jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity

Updated Jitsi to stable-7830; Addressed some config issues

Browse source
This commit is contained in:
Jan Beilicke 2022-10-02 22:27:12 +02:00
parent 80cd68a5c4
commit 9183e360d8
8 changed files with 138 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGELOG.md Normal file
View file

@ -0,0 +1,8 @@
## Changelog
### stable-7830
* Updates all Docker Compose templates
* Adds `jitsi_jvb_advertise_ips`, which supports a comma separated list of IPs
* Content-Security-Policy now allows `base-uri 'self'` (instead of `none`)
* Fixed `jitsi_enable_letsencrypt` handling (please note: you will still have to uncomment `LETSENCRYPT_USE_STAGING=1` in the .env file/template if you only want to test Let's Encrypt)

3
README.md
View file

@ -20,7 +20,8 @@ Role Variables
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes | | jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git | | jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set | | *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
| jitsi_docker_host_address | | | | jitsi_docker_host_address | |
| jitsi_jvb_advertise_ips | supports a comma separated list of IPs | | |
| jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 | | jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 |
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no | | jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 | | jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |

3
defaults/main.yml
View file

@ -12,4 +12,5 @@ jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
jitsi_web_channel_last_n: 3 jitsi_web_channel_last_n: 3
jitsi_build_latest_image_from_source: yes jitsi_build_latest_image_from_source: yes
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git
jitsi_enable_third_party_requests: no jitsi_enable_third_party_requests: no
jitsi_jvb_advertise_ips: "{{ jitsi_docker_host_address }}"

89
templates/docker-compose.jitsi.yml.j2
View file

@ -1,10 +1,10 @@
version: '3' version: '3.5'
services: services:
# Frontend # Frontend
web: web:
image: jitsi/web:stable-6865 image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
ports: ports:
- '${HTTP_PORT}:80' - '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443' - '${HTTPS_PORT}:443'
@ -16,8 +16,8 @@ services:
- AMPLITUDE_ID - AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS - ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS - ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- BRANDING_DATA_URL - BRANDING_DATA_URL
- BRIDGE_CHANNEL
- CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID - CALLSTATS_ID
- CALLSTATS_SECRET - CALLSTATS_SECRET
@ -40,8 +40,12 @@ services:
- DISABLE_GRANT_MODERATOR - DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS - DISABLE_HTTPS
- DISABLE_KICKOUT - DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS - DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS - DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DROPBOX_APPKEY - DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI - DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL - DYNAMIC_BRANDING_URL
@ -50,9 +54,8 @@ services:
- ENABLE_BREAKOUT_ROOMS - ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR - ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET - ENABLE_COLIBRI_WEBSOCKET
- ENABLE_FILE_RECORDING_SERVICE - ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SERVICE_SHARING - ENABLE_FILE_RECORDING_SHARING
- ENABLE_FLOC
- ENABLE_GUESTS - ENABLE_GUESTS
- ENABLE_HSTS - ENABLE_HSTS
- ENABLE_HTTP_REDIRECT - ENABLE_HTTP_REDIRECT
@ -61,13 +64,19 @@ services:
- ENABLE_LIPSYNC - ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION - ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION - ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE - ENABLE_PREJOIN_PAGE
- ENABLE_P2P - ENABLE_P2P
- ENABLE_WELCOME_PAGE - ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE - ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING - ENABLE_RECORDING
- ENABLE_REMB - ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME - ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST - ENABLE_SIMULCAST
- ENABLE_STATS_ID - ENABLE_STATS_ID
- ENABLE_STEREO - ENABLE_STEREO
@ -76,11 +85,18 @@ services:
- ENABLE_TCC - ENABLE_TCC
- ENABLE_TRANSCRIPTIONS - ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET - ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ENABLE_MULTI_STREAM
- ETHERPAD_PUBLIC_URL - ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE - ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID - GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID - GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS - HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL - INVITE_SERVICE_URL
- JICOFO_AUTH_USER - JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN - LETSENCRYPT_DOMAIN
@ -128,6 +144,7 @@ services:
- XMPP_GUEST_DOMAIN - XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN - XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_PORT
labels: labels:
traefik.enable: true traefik.enable: true
traefik.docker.network: traefik_public traefik.docker.network: traefik_public
@ -143,7 +160,7 @@ services:
traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true
traefik.http.middlewares.jitsi-headers.headers.STSPreload: true traefik.http.middlewares.jitsi-headers.headers.STSPreload: true
traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none' traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none'
traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content
traefik.http.routers.jitsi.middlewares: jitsi-headers traefik.http.routers.jitsi.middlewares: jitsi-headers
networks: networks:
public: public:
@ -153,10 +170,10 @@ services:
# XMPP server # XMPP server
prosody: prosody:
image: jitsi/prosody:stable-6865 image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
expose: expose:
- '5222' - '${XMPP_PORT:-5222}'
- '5347' - '5347'
- '5280' - '5280'
volumes: volumes:
@ -168,9 +185,19 @@ services:
- ENABLE_AUTH - ENABLE_AUTH
- ENABLE_AV_MODERATION - ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS - ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS - ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY - ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_XMPP_WEBSOCKET - ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG - GLOBAL_CONFIG
- GLOBAL_MODULES - GLOBAL_MODULES
- JIBRI_RECORDER_USER - JIBRI_RECORDER_USER
@ -191,7 +218,12 @@ services:
- JWT_ASAP_KEYSERVER - JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY - JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE - JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_TOKEN_AUTH_MODULE - JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- LOG_LEVEL - LOG_LEVEL
- LDAP_AUTH_METHOD - LDAP_AUTH_METHOD
- LDAP_BASE - LDAP_BASE
@ -206,6 +238,9 @@ services:
- LDAP_START_TLS - LDAP_START_TLS
- LDAP_URL - LDAP_URL
- LDAP_USE_TLS - LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PUBLIC_URL - PUBLIC_URL
- TURN_CREDENTIALS - TURN_CREDENTIALS
- TURN_HOST - TURN_HOST
@ -220,18 +255,19 @@ services:
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES - XMPP_MODULES
- XMPP_MUC_MODULES - XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_CROSS_DOMAIN - XMPP_PORT
networks: networks:
meet.jitsi: meet.jitsi:
aliases: aliases:
- ${XMPP_SERVER} - ${XMPP_SERVER:-xmpp.meet.jitsi}
# Focus component # Focus component
jicofo: jicofo:
image: jitsi/jicofo:stable-6865 image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
volumes: volumes:
- ${CONFIG}/jicofo:/config:Z - ${CONFIG}/jicofo:/config:Z
environment: environment:
@ -254,8 +290,6 @@ services:
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_ENABLE_HEALTH_CHECKS - JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_SHORT_ID - JICOFO_SHORT_ID
- JICOFO_RESERVATION_ENABLED
- JICOFO_RESERVATION_REST_BASE_URL
- JIBRI_BREWERY_MUC - JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES - JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT - JIBRI_PENDING_TIMEOUT
@ -274,6 +308,7 @@ services:
- XMPP_MUC_DOMAIN - XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_SERVER - XMPP_SERVER
- XMPP_PORT
depends_on: depends_on:
- prosody - prosody
networks: networks:
@ -281,31 +316,30 @@ services:
# Video bridge # Video bridge
jvb: jvb:
image: jitsi/jvb:stable-6865 image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
ports: ports:
- '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}' - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
volumes: volumes:
- ${CONFIG}/jvb:/config:Z - ${CONFIG}/jvb:/config:Z
environment: environment:
- DOCKER_HOST_ADDRESS - DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET - ENABLE_COLIBRI_WEBSOCKET
- ENABLE_OCTO - ENABLE_OCTO
- ENABLE_MULTI_STREAM
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER - JVB_AUTH_USER
- JVB_AUTH_PASSWORD - JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC - JVB_BREWERY_MUC
#- JVB_ENABLE_APIS - JVB_DISABLE_STUN
- JVB_PORT - JVB_PORT
- JVB_MUC_NICKNAME - JVB_MUC_NICKNAME
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_PORT
- JVB_TCP_MAPPED_PORT
- JVB_STUN_SERVERS - JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS - JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_PUBLIC_ADDRESS
- JVB_OCTO_BIND_PORT
- JVB_OCTO_REGION - JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN - JVB_WS_DOMAIN
- JVB_WS_SERVER_ID - JVB_WS_SERVER_ID
- PUBLIC_URL - PUBLIC_URL
@ -318,6 +352,7 @@ services:
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER - XMPP_SERVER
- XMPP_PORT
depends_on: depends_on:
- prosody - prosody
networks: networks:

288
templates/env.jitsi.j2
View file

@ -1,28 +1,14 @@
# shellcheck disable=SC2034 # shellcheck disable=SC2034
# Security ################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
# #
# Set these to strong passwords to avoid intruders from impersonating a service account # This sample .env file contains some basic options to get you started.
# The service(s) won't start unless these are specified # The full options reference can be found here:
# Running ./gen-passwords.sh will update .env with strong passwords # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
# You may skip the Jigasi and Jibri passwords if you are not using those ################################################################################
# DO NOT reuse passwords ################################################################################
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# #
@ -45,34 +31,25 @@ TZ={{ jitsi_timezone }}
PUBLIC_URL={{ jitsi_public_url }} PUBLIC_URL={{ jitsi_public_url }}
VIRTUAL_HOST={{ jitsi_virtual_host }} VIRTUAL_HOST={{ jitsi_virtual_host }}
# IP address of the Docker host # IP address of the Docker host. See the "Running on a LAN environment" section
# See the "Running behind NAT or on a LAN environment" section in the Handbook: # in the README.
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }} DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
# Control whether the lobby feature should be enabled or not # Media IP addresses to advertise by the JVB
#ENABLE_LOBBY=1 # This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS={{ jitsi_jvb_advertise_ips }}
# Control whether the A/V moderation should be enabled or not JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
#ENABLE_AV_MODERATION=1
# Show a prejoin page before entering a conference #
#ENABLE_PREJOIN_PAGE=0 # JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable the welcome page # Enable JaaS Components (hosted Jigasi)
#ENABLE_WELCOME_PAGE=1 #ENABLE_JAAS_COMPONENTS=0
# Enable the close page
#ENABLE_CLOSE_PAGE=0
# Disable measuring of audio levels
#DISABLE_AUDIO_LEVELS=0
# Enable noisy mic detection
#ENABLE_NOISY_MIC_DETECTION=1
# Enable breakout rooms
#ENABLE_BREAKOUT_ROOMS=1
{% if jitsi_enable_letsencrypt %} {% if jitsi_enable_letsencrypt %}
# #
@ -80,7 +57,7 @@ DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
# #
# Enable Let's Encrypt certificate generation. # Enable Let's Encrypt certificate generation.
ENABLE_LETSENCRYPT=0 ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate. # Domain for which to generate the certificate.
LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }} LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }}
@ -88,6 +65,9 @@ LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }}
# E-Mail for receiving important account notifications (mandatory). # E-Mail for receiving important account notifications (mandatory).
LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }} LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
{% endif -%} {% endif -%}
# #
@ -132,6 +112,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# SIP server transport # SIP server transport
#JIGASI_SIP_TRANSPORT=UDP #JIGASI_SIP_TRANSPORT=UDP
# #
# Authentication configuration (see handbook for details) # Authentication configuration (see handbook for details)
# #
@ -142,7 +123,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# Enable guest access # Enable guest access
#ENABLE_GUESTS=1 #ENABLE_GUESTS=1
# Select authentication type: internal, jwt or ldap # Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal #AUTH_TYPE=internal
# JWT authentication # JWT authentication
@ -160,7 +141,6 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# (Optional) Set asap_accepted_audiences as a comma separated list # (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
# #
@ -208,207 +188,37 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# #
# Advanced configuration options (you generally don't need to change these) # Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
# #
# Internal XMPP domain # XMPP password for Jicofo client connections
XMPP_DOMAIN=meet.jitsi JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# Internal XMPP server # XMPP password for JVB client connections
XMPP_SERVER=xmpp.meet.jitsi JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# Internal XMPP server URL # XMPP password for Jigasi MUC client connections
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# Internal XMPP domain for authenticated services # XMPP recorder password for Jibri client connections
XMPP_AUTH_DOMAIN=auth.meet.jitsi JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# XMPP domain for the MUC # XMPP password for Jibri client connections
XMPP_MUC_DOMAIN=muc.meet.jitsi JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# Comma separated list of domains for cross domain policy or "true" to allow all
# The PUBLIC_URL is always allowed
#XMPP_CROSS_DOMAIN=true
# Custom Prosody modules for XMPP_DOMAIN (comma separated)
XMPP_MODULES=
# Custom Prosody modules for MUC component (comma separated)
XMPP_MUC_MODULES=
# Custom Prosody modules for internal MUC component (comma separated)
XMPP_INTERNAL_MUC_MODULES=
# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery
# XMPP user for JVB client connections
JVB_AUTH_USER={{ jitsi_jvb_auth_user }}
# STUN servers used to discover the server's public IP
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge
JVB_PORT=10000
# TCP Fallback for Jitsi Videobridge for when UDP isn't available
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443
JVB_TCP_MAPPED_PORT=4443
# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }}
# Base URL of Jicofo's reservation REST API
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
#JICOFO_ENABLE_HEALTH_CHECKS=true
# XMPP user for Jigasi MUC client connections
JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }}
# MUC name for the Jigasi pool
JIGASI_BREWERY_MUC=jigasibrewery
# Minimum port for media used by Jigasi
JIGASI_PORT_MIN=20000
# Maximum port for media used by Jigasi
JIGASI_PORT_MAX=20050
# Enable SDES srtp
#JIGASI_ENABLE_SDES_SRTP=1
# Keepalive method
#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
# Health-check extension
#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
# Health-check interval
#JIGASI_HEALTH_CHECK_INTERVAL=300000
# #
# Enable Jigasi transcription # Docker Compose options
#ENABLE_TRANSCRIPTIONS=1 #
# Jigasi will record audio when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_SEND_TXT=true
# Jigasi will post an url to the chat with transcription file [default: false]
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
# Credentials for connect to Cloud Google API from Jigasi
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
# section "Before you begin" paragraph 1 to 5
# Copy the values from the json to the related env vars
#GC_PROJECT_ID=
#GC_PRIVATE_KEY_ID=
#GC_PRIVATE_KEY=
#GC_CLIENT_EMAIL=
#GC_CLIENT_ID=
#GC_CLIENT_CERT_URL=
# Enable recording
#ENABLE_RECORDING=1
# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
# XMPP recorder user for Jibri client connections
JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }}
# Directory for recordings inside Jibri container
JIBRI_RECORDING_DIR=/config/recordings
# The finalizing script. Will run after recording is complete
#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
# XMPP user for Jibri client connections
JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }}
# MUC name for the Jibri pool
JIBRI_BREWERY_MUC=jibribrewery
# MUC connection timeout
JIBRI_PENDING_TIMEOUT=90
# When jibri gets a request to start a service for a room, the room
# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
# We'll build the url for the call by transforming that into:
# https://xmpp_domain/subdomain/roomName
# So if there are any prefixes in the jid (like jitsi meet, which
# has its participants join a muc at conference.xmpp_domain) then
# list that prefix here so it can be stripped out to generate
# the call url correctly
JIBRI_STRIP_DOMAIN_JID=muc
# Directory for logs inside Jibri container
JIBRI_LOGS_DIR=/config/logs
# Configure an external TURN server
# TURN_CREDENTIALS=secret
# TURN_HOST=turnserver.example.com
# TURN_PORT=443
# TURNS_HOST=turnserver.example.com
# TURNS_PORT=443
# Disable HTTPS: handle TLS connections outside of this setup
#DISABLE_HTTPS=1
# Enable FLoC
# Opt-In to Federated Learning of Cohorts tracking
#ENABLE_FLOC=0
# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1
# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1
# Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1
# Container restart policy # Container restart policy
# Defaults to unless-stopped # Defaults to unless-stopped
RESTART_POLICY=unless-stopped RESTART_POLICY=unless-stopped
# Authenticate using external service or just focus external auth window if there is one already. # Jitsi image version (useful for local development)
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} #JITSI_IMAGE_VERSION=latest
# Sentry Error Tracking
# Sentry Data Source Name (Endpoint for Sentry project)
# Example: https://public:private@host:port/1
#JVB_SENTRY_DSN=
#JICOFO_SENTRY_DSN=
#JIGASI_SENTRY_DSN=
# Optional environment info to filter events
#SENTRY_ENVIRONMENT=production
# Optional release info to filter events
#SENTRY_RELEASE=1.0.0
# Optional properties for shutdown api
#COLIBRI_REST_ENABLED=true
#SHUTDOWN_REST_ENABLED=true
# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)
#TOOLBAR_BUTTONS=
# Hide the buttons at pre-join screen. Add the buttons name separated with comma
#HIDE_PREMEETING_BUTTONS=

5
templates/etherpad.yml
View file

@ -1,10 +1,10 @@
version: '3' version: '3.5'
services: services:
# Etherpad: real-time collaborative document editing # Etherpad: real-time collaborative document editing
etherpad: etherpad:
image: etherpad/etherpad:1.8.6 image: etherpad/etherpad:1.8.6
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
environment: environment:
- TITLE=${ETHERPAD_TITLE} - TITLE=${ETHERPAD_TITLE}
- DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT} - DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT}
@ -14,3 +14,4 @@ services:
meet.jitsi: meet.jitsi:
aliases: aliases:
- etherpad.meet.jitsi - etherpad.meet.jitsi

16
templates/jibri.yml
View file

@ -1,23 +1,18 @@
version: '3' version: '3.5'
services: services:
jibri: jibri:
image: jitsi/jibri:stable-6865 image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
volumes: volumes:
- ${CONFIG}/jibri:/config:Z - ${CONFIG}/jibri:/config:Z
- /dev/shm:/dev/shm shm_size: '2gb'
cap_add: cap_add:
- SYS_ADMIN - SYS_ADMIN
- NET_BIND_SERVICE
devices:
- /dev/snd:/dev/snd
environment: environment:
- CHROMIUM_FLAGS - CHROMIUM_FLAGS
- DISPLAY=:0 - DISPLAY=:0
- ENABLE_STATS_D - ENABLE_STATS_D
- JIBRI_FFMPEG_AUDIO_SOURCE
- JIBRI_FFMPEG_AUDIO_DEVICE
- JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_EXTERNAL_PORT
- JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT
- JIBRI_RECORDING_RESOLUTION - JIBRI_RECORDING_RESOLUTION
@ -30,14 +25,15 @@ services:
- JIBRI_RECORDING_DIR - JIBRI_RECORDING_DIR
- JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
- JIBRI_STRIP_DOMAIN_JID - JIBRI_STRIP_DOMAIN_JID
- JIBRI_LOGS_DIR
- PUBLIC_URL - PUBLIC_URL
- TZ - TZ
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_SERVER - XMPP_SERVER
- XMPP_PORT
- XMPP_TRUST_ALL_CERTS - XMPP_TRUST_ALL_CERTS
depends_on: depends_on:
- jicofo - jicofo

9
templates/jigasi.yml
View file

@ -3,10 +3,10 @@ version: '3'
services: services:
# SIP gateway (audio) # SIP gateway (audio)
jigasi: jigasi:
image: jitsi/jigasi:stable-6865 image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY} restart: ${RESTART_POLICY:-unless-stopped}
ports: ports:
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp'
volumes: volumes:
- ${CONFIG}/jigasi:/config:Z - ${CONFIG}/jigasi:/config:Z
- ${CONFIG}/transcripts:/tmp/transcripts:Z - ${CONFIG}/transcripts:/tmp/transcripts:Z
@ -18,8 +18,10 @@ services:
- XMPP_MUC_DOMAIN - XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER - XMPP_SERVER
- XMPP_PORT
- XMPP_DOMAIN - XMPP_DOMAIN
- PUBLIC_URL - PUBLIC_URL
- JIGASI_DISABLE_SIP
- JIGASI_SIP_URI - JIGASI_SIP_URI
- JIGASI_SIP_PASSWORD - JIGASI_SIP_PASSWORD
- JIGASI_SIP_SERVER - JIGASI_SIP_SERVER
@ -53,3 +55,4 @@ services:
- prosody - prosody
networks: networks:
meet.jitsi: meet.jitsi: