diff --git a/README.md b/README.md index d757a81..d0498a3 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Role Variables | --------------------------- | ------------------------------------------------------------------------------- | ------------------ | | jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} | | jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} | +| jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | | | jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes | | jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git | | *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set | @@ -27,6 +28,8 @@ Role Variables | jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no | | jitsi_exposed_http_port | Exposed container port for HTTP | 8000 | | jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 | +| jitsi_bridge_udp_port | Port for this instance's Jitsi Video Bridge | 10000 | +| jitsi_bridge_tcp_port | TCP fallback port for the Jitsi Video Bridge | 4443 | | jitsi_jibri_recorder_password | Provide a secure password\* | | | jitsi_jibri_recorder_user | | | | jitsi_jibri_xmpp_password | | | diff --git a/defaults/main.yml b/defaults/main.yml index 0ba41b5..4a6a90a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,10 +4,15 @@ docker_user: deploy jitsi_image_version: stable-8960-1 jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host jitsi_install_path: '/home/{{ jitsi_install_user }}' +jitsi_multitenant_label: +jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}" + #jitsi_letsencrypt_email:alice@host.tld jitsi_enable_letsencrypt: no jitsi_exposed_http_port: 8000 jitsi_exposed_https_port: 8443 +jitsi_bridge_udp_port: 10000 +jitsi_bridge_tcp_port: 4443 jitsi_virtual_host: localhost jitsi_public_url: http://{{ jitsi_virtual_host }} jitsi_timezone: Europe/Amsterdam diff --git a/tasks/main.yml b/tasks/main.yml index ed00af9..4ea3e98 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -79,7 +79,7 @@ - assert: that: - - "output.services['web']['jitsi_web_1'].state.running" + - "output.services['web']['jitsi{{ jitsi_multitenant_postfix }}_web_1'].state.running" - name: "Config: Set channelLastN" lineinfile: diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index f576462..a301dad 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -156,20 +156,20 @@ services: labels: traefik.enable: true traefik.docker.network: traefik_public - traefik.http.routers.jitsi.rule: Host(`{{ jitsi_virtual_host }}`) - traefik.http.routers.jitsi.entrypoints: websecure - traefik.http.routers.jitsi.tls: true - traefik.http.routers.jitsi.tls.certresolver: defaultresolver - traefik.http.middlewares.jitsi-headers.headers.SSLRedirect: true - traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter: true - traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff: true - traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader: true - traefik.http.middlewares.jitsi-headers.headers.STSSeconds: 315360000 - traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true - traefik.http.middlewares.jitsi-headers.headers.STSPreload: true - traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none' - traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content - traefik.http.routers.jitsi.middlewares: jitsi-headers + traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.rule: Host(`{{ jitsi_virtual_host }}`) + traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.entrypoints: websecure + traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls: true + traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls.certresolver: defaultresolver + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.SSLRedirect: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.browserXSSFilter: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentTypeNosniff: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.forceSTSHeader: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSSeconds: 315360000 + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSIncludeSubdomains: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSPreload: true + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.featurePolicy: geolocation 'none'; payment 'none' + traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content + traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.middlewares: jitsi{{ jitsi_multitenant_postfix }}-headers networks: public: meet.jitsi: diff --git a/templates/env.jitsi.j2 b/templates/env.jitsi.j2 index 0f30bf2..10fccd6 100644 --- a/templates/env.jitsi.j2 +++ b/templates/env.jitsi.j2 @@ -11,6 +11,12 @@ ################################################################################ +# +# Docker Compose configuration +# +# Project name for this Docker Compose setup +COMPOSE_PROJECT_NAME=jitsi{{ jitsi_multitenant_postfix }} + # # Basic configuration options #