jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity

Adjusted variables and docker-compose file to account for multitenancy setups.

Browse source
This commit is contained in:
Joschka Seydell 2020-11-30 13:38:06 -08:00
parent b8a2ca2af3
commit 87d2cd58ec
8 changed files with 35 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -18,6 +18,7 @@ Role Variables
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
| jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} |
| jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} |
| jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | |
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
@ -26,6 +27,8 @@ Role Variables
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
| jitsi_bridge_udp_port | Port for this instance's Jitsi Video Bridge | 10000 |
| jitsi_bridge_tcp_port | TCP fallback port for the Jitsi Video Bridge | 4443 |
| jitsi_jibri_recorder_password | Provide a secure password\* | |
| jitsi_jibri_recorder_user | | |
| jitsi_jibri_xmpp_password | | |

7
defaults/main.yml
View file

@ -2,10 +2,13 @@
# defaults file for jitsi
jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host
jitsi_install_path: '/home/{{ jitsi_install_user }}'
jitsi_multitenant_label:
#jitsi_letsencrypt_email:alice@host.tld
jitsi_enable_letsencrypt: no
jitsi_exposed_http_port: 8000
jitsi_exposed_https_port: 8443
jitsi_bridge_udp_port: 10000
jitsi_bridge_tcp_port: 4443
jitsi_virtual_host: localhost
jitsi_public_url: http://{{ jitsi_virtual_host }}
jitsi_timezone: Europe/Amsterdam
@ -13,4 +16,6 @@ jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
jitsi_web_channel_last_n: 3
jitsi_build_latest_image_from_source: yes
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git
jitsi_enable_third_party_requests: no
jitsi_enable_third_party_requests: no
# Internal variables
jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}"

2
tasks/main.yml
View file

@ -79,7 +79,7 @@
- assert:
that:
- "output.ansible_facts['web']['jitsi_web_1'].state.running"
- "output.ansible_facts['web']['jitsi{{ jitsi_multitenant_postfix }}_web_1'].state.running"
- name: "Test whether Jitsi is healthy from the outside"
when: not ansible_check_mode

28
templates/docker-compose.jitsi.yml.j2
View file

@ -38,20 +38,20 @@ services:
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
- "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_virtual_host }}`)"
- "traefik.http.routers.jitsi.entrypoints=websecure"
- "traefik.http.routers.jitsi.tls=true"
- "traefik.http.routers.jitsi.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.jitsi-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSPreload=true"
- "traefik.http.middlewares.jitsi-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
- "traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.jitsi.middlewares=jitsi-headers"
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.rule=Host(`{{ jitsi_virtual_host }}`)"
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.entrypoints=websecure"
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls=true"
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSPreload=true"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.middlewares=jitsi{{ jitsi_multitenant_postfix }}-headers"
networks:
public:
meet.jitsi:

10
templates/env.jitsi.j2
View file

@ -1,3 +1,9 @@
#
# Docker Compose configuration
#
# Project name for this Docker Compose setup
COMPOSE_PROJECT_NAME=jitsi{{ jitsi_multitenant_postfix }}
#
# Basic configuration options
#
@ -187,11 +193,11 @@ JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge
JVB_PORT=10000
JVB_PORT={{ jitsi_bridge_udp_port }}
# TCP Fallback for Jitsi Videobridge for when UDP isn't available
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443
JVB_TCP_PORT={{ jitsi_bridge_tcp_port }}
# A comma separated list of APIs to enable when the JVB is started. The default is none.
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information

1
templates/etherpad.yml
View file

@ -4,6 +4,7 @@ services:
# Etherpad: real-time collaborative document editing
etherpad:
image: jitsi/etherpad
restart: unless-stopped
networks:
meet.jitsi:
aliases:

1
templates/jibri.yml
View file

@ -3,6 +3,7 @@ version: '3'
services:
jibri:
image: jitsi/jibri
restart: unless-stopped
volumes:
- ${CONFIG}/jibri:/config
- /dev/shm:/dev/shm

1
templates/jigasi.yml
View file

@ -4,6 +4,7 @@ services:
# SIP gateway (audio)
jigasi:
image: jitsi/jigasi
restart: unless-stopped
ports:
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
volumes: