesting
|
||||||
|
avgRtpStatsN
|
||||||
|
callStatsConfIDNamespace
|
||||||
|
callStatsCustomScriptUrl
|
||||||
|
desktopSharingSources
|
||||||
|
disableAEC
|
||||||
|
disableAGC
|
||||||
|
disableAP
|
||||||
|
disableHPF
|
||||||
|
disableNS
|
||||||
|
enableTalkWhileMuted
|
||||||
|
forceJVB121Ratio
|
||||||
|
forceTurnRelay
|
||||||
|
hiddenDomain
|
||||||
|
ignoreStartMuted
|
||||||
|
websocketKeepAlive
|
||||||
|
websocketKeepAliveUrl
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
Use this array to configure which notifications will be shown to the user
|
||||||
|
The items correspond to the title or description key of that notification
|
||||||
|
Some of these notifications also depend on some other internal logic to be displayed or not,
|
||||||
|
so adding them here will not ensure they will always be displayed
|
||||||
|
|
||||||
|
A falsy value for this prop will result in having all notifications enabled (e.g null, undefined, false)
|
||||||
|
*/
|
||||||
|
// notifications: [
|
||||||
|
// 'connection.CONNFAIL', // shown when the connection fails,
|
||||||
|
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
|
||||||
|
// 'dialog.kickTitle', // shown when user has been kicked
|
||||||
|
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
|
||||||
|
// 'dialog.lockTitle', // shown when setting conference password fails
|
||||||
|
// 'dialog.maxUsersLimitReached', // shown when maximmum users limit has been reached
|
||||||
|
// 'dialog.micNotSendingData', // shown when user's mic is not sending any audio
|
||||||
|
// 'dialog.passwordNotSupportedTitle', // shown when setting conference password fails due to password format
|
||||||
|
// 'dialog.recording', // recording notifications (pending, on, off, limits)
|
||||||
|
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
|
||||||
|
// 'dialog.reservationError',
|
||||||
|
// 'dialog.serviceUnavailable', // shown when server is not reachable
|
||||||
|
// 'dialog.sessTerminated', // shown when there is a failed conference session
|
||||||
|
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
|
||||||
|
// 'dialog.transcribing', // transcribing notifications (pending, off)
|
||||||
|
// 'dialOut.statusMessage', // shown when dial out status is updated.
|
||||||
|
// 'liveStreaming.busy', // shown when livestreaming service is busy
|
||||||
|
// 'liveStreaming.failedToStart', // shown when livestreaming fails to start
|
||||||
|
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||||
|
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||||
|
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||||
|
// 'localRecording.localRecording', // shown when a local recording is started
|
||||||
|
// 'notify.disconnected', // shown when a participant has left
|
||||||
|
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
|
||||||
|
// 'notify.invitedOneMember', // shown when 1 participant has been invited
|
||||||
|
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||||
|
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||||
|
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||||
|
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
|
||||||
|
// 'notify.mutedTitle', // shown when user has been muted upon joining,
|
||||||
|
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
|
||||||
|
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
|
||||||
|
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
|
||||||
|
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
|
||||||
|
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||||
|
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||||
|
// 'prejoin.errorDialOut',
|
||||||
|
// 'prejoin.errorDialOutDisconnected',
|
||||||
|
// 'prejoin.errorDialOutFailed',
|
||||||
|
// 'prejoin.errorDialOutStatus',
|
||||||
|
// 'prejoin.errorStatusCode',
|
||||||
|
// 'prejoin.errorValidation',
|
||||||
|
// 'recording.busy', // shown when recording service is busy
|
||||||
|
// 'recording.failedToStart', // shown when recording fails to start
|
||||||
|
// 'recording.unavailableTitle', // shown when recording service is not reachable
|
||||||
|
// 'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
|
||||||
|
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
|
||||||
|
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
|
||||||
|
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
||||||
|
// ]
|
||||||
|
|
||||||
|
// Allow all above example options to include a trailing comma and
|
||||||
|
// prevent fear when commenting out the last value.
|
||||||
|
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||||
|
|
||||||
|
// no configuration value should follow this line.
|
||||||
|
};
|
||||||
|
|
||||||
|
/* eslint-enable no-unused-vars, no-var */
|
|
@ -1,10 +0,0 @@
|
||||||
JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }}
|
|
||||||
JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }}
|
|
||||||
JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
|
|
||||||
JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }}
|
|
||||||
JITSI_PROSODY_BOSH_HOST=127.0.0.1
|
|
||||||
JITSI_PROSODY_HOST=127.0.0.1
|
|
||||||
JITSI_CERTS_FOLDER=/secrets/certs/
|
|
||||||
JITSI_NAT_PUBLIC_IP=78.197.205.190
|
|
||||||
JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
|
|
||||||
NGINX_PORT={{ env "NOMAD_PORT_https_port" }}
|
|
273
app/jitsi/config/jicofo.conf
Normal file
273
app/jitsi/config/jicofo.conf
Normal file
|
@ -0,0 +1,273 @@
|
||||||
|
jicofo {
|
||||||
|
// Authentication with external services
|
||||||
|
authentication {
|
||||||
|
enabled = false
|
||||||
|
// The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default).
|
||||||
|
type = SHIBBOLETH
|
||||||
|
|
||||||
|
// The pattern of authentication URL. See ShibbolethAuthAuthority for more information.
|
||||||
|
# login-url =
|
||||||
|
|
||||||
|
# logout-url =
|
||||||
|
|
||||||
|
authentication-lifetime = 24 hours
|
||||||
|
enable-auto-login = true
|
||||||
|
}
|
||||||
|
// Configuration related to jitsi-videobridge
|
||||||
|
bridge {
|
||||||
|
// The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum).
|
||||||
|
max-bridge-participants = -1
|
||||||
|
// The assumed maximum packet rate that a bridge can handle.
|
||||||
|
max-bridge-packet-rate = 50000
|
||||||
|
// The assumed average packet rate per participant.
|
||||||
|
average-participant-packet-rate-pps = 500
|
||||||
|
// The assumed average stress per participant.
|
||||||
|
average-participant-stress = 0.01
|
||||||
|
// The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating
|
||||||
|
// a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints
|
||||||
|
// in the last [participant-rampup-time] multiplied by [average-participant-stress].
|
||||||
|
participant-rampup-interval = 20 seconds
|
||||||
|
// The stress level above which a bridge is considered overstressed.
|
||||||
|
stress-threshold = 0.8
|
||||||
|
// The amount of to wait before retrying using a failed bridge.
|
||||||
|
failure-reset-threshold = 1 minute
|
||||||
|
// The bridge selection strategy. The built-in strategies are:
|
||||||
|
// SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo).
|
||||||
|
// SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing).
|
||||||
|
// RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use
|
||||||
|
// Octo for geo-location).
|
||||||
|
// IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for
|
||||||
|
// load balancing).
|
||||||
|
//
|
||||||
|
// Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations.
|
||||||
|
selection-strategy = SingleBridgeSelectionStrategy
|
||||||
|
health-checks {
|
||||||
|
// Whether jicofo should perform periodic health checks to the connected bridges.
|
||||||
|
enabled = true
|
||||||
|
// The interval at which to perform health checks.
|
||||||
|
interval = 10 seconds
|
||||||
|
// When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This
|
||||||
|
// configures the delay between the original health check timing out and the second health check being sent.
|
||||||
|
// It is a duration and defaults to half the [interval].
|
||||||
|
# retry-delay = 5 seconds
|
||||||
|
}
|
||||||
|
|
||||||
|
// The JID of the MUC to be used as a brewery for bridge instances.
|
||||||
|
brewery-jid = "jvbbrewery@internal.auth.jitsi"
|
||||||
|
}
|
||||||
|
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
|
||||||
|
codec {
|
||||||
|
video {
|
||||||
|
vp8 {
|
||||||
|
enabled = true
|
||||||
|
pt = 100
|
||||||
|
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||||
|
rtx-pt = 96
|
||||||
|
}
|
||||||
|
vp9 {
|
||||||
|
enabled = true
|
||||||
|
pt = 101
|
||||||
|
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||||
|
rtx-pt = 97
|
||||||
|
}
|
||||||
|
h264 {
|
||||||
|
enabled = true
|
||||||
|
pt = 107
|
||||||
|
// Payload type for the associated RTX stream. Set to -1 to disable RTX.
|
||||||
|
rtx-pt = 99
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
audio {
|
||||||
|
isac-16000 {
|
||||||
|
enabled = true
|
||||||
|
pt = 103
|
||||||
|
}
|
||||||
|
isac-32000 {
|
||||||
|
enabled = true
|
||||||
|
pt = 104
|
||||||
|
}
|
||||||
|
opus {
|
||||||
|
enabled = true
|
||||||
|
pt = 111
|
||||||
|
minptime = 10
|
||||||
|
use-inband-fec = true
|
||||||
|
red {
|
||||||
|
enabled = false
|
||||||
|
pt = 112
|
||||||
|
}
|
||||||
|
}
|
||||||
|
telephone-event {
|
||||||
|
enabled = true
|
||||||
|
pt = 126
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// RTP header extensions
|
||||||
|
rtp-extensions {
|
||||||
|
audio-level {
|
||||||
|
enabled = true
|
||||||
|
id = 1
|
||||||
|
}
|
||||||
|
tof {
|
||||||
|
// TOF is currently disabled, because we don't support it in the bridge
|
||||||
|
// (and currently clients seem to not use it when abs-send-time is
|
||||||
|
// available).
|
||||||
|
enabled = false
|
||||||
|
id = 2
|
||||||
|
}
|
||||||
|
abs-send-time {
|
||||||
|
enabled = true
|
||||||
|
id = 3
|
||||||
|
}
|
||||||
|
rid {
|
||||||
|
enabled = false
|
||||||
|
id = 4
|
||||||
|
}
|
||||||
|
tcc {
|
||||||
|
enabled = true
|
||||||
|
id = 5
|
||||||
|
}
|
||||||
|
video-content-type {
|
||||||
|
enabled = false
|
||||||
|
id = 7
|
||||||
|
}
|
||||||
|
framemarking {
|
||||||
|
enabled = false
|
||||||
|
id = 9
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
conference {
|
||||||
|
// Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to
|
||||||
|
// the next in line when the current owner leaves).
|
||||||
|
enable-auto-owner = true
|
||||||
|
|
||||||
|
// How long to wait for the initial participant in a conference.
|
||||||
|
initial-timeout = 15 seconds
|
||||||
|
|
||||||
|
// Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary
|
||||||
|
// workaround for an issue with signaling endpoints for Octo.
|
||||||
|
inject-ssrc-for-recv-only-endpoints = false
|
||||||
|
|
||||||
|
max-ssrcs-per-user = 20
|
||||||
|
|
||||||
|
// How long a participant's media session will be kept alive once it remains the only participant in the room.
|
||||||
|
single-participant-timeout = 20 seconds
|
||||||
|
|
||||||
|
// The minimum number of participants required for the conference to be started.
|
||||||
|
min-participants = 2
|
||||||
|
|
||||||
|
// Experimental.
|
||||||
|
enable-lip-sync = false
|
||||||
|
|
||||||
|
shared-document {
|
||||||
|
// If `true` the shared document uses a random name. Otherwise, it uses the conference name.
|
||||||
|
use-random-name = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Configuration for the internal health checks performed by jicofo.
|
||||||
|
health {
|
||||||
|
// Whether to perform health checks.
|
||||||
|
enabled = false
|
||||||
|
|
||||||
|
// The interval between health checks. If set to 0, periodic health checks will not be performed.
|
||||||
|
interval = 10 seconds
|
||||||
|
|
||||||
|
# The timeout for a health check
|
||||||
|
timeout = 30 seconds
|
||||||
|
|
||||||
|
# If performing a health check takes longer than this, it is considered unsuccessful.
|
||||||
|
max-check-duration = 20 seconds
|
||||||
|
|
||||||
|
# The prefix to use when creating MUC rooms for the purpose of health checks.
|
||||||
|
room-name-prefix = "__jicofo-health-check"
|
||||||
|
}
|
||||||
|
|
||||||
|
jibri {
|
||||||
|
// The JID of the MUC to be used as a brewery for jibri instances for streaming.
|
||||||
|
# brewery-jid = "jibribrewery@example.com"
|
||||||
|
|
||||||
|
// How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries.
|
||||||
|
num-retries = 5
|
||||||
|
|
||||||
|
// How long to wait for Jibri to start recording from the time it accepts a START request.
|
||||||
|
pending-timeout = 90 seconds
|
||||||
|
}
|
||||||
|
|
||||||
|
jibri-sip {
|
||||||
|
// The JID of the MUC to be used as a brewery for jibri instances for SIP.
|
||||||
|
# brewery-jid = "jibrisipbrewery@example.com"
|
||||||
|
}
|
||||||
|
|
||||||
|
jigasi {
|
||||||
|
// The JID of the MUC to be used as a brewery for jigasi instances.
|
||||||
|
# brewery-jid = "jigasibrewery@example.com"
|
||||||
|
}
|
||||||
|
|
||||||
|
// The region in which the machine is running.
|
||||||
|
#local-region="us-east-1"
|
||||||
|
|
||||||
|
octo {
|
||||||
|
// Whether or not to use Octo. Note that when enabled, its use will be determined by
|
||||||
|
// $jicofo.bridge.selection-strategy.
|
||||||
|
enabled = false
|
||||||
|
|
||||||
|
// An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
|
||||||
|
// Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
|
||||||
|
id = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
rest {
|
||||||
|
port = 8888
|
||||||
|
tls-port = 8843
|
||||||
|
}
|
||||||
|
|
||||||
|
sctp {
|
||||||
|
// Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is
|
||||||
|
// enabled in the per-conference configuration).
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
||||||
|
task-pools {
|
||||||
|
shared-pool-max-threads = 1500
|
||||||
|
}
|
||||||
|
|
||||||
|
xmpp {
|
||||||
|
// The separate XMPP connection used for communication with clients (endpoints).
|
||||||
|
client {
|
||||||
|
enabled = true
|
||||||
|
hostname = "{{ env "NOMAD_IP_xmpp_port" }}"
|
||||||
|
port = {{ env "NOMAD_PORT_xmpp_port" }}
|
||||||
|
domain = "auth.jitsi"
|
||||||
|
username = "focus"
|
||||||
|
password = {{ key "secrets/jitsi/jicofo_pass" | trimSpace }}
|
||||||
|
|
||||||
|
// How long to wait for a response to a stanza before giving up.
|
||||||
|
reply-timeout = 15 seconds
|
||||||
|
|
||||||
|
// The JID/domain of the MUC service used for conferencing.
|
||||||
|
conference-muc-jid = conference.jitsi
|
||||||
|
|
||||||
|
// A flag to suppress the TLS certificate verification.
|
||||||
|
disable-certificate-verification = false
|
||||||
|
}
|
||||||
|
// The separate XMPP connection used for internal services (currently only jitsi-videobridge).
|
||||||
|
service {
|
||||||
|
enabled = false
|
||||||
|
hostname = "jitsi-xmpp"
|
||||||
|
port = 5222
|
||||||
|
domain = "auth.jitsi"
|
||||||
|
username = "focus"
|
||||||
|
password = "jicofopass"
|
||||||
|
|
||||||
|
// How long to wait for a response to a stanza before giving up.
|
||||||
|
reply-timeout = 15 seconds
|
||||||
|
|
||||||
|
// A flag to suppress the TLS certificate verification.
|
||||||
|
disable-certificate-verification = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
131
app/jitsi/config/nginx.conf
Normal file
131
app/jitsi/config/nginx.conf
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
||||||
|
error_log /dev/stderr;
|
||||||
|
|
||||||
|
events {}
|
||||||
|
|
||||||
|
http {
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
|
|
||||||
|
# mimetypes, required by jitsi!
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
types {
|
||||||
|
application/wasm wasm;
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
gzip on;
|
||||||
|
|
||||||
|
access_log /dev/stdout;
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
|
# inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||||
|
listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
|
||||||
|
client_max_body_size 0;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
# ssi on with javascript for multidomain variables in config.js
|
||||||
|
ssi on;
|
||||||
|
ssi_types application/x-javascript application/javascript;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/jitsi.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/jitsi.key;
|
||||||
|
root /srv/jitsi-meet;
|
||||||
|
index index.html;
|
||||||
|
error_page 404 /static/404.html;
|
||||||
|
|
||||||
|
location = /config.js {
|
||||||
|
alias /srv/jitsi-meet/config.js;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /interface_config.js {
|
||||||
|
alias /srv/jitsi-meet/interface_config.js;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /external_api.js {
|
||||||
|
alias /srv/jitsi-meet/libs/external_api.min.js;
|
||||||
|
}
|
||||||
|
|
||||||
|
# ensure all static content can always be found first
|
||||||
|
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
|
||||||
|
{
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
alias /srv/jitsi-meet/$1/$2;
|
||||||
|
}
|
||||||
|
|
||||||
|
# not used yet VVV
|
||||||
|
# colibri (JVB) websockets
|
||||||
|
#location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
|
||||||
|
# proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection "upgrade";
|
||||||
|
# tcp_nodelay on;
|
||||||
|
#}
|
||||||
|
|
||||||
|
location = /http-bind {
|
||||||
|
# We add CORS to use a different frontend which is useful for load testing as we do not want to advertise too much our URL
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'content-type';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'GET,POST,PUT,DELETE,OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
proxy_pass http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
|
||||||
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
|
proxy_set_header Host \$http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
# not used yet VVV
|
||||||
|
# xmpp websockets
|
||||||
|
#location = /xmpp-websocket {
|
||||||
|
# proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Connection "upgrade";
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# tcp_nodelay on;
|
||||||
|
#}
|
||||||
|
|
||||||
|
location ~ ^/([^/?&:'"]+)$ {
|
||||||
|
try_files $uri @root_path;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @root_path {
|
||||||
|
rewrite ^/(.*)$ / break;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Not used yet VVVV
|
||||||
|
# Etherpad-lite
|
||||||
|
# location /etherpad/ {
|
||||||
|
# proxy_http_version 1.1;
|
||||||
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
|
# proxy_set_header Connection 'upgrade';
|
||||||
|
# proxy_set_header Host $host;
|
||||||
|
# proxy_cache_bypass $http_upgrade;
|
||||||
|
# proxy_pass {{ .Env.ETHERPAD_URL_BASE }}/;
|
||||||
|
# proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
# proxy_buffering off;
|
||||||
|
# proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
|
||||||
|
# }
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
135
app/jitsi/config/prosody.cfg.lua
Normal file
135
app/jitsi/config/prosody.cfg.lua
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
modules_enabled = {
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"pep"; -- Enables users to publish their mood, activity, playing music and more
|
||||||
|
-- jitsi
|
||||||
|
--"smacks"; -- not shipped with prosody
|
||||||
|
"carbons";
|
||||||
|
"mam";
|
||||||
|
"lastactivity";
|
||||||
|
"offline";
|
||||||
|
"pubsub";
|
||||||
|
"adhoc";
|
||||||
|
"websocket";
|
||||||
|
--"http_altconnect"; -- not shipped with prosody
|
||||||
|
}
|
||||||
|
modules_disabled = { "s2s" }
|
||||||
|
|
||||||
|
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||||
|
|
||||||
|
log = {
|
||||||
|
--log less on console with warn="*console"; or err="*console" or more with debug="*console"
|
||||||
|
info="*console";
|
||||||
|
}
|
||||||
|
daemonize = false
|
||||||
|
use_libevent = true
|
||||||
|
|
||||||
|
-- domain mapper options, must at least have domain base set to use the mapper
|
||||||
|
muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
|
||||||
|
|
||||||
|
--@FIXME would be great to configure it
|
||||||
|
--turncredentials_secret = "__turnSecret__";
|
||||||
|
|
||||||
|
--turncredentials = {
|
||||||
|
-- { type = "stun", host = "jitmeet.example.com", port = "3478" },
|
||||||
|
-- { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
|
||||||
|
-- { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
|
||||||
|
--};
|
||||||
|
|
||||||
|
cross_domain_bosh = false;
|
||||||
|
consider_bosh_secure = true;
|
||||||
|
component_ports = { } -- it seems we don't need external components for now...
|
||||||
|
https_ports = { } -- we don't need https
|
||||||
|
http_ports = { {{env "NOMAD_PORT_bosh_port" }} }
|
||||||
|
c2s_ports = { {{env "NOMAD_PORT_xmpp_port" }} }
|
||||||
|
|
||||||
|
|
||||||
|
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||||
|
ssl = {
|
||||||
|
protocol = "tlsv1_2+";
|
||||||
|
ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||||
|
}
|
||||||
|
|
||||||
|
VirtualHost "jitsi"
|
||||||
|
enabled = true -- Remove this line to enable this host
|
||||||
|
authentication = "anonymous"
|
||||||
|
-- Properties below are modified by jitsi-meet-tokens package config
|
||||||
|
-- and authentication above is switched to "token"
|
||||||
|
--app_id="example_app_id"
|
||||||
|
--app_secret="example_app_secret"
|
||||||
|
-- Assign this host a certificate for TLS, otherwise it would use the one
|
||||||
|
-- set in the global section (if any).
|
||||||
|
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||||
|
-- use the global one.
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/prosody/jitsi.key";
|
||||||
|
certificate = "/var/lib/prosody/jitsi.crt";
|
||||||
|
}
|
||||||
|
speakerstats_component = "speakerstats.jitsi"
|
||||||
|
conference_duration_component = "conferenceduration.jitsi"
|
||||||
|
-- we need bosh
|
||||||
|
modules_enabled = {
|
||||||
|
"bosh";
|
||||||
|
"pubsub";
|
||||||
|
"ping"; -- Enable mod_ping
|
||||||
|
"speakerstats";
|
||||||
|
--"turncredentials"; not supported yet
|
||||||
|
"conference_duration";
|
||||||
|
"muc_lobby_rooms";
|
||||||
|
}
|
||||||
|
c2s_require_encryption = false
|
||||||
|
lobby_muc = "lobby.jitsi"
|
||||||
|
main_muc = "conference.jitsi"
|
||||||
|
-- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||||
|
|
||||||
|
Component "conference.jitsi" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"muc_meeting_id";
|
||||||
|
"muc_domain_mapper";
|
||||||
|
--"token_verification";
|
||||||
|
}
|
||||||
|
admins = { "focus@auth.jitsi" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
-- internal muc component
|
||||||
|
Component "internal.auth.jitsi" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
modules_enabled = {
|
||||||
|
"ping";
|
||||||
|
}
|
||||||
|
admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
|
VirtualHost "auth.jitsi"
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/prosody/auth.jitsi.key";
|
||||||
|
certificate = "/var/lib/prosody/auth.jitsi.crt";
|
||||||
|
}
|
||||||
|
authentication = "internal_plain"
|
||||||
|
|
||||||
|
Component "focus.jitsi" "client_proxy"
|
||||||
|
target_address = "focus@auth.jitsi"
|
||||||
|
|
||||||
|
Component "speakerstats.jitsi" "speakerstats_component"
|
||||||
|
muc_component = "conference.jitsi"
|
||||||
|
|
||||||
|
Component "conferenceduration.jitsi" "conference_duration_component"
|
||||||
|
muc_component = "conference.jitsi"
|
||||||
|
|
||||||
|
Component "lobby.jitsi" "muc"
|
||||||
|
storage = "memory"
|
||||||
|
restrict_room_creation = true
|
||||||
|
muc_room_locking = false
|
||||||
|
muc_room_default_public_jids = true
|
||||||
|
|
290
app/jitsi/config/videobridge.conf
Normal file
290
app/jitsi/config/videobridge.conf
Normal file
|
@ -0,0 +1,290 @@
|
||||||
|
videobridge {
|
||||||
|
entity-expiration {
|
||||||
|
# If an entity has no activity after this timeout, it is expired
|
||||||
|
timeout=1 minute
|
||||||
|
|
||||||
|
# The interval at which the videobridge will check for expired entities
|
||||||
|
check-interval=${videobridge.entity-expiration.timeout}
|
||||||
|
}
|
||||||
|
health {
|
||||||
|
# The interval between health checks
|
||||||
|
interval=10 seconds
|
||||||
|
|
||||||
|
# The timeout for a health check
|
||||||
|
timeout=30 seconds
|
||||||
|
|
||||||
|
# If performing a health check takes longer than this, it is considered unsuccessful.
|
||||||
|
max-check-duration=3 seconds
|
||||||
|
|
||||||
|
# Whether or not health check failures should be 'sticky'
|
||||||
|
# (i.e. once the bridge becomes unhealthy, it will never
|
||||||
|
# go back to a healthy state)
|
||||||
|
sticky-failures=false
|
||||||
|
}
|
||||||
|
ep-connection-status {
|
||||||
|
# How long we'll wait for an endpoint to *start* sending
|
||||||
|
# data before we consider it 'inactive'
|
||||||
|
first-transfer-timeout=15 seconds
|
||||||
|
|
||||||
|
# How long an endpoint can be 'inactive' before it will
|
||||||
|
# be considered disconnected
|
||||||
|
max-inactivity-limit=3 seconds
|
||||||
|
|
||||||
|
# How often we check endpoint's connectivity status
|
||||||
|
check-interval=500 milliseconds
|
||||||
|
}
|
||||||
|
cc {
|
||||||
|
bwe-change-threshold=0.15
|
||||||
|
thumbnail-max-height-px=180
|
||||||
|
onstage-ideal-height-px=1080
|
||||||
|
onstage-preferred-height-px=360
|
||||||
|
onstage-preferred-framerate=30
|
||||||
|
enable-onstage-video-suspend=false
|
||||||
|
trust-bwe=true
|
||||||
|
|
||||||
|
# How often we check to send probing data
|
||||||
|
padding-period=15ms
|
||||||
|
|
||||||
|
# How often we'll force recalculations of forwarded
|
||||||
|
# streams
|
||||||
|
max-time-between-calculations = 15 seconds
|
||||||
|
|
||||||
|
# A JVB-wide last-n value, observed by all endpoints. Endpoints
|
||||||
|
# will take the minimum of their setting and this one (-1 implies
|
||||||
|
# no last-n limit)
|
||||||
|
jvb-last-n = -1
|
||||||
|
}
|
||||||
|
# The APIs by which the JVB can be controlled
|
||||||
|
apis {
|
||||||
|
xmpp-client {
|
||||||
|
# The interval at which presence is published in the configured MUCs.
|
||||||
|
presence-interval = ${videobridge.stats.interval}
|
||||||
|
|
||||||
|
configs {
|
||||||
|
unique-xmpp-server {
|
||||||
|
hostname="{{ env "NOMAD_IP_xmpp_port" }}"
|
||||||
|
port = {{ env "NOMAD_PORT_xmpp_port" }}
|
||||||
|
domain = "auth.jitsi"
|
||||||
|
username = "jvb"
|
||||||
|
password = "{{ key "secrets/jitsi/jvb_pass" | trimSpace }}"
|
||||||
|
muc_jids = "jvbbrewery@internal.auth.jitsi"
|
||||||
|
# The muc_nickname must be unique across all jitsi-videobridge instances
|
||||||
|
muc_nickname = "unique-jvb-server"
|
||||||
|
disable_certificate_verification = false
|
||||||
|
}
|
||||||
|
# example-connection-id {
|
||||||
|
# For the properties which should be
|
||||||
|
# filled out here, see MucClientConfiguration
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# The COLIBRI REST API
|
||||||
|
rest {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
jvb-api {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
# Configuration of the different REST APIs.
|
||||||
|
# Note that the COLIBRI REST API is configured under videobridge.apis.rest instead.
|
||||||
|
rest {
|
||||||
|
debug {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
health {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
shutdown {
|
||||||
|
# Note that the shutdown API requires the COLIBRI API to also be enabled.
|
||||||
|
enabled = false
|
||||||
|
}
|
||||||
|
version {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
http-servers {
|
||||||
|
# The HTTP server which hosts services intended for 'public' use
|
||||||
|
# (e.g. websockets for the bridge channel connection)
|
||||||
|
public {
|
||||||
|
# See JettyBundleActivatorConfig in Jicoco for values
|
||||||
|
port = -1
|
||||||
|
tls-port = -1
|
||||||
|
}
|
||||||
|
# The HTTP server which hosts services intended for 'private' use
|
||||||
|
# (e.g. health or debug stats)
|
||||||
|
private {
|
||||||
|
# See JettyBundleActivatorConfig in Jicoco for values
|
||||||
|
host = 127.0.0.1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
octo {
|
||||||
|
# Whether or not Octo is enabled
|
||||||
|
enabled=false
|
||||||
|
|
||||||
|
# A string denoting the 'region' of this JVB. This region
|
||||||
|
# will be used by Jicofo in the selection of a bridge for
|
||||||
|
# a client by comparing it to the client's region.
|
||||||
|
# Must be set when 'enabled' is true
|
||||||
|
#region="us-west-1"
|
||||||
|
|
||||||
|
# The address on which the Octo relay should bind
|
||||||
|
# Must be set when 'enabled' is true
|
||||||
|
#bind-address=198.51.100.1
|
||||||
|
|
||||||
|
# The port to which the Octo relay should bind
|
||||||
|
bind-port=4096
|
||||||
|
|
||||||
|
# The address which controls the public address which
|
||||||
|
# will be part of the Octo relayId
|
||||||
|
#public-address=198.51.100.1
|
||||||
|
|
||||||
|
# The size of the incoming octo queue. This queue is per-remote-endpoint,
|
||||||
|
# so it matches what we use for local endpoints
|
||||||
|
recv-queue-size=1024
|
||||||
|
|
||||||
|
# The size of the outgoing octo queue. This is a per-originating-endpoint
|
||||||
|
# queue, so assuming all packets are routed (as they currently are for Octo)
|
||||||
|
# it should be the same size as the transceiver recv queue in
|
||||||
|
# jitsi-media-transform. Repeating the description from there:
|
||||||
|
# Assuming 300pps for high-definition, 200pps for standard-definition,
|
||||||
|
# 100pps for low-definition and 50pps for audio, this queue is fed
|
||||||
|
# 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms.
|
||||||
|
send-queue-size=1024
|
||||||
|
}
|
||||||
|
load-management {
|
||||||
|
# Whether or not the reducer will be enabled to take actions to mitigate load
|
||||||
|
reducer-enabled = false
|
||||||
|
load-measurements {
|
||||||
|
packet-rate {
|
||||||
|
# The packet rate at which we'll consider the bridge overloaded
|
||||||
|
load-threshold = 50000
|
||||||
|
# The packet rate at which we'll consider the bridge 'underloaded' enough
|
||||||
|
# to start recovery
|
||||||
|
recovery-threshold = 40000
|
||||||
|
}
|
||||||
|
}
|
||||||
|
load-reducers {
|
||||||
|
last-n {
|
||||||
|
# The factor by which we'll reduce the current last-n when trying to reduce load
|
||||||
|
reduction-scale = .75
|
||||||
|
# The factor by which we'll increase the current last-n when trying to recover
|
||||||
|
recover-scale = 1.25
|
||||||
|
# The minimum time in between runs of the last-n reducer to reduce or recover from
|
||||||
|
# load
|
||||||
|
impact-time = 1 minute
|
||||||
|
# The lowest value we'll set for last-n
|
||||||
|
minimum-last-n-value = 0
|
||||||
|
# The highest last-n value we'll enforce. Once the enforced last-n exceeds this value
|
||||||
|
# we'll remove the limit entirely
|
||||||
|
maximum-enforced-last-n-value = 40
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sctp {
|
||||||
|
# Whether SCTP data channels are enabled.
|
||||||
|
enabled=true
|
||||||
|
}
|
||||||
|
stats {
|
||||||
|
# Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST
|
||||||
|
# API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC).
|
||||||
|
enabled = true
|
||||||
|
|
||||||
|
# The interval at which stats are gathered.
|
||||||
|
interval = 5 seconds
|
||||||
|
|
||||||
|
# Configuration related to pushing statistics to callstats.io.
|
||||||
|
callstats {
|
||||||
|
# An integer application ID (use 0 to disable pushing stats to callstats).
|
||||||
|
app-id = 0
|
||||||
|
|
||||||
|
# The shared secred to authentication with callstats.io.
|
||||||
|
//app-secret = "s3cret"
|
||||||
|
|
||||||
|
# ID of the key that was used to generate token.
|
||||||
|
//key-id = "abcd"
|
||||||
|
|
||||||
|
# The path to private key file.
|
||||||
|
//key-path = "/etc/jitsi/videobridge/ecpriv.jwk"
|
||||||
|
|
||||||
|
# The ID of the server instance to be used when reporting to callstats.
|
||||||
|
bridge-id = "jitsi"
|
||||||
|
|
||||||
|
# TODO: document
|
||||||
|
//conference-id-prefix = "abcd"
|
||||||
|
|
||||||
|
# The interval at which statististics will be published to callstats. This affects both per-conference and global
|
||||||
|
# statistics.
|
||||||
|
# Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section.
|
||||||
|
interval = ${videobridge.stats.interval}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
websockets {
|
||||||
|
enabled=false
|
||||||
|
server-id="default-id"
|
||||||
|
|
||||||
|
# Optional, even when 'enabled' is set to true
|
||||||
|
# tls=true
|
||||||
|
# Must be set when enabled = true
|
||||||
|
#domain="some-domain"
|
||||||
|
}
|
||||||
|
ice {
|
||||||
|
tcp {
|
||||||
|
# Whether ICE/TCP is enabled.
|
||||||
|
enabled = true
|
||||||
|
|
||||||
|
# The port to bind to for ICE/TCP.
|
||||||
|
port = {{ env "NOMAD_PORT_video_port" }}
|
||||||
|
|
||||||
|
# An optional additional port to advertise.
|
||||||
|
# mapped-port = 8443
|
||||||
|
# Whether to use "ssltcp" or plain "tcp".
|
||||||
|
ssltcp = true
|
||||||
|
}
|
||||||
|
|
||||||
|
udp {
|
||||||
|
# The port for ICE/UDP.
|
||||||
|
port = {{ env "NOMAD_PORT_video_port" }}
|
||||||
|
}
|
||||||
|
|
||||||
|
# An optional prefix to include in STUN username fragments generated by the bridge.
|
||||||
|
#ufrag-prefix = "jvb-123:"
|
||||||
|
|
||||||
|
# Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy:
|
||||||
|
# "selected_and_tcp", "selected_only", or "all_succeeded".
|
||||||
|
keep-alive-strategy = "selected_and_tcp"
|
||||||
|
|
||||||
|
# Whether to use the "component socket" feature of ice4j.
|
||||||
|
use-component-socket = true
|
||||||
|
|
||||||
|
# Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false'
|
||||||
|
# such candidates will be ignored.
|
||||||
|
resolve-remote-candidates = false
|
||||||
|
|
||||||
|
# The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy:
|
||||||
|
# "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT".
|
||||||
|
nomination-strategy = "NominateFirstValid"
|
||||||
|
}
|
||||||
|
|
||||||
|
transport {
|
||||||
|
send {
|
||||||
|
# The size of the dtls-transport outgoing queue. This is a per-participant
|
||||||
|
# queue. Packets from the egress end-up in this queue right before
|
||||||
|
# transmission by the outgoing srtp pipeline (which mainly consists of the
|
||||||
|
# packet sender).
|
||||||
|
#
|
||||||
|
# Its size needs to be of the same order of magnitude as the rtp sender
|
||||||
|
# queue. In a 100 participant call, assuming 300pps for the on-stage and
|
||||||
|
# 100pps for low-definition, last-n 20 and 2 participants talking, so
|
||||||
|
# 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its
|
||||||
|
# size in terms of millis is 1024/2300*1000 ~= 445ms.
|
||||||
|
queue-size=1024
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
version {
|
||||||
|
// Wheather to announe the jitsi-videobridge version to clients in the ServerHello message.
|
||||||
|
announce = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -2,6 +2,8 @@ job "jitsi" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
|
priority = "10"
|
||||||
|
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.cpu.arch}"
|
attribute = "${attr.cpu.arch}"
|
||||||
value = "amd64"
|
value = "amd64"
|
||||||
|
@ -11,46 +13,59 @@ job "jitsi" {
|
||||||
|
|
||||||
network {
|
network {
|
||||||
port "bosh_port" { }
|
port "bosh_port" { }
|
||||||
port "ext_port" { static = 5347 }
|
port "xmpp_port" { }
|
||||||
port "xmpp_port" { static = 5222 }
|
|
||||||
port "https_port" { }
|
port "https_port" { }
|
||||||
port "video1_port" { static = 8081 }
|
port "video_port" { static = 8080 }
|
||||||
port "video2_port" { static = 10000 }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
task "xmpp" {
|
task "xmpp" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_xmpp:v8"
|
image = "superboum/amd64_jitsi_xmpp:v9"
|
||||||
ports = [ "bosh_port", "ext_port", "xmpp_port" ]
|
ports = [ "bosh_port", "xmpp_port" ]
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua",
|
||||||
|
"secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt",
|
||||||
|
"secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key",
|
||||||
|
"secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt",
|
||||||
|
"secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/global_env.tpl")
|
data = <<EOF
|
||||||
|
JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" | trimSpace }}
|
||||||
|
JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" | trimSpace }}
|
||||||
|
EOF
|
||||||
destination = "secrets/global_env"
|
destination = "secrets/global_env"
|
||||||
env = true
|
env = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/prosody.cfg.lua")
|
||||||
|
destination = "secrets/prosody.cfg.lua"
|
||||||
|
}
|
||||||
|
|
||||||
# --- secrets ---
|
# --- secrets ---
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
destination = "secrets/certs/auth.jitsi.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
|
data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
|
||||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
|
destination = "secrets/certs/auth.jitsi.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
destination = "secrets/certs/jitsi.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
||||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
destination = "secrets/certs/jitsi.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
|
@ -62,7 +77,7 @@ job "jitsi" {
|
||||||
tags = [ "jitsi", "bosh" ]
|
tags = [ "jitsi", "bosh" ]
|
||||||
port = "bosh_port"
|
port = "bosh_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "jitsi-xmpp-bosh"
|
name = "bosh-jitsi"
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = "bosh_port"
|
port = "bosh_port"
|
||||||
|
@ -76,43 +91,46 @@ job "jitsi" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
|
||||||
tags = [ "jitsi", "ext" ]
|
|
||||||
port = "ext_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "jitsi-ext"
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [ "jitsi", "xmpp" ]
|
tags = [ "jitsi", "xmpp" ]
|
||||||
port = "xmpp_port"
|
port = "xmpp_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "jitsi-xmpp"
|
name = "xmpp-jitsi"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
task "front" {
|
task "front" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_meet:v3"
|
image = "superboum/amd64_jitsi_meet:v4"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "https_port" ]
|
ports = [ "https_port" ]
|
||||||
|
volumes = [
|
||||||
|
"secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt",
|
||||||
|
"secrets/certs/jitsi.key:/etc/nginx/jitsi.key",
|
||||||
|
"secrets/config.js:/srv/jitsi-meet/config.js",
|
||||||
|
"secrets/nginx.conf:/etc/nginx/nginx.conf"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/global_env.tpl")
|
data = file("../config/config.js")
|
||||||
destination = "secrets/global_env"
|
destination = "secrets/config.js"
|
||||||
env = true
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/nginx.conf")
|
||||||
|
destination = "secrets/nginx.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- secrets ---
|
# --- secrets ---
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
destination = "secrets/certs/jitsi.crt"
|
||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
|
data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
|
||||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
|
destination = "secrets/certs/jitsi.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
|
@ -124,13 +142,13 @@ job "jitsi" {
|
||||||
tags = [
|
tags = [
|
||||||
"jitsi",
|
"jitsi",
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.frontend.entryPoints=https,http",
|
"traefik.frontend.entryPoints=https",
|
||||||
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
"traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
|
||||||
"traefik.protocol=https"
|
"traefik.protocol=https"
|
||||||
]
|
]
|
||||||
port = "https_port"
|
port = "https_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "jitsi-front-https"
|
name = "https-jitsi"
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = "https_port"
|
port = "https_port"
|
||||||
|
@ -148,25 +166,29 @@ job "jitsi" {
|
||||||
task "jicofo" {
|
task "jicofo" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_conference_focus:v6"
|
image = "superboum/amd64_jitsi_conference_focus:v7"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
||||||
|
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
|
||||||
|
"secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/global_env.tpl")
|
data = file("../config/jicofo.conf")
|
||||||
destination = "secrets/global_env"
|
destination = "secrets/jicofo.conf"
|
||||||
env = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#--- secrets ---
|
#--- secrets ---
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||||
destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
|
destination = "secrets/certs/jitsi.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||||
destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
|
destination = "secrets/certs/auth.jitsi.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
|
@ -178,57 +200,61 @@ job "jitsi" {
|
||||||
task "videobridge" {
|
task "videobridge" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_jitsi_videobridge:v16"
|
image = "superboum/amd64_jitsi_videobridge:v17"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "video1_port", "video2_port" ]
|
ports = [ "video_port" ]
|
||||||
ulimit {
|
ulimit {
|
||||||
nofile = "1048576:1048576"
|
nofile = "1048576:1048576"
|
||||||
nproc = "65536:65536"
|
nproc = "65536:65536"
|
||||||
}
|
}
|
||||||
|
volumes = [
|
||||||
|
"secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
|
||||||
|
"secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt",
|
||||||
|
"secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
#JITSI_DEBUG = 1
|
# Our container can autodetect the public IP with the ifconfig.me service
|
||||||
JITSI_VIDEO_TCP = 8081
|
# However we would like to avoid relying on a 3rd party service for production use
|
||||||
VIDEOBRIDGE_MAX_MEMORY = "1450m"
|
# That's why I am setting the public IP address statically here VVVV
|
||||||
|
JITSI_NAT_PUBLIC_IP = "82.64.119.240"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = file("../config/global_env.tpl")
|
data = file("../config/videobridge.conf")
|
||||||
destination = "secrets/global_env"
|
destination = "secrets/videobridge.conf"
|
||||||
env = true
|
}
|
||||||
|
|
||||||
|
# --- secrets ---
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
|
||||||
|
destination = "secrets/certs/jitsi.crt"
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
|
||||||
|
destination = "secrets/certs/auth.jitsi.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 900
|
cpu = 900
|
||||||
memory = 1500
|
memory = 3000
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
tags = [ "jitsi", "(diplonat (tcp_port 8081))" ]
|
tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
|
||||||
port = "video1_port"
|
port = "video_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "jitsi-videobridge-video1"
|
name = "video-jitsi"
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = "video1_port"
|
port = "video_port"
|
||||||
interval = "60s"
|
interval = "60s"
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
|
||||||
tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
|
|
||||||
port = "video2_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "jitsi-videobridge-video2"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,9 +11,10 @@ Several server components:
|
||||||
- etc.
|
- etc.
|
||||||
|
|
||||||
Some libs:
|
Some libs:
|
||||||
- libjitsi
|
- libjitsi seems deprecated
|
||||||
- jicoco
|
- jicoco contains some parent classes to handle Jitsi's Configuration
|
||||||
- jitsi-utils
|
- [jitsi-utils](https://github.com/jitsi/jitsi-utils) contains the Logger definition for example
|
||||||
|
- [ice4j](https://github.com/jitsi/ice4j) contains jitsi's implementation of WebRTC
|
||||||
- etc.
|
- etc.
|
||||||
|
|
||||||
Client components:
|
Client components:
|
||||||
|
@ -62,6 +63,28 @@ instead, we should look at this one: https://github.com/jitsi/jitsi-meet/blob/ma
|
||||||
Jitsi can be configured to authenticated through tokens,
|
Jitsi can be configured to authenticated through tokens,
|
||||||
the postinst file is here: https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-tokens.postinst
|
the postinst file is here: https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-tokens.postinst
|
||||||
|
|
||||||
|
## Remote debug
|
||||||
|
|
||||||
|
Add this parameter to the java process you want to debug (either jicofo or jvb). It must be added by modifying the entrypoint script, next to the respective Dockerfile of each container.
|
||||||
|
|
||||||
|
```
|
||||||
|
-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005
|
||||||
|
```
|
||||||
|
|
||||||
|
## Be careful
|
||||||
|
|
||||||
|
jiti-videobridge (jvb) does not start to listen on ICE ports (both TCP and UDP) at boot.
|
||||||
|
Instead, listening is triggered on the creation of the first conference (a 2 people P2P conference is enough).
|
||||||
|
A nice entrypoint to check with your debugger is:
|
||||||
|
- [Videobridge.java#XmppConnectionEventHandle.colibriConferenceIqReceived](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/Videobridge.java#L627)
|
||||||
|
- [VideobridgeShim.java#VideobridgeShim.handleColibriConferenceIQ](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/shim/VideobridgeShim.java#L251)
|
||||||
|
- [ConferenceShim.java#ConferenceShim.initializeSignaledEndpoints](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/shim/ConferenceShim.java#L274)
|
||||||
|
- [ConferenceShim.java#ConferenceShim.ensureEndpointCreated](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/shim/ConferenceShim.java#L312)
|
||||||
|
- [Conference.java#Conference.createLocalEndpoint](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/Conference.java#L602)
|
||||||
|
- [Endpoint.java#Endpoint.new](https://github.com/jitsi/jitsi-videobridge/blob/256dc7acb7ee10440502a6073a498329eaf1e819/jvb/src/main/java/org/jitsi/videobridge/Endpoint.java#L254)
|
||||||
|
- [IceTransport.kt#IceTransport.iceAgent(init)](https://github.com/jitsi/jitsi-videobridge/blob/0c2ac250ec6b518eaf75fbc83f7936ec01e7b5f6/jvb/src/main/kotlin/org/jitsi/videobridge/transport/ice/IceTransport.kt#L99)
|
||||||
|
- [IceTransport.kt#companionObject.appendHarvesters](https://github.com/jitsi/jitsi-videobridge/blob/0c2ac250ec6b518eaf75fbc83f7936ec01e7b5f6/jvb/src/main/kotlin/org/jitsi/videobridge/transport/ice/IceTransport.kt#L350)
|
||||||
|
|
||||||
## Resources to understand jitsi
|
## Resources to understand jitsi
|
||||||
|
|
||||||
- [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
|
- [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
|
||||||
|
|
|
@ -15,23 +15,28 @@ services:
|
||||||
jitsi-conference-focus:
|
jitsi-conference-focus:
|
||||||
image: superboum/amd64_jitsi_conference_focus:v7
|
image: superboum/amd64_jitsi_conference_focus:v7
|
||||||
volumes:
|
volumes:
|
||||||
|
- "./prosody/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt:ro"
|
||||||
- "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro"
|
- "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro"
|
||||||
- "./jicofo/jicofo.conf:/etc/jitsi/jicofo.conf:ro"
|
- "./jicofo/jicofo.conf:/etc/jitsi/jicofo.conf:ro"
|
||||||
environment:
|
|
||||||
- JDOMAIN=jitsi
|
jitsi-videobridge:
|
||||||
- JHOST=jitsi-xmpp
|
image: superboum/amd64_jitsi_videobridge:v17
|
||||||
- JPORT=5347
|
volumes:
|
||||||
- JSUBDOMAIN=focus
|
- "./prosody/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt:ro"
|
||||||
- JICOFO_SECRET=jicofosecretpass
|
- "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro"
|
||||||
- JUSERDOMAIN=auth.jitsi
|
- "./jvb/videobridge.conf:/etc/jitsi/videobridge.conf:ro"
|
||||||
- JUSERNAME=focus
|
- "./jvb/logging.properties:/usr/share/jvb/lib/logging.properties:ro"
|
||||||
- JICOFO_AUTH_PASSWORD=jicofopass
|
ports:
|
||||||
# jitsi-meet:
|
- "8089:8089/tcp"
|
||||||
# image: superboum/amd64_jitsi_meet:v1
|
- "10000:10000/udp"
|
||||||
# ports:
|
|
||||||
# - "443:443"
|
jitsi-meet:
|
||||||
# jitsi-videobridge:
|
image: superboum/amd64_jitsi_meet:v4
|
||||||
# image: superboum/amd64_jitsi_videobridge:v14
|
volumes:
|
||||||
# ports:
|
- "./prosody/certs/jitsi.crt:/etc/nginx/jitsi.crt:ro"
|
||||||
# - "8080:8080/tcp"
|
- "./prosody/certs/jitsi.key:/etc/nginx/jitsi.key:ro"
|
||||||
# - "10000:10000/udp"
|
- "./meet/config.js:/srv/jitsi-meet/config.js:ro"
|
||||||
|
- "./meet/nginx.conf:/etc/nginx/nginx.conf:ro"
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ jicofo {
|
||||||
}
|
}
|
||||||
|
|
||||||
// The JID of the MUC to be used as a brewery for bridge instances.
|
// The JID of the MUC to be used as a brewery for bridge instances.
|
||||||
brewery-jid = "jvbbrewery@jitsi"
|
brewery-jid = "jvbbrewery@internal.auth.jitsi"
|
||||||
}
|
}
|
||||||
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
|
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
|
||||||
codec {
|
codec {
|
||||||
|
@ -256,7 +256,7 @@ jicofo {
|
||||||
}
|
}
|
||||||
// The separate XMPP connection used for internal services (currently only jitsi-videobridge).
|
// The separate XMPP connection used for internal services (currently only jitsi-videobridge).
|
||||||
service {
|
service {
|
||||||
enabled = true
|
enabled = false
|
||||||
hostname = "jitsi-xmpp"
|
hostname = "jitsi-xmpp"
|
||||||
port = 5222
|
port = 5222
|
||||||
domain = "auth.jitsi"
|
domain = "auth.jitsi"
|
||||||
|
|
47
app/jitsi/integration/jvb/logging.properties
Normal file
47
app/jitsi/integration/jvb/logging.properties
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
handlers= java.util.logging.ConsoleHandler
|
||||||
|
#handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
|
||||||
|
#handlers= java.util.logging.ConsoleHandler, io.sentry.jul.SentryHandler
|
||||||
|
|
||||||
|
java.util.logging.ConsoleHandler.level = ALL
|
||||||
|
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
|
||||||
|
|
||||||
|
net.java.sip.communicator.util.ScLogFormatter.programname=JVB
|
||||||
|
|
||||||
|
# default
|
||||||
|
.level=INFO
|
||||||
|
# for debug
|
||||||
|
#.level=FINE
|
||||||
|
|
||||||
|
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
|
||||||
|
|
||||||
|
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
|
||||||
|
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING
|
||||||
|
|
||||||
|
# Syslog (uncomment handler to use)
|
||||||
|
com.agafua.syslog.SyslogHandler.transport = udp
|
||||||
|
com.agafua.syslog.SyslogHandler.facility = local0
|
||||||
|
com.agafua.syslog.SyslogHandler.port = 514
|
||||||
|
com.agafua.syslog.SyslogHandler.hostname = localhost
|
||||||
|
com.agafua.syslog.SyslogHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
|
||||||
|
com.agafua.syslog.SyslogHandler.escapeNewlines = false
|
||||||
|
|
||||||
|
# Sentry (uncomment handler to use)
|
||||||
|
io.sentry.jul.SentryHandler.level=WARNING
|
||||||
|
|
||||||
|
# to disable double timestamps in syslog uncomment next line
|
||||||
|
#net.java.sip.communicator.util.ScLogFormatter.disableTimestamp=true
|
||||||
|
|
||||||
|
# time series logging
|
||||||
|
java.util.logging.SimpleFormatter.format= %5$s%n
|
||||||
|
java.util.logging.FileHandler.level = ALL
|
||||||
|
java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter
|
||||||
|
java.util.logging.FileHandler.pattern = /tmp/jvb-series.log
|
||||||
|
java.util.logging.FileHandler.limit = 200000000
|
||||||
|
java.util.logging.FileHandler.count = 1
|
||||||
|
java.util.logging.FileHandler.append = false
|
||||||
|
|
||||||
|
timeseries.level=OFF
|
||||||
|
timeseries.org.jitsi.videobridge.cc.allocation.BitrateAllocator.level=ALL
|
||||||
|
timeseries.useParentHandlers = false
|
||||||
|
# time series logging is disabled by default. Uncomment the line below to enable it.
|
||||||
|
#timeseries.handlers = java.util.logging.FileHandler
|
|
@ -61,6 +61,17 @@ videobridge {
|
||||||
presence-interval = ${videobridge.stats.interval}
|
presence-interval = ${videobridge.stats.interval}
|
||||||
|
|
||||||
configs {
|
configs {
|
||||||
|
unique-xmpp-server {
|
||||||
|
hostname="jitsi-xmpp"
|
||||||
|
domain = "auth.jitsi"
|
||||||
|
username = "jvb"
|
||||||
|
password = "jvbpass"
|
||||||
|
port = 5222
|
||||||
|
muc_jids = "jvbbrewery@internal.auth.jitsi"
|
||||||
|
# The muc_nickname must be unique across all jitsi-videobridge instances
|
||||||
|
muc_nickname = "unique-jvb-server"
|
||||||
|
disable_certificate_verification = false
|
||||||
|
}
|
||||||
# example-connection-id {
|
# example-connection-id {
|
||||||
# For the properties which should be
|
# For the properties which should be
|
||||||
# filled out here, see MucClientConfiguration
|
# filled out here, see MucClientConfiguration
|
||||||
|
@ -69,10 +80,10 @@ videobridge {
|
||||||
}
|
}
|
||||||
# The COLIBRI REST API
|
# The COLIBRI REST API
|
||||||
rest {
|
rest {
|
||||||
enabled = false
|
enabled = true
|
||||||
}
|
}
|
||||||
jvb-api {
|
jvb-api {
|
||||||
enabled = false
|
enabled = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# Configuration of the different REST APIs.
|
# Configuration of the different REST APIs.
|
||||||
|
@ -177,7 +188,7 @@ videobridge {
|
||||||
stats {
|
stats {
|
||||||
# Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST
|
# Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST
|
||||||
# API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC).
|
# API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC).
|
||||||
enabled = false
|
enabled = true
|
||||||
|
|
||||||
# The interval at which stats are gathered.
|
# The interval at which stats are gathered.
|
||||||
interval = 5 seconds
|
interval = 5 seconds
|
||||||
|
@ -223,7 +234,7 @@ videobridge {
|
||||||
enabled = true
|
enabled = true
|
||||||
|
|
||||||
# The port to bind to for ICE/TCP.
|
# The port to bind to for ICE/TCP.
|
||||||
port = 8080
|
port = 8089
|
||||||
|
|
||||||
# An optional additional port to advertise.
|
# An optional additional port to advertise.
|
||||||
# mapped-port = 8443
|
# mapped-port = 8443
|
||||||
|
|
773
app/jitsi/integration/meet/config.js
Normal file
773
app/jitsi/integration/meet/config.js
Normal file
|
@ -0,0 +1,773 @@
|
||||||
|
/* eslint-disable no-unused-vars, no-var */
|
||||||
|
|
||||||
|
var config = {
|
||||||
|
// Connection
|
||||||
|
//
|
||||||
|
|
||||||
|
hosts: {
|
||||||
|
// XMPP domain.
|
||||||
|
domain: 'jitsi',
|
||||||
|
|
||||||
|
// When using authentication, domain for guest users.
|
||||||
|
// anonymousdomain: 'guest.example.com',
|
||||||
|
|
||||||
|
// Domain for authenticated users. Defaults to <domain>.
|
||||||
|
// authdomain: 'jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// Focus component domain. Defaults to focus.<domain>.
|
||||||
|
// focus: 'focus.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||||
|
muc: 'conference.jitsi'
|
||||||
|
},
|
||||||
|
|
||||||
|
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||||
|
bosh: '//rayonx.machine.deuxfleurs.fr/http-bind',
|
||||||
|
|
||||||
|
// Websocket URL
|
||||||
|
// websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
|
||||||
|
|
||||||
|
// The name of client node advertised in XEP-0115 'c' stanza
|
||||||
|
clientNode: 'http://jitsi.org/jitsimeet',
|
||||||
|
|
||||||
|
// The real JID of focus participant - can be overridden here
|
||||||
|
// Do not change username - FIXME: Make focus username configurable
|
||||||
|
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||||
|
// focusUserJid: 'focus@auth.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
|
||||||
|
// Testing / experimental features.
|
||||||
|
//
|
||||||
|
|
||||||
|
testing: {
|
||||||
|
// Disables the End to End Encryption feature. Useful for debugging
|
||||||
|
// issues related to insertable streams.
|
||||||
|
// disableE2EE: false,
|
||||||
|
|
||||||
|
// P2P test mode disables automatic switching to P2P when there are 2
|
||||||
|
// participants in the conference.
|
||||||
|
p2pTestMode: false
|
||||||
|
|
||||||
|
// Enables the test specific features consumed by jitsi-meet-torture
|
||||||
|
// testMode: false
|
||||||
|
|
||||||
|
// Disables the auto-play behavior of *all* newly created video element.
|
||||||
|
// This is useful when the client runs on a host with limited resources.
|
||||||
|
// noAutoPlayVideo: false
|
||||||
|
|
||||||
|
// Enable / disable 500 Kbps bitrate cap on desktop tracks. When enabled,
|
||||||
|
// simulcast is turned off for the desktop share. If presenter is turned
|
||||||
|
// on while screensharing is in progress, the max bitrate is automatically
|
||||||
|
// adjusted to 2.5 Mbps. This takes a value between 0 and 1 which determines
|
||||||
|
// the probability for this to be enabled.
|
||||||
|
// capScreenshareBitrate: 1 // 0 to disable
|
||||||
|
|
||||||
|
// Enable callstats only for a percentage of users.
|
||||||
|
// This takes a value between 0 and 100 which determines the probability for
|
||||||
|
// the callstats to be enabled.
|
||||||
|
// callStatsThreshold: 5 // enable callstats for 5% of the users.
|
||||||
|
},
|
||||||
|
|
||||||
|
// Disables ICE/UDP by filtering out local and remote UDP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceUdpDisable: false,
|
||||||
|
|
||||||
|
// Disables ICE/TCP by filtering out local and remote TCP candidates in
|
||||||
|
// signalling.
|
||||||
|
// webrtcIceTcpDisable: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Media
|
||||||
|
//
|
||||||
|
|
||||||
|
// Audio
|
||||||
|
|
||||||
|
// Disable measuring of audio levels.
|
||||||
|
// disableAudioLevels: false,
|
||||||
|
// audioLevelsInterval: 200,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet no audio detection module which
|
||||||
|
// will notify the user if the current selected microphone has no audio
|
||||||
|
// input and will suggest another valid device if one is present.
|
||||||
|
enableNoAudioDetection: true,
|
||||||
|
|
||||||
|
// Enabling this will show a "Save Logs" link in the GSM popover that can be
|
||||||
|
// used to collect debug information (XMPP IQs, SDP offer/answer cycles)
|
||||||
|
// about the call.
|
||||||
|
// enableSaveLogs: false,
|
||||||
|
|
||||||
|
// Enabling this will run the lib-jitsi-meet noise detection module which will
|
||||||
|
// notify the user if there is noise, other than voice, coming from the current
|
||||||
|
// selected microphone. The purpose it to let the user know that the input could
|
||||||
|
// be potentially unpleasant for other meeting participants.
|
||||||
|
enableNoisyMicDetection: true,
|
||||||
|
|
||||||
|
// Start the conference in audio only mode (no video is being received nor
|
||||||
|
// sent).
|
||||||
|
// startAudioOnly: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start audio muted.
|
||||||
|
// startAudioMuted: 10,
|
||||||
|
|
||||||
|
// Start calls with audio muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithAudioMuted: false,
|
||||||
|
|
||||||
|
// Enabling it (with #params) will disable local audio output of remote
|
||||||
|
// participants and to enable it back a reload is needed.
|
||||||
|
// startSilent: false
|
||||||
|
|
||||||
|
// Sets the preferred target bitrate for the Opus audio codec by setting its
|
||||||
|
// 'maxaveragebitrate' parameter. Currently not available in p2p mode.
|
||||||
|
// Valid values are in the range 6000 to 510000
|
||||||
|
// opusMaxAverageBitrate: 20000,
|
||||||
|
|
||||||
|
// Enables support for opus-red (redundancy for Opus).
|
||||||
|
// enableOpusRed: false
|
||||||
|
|
||||||
|
// Video
|
||||||
|
|
||||||
|
// Sets the preferred resolution (height) for local video. Defaults to 720.
|
||||||
|
// resolution: 720,
|
||||||
|
|
||||||
|
// How many participants while in the tile view mode, before the receiving video quality is reduced from HD to SD.
|
||||||
|
// Use -1 to disable.
|
||||||
|
// maxFullResolutionParticipants: 2,
|
||||||
|
|
||||||
|
// w3c spec-compliant video constraints to use for video capture. Currently
|
||||||
|
// used by browsers that return true from lib-jitsi-meet's
|
||||||
|
// util#browser#usesNewGumFlow. The constraints are independent from
|
||||||
|
// this config's resolution value. Defaults to requesting an ideal
|
||||||
|
// resolution of 720p.
|
||||||
|
// constraints: {
|
||||||
|
// video: {
|
||||||
|
// height: {
|
||||||
|
// ideal: 720,
|
||||||
|
// max: 720,
|
||||||
|
// min: 240
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Enable / disable simulcast support.
|
||||||
|
// disableSimulcast: false,
|
||||||
|
|
||||||
|
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||||
|
// layers are not in use will be suspended (no longer sent) until they
|
||||||
|
// are requested again.
|
||||||
|
// enableLayerSuspension: false,
|
||||||
|
|
||||||
|
// Every participant after the Nth will start video muted.
|
||||||
|
// startVideoMuted: 10,
|
||||||
|
|
||||||
|
// Start calls with video muted. Unlike the option above, this one is only
|
||||||
|
// applied locally. FIXME: having these 2 options is confusing.
|
||||||
|
// startWithVideoMuted: false,
|
||||||
|
|
||||||
|
// If set to true, prefer to use the H.264 video codec (if supported).
|
||||||
|
// Note that it's not recommended to do this because simulcast is not
|
||||||
|
// supported when using H.264. For 1-to-1 calls this setting is enabled by
|
||||||
|
// default and can be toggled in the p2p section.
|
||||||
|
// This option has been deprecated, use preferredCodec under videoQuality section instead.
|
||||||
|
// preferH264: true,
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// Desktop sharing
|
||||||
|
|
||||||
|
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
|
||||||
|
// desktopSharingFrameRate: {
|
||||||
|
// min: 5,
|
||||||
|
// max: 5
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Try to start calls with screen-sharing instead of camera video.
|
||||||
|
// startScreenSharing: false,
|
||||||
|
|
||||||
|
// Recording
|
||||||
|
|
||||||
|
// Whether to enable file recording or not.
|
||||||
|
// fileRecordingsEnabled: false,
|
||||||
|
// Enable the dropbox integration.
|
||||||
|
// dropbox: {
|
||||||
|
// appKey: '<APP_KEY>' // Specify your app key here.
|
||||||
|
// // A URL to redirect the user to, after authenticating
|
||||||
|
// // by default uses:
|
||||||
|
// // 'https://jitsi-meet.example.com/static/oauth.html'
|
||||||
|
// redirectURI:
|
||||||
|
// 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
|
||||||
|
// },
|
||||||
|
// When integrations like dropbox are enabled only that will be shown,
|
||||||
|
// by enabling fileRecordingsServiceEnabled, we show both the integrations
|
||||||
|
// and the generic recording service (its configuration and storage type
|
||||||
|
// depends on jibri configuration)
|
||||||
|
// fileRecordingsServiceEnabled: false,
|
||||||
|
// Whether to show the possibility to share file recording with other people
|
||||||
|
// (e.g. meeting participants), based on the actual implementation
|
||||||
|
// on the backend.
|
||||||
|
// fileRecordingsServiceSharingEnabled: false,
|
||||||
|
|
||||||
|
// Whether to enable live streaming or not.
|
||||||
|
// liveStreamingEnabled: false,
|
||||||
|
|
||||||
|
// Transcription (in interface_config,
|
||||||
|
// subtitles and buttons can be configured)
|
||||||
|
// transcribingEnabled: false,
|
||||||
|
|
||||||
|
// Enables automatic turning on captions when recording is started
|
||||||
|
// autoCaptionOnRecord: false,
|
||||||
|
|
||||||
|
// Misc
|
||||||
|
|
||||||
|
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||||
|
channelLastN: -1,
|
||||||
|
|
||||||
|
// Provides a way to use different "last N" values based on the number of participants in the conference.
|
||||||
|
// The keys in an Object represent number of participants and the values are "last N" to be used when number of
|
||||||
|
// participants gets to or above the number.
|
||||||
|
//
|
||||||
|
// For the given example mapping, "last N" will be set to 20 as long as there are at least 5, but less than
|
||||||
|
// 29 participants in the call and it will be lowered to 15 when the 30th participant joins. The 'channelLastN'
|
||||||
|
// will be used as default until the first threshold is reached.
|
||||||
|
//
|
||||||
|
// lastNLimits: {
|
||||||
|
// 5: 20,
|
||||||
|
// 30: 15,
|
||||||
|
// 50: 10,
|
||||||
|
// 70: 5,
|
||||||
|
// 90: 2
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Specify the settings for video quality optimizations on the client.
|
||||||
|
// videoQuality: {
|
||||||
|
// // Provides a way to prevent a video codec from being negotiated on the JVB connection. The codec specified
|
||||||
|
// // here will be removed from the list of codecs present in the SDP answer generated by the client. If the
|
||||||
|
// // same codec is specified for both the disabled and preferred option, the disable settings will prevail.
|
||||||
|
// // Note that 'VP8' cannot be disabled since it's a mandatory codec, the setting will be ignored in this case.
|
||||||
|
// disabledCodec: 'H264',
|
||||||
|
//
|
||||||
|
// // Provides a way to set a preferred video codec for the JVB connection. If 'H264' is specified here,
|
||||||
|
// // simulcast will be automatically disabled since JVB doesn't support H264 simulcast yet. This will only
|
||||||
|
// // rearrange the the preference order of the codecs in the SDP answer generated by the browser only if the
|
||||||
|
// // preferred codec specified here is present. Please ensure that the JVB offers the specified codec for this
|
||||||
|
// // to take effect.
|
||||||
|
// preferredCodec: 'VP8',
|
||||||
|
//
|
||||||
|
// // Provides a way to configure the maximum bitrates that will be enforced on the simulcast streams for
|
||||||
|
// // video tracks. The keys in the object represent the type of the stream (LD, SD or HD) and the values
|
||||||
|
// // are the max.bitrates to be set on that particular type of stream. The actual send may vary based on
|
||||||
|
// // the available bandwidth calculated by the browser, but it will be capped by the values specified here.
|
||||||
|
// // This is currently not implemented on app based clients on mobile.
|
||||||
|
// maxBitratesVideo: {
|
||||||
|
// low: 200000,
|
||||||
|
// standard: 500000,
|
||||||
|
// high: 1500000
|
||||||
|
// },
|
||||||
|
//
|
||||||
|
// // The options can be used to override default thresholds of video thumbnail heights corresponding to
|
||||||
|
// // the video quality levels used in the application. At the time of this writing the allowed levels are:
|
||||||
|
// // 'low' - for the low quality level (180p at the time of this writing)
|
||||||
|
// // 'standard' - for the medium quality level (360p)
|
||||||
|
// // 'high' - for the high quality level (720p)
|
||||||
|
// // The keys should be positive numbers which represent the minimal thumbnail height for the quality level.
|
||||||
|
// //
|
||||||
|
// // With the default config value below the application will use 'low' quality until the thumbnails are
|
||||||
|
// // at least 360 pixels tall. If the thumbnail height reaches 720 pixels then the application will switch to
|
||||||
|
// // the high quality.
|
||||||
|
// minHeightForQualityLvl: {
|
||||||
|
// 360: 'standard',
|
||||||
|
// 720: 'high'
|
||||||
|
// },
|
||||||
|
//
|
||||||
|
// // Provides a way to resize the desktop track to 720p (if it is greater than 720p) before creating a canvas
|
||||||
|
// // for the presenter mode (camera picture-in-picture mode with screenshare).
|
||||||
|
// resizeDesktopForPresenter: false
|
||||||
|
// },
|
||||||
|
|
||||||
|
// // Options for the recording limit notification.
|
||||||
|
// recordingLimit: {
|
||||||
|
//
|
||||||
|
// // The recording limit in minutes. Note: This number appears in the notification text
|
||||||
|
// // but doesn't enforce the actual recording time limit. This should be configured in
|
||||||
|
// // jibri!
|
||||||
|
// limit: 60,
|
||||||
|
//
|
||||||
|
// // The name of the app with unlimited recordings.
|
||||||
|
// appName: 'Unlimited recordings APP',
|
||||||
|
//
|
||||||
|
// // The URL of the app with unlimited recordings.
|
||||||
|
// appURL: 'https://unlimited.recordings.app.com/'
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||||
|
// disableRtx: false,
|
||||||
|
|
||||||
|
// Disables or enables TCC support in this client (default: enabled).
|
||||||
|
// enableTcc: true,
|
||||||
|
|
||||||
|
// Disables or enables REMB support in this client (default: enabled).
|
||||||
|
// enableRemb: true,
|
||||||
|
|
||||||
|
// Enables ICE restart logic in LJM and displays the page reload overlay on
|
||||||
|
// ICE failure. Current disabled by default because it's causing issues with
|
||||||
|
// signaling when Octo is enabled. Also when we do an "ICE restart"(which is
|
||||||
|
// not a real ICE restart), the client maintains the TCC sequence number
|
||||||
|
// counter, but the bridge resets it. The bridge sends media packets with
|
||||||
|
// TCC sequence numbers starting from 0.
|
||||||
|
// enableIceRestart: false,
|
||||||
|
|
||||||
|
// Use TURN/UDP servers for the jitsi-videobridge connection (by default
|
||||||
|
// we filter out TURN/UDP because it is usually not needed since the
|
||||||
|
// bridge itself is reachable via UDP)
|
||||||
|
// useTurnUdp: false
|
||||||
|
|
||||||
|
// UI
|
||||||
|
//
|
||||||
|
|
||||||
|
// Disables responsive tiles.
|
||||||
|
// disableResponsiveTiles: false,
|
||||||
|
|
||||||
|
// Hides lobby button
|
||||||
|
// hideLobbyButton: false,
|
||||||
|
|
||||||
|
// Require users to always specify a display name.
|
||||||
|
// requireDisplayName: true,
|
||||||
|
|
||||||
|
// Whether to use a welcome page or not. In case it's false a random room
|
||||||
|
// will be joined when no room is specified.
|
||||||
|
enableWelcomePage: true,
|
||||||
|
|
||||||
|
// Disable app shortcuts that are registered upon joining a conference
|
||||||
|
// disableShortcuts: false,
|
||||||
|
|
||||||
|
// Disable initial browser getUserMedia requests.
|
||||||
|
// This is useful for scenarios where users might want to start a conference for screensharing only
|
||||||
|
// disableInitialGUM: false,
|
||||||
|
|
||||||
|
// Enabling the close page will ignore the welcome page redirection when
|
||||||
|
// a call is hangup.
|
||||||
|
// enableClosePage: false,
|
||||||
|
|
||||||
|
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
|
||||||
|
// disable1On1Mode: false,
|
||||||
|
|
||||||
|
// Default language for the user interface.
|
||||||
|
defaultLanguage: 'fr',
|
||||||
|
|
||||||
|
// Disables profile and the edit of all fields from the profile settings (display name and email)
|
||||||
|
// disableProfile: false,
|
||||||
|
|
||||||
|
// Whether or not some features are checked based on token.
|
||||||
|
// enableFeaturesBasedOnToken: false,
|
||||||
|
|
||||||
|
// When enabled the password used for locking a room is restricted to up to the number of digits specified
|
||||||
|
// roomPasswordNumberOfDigits: 10,
|
||||||
|
// default: roomPasswordNumberOfDigits: false,
|
||||||
|
|
||||||
|
// Message to show the users. Example: 'The service will be down for
|
||||||
|
// maintenance at 01:00 AM GMT,
|
||||||
|
// noticeMessage: '',
|
||||||
|
|
||||||
|
// Enables calendar integration, depends on googleApiApplicationClientID
|
||||||
|
// and microsoftApiApplicationClientID
|
||||||
|
// enableCalendarIntegration: false,
|
||||||
|
|
||||||
|
// When 'true', it shows an intermediate page before joining, where the user can configure their devices.
|
||||||
|
// prejoinPageEnabled: false,
|
||||||
|
|
||||||
|
// If etherpad integration is enabled, setting this to true will
|
||||||
|
// automatically open the etherpad when a participant joins. This
|
||||||
|
// does not affect the mobile app since opening an etherpad
|
||||||
|
// obscures the conference controls -- it's better to let users
|
||||||
|
// choose to open the pad on their own in that case.
|
||||||
|
// openSharedDocumentOnJoin: false,
|
||||||
|
|
||||||
|
// If true, shows the unsafe room name warning label when a room name is
|
||||||
|
// deemed unsafe (due to the simplicity in the name) and a password is not
|
||||||
|
// set or the lobby is not enabled.
|
||||||
|
// enableInsecureRoomNameWarning: false,
|
||||||
|
|
||||||
|
// Whether to automatically copy invitation URL after creating a room.
|
||||||
|
// Document should be focused for this option to work
|
||||||
|
// enableAutomaticUrlCopy: false,
|
||||||
|
|
||||||
|
// Base URL for a Gravatar-compatible service. Defaults to libravatar.
|
||||||
|
// gravatarBaseURL: 'https://seccdn.libravatar.org/avatar/';
|
||||||
|
|
||||||
|
// Stats
|
||||||
|
//
|
||||||
|
|
||||||
|
// Whether to enable stats collection or not in the TraceablePeerConnection.
|
||||||
|
// This can be useful for debugging purposes (post-processing/analysis of
|
||||||
|
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
|
||||||
|
// estimation tests.
|
||||||
|
// gatherStats: false,
|
||||||
|
|
||||||
|
// The interval at which PeerConnection.getStats() is called. Defaults to 10000
|
||||||
|
// pcStatsInterval: 10000,
|
||||||
|
|
||||||
|
// To enable sending statistics to callstats.io you must provide the
|
||||||
|
// Application ID and Secret.
|
||||||
|
// callStatsID: '',
|
||||||
|
// callStatsSecret: '',
|
||||||
|
|
||||||
|
// Enables sending participants' display names to callstats
|
||||||
|
// enableDisplayNameInStats: false,
|
||||||
|
|
||||||
|
// Enables sending participants' emails (if available) to callstats and other analytics
|
||||||
|
// enableEmailInStats: false,
|
||||||
|
|
||||||
|
// Privacy
|
||||||
|
//
|
||||||
|
|
||||||
|
// If third party requests are disabled, no other server will be contacted.
|
||||||
|
// This means avatars will be locally generated and callstats integration
|
||||||
|
// will not function.
|
||||||
|
// disableThirdPartyRequests: false,
|
||||||
|
|
||||||
|
|
||||||
|
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
|
||||||
|
//
|
||||||
|
|
||||||
|
p2p: {
|
||||||
|
// Enables peer to peer mode. When enabled the system will try to
|
||||||
|
// establish a direct connection when there are exactly 2 participants
|
||||||
|
// in the room. If that succeeds the conference will stop sending data
|
||||||
|
// through the JVB and use the peer to peer connection instead. When a
|
||||||
|
// 3rd participant joins the conference will be moved back to the JVB
|
||||||
|
// connection.
|
||||||
|
enabled: true,
|
||||||
|
|
||||||
|
// The STUN servers that will be used in the peer to peer connections
|
||||||
|
stunServers: [
|
||||||
|
|
||||||
|
// { urls: 'stun:jitsi-meet.example.com:3478' },
|
||||||
|
{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
|
||||||
|
]
|
||||||
|
|
||||||
|
// Sets the ICE transport policy for the p2p connection. At the time
|
||||||
|
// of this writing the list of possible values are 'all' and 'relay',
|
||||||
|
// but that is subject to change in the future. The enum is defined in
|
||||||
|
// the WebRTC standard:
|
||||||
|
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
|
||||||
|
// If not set, the effective value is 'all'.
|
||||||
|
// iceTransportPolicy: 'all',
|
||||||
|
|
||||||
|
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
|
||||||
|
// is supported). This setting is deprecated, use preferredCodec instead.
|
||||||
|
// preferH264: true
|
||||||
|
|
||||||
|
// Provides a way to set the video codec preference on the p2p connection. Acceptable
|
||||||
|
// codec values are 'VP8', 'VP9' and 'H264'.
|
||||||
|
// preferredCodec: 'H264',
|
||||||
|
|
||||||
|
// If set to true, disable H.264 video codec by stripping it out of the
|
||||||
|
// SDP. This setting is deprecated, use disabledCodec instead.
|
||||||
|
// disableH264: false,
|
||||||
|
|
||||||
|
// Provides a way to prevent a video codec from being negotiated on the p2p connection.
|
||||||
|
// disabledCodec: '',
|
||||||
|
|
||||||
|
// How long we're going to wait, before going back to P2P after the 3rd
|
||||||
|
// participant has left the conference (to filter out page reload).
|
||||||
|
// backToP2PDelay: 5
|
||||||
|
},
|
||||||
|
|
||||||
|
analytics: {
|
||||||
|
// The Google Analytics Tracking ID:
|
||||||
|
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
|
||||||
|
|
||||||
|
// Matomo configuration:
|
||||||
|
// matomoEndpoint: 'https://your-matomo-endpoint/',
|
||||||
|
// matomoSiteID: '42',
|
||||||
|
|
||||||
|
// The Amplitude APP Key:
|
||||||
|
// amplitudeAPPKey: '<APP_KEY>'
|
||||||
|
|
||||||
|
// Configuration for the rtcstats server:
|
||||||
|
// By enabling rtcstats server every time a conference is joined the rtcstats
|
||||||
|
// module connects to the provided rtcstatsEndpoint and sends statistics regarding
|
||||||
|
// PeerConnection states along with getStats metrics polled at the specified
|
||||||
|
// interval.
|
||||||
|
// rtcstatsEnabled: true,
|
||||||
|
|
||||||
|
// In order to enable rtcstats one needs to provide a endpoint url.
|
||||||
|
// rtcstatsEndpoint: wss://rtcstats-server-pilot.jitsi.net/,
|
||||||
|
|
||||||
|
// The interval at which rtcstats will poll getStats, defaults to 1000ms.
|
||||||
|
// If the value is set to 0 getStats won't be polled and the rtcstats client
|
||||||
|
// will only send data related to RTCPeerConnection events.
|
||||||
|
// rtcstatsPolIInterval: 1000
|
||||||
|
|
||||||
|
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
|
||||||
|
// scriptURLs: [
|
||||||
|
// "libs/analytics-ga.min.js", // google-analytics
|
||||||
|
// "https://example.com/my-custom-analytics.js"
|
||||||
|
// ],
|
||||||
|
},
|
||||||
|
|
||||||
|
// Logs that should go be passed through the 'log' event if a handler is defined for it
|
||||||
|
// apiLogLevels: ['warn', 'log', 'error', 'info', 'debug'],
|
||||||
|
|
||||||
|
// Information about the jitsi-meet instance we are connecting to, including
|
||||||
|
// the user region as seen by the server.
|
||||||
|
deploymentInfo: {
|
||||||
|
// shard: "shard1",
|
||||||
|
// region: "europe",
|
||||||
|
// userRegion: "asia"
|
||||||
|
},
|
||||||
|
|
||||||
|
// Decides whether the start/stop recording audio notifications should play on record.
|
||||||
|
// disableRecordAudioNotification: false,
|
||||||
|
|
||||||
|
// Information for the chrome extension banner
|
||||||
|
// chromeExtensionBanner: {
|
||||||
|
// // The chrome extension to be installed address
|
||||||
|
// url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
|
||||||
|
// // Extensions info which allows checking if they are installed or not
|
||||||
|
// chromeExtensionsInfo: [
|
||||||
|
// {
|
||||||
|
// id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
|
||||||
|
// path: 'jitsi-logo-48x48.png'
|
||||||
|
// }
|
||||||
|
// ]
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Local Recording
|
||||||
|
//
|
||||||
|
|
||||||
|
// localRecording: {
|
||||||
|
// Enables local recording.
|
||||||
|
// Additionally, 'localrecording' (all lowercase) needs to be added to
|
||||||
|
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
|
||||||
|
// button to show up on the toolbar.
|
||||||
|
//
|
||||||
|
// enabled: true,
|
||||||
|
//
|
||||||
|
|
||||||
|
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
|
||||||
|
// format: 'flac'
|
||||||
|
//
|
||||||
|
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Options related to end-to-end (participant to participant) ping.
|
||||||
|
// e2eping: {
|
||||||
|
// // The interval in milliseconds at which pings will be sent.
|
||||||
|
// // Defaults to 10000, set to <= 0 to disable.
|
||||||
|
// pingInterval: 10000,
|
||||||
|
//
|
||||||
|
// // The interval in milliseconds at which analytics events
|
||||||
|
// // with the measured RTT will be sent. Defaults to 60000, set
|
||||||
|
// // to <= 0 to disable.
|
||||||
|
// analyticsInterval: 60000,
|
||||||
|
// },
|
||||||
|
|
||||||
|
// If set, will attempt to use the provided video input device label when
|
||||||
|
// triggering a screenshare, instead of proceeding through the normal flow
|
||||||
|
// for obtaining a desktop stream.
|
||||||
|
// NOTE: This option is experimental and is currently intended for internal
|
||||||
|
// use only.
|
||||||
|
// _desktopSharingSourceDevice: 'sample-id-or-label',
|
||||||
|
|
||||||
|
// If true, any checks to handoff to another application will be prevented
|
||||||
|
// and instead the app will continue to display in the current browser.
|
||||||
|
// disableDeepLinking: false,
|
||||||
|
|
||||||
|
// A property to disable the right click context menu for localVideo
|
||||||
|
// the menu has option to flip the locally seen video for local presentations
|
||||||
|
// disableLocalVideoFlip: false,
|
||||||
|
|
||||||
|
// Mainly privacy related settings
|
||||||
|
|
||||||
|
// Disables all invite functions from the app (share, invite, dial out...etc)
|
||||||
|
// disableInviteFunctions: true,
|
||||||
|
|
||||||
|
// Disables storing the room name to the recents list
|
||||||
|
// doNotStoreRoom: true,
|
||||||
|
|
||||||
|
// Deployment specific URLs.
|
||||||
|
// deploymentUrls: {
|
||||||
|
// // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
|
||||||
|
// // user documentation.
|
||||||
|
// userDocumentationURL: 'https://docs.example.com/video-meetings.html',
|
||||||
|
// // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
|
||||||
|
// // to the specified URL for an app download page.
|
||||||
|
// downloadAppsUrl: 'https://docs.example.com/our-apps.html'
|
||||||
|
// },
|
||||||
|
|
||||||
|
// Options related to the remote participant menu.
|
||||||
|
// remoteVideoMenu: {
|
||||||
|
// // If set to true the 'Kick out' button will be disabled.
|
||||||
|
// disableKick: true
|
||||||
|
// },
|
||||||
|
|
||||||
|
// If set to true all muting operations of remote participants will be disabled.
|
||||||
|
// disableRemoteMute: true,
|
||||||
|
|
||||||
|
// Enables support for lip-sync for this client (if the browser supports it).
|
||||||
|
// enableLipSync: false
|
||||||
|
|
||||||
|
/**
|
||||||
|
External API url used to receive branding specific information.
|
||||||
|
If there is no url set or there are missing fields, the defaults are applied.
|
||||||
|
None of the fields are mandatory and the response must have the shape:
|
||||||
|
{
|
||||||
|
// The hex value for the colour used as background
|
||||||
|
backgroundColor: '#fff',
|
||||||
|
// The url for the image used as background
|
||||||
|
backgroundImageUrl: 'https://example.com/background-img.png',
|
||||||
|
// The anchor url used when clicking the logo image
|
||||||
|
logoClickUrl: 'https://example-company.org',
|
||||||
|
// The url used for the image used as logo
|
||||||
|
logoImageUrl: 'https://example.com/logo-img.png'
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
// dynamicBrandingUrl: '',
|
||||||
|
|
||||||
|
// The URL of the moderated rooms microservice, if available. If it
|
||||||
|
// is present, a link to the service will be rendered on the welcome page,
|
||||||
|
// otherwise the app doesn't render it.
|
||||||
|
// moderatedRoomServiceUrl: 'https://moderated.jitsi-meet.example.com',
|
||||||
|
|
||||||
|
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||||
|
// disableTileView: true,
|
||||||
|
|
||||||
|
// Hides the conference subject
|
||||||
|
// hideConferenceSubject: true
|
||||||
|
|
||||||
|
// Hides the conference timer.
|
||||||
|
// hideConferenceTimer: true,
|
||||||
|
|
||||||
|
// Hides the participants stats
|
||||||
|
// hideParticipantsStats: true
|
||||||
|
|
||||||
|
// Sets the conference subject
|
||||||
|
// subject: 'Conference Subject',
|
||||||
|
|
||||||
|
// List of undocumented settings used in jitsi-meet
|
||||||
|
/**
|
||||||
|
_immediateReloadThreshold
|
||||||
|
debug
|
||||||
|
debugAudioLevels
|
||||||
|
deploymentInfo
|
||||||
|
dialInConfCodeUrl
|
||||||
|
dialInNumbersUrl
|
||||||
|
dialOutAuthUrl
|
||||||
|
dialOutCodesUrl
|
||||||
|
disableRemoteControl
|
||||||
|
displayJids
|
||||||
|
etherpad_base
|
||||||
|
externalConnectUrl
|
||||||
|
firefox_fake_device
|
||||||
|
googleApiApplicationClientID
|
||||||
|
iAmRecorder
|
||||||
|
iAmSipGateway
|
||||||
|
microsoftApiApplicationClientID
|
||||||
|
peopleSearchQueryTypes
|
||||||
|
peopleSearchUrl
|
||||||
|
requireDisplayName
|
||||||
|
tokenAuthUrl
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This property can be used to alter the generated meeting invite links (in combination with a branding domain
|
||||||
|
* which is retrieved internally by jitsi meet) (e.g. https://meet.jit.si/someMeeting
|
||||||
|
* can become https://brandedDomain/roomAlias)
|
||||||
|
*/
|
||||||
|
// brandingRoomAlias: null,
|
||||||
|
|
||||||
|
// List of undocumented settings used in lib-jitsi-meet
|
||||||
|
/**
|
||||||
|
_peerConnStatusOutOfLastNTimeout
|
||||||
|
_peerConnStatusRtcMuteTimeout
|
||||||
|
abTesting
|
||||||
|
avgRtpStatsN
|
||||||
|
callStatsConfIDNamespace
|
||||||
|
callStatsCustomScriptUrl
|
||||||
|
desktopSharingSources
|
||||||
|
disableAEC
|
||||||
|
disableAGC
|
||||||
|
disableAP
|
||||||
|
disableHPF
|
||||||
|
disableNS
|
||||||
|
enableTalkWhileMuted
|
||||||
|
forceJVB121Ratio
|
||||||
|
forceTurnRelay
|
||||||
|
hiddenDomain
|
||||||
|
ignoreStartMuted
|
||||||
|
websocketKeepAlive
|
||||||
|
websocketKeepAliveUrl
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
Use this array to configure which notifications will be shown to the user
|
||||||
|
The items correspond to the title or description key of that notification
|
||||||
|
Some of these notifications also depend on some other internal logic to be displayed or not,
|
||||||
|
so adding them here will not ensure they will always be displayed
|
||||||
|
|
||||||
|
A falsy value for this prop will result in having all notifications enabled (e.g null, undefined, false)
|
||||||
|
*/
|
||||||
|
// notifications: [
|
||||||
|
// 'connection.CONNFAIL', // shown when the connection fails,
|
||||||
|
// 'dialog.cameraNotSendingData', // shown when there's no feed from user's camera
|
||||||
|
// 'dialog.kickTitle', // shown when user has been kicked
|
||||||
|
// 'dialog.liveStreaming', // livestreaming notifications (pending, on, off, limits)
|
||||||
|
// 'dialog.lockTitle', // shown when setting conference password fails
|
||||||
|
// 'dialog.maxUsersLimitReached', // shown when maximmum users limit has been reached
|
||||||
|
// 'dialog.micNotSendingData', // shown when user's mic is not sending any audio
|
||||||
|
// 'dialog.passwordNotSupportedTitle', // shown when setting conference password fails due to password format
|
||||||
|
// 'dialog.recording', // recording notifications (pending, on, off, limits)
|
||||||
|
// 'dialog.remoteControlTitle', // remote control notifications (allowed, denied, start, stop, error)
|
||||||
|
// 'dialog.reservationError',
|
||||||
|
// 'dialog.serviceUnavailable', // shown when server is not reachable
|
||||||
|
// 'dialog.sessTerminated', // shown when there is a failed conference session
|
||||||
|
// 'dialog.tokenAuthFailed', // show when an invalid jwt is used
|
||||||
|
// 'dialog.transcribing', // transcribing notifications (pending, off)
|
||||||
|
// 'dialOut.statusMessage', // shown when dial out status is updated.
|
||||||
|
// 'liveStreaming.busy', // shown when livestreaming service is busy
|
||||||
|
// 'liveStreaming.failedToStart', // shown when livestreaming fails to start
|
||||||
|
// 'liveStreaming.unavailableTitle', // shown when livestreaming service is not reachable
|
||||||
|
// 'lobby.joinRejectedMessage', // shown when while in a lobby, user's request to join is rejected
|
||||||
|
// 'lobby.notificationTitle', // shown when lobby is toggled and when join requests are allowed / denied
|
||||||
|
// 'localRecording.localRecording', // shown when a local recording is started
|
||||||
|
// 'notify.disconnected', // shown when a participant has left
|
||||||
|
// 'notify.grantedTo', // shown when moderator rights were granted to a participant
|
||||||
|
// 'notify.invitedOneMember', // shown when 1 participant has been invited
|
||||||
|
// 'notify.invitedThreePlusMembers', // shown when 3+ participants have been invited
|
||||||
|
// 'notify.invitedTwoMembers', // shown when 2 participants have been invited
|
||||||
|
// 'notify.kickParticipant', // shown when a participant is kicked
|
||||||
|
// 'notify.mutedRemotelyTitle', // shown when user is muted by a remote party
|
||||||
|
// 'notify.mutedTitle', // shown when user has been muted upon joining,
|
||||||
|
// 'notify.newDeviceAudioTitle', // prompts the user to use a newly detected audio device
|
||||||
|
// 'notify.newDeviceCameraTitle', // prompts the user to use a newly detected camera
|
||||||
|
// 'notify.passwordRemovedRemotely', // shown when a password has been removed remotely
|
||||||
|
// 'notify.passwordSetRemotely', // shown when a password has been set remotely
|
||||||
|
// 'notify.raisedHand', // shown when a partcipant used raise hand,
|
||||||
|
// 'notify.startSilentTitle', // shown when user joined with no audio
|
||||||
|
// 'prejoin.errorDialOut',
|
||||||
|
// 'prejoin.errorDialOutDisconnected',
|
||||||
|
// 'prejoin.errorDialOutFailed',
|
||||||
|
// 'prejoin.errorDialOutStatus',
|
||||||
|
// 'prejoin.errorStatusCode',
|
||||||
|
// 'prejoin.errorValidation',
|
||||||
|
// 'recording.busy', // shown when recording service is busy
|
||||||
|
// 'recording.failedToStart', // shown when recording fails to start
|
||||||
|
// 'recording.unavailableTitle', // shown when recording service is not reachable
|
||||||
|
// 'toolbar.noAudioSignalTitle', // shown when a broken mic is detected
|
||||||
|
// 'toolbar.noisyAudioInputTitle', // shown when noise is detected for the current microphone
|
||||||
|
// 'toolbar.talkWhileMutedPopup', // shown when user tries to speak while muted
|
||||||
|
// 'transcribing.failedToStart' // shown when transcribing fails to start
|
||||||
|
// ]
|
||||||
|
|
||||||
|
// Allow all above example options to include a trailing comma and
|
||||||
|
// prevent fear when commenting out the last value.
|
||||||
|
makeJsonParserHappy: 'even if last key had a trailing comma'
|
||||||
|
|
||||||
|
// no configuration value should follow this line.
|
||||||
|
};
|
||||||
|
|
||||||
|
/* eslint-enable no-unused-vars, no-var */
|
72
app/jitsi/integration/meet/nginx.conf
Normal file
72
app/jitsi/integration/meet/nginx.conf
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
# some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
|
||||||
|
error_log /dev/stderr;
|
||||||
|
|
||||||
|
events {}
|
||||||
|
|
||||||
|
http {
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
|
|
||||||
|
# mimetypes, required by jitsi!
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
types {
|
||||||
|
application/wasm wasm;
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
gzip on;
|
||||||
|
|
||||||
|
access_log /dev/stdout;
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:443 ssl http2 default_server;
|
||||||
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
server_name _;
|
||||||
|
ssl_certificate /etc/nginx/jitsi.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/jitsi.key;
|
||||||
|
root /srv/jitsi-meet;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
# lot of work would be needed to improve location rules
|
||||||
|
# - in order to allow - and _ in the URL, even space
|
||||||
|
# - while not shadowing other files (.js and following locations)
|
||||||
|
# - passed some times twice on the problem, not as easy as it seems
|
||||||
|
location ~ ^/([a-zA-Z0-9=\?]+)$ {
|
||||||
|
rewrite ^/(.*)$ / break;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
ssi on;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /external_api.js {
|
||||||
|
alias /srv/jitsi-meet/libs/external_api.min.js;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /http-bind {
|
||||||
|
proxy_pass http://jitsi-xmpp:5280/http-bind;
|
||||||
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
|
proxy_set_header Host \$http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,8 +1,33 @@
|
||||||
|
modules_enabled = {
|
||||||
|
"roster"; -- Allow users to have a roster. Recommended ;)
|
||||||
|
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
|
||||||
|
"tls"; -- Add support for secure TLS on c2s/s2s connections
|
||||||
|
"dialback"; -- s2s dialback support
|
||||||
|
"disco"; -- Service discovery
|
||||||
|
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
|
||||||
|
"version"; -- Replies to server version requests
|
||||||
|
"uptime"; -- Report how long server has been running
|
||||||
|
"time"; -- Let others know the time here on this server
|
||||||
|
"ping"; -- Replies to XMPP pings with pongs
|
||||||
|
"pep"; -- Enables users to publish their mood, activity, playing music and more
|
||||||
|
-- jitsi
|
||||||
|
--"smacks"; -- not shipped with prosody
|
||||||
|
"carbons";
|
||||||
|
"mam";
|
||||||
|
"lastactivity";
|
||||||
|
"offline";
|
||||||
|
"pubsub";
|
||||||
|
"adhoc";
|
||||||
|
"websocket";
|
||||||
|
--"http_altconnect"; -- not shipped with prosody
|
||||||
|
}
|
||||||
|
modules_disabled = { "s2s" }
|
||||||
|
|
||||||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||||
|
|
||||||
log = {
|
log = {
|
||||||
--log less on console with warn="*console"; or err="*console" or more with debug="*console"
|
--log less on console with warn="*console"; or err="*console" or more with debug="*console"
|
||||||
debug="*console";
|
info="*console";
|
||||||
}
|
}
|
||||||
daemonize = false
|
daemonize = false
|
||||||
use_libevent = true
|
use_libevent = true
|
||||||
|
@ -21,10 +46,12 @@ muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
|
||||||
|
|
||||||
cross_domain_bosh = false;
|
cross_domain_bosh = false;
|
||||||
consider_bosh_secure = true;
|
consider_bosh_secure = true;
|
||||||
https_ports = { }; -- Remove this line to prevent listening on port 5284
|
--component_ports = { 5347 }
|
||||||
component_interface = "0.0.0.0"
|
component_ports = { } -- it seems we don't need external components for now...
|
||||||
component_ports = { 5347 }
|
https_ports = { } -- we don't need http
|
||||||
http_ports = { 5280 }
|
http_ports = { 5280 }
|
||||||
|
c2s_ports = { 5222 }
|
||||||
|
s2s_ports = { }
|
||||||
|
|
||||||
|
|
||||||
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
|
||||||
|
@ -87,10 +114,14 @@ Component "internal.auth.jitsi" "muc"
|
||||||
muc_room_default_public_jids = true
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
VirtualHost "auth.jitsi"
|
VirtualHost "auth.jitsi"
|
||||||
|
ssl = {
|
||||||
|
key = "/var/lib/prosody/auth.jitsi.key";
|
||||||
|
certificate = "/var/lib/prosody/auth.jitsi.crt";
|
||||||
|
}
|
||||||
authentication = "internal_plain"
|
authentication = "internal_plain"
|
||||||
|
|
||||||
Component "focus.jitsi"
|
Component "focus.jitsi" "client_proxy"
|
||||||
component_secret = "jicofosecretpass"
|
target_address = "focus@auth.jitsi"
|
||||||
|
|
||||||
Component "speakerstats.jitsi" "speakerstats_component"
|
Component "speakerstats.jitsi" "speakerstats_component"
|
||||||
muc_component = "conference.jitsi"
|
muc_component = "conference.jitsi"
|
||||||
|
|
1
app/jitsi/secrets/jitsi/auth.jitsi.crt
Normal file
1
app/jitsi/secrets/jitsi/auth.jitsi.crt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SSL_CERT jitsi_auth auth.jitsi
|
|
@ -1 +0,0 @@
|
||||||
SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr
|
|
|
@ -1 +0,0 @@
|
||||||
SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr
|
|
1
app/jitsi/secrets/jitsi/auth.jitsi.key
Normal file
1
app/jitsi/secrets/jitsi/auth.jitsi.key
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SSL_KEY jitsi_auth auth.jitsi
|
1
app/jitsi/secrets/jitsi/jicofo_pass
Normal file
1
app/jitsi/secrets/jitsi/jicofo_pass
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -base64 24
|
1
app/jitsi/secrets/jitsi/jitsi.crt
Normal file
1
app/jitsi/secrets/jitsi/jitsi.crt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SSL_CERT jitsi jitsi
|
|
@ -1 +0,0 @@
|
||||||
SSL_CERT jitsi jitsi.deuxfleurs.fr
|
|
|
@ -1 +0,0 @@
|
||||||
SSL_KEY jitsi
|
|
1
app/jitsi/secrets/jitsi/jitsi.key
Normal file
1
app/jitsi/secrets/jitsi/jitsi.key
Normal file
|
@ -0,0 +1 @@
|
||||||
|
SSL_KEY jitsi jitsi
|
1
app/jitsi/secrets/jitsi/jvb_pass
Normal file
1
app/jitsi/secrets/jitsi/jvb_pass
Normal file
|
@ -0,0 +1 @@
|
||||||
|
CMD openssl rand -base64 24
|
25
app/metrics/deploy/metrics.hcl
Normal file
25
app/metrics/deploy/metrics.hcl
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
job "metrics" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "system"
|
||||||
|
priority = "100"
|
||||||
|
|
||||||
|
group "node_exporter" {
|
||||||
|
task "node_exporter" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "quay.io/prometheus/node-exporter:v1.1.2"
|
||||||
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"/:/host:ro,rslave"
|
||||||
|
]
|
||||||
|
args = [ "--path.rootfs=/host" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 50
|
||||||
|
memory = 40
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -24,15 +24,14 @@ RUN git clone -n https://git.joinplu.me/Plume/Plume.git plume
|
||||||
WORKDIR /opt/plume
|
WORKDIR /opt/plume
|
||||||
RUN git checkout ${VERSION}
|
RUN git checkout ${VERSION}
|
||||||
|
|
||||||
RUN cargo install diesel_cli --no-default-features --features postgres --version '=1.3.0'
|
WORKDIR /opt/plume/script
|
||||||
|
RUN chmod a+x ./wasm-deps.sh && sleep 1 && ./wasm-deps.sh
|
||||||
|
|
||||||
# frontend
|
WORKDIR /opt/plume
|
||||||
RUN cargo install cargo-web
|
RUN cargo install wasm-pack
|
||||||
RUN cargo web deploy -p plume-front --release
|
RUN chmod a+x ./script/plume-front.sh && sleep 1 && ./script/plume-front.sh
|
||||||
# backend
|
RUN cargo install --path ./ --force --no-default-features --features postgres
|
||||||
RUN cargo install --no-default-features --features postgres -f --path .
|
RUN cargo install --path plume-cli --force --no-default-features --features postgres
|
||||||
# cli
|
|
||||||
RUN cargo install --no-default-features --features postgres --path plume-cli
|
|
||||||
RUN cargo clean
|
RUN cargo clean
|
||||||
|
|
||||||
#-----------------------------
|
#-----------------------------
|
||||||
|
@ -46,7 +45,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY --from=builder /opt/plume /app
|
COPY --from=builder /opt/plume /app
|
||||||
COPY --from=builder /usr/local/cargo/bin/diesel /usr/local/bin/
|
|
||||||
COPY --from=builder /usr/local/cargo/bin/plm /usr/local/bin/
|
COPY --from=builder /usr/local/cargo/bin/plm /usr/local/bin/
|
||||||
COPY --from=builder /usr/local/cargo/bin/plume /usr/local/bin/
|
COPY --from=builder /usr/local/cargo/bin/plume /usr/local/bin/
|
||||||
COPY plm-start /usr/local/bin/
|
COPY plm-start /usr/local/bin/
|
||||||
|
|
|
@ -17,7 +17,7 @@ job "plume" {
|
||||||
task "plume" {
|
task "plume" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "superboum/plume:v2"
|
image = "superboum/plume:v3"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
#command = "cat"
|
#command = "cat"
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
From c4e0e967752868626772a3317a17d25d181daeda Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Dufour <quentin@deuxfleurs.fr>
|
||||||
|
Date: Thu, 15 Apr 2021 12:35:12 +0200
|
||||||
|
Subject: [PATCH] Add max-rate to pg_basebackup
|
||||||
|
|
||||||
|
---
|
||||||
|
internal/postgresql/postgresql.go | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/internal/postgresql/postgresql.go b/internal/postgresql/postgresql.go
|
||||||
|
index 00c14bc..a37a28c 100644
|
||||||
|
--- a/internal/postgresql/postgresql.go
|
||||||
|
+++ b/internal/postgresql/postgresql.go
|
||||||
|
@@ -963,7 +963,7 @@ func (p *Manager) SyncFromFollowed(followedConnParams ConnParams, replSlot strin
|
||||||
|
|
||||||
|
log.Infow("running pg_basebackup")
|
||||||
|
name := filepath.Join(p.pgBinPath, "pg_basebackup")
|
||||||
|
- args := []string{"-R", "-v", "-P", "-Xs", "-D", p.dataDir, "-d", followedConnString}
|
||||||
|
+ args := []string{"-R", "-v", "-P", "--max-rate", "5M", "-Xs", "-D", p.dataDir, "-d", followedConnString}
|
||||||
|
if replSlot != "" {
|
||||||
|
args = append(args, "--slot", replSlot)
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
|
@ -1,19 +1,18 @@
|
||||||
|
FROM golang:1.13-buster AS builder
|
||||||
|
|
||||||
|
ARG STOLON_VERSION
|
||||||
|
WORKDIR /stolon
|
||||||
|
RUN git clone https://github.com/sorintlab/stolon .
|
||||||
|
RUN git pull && git checkout ${STOLON_VERSION}
|
||||||
|
RUN go mod download
|
||||||
|
COPY 0001-Add-max-rate-to-pg_basebackup.patch .
|
||||||
|
RUN git apply 0001-Add-max-rate-to-pg_basebackup.patch
|
||||||
|
RUN make && chmod +x /stolon/bin/*
|
||||||
|
|
||||||
FROM amd64/debian:stretch
|
FROM amd64/debian:stretch
|
||||||
|
ARG PG_VERSION
|
||||||
RUN echo "deb http://deb.debian.org/debian stretch-backports main contrib non-free # available after stretch release" > /etc/apt/sources.list.d/stretch-backports.list && \
|
RUN apt-get update && \
|
||||||
apt-get update && \
|
apt-get install -y postgresql-all=${PG_VERSION}
|
||||||
apt-get -qq -y full-upgrade && \
|
COPY --from=builder /stolon/bin /usr/local/bin
|
||||||
apt-get install -y postgresql-all golang-1.11 git && \
|
|
||||||
export GOPATH=/usr/local/go && \
|
|
||||||
mkdir -p /usr/local/go/src/github.com/sorintlab && \
|
|
||||||
cd /usr/local/go/src/github.com/sorintlab && \
|
|
||||||
git clone --depth=1 https://github.com/sorintlab/stolon && \
|
|
||||||
ln -s /usr/lib/go-1.11/bin/go /usr/bin/go && \
|
|
||||||
ln -s /usr/lib/go-1.11/bin/gofmt /usr/bin/gofmt && \
|
|
||||||
cd ./stolon && \
|
|
||||||
./build && \
|
|
||||||
mv /usr/local/go/src/github.com/sorintlab/stolon/bin/* /usr/local/bin/ && \
|
|
||||||
rm -rf /usr/local/go
|
|
||||||
|
|
||||||
USER postgres
|
USER postgres
|
||||||
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
```
|
|
||||||
docker build -t superboum/arm32v7_postgres .
|
|
||||||
docker build -t superboum/amd64_postgres:v2 .
|
|
||||||
```
|
|
|
@ -1,22 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ -f /local/pg_hba.conf ]; then
|
|
||||||
echo "Copying Nomad configuration..."
|
|
||||||
cp /local/pg_hba.conf /etc/postgresql/9.6/main/
|
|
||||||
echo "Done"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [ -z "$(ls -A /var/lib/postgresql/9.6/main)" ]; then
|
|
||||||
echo "Copying base"
|
|
||||||
cp -r /var/lib/postgresql/9.6/base/* /var/lib/postgresql/9.6/main
|
|
||||||
echo "Done"
|
|
||||||
fi
|
|
||||||
|
|
||||||
chmod -R 700 /var/lib/postgresql/9.6/main
|
|
||||||
chown -R postgres /var/lib/postgresql/9.6/main
|
|
||||||
|
|
||||||
echo "Starting postgres..."
|
|
||||||
. /usr/share/postgresql-common/init.d-functions
|
|
||||||
start 9.6
|
|
||||||
tail -f /var/log/postgresql/postgresql-9.6-main.log
|
|
|
@ -1,11 +1,13 @@
|
||||||
job "postgres" {
|
job "postgres9.6" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "system"
|
type = "system"
|
||||||
priority = 90
|
priority = 90
|
||||||
|
|
||||||
update {
|
update {
|
||||||
max_parallel = 1
|
max_parallel = 1
|
||||||
stagger = "2m"
|
min_healthy_time = "2m"
|
||||||
|
healthy_deadline = "5m"
|
||||||
|
auto_revert = true
|
||||||
}
|
}
|
||||||
|
|
||||||
group "postgres" {
|
group "postgres" {
|
||||||
|
@ -18,7 +20,7 @@ job "postgres" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_postgres:v3"
|
image = "superboum/amd64_postgres:v5"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
command = "/usr/local/bin/stolon-sentinel"
|
command = "/usr/local/bin/stolon-sentinel"
|
||||||
|
@ -37,7 +39,7 @@ job "postgres" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_postgres:v3"
|
image = "superboum/amd64_postgres:v5"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
command = "/usr/local/bin/stolon-proxy"
|
command = "/usr/local/bin/stolon-proxy"
|
||||||
|
@ -46,7 +48,8 @@ job "postgres" {
|
||||||
"--store-backend", "consul",
|
"--store-backend", "consul",
|
||||||
"--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
|
"--store-endpoints", "http://consul.service.2.cluster.deuxfleurs.fr:8500",
|
||||||
"--port", "${NOMAD_PORT_psql_proxy_port}",
|
"--port", "${NOMAD_PORT_psql_proxy_port}",
|
||||||
"--listen-address", "0.0.0.0"
|
"--listen-address", "0.0.0.0",
|
||||||
|
"--log-level", "info"
|
||||||
]
|
]
|
||||||
ports = [ "psql_proxy_port" ]
|
ports = [ "psql_proxy_port" ]
|
||||||
}
|
}
|
||||||
|
@ -78,7 +81,7 @@ job "postgres" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "superboum/amd64_postgres:v3"
|
image = "superboum/amd64_postgres:v5"
|
||||||
network_mode = "host"
|
network_mode = "host"
|
||||||
readonly_rootfs = false
|
readonly_rootfs = false
|
||||||
command = "/usr/local/bin/stolon-keeper"
|
command = "/usr/local/bin/stolon-keeper"
|
||||||
|
@ -114,18 +117,12 @@ job "postgres" {
|
||||||
tags = ["sql"]
|
tags = ["sql"]
|
||||||
port = "psql_port"
|
port = "psql_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "keeper"
|
name = "psql-keeper"
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = "psql_port"
|
port = "psql_port"
|
||||||
interval = "60s"
|
interval = "60s"
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "60m"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,8 +26,8 @@ job "science" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 1000
|
cpu = 100
|
||||||
memory = 1200
|
memory = 250
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
|
|
@ -373,5 +373,8 @@ if __name__ == "__main__":
|
||||||
elif val == "regen":
|
elif val == "regen":
|
||||||
gen_secrets(sys.argv[i+1:], True)
|
gen_secrets(sys.argv[i+1:], True)
|
||||||
break
|
break
|
||||||
|
else:
|
||||||
|
print("Usage:")
|
||||||
|
print(" secretmgr.py [check|gen|regen] <module name>...")
|
||||||
|
|
||||||
|
|
||||||
|
|
69
hammerhead/README.md
Normal file
69
hammerhead/README.md
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
# Hammerhead Configuration
|
||||||
|
|
||||||
|
## Roadmap
|
||||||
|
|
||||||
|
0. Prior
|
||||||
|
|
||||||
|
* The OS is fully installed and configured using the `os/config` Ansible scripts.
|
||||||
|
* Nomad and Consul on HammerHead have custom configurations compared to the rest of the cluster. The configuration files `os/config/nomad.hcl` and `os/config/consul.json` need to be in sync on the server at `/etc/nomad/nomad.hcl` and `/etc/consul/consul.json` respectively.
|
||||||
|
|
||||||
|
1. Base components: things that need to be installed before services
|
||||||
|
|
||||||
|
* [x] Dummy HTTP server to have something to work with.
|
||||||
|
* [x] Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc.
|
||||||
|
|
||||||
|
SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation.
|
||||||
|
|
||||||
|
Consequently, SSL is not supported at the moment. (It would be manual using nginx.)
|
||||||
|
|
||||||
|
* [x] Generate services configuration outside the nginx service definition.
|
||||||
|
|
||||||
|
Can't do because of *separation of concerns*: files needed by nginx need to be defined in the nginx job specification.
|
||||||
|
|
||||||
|
Solution: each new web service needs:
|
||||||
|
|
||||||
|
* an nginx configuration template at `app/nginx/config`
|
||||||
|
* a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.
|
||||||
|
|
||||||
|
2. Gitea installation
|
||||||
|
|
||||||
|
* [x] persistent data -> `host_volume`
|
||||||
|
|
||||||
|
* [x] Postgres database
|
||||||
|
|
||||||
|
* [x] Persistent data volume - using `host_volume` in the `client` config of Nomad (requires a restart, and it's not so fun to add volumes there).
|
||||||
|
|
||||||
|
* [x] How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect !
|
||||||
|
|
||||||
|
* [ ] Avoid exposing gitea publicly (on port 3000). Can't without heavy configuration of nginx, to leverage sidecars. Adding another service would be even more painful than it already is.
|
||||||
|
|
||||||
|
* [ ] SSL. Can't without heavy-lifting, again due to nginx.
|
||||||
|
|
||||||
|
Conclusion: Don't use nginx.
|
||||||
|
|
||||||
|
2. Wiki installation
|
||||||
|
|
||||||
|
* Postgres database
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
3. Gitea migration
|
||||||
|
|
||||||
|
* Postgres database: needs to be its own Nomad job.
|
||||||
|
* Gitea: setting it up on Nomad.
|
||||||
|
* Migrating data from Serenity, where the DB is MySQL. Expect fun times.
|
||||||
|
* Database & files periodic backups
|
||||||
|
|
||||||
|
4. Synapse migration
|
||||||
|
|
||||||
|
* Postgres already setup
|
||||||
|
* Migrating from a Postgres on Serenity (easier)
|
||||||
|
* Backups
|
||||||
|
|
||||||
|
5. [Own/Next]cloud: Adrien needs it for himself.
|
||||||
|
|
||||||
|
* Compare distribution capabilities / S3-compatibility between the two solutions. The assumption is that Owncloud's Go rewrite is the better fit.
|
||||||
|
* Do the things.
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
job "countdash" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
|
||||||
|
group "api" {
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "count-api"
|
||||||
|
port = "9001"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "web" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "hashicorpnomad/counter-api:v3"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
group "dashboard" {
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
|
||||||
|
port "http" {
|
||||||
|
static = 9002
|
||||||
|
to = 9002
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "count-dashboard"
|
||||||
|
port = "9002"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {
|
||||||
|
proxy {
|
||||||
|
upstreams {
|
||||||
|
destination_name = "count-api"
|
||||||
|
local_bind_port = 8080
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "dashboard" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
env {
|
||||||
|
COUNTING_SERVICE_URL = "http://${NOMAD_UPSTREAM_ADDR_count_api}"
|
||||||
|
}
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "hashicorpnomad/counter-dashboard:v3"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,37 @@
|
||||||
|
job "dummy-http-server" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
group "server-group" {
|
||||||
|
count = 5
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "http" {}
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "dummy-http-server"
|
||||||
|
port = "http"
|
||||||
|
check {
|
||||||
|
type = "http"
|
||||||
|
path = "/health"
|
||||||
|
interval = "2s"
|
||||||
|
timeout = "2s"
|
||||||
|
}
|
||||||
|
tags = [
|
||||||
|
"url=dummy.hammerhead.luxeylab.net"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
task "server" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
ports = ["http"]
|
||||||
|
image = "hashicorp/http-echo:latest"
|
||||||
|
args = [
|
||||||
|
"-listen", ":${NOMAD_PORT_http}",
|
||||||
|
"-text", "Hello and welcome to ${NOMAD_IP_http}:${NOMAD_PORT_http}",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
113
hammerhead/app/gitea/deploy/gitea.hcl
Normal file
113
hammerhead/app/gitea/deploy/gitea.hcl
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
job "gitea" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
|
||||||
|
group "gitea" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
volume "gitea-data" {
|
||||||
|
type = "host"
|
||||||
|
read_only = false
|
||||||
|
source = "gitea-data"
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
port "ssh" {
|
||||||
|
static = 22
|
||||||
|
}
|
||||||
|
# port "http" {
|
||||||
|
# static = 3000
|
||||||
|
# to = 3000
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "gitea-frontend"
|
||||||
|
port = "3000"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {}
|
||||||
|
}
|
||||||
|
|
||||||
|
# check {
|
||||||
|
# name = "alive"
|
||||||
|
# type = "tcp"
|
||||||
|
# interval = "10s"
|
||||||
|
# timeout = "2s"
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "gitea-ssh"
|
||||||
|
port = "ssh"
|
||||||
|
|
||||||
|
# check {
|
||||||
|
# name = "alive"
|
||||||
|
# type = "tcp"
|
||||||
|
# interval = "10s"
|
||||||
|
# timeout = "2s"
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "gitea-postgres-connector"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {
|
||||||
|
proxy {
|
||||||
|
upstreams {
|
||||||
|
# Required
|
||||||
|
destination_name = "postgres"
|
||||||
|
local_bind_port = "5432"
|
||||||
|
# Optional
|
||||||
|
local_bind_address = "127.0.0.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "gitea" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
ports = ["ssh"]
|
||||||
|
image = "gitea/gitea:1.14.2"
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/etc/timezone:/etc/timezone:ro",
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
volume_mount {
|
||||||
|
volume = "gitea-data"
|
||||||
|
destination = "/data"
|
||||||
|
read_only = false
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
# Consul Template only works in template stanza.
|
||||||
|
# We need it to fetch secret values from Consul.
|
||||||
|
# The "env = true" parameter sets the environment with the data.
|
||||||
|
# "destination" key is required but its value doesn't matter.
|
||||||
|
data = <<EOH
|
||||||
|
DB_TYPE = "postgres"
|
||||||
|
DB_USER = "{{ key "secrets/postgres/gitea/user" }}"
|
||||||
|
DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"
|
||||||
|
DB_NAME = "{{ key "secrets/postgres/gitea/db_name" }}"
|
||||||
|
EOH
|
||||||
|
|
||||||
|
destination = "secrets/env.env"
|
||||||
|
env = true
|
||||||
|
change_mode = "restart"
|
||||||
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
DOMAIN = "gitea.hammerhead.luxeylab.net"
|
||||||
|
SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
|
||||||
|
DB_HOST = "${NOMAD_UPSTREAM_ADDR_postgres}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
17
hammerhead/app/nginx/config/dummy-http-server.tpl
Normal file
17
hammerhead/app/nginx/config/dummy-http-server.tpl
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
upstream dummy-http-server-backend {
|
||||||
|
{{ range service "dummy-http-server" }}
|
||||||
|
server {{ .Address }}:{{ .Port }};
|
||||||
|
{{ else }}
|
||||||
|
server 127.0.0.1:65535; # force a 502
|
||||||
|
{{ end }}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name dummy.hammerhead.luxeylab.net;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://dummy-http-server-backend;
|
||||||
|
}
|
||||||
|
}
|
27
hammerhead/app/nginx/config/gitea.tpl
Normal file
27
hammerhead/app/nginx/config/gitea.tpl
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
upstream gitea-frontend {
|
||||||
|
server 127.0.0.1:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name gitea.hammerhead.luxeylab.net;
|
||||||
|
|
||||||
|
|
||||||
|
# Forward information from nginx to the upstream
|
||||||
|
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
location / {
|
||||||
|
# Forward information from nginx to the upstream
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
||||||
|
proxy_pass http://gitea-frontend;
|
||||||
|
}
|
||||||
|
}
|
73
hammerhead/app/nginx/deploy/nginx.hcl
Normal file
73
hammerhead/app/nginx/deploy/nginx.hcl
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
job "nginx" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
|
||||||
|
group "nginx" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
port "http" {
|
||||||
|
static = 80
|
||||||
|
}
|
||||||
|
port "https" {
|
||||||
|
static = 443
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# volume "certs" {
|
||||||
|
# type = "host"
|
||||||
|
# source = "ca-certificates"
|
||||||
|
# # read_only = true
|
||||||
|
# }
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "nginx"
|
||||||
|
port = "http"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "nginx-gitea-frontend-connector"
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {
|
||||||
|
proxy {
|
||||||
|
upstreams {
|
||||||
|
# Required
|
||||||
|
destination_name = "gitea-frontend"
|
||||||
|
local_bind_port = "3000"
|
||||||
|
# Optional
|
||||||
|
local_bind_address = "127.0.0.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "nginx" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
ports = ["http", "https"]
|
||||||
|
image = "nginx"
|
||||||
|
volumes = [
|
||||||
|
"local:/etc/nginx/conf.d",
|
||||||
|
#"certs:..."
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# template {
|
||||||
|
# data = file("../config/dummy-http-server.tpl")
|
||||||
|
# destination = "local/dummy-http-server.conf"
|
||||||
|
# change_mode = "signal"
|
||||||
|
# change_signal = "SIGHUP"
|
||||||
|
# }
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/gitea.tpl")
|
||||||
|
destination = "local/gitea.conf"
|
||||||
|
change_mode = "signal"
|
||||||
|
change_signal = "SIGHUP"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
86
hammerhead/app/postgres/deploy/postgres.hcl
Normal file
86
hammerhead/app/postgres/deploy/postgres.hcl
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
# Example PostgreSQL job file: https://github.com/GuyBarros/nomad_jobs/blob/master/postgresSQL.nomad
|
||||||
|
|
||||||
|
job "postgres" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "service"
|
||||||
|
|
||||||
|
group "postgres" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
|
volume "postgres-data" {
|
||||||
|
type = "host"
|
||||||
|
read_only = false
|
||||||
|
source = "postgres-data"
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
mode = "bridge"
|
||||||
|
# port "db" {
|
||||||
|
# static = 5432
|
||||||
|
# to = 5432
|
||||||
|
# }
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "postgres"
|
||||||
|
port = "5432"
|
||||||
|
|
||||||
|
# check {
|
||||||
|
# name = "alive"
|
||||||
|
# type = "tcp"
|
||||||
|
# interval = "10s"
|
||||||
|
# timeout = "2s"
|
||||||
|
# }
|
||||||
|
|
||||||
|
connect {
|
||||||
|
sidecar_service {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
task "postgres" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
# ports = ["db"]
|
||||||
|
image = "postgres"
|
||||||
|
}
|
||||||
|
|
||||||
|
volume_mount {
|
||||||
|
volume = "postgres-data"
|
||||||
|
destination = "/var/lib/postgresql/data"
|
||||||
|
read_only = false
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
# Consul Template only works in template stanza.
|
||||||
|
# We need it to fetch secret values from Consul.
|
||||||
|
# The "env = true" parameter sets the environment with the data.
|
||||||
|
# "destination" key is required but its value doesn't matter.
|
||||||
|
data = <<EOH
|
||||||
|
POSTGRES_USER = "{{ key "secrets/postgres/user" }}"
|
||||||
|
POSTGRES_PASSWORD = "{{ key "secrets/postgres/password" }}"
|
||||||
|
EOH
|
||||||
|
|
||||||
|
destination = "secrets/env.env"
|
||||||
|
env = true
|
||||||
|
change_mode = "restart"
|
||||||
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
PGDATA = "/var/lib/postgresql/data"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# resources {
|
||||||
|
# # cpu = 1000
|
||||||
|
# # memory = 1024
|
||||||
|
# network {
|
||||||
|
# # mbits = 10
|
||||||
|
# port "db" {
|
||||||
|
# static = 5432
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
50
hammerhead/app/traefik/config/traefik.toml
Normal file
50
hammerhead/app/traefik/config/traefik.toml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
InsecureSkipVerify = true
|
||||||
|
defaultEntryPoints = ["http", "https"]
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.admin]
|
||||||
|
address = ":8082"
|
||||||
|
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":80"
|
||||||
|
[entryPoints.http.redirect]
|
||||||
|
entryPoint = "https"
|
||||||
|
|
||||||
|
[entryPoints.https]
|
||||||
|
address = ":443"
|
||||||
|
compress = true
|
||||||
|
[entryPoints.https.tls]
|
||||||
|
|
||||||
|
[ping]
|
||||||
|
entrypoint = "admin"
|
||||||
|
|
||||||
|
[retry]
|
||||||
|
|
||||||
|
[acme]
|
||||||
|
email = "adrien@luxeylab.net"
|
||||||
|
storage = "traefik/acme/account"
|
||||||
|
entryPoint = "https"
|
||||||
|
onHostRule = true
|
||||||
|
|
||||||
|
[acme.httpChallenge]
|
||||||
|
entryPoint = "http"
|
||||||
|
|
||||||
|
[api]
|
||||||
|
entryPoint = "admin"
|
||||||
|
dashboard = true
|
||||||
|
|
||||||
|
[consul]
|
||||||
|
endpoint = "172.17.0.1:8500"
|
||||||
|
watch = true
|
||||||
|
prefix = "traefik"
|
||||||
|
|
||||||
|
[consulCatalog]
|
||||||
|
endpoint = "172.17.0.1:8500"
|
||||||
|
prefix = "traefik"
|
||||||
|
# domain = "web.deuxfleurs.fr"
|
||||||
|
exposedByDefault = false
|
||||||
|
|
||||||
|
# [metrics]
|
||||||
|
# [metrics.prometheus]
|
||||||
|
# # -- below is for traefik 1.7 see https://doc.traefik.io/traefik/v1.7/configuration/metrics/
|
||||||
|
# entryPoint = "admin"
|
72
hammerhead/app/traefik/deploy/traefik.hcl
Normal file
72
hammerhead/app/traefik/deploy/traefik.hcl
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
job "traefik" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "service"
|
||||||
|
priority = 80
|
||||||
|
|
||||||
|
group "traefik" {
|
||||||
|
|
||||||
|
network {
|
||||||
|
port "http_port" { static = 80 }
|
||||||
|
port "https_port" { static = 443 }
|
||||||
|
port "admin_port" { static = 8082 }
|
||||||
|
}
|
||||||
|
|
||||||
|
task "server" {
|
||||||
|
driver = "docker"
|
||||||
|
|
||||||
|
config {
|
||||||
|
image = "amd64/traefik:1.7.20"
|
||||||
|
readonly_rootfs = true
|
||||||
|
network_mode = "host"
|
||||||
|
volumes = [
|
||||||
|
"secrets/traefik.toml:/etc/traefik/traefik.toml",
|
||||||
|
]
|
||||||
|
ports = [ "http_port", "https_port", "admin_port" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 265
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = file("../config/traefik.toml")
|
||||||
|
destination = "secrets/traefik.toml"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "traefik-http"
|
||||||
|
port = "http_port"
|
||||||
|
# tags = [ "(diplonat (tcp_port 80))" ]
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "traefik-https"
|
||||||
|
port = "https_port"
|
||||||
|
# tags = [ "(diplonat (tcp_port 443))" ]
|
||||||
|
address_mode = "host"
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "traefik-admin"
|
||||||
|
port = "admin_port"
|
||||||
|
address_mode = "host"
|
||||||
|
check {
|
||||||
|
type = "http"
|
||||||
|
protocol = "http"
|
||||||
|
port = 8082
|
||||||
|
address_mode = "driver"
|
||||||
|
path = "/ping"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "90s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
24
hammerhead/os/config/consul.json
Normal file
24
hammerhead/os/config/consul.json
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
"data_dir": "/var/lib/consul",
|
||||||
|
"bind_addr": "[::]",
|
||||||
|
"advertise_addr": "2001:41d0:8:ba0b::1",
|
||||||
|
"addresses": {
|
||||||
|
"dns": "[::]",
|
||||||
|
"http": "[::]",
|
||||||
|
"grpc": "[::]"
|
||||||
|
},
|
||||||
|
"bootstrap_expect": 1,
|
||||||
|
"server": true,
|
||||||
|
"ui_config": {
|
||||||
|
"enabled": true
|
||||||
|
},
|
||||||
|
"ports": {
|
||||||
|
"dns": 53,
|
||||||
|
"grpc": 8502
|
||||||
|
},
|
||||||
|
"encrypt": "2B2vxbfCRzu3Q29LEJAZBg==",
|
||||||
|
"domain": "hammerhead.deuxfleurs.fr",
|
||||||
|
"connect": {
|
||||||
|
"enabled": true
|
||||||
|
}
|
||||||
|
}
|
40
hammerhead/os/config/consul.old.json
Normal file
40
hammerhead/os/config/consul.old.json
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
"data_dir": "/var/lib/consul",
|
||||||
|
"bind_addr": "[::]",
|
||||||
|
"advertise_addr": "2001:41d0:8:ba0b::1",
|
||||||
|
"addresses": {
|
||||||
|
"dns": "[::]",
|
||||||
|
"http": "[::]"
|
||||||
|
},
|
||||||
|
"retry_join": [
|
||||||
|
"2001:41d0:8:ba0b::1"
|
||||||
|
],
|
||||||
|
"bootstrap_expect": 1,
|
||||||
|
"server": true,
|
||||||
|
"ui": {
|
||||||
|
"enabled": true
|
||||||
|
},
|
||||||
|
"acl": {
|
||||||
|
"enabled": true,
|
||||||
|
"default_policy": "deny",
|
||||||
|
"enable_token_persistence": true,
|
||||||
|
},
|
||||||
|
"ports": {
|
||||||
|
"dns": 53,
|
||||||
|
"grpc": 8502
|
||||||
|
},
|
||||||
|
"recursors": [
|
||||||
|
"213.186.33.99",
|
||||||
|
"172.104.136.243"
|
||||||
|
],
|
||||||
|
"encrypt": "2B2vxbfCRzu3Q29LEJAZBg==",
|
||||||
|
"domain": "hammerhead.deuxfleurs.fr",
|
||||||
|
"performance": {
|
||||||
|
"raft_multiplier": 10,
|
||||||
|
"rpc_hold_timeout": "30s",
|
||||||
|
"leave_drain_time": "30s"
|
||||||
|
},
|
||||||
|
"connect": {
|
||||||
|
"enabled": true
|
||||||
|
}
|
||||||
|
}
|
59
hammerhead/os/config/nomad.hcl
Normal file
59
hammerhead/os/config/nomad.hcl
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
addresses {
|
||||||
|
http = "::"
|
||||||
|
rpc = "::"
|
||||||
|
serf = "::"
|
||||||
|
}
|
||||||
|
|
||||||
|
advertise {
|
||||||
|
http = "2001:41d0:8:ba0b::1"
|
||||||
|
rpc = "2001:41d0:8:ba0b::1"
|
||||||
|
serf = "2001:41d0:8:ba0b::1"
|
||||||
|
}
|
||||||
|
|
||||||
|
bind_addr = "[::]"
|
||||||
|
|
||||||
|
data_dir = "/var/lib/nomad"
|
||||||
|
|
||||||
|
server {
|
||||||
|
enabled = true
|
||||||
|
bootstrap_expect = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
consul {
|
||||||
|
address = "[::1]:8500"
|
||||||
|
grpc_address = "[::1]:8502"
|
||||||
|
}
|
||||||
|
|
||||||
|
client {
|
||||||
|
enabled = true
|
||||||
|
servers = ["[::1]:4648"]
|
||||||
|
network_interface = "eno1"
|
||||||
|
options {
|
||||||
|
docker.privileged.enabled = "true"
|
||||||
|
docker.volumes.enabled = "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
host_volume "postgres-data" {
|
||||||
|
path = "/opt/postgres/data"
|
||||||
|
read_only = false
|
||||||
|
}
|
||||||
|
|
||||||
|
host_volume "gitea-data" {
|
||||||
|
path = "/opt/gitea/data"
|
||||||
|
read_only = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
plugin "raw_exec" {
|
||||||
|
config {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
telemetry {
|
||||||
|
collection_interval = "1s"
|
||||||
|
disable_hostname = false
|
||||||
|
prometheus_metrics = true
|
||||||
|
publish_allocation_metrics = true
|
||||||
|
publish_node_metrics = true
|
||||||
|
}
|
|
@ -64,3 +64,9 @@ stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http
|
||||||
```
|
```
|
||||||
stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }'
|
stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "usePgrewind" : true }'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- 2021-03-14 Increase proxy timeout to cope with consul latency spikes
|
||||||
|
|
||||||
|
```
|
||||||
|
stolonctl --cluster-name pissenlit --store-backend consul --store-endpoints http://consul.service.2.cluster.deuxfleurs.fr:8500 update --patch '{ "proxyTimeout" : "120s" }'
|
||||||
|
```
|
||||||
|
|
15
op_guide/traefik/fix_acme.md
Normal file
15
op_guide/traefik/fix_acme.md
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
```
|
||||||
|
curl http://127.0.0.1:8500/v1/kv/traefik/acme/account/object?raw > traefik.gzip
|
||||||
|
gunzip -c traefik.gzip > traefik.json
|
||||||
|
cat traefik.json | jq '.DomainsCertificate.Certs[] | .Certificate.Domain, .Domains.Main'
|
||||||
|
# "alps.deuxfleurs.fr"
|
||||||
|
# "alps.deuxfleurs.fr"
|
||||||
|
# "cloud.deuxfleurs.fr"
|
||||||
|
# "cloud.deuxfleurs.fr"
|
||||||
|
# chaque NDD doit apparaitre 2x à la suite sinon fix comme suit
|
||||||
|
cat traefik.json | jq > traefik-new.json
|
||||||
|
vim traefik-new.json
|
||||||
|
# enlever les certifs corrompus, traefik les renouvellera automatiquement au démarrage
|
||||||
|
gzip -c traefik-new.json > traefik-new.gzip
|
||||||
|
curl --request PUT --data-binary @traefik-new.gzip http://127.0.0.1:8500/v1/kv/traefik/acme/account/object
|
||||||
|
```
|
|
@ -4,9 +4,9 @@ cluster_nodes:
|
||||||
ansible_host: atuin.site.deuxfleurs.fr
|
ansible_host: atuin.site.deuxfleurs.fr
|
||||||
ansible_port: 110
|
ansible_port: 110
|
||||||
ansible_become: true
|
ansible_become: true
|
||||||
ipv4: 192.168.1.2
|
ipv4: 192.168.0.2
|
||||||
gatewayv4: 192.168.1.254
|
gatewayv4: 192.168.0.254
|
||||||
ipv6: 2a01:e34:ec5c:dbe0::2
|
ipv6: 2a01:e0a:260:b5b0::2
|
||||||
gatewayv6: 2a01:e34:ec5c:dbe0::1
|
gatewayv6: 2a01:e34:ec5c:dbe0::1
|
||||||
interface: eno1
|
interface: eno1
|
||||||
dns_1: 212.27.40.240
|
dns_1: 212.27.40.240
|
||||||
|
@ -17,10 +17,10 @@ cluster_nodes:
|
||||||
ansible_host: atuin.site.deuxfleurs.fr
|
ansible_host: atuin.site.deuxfleurs.fr
|
||||||
ansible_port: 111
|
ansible_port: 111
|
||||||
ansible_become: true
|
ansible_become: true
|
||||||
ipv4: 192.168.1.3
|
ipv4: 192.168.0.3
|
||||||
gatewayv4: 192.168.1.254
|
gatewayv4: 192.168.0.254
|
||||||
ipv6: 2a01:e34:ec5c:dbe0::3
|
ipv6: 2a01:e0a:260:b5b0::3
|
||||||
gatewayv6: 2a01:e34:ec5c:dbe0::1
|
gatewayv6: 2a01:e0a:260:b5b0::1
|
||||||
interface: eno1
|
interface: eno1
|
||||||
dns_1: 212.27.40.240
|
dns_1: 212.27.40.240
|
||||||
dns_2: 212.27.40.241
|
dns_2: 212.27.40.241
|
||||||
|
@ -30,10 +30,10 @@ cluster_nodes:
|
||||||
ansible_host: atuin.site.deuxfleurs.fr
|
ansible_host: atuin.site.deuxfleurs.fr
|
||||||
ansible_port: 112
|
ansible_port: 112
|
||||||
ansible_become: true
|
ansible_become: true
|
||||||
ipv4: 192.168.1.4
|
ipv4: 192.168.0.4
|
||||||
gatewayv4: 192.168.1.254
|
gatewayv4: 192.168.0.254
|
||||||
ipv6: 2a01:e34:ec5c:dbe0::4
|
ipv6: 2a01:e0a:260:b5b0::4
|
||||||
gatewayv6: 2a01:e34:ec5c:dbe0::1
|
gatewayv6: 2a01:e0a:260:b5b0::1
|
||||||
interface: eno1
|
interface: eno1
|
||||||
dns_1: 212.27.40.240
|
dns_1: 212.27.40.240
|
||||||
dns_2: 212.27.40.241
|
dns_2: 212.27.40.241
|
||||||
|
|
|
@ -39,6 +39,8 @@
|
||||||
- net-tools
|
- net-tools
|
||||||
- strace
|
- strace
|
||||||
- sudo
|
- sudo
|
||||||
|
- ethtool
|
||||||
|
- pciutils
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: "Passwordless sudo"
|
- name: "Passwordless sudo"
|
||||||
|
|
|
@ -24,8 +24,15 @@
|
||||||
"encrypt": "{{ consul_gossip_encrypt }}",
|
"encrypt": "{{ consul_gossip_encrypt }}",
|
||||||
"domain": "2.cluster.deuxfleurs.fr",
|
"domain": "2.cluster.deuxfleurs.fr",
|
||||||
"performance": {
|
"performance": {
|
||||||
"raft_multiplier": 10,
|
"raft_multiplier": 5,
|
||||||
"rpc_hold_timeout": "30s",
|
"rpc_hold_timeout": "30s",
|
||||||
"leave_drain_time": "30s"
|
"leave_drain_time": "30s"
|
||||||
|
},
|
||||||
|
"dns_config": {
|
||||||
|
"allow_stale": true
|
||||||
|
},
|
||||||
|
"telemetry": {
|
||||||
|
"disable_hostname": true,
|
||||||
|
"prometheus_retention_time": "2h"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,6 +38,8 @@
|
||||||
-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
|
-A DEUXFLEURS-TRUSTED-NET -s 2001:4b98:dc0:41:216:3eff:fe9b:1afb/128 -j DEUXFLEURS-TRUSTED-PORT
|
||||||
# Quentin@Rennes
|
# Quentin@Rennes
|
||||||
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e35:2fdc:dbe0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
||||||
|
# Erwan@Rennes
|
||||||
|
-A DEUXFLEURS-TRUSTED-NET -s 2a01:e0a:260:b5b0::0/64 -j DEUXFLEURS-TRUSTED-PORT
|
||||||
# Source address is not trusted
|
# Source address is not trusted
|
||||||
-A DEUXFLEURS-TRUSTED-NET -j RETURN
|
-A DEUXFLEURS-TRUSTED-NET -j RETURN
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue