jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity

Compare commits

base: jotbe:d975c9abf0044ea51c6a7787b27160ceb1ade87c
Branches Tags
jotbe:master
jotbe:feature/expose-jitsi-metrics
jotbe:fix/public-url-needed-by-all-containers
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
jotbe:bugfix/csp-webworker-src
jotbe:feature/jitsi-update-stable-8960-1
jotbe:feature/latest-upstream-docker-compose
jotbe:feature/docker-image-tagging
jotbe:v1.0.1
jotbe:v1.0.0
jotbe:0.9.0
...
compare: jotbe:7ab4f7ebe3bf083fd5d3f463ece7d8a891379c9a
Branches Tags
jotbe:master
jotbe:feature/expose-jitsi-metrics
jotbe:fix/public-url-needed-by-all-containers
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
jotbe:bugfix/csp-webworker-src
jotbe:feature/jitsi-update-stable-8960-1
jotbe:feature/latest-upstream-docker-compose
jotbe:feature/docker-image-tagging
jotbe:v1.0.1
jotbe:v1.0.0
jotbe:0.9.0

4 commits
d975c9abf0 ... 7ab4f7ebe3

Author SHA1 Message Date
Joschka Seydell
7ab4f7ebe3 Add PUBLIC_URL to all Jitsi containers to allow for proper routing by Traefik. 2020-12-12 06:59:14 -08:00
Joschka Seydell
5b052e01e8 Introduced image tag variable. 2020-12-09 12:23:54 -08:00
Joschka Seydell
87d2cd58ec Adjusted variables and docker-compose file to account for multitenancy setups. 2020-12-08 08:34:15 -08:00
Joschka Seydell
b8a2ca2af3 Added install path and consolidated var usage. 2020-11-29 03:58:40 -08:00
8 changed files with 73 additions and 49 deletions
Show stats Expand all files Collapse all files

7
README.md
View file

@ -16,7 +16,10 @@ Role Variables
| Variable | Description | Default | | Variable | Description | Default |
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ | | --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
| docker_user | The user who is going to manage/run the Docker Compose services | deploy | | jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} |
| jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} |
| jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | |
| jitsi_docker_image_tag | Tag that should be used for the jitsi-docker images. If `jitsi_docker_upstream_repo_url` is set, this shall be left at `latest`. | latest |
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes | | jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git | | jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set | | *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
@ -25,6 +28,8 @@ Role Variables
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no | | jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 | | jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 | | jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
| jitsi_bridge_udp_port | Port for this instance's Jitsi Video Bridge | 10000 |
| jitsi_bridge_tcp_port | TCP fallback port for the Jitsi Video Bridge | 4443 |
| jitsi_jibri_recorder_password | Provide a secure password\* | | | jitsi_jibri_recorder_password | Provide a secure password\* | |
| jitsi_jibri_recorder_user | | | | jitsi_jibri_recorder_user | | |
| jitsi_jibri_xmpp_password | | | | jitsi_jibri_xmpp_password | | |

15
defaults/main.yml
View file

@ -1,15 +1,22 @@
--- ---
# defaults file for jitsi # defaults file for jitsi
docker_user: deploy jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host
jitsi_install_path: '/home/{{ jitsi_install_user }}'
jitsi_multitenant_label:
jitsi_docker_image_tag: 'latest'
jitsi_build_latest_image_from_source: yes
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git
#jitsi_letsencrypt_email:alice@host.tld #jitsi_letsencrypt_email:alice@host.tld
jitsi_enable_letsencrypt: no jitsi_enable_letsencrypt: no
jitsi_exposed_http_port: 8000 jitsi_exposed_http_port: 8000
jitsi_exposed_https_port: 8443 jitsi_exposed_https_port: 8443
jitsi_bridge_udp_port: 10000
jitsi_bridge_tcp_port: 4443
jitsi_virtual_host: localhost jitsi_virtual_host: localhost
jitsi_public_url: http://{{ jitsi_virtual_host }} jitsi_public_url: http://{{ jitsi_virtual_host }}
jitsi_timezone: Europe/Amsterdam jitsi_timezone: Europe/Amsterdam
jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443 jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
jitsi_web_channel_last_n: 3 jitsi_web_channel_last_n: 3
jitsi_build_latest_image_from_source: yes jitsi_enable_third_party_requests: no
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git # Internal variables
jitsi_enable_third_party_requests: no jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}"

42
tasks/main.yml
View file

@ -2,51 +2,51 @@
# tasks file for jitsi # tasks file for jitsi
- name: Ensure jitsi Docker Compose config directory exists - name: Ensure jitsi Docker Compose config directory exists
file: file:
path: /home/{{ docker_user }}/jitsi path: "{{ jitsi_install_path }}/jitsi"
state: directory state: directory
owner: '{{ docker_user }}' owner: '{{ jitsi_install_user }}'
group: '{{ docker_user }}' group: '{{ jitsi_install_user }}'
tags: config tags: config
- name: "Teardown: Remove Jitsi runtime config" - name: "Teardown: Remove Jitsi runtime config"
file: file:
path: /home/{{ docker_user }}/jitsi/conf path: "{{ jitsi_install_path }}/jitsi/conf"
state: absent state: absent
tags: ['never', 'teardown'] tags: ['never', 'teardown']
- name: Ensure jitsi config directory exists - name: Ensure jitsi config directory exists
file: file:
path: /home/{{ docker_user }}/jitsi/conf path: "{{ jitsi_install_path }}/jitsi/conf"
state: directory state: directory
owner: '{{ docker_user }}' owner: '{{ jitsi_install_user }}'
group: '{{ docker_user }}' group: '{{ jitsi_install_user }}'
tags: config tags: config
- name: "Git: Pull latest upstream docker-jitsi-meet sources (master)" - name: "Git: Pull latest upstream docker-jitsi-meet sources (master)"
git: git:
repo: "{{ jitsi_docker_upstream_repo_url }}" repo: "{{ jitsi_docker_upstream_repo_url }}"
dest: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src dest: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
version: master version: master
register: git_pull_jitsi_docker_upstream_repo register: git_pull_jitsi_docker_upstream_repo
when: jitsi_build_latest_image_from_source == True when: jitsi_build_latest_image_from_source == True
- name: "Build Jitsi Docker images" - name: "Build Jitsi Docker images"
shell: shell:
chdir: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src chdir: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
cmd: make cmd: make
when: git_pull_jitsi_docker_upstream_repo.changed when: git_pull_jitsi_docker_upstream_repo.changed
- name: Provide docker-compose.yml - name: Provide docker-compose.yml
template: template:
src: templates/docker-compose.jitsi.yml.j2 src: templates/docker-compose.jitsi.yml.j2
dest: /home/{{ docker_user }}/jitsi/docker-compose.yml dest: "{{ jitsi_install_path }}/jitsi/docker-compose.yml"
owner: "{{ docker_user }}" owner: "{{ jitsi_install_user }}"
group: "{{ docker_user }}" group: "{{ jitsi_install_user }}"
mode: '0644' mode: '0644'
tags: config tags: config
- name: Output docker-compose.yml - name: Output docker-compose.yml
shell: cat /home/{{ docker_user }}/jitsi/docker-compose.yml shell: cat {{ jitsi_install_path }}/jitsi/docker-compose.yml
register: output register: output
tags: config tags: config
@ -56,21 +56,21 @@
- name: Provide Jitsi env vars - name: Provide Jitsi env vars
template: template:
src: templates/env.jitsi.j2 src: templates/env.jitsi.j2
dest: /home/{{ docker_user }}/jitsi/.env dest: "{{ jitsi_install_path }}/jitsi/.env"
owner: "{{ docker_user }}" owner: "{{ jitsi_install_user }}"
group: "{{ docker_user }}" group: "{{ jitsi_install_user }}"
mode: '0640' mode: '0640'
tags: config tags: config
- name: "docker-compose: Teardown existing Jitsi service" - name: "docker-compose: Teardown existing Jitsi service"
docker_compose: docker_compose:
project_src: "/home/{{ docker_user }}/jitsi/" project_src: "{{ jitsi_install_path }}/jitsi/"
state: absent state: absent
tags: ['never', 'teardown'] tags: ['never', 'teardown']
- name: "docker-compose: Bootstrap Jitsi service" - name: "docker-compose: Bootstrap Jitsi service"
docker_compose: docker_compose:
project_src: "/home/{{ docker_user }}/jitsi/" project_src: "{{ jitsi_install_path }}/jitsi/"
pull: yes pull: yes
register: output register: output
@ -79,7 +79,7 @@
- assert: - assert:
that: that:
- "output.ansible_facts['web']['jitsi_web_1'].state.running" - "output.ansible_facts['web']['jitsi{{ jitsi_multitenant_postfix }}_web_1'].state.running"
- name: "Test whether Jitsi is healthy from the outside" - name: "Test whether Jitsi is healthy from the outside"
when: not ansible_check_mode when: not ansible_check_mode
@ -98,7 +98,7 @@
- name: "Config: Set channelLastN" - name: "Config: Set channelLastN"
lineinfile: lineinfile:
path: /home/{{ docker_user }}/jitsi/conf/web/config.js path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
regexp: '(\s*)channelLastN:\s*[^,]+,' regexp: '(\s*)channelLastN:\s*[^,]+,'
line: '\1channelLastN: {{jitsi_web_channel_last_n|default("-1")}},' line: '\1channelLastN: {{jitsi_web_channel_last_n|default("-1")}},'
backrefs: yes backrefs: yes
@ -106,7 +106,7 @@
- name: "Config: Disable third party requests" - name: "Config: Disable third party requests"
lineinfile: lineinfile:
path: /home/{{ docker_user }}/jitsi/conf/web/config.js path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
regexp: '(\s*)(//\s*)?disableThirdPartyRequests:\s*false,' regexp: '(\s*)(//\s*)?disableThirdPartyRequests:\s*false,'
line: '\1disableThirdPartyRequests: true,' line: '\1disableThirdPartyRequests: true,'
backrefs: yes backrefs: yes

39
templates/docker-compose.jitsi.yml.j2
View file

@ -3,7 +3,7 @@ version: '3'
services: services:
# Frontend # Frontend
web: web:
image: jitsi/web image: jitsi/web:{{ jitsi_docker_image_tag }}
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${CONFIG}/web:/config - ${CONFIG}/web:/config
@ -38,20 +38,20 @@ services:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=traefik_public" - "traefik.docker.network=traefik_public"
- "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_virtual_host }}`)" - "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.rule=Host(`{{ jitsi_virtual_host }}`)"
- "traefik.http.routers.jitsi.entrypoints=websecure" - "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.entrypoints=websecure"
- "traefik.http.routers.jitsi.tls=true" - "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls=true"
- "traefik.http.routers.jitsi.tls.certresolver=defaultresolver" - "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.jitsi-headers.headers.SSLRedirect=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSSeconds=315360000" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSPreload=true" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSPreload=true"
- "traefik.http.middlewares.jitsi-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
- "traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content" - "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.jitsi.middlewares=jitsi-headers" - "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.middlewares=jitsi{{ jitsi_multitenant_postfix }}-headers"
networks: networks:
public: public:
meet.jitsi: meet.jitsi:
@ -60,7 +60,7 @@ services:
# XMPP server # XMPP server
prosody: prosody:
image: jitsi/prosody image: jitsi/prosody:{{ jitsi_docker_image_tag }}
restart: unless-stopped restart: unless-stopped
expose: expose:
- '5222' - '5222'
@ -87,6 +87,7 @@ services:
- LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR - LDAP_TLS_CACERT_DIR
- LDAP_START_TLS - LDAP_START_TLS
- PUBLIC_URL
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN - XMPP_GUEST_DOMAIN
@ -124,12 +125,13 @@ services:
# Focus component # Focus component
jicofo: jicofo:
image: jitsi/jicofo image: jitsi/jicofo:{{ jitsi_docker_image_tag }}
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${CONFIG}/jicofo:/config - ${CONFIG}/jicofo:/config
environment: environment:
- ENABLE_AUTH - ENABLE_AUTH
- PUBLIC_URL
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
@ -150,7 +152,7 @@ services:
# Video bridge # Video bridge
jvb: jvb:
image: jitsi/jvb image: jitsi/jvb:{{ jitsi_docker_image_tag }}
restart: unless-stopped restart: unless-stopped
ports: ports:
- '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_PORT}:${JVB_PORT}/udp'
@ -159,6 +161,7 @@ services:
- ${CONFIG}/jvb:/config - ${CONFIG}/jvb:/config
environment: environment:
- DOCKER_HOST_ADDRESS - DOCKER_HOST_ADDRESS
- PUBLIC_URL
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER - XMPP_SERVER

10
templates/env.jitsi.j2
View file

@ -1,3 +1,9 @@
#
# Docker Compose configuration
#
# Project name for this Docker Compose setup
COMPOSE_PROJECT_NAME=jitsi{{ jitsi_multitenant_postfix }}
# #
# Basic configuration options # Basic configuration options
# #
@ -187,11 +193,11 @@ JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }} JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge # Media port for the Jitsi Videobridge
JVB_PORT=10000 JVB_PORT={{ jitsi_bridge_udp_port }}
# TCP Fallback for Jitsi Videobridge for when UDP isn't available # TCP Fallback for Jitsi Videobridge for when UDP isn't available
JVB_TCP_HARVESTER_DISABLED=true JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443 JVB_TCP_PORT={{ jitsi_bridge_tcp_port }}
# A comma separated list of APIs to enable when the JVB is started. The default is none. # A comma separated list of APIs to enable when the JVB is started. The default is none.
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information # See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information

3
templates/etherpad.yml
View file

@ -3,7 +3,8 @@ version: '3'
services: services:
# Etherpad: real-time collaborative document editing # Etherpad: real-time collaborative document editing
etherpad: etherpad:
image: jitsi/etherpad image: jitsi/etherpad:{{ jitsi_docker_image_tag }}
restart: unless-stopped
networks: networks:
meet.jitsi: meet.jitsi:
aliases: aliases:

3
templates/jibri.yml
View file

@ -2,7 +2,8 @@ version: '3'
services: services:
jibri: jibri:
image: jitsi/jibri image: jitsi/jibri:{{ jitsi_docker_image_tag }}
restart: unless-stopped
volumes: volumes:
- ${CONFIG}/jibri:/config - ${CONFIG}/jibri:/config
- /dev/shm:/dev/shm - /dev/shm:/dev/shm

3
templates/jigasi.yml
View file

@ -3,7 +3,8 @@ version: '3'
services: services:
# SIP gateway (audio) # SIP gateway (audio)
jigasi: jigasi:
image: jitsi/jigasi image: jitsi/jigasi:{{ jitsi_docker_image_tag }}
restart: unless-stopped
ports: ports:
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
volumes: volumes: