jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity

Updated Jitsi to stable-7830; Addressed some config issues

Browse source
This commit is contained in:
Jan Beilicke 2022-10-02 22:27:12 +02:00
parent 80cd68a5c4
commit 9183e360d8
8 changed files with 138 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGELOG.md Normal file
View file

@ -0,0 +1,8 @@
## Changelog
### stable-7830
* Updates all Docker Compose templates
* Adds `jitsi_jvb_advertise_ips`, which supports a comma separated list of IPs
* Content-Security-Policy now allows `base-uri 'self'` (instead of `none`)
* Fixed `jitsi_enable_letsencrypt` handling (please note: you will still have to uncomment `LETSENCRYPT_USE_STAGING=1` in the .env file/template if you only want to test Let's Encrypt)

3
README.md
View file

@ -20,7 +20,8 @@ Role Variables
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
| jitsi_docker_host_address | | |
| jitsi_docker_host_address | |
| jitsi_jvb_advertise_ips | supports a comma separated list of IPs | | |
| jitsi_enable_letsencrypt | Jitsi will take care of Let's Encrypt certificates | 0 |
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |

3
defaults/main.yml
View file

@ -12,4 +12,5 @@ jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
jitsi_web_channel_last_n: 3
jitsi_build_latest_image_from_source: yes
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git
jitsi_enable_third_party_requests: no
jitsi_enable_third_party_requests: no
jitsi_jvb_advertise_ips: "{{ jitsi_docker_host_address }}"

89
templates/docker-compose.jitsi.yml.j2
View file

@ -1,10 +1,10 @@
version: '3'
version: '3.5'
services:
# Frontend
web:
image: jitsi/web:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443'
@ -16,8 +16,8 @@ services:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- BRANDING_DATA_URL
- BRIDGE_CHANNEL
- CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID
- CALLSTATS_SECRET
@ -40,8 +40,12 @@ services:
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
@ -50,9 +54,8 @@ services:
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_FILE_RECORDING_SERVICE
- ENABLE_FILE_RECORDING_SERVICE_SHARING
- ENABLE_FLOC
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
@ -61,13 +64,19 @@ services:
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
@ -76,11 +85,18 @@ services:
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ENABLE_MULTI_STREAM
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN
@ -128,6 +144,7 @@ services:
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_PORT
labels:
traefik.enable: true
traefik.docker.network: traefik_public
@ -143,7 +160,7 @@ services:
traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true
traefik.http.middlewares.jitsi-headers.headers.STSPreload: true
traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none'
traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content
traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content
traefik.http.routers.jitsi.middlewares: jitsi-headers
networks:
public:
@ -153,10 +170,10 @@ services:
# XMPP server
prosody:
image: jitsi/prosody:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
expose:
- '5222'
- '${XMPP_PORT:-5222}'
- '5347'
- '5280'
volumes:
@ -168,9 +185,19 @@ services:
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
@ -191,7 +218,12 @@ services:
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
@ -206,6 +238,9 @@ services:
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PUBLIC_URL
- TURN_CREDENTIALS
- TURN_HOST
@ -220,18 +255,19 @@ services:
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_CROSS_DOMAIN
- XMPP_PORT
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER}
- ${XMPP_SERVER:-xmpp.meet.jitsi}
# Focus component
jicofo:
image: jitsi/jicofo:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
volumes:
- ${CONFIG}/jicofo:/config:Z
environment:
@ -254,8 +290,6 @@ services:
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_SHORT_ID
- JICOFO_RESERVATION_ENABLED
- JICOFO_RESERVATION_REST_BASE_URL
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
@ -274,6 +308,7 @@ services:
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
@ -281,31 +316,30 @@ services:
# Video bridge
jvb:
image: jitsi/jvb:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
- '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
volumes:
- ${CONFIG}/jvb:/config:Z
environment:
- DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_OCTO
- ENABLE_MULTI_STREAM
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
#- JVB_ENABLE_APIS
- JVB_DISABLE_STUN
- JVB_PORT
- JVB_MUC_NICKNAME
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_PORT
- JVB_TCP_MAPPED_PORT
- JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_PUBLIC_ADDRESS
- JVB_OCTO_BIND_PORT
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- PUBLIC_URL
@ -318,6 +352,7 @@ services:
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:

288
templates/env.jitsi.j2
View file

@ -1,28 +1,14 @@
# shellcheck disable=SC2034
# Security
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
@ -45,34 +31,25 @@ TZ={{ jitsi_timezone }}
PUBLIC_URL={{ jitsi_public_url }}
VIRTUAL_HOST={{ jitsi_virtual_host }}
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
# IP address of the Docker host. See the "Running on a LAN environment" section
# in the README.
DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
# Control whether the lobby feature should be enabled or not
#ENABLE_LOBBY=1
# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS={{ jitsi_jvb_advertise_ips }}
# Control whether the A/V moderation should be enabled or not
#ENABLE_AV_MODERATION=1
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Show a prejoin page before entering a conference
#ENABLE_PREJOIN_PAGE=0
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable the welcome page
#ENABLE_WELCOME_PAGE=1
# Enable the close page
#ENABLE_CLOSE_PAGE=0
# Disable measuring of audio levels
#DISABLE_AUDIO_LEVELS=0
# Enable noisy mic detection
#ENABLE_NOISY_MIC_DETECTION=1
# Enable breakout rooms
#ENABLE_BREAKOUT_ROOMS=1
# Enable JaaS Components (hosted Jigasi)
#ENABLE_JAAS_COMPONENTS=0
{% if jitsi_enable_letsencrypt %}
#
@ -80,7 +57,7 @@ DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
#
# Enable Let's Encrypt certificate generation.
ENABLE_LETSENCRYPT=0
ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate.
LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }}
@ -88,6 +65,9 @@ LETSENCRYPT_DOMAIN={{ jitsi_virtual_host }}
# E-Mail for receiving important account notifications (mandatory).
LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
{% endif -%}
#
@ -132,6 +112,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
@ -142,7 +123,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# Enable guest access
#ENABLE_GUESTS=1
# Select authentication type: internal, jwt or ldap
# Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal
# JWT authentication
@ -160,7 +141,6 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
@ -208,207 +188,37 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
#
# Advanced configuration options (you generally don't need to change these)
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# Internal XMPP domain
XMPP_DOMAIN=meet.jitsi
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# Internal XMPP server
XMPP_SERVER=xmpp.meet.jitsi
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# Internal XMPP server URL
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# Internal XMPP domain for authenticated services
XMPP_AUTH_DOMAIN=auth.meet.jitsi
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# XMPP domain for the MUC
XMPP_MUC_DOMAIN=muc.meet.jitsi
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# Comma separated list of domains for cross domain policy or "true" to allow all
# The PUBLIC_URL is always allowed
#XMPP_CROSS_DOMAIN=true
# Custom Prosody modules for XMPP_DOMAIN (comma separated)
XMPP_MODULES=
# Custom Prosody modules for MUC component (comma separated)
XMPP_MUC_MODULES=
# Custom Prosody modules for internal MUC component (comma separated)
XMPP_INTERNAL_MUC_MODULES=
# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery
# XMPP user for JVB client connections
JVB_AUTH_USER={{ jitsi_jvb_auth_user }}
# STUN servers used to discover the server's public IP
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge
JVB_PORT=10000
# TCP Fallback for Jitsi Videobridge for when UDP isn't available
JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443
JVB_TCP_MAPPED_PORT=4443
# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }}
# Base URL of Jicofo's reservation REST API
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
#JICOFO_ENABLE_HEALTH_CHECKS=true
# XMPP user for Jigasi MUC client connections
JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }}
# MUC name for the Jigasi pool
JIGASI_BREWERY_MUC=jigasibrewery
# Minimum port for media used by Jigasi
JIGASI_PORT_MIN=20000
# Maximum port for media used by Jigasi
JIGASI_PORT_MAX=20050
# Enable SDES srtp
#JIGASI_ENABLE_SDES_SRTP=1
# Keepalive method
#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
# Health-check extension
#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
# Health-check interval
#JIGASI_HEALTH_CHECK_INTERVAL=300000
#
# Enable Jigasi transcription
#ENABLE_TRANSCRIPTIONS=1
# Jigasi will record audio when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_SEND_TXT=true
# Jigasi will post an url to the chat with transcription file [default: false]
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
# Credentials for connect to Cloud Google API from Jigasi
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
# section "Before you begin" paragraph 1 to 5
# Copy the values from the json to the related env vars
#GC_PROJECT_ID=
#GC_PRIVATE_KEY_ID=
#GC_PRIVATE_KEY=
#GC_CLIENT_EMAIL=
#GC_CLIENT_ID=
#GC_CLIENT_CERT_URL=
# Enable recording
#ENABLE_RECORDING=1
# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
# XMPP recorder user for Jibri client connections
JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }}
# Directory for recordings inside Jibri container
JIBRI_RECORDING_DIR=/config/recordings
# The finalizing script. Will run after recording is complete
#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
# XMPP user for Jibri client connections
JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }}
# MUC name for the Jibri pool
JIBRI_BREWERY_MUC=jibribrewery
# MUC connection timeout
JIBRI_PENDING_TIMEOUT=90
# When jibri gets a request to start a service for a room, the room
# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
# We'll build the url for the call by transforming that into:
# https://xmpp_domain/subdomain/roomName
# So if there are any prefixes in the jid (like jitsi meet, which
# has its participants join a muc at conference.xmpp_domain) then
# list that prefix here so it can be stripped out to generate
# the call url correctly
JIBRI_STRIP_DOMAIN_JID=muc
# Directory for logs inside Jibri container
JIBRI_LOGS_DIR=/config/logs
# Configure an external TURN server
# TURN_CREDENTIALS=secret
# TURN_HOST=turnserver.example.com
# TURN_PORT=443
# TURNS_HOST=turnserver.example.com
# TURNS_PORT=443
# Disable HTTPS: handle TLS connections outside of this setup
#DISABLE_HTTPS=1
# Enable FLoC
# Opt-In to Federated Learning of Cohorts tracking
#ENABLE_FLOC=0
# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1
# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1
# Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1
# Docker Compose options
#
# Container restart policy
# Defaults to unless-stopped
RESTART_POLICY=unless-stopped
# Authenticate using external service or just focus external auth window if there is one already.
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
# Sentry Error Tracking
# Sentry Data Source Name (Endpoint for Sentry project)
# Example: https://public:private@host:port/1
#JVB_SENTRY_DSN=
#JICOFO_SENTRY_DSN=
#JIGASI_SENTRY_DSN=
# Optional environment info to filter events
#SENTRY_ENVIRONMENT=production
# Optional release info to filter events
#SENTRY_RELEASE=1.0.0
# Optional properties for shutdown api
#COLIBRI_REST_ENABLED=true
#SHUTDOWN_REST_ENABLED=true
# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)
#TOOLBAR_BUTTONS=
# Hide the buttons at pre-join screen. Add the buttons name separated with comma
#HIDE_PREMEETING_BUTTONS=
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest

5
templates/etherpad.yml
View file

@ -1,10 +1,10 @@
version: '3'
version: '3.5'
services:
# Etherpad: real-time collaborative document editing
etherpad:
image: etherpad/etherpad:1.8.6
restart: ${RESTART_POLICY}
restart: ${RESTART_POLICY:-unless-stopped}
environment:
- TITLE=${ETHERPAD_TITLE}
- DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT}
@ -14,3 +14,4 @@ services:
meet.jitsi:
aliases:
- etherpad.meet.jitsi

16
templates/jibri.yml
View file

@ -1,23 +1,18 @@
version: '3'
version: '3.5'
services:
jibri:
image: jitsi/jibri:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
volumes:
- ${CONFIG}/jibri:/config:Z
- /dev/shm:/dev/shm
shm_size: '2gb'
cap_add:
- SYS_ADMIN
- NET_BIND_SERVICE
devices:
- /dev/snd:/dev/snd
environment:
- CHROMIUM_FLAGS
- DISPLAY=:0
- ENABLE_STATS_D
- JIBRI_FFMPEG_AUDIO_SOURCE
- JIBRI_FFMPEG_AUDIO_DEVICE
- JIBRI_HTTP_API_EXTERNAL_PORT
- JIBRI_HTTP_API_INTERNAL_PORT
- JIBRI_RECORDING_RESOLUTION
@ -30,14 +25,15 @@ services:
- JIBRI_RECORDING_DIR
- JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
- JIBRI_STRIP_DOMAIN_JID
- JIBRI_LOGS_DIR
- PUBLIC_URL
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_TRUST_ALL_CERTS
depends_on:
- jicofo

9
templates/jigasi.yml
View file

@ -3,10 +3,10 @@ version: '3'
services:
# SIP gateway (audio)
jigasi:
image: jitsi/jigasi:stable-6865
restart: ${RESTART_POLICY}
image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-7830}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
- '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp'
volumes:
- ${CONFIG}/jigasi:/config:Z
- ${CONFIG}/transcripts:/tmp/transcripts:Z
@ -18,8 +18,10 @@ services:
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_DOMAIN
- PUBLIC_URL
- JIGASI_DISABLE_SIP
- JIGASI_SIP_URI
- JIGASI_SIP_PASSWORD
- JIGASI_SIP_SERVER
@ -53,3 +55,4 @@ services:
- prosody
networks:
meet.jitsi: