Compare commits
4 commits
master
...
feature/ex
| Author | SHA1 | Date | |
|---|---|---|---|
| 63f8b54302 | |||
| 89a5c35710 | |||
| 87d2cd58ec | |||
| b8a2ca2af3 |
10 changed files with 95 additions and 41 deletions
|
|
@ -16,7 +16,9 @@ Role Variables
|
|||
|
||||
| Variable | Description | Default |
|
||||
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
|
||||
| docker_user | The user who is going to manage/run the Docker Compose services | deploy |
|
||||
| jitsi_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} |
|
||||
| jitsi_install_path | The location where the service should be deployed | /home/{{ jitsi_install_user }} |
|
||||
| jitsi_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | |
|
||||
| jitsi_build_latest_image_from_source | Will fetch the master of `jitsi_docker_upstream_repo_url` and build the docker image as sometimes the latest available images in the Docker Hub are too old | yes |
|
||||
| jitsi_docker_upstream_repo_url | Git repo of docker-jitsi-meet required by `jitsi_build_latest_image_from_source` | https://github.com/jitsi/docker-jitsi-meet.git |
|
||||
| *jitsi_letsencrypt_email* | E-Mail adress used for requesting certificates | Not set |
|
||||
|
|
@ -25,6 +27,8 @@ Role Variables
|
|||
| jitsi_enable_third_party_requests | Whether to allow third party requests, e.g. to Gravatar (if a user sets her email address) | no |
|
||||
| jitsi_exposed_http_port | Exposed container port for HTTP | 8000 |
|
||||
| jitsi_exposed_https_port | Exposed container port for HTTPS | 8443 |
|
||||
| jitsi_bridge_udp_port | Port for this instance's Jitsi Video Bridge | 10000 |
|
||||
| jitsi_bridge_tcp_port | TCP fallback port for the Jitsi Video Bridge | 4443 |
|
||||
| jitsi_jibri_recorder_password | Provide a secure password\* | |
|
||||
| jitsi_jibri_recorder_user | | |
|
||||
| jitsi_jibri_xmpp_password | | |
|
||||
|
|
@ -41,6 +45,7 @@ Role Variables
|
|||
| jitsi_public_url | The public URL under which Jitsi Meet can be accessed | http://localhost |
|
||||
| jitsi_timezone | | Europe/Amsterdam |
|
||||
| jitsi_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost |
|
||||
| jitsi_expose_metrics | Determine whether an additional expoerter for the Jitsi metrics shall be run | False |
|
||||
|
||||
\* It is important to provide a dedicated secure password for each service. Generate passwords with e.g. `openssl rand -hex 16`
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,14 @@
|
|||
---
|
||||
# defaults file for jitsi
|
||||
docker_user: deploy
|
||||
jitsi_install_user: '{{ ansible_user }}' # This user must be present on the host
|
||||
jitsi_install_path: '/home/{{ jitsi_install_user }}'
|
||||
jitsi_multitenant_label:
|
||||
#jitsi_letsencrypt_email:alice@host.tld
|
||||
jitsi_enable_letsencrypt: no
|
||||
jitsi_exposed_http_port: 8000
|
||||
jitsi_exposed_https_port: 8443
|
||||
jitsi_bridge_udp_port: 10000
|
||||
jitsi_bridge_tcp_port: 4443
|
||||
jitsi_virtual_host: localhost
|
||||
jitsi_public_url: http://{{ jitsi_virtual_host }}
|
||||
jitsi_timezone: Europe/Amsterdam
|
||||
|
|
@ -12,4 +16,7 @@ jitsi_jvb_stun_servers: meet-jit-si-turnrelay.jitsi.net:443
|
|||
jitsi_web_channel_last_n: 3
|
||||
jitsi_build_latest_image_from_source: yes
|
||||
jitsi_docker_upstream_repo_url: https://github.com/jitsi/docker-jitsi-meet.git
|
||||
jitsi_enable_third_party_requests: no
|
||||
jitsi_enable_third_party_requests: no
|
||||
jitsi_expose_metrics: False
|
||||
# Internal variables
|
||||
jitsi_multitenant_postfix: "{{ '_' + jitsi_multitenant_label if (jitsi_multitenant_label) else '' }}"
|
||||
2
src
2
src
|
|
@ -1 +1 @@
|
|||
Subproject commit eae3f5ce2d7627afe4115f52a61cc7ae3e3e8a31
|
||||
Subproject commit 9b686c6f4aa74cd33ddcd4dd35decc76a9470e1e
|
||||
|
|
@ -2,51 +2,51 @@
|
|||
# tasks file for jitsi
|
||||
- name: Ensure jitsi Docker Compose config directory exists
|
||||
file:
|
||||
path: /home/{{ docker_user }}/jitsi
|
||||
path: "{{ jitsi_install_path }}/jitsi"
|
||||
state: directory
|
||||
owner: '{{ docker_user }}'
|
||||
group: '{{ docker_user }}'
|
||||
owner: '{{ jitsi_install_user }}'
|
||||
group: '{{ jitsi_install_user }}'
|
||||
tags: config
|
||||
|
||||
- name: "Teardown: Remove Jitsi runtime config"
|
||||
file:
|
||||
path: /home/{{ docker_user }}/jitsi/conf
|
||||
path: "{{ jitsi_install_path }}/jitsi/conf"
|
||||
state: absent
|
||||
tags: ['never', 'teardown']
|
||||
|
||||
- name: Ensure jitsi config directory exists
|
||||
file:
|
||||
path: /home/{{ docker_user }}/jitsi/conf
|
||||
path: "{{ jitsi_install_path }}/jitsi/conf"
|
||||
state: directory
|
||||
owner: '{{ docker_user }}'
|
||||
group: '{{ docker_user }}'
|
||||
owner: '{{ jitsi_install_user }}'
|
||||
group: '{{ jitsi_install_user }}'
|
||||
tags: config
|
||||
|
||||
- name: "Git: Pull latest upstream docker-jitsi-meet sources (master)"
|
||||
git:
|
||||
repo: "{{ jitsi_docker_upstream_repo_url }}"
|
||||
dest: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src
|
||||
dest: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
|
||||
version: master
|
||||
register: git_pull_jitsi_docker_upstream_repo
|
||||
when: jitsi_build_latest_image_from_source == True
|
||||
|
||||
- name: "Build Jitsi Docker images"
|
||||
shell:
|
||||
chdir: /home/{{ docker_user }}/jitsi/docker-jitsi-meet-src
|
||||
chdir: "{{ jitsi_install_path }}/jitsi/docker-jitsi-meet-src"
|
||||
cmd: make
|
||||
when: git_pull_jitsi_docker_upstream_repo.changed
|
||||
|
||||
- name: Provide docker-compose.yml
|
||||
template:
|
||||
src: templates/docker-compose.jitsi.yml.j2
|
||||
dest: /home/{{ docker_user }}/jitsi/docker-compose.yml
|
||||
owner: "{{ docker_user }}"
|
||||
group: "{{ docker_user }}"
|
||||
dest: "{{ jitsi_install_path }}/jitsi/docker-compose.yml"
|
||||
owner: "{{ jitsi_install_user }}"
|
||||
group: "{{ jitsi_install_user }}"
|
||||
mode: '0644'
|
||||
tags: config
|
||||
|
||||
- name: Output docker-compose.yml
|
||||
shell: cat /home/{{ docker_user }}/jitsi/docker-compose.yml
|
||||
shell: cat {{ jitsi_install_path }}/jitsi/docker-compose.yml
|
||||
register: output
|
||||
tags: config
|
||||
|
||||
|
|
@ -56,21 +56,31 @@
|
|||
- name: Provide Jitsi env vars
|
||||
template:
|
||||
src: templates/env.jitsi.j2
|
||||
dest: /home/{{ docker_user }}/jitsi/.env
|
||||
owner: "{{ docker_user }}"
|
||||
group: "{{ docker_user }}"
|
||||
dest: "{{ jitsi_install_path }}/jitsi/.env"
|
||||
owner: "{{ jitsi_install_user }}"
|
||||
group: "{{ jitsi_install_user }}"
|
||||
mode: '0640'
|
||||
tags: config
|
||||
|
||||
- name: Provide metric exporter environment
|
||||
template:
|
||||
src: templates/exporter.env.j2
|
||||
dest: "{{ jitsi_install_path }}/jitsi/exporter.env"
|
||||
owner: "{{ jitsi_install_user }}"
|
||||
group: "{{ jitsi_install_user }}"
|
||||
mode: '0640'
|
||||
tags: config
|
||||
when: jitsi_expose_metrics
|
||||
|
||||
- name: "docker-compose: Teardown existing Jitsi service"
|
||||
docker_compose:
|
||||
project_src: "/home/{{ docker_user }}/jitsi/"
|
||||
project_src: "{{ jitsi_install_path }}/jitsi/"
|
||||
state: absent
|
||||
tags: ['never', 'teardown']
|
||||
|
||||
- name: "docker-compose: Bootstrap Jitsi service"
|
||||
docker_compose:
|
||||
project_src: "/home/{{ docker_user }}/jitsi/"
|
||||
project_src: "{{ jitsi_install_path }}/jitsi/"
|
||||
pull: yes
|
||||
register: output
|
||||
|
||||
|
|
@ -79,7 +89,7 @@
|
|||
|
||||
- assert:
|
||||
that:
|
||||
- "output.ansible_facts['web']['jitsi_web_1'].state.running"
|
||||
- "output.ansible_facts['web']['jitsi{{ jitsi_multitenant_postfix }}_web_1'].state.running"
|
||||
|
||||
- name: "Test whether Jitsi is healthy from the outside"
|
||||
when: not ansible_check_mode
|
||||
|
|
@ -98,7 +108,7 @@
|
|||
|
||||
- name: "Config: Set channelLastN"
|
||||
lineinfile:
|
||||
path: /home/{{ docker_user }}/jitsi/conf/web/config.js
|
||||
path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
|
||||
regexp: '(\s*)channelLastN:\s*[^,]+,'
|
||||
line: '\1channelLastN: {{jitsi_web_channel_last_n|default("-1")}},'
|
||||
backrefs: yes
|
||||
|
|
@ -106,7 +116,7 @@
|
|||
|
||||
- name: "Config: Disable third party requests"
|
||||
lineinfile:
|
||||
path: /home/{{ docker_user }}/jitsi/conf/web/config.js
|
||||
path: "{{ jitsi_install_path }}/jitsi/conf/web/config.js"
|
||||
regexp: '(\s*)(//\s*)?disableThirdPartyRequests:\s*false,'
|
||||
line: '\1disableThirdPartyRequests: true,'
|
||||
backrefs: yes
|
||||
|
|
|
|||
|
|
@ -38,20 +38,20 @@ services:
|
|||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik_public"
|
||||
- "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_virtual_host }}`)"
|
||||
- "traefik.http.routers.jitsi.entrypoints=websecure"
|
||||
- "traefik.http.routers.jitsi.tls=true"
|
||||
- "traefik.http.routers.jitsi.tls.certresolver=defaultresolver"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.SSLRedirect=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.STSSeconds=315360000"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.STSPreload=true"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
|
||||
- "traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
|
||||
- "traefik.http.routers.jitsi.middlewares=jitsi-headers"
|
||||
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.rule=Host(`{{ jitsi_virtual_host }}`)"
|
||||
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.entrypoints=websecure"
|
||||
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls=true"
|
||||
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.tls.certresolver=defaultresolver"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.SSLRedirect=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.STSPreload=true"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
|
||||
- "traefik.http.middlewares.jitsi{{ jitsi_multitenant_postfix }}-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
|
||||
- "traefik.http.routers.jitsi{{ jitsi_multitenant_postfix }}.middlewares=jitsi{{ jitsi_multitenant_postfix }}-headers"
|
||||
networks:
|
||||
public:
|
||||
meet.jitsi:
|
||||
|
|
@ -87,6 +87,7 @@ services:
|
|||
- LDAP_TLS_CACERT_FILE
|
||||
- LDAP_TLS_CACERT_DIR
|
||||
- LDAP_START_TLS
|
||||
- PUBLIC_URL
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_GUEST_DOMAIN
|
||||
|
|
@ -130,6 +131,7 @@ services:
|
|||
- ${CONFIG}/jicofo:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- PUBLIC_URL
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
|
|
@ -159,6 +161,7 @@ services:
|
|||
- ${CONFIG}/jvb:/config
|
||||
environment:
|
||||
- DOCKER_HOST_ADDRESS
|
||||
- PUBLIC_URL
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- XMPP_SERVER
|
||||
|
|
@ -176,6 +179,20 @@ services:
|
|||
networks:
|
||||
meet.jitsi:
|
||||
|
||||
{% if jitsi_expose_metrics %}
|
||||
# Data exporter
|
||||
exporter:
|
||||
image: goberle/jitsi-prom-exporter
|
||||
restart: unless-stopped
|
||||
env_file: exporter.env
|
||||
depends_on:
|
||||
- jicofo
|
||||
networks:
|
||||
# Expose the data exporter to the public network managed by traefik
|
||||
public:
|
||||
meet.jitsi:
|
||||
{% endif %}
|
||||
|
||||
# Custom network so all services can communicate using a FQDN
|
||||
networks:
|
||||
meet.jitsi:
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
#
|
||||
# Docker Compose configuration
|
||||
#
|
||||
# Project name for this Docker Compose setup
|
||||
COMPOSE_PROJECT_NAME=jitsi{{ jitsi_multitenant_postfix }}
|
||||
|
||||
#
|
||||
# Basic configuration options
|
||||
#
|
||||
|
|
@ -187,11 +193,11 @@ JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
|
|||
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
|
||||
|
||||
# Media port for the Jitsi Videobridge
|
||||
JVB_PORT=10000
|
||||
JVB_PORT={{ jitsi_bridge_udp_port }}
|
||||
|
||||
# TCP Fallback for Jitsi Videobridge for when UDP isn't available
|
||||
JVB_TCP_HARVESTER_DISABLED=true
|
||||
JVB_TCP_PORT=4443
|
||||
JVB_TCP_PORT={{ jitsi_bridge_tcp_port }}
|
||||
|
||||
# A comma separated list of APIs to enable when the JVB is started. The default is none.
|
||||
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ services:
|
|||
# Etherpad: real-time collaborative document editing
|
||||
etherpad:
|
||||
image: jitsi/etherpad
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
meet.jitsi:
|
||||
aliases:
|
||||
|
|
|
|||
6
templates/exporter.env.j2
Normal file
6
templates/exporter.env.j2
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
XMPP_USER={{ jitsi_jicofo_auth_user }}
|
||||
XMPP_PW={{ jitsi_jicofo_auth_password }}
|
||||
XMPP_SERVER=xmpp.meet.jitsi
|
||||
XMPP_PORT=5222
|
||||
XMPP_AUTH_DOMAIN=auth.meet.jitsi
|
||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
|
||||
|
|
@ -3,6 +3,7 @@ version: '3'
|
|||
services:
|
||||
jibri:
|
||||
image: jitsi/jibri
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${CONFIG}/jibri:/config
|
||||
- /dev/shm:/dev/shm
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ services:
|
|||
# SIP gateway (audio)
|
||||
jigasi:
|
||||
image: jitsi/jigasi
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
|
||||
volumes:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue