Compare commits
2 commits
feature/mu
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| e38b362a27 | |||
| 3b0af81463 |
6 changed files with 37 additions and 54 deletions
|
|
@ -16,9 +16,7 @@ Role Variables
|
||||||
|
|
||||||
| Variable | Description | Default |
|
| Variable | Description | Default |
|
||||||
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
|
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
|
||||||
| jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} |
|
| docker_user | The user who is going to manage/run the Docker Compose services | deploy |
|
||||||
| jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} |
|
|
||||||
| jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | |
|
|
||||||
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
|
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
|
||||||
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
|
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
|
||||||
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
|
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
|
||||||
|
|
@ -28,8 +26,6 @@ Role Variables
|
||||||
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
|
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
|
||||||
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
|
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
|
||||||
| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
|
| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
|
||||||
| jitsi_bridge_udp_port | Port for this instance's Jitsi Video Bridge | 10000 |
|
|
||||||
| jitsi_bridge_tcp_port | TCP fallback port for the Jitsi Video Bridge | 4443 |
|
|
||||||
| jitsi_jibri_recorder_password | Provide a secure password\* | |
|
| jitsi_jibri_recorder_password | Provide a secure password\* | |
|
||||||
| jitsi_jibri_recorder_user | | |
|
| jitsi_jibri_recorder_user | | |
|
||||||
| jitsi_jibri_xmpp_password | | |
|
| jitsi_jibri_xmpp_password | | |
|
||||||
|
|
|
||||||
|
|
@ -2,17 +2,10 @@
|
||||||
# defaults file for jitsi
|
# defaults file for jitsi
|
||||||
docker_user: deploy
|
docker_user: deploy
|
||||||
jitsi_image_version: stable-8960-1
|
jitsi_image_version: stable-8960-1
|
||||||
jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host
|
|
||||||
jitsi_install_path: '/home/{{ jitsi_install_user }}'
|
|
||||||
jitsi_multitenant_label:
|
|
||||||
jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}"
|
|
||||||
|
|
||||||
#jitsi_letsencrypt_email:alice@host.tld
|
#jitsi_letsencrypt_email:alice@host.tld
|
||||||
jitsi_enable_letsencrypt: no
|
jitsi_enable_letsencrypt: no
|
||||||
jitsi_exposed_http_port: 8000
|
jitsi_exposed_http_port: 8000
|
||||||
jitsi_exposed_https_port: 8443
|
jitsi_exposed_https_port: 8443
|
||||||
jitsi_bridge_udp_port: 10000
|
|
||||||
jitsi_bridge_tcp_port: 4443
|
|
||||||
jitsi_virtual_host: localhost
|
jitsi_virtual_host: localhost
|
||||||
jitsi_public_url: http://{{ jitsi_virtual_host }}
|
jitsi_public_url: http://{{ jitsi_virtual_host }}
|
||||||
jitsi_timezone: Europe/Amsterdam
|
jitsi_timezone: Europe/Amsterdam
|
||||||
|
|
|
||||||
2
src
2
src
|
|
@ -1 +1 @@
|
||||||
Subproject commit aec6021f2098435650c19ba85b27de114dd8bde0
|
Subproject commit fe5dea34021da7048492f93e6fb90bfd59763153
|
||||||
|
|
@ -2,51 +2,51 @@
|
||||||
# tasks file for jitsi
|
# tasks file for jitsi
|
||||||
- name: Ensure jitsi Docker Compose config directory exists
|
- name: Ensure jitsi Docker Compose config directory exists
|
||||||
file:
|
file:
|
||||||
path: "{{ jitsi_install_path }}/jitsi"
|
path: /home/{{ docker_user }}/jitsi
|
||||||
state: directory
|
state: directory
|
||||||
owner: '{{ jitsi_install_user }}'
|
owner: '{{ docker_user }}'
|
||||||
group: '{{ jitsi_install_user }}'
|
group: '{{ docker_user }}'
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
- name: "Teardown: Remove Jitsi runtime config"
|
- name: "Teardown: Remove Jitsi runtime config"
|
||||||
file:
|
file:
|
||||||
path: "{{ jitsi_install_path }}/jitsi/conf"
|
path: /home/{{ docker_user }}/jitsi/conf
|
||||||
state: absent
|
state: absent
|
||||||
tags: ['never', 'teardown']
|
tags: ['never', 'teardown']
|
||||||
|
|
||||||
- name: Ensure jitsi config directory exists
|
- name: Ensure jitsi config directory exists
|
||||||
file:
|
file:
|
||||||
path: "{{ jitsi_install_path }}/jitsi/conf"
|
path: /home/{{ docker_user }}/jitsi/conf
|
||||||
state: directory
|
state: directory
|
||||||
owner: '{{ jitsi_install_user }}'
|
owner: '{{ docker_user }}'
|
||||||
group: '{{ jitsi_install_user }}'
|
group: '{{ docker_user }}'
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
- name: "Git: Pull latest upstream docker-jitsi-meet sources (master)"
|
- name: "Git: Pull latest upstream docker-jitsi-meet sources (master)"
|
||||||
git:
|
git:
|
||||||
repo: "{{ jitsi_docker_upstream_repo_url }}"
|
repo: "{{ jitsi_docker_upstream_repo_url }}"
|
||||||
dest: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
|
dest: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src
|
||||||
version: master
|
version: master
|
||||||
register: git_pull_jitsi_docker_upstream_repo
|
register: git_pull_jitsi_docker_upstream_repo
|
||||||
when: jitsi_build_latest_image_from_source == True
|
when: jitsi_build_latest_image_from_source == True
|
||||||
|
|
||||||
- name: "Build Jitsi Docker images"
|
- name: "Build Jitsi Docker images"
|
||||||
shell:
|
shell:
|
||||||
chdir: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
|
chdir: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src
|
||||||
cmd: make
|
cmd: make
|
||||||
when: git_pull_jitsi_docker_upstream_repo.changed
|
when: git_pull_jitsi_docker_upstream_repo.changed
|
||||||
|
|
||||||
- name: Provide docker-compose.yml
|
- name: Provide docker-compose.yml
|
||||||
template:
|
template:
|
||||||
src: templates/docker-compose.jitsi.yml.j2
|
src: templates/docker-compose.jitsi.yml.j2
|
||||||
dest: "{{ jitsi_install_path }}/jitsi/docker-compose.yml"
|
dest: /home/{{ docker_user }}/jitsi/docker-compose.yml
|
||||||
owner: "{{ jitsi_install_user }}"
|
owner: "{{ docker_user }}"
|
||||||
group: "{{ jitsi_install_user }}"
|
group: "{{ docker_user }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
- name: Output docker-compose.yml
|
- name: Output docker-compose.yml
|
||||||
shell: cat {{ jitsi_install_path }}/jitsi/docker-compose.yml
|
shell: cat /home/{{ docker_user }}/jitsi/docker-compose.yml
|
||||||
register: output
|
register: output
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
|
|
@ -56,21 +56,21 @@
|
||||||
- name: Provide Jitsi env vars
|
- name: Provide Jitsi env vars
|
||||||
template:
|
template:
|
||||||
src: templates/env.jitsi.j2
|
src: templates/env.jitsi.j2
|
||||||
dest: "{{ jitsi_install_path }}/jitsi/.env"
|
dest: /home/{{ docker_user }}/jitsi/.env
|
||||||
owner: "{{ jitsi_install_user }}"
|
owner: "{{ docker_user }}"
|
||||||
group: "{{ jitsi_install_user }}"
|
group: "{{ docker_user }}"
|
||||||
mode: '0640'
|
mode: '0640'
|
||||||
tags: config
|
tags: config
|
||||||
|
|
||||||
- name: "docker-compose: Teardown existing Jitsi service"
|
- name: "docker-compose: Teardown existing Jitsi service"
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_src: "{{ jitsi_install_path }}/jitsi/"
|
project_src: "/home/{{ docker_user }}/jitsi/"
|
||||||
state: absent
|
state: absent
|
||||||
tags: ['never', 'teardown']
|
tags: ['never', 'teardown']
|
||||||
|
|
||||||
- name: "docker-compose: Bootstrap Jitsi service"
|
- name: "docker-compose: Bootstrap Jitsi service"
|
||||||
docker_compose:
|
docker_compose:
|
||||||
project_src: "{{ jitsi_install_path }}/jitsi/"
|
project_src: "/home/{{ docker_user }}/jitsi/"
|
||||||
pull: yes
|
pull: yes
|
||||||
register: output
|
register: output
|
||||||
|
|
||||||
|
|
@ -79,11 +79,11 @@
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
- "output.services['web']['jitsi{{ jitsi_multitenant_postfix }}_web_1'].state.running"
|
- "output.services['web']['jitsi_web_1'].state.running"
|
||||||
|
|
||||||
- name: "Config: Set channelLastN"
|
- name: "Config: Set channelLastN"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
|
path: /home/{{ docker_user }}/jitsi/conf/web/config.js
|
||||||
regexp: '(\s*)channelLastN:\s*[^,]+,'
|
regexp: '(\s*)channelLastN:\s*[^,]+,'
|
||||||
line: '\1channelLastN: {{jitsi_web_channel_last_n|default("-1")}},'
|
line: '\1channelLastN: {{jitsi_web_channel_last_n|default("-1")}},'
|
||||||
backrefs: yes
|
backrefs: yes
|
||||||
|
|
@ -91,7 +91,7 @@
|
||||||
|
|
||||||
- name: "Config: Disable third party requests"
|
- name: "Config: Disable third party requests"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
|
path: /home/{{ docker_user }}/jitsi/conf/web/config.js
|
||||||
regexp: '(\s*)(//\s*)?disableThirdPartyRequests:\s*false,'
|
regexp: '(\s*)(//\s*)?disableThirdPartyRequests:\s*false,'
|
||||||
line: '\1disableThirdPartyRequests: true,'
|
line: '\1disableThirdPartyRequests: true,'
|
||||||
backrefs: yes
|
backrefs: yes
|
||||||
|
|
|
||||||
|
|
@ -156,20 +156,20 @@ services:
|
||||||
labels:
|
labels:
|
||||||
traefik.enable: true
|
traefik.enable: true
|
||||||
traefik.docker.network: traefik_public
|
traefik.docker.network: traefik_public
|
||||||
traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.rule: Host(`{{ jitsi_virtual_host }}`)
|
traefik.http.routers.jitsi.rule: Host(`{{ jitsi_virtual_host }}`)
|
||||||
traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.entrypoints: websecure
|
traefik.http.routers.jitsi.entrypoints: websecure
|
||||||
traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls: true
|
traefik.http.routers.jitsi.tls: true
|
||||||
traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls.certresolver: defaultresolver
|
traefik.http.routers.jitsi.tls.certresolver: defaultresolver
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.SSLRedirect: true
|
traefik.http.middlewares.jitsi-headers.headers.SSLRedirect: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.browserXSSFilter: true
|
traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentTypeNosniff: true
|
traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.forceSTSHeader: true
|
traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSSeconds: 315360000
|
traefik.http.middlewares.jitsi-headers.headers.STSSeconds: 315360000
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSIncludeSubdomains: true
|
traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSPreload: true
|
traefik.http.middlewares.jitsi-headers.headers.STSPreload: true
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.featurePolicy: geolocation 'none'; payment 'none'
|
traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none'
|
||||||
traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content
|
traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content
|
||||||
traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.middlewares: jitsi{{ jitsi_multitenant_postfix }}-headers
|
traefik.http.routers.jitsi.middlewares: jitsi-headers
|
||||||
networks:
|
networks:
|
||||||
public:
|
public:
|
||||||
meet.jitsi:
|
meet.jitsi:
|
||||||
|
|
|
||||||
|
|
@ -11,12 +11,6 @@
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Docker Compose configuration
|
|
||||||
#
|
|
||||||
# Project name for this Docker Compose setup
|
|
||||||
COMPOSE_PROJECT_NAME=jitsi{{ jitsi_multitenant_postfix }}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Basic configuration options
|
# Basic configuration options
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue