diff --git a/defaults/main.yml b/defaults/main.yml index bbc459b..4c4bea9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,7 @@ --- # defaults file for jitsi docker_user: deploy +jitsi_image_version: stable-8960-1 #jitsi_letsencrypt_email:alice@host.tld jitsi_enable_letsencrypt: no jitsi_exposed_http_port: 8000 @@ -8,9 +9,20 @@ jitsi_exposed_https_port: 8443 jitsi_virtual_host: localhost jitsi_public_url: http://{{ jitsi_virtual_host }} jitsi_timezone: Europe/Amsterdam -jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_web_channel_last_n: 3 jitsi_build_latest_image_from_source: yes jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git jitsi_enable_third_party_requests: no -jitsi_jvb_advertise_ips: "{{ jitsi_docker_host_address }}" \ No newline at end of file +jitsi_jvb_advertise_ips: "{{ jitsi_docker_host_address }}" + +jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 +jitsi_jvb_port: 10000 +jitsi_jvb_tcp_port: 4443 +jitsi_jvb_tcp_mapped_port: 4443 + + +# jitsi_turn_credentials: +# jitsi_turn_host: +jitsi_turn_port: 3478 +# jitsi_turns_host: +jitsi_turns_port: 5349 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index df582f2..4cb9289 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -81,21 +81,6 @@ that: - "output.services['web']['jitsi_web_1'].state.running" -- name: "Test whether Jitsi is healthy from the outside" - when: not ansible_check_mode - become: false - uri: - url: https://{{ jitsi_virtual_host }} - return_content: yes - timeout: 300 - validate_certs: no - register: url_check - delegate_to: localhost - until: "'Jitsi Meet' in url_check.content" - retries: 5 - delay: 10 - tags: health - - name: "Config: Set channelLastN" lineinfile: path: /home/{{ docker_user }}/jitsi/conf/web/config.js @@ -113,3 +98,17 @@ when: jitsi_enable_third_party_requests == False tags: config +- name: "Test whether Jitsi is healthy from the outside" + when: not ansible_check_mode + become: false + uri: + url: "{{ jitsi_public_url }}" + return_content: yes + timeout: 300 + validate_certs: no + register: url_check + delegate_to: localhost + until: "'<title>Jitsi Meet' in url_check.content" + retries: 5 + delay: 10 + tags: health diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index a6ce02c..e63e39e 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7830} + image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -17,11 +17,13 @@ services: - ANALYTICS_SCRIPT_URLS - ANALYTICS_WHITELISTED_EVENTS - AUDIO_QUALITY_OPUS_BITRATE + - AUTO_CAPTION_ON_RECORD - BRANDING_DATA_URL - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON + - COLIBRI_WEBSOCKET_PORT - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEFAULT_LANGUAGE @@ -46,6 +48,7 @@ services: - DISABLE_PROFILE - DISABLE_REACTIONS - DISABLE_REMOTE_VIDEO_MENU + - DISABLE_START_FOR_ALL - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - DYNAMIC_BRANDING_URL @@ -71,6 +74,10 @@ services: - ENABLE_WELCOME_PAGE - ENABLE_CLOSE_PAGE - ENABLE_LIVESTREAMING + - ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK + - ENABLE_LIVESTREAMING_HELP_LINK + - ENABLE_LIVESTREAMING_TERMS_LINK + - ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT - ENABLE_LOCAL_RECORDING_SELF_START - ENABLE_RECORDING @@ -86,7 +93,6 @@ services: - ENABLE_TRANSCRIPTIONS - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - - ENABLE_MULTI_STREAM - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE - E2EPING_NUM_REQUESTS @@ -98,10 +104,6 @@ services: - HIDE_PREJOIN_DISPLAY_NAME - HIDE_PREJOIN_EXTRA_BUTTONS - INVITE_SERVICE_URL - - JICOFO_AUTH_USER - - LETSENCRYPT_DOMAIN - - LETSENCRYPT_EMAIL - - LETSENCRYPT_USE_STAGING - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID @@ -109,6 +111,7 @@ services: - NGINX_WORKER_PROCESSES - NGINX_WORKER_CONNECTIONS - PEOPLE_SEARCH_URL + - PREFERRED_LANGUAGE - PUBLIC_URL - P2P_PREFERRED_CODEC - RESOLUTION @@ -126,7 +129,10 @@ services: - TESTING_OCTO_PROBABILITY - TOKEN_AUTH_URL - TOOLBAR_BUTTONS + - TRANSLATION_LANGUAGES + - TRANSLATION_LANGUAGES_HEAD - TZ + - USE_APP_LANGUAGE - VIDEOQUALITY_BITRATE_H264_LOW - VIDEOQUALITY_BITRATE_H264_STANDARD - VIDEOQUALITY_BITRATE_H264_HIGH @@ -145,6 +151,8 @@ services: - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_PORT + - WHITEBOARD_ENABLED + - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL labels: traefik.enable: true traefik.docker.network: traefik_public @@ -165,12 +173,10 @@ services: networks: public: meet.jitsi: - aliases: - - ${XMPP_DOMAIN} # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7830} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -204,7 +210,6 @@ services: - JIBRI_RECORDER_PASSWORD - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD - JICOFO_COMPONENT_SECRET - JIGASI_XMPP_USER @@ -239,14 +244,22 @@ services: - LDAP_URL - LDAP_USE_TLS - MAX_PARTICIPANTS + - PROSODY_AUTH_TYPE - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL + - PROSODY_ENABLE_RATE_LIMITS + - PROSODY_RATE_LIMIT_LOGIN_RATE + - PROSODY_RATE_LIMIT_SESSION_RATE + - PROSODY_RATE_LIMIT_TIMEOUT + - PROSODY_RATE_LIMIT_ALLOW_RANGES + - PROSODY_RATE_LIMIT_CACHE_SIZE - PUBLIC_URL - TURN_CREDENTIALS - TURN_HOST - TURNS_HOST - TURN_PORT - TURNS_PORT + - TURN_TRANSPORT - TZ - XMPP_DOMAIN - XMPP_AUTH_DOMAIN @@ -266,8 +279,10 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7830} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} + ports: + - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' volumes: - ${CONFIG}/jicofo:/config:Z environment: @@ -279,23 +294,40 @@ services: - ENABLE_CODEC_VP8 - ENABLE_CODEC_VP9 - ENABLE_CODEC_H264 + - ENABLE_CODEC_OPUS_RED + - ENABLE_JVB_XMPP_SERVER - ENABLE_OCTO - ENABLE_RECORDING - ENABLE_SCTP - ENABLE_AUTO_LOGIN - - JICOFO_AUTH_USER + - JICOFO_AUTH_LIFETIME - JICOFO_AUTH_PASSWORD + - JICOFO_AUTH_TYPE + - JICOFO_BRIDGE_REGION_GROUPS + - JICOFO_ENABLE_AUTH - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT + - JICOFO_CONF_SOURCE_SIGNALING_DELAYS + - JICOFO_CONF_MAX_AUDIO_SENDERS + - JICOFO_CONF_MAX_VIDEO_SENDERS + - JICOFO_CONF_STRIP_SIMULCAST + - JICOFO_CONF_SSRC_REWRITING - JICOFO_ENABLE_HEALTH_CHECKS - - JICOFO_SHORT_ID + - JICOFO_ENABLE_REST + - JICOFO_HEALTH_CHECKS_USE_PRESENCE + - JICOFO_MULTI_STREAM_BACKWARD_COMPAT + - JICOFO_OCTO_REGION - JIBRI_BREWERY_MUC - JIBRI_REQUEST_RETRIES - JIBRI_PENDING_TIMEOUT - JIGASI_BREWERY_MUC - JIGASI_SIP_URI - JVB_BREWERY_MUC + - JVB_XMPP_AUTH_DOMAIN + - JVB_XMPP_INTERNAL_MUC_DOMAIN + - JVB_XMPP_PORT + - JVB_XMPP_SERVER - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" @@ -316,18 +348,19 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7830} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' + - '${JVB_TCP_MAPPED_PORT:-4443}:${JVB_TCP_PORT:-4443}' - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080' volumes: - ${CONFIG}/jvb:/config:Z environment: - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_JVB_XMPP_SERVER - ENABLE_OCTO - - ENABLE_MULTI_STREAM - JVB_ADVERTISE_IPS - JVB_ADVERTISE_PRIVATE_CANDIDATES - JVB_AUTH_USER @@ -342,6 +375,10 @@ services: - JVB_OCTO_RELAY_ID - JVB_WS_DOMAIN - JVB_WS_SERVER_ID + - JVB_XMPP_AUTH_DOMAIN + - JVB_XMPP_INTERNAL_MUC_DOMAIN + - JVB_XMPP_PORT + - JVB_XMPP_SERVER - PUBLIC_URL - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT diff --git a/templates/env.jitsi.j2 b/templates/env.jitsi.j2 index b0a2292..0f30bf2 100644 --- a/templates/env.jitsi.j2 +++ b/templates/env.jitsi.j2 @@ -39,16 +39,35 @@ DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }} # This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs # See the "Running behind NAT or on a LAN environment" section in the Handbook: # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment -#JVB_ADVERTISE_IPS={{ jitsi_jvb_advertise_ips }} +JVB_ADVERTISE_IPS={{ jitsi_jvb_advertise_ips }} JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }} +# Media port for the Jitsi Videobridge +JVB_PORT={{ jitsi_jvb_port }} + +# TCP Fallback for Jitsi Videobridge for when UDP isn't available +JVB_TCP_HARVESTER_DISABLED=true +JVB_TCP_PORT={{ jitsi_jvb_tcp_port }} +JVB_TCP_MAPPED_PORT={{ jitsi_jvb_tcp_mapped_port }} + +# A comma separated list of APIs to enable when the JVB is started [default: none] +# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information +JVB_ENABLE_APIS=rest,colibri + +TURN_CREDENTIALS={{ jitsi_turn_credentials }} +TURNS_HOST={{ jitsi_turns_host }} +TURNS_PORT={{ jitsi_turns_port }} +TURN_HOST={{ jitsi_turn_host }} +TURN_PORT={{ jitsi_turn_port }} + # # JaaS Components (beta) # https://jaas.8x8.vc # # Enable JaaS Components (hosted Jigasi) +# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL #ENABLE_JAAS_COMPONENTS=0 {% if jitsi_enable_letsencrypt %} @@ -221,4 +240,7 @@ JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }} RESTART_POLICY=unless-stopped # Jitsi image version (useful for local development) -#JITSI_IMAGE_VERSION=latest +JITSI_IMAGE_VERSION={{ jitsi_image_version }} + +# https://github.com/jitsi/docker-jitsi-meet/issues/1566#issuecomment-1609404560 +JVB_DISABLE_STUN=true \ No newline at end of file