Updates Jitsi to stable-6865

tasks/main.yml

@@ -79,7 +79,7 @@
 
 - assert:
     that:
-      - "output.ansible_facts['web']['jitsi_web_1'].state.running"
+      - "output.services['web']['jitsi_web_1'].state.running"
 
 - name: "Test whether Jitsi is healthy from the outside"
   when: not ansible_check_mode

templates/docker-compose.jitsi.yml.j2

@@ -3,12 +3,15 @@ version: '3'
 services:
     # Frontend
     web:
-        image: jitsi/web
+        image: jitsi/web:stable-6865
-        restart: unless-stopped
+        restart: ${RESTART_POLICY}
+        ports:
+            - '${HTTP_PORT}:80'
+            - '${HTTPS_PORT}:443'
         volumes:
-            - ${CONFIG}/web:/config
+            - ${CONFIG}/web:/config:Z
-            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt
+            - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
-            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
+            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
         environment:
             - AMPLITUDE_ID
             - ANALYTICS_SCRIPT_URLS
@@ -21,28 +24,47 @@ services:
             - CHROME_EXTENSION_BANNER_JSON
             - CONFCODE_URL
             - CONFIG_EXTERNAL_CONNECT
+            - DEFAULT_LANGUAGE
             - DEPLOYMENTINFO_ENVIRONMENT
             - DEPLOYMENTINFO_ENVIRONMENT_TYPE
+            - DEPLOYMENTINFO_REGION
+            - DEPLOYMENTINFO_SHARD
             - DEPLOYMENTINFO_USERREGION
+            - DESKTOP_SHARING_FRAMERATE_MIN
+            - DESKTOP_SHARING_FRAMERATE_MAX
             - DIALIN_NUMBERS_URL
             - DIALOUT_AUTH_URL
             - DIALOUT_CODES_URL
+            - DISABLE_AUDIO_LEVELS
+            - DISABLE_DEEP_LINKING
+            - DISABLE_GRANT_MODERATOR
             - DISABLE_HTTPS
+            - DISABLE_KICKOUT
+            - DISABLE_POLLS
+            - DISABLE_REACTIONS
             - DROPBOX_APPKEY
             - DROPBOX_REDIRECT_URI
+            - DYNAMIC_BRANDING_URL
             - ENABLE_AUDIO_PROCESSING
             - ENABLE_AUTH
+            - ENABLE_BREAKOUT_ROOMS
             - ENABLE_CALENDAR
+            - ENABLE_COLIBRI_WEBSOCKET
             - ENABLE_FILE_RECORDING_SERVICE
             - ENABLE_FILE_RECORDING_SERVICE_SHARING
+            - ENABLE_FLOC
             - ENABLE_GUESTS
+            - ENABLE_HSTS
             - ENABLE_HTTP_REDIRECT
             - ENABLE_IPV6
             - ENABLE_LETSENCRYPT
             - ENABLE_LIPSYNC
             - ENABLE_NO_AUDIO_DETECTION
-            - ENABLE_P2P
+            - ENABLE_NOISY_MIC_DETECTION
             - ENABLE_PREJOIN_PAGE
+            - ENABLE_P2P
+            - ENABLE_WELCOME_PAGE
+            - ENABLE_CLOSE_PAGE
             - ENABLE_RECORDING
             - ENABLE_REMB
             - ENABLE_REQUIRE_DISPLAY_NAME
@@ -58,14 +80,21 @@ services:
             - ETHERPAD_URL_BASE
             - GOOGLE_ANALYTICS_ID
             - GOOGLE_API_APP_CLIENT_ID
+            - HIDE_PREMEETING_BUTTONS
             - INVITE_SERVICE_URL
             - JICOFO_AUTH_USER
+            - LETSENCRYPT_DOMAIN
+            - LETSENCRYPT_EMAIL
+            - LETSENCRYPT_USE_STAGING
             - MATOMO_ENDPOINT
             - MATOMO_SITE_ID
             - MICROSOFT_API_APP_CLIENT_ID
             - NGINX_RESOLVER
+            - NGINX_WORKER_PROCESSES
+            - NGINX_WORKER_CONNECTIONS
             - PEOPLE_SEARCH_URL
             - PUBLIC_URL
+            - P2P_PREFERRED_CODEC
             - RESOLUTION
             - RESOLUTION_MIN
             - RESOLUTION_WIDTH
@@ -73,10 +102,26 @@ services:
             - START_AUDIO_MUTED
             - START_AUDIO_ONLY
             - START_BITRATE
+            - START_SILENT
+            - START_WITH_AUDIO_MUTED
             - START_VIDEO_MUTED
+            - START_WITH_VIDEO_MUTED
             - TESTING_CAP_SCREENSHARE_BITRATE
             - TESTING_OCTO_PROBABILITY
+            - TOKEN_AUTH_URL
+            - TOOLBAR_BUTTONS
             - TZ
+            - VIDEOQUALITY_BITRATE_H264_LOW
+            - VIDEOQUALITY_BITRATE_H264_STANDARD
+            - VIDEOQUALITY_BITRATE_H264_HIGH
+            - VIDEOQUALITY_BITRATE_VP8_LOW
+            - VIDEOQUALITY_BITRATE_VP8_STANDARD
+            - VIDEOQUALITY_BITRATE_VP8_HIGH
+            - VIDEOQUALITY_BITRATE_VP9_LOW
+            - VIDEOQUALITY_BITRATE_VP9_STANDARD
+            - VIDEOQUALITY_BITRATE_VP9_HIGH
+            - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
+            - VIDEOQUALITY_PREFERRED_CODEC
             - XMPP_AUTH_DOMAIN
             - XMPP_BOSH_URL_BASE
             - XMPP_DOMAIN
@@ -108,66 +153,76 @@ services:
 
     # XMPP server
     prosody:
-        image: jitsi/prosody
+        image: jitsi/prosody:stable-6865
-        restart: unless-stopped
+        restart: ${RESTART_POLICY}
         expose:
             - '5222'
             - '5347'
             - '5280'
         volumes:
-            - ${CONFIG}/prosody:/config
+            - ${CONFIG}/prosody/config:/config:Z
+            - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
         environment:
             - AUTH_TYPE
+            - DISABLE_POLLS
             - ENABLE_AUTH
+            - ENABLE_AV_MODERATION
+            - ENABLE_BREAKOUT_ROOMS
             - ENABLE_GUESTS
             - ENABLE_LOBBY
             - ENABLE_XMPP_WEBSOCKET
             - GLOBAL_CONFIG
             - GLOBAL_MODULES
-            - JIBRI_RECORDER_PASSWORD
             - JIBRI_RECORDER_USER
-            - JIBRI_XMPP_PASSWORD
+            - JIBRI_RECORDER_PASSWORD
             - JIBRI_XMPP_USER
-            - JICOFO_AUTH_PASSWORD
+            - JIBRI_XMPP_PASSWORD
             - JICOFO_AUTH_USER
+            - JICOFO_AUTH_PASSWORD
             - JICOFO_COMPONENT_SECRET
-            - JIGASI_XMPP_PASSWORD
             - JIGASI_XMPP_USER
-            - JVB_AUTH_PASSWORD
+            - JIGASI_XMPP_PASSWORD
             - JVB_AUTH_USER
-            - JWT_ACCEPTED_AUDIENCES
+            - JVB_AUTH_PASSWORD
-            - JWT_ACCEPTED_ISSUERS
-            - JWT_ALLOW_EMPTY
             - JWT_APP_ID
             - JWT_APP_SECRET
+            - JWT_ACCEPTED_ISSUERS
+            - JWT_ACCEPTED_AUDIENCES
             - JWT_ASAP_KEYSERVER
+            - JWT_ALLOW_EMPTY
             - JWT_AUTH_TYPE
             - JWT_TOKEN_AUTH_MODULE
+            - LOG_LEVEL
             - LDAP_AUTH_METHOD
             - LDAP_BASE
             - LDAP_BINDDN
             - LDAP_BINDPW
             - LDAP_FILTER
-            - LDAP_START_TLS
+            - LDAP_VERSION
-            - LDAP_TLS_CACERT_DIR
-            - LDAP_TLS_CACERT_FILE
-            - LDAP_TLS_CHECK_PEER
             - LDAP_TLS_CIPHERS
+            - LDAP_TLS_CHECK_PEER
+            - LDAP_TLS_CACERT_FILE
+            - LDAP_TLS_CACERT_DIR
+            - LDAP_START_TLS
             - LDAP_URL
             - LDAP_USE_TLS
-            - LDAP_VERSION
-            - LOG_LEVEL
             - PUBLIC_URL
+            - TURN_CREDENTIALS
+            - TURN_HOST
+            - TURNS_HOST
+            - TURN_PORT
+            - TURNS_PORT
             - TZ
-            - XMPP_AUTH_DOMAIN
             - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
             - XMPP_GUEST_DOMAIN
-            - XMPP_INTERNAL_MUC_DOMAIN
-            - XMPP_INTERNAL_MUC_MODULES
-            - XMPP_MODULES
             - XMPP_MUC_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MODULES
             - XMPP_MUC_MODULES
+            - XMPP_INTERNAL_MUC_MODULES
             - XMPP_RECORDER_DOMAIN
+            - XMPP_CROSS_DOMAIN
         networks:
             meet.jitsi:
                 aliases:
@@ -175,24 +230,49 @@ services:
 
     # Focus component
     jicofo:
-        image: jitsi/jicofo
+        image: jitsi/jicofo:stable-6865
-        restart: unless-stopped
+        restart: ${RESTART_POLICY}
         volumes:
-            - ${CONFIG}/jicofo:/config
+            - ${CONFIG}/jicofo:/config:Z
         environment:
+            - AUTH_TYPE
+            - BRIDGE_AVG_PARTICIPANT_STRESS
+            - BRIDGE_STRESS_THRESHOLD
             - ENABLE_AUTH
-            - JIBRI_BREWERY_MUC
+            - ENABLE_AUTO_OWNER
-            - JIBRI_PENDING_TIMEOUT
+            - ENABLE_CODEC_VP8
-            - JICOFO_AUTH_PASSWORD
+            - ENABLE_CODEC_VP9
+            - ENABLE_CODEC_H264
+            - ENABLE_OCTO
+            - ENABLE_RECORDING
+            - ENABLE_SCTP
+            - ENABLE_AUTO_LOGIN
             - JICOFO_AUTH_USER
-            - JICOFO_COMPONENT_SECRET
+            - JICOFO_AUTH_PASSWORD
+            - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
+            - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
+            - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
+            - JICOFO_ENABLE_HEALTH_CHECKS
+            - JICOFO_SHORT_ID
+            - JICOFO_RESERVATION_ENABLED
             - JICOFO_RESERVATION_REST_BASE_URL
+            - JIBRI_BREWERY_MUC
+            - JIBRI_REQUEST_RETRIES
+            - JIBRI_PENDING_TIMEOUT
             - JIGASI_BREWERY_MUC
+            - JIGASI_SIP_URI
             - JVB_BREWERY_MUC
+            - MAX_BRIDGE_PARTICIPANTS
+            - OCTO_BRIDGE_SELECTION_STRATEGY
+            - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
+            - SENTRY_ENVIRONMENT
+            - SENTRY_RELEASE
             - TZ
-            - XMPP_AUTH_DOMAIN
             - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - XMPP_RECORDER_DOMAIN
             - XMPP_SERVER
         depends_on:
             - prosody
@@ -201,27 +281,39 @@ services:
 
     # Video bridge
     jvb:
-        image: jitsi/jvb
+        image: jitsi/jvb:stable-6865
-        restart: unless-stopped
+        restart: ${RESTART_POLICY}
         ports:
             - '${JVB_PORT}:${JVB_PORT}/udp'
             - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
         volumes:
-            - ${CONFIG}/jvb:/config
+            - ${CONFIG}/jvb:/config:Z
         environment:
             - DOCKER_HOST_ADDRESS
-            - JVB_AUTH_PASSWORD
+            - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_OCTO
             - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
             - JVB_BREWERY_MUC
-            - JVB_ENABLE_APIS
+            #- JVB_ENABLE_APIS
             - JVB_PORT
-            - JVB_STUN_SERVERS
+            - JVB_MUC_NICKNAME
             - JVB_TCP_HARVESTER_DISABLED
-            - JVB_TCP_MAPPED_PORT
             - JVB_TCP_PORT
+            - JVB_TCP_MAPPED_PORT
+            - JVB_STUN_SERVERS
+            - JVB_OCTO_BIND_ADDRESS
+            - JVB_OCTO_PUBLIC_ADDRESS
+            - JVB_OCTO_BIND_PORT
+            - JVB_OCTO_REGION
             - JVB_WS_DOMAIN
             - JVB_WS_SERVER_ID
             - PUBLIC_URL
+            - SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
+            - SENTRY_ENVIRONMENT
+            - SENTRY_RELEASE
+            - COLIBRI_REST_ENABLED
+            - SHUTDOWN_REST_ENABLED
             - TZ
             - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN

templates/env.jitsi.j2

@@ -1,27 +1,79 @@
+# shellcheck disable=SC2034
+
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
+
+
 #
 # Basic configuration options
 #
 
-# Directory where all configuration will be stored.
+# Directory where all configuration will be stored
 CONFIG=./conf
 
-# Exposed HTTP port.
+# Exposed HTTP port
 HTTP_PORT={{ jitsi_exposed_http_port }}
 
-# Exposed HTTPS port.
+# Exposed HTTPS port
 HTTPS_PORT={{ jitsi_exposed_https_port }}
 
-# System time zone.
+# System time zone
 TZ={{ jitsi_timezone }}
 
-# Public URL for the web service.
+# Public URL for the web service (required)
 PUBLIC_URL={{ jitsi_public_url }}
 VIRTUAL_HOST={{ jitsi_virtual_host }}
 
-# IP address of the Docker host. See the "Running on a LAN environment" section
+# IP address of the Docker host
-# in the README.
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
 DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
 
+# Control whether the lobby feature should be enabled or not
+#ENABLE_LOBBY=1
+
+# Control whether the A/V moderation should be enabled or not
+#ENABLE_AV_MODERATION=1
+
+# Show a prejoin page before entering a conference
+#ENABLE_PREJOIN_PAGE=0
+
+# Enable the welcome page
+#ENABLE_WELCOME_PAGE=1
+
+# Enable the close page
+#ENABLE_CLOSE_PAGE=0
+
+# Disable measuring of audio levels
+#DISABLE_AUDIO_LEVELS=0
+
+# Enable noisy mic detection
+#ENABLE_NOISY_MIC_DETECTION=1
+
+# Enable breakout rooms
+#ENABLE_BREAKOUT_ROOMS=1
+
 {% if jitsi_enable_letsencrypt %}
 #
 # Let's Encrypt configuration
@@ -42,17 +94,20 @@ LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
 # Etherpad integration (for document sharing)
 #
 
-# Set etherpad-lite URL (uncomment to enable).
+# Set etherpad-lite URL in docker local network (uncomment to enable)
 #ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
 
+# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
+
 # Name your etherpad instance!
-ETHERPAD_TITLE="Video Chat"
+ETHERPAD_TITLE=Video Chat
 
 # The default text of a pad
 ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
 
 # Name of the skin for etherpad
-ETHERPAD_SKIN_NAME="colibris"
+ETHERPAD_SKIN_NAME=colibris
 
 # Skin variants for etherpad
 ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
@@ -62,13 +117,13 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 # Basic Jigasi configuration options (needed for SIP gateway support)
 #
 
-# SIP URI for incoming / outgoing calls.
+# SIP URI for incoming / outgoing calls
 #JIGASI_SIP_URI=test@sip2sip.info
 
 # Password for the specified SIP account as a clear text
 #JIGASI_SIP_PASSWORD=passw0rd
 
-# SIP server (use the SIP account domain if in doubt).
+# SIP server (use the SIP account domain if in doubt)
 #JIGASI_SIP_SERVER=sip2sip.info
 
 # SIP server port
@@ -78,53 +133,53 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 #JIGASI_SIP_TRANSPORT=UDP
 
 #
-# Authentication configuration (see README for details)
+# Authentication configuration (see handbook for details)
 #
 
-# Enable authentication.
+# Enable authentication
 #ENABLE_AUTH=1
 
-# Enable guest access.
+# Enable guest access
 #ENABLE_GUESTS=1
 
 # Select authentication type: internal, jwt or ldap
 #AUTH_TYPE=internal
 
-# JWT auuthentication
+# JWT authentication
 #
 
-# Application identifier.
+# Application identifier
 #JWT_APP_ID=my_jitsi_app_id
 
-# Application secret known only to your token.
+# Application secret known only to your token generator
 #JWT_APP_SECRET=my_jitsi_app_secret
 
-# (Optional) Set asap_accepted_issuers as a comma separated list.
+# (Optional) Set asap_accepted_issuers as a comma separated list
 #JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
 
-# (Optional) Set asap_accepted_audiences as a comma separated list.
+# (Optional) Set asap_accepted_audiences as a comma separated list
 #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
 
 
 # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
 #
 
-# LDAP url for connection.
+# LDAP url for connection
 #LDAP_URL=ldaps://ldap.domain.com/
 
 # LDAP base DN. Can be empty
 #LDAP_BASE=DC=example,DC=domain,DC=com
 
-# LDAP user DN. Do not specify this parameter for the anonymous bind.
+# LDAP user DN. Do not specify this parameter for the anonymous bind
 #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
 
-# LDAP user password. Do not specify this parameter for the anonymous bind.
+# LDAP user password. Do not specify this parameter for the anonymous bind
 #LDAP_BINDPW=LdapUserPassw0rd
 
 # LDAP filter. Tokens example:
-# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail.
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
-# %s - %s is replaced by the complete service string.
+# %s - %s is replaced by the complete service string
-# %r - %r is replaced by the complete realm string.
+# %r - %r is replaced by the complete realm string
 #LDAP_FILTER=(sAMAccountName=%u)
 
 # LDAP authentication method
@@ -136,16 +191,16 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 # LDAP TLS using
 #LDAP_USE_TLS=1
 
-# List of SSL/TLS ciphers to allow.
+# List of SSL/TLS ciphers to allow
 #LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
 
 # Require and verify server certificate
 #LDAP_TLS_CHECK_PEER=1
 
-# Path to CA cert file. Used when server sertificate verify is enabled.
+# Path to CA cert file. Used when server certificate verify is enabled
 #LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
 
-# Path to CA certs directory. Used when server sertificate verify is enabled.
+# Path to CA certs directory. Used when server certificate verify is enabled
 #LDAP_TLS_CACERT_DIR=/etc/ssl/certs
 
 # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
@@ -156,7 +211,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
 # Advanced configuration options (you generally don't need to change these)
 #
 
-# Internal XMPP domain.
+# Internal XMPP domain
 XMPP_DOMAIN=meet.jitsi
 
 # Internal XMPP server
@@ -165,16 +220,16 @@ XMPP_SERVER=xmpp.meet.jitsi
 # Internal XMPP server URL
 XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
 
-# Internal XMPP domain for authenticated services.
+# Internal XMPP domain for authenticated services
 XMPP_AUTH_DOMAIN=auth.meet.jitsi
 
-# XMPP domain for the MUC.
+# XMPP domain for the MUC
 XMPP_MUC_DOMAIN=muc.meet.jitsi
 
-# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
+# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
 XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
 
-# XMPP domain for unauthenticated users.
+# XMPP domain for unauthenticated users
 XMPP_GUEST_DOMAIN=guest.meet.jitsi
 
 # Comma separated list of domains for cross domain policy or "true" to allow all
@@ -190,16 +245,13 @@ XMPP_MUC_MODULES=
 # Custom Prosody modules for internal MUC component (comma separated)
 XMPP_INTERNAL_MUC_MODULES=
 
-# MUC for the JVB pool.
+# MUC for the JVB pool
 JVB_BREWERY_MUC=jvbbrewery
 
-# XMPP user for JVB client connections.
+# XMPP user for JVB client connections
 JVB_AUTH_USER={{ jitsi_jvb_auth_user }}
 
-# XMPP password for JVB client connections.
+# STUN servers used to discover the server's public IP
-JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
-
-# STUN servers used to discover the server's public IP.
 JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
 
 # Media port for the Jitsi Videobridge
@@ -210,35 +262,26 @@ JVB_TCP_HARVESTER_DISABLED=true
 JVB_TCP_PORT=4443
 JVB_TCP_MAPPED_PORT=4443
 
-# A comma separated list of APIs to enable when the JVB is started. The default is none.
+# XMPP user for Jicofo client connections.
-# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
+# NOTE: this option doesn't currently work due to a bug
-#JVB_ENABLE_APIS=rest,colibri
-
-# XMPP component password for Jicofo.
-JICOFO_COMPONENT_SECRET={{ jitsi_jicofo_component_secret }}
-
-# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug.
 JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }}
 
-# XMPP password for Jicofo client connections.
-JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
-
 # Base URL of Jicofo's reservation REST API
 #JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
 
-# XMPP user for Jigasi MUC client connections.
+# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
+#JICOFO_ENABLE_HEALTH_CHECKS=true
+
+# XMPP user for Jigasi MUC client connections
 JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }}
 
-# XMPP password for Jigasi MUC client connections.
+# MUC name for the Jigasi pool
-JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
-
-# MUC name for the Jigasi pool.
 JIGASI_BREWERY_MUC=jigasibrewery
 
-# Minimum port for media used by Jigasi.
+# Minimum port for media used by Jigasi
 JIGASI_PORT_MIN=20000
 
-# Maximum port for media used by Jigasi.
+# Maximum port for media used by Jigasi
 JIGASI_PORT_MAX=20050
 
 # Enable SDES srtp
@@ -253,23 +296,28 @@ JIGASI_PORT_MAX=20050
 # Health-check interval
 #JIGASI_HEALTH_CHECK_INTERVAL=300000
 #
-# Enable Jigasi transcription.
+# Enable Jigasi transcription
 #ENABLE_TRANSCRIPTIONS=1
 
-# Jigasi will recordord an audio when transcriber is on. Default false.
+# Jigasi will record audio when transcriber is on [default: false]
 #JIGASI_TRANSCRIBER_RECORD_AUDIO=true
 
-# Jigasi will send transcribed text to the chat when transcriber is on. Default false.
+# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
 #JIGASI_TRANSCRIBER_SEND_TXT=true
 
-# Jigasi post to the chat an url with transcription file. Default false.
+# Jigasi will post an url to the chat with transcription file [default: false]
 #JIGASI_TRANSCRIBER_ADVERTISE_URL=true
 
-# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
+# Credentials for connect to Cloud Google API from Jigasi
 # Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
-# section "Before you begin" from 1 to 5 paragraph. Copy the key on
+# section "Before you begin" paragraph 1 to 5
-# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
+# Copy the values from the json to the related env vars
-#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
+#GC_PROJECT_ID=
+#GC_PRIVATE_KEY_ID=
+#GC_PRIVATE_KEY=
+#GC_CLIENT_EMAIL=
+#GC_CLIENT_ID=
+#GC_CLIENT_CERT_URL=
 
 # Enable recording
 #ENABLE_RECORDING=1
@@ -277,25 +325,19 @@ JIGASI_PORT_MAX=20050
 # XMPP domain for the jibri recorder
 XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
 
-# XMPP recorder user for Jibri client connections.
+# XMPP recorder user for Jibri client connections
 JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }}
 
-# XMPP recorder password for Jibri client connections.
+# Directory for recordings inside Jibri container
-JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
-
-# Directory for recordings inside Jibri container.
 JIBRI_RECORDING_DIR=/config/recordings
 
-# The finalizing script. Will run after recording is complete.
+# The finalizing script. Will run after recording is complete
-JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
+#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
 
-# XMPP user for Jibri client connections.
+# XMPP user for Jibri client connections
 JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }}
 
-# XMPP password for Jibri client connections.
+# MUC name for the Jibri pool
-JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
-
-# MUC name for the Jibri pool.
 JIBRI_BREWERY_MUC=jibribrewery
 
 # MUC connection timeout
@@ -308,18 +350,35 @@ JIBRI_PENDING_TIMEOUT=90
 # So if there are any prefixes in the jid (like jitsi meet, which
 # has its participants join a muc at conference.xmpp_domain) then
 # list that prefix here so it can be stripped out to generate
-# the call url correctly.
+# the call url correctly
 JIBRI_STRIP_DOMAIN_JID=muc
 
-# Directory for logs inside Jibri container.
+# Directory for logs inside Jibri container
 JIBRI_LOGS_DIR=/config/logs
 
-# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
+# Configure an external TURN server
+# TURN_CREDENTIALS=secret
+# TURN_HOST=turnserver.example.com
+# TURN_PORT=443
+# TURNS_HOST=turnserver.example.com
+# TURNS_PORT=443
+
+# Disable HTTPS: handle TLS connections outside of this setup
 #DISABLE_HTTPS=1
 
-# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443).
+# Enable FLoC
+# Opt-In to Federated Learning of Cohorts tracking
+#ENABLE_FLOC=0
+
+# Redirect HTTP traffic to HTTPS
+# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1
 
+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+# ENABLE_HSTS=1
+
 # Enable IPv6
 # Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
 #ENABLE_IPV6=1
@@ -330,3 +389,26 @@ RESTART_POLICY=unless-stopped
 
 # Authenticate using external service or just focus external auth window if there is one already.
 # TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
+
+# Sentry Error Tracking
+# Sentry Data Source Name (Endpoint for Sentry project)
+# Example: https://public:private@host:port/1
+#JVB_SENTRY_DSN=
+#JICOFO_SENTRY_DSN=
+#JIGASI_SENTRY_DSN=
+
+# Optional environment info to filter events
+#SENTRY_ENVIRONMENT=production
+
+# Optional release info to filter events
+#SENTRY_RELEASE=1.0.0
+
+# Optional properties for shutdown api
+#COLIBRI_REST_ENABLED=true
+#SHUTDOWN_REST_ENABLED=true
+
+# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)
+#TOOLBAR_BUTTONS=
+
+# Hide the buttons at pre-join screen. Add the buttons name separated with comma
+#HIDE_PREMEETING_BUTTONS=

templates/etherpad.yml

@@ -3,7 +3,13 @@ version: '3'
 services:
     # Etherpad: real-time collaborative document editing
     etherpad:
-        image: jitsi/etherpad
+        image: etherpad/etherpad:1.8.6
+        restart: ${RESTART_POLICY}
+        environment:
+            - TITLE=${ETHERPAD_TITLE}
+            - DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT}
+            - SKIN_NAME=${ETHERPAD_SKIN_NAME}
+            - SKIN_VARIANTS=${ETHERPAD_SKIN_VARIANTS}
         networks:
             meet.jitsi:
                 aliases:

templates/jibri.yml

@@ -2,9 +2,10 @@ version: '3'
 
 services:
     jibri:
-        image: jitsi/jibri
+        image: jitsi/jibri:stable-6865
+        restart: ${RESTART_POLICY}
         volumes:
-            - ${CONFIG}/jibri:/config
+            - ${CONFIG}/jibri:/config:Z
             - /dev/shm:/dev/shm
         cap_add:
             - SYS_ADMIN
@@ -12,11 +13,15 @@ services:
         devices:
             - /dev/snd:/dev/snd
         environment:
-            - XMPP_AUTH_DOMAIN
+            - CHROMIUM_FLAGS
-            - XMPP_INTERNAL_MUC_DOMAIN
+            - DISPLAY=:0
-            - XMPP_RECORDER_DOMAIN
+            - ENABLE_STATS_D
-            - XMPP_SERVER
+            - JIBRI_FFMPEG_AUDIO_SOURCE
-            - XMPP_DOMAIN
+            - JIBRI_FFMPEG_AUDIO_DEVICE
+            - JIBRI_HTTP_API_EXTERNAL_PORT
+            - JIBRI_HTTP_API_INTERNAL_PORT
+            - JIBRI_RECORDING_RESOLUTION
+            - JIBRI_USAGE_TIMEOUT
             - JIBRI_XMPP_USER
             - JIBRI_XMPP_PASSWORD
             - JIBRI_BREWERY_MUC
@@ -26,8 +31,16 @@ services:
             - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
             - JIBRI_STRIP_DOMAIN_JID
             - JIBRI_LOGS_DIR
-            - DISPLAY=:0
+            - PUBLIC_URL
             - TZ
+            - XMPP_AUTH_DOMAIN
+            - XMPP_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_RECORDER_DOMAIN
+            - XMPP_SERVER
+            - XMPP_TRUST_ALL_CERTS
+        depends_on:
+            - jicofo
         networks:
             meet.jitsi:
 

templates/jigasi.yml

@@ -3,15 +3,19 @@ version: '3'
 services:
     # SIP gateway (audio)
     jigasi:
-        image: jitsi/jigasi
+        image: jitsi/jigasi:stable-6865
+        restart: ${RESTART_POLICY}
         ports:
             - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
         volumes:
-            - ${CONFIG}/jigasi:/config
+            - ${CONFIG}/jigasi:/config:Z
-            - ${CONFIG}/transcripts:/tmp/transcripts
+            - ${CONFIG}/transcripts:/tmp/transcripts:Z
         environment:
             - ENABLE_AUTH
+            - ENABLE_GUESTS
             - XMPP_AUTH_DOMAIN
+            - XMPP_GUEST_DOMAIN
+            - XMPP_MUC_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
             - XMPP_SERVER
             - XMPP_DOMAIN
@@ -21,6 +25,7 @@ services:
             - JIGASI_SIP_SERVER
             - JIGASI_SIP_PORT
             - JIGASI_SIP_TRANSPORT
+            - JIGASI_SIP_DEFAULT_ROOM
             - JIGASI_XMPP_USER
             - JIGASI_XMPP_PASSWORD
             - JIGASI_BREWERY_MUC
@@ -34,7 +39,15 @@ services:
             - JIGASI_TRANSCRIBER_ADVERTISE_URL
             - JIGASI_TRANSCRIBER_RECORD_AUDIO
             - JIGASI_TRANSCRIBER_SEND_TXT
-            - GOOGLE_APPLICATION_CREDENTIALS
+            - GC_PROJECT_ID
+            - GC_PRIVATE_KEY_ID
+            - GC_PRIVATE_KEY
+            - GC_CLIENT_EMAIL
+            - GC_CLIENT_ID
+            - GC_CLIENT_CERT_URL
+            - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}"
+            - SENTRY_ENVIRONMENT
+            - SENTRY_RELEASE
             - TZ
         depends_on:
             - prosody