From d3077f101c8294b321da0a263e7122c8b2e08c11 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Fri, 18 Feb 2022 21:57:07 +0100 Subject: [PATCH] Updates Jitsi to stable-6865 --- tasks/main.yml | 2 +- templates/docker-compose.jitsi.yml.j2 | 176 +++++++++++++----- templates/env.jitsi.j2 | 246 +++++++++++++++++--------- templates/etherpad.yml | 8 +- templates/jibri.yml | 29 ++- templates/jigasi.yml | 21 ++- 6 files changed, 344 insertions(+), 138 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 1ef8919..df582f2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -79,7 +79,7 @@ - assert: that: - - "output.ansible_facts['web']['jitsi_web_1'].state.running" + - "output.services['web']['jitsi_web_1'].state.running" - name: "Test whether Jitsi is healthy from the outside" when: not ansible_check_mode diff --git a/templates/docker-compose.jitsi.yml.j2 b/templates/docker-compose.jitsi.yml.j2 index 3277c95..b8c6d7c 100644 --- a/templates/docker-compose.jitsi.yml.j2 +++ b/templates/docker-compose.jitsi.yml.j2 @@ -3,12 +3,15 @@ version: '3' services: # Frontend web: - image: jitsi/web - restart: unless-stopped + image: jitsi/web:stable-6865 + restart: ${RESTART_POLICY} + ports: + - '${HTTP_PORT}:80' + - '${HTTPS_PORT}:443' volumes: - - ${CONFIG}/web:/config - - ${CONFIG}/web/letsencrypt:/etc/letsencrypt - - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts + - ${CONFIG}/web:/config:Z + - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z + - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z environment: - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS @@ -21,28 +24,47 @@ services: - CHROME_EXTENSION_BANNER_JSON - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT + - DEFAULT_LANGUAGE - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE + - DEPLOYMENTINFO_REGION + - DEPLOYMENTINFO_SHARD - DEPLOYMENTINFO_USERREGION + - DESKTOP_SHARING_FRAMERATE_MIN + - DESKTOP_SHARING_FRAMERATE_MAX - DIALIN_NUMBERS_URL - DIALOUT_AUTH_URL - DIALOUT_CODES_URL + - DISABLE_AUDIO_LEVELS + - DISABLE_DEEP_LINKING + - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS + - DISABLE_KICKOUT + - DISABLE_POLLS + - DISABLE_REACTIONS - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI + - DYNAMIC_BRANDING_URL - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH + - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR + - ENABLE_COLIBRI_WEBSOCKET - ENABLE_FILE_RECORDING_SERVICE - ENABLE_FILE_RECORDING_SERVICE_SHARING + - ENABLE_FLOC - ENABLE_GUESTS + - ENABLE_HSTS - ENABLE_HTTP_REDIRECT - ENABLE_IPV6 - ENABLE_LETSENCRYPT - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - - ENABLE_P2P + - ENABLE_NOISY_MIC_DETECTION - ENABLE_PREJOIN_PAGE + - ENABLE_P2P + - ENABLE_WELCOME_PAGE + - ENABLE_CLOSE_PAGE - ENABLE_RECORDING - ENABLE_REMB - ENABLE_REQUIRE_DISPLAY_NAME @@ -58,14 +80,21 @@ services: - ETHERPAD_URL_BASE - GOOGLE_ANALYTICS_ID - GOOGLE_API_APP_CLIENT_ID + - HIDE_PREMEETING_BUTTONS - INVITE_SERVICE_URL - JICOFO_AUTH_USER + - LETSENCRYPT_DOMAIN + - LETSENCRYPT_EMAIL + - LETSENCRYPT_USE_STAGING - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID - NGINX_RESOLVER + - NGINX_WORKER_PROCESSES + - NGINX_WORKER_CONNECTIONS - PEOPLE_SEARCH_URL - PUBLIC_URL + - P2P_PREFERRED_CODEC - RESOLUTION - RESOLUTION_MIN - RESOLUTION_WIDTH @@ -73,10 +102,26 @@ services: - START_AUDIO_MUTED - START_AUDIO_ONLY - START_BITRATE + - START_SILENT + - START_WITH_AUDIO_MUTED - START_VIDEO_MUTED + - START_WITH_VIDEO_MUTED - TESTING_CAP_SCREENSHARE_BITRATE - TESTING_OCTO_PROBABILITY + - TOKEN_AUTH_URL + - TOOLBAR_BUTTONS - TZ + - VIDEOQUALITY_BITRATE_H264_LOW + - VIDEOQUALITY_BITRATE_H264_STANDARD + - VIDEOQUALITY_BITRATE_H264_HIGH + - VIDEOQUALITY_BITRATE_VP8_LOW + - VIDEOQUALITY_BITRATE_VP8_STANDARD + - VIDEOQUALITY_BITRATE_VP8_HIGH + - VIDEOQUALITY_BITRATE_VP9_LOW + - VIDEOQUALITY_BITRATE_VP9_STANDARD + - VIDEOQUALITY_BITRATE_VP9_HIGH + - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC + - VIDEOQUALITY_PREFERRED_CODEC - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_DOMAIN @@ -108,66 +153,76 @@ services: # XMPP server prosody: - image: jitsi/prosody - restart: unless-stopped + image: jitsi/prosody:stable-6865 + restart: ${RESTART_POLICY} expose: - '5222' - '5347' - '5280' volumes: - - ${CONFIG}/prosody:/config + - ${CONFIG}/prosody/config:/config:Z + - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z environment: - AUTH_TYPE + - DISABLE_POLLS - ENABLE_AUTH + - ENABLE_AV_MODERATION + - ENABLE_BREAKOUT_ROOMS - ENABLE_GUESTS - ENABLE_LOBBY - ENABLE_XMPP_WEBSOCKET - GLOBAL_CONFIG - GLOBAL_MODULES - - JIBRI_RECORDER_PASSWORD - JIBRI_RECORDER_USER - - JIBRI_XMPP_PASSWORD + - JIBRI_RECORDER_PASSWORD - JIBRI_XMPP_USER - - JICOFO_AUTH_PASSWORD + - JIBRI_XMPP_PASSWORD - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD - JICOFO_COMPONENT_SECRET - - JIGASI_XMPP_PASSWORD - JIGASI_XMPP_USER - - JVB_AUTH_PASSWORD + - JIGASI_XMPP_PASSWORD - JVB_AUTH_USER - - JWT_ACCEPTED_AUDIENCES - - JWT_ACCEPTED_ISSUERS - - JWT_ALLOW_EMPTY + - JVB_AUTH_PASSWORD - JWT_APP_ID - JWT_APP_SECRET + - JWT_ACCEPTED_ISSUERS + - JWT_ACCEPTED_AUDIENCES - JWT_ASAP_KEYSERVER + - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE - JWT_TOKEN_AUTH_MODULE + - LOG_LEVEL - LDAP_AUTH_METHOD - LDAP_BASE - LDAP_BINDDN - LDAP_BINDPW - LDAP_FILTER - - LDAP_START_TLS - - LDAP_TLS_CACERT_DIR - - LDAP_TLS_CACERT_FILE - - LDAP_TLS_CHECK_PEER + - LDAP_VERSION - LDAP_TLS_CIPHERS + - LDAP_TLS_CHECK_PEER + - LDAP_TLS_CACERT_FILE + - LDAP_TLS_CACERT_DIR + - LDAP_START_TLS - LDAP_URL - LDAP_USE_TLS - - LDAP_VERSION - - LOG_LEVEL - PUBLIC_URL + - TURN_CREDENTIALS + - TURN_HOST + - TURNS_HOST + - TURN_PORT + - TURNS_PORT - TZ - - XMPP_AUTH_DOMAIN - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_INTERNAL_MUC_MODULES - - XMPP_MODULES - XMPP_MUC_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MODULES - XMPP_MUC_MODULES + - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN + - XMPP_CROSS_DOMAIN networks: meet.jitsi: aliases: @@ -175,24 +230,49 @@ services: # Focus component jicofo: - image: jitsi/jicofo - restart: unless-stopped + image: jitsi/jicofo:stable-6865 + restart: ${RESTART_POLICY} volumes: - - ${CONFIG}/jicofo:/config + - ${CONFIG}/jicofo:/config:Z environment: + - AUTH_TYPE + - BRIDGE_AVG_PARTICIPANT_STRESS + - BRIDGE_STRESS_THRESHOLD - ENABLE_AUTH - - JIBRI_BREWERY_MUC - - JIBRI_PENDING_TIMEOUT - - JICOFO_AUTH_PASSWORD + - ENABLE_AUTO_OWNER + - ENABLE_CODEC_VP8 + - ENABLE_CODEC_VP9 + - ENABLE_CODEC_H264 + - ENABLE_OCTO + - ENABLE_RECORDING + - ENABLE_SCTP + - ENABLE_AUTO_LOGIN - JICOFO_AUTH_USER - - JICOFO_COMPONENT_SECRET + - JICOFO_AUTH_PASSWORD + - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS + - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT + - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT + - JICOFO_ENABLE_HEALTH_CHECKS + - JICOFO_SHORT_ID + - JICOFO_RESERVATION_ENABLED - JICOFO_RESERVATION_REST_BASE_URL + - JIBRI_BREWERY_MUC + - JIBRI_REQUEST_RETRIES + - JIBRI_PENDING_TIMEOUT - JIGASI_BREWERY_MUC + - JIGASI_SIP_URI - JVB_BREWERY_MUC + - MAX_BRIDGE_PARTICIPANTS + - OCTO_BRIDGE_SELECTION_STRATEGY + - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" + - SENTRY_ENVIRONMENT + - SENTRY_RELEASE - TZ - - XMPP_AUTH_DOMAIN - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN - XMPP_SERVER depends_on: - prosody @@ -201,27 +281,39 @@ services: # Video bridge jvb: - image: jitsi/jvb - restart: unless-stopped + image: jitsi/jvb:stable-6865 + restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' volumes: - - ${CONFIG}/jvb:/config + - ${CONFIG}/jvb:/config:Z environment: - DOCKER_HOST_ADDRESS - - JVB_AUTH_PASSWORD + - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_OCTO - JVB_AUTH_USER + - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - - JVB_ENABLE_APIS + #- JVB_ENABLE_APIS - JVB_PORT - - JVB_STUN_SERVERS + - JVB_MUC_NICKNAME - JVB_TCP_HARVESTER_DISABLED - - JVB_TCP_MAPPED_PORT - JVB_TCP_PORT + - JVB_TCP_MAPPED_PORT + - JVB_STUN_SERVERS + - JVB_OCTO_BIND_ADDRESS + - JVB_OCTO_PUBLIC_ADDRESS + - JVB_OCTO_BIND_PORT + - JVB_OCTO_REGION - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - PUBLIC_URL + - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" + - SENTRY_ENVIRONMENT + - SENTRY_RELEASE + - COLIBRI_REST_ENABLED + - SHUTDOWN_REST_ENABLED - TZ - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN diff --git a/templates/env.jitsi.j2 b/templates/env.jitsi.j2 index 8bcb9f1..ebbec30 100644 --- a/templates/env.jitsi.j2 +++ b/templates/env.jitsi.j2 @@ -1,27 +1,79 @@ +# shellcheck disable=SC2034 + +# Security +# +# Set these to strong passwords to avoid intruders from impersonating a service account +# The service(s) won't start unless these are specified +# Running ./gen-passwords.sh will update .env with strong passwords +# You may skip the Jigasi and Jibri passwords if you are not using those +# DO NOT reuse passwords +# + +# XMPP password for Jicofo client connections +JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }} + +# XMPP password for JVB client connections +JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }} + +# XMPP password for Jigasi MUC client connections +JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }} + +# XMPP recorder password for Jibri client connections +JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }} + +# XMPP password for Jibri client connections +JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }} + + # # Basic configuration options # -# Directory where all configuration will be stored. +# Directory where all configuration will be stored CONFIG=./conf -# Exposed HTTP port. +# Exposed HTTP port HTTP_PORT={{ jitsi_exposed_http_port }} -# Exposed HTTPS port. +# Exposed HTTPS port HTTPS_PORT={{ jitsi_exposed_https_port }} -# System time zone. +# System time zone TZ={{ jitsi_timezone }} -# Public URL for the web service. +# Public URL for the web service (required) PUBLIC_URL={{ jitsi_public_url }} VIRTUAL_HOST={{ jitsi_virtual_host }} -# IP address of the Docker host. See the "Running on a LAN environment" section -# in the README. +# IP address of the Docker host +# See the "Running behind NAT or on a LAN environment" section in the Handbook: +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }} +# Control whether the lobby feature should be enabled or not +#ENABLE_LOBBY=1 + +# Control whether the A/V moderation should be enabled or not +#ENABLE_AV_MODERATION=1 + +# Show a prejoin page before entering a conference +#ENABLE_PREJOIN_PAGE=0 + +# Enable the welcome page +#ENABLE_WELCOME_PAGE=1 + +# Enable the close page +#ENABLE_CLOSE_PAGE=0 + +# Disable measuring of audio levels +#DISABLE_AUDIO_LEVELS=0 + +# Enable noisy mic detection +#ENABLE_NOISY_MIC_DETECTION=1 + +# Enable breakout rooms +#ENABLE_BREAKOUT_ROOMS=1 + {% if jitsi_enable_letsencrypt %} # # Let's Encrypt configuration @@ -42,17 +94,20 @@ LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }} # Etherpad integration (for document sharing) # -# Set etherpad-lite URL (uncomment to enable). +# Set etherpad-lite URL in docker local network (uncomment to enable) #ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 +# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable) +#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/ + # Name your etherpad instance! -ETHERPAD_TITLE="Video Chat" +ETHERPAD_TITLE=Video Chat # The default text of a pad ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n" # Name of the skin for etherpad -ETHERPAD_SKIN_NAME="colibris" +ETHERPAD_SKIN_NAME=colibris # Skin variants for etherpad ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor" @@ -62,13 +117,13 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # Basic Jigasi configuration options (needed for SIP gateway support) # -# SIP URI for incoming / outgoing calls. +# SIP URI for incoming / outgoing calls #JIGASI_SIP_URI=test@sip2sip.info # Password for the specified SIP account as a clear text #JIGASI_SIP_PASSWORD=passw0rd -# SIP server (use the SIP account domain if in doubt). +# SIP server (use the SIP account domain if in doubt) #JIGASI_SIP_SERVER=sip2sip.info # SIP server port @@ -78,53 +133,53 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background #JIGASI_SIP_TRANSPORT=UDP # -# Authentication configuration (see README for details) +# Authentication configuration (see handbook for details) # -# Enable authentication. +# Enable authentication #ENABLE_AUTH=1 -# Enable guest access. +# Enable guest access #ENABLE_GUESTS=1 # Select authentication type: internal, jwt or ldap #AUTH_TYPE=internal -# JWT auuthentication +# JWT authentication # -# Application identifier. +# Application identifier #JWT_APP_ID=my_jitsi_app_id -# Application secret known only to your token. +# Application secret known only to your token generator #JWT_APP_SECRET=my_jitsi_app_secret -# (Optional) Set asap_accepted_issuers as a comma separated list. +# (Optional) Set asap_accepted_issuers as a comma separated list #JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client -# (Optional) Set asap_accepted_audiences as a comma separated list. +# (Optional) Set asap_accepted_audiences as a comma separated list #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) # -# LDAP url for connection. +# LDAP url for connection #LDAP_URL=ldaps://ldap.domain.com/ # LDAP base DN. Can be empty #LDAP_BASE=DC=example,DC=domain,DC=com -# LDAP user DN. Do not specify this parameter for the anonymous bind. +# LDAP user DN. Do not specify this parameter for the anonymous bind #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com -# LDAP user password. Do not specify this parameter for the anonymous bind. +# LDAP user password. Do not specify this parameter for the anonymous bind #LDAP_BINDPW=LdapUserPassw0rd # LDAP filter. Tokens example: -# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail. -# %s - %s is replaced by the complete service string. -# %r - %r is replaced by the complete realm string. +# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail +# %s - %s is replaced by the complete service string +# %r - %r is replaced by the complete realm string #LDAP_FILTER=(sAMAccountName=%u) # LDAP authentication method @@ -136,16 +191,16 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # LDAP TLS using #LDAP_USE_TLS=1 -# List of SSL/TLS ciphers to allow. +# List of SSL/TLS ciphers to allow #LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC # Require and verify server certificate #LDAP_TLS_CHECK_PEER=1 -# Path to CA cert file. Used when server sertificate verify is enabled. +# Path to CA cert file. Used when server certificate verify is enabled #LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt -# Path to CA certs directory. Used when server sertificate verify is enabled. +# Path to CA certs directory. Used when server certificate verify is enabled #LDAP_TLS_CACERT_DIR=/etc/ssl/certs # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// @@ -156,7 +211,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # Advanced configuration options (you generally don't need to change these) # -# Internal XMPP domain. +# Internal XMPP domain XMPP_DOMAIN=meet.jitsi # Internal XMPP server @@ -165,16 +220,16 @@ XMPP_SERVER=xmpp.meet.jitsi # Internal XMPP server URL XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 -# Internal XMPP domain for authenticated services. +# Internal XMPP domain for authenticated services XMPP_AUTH_DOMAIN=auth.meet.jitsi -# XMPP domain for the MUC. +# XMPP domain for the MUC XMPP_MUC_DOMAIN=muc.meet.jitsi -# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools. +# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi -# XMPP domain for unauthenticated users. +# XMPP domain for unauthenticated users XMPP_GUEST_DOMAIN=guest.meet.jitsi # Comma separated list of domains for cross domain policy or "true" to allow all @@ -190,16 +245,13 @@ XMPP_MUC_MODULES= # Custom Prosody modules for internal MUC component (comma separated) XMPP_INTERNAL_MUC_MODULES= -# MUC for the JVB pool. +# MUC for the JVB pool JVB_BREWERY_MUC=jvbbrewery -# XMPP user for JVB client connections. +# XMPP user for JVB client connections JVB_AUTH_USER={{ jitsi_jvb_auth_user }} -# XMPP password for JVB client connections. -JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }} - -# STUN servers used to discover the server's public IP. +# STUN servers used to discover the server's public IP JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }} # Media port for the Jitsi Videobridge @@ -210,35 +262,26 @@ JVB_TCP_HARVESTER_DISABLED=true JVB_TCP_PORT=4443 JVB_TCP_MAPPED_PORT=4443 -# A comma separated list of APIs to enable when the JVB is started. The default is none. -# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information -#JVB_ENABLE_APIS=rest,colibri - -# XMPP component password for Jicofo. -JICOFO_COMPONENT_SECRET={{ jitsi_jicofo_component_secret }} - -# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug. +# XMPP user for Jicofo client connections. +# NOTE: this option doesn't currently work due to a bug JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }} -# XMPP password for Jicofo client connections. -JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }} - # Base URL of Jicofo's reservation REST API #JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com -# XMPP user for Jigasi MUC client connections. +# Enable Jicofo's health check REST API (http://:8888/about/health) +#JICOFO_ENABLE_HEALTH_CHECKS=true + +# XMPP user for Jigasi MUC client connections JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }} -# XMPP password for Jigasi MUC client connections. -JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }} - -# MUC name for the Jigasi pool. +# MUC name for the Jigasi pool JIGASI_BREWERY_MUC=jigasibrewery -# Minimum port for media used by Jigasi. +# Minimum port for media used by Jigasi JIGASI_PORT_MIN=20000 -# Maximum port for media used by Jigasi. +# Maximum port for media used by Jigasi JIGASI_PORT_MAX=20050 # Enable SDES srtp @@ -253,23 +296,28 @@ JIGASI_PORT_MAX=20050 # Health-check interval #JIGASI_HEALTH_CHECK_INTERVAL=300000 # -# Enable Jigasi transcription. +# Enable Jigasi transcription #ENABLE_TRANSCRIPTIONS=1 -# Jigasi will recordord an audio when transcriber is on. Default false. +# Jigasi will record audio when transcriber is on [default: false] #JIGASI_TRANSCRIBER_RECORD_AUDIO=true -# Jigasi will send transcribed text to the chat when transcriber is on. Default false. +# Jigasi will send transcribed text to the chat when transcriber is on [default: false] #JIGASI_TRANSCRIBER_SEND_TXT=true -# Jigasi post to the chat an url with transcription file. Default false. +# Jigasi will post an url to the chat with transcription file [default: false] #JIGASI_TRANSCRIBER_ADVERTISE_URL=true -# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container. +# Credentials for connect to Cloud Google API from Jigasi # Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" from 1 to 5 paragraph. Copy the key on -# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting: -#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json +# section "Before you begin" paragraph 1 to 5 +# Copy the values from the json to the related env vars +#GC_PROJECT_ID= +#GC_PRIVATE_KEY_ID= +#GC_PRIVATE_KEY= +#GC_CLIENT_EMAIL= +#GC_CLIENT_ID= +#GC_CLIENT_CERT_URL= # Enable recording #ENABLE_RECORDING=1 @@ -277,25 +325,19 @@ JIGASI_PORT_MAX=20050 # XMPP domain for the jibri recorder XMPP_RECORDER_DOMAIN=recorder.meet.jitsi -# XMPP recorder user for Jibri client connections. +# XMPP recorder user for Jibri client connections JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }} -# XMPP recorder password for Jibri client connections. -JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }} - -# Directory for recordings inside Jibri container. +# Directory for recordings inside Jibri container JIBRI_RECORDING_DIR=/config/recordings -# The finalizing script. Will run after recording is complete. -JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh +# The finalizing script. Will run after recording is complete +#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh -# XMPP user for Jibri client connections. +# XMPP user for Jibri client connections JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }} -# XMPP password for Jibri client connections. -JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }} - -# MUC name for the Jibri pool. +# MUC name for the Jibri pool JIBRI_BREWERY_MUC=jibribrewery # MUC connection timeout @@ -308,18 +350,35 @@ JIBRI_PENDING_TIMEOUT=90 # So if there are any prefixes in the jid (like jitsi meet, which # has its participants join a muc at conference.xmpp_domain) then # list that prefix here so it can be stripped out to generate -# the call url correctly. +# the call url correctly JIBRI_STRIP_DOMAIN_JID=muc -# Directory for logs inside Jibri container. +# Directory for logs inside Jibri container JIBRI_LOGS_DIR=/config/logs -# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup. +# Configure an external TURN server +# TURN_CREDENTIALS=secret +# TURN_HOST=turnserver.example.com +# TURN_PORT=443 +# TURNS_HOST=turnserver.example.com +# TURNS_PORT=443 + +# Disable HTTPS: handle TLS connections outside of this setup #DISABLE_HTTPS=1 -# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443). +# Enable FLoC +# Opt-In to Federated Learning of Cohorts tracking +#ENABLE_FLOC=0 + +# Redirect HTTP traffic to HTTPS +# Necessary for Let's Encrypt, relies on standard HTTPS port (443) #ENABLE_HTTP_REDIRECT=1 +# Send a `strict-transport-security` header to force browsers to use +# a secure and trusted connection. Recommended for production use. +# Defaults to 1 (send the header). +# ENABLE_HSTS=1 + # Enable IPv6 # Provides means to disable IPv6 in environments that don't support it (get with the times, people!) #ENABLE_IPV6=1 @@ -330,3 +389,26 @@ RESTART_POLICY=unless-stopped # Authenticate using external service or just focus external auth window if there is one already. # TOKEN_AUTH_URL=https://auth.meet.example.com/{room} + +# Sentry Error Tracking +# Sentry Data Source Name (Endpoint for Sentry project) +# Example: https://public:private@host:port/1 +#JVB_SENTRY_DSN= +#JICOFO_SENTRY_DSN= +#JIGASI_SENTRY_DSN= + +# Optional environment info to filter events +#SENTRY_ENVIRONMENT=production + +# Optional release info to filter events +#SENTRY_RELEASE=1.0.0 + +# Optional properties for shutdown api +#COLIBRI_REST_ENABLED=true +#SHUTDOWN_REST_ENABLED=true + +# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma) +#TOOLBAR_BUTTONS= + +# Hide the buttons at pre-join screen. Add the buttons name separated with comma +#HIDE_PREMEETING_BUTTONS= diff --git a/templates/etherpad.yml b/templates/etherpad.yml index e033a99..bab9378 100644 --- a/templates/etherpad.yml +++ b/templates/etherpad.yml @@ -3,7 +3,13 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad + image: etherpad/etherpad:1.8.6 + restart: ${RESTART_POLICY} + environment: + - TITLE=${ETHERPAD_TITLE} + - DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT} + - SKIN_NAME=${ETHERPAD_SKIN_NAME} + - SKIN_VARIANTS=${ETHERPAD_SKIN_VARIANTS} networks: meet.jitsi: aliases: diff --git a/templates/jibri.yml b/templates/jibri.yml index 2f5a3e7..e51af2a 100644 --- a/templates/jibri.yml +++ b/templates/jibri.yml @@ -2,9 +2,10 @@ version: '3' services: jibri: - image: jitsi/jibri + image: jitsi/jibri:stable-6865 + restart: ${RESTART_POLICY} volumes: - - ${CONFIG}/jibri:/config + - ${CONFIG}/jibri:/config:Z - /dev/shm:/dev/shm cap_add: - SYS_ADMIN @@ -12,11 +13,15 @@ services: devices: - /dev/snd:/dev/snd environment: - - XMPP_AUTH_DOMAIN - - XMPP_INTERNAL_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN - - XMPP_SERVER - - XMPP_DOMAIN + - CHROMIUM_FLAGS + - DISPLAY=:0 + - ENABLE_STATS_D + - JIBRI_FFMPEG_AUDIO_SOURCE + - JIBRI_FFMPEG_AUDIO_DEVICE + - JIBRI_HTTP_API_EXTERNAL_PORT + - JIBRI_HTTP_API_INTERNAL_PORT + - JIBRI_RECORDING_RESOLUTION + - JIBRI_USAGE_TIMEOUT - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JIBRI_BREWERY_MUC @@ -26,8 +31,16 @@ services: - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - JIBRI_STRIP_DOMAIN_JID - JIBRI_LOGS_DIR - - DISPLAY=:0 + - PUBLIC_URL - TZ + - XMPP_AUTH_DOMAIN + - XMPP_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN + - XMPP_SERVER + - XMPP_TRUST_ALL_CERTS + depends_on: + - jicofo networks: meet.jitsi: diff --git a/templates/jigasi.yml b/templates/jigasi.yml index 46f1584..ef8f0d6 100644 --- a/templates/jigasi.yml +++ b/templates/jigasi.yml @@ -3,15 +3,19 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi + image: jitsi/jigasi:stable-6865 + restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' volumes: - - ${CONFIG}/jigasi:/config - - ${CONFIG}/transcripts:/tmp/transcripts + - ${CONFIG}/jigasi:/config:Z + - ${CONFIG}/transcripts:/tmp/transcripts:Z environment: - ENABLE_AUTH + - ENABLE_GUESTS - XMPP_AUTH_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER - XMPP_DOMAIN @@ -21,6 +25,7 @@ services: - JIGASI_SIP_SERVER - JIGASI_SIP_PORT - JIGASI_SIP_TRANSPORT + - JIGASI_SIP_DEFAULT_ROOM - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - JIGASI_BREWERY_MUC @@ -34,7 +39,15 @@ services: - JIGASI_TRANSCRIBER_ADVERTISE_URL - JIGASI_TRANSCRIBER_RECORD_AUDIO - JIGASI_TRANSCRIBER_SEND_TXT - - GOOGLE_APPLICATION_CREDENTIALS + - GC_PROJECT_ID + - GC_PRIVATE_KEY_ID + - GC_PRIVATE_KEY + - GC_CLIENT_EMAIL + - GC_CLIENT_ID + - GC_CLIENT_CERT_URL + - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" + - SENTRY_ENVIRONMENT + - SENTRY_RELEASE - TZ depends_on: - prosody