From 9183e360d8e0b1516af53f8d97b679bc2f0cbc7d Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Sun, 2 Oct 2022 22:27:12 +0200 Subject: [PATCH] Updated Jitsi to stable-7830; Addressed some config issues --- CHANGELOG.md | 8 + README.md | 3 +- defaults/main.yml | 3 +- templates/docker-compose.jitsi.yml.j2 | 89 +++++--- templates/env.jitsi.j2 | 288 +++++--------------------- templates/etherpad.yml | 5 +- templates/jibri.yml | 16 +- templates/jigasi.yml | 9 +- 8 files changed, 138 insertions(+), 283 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..75f3e79 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +## Changelog + +### stable-7830 + +* Updates all Docker Compose templates +* Adds `jitsi_jvb_advertise_ips`, which supports a comma separated list of IPs +* Content-Security-Policy now allows `base-uri 'self'` (instead of `none`) +* Fixed `jitsi_enable_letsencrypt` handling (please note: you will still have to uncomment `LETSENCRYPT_USE_STAGING=1` in the .env file/template if you only want to test Let's Encrypt) diff --git a/README.md b/README.md index a10e2d9..16b5f10 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,8 @@ Role Variables | jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes | | jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git | | *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set | -| jitsi_docker_host_address | | | +| jitsi_docker_host_address | | +| jitsi_jvb_advertise_ips | supports a comma separated list of IPs | | | | jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 | | jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no | | jitsi_exposed_http_port | Exposed container port for HTTP | 8000 | diff --git a/defaults/main.yml b/defaults/main.yml index 66d322e..bbc459b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,4 +12,5 @@ jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_web_channel_last_n: 3 jitsi_build_latest_image_from_source: yes jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git -jitsi_enable_third_party_requests: no \ No newline at end of file +jitsi_enable_third_party_requests: no +jitsi_jvb_advertise_ips: "{{ jitsi_docker_host_address }}" \ No newline at end of file diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index a6dcd48..a6ce02c 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -1,10 +1,10 @@ -version: '3' +version: '3.5' services: # Frontend web: - image: jitsi/web:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' - '${HTTPS_PORT}:443' @@ -16,8 +16,8 @@ services: - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS - ANALYTICS_WHITELISTED_EVENTS + - AUDIO_QUALITY_OPUS_BITRATE - BRANDING_DATA_URL - - BRIDGE_CHANNEL - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET @@ -40,8 +40,12 @@ services: - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS - DISABLE_KICKOUT + - DISABLE_LOCAL_RECORDING - DISABLE_POLLS + - DISABLE_PRIVATE_CHAT + - DISABLE_PROFILE - DISABLE_REACTIONS + - DISABLE_REMOTE_VIDEO_MENU - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - DYNAMIC_BRANDING_URL @@ -50,9 +54,8 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET - - ENABLE_FILE_RECORDING_SERVICE - - ENABLE_FILE_RECORDING_SERVICE_SHARING - - ENABLE_FLOC + - ENABLE_E2EPING + - ENABLE_FILE_RECORDING_SHARING - ENABLE_GUESTS - ENABLE_HSTS - ENABLE_HTTP_REDIRECT @@ -61,13 +64,19 @@ services: - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - ENABLE_NOISY_MIC_DETECTION + - ENABLE_OCTO + - ENABLE_OPUS_RED - ENABLE_PREJOIN_PAGE - ENABLE_P2P - ENABLE_WELCOME_PAGE - ENABLE_CLOSE_PAGE + - ENABLE_LIVESTREAMING + - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT + - ENABLE_LOCAL_RECORDING_SELF_START - ENABLE_RECORDING - ENABLE_REMB - ENABLE_REQUIRE_DISPLAY_NAME + - ENABLE_SERVICE_RECORDING - ENABLE_SIMULCAST - ENABLE_STATS_ID - ENABLE_STEREO @@ -76,11 +85,18 @@ services: - ENABLE_TCC - ENABLE_TRANSCRIPTIONS - ENABLE_XMPP_WEBSOCKET + - ENABLE_JAAS_COMPONENTS + - ENABLE_MULTI_STREAM - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE + - E2EPING_NUM_REQUESTS + - E2EPING_MAX_CONFERENCE_SIZE + - E2EPING_MAX_MESSAGE_PER_SECOND - GOOGLE_ANALYTICS_ID - GOOGLE_API_APP_CLIENT_ID - HIDE_PREMEETING_BUTTONS + - HIDE_PREJOIN_DISPLAY_NAME + - HIDE_PREJOIN_EXTRA_BUTTONS - INVITE_SERVICE_URL - JICOFO_AUTH_USER - LETSENCRYPT_DOMAIN @@ -128,6 +144,7 @@ services: - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN + - XMPP_PORT labels: traefik.enable: true traefik.docker.network: traefik_public @@ -143,7 +160,7 @@ services: traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true traefik.http.middlewares.jitsi-headers.headers.STSPreload: true traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none' - traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content + traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content traefik.http.routers.jitsi.middlewares: jitsi-headers networks: public: @@ -153,10 +170,10 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} expose: - - '5222' + - '${XMPP_PORT:-5222}' - '5347' - '5280' volumes: @@ -168,9 +185,19 @@ services: - ENABLE_AUTH - ENABLE_AV_MODERATION - ENABLE_BREAKOUT_ROOMS + - ENABLE_END_CONFERENCE - ENABLE_GUESTS + - ENABLE_IPV6 - ENABLE_LOBBY + - ENABLE_RECORDING - ENABLE_XMPP_WEBSOCKET + - ENABLE_JAAS_COMPONENTS + - GC_TYPE + - GC_INC_TH + - GC_INC_SPEED + - GC_INC_STEP_SIZE + - GC_GEN_MIN_TH + - GC_GEN_MAX_TH - GLOBAL_CONFIG - GLOBAL_MODULES - JIBRI_RECORDER_USER @@ -191,7 +218,12 @@ services: - JWT_ASAP_KEYSERVER - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE + - JWT_ENABLE_DOMAIN_VERIFICATION - JWT_TOKEN_AUTH_MODULE + - MATRIX_UVS_URL + - MATRIX_UVS_ISSUER + - MATRIX_UVS_AUTH_TOKEN + - MATRIX_UVS_SYNC_POWER_LEVELS - LOG_LEVEL - LDAP_AUTH_METHOD - LDAP_BASE @@ -206,6 +238,9 @@ services: - LDAP_START_TLS - LDAP_URL - LDAP_USE_TLS + - MAX_PARTICIPANTS + - PROSODY_RESERVATION_ENABLED + - PROSODY_RESERVATION_REST_BASE_URL - PUBLIC_URL - TURN_CREDENTIALS - TURN_HOST @@ -220,18 +255,19 @@ services: - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MODULES - XMPP_MUC_MODULES + - XMPP_MUC_CONFIGURATION - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - - XMPP_CROSS_DOMAIN + - XMPP_PORT networks: meet.jitsi: aliases: - - ${XMPP_SERVER} + - ${XMPP_SERVER:-xmpp.meet.jitsi} # Focus component jicofo: - image: jitsi/jicofo:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jicofo:/config:Z environment: @@ -254,8 +290,6 @@ services: - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT - JICOFO_ENABLE_HEALTH_CHECKS - JICOFO_SHORT_ID - - JICOFO_RESERVATION_ENABLED - - JICOFO_RESERVATION_REST_BASE_URL - JIBRI_BREWERY_MUC - JIBRI_REQUEST_RETRIES - JIBRI_PENDING_TIMEOUT @@ -274,6 +308,7 @@ services: - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER + - XMPP_PORT depends_on: - prosody networks: @@ -281,31 +316,30 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} ports: - - '${JVB_PORT}:${JVB_PORT}/udp' - - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' + - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' + - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080' volumes: - ${CONFIG}/jvb:/config:Z environment: - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET - ENABLE_OCTO + - ENABLE_MULTI_STREAM + - JVB_ADVERTISE_IPS + - JVB_ADVERTISE_PRIVATE_CANDIDATES - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - #- JVB_ENABLE_APIS + - JVB_DISABLE_STUN - JVB_PORT - JVB_MUC_NICKNAME - - JVB_TCP_HARVESTER_DISABLED - - JVB_TCP_PORT - - JVB_TCP_MAPPED_PORT - JVB_STUN_SERVERS - JVB_OCTO_BIND_ADDRESS - - JVB_OCTO_PUBLIC_ADDRESS - - JVB_OCTO_BIND_PORT - JVB_OCTO_REGION + - JVB_OCTO_RELAY_ID - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - PUBLIC_URL @@ -318,6 +352,7 @@ services: - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER + - XMPP_PORT depends_on: - prosody networks: diff --git a/templates/env.jitsi.j2 b/templates/env.jitsi.j2 index ebbec30..b0a2292 100644 --- a/templates/env.jitsi.j2 +++ b/templates/env.jitsi.j2 @@ -1,28 +1,14 @@ # shellcheck disable=SC2034 -# Security +################################################################################ +################################################################################ +# Welcome to the Jitsi Meet Docker setup! # -# Set these to strong passwords to avoid intruders from impersonating a service account -# The service(s) won't start unless these are specified -# Running ./gen-passwords.sh will update .env with strong passwords -# You may skip the Jigasi and Jibri passwords if you are not using those -# DO NOT reuse passwords -# - -# XMPP password for Jicofo client connections -JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }} - -# XMPP password for JVB client connections -JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }} - -# XMPP password for Jigasi MUC client connections -JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }} - -# XMPP recorder password for Jibri client connections -JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }} - -# XMPP password for Jibri client connections -JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }} +# This sample .env file contains some basic options to get you started. +# The full options reference can be found here: +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker +################################################################################ +################################################################################ # @@ -45,34 +31,25 @@ TZ={{ jitsi_timezone }} PUBLIC_URL={{ jitsi_public_url }} VIRTUAL_HOST={{ jitsi_virtual_host }} -# IP address of the Docker host -# See the "Running behind NAT or on a LAN environment" section in the Handbook: -# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment +# IP address of the Docker host. See the "Running on a LAN environment" section +# in the README. DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }} -# Control whether the lobby feature should be enabled or not -#ENABLE_LOBBY=1 +# Media IP addresses to advertise by the JVB +# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs +# See the "Running behind NAT or on a LAN environment" section in the Handbook: +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment +#JVB_ADVERTISE_IPS={{ jitsi_jvb_advertise_ips }} -# Control whether the A/V moderation should be enabled or not -#ENABLE_AV_MODERATION=1 +JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }} -# Show a prejoin page before entering a conference -#ENABLE_PREJOIN_PAGE=0 +# +# JaaS Components (beta) +# https://jaas.8x8.vc +# -# Enable the welcome page -#ENABLE_WELCOME_PAGE=1 - -# Enable the close page -#ENABLE_CLOSE_PAGE=0 - -# Disable measuring of audio levels -#DISABLE_AUDIO_LEVELS=0 - -# Enable noisy mic detection -#ENABLE_NOISY_MIC_DETECTION=1 - -# Enable breakout rooms -#ENABLE_BREAKOUT_ROOMS=1 +# Enable JaaS Components (hosted Jigasi) +#ENABLE_JAAS_COMPONENTS=0 {% if jitsi_enable_letsencrypt %} # @@ -80,7 +57,7 @@ DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }} # # Enable Let's Encrypt certificate generation. -ENABLE_LETSENCRYPT=0 +ENABLE_LETSENCRYPT=1 # Domain for which to generate the certificate. LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }} @@ -88,6 +65,9 @@ LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }} # E-Mail for receiving important account notifications (mandatory). LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }} +# Use the staging server (for avoiding rate limits while testing) +#LETSENCRYPT_USE_STAGING=1 + {% endif -%} # @@ -132,6 +112,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # SIP server transport #JIGASI_SIP_TRANSPORT=UDP + # # Authentication configuration (see handbook for details) # @@ -142,7 +123,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # Enable guest access #ENABLE_GUESTS=1 -# Select authentication type: internal, jwt or ldap +# Select authentication type: internal, jwt, ldap or matrix #AUTH_TYPE=internal # JWT authentication @@ -160,7 +141,6 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # (Optional) Set asap_accepted_audiences as a comma separated list #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 - # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) # @@ -208,207 +188,37 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # -# Advanced configuration options (you generally don't need to change these) +# Security +# +# Set these to strong passwords to avoid intruders from impersonating a service account +# The service(s) won't start unless these are specified +# Running ./gen-passwords.sh will update .env with strong passwords +# You may skip the Jigasi and Jibri passwords if you are not using those +# DO NOT reuse passwords # -# Internal XMPP domain -XMPP_DOMAIN=meet.jitsi +# XMPP password for Jicofo client connections +JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }} -# Internal XMPP server -XMPP_SERVER=xmpp.meet.jitsi +# XMPP password for JVB client connections +JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }} -# Internal XMPP server URL -XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 +# XMPP password for Jigasi MUC client connections +JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }} -# Internal XMPP domain for authenticated services -XMPP_AUTH_DOMAIN=auth.meet.jitsi +# XMPP recorder password for Jibri client connections +JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }} -# XMPP domain for the MUC -XMPP_MUC_DOMAIN=muc.meet.jitsi +# XMPP password for Jibri client connections +JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }} -# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools -XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi - -# XMPP domain for unauthenticated users -XMPP_GUEST_DOMAIN=guest.meet.jitsi - -# Comma separated list of domains for cross domain policy or "true" to allow all -# The PUBLIC_URL is always allowed -#XMPP_CROSS_DOMAIN=true - -# Custom Prosody modules for XMPP_DOMAIN (comma separated) -XMPP_MODULES= - -# Custom Prosody modules for MUC component (comma separated) -XMPP_MUC_MODULES= - -# Custom Prosody modules for internal MUC component (comma separated) -XMPP_INTERNAL_MUC_MODULES= - -# MUC for the JVB pool -JVB_BREWERY_MUC=jvbbrewery - -# XMPP user for JVB client connections -JVB_AUTH_USER={{ jitsi_jvb_auth_user }} - -# STUN servers used to discover the server's public IP -JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }} - -# Media port for the Jitsi Videobridge -JVB_PORT=10000 - -# TCP Fallback for Jitsi Videobridge for when UDP isn't available -JVB_TCP_HARVESTER_DISABLED=true -JVB_TCP_PORT=4443 -JVB_TCP_MAPPED_PORT=4443 - -# XMPP user for Jicofo client connections. -# NOTE: this option doesn't currently work due to a bug -JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }} - -# Base URL of Jicofo's reservation REST API -#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com - -# Enable Jicofo's health check REST API (http://:8888/about/health) -#JICOFO_ENABLE_HEALTH_CHECKS=true - -# XMPP user for Jigasi MUC client connections -JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }} - -# MUC name for the Jigasi pool -JIGASI_BREWERY_MUC=jigasibrewery - -# Minimum port for media used by Jigasi -JIGASI_PORT_MIN=20000 - -# Maximum port for media used by Jigasi -JIGASI_PORT_MAX=20050 - -# Enable SDES srtp -#JIGASI_ENABLE_SDES_SRTP=1 - -# Keepalive method -#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS - -# Health-check extension -#JIGASI_HEALTH_CHECK_SIP_URI=keepalive - -# Health-check interval -#JIGASI_HEALTH_CHECK_INTERVAL=300000 # -# Enable Jigasi transcription -#ENABLE_TRANSCRIPTIONS=1 - -# Jigasi will record audio when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_RECORD_AUDIO=true - -# Jigasi will send transcribed text to the chat when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_SEND_TXT=true - -# Jigasi will post an url to the chat with transcription file [default: false] -#JIGASI_TRANSCRIBER_ADVERTISE_URL=true - -# Credentials for connect to Cloud Google API from Jigasi -# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" paragraph 1 to 5 -# Copy the values from the json to the related env vars -#GC_PROJECT_ID= -#GC_PRIVATE_KEY_ID= -#GC_PRIVATE_KEY= -#GC_CLIENT_EMAIL= -#GC_CLIENT_ID= -#GC_CLIENT_CERT_URL= - -# Enable recording -#ENABLE_RECORDING=1 - -# XMPP domain for the jibri recorder -XMPP_RECORDER_DOMAIN=recorder.meet.jitsi - -# XMPP recorder user for Jibri client connections -JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }} - -# Directory for recordings inside Jibri container -JIBRI_RECORDING_DIR=/config/recordings - -# The finalizing script. Will run after recording is complete -#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh - -# XMPP user for Jibri client connections -JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }} - -# MUC name for the Jibri pool -JIBRI_BREWERY_MUC=jibribrewery - -# MUC connection timeout -JIBRI_PENDING_TIMEOUT=90 - -# When jibri gets a request to start a service for a room, the room -# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain -# We'll build the url for the call by transforming that into: -# https://xmpp_domain/subdomain/roomName -# So if there are any prefixes in the jid (like jitsi meet, which -# has its participants join a muc at conference.xmpp_domain) then -# list that prefix here so it can be stripped out to generate -# the call url correctly -JIBRI_STRIP_DOMAIN_JID=muc - -# Directory for logs inside Jibri container -JIBRI_LOGS_DIR=/config/logs - -# Configure an external TURN server -# TURN_CREDENTIALS=secret -# TURN_HOST=turnserver.example.com -# TURN_PORT=443 -# TURNS_HOST=turnserver.example.com -# TURNS_PORT=443 - -# Disable HTTPS: handle TLS connections outside of this setup -#DISABLE_HTTPS=1 - -# Enable FLoC -# Opt-In to Federated Learning of Cohorts tracking -#ENABLE_FLOC=0 - -# Redirect HTTP traffic to HTTPS -# Necessary for Let's Encrypt, relies on standard HTTPS port (443) -#ENABLE_HTTP_REDIRECT=1 - -# Send a `strict-transport-security` header to force browsers to use -# a secure and trusted connection. Recommended for production use. -# Defaults to 1 (send the header). -# ENABLE_HSTS=1 - -# Enable IPv6 -# Provides means to disable IPv6 in environments that don't support it (get with the times, people!) -#ENABLE_IPV6=1 +# Docker Compose options +# # Container restart policy # Defaults to unless-stopped RESTART_POLICY=unless-stopped -# Authenticate using external service or just focus external auth window if there is one already. -# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} - -# Sentry Error Tracking -# Sentry Data Source Name (Endpoint for Sentry project) -# Example: https://public:private@host:port/1 -#JVB_SENTRY_DSN= -#JICOFO_SENTRY_DSN= -#JIGASI_SENTRY_DSN= - -# Optional environment info to filter events -#SENTRY_ENVIRONMENT=production - -# Optional release info to filter events -#SENTRY_RELEASE=1.0.0 - -# Optional properties for shutdown api -#COLIBRI_REST_ENABLED=true -#SHUTDOWN_REST_ENABLED=true - -# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma) -#TOOLBAR_BUTTONS= - -# Hide the buttons at pre-join screen. Add the buttons name separated with comma -#HIDE_PREMEETING_BUTTONS= +# Jitsi image version (useful for local development) +#JITSI_IMAGE_VERSION=latest diff --git a/templates/etherpad.yml b/templates/etherpad.yml index bab9378..49f9be0 100644 --- a/templates/etherpad.yml +++ b/templates/etherpad.yml @@ -1,10 +1,10 @@ -version: '3' +version: '3.5' services: # Etherpad: real-time collaborative document editing etherpad: image: etherpad/etherpad:1.8.6 - restart: ${RESTART_POLICY} + restart: ${RESTART_POLICY:-unless-stopped} environment: - TITLE=${ETHERPAD_TITLE} - DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT} @@ -14,3 +14,4 @@ services: meet.jitsi: aliases: - etherpad.meet.jitsi + diff --git a/templates/jibri.yml b/templates/jibri.yml index e51af2a..826797d 100644 --- a/templates/jibri.yml +++ b/templates/jibri.yml @@ -1,23 +1,18 @@ -version: '3' +version: '3.5' services: jibri: - image: jitsi/jibri:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z - - /dev/shm:/dev/shm + shm_size: '2gb' cap_add: - SYS_ADMIN - - NET_BIND_SERVICE - devices: - - /dev/snd:/dev/snd environment: - CHROMIUM_FLAGS - DISPLAY=:0 - ENABLE_STATS_D - - JIBRI_FFMPEG_AUDIO_SOURCE - - JIBRI_FFMPEG_AUDIO_DEVICE - JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_RECORDING_RESOLUTION @@ -30,14 +25,15 @@ services: - JIBRI_RECORDING_DIR - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - JIBRI_STRIP_DOMAIN_JID - - JIBRI_LOGS_DIR - PUBLIC_URL - TZ - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER + - XMPP_PORT - XMPP_TRUST_ALL_CERTS depends_on: - jicofo diff --git a/templates/jigasi.yml b/templates/jigasi.yml index ef8f0d6..d6cb0e2 100644 --- a/templates/jigasi.yml +++ b/templates/jigasi.yml @@ -3,10 +3,10 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-6865 - restart: ${RESTART_POLICY} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-7830} + restart: ${RESTART_POLICY:-unless-stopped} ports: - - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' + - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' volumes: - ${CONFIG}/jigasi:/config:Z - ${CONFIG}/transcripts:/tmp/transcripts:Z @@ -18,8 +18,10 @@ services: - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER + - XMPP_PORT - XMPP_DOMAIN - PUBLIC_URL + - JIGASI_DISABLE_SIP - JIGASI_SIP_URI - JIGASI_SIP_PASSWORD - JIGASI_SIP_SERVER @@ -53,3 +55,4 @@ services: - prosody networks: meet.jitsi: +