jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity

feature/latest-upstream-docker-compose #2

Merged
jotbe merged 9 commits from feature/latest-upstream-docker-compose into master 2022-10-03 00:59:35 +02:00
Conversation 1 Commits 9 Files changed 9 +344 -138
6 changed files with 344 additions and 138 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit d3077f101c - Show all commits

2
tasks/main.yml
View file

@ -79,7 +79,7 @@
- assert:
that:
- "output.ansible_facts['web']['jitsi_web_1'].state.running"
- "output.services['web']['jitsi_web_1'].state.running"
- name: "Test whether Jitsi is healthy from the outside"
when: not ansible_check_mode

176
templates/docker-compose.jitsi.yml.j2
View file

@ -3,12 +3,15 @@ version: '3'
services:
# Frontend
web:
image: jitsi/web
restart: unless-stopped
image: jitsi/web:stable-6865
restart: ${RESTART_POLICY}
ports:
- '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
@ -21,28 +24,47 @@ services:
- CHROME_EXTENSION_BANNER_JSON
- CONFCODE_URL
- CONFIG_EXTERNAL_CONNECT
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DEPLOYMENTINFO_USERREGION
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_POLLS
- DISABLE_REACTIONS
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTH
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_FILE_RECORDING_SERVICE
- ENABLE_FILE_RECORDING_SERVICE_SHARING
- ENABLE_FLOC
- ENABLE_GUESTS
jotbe marked this conversation as resolved Outdated
jsydll commented 2020-12-13 13:21:14 +01:00
Outdated
Review
Copy link

For some env vars like this one, there are no entries/descriptions in the env.example from upstream Jitsi repo. Using the existing .env file will lead to default values here - but I like this preparatory step.

For some env vars like this one, there are no entries/descriptions in the `env.example` from upstream Jitsi repo. Using the existing `.env` file will lead to default values here - but I like this preparatory step.
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_P2P
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
@ -58,14 +80,21 @@ services:
- ETHERPAD_URL_BASE
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- INVITE_SERVICE_URL
- JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_RESOLVER
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PUBLIC_URL
- P2P_PREFERRED_CODEC
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
@ -73,10 +102,26 @@ services:
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_BITRATE
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TESTING_CAP_SCREENSHARE_BITRATE
- TESTING_OCTO_PROBABILITY
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TZ
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
@ -108,66 +153,76 @@ services:
# XMPP server
prosody:
image: jitsi/prosody
restart: unless-stopped
image: jitsi/prosody:stable-6865
restart: ${RESTART_POLICY}
expose:
- '5222'
- '5347'
- '5280'
volumes:
- ${CONFIG}/prosody:/config
- ${CONFIG}/prosody/config:/config:Z
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_GUESTS
- ENABLE_LOBBY
- ENABLE_XMPP_WEBSOCKET
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_PASSWORD
- JIBRI_RECORDER_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_RECORDER_PASSWORD
- JIBRI_XMPP_USER
- JICOFO_AUTH_PASSWORD
- JIBRI_XMPP_PASSWORD
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_COMPONENT_SECRET
- JIGASI_XMPP_PASSWORD
- JIGASI_XMPP_USER
- JVB_AUTH_PASSWORD
- JIGASI_XMPP_PASSWORD
- JVB_AUTH_USER
- JWT_ACCEPTED_AUDIENCES
- JWT_ACCEPTED_ISSUERS
- JWT_ALLOW_EMPTY
- JVB_AUTH_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_TOKEN_AUTH_MODULE
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_START_TLS
- LDAP_TLS_CACERT_DIR
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CHECK_PEER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- LDAP_VERSION
- LOG_LEVEL
- PUBLIC_URL
- TURN_CREDENTIALS
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_INTERNAL_MUC_MODULES
- XMPP_MODULES
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- XMPP_CROSS_DOMAIN
networks:
meet.jitsi:
aliases:
@ -175,24 +230,49 @@ services:
# Focus component
jicofo:
image: jitsi/jicofo
restart: unless-stopped
image: jitsi/jicofo:stable-6865
restart: ${RESTART_POLICY}
volumes:
jotbe marked this conversation as resolved Outdated
jsydll commented 2020-12-13 13:27:35 +01:00
Outdated
Review
Copy link

What's the purpose of the service dict var?

What's the purpose of the service dict var?
jotbe commented 2020-12-13 14:16:29 +01:00
Outdated
Review
Copy link

This should define a service entity for traefik which allows e.g. for loadbalancing. I haven't tried the loadbalancing yet. On the other hand, that entrypoint video is not further defined here. I am not sure whether other configuration is missing here.

This should define a service entity for traefik which allows e.g. for loadbalancing. I haven't tried the loadbalancing yet. On the other hand, that entrypoint `video` is not further defined here. I am not sure whether other configuration is missing here.
jsydll commented 2020-12-13 14:31:23 +01:00
Outdated
Review
Copy link

As long as this does not break our current setup, I'm fine with having the new labels here.

As long as this does not break our current setup, I'm fine with having the new labels here.
- ${CONFIG}/jicofo:/config
- ${CONFIG}/jicofo:/config:Z
jotbe marked this conversation as resolved Outdated
jsydll commented 2020-12-13 13:28:08 +01:00
Outdated
Review
Copy link

Could that be parameterized with ${JVB_PORT}?

Could that be parameterized with `${JVB_PORT}`?
jotbe commented 2020-12-13 14:22:09 +01:00
Outdated
Review
Copy link

Good point! Yes, could be, but it makes sense to create an Ansible var to allow a config of that JVB_PORT which is still more or less hardcoded in the env file.

Good point! Yes, could be, but it makes sense to create an Ansible var to allow a config of that `JVB_PORT` which is still more or less hardcoded in the env file.
jsydll commented 2020-12-13 14:29:56 +01:00
Outdated
Review
Copy link

To my knowledge, this variable already exists: jitsi_bridge_udp_port. Or do I mix up things here?

To my knowledge, this variable already exists: `jitsi_bridge_udp_port`. Or do I mix up things here?
jotbe commented 2020-12-13 17:50:29 +01:00
Outdated
Review
Copy link

Where is that? I cannot find that string in the code.

Where is that? I cannot find that string in the code.
jsydll commented 2020-12-14 07:34:25 +01:00
Outdated
Review
Copy link

I'm sorry, got that mixed up with one of my branches where I also needed to introduce such a variable :D

I'm sorry, got that mixed up with one of my branches where I also needed to introduce such a variable :D
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- JIBRI_BREWERY_MUC
- JIBRI_PENDING_TIMEOUT
- JICOFO_AUTH_PASSWORD
- ENABLE_AUTO_OWNER
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_H264
- ENABLE_OCTO
- ENABLE_RECORDING
- ENABLE_SCTP
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_USER
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_PASSWORD
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_SHORT_ID
- JICOFO_RESERVATION_ENABLED
- JICOFO_RESERVATION_REST_BASE_URL
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JVB_BREWERY_MUC
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
depends_on:
- prosody
@ -201,27 +281,39 @@ services:
# Video bridge
jvb:
image: jitsi/jvb
restart: unless-stopped
image: jitsi/jvb:stable-6865
restart: ${RESTART_POLICY}
ports:
- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
volumes:
- ${CONFIG}/jvb:/config
- ${CONFIG}/jvb:/config:Z
environment:
- DOCKER_HOST_ADDRESS
- JVB_AUTH_PASSWORD
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_OCTO
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_ENABLE_APIS
#- JVB_ENABLE_APIS
- JVB_PORT
- JVB_STUN_SERVERS
- JVB_MUC_NICKNAME
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_MAPPED_PORT
- JVB_TCP_PORT
- JVB_TCP_MAPPED_PORT
- JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_PUBLIC_ADDRESS
- JVB_OCTO_BIND_PORT
- JVB_OCTO_REGION
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- PUBLIC_URL
- SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN

246
templates/env.jitsi.j2
View file

@ -1,27 +1,79 @@
# shellcheck disable=SC2034
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
#
# Basic configuration options
#
# Directory where all configuration will be stored.
# Directory where all configuration will be stored
CONFIG=./conf
# Exposed HTTP port.
# Exposed HTTP port
HTTP_PORT={{ jitsi_exposed_http_port }}
# Exposed HTTPS port.
# Exposed HTTPS port
HTTPS_PORT={{ jitsi_exposed_https_port }}
# System time zone.
# System time zone
TZ={{ jitsi_timezone }}
# Public URL for the web service.
# Public URL for the web service (required)
PUBLIC_URL={{ jitsi_public_url }}
VIRTUAL_HOST={{ jitsi_virtual_host }}
# IP address of the Docker host. See the "Running on a LAN environment" section
# in the README.
# IP address of the Docker host
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
DOCKER_HOST_ADDRESS={{ jitsi_docker_host_address }}
# Control whether the lobby feature should be enabled or not
#ENABLE_LOBBY=1
# Control whether the A/V moderation should be enabled or not
#ENABLE_AV_MODERATION=1
# Show a prejoin page before entering a conference
#ENABLE_PREJOIN_PAGE=0
# Enable the welcome page
#ENABLE_WELCOME_PAGE=1
# Enable the close page
#ENABLE_CLOSE_PAGE=0
# Disable measuring of audio levels
#DISABLE_AUDIO_LEVELS=0
# Enable noisy mic detection
#ENABLE_NOISY_MIC_DETECTION=1
# Enable breakout rooms
#ENABLE_BREAKOUT_ROOMS=1
{% if jitsi_enable_letsencrypt %}
#
# Let's Encrypt configuration
@ -42,17 +94,20 @@ LETSENCRYPT_EMAIL={{ jitsi_letsencrypt_email }}
# Etherpad integration (for document sharing)
#
# Set etherpad-lite URL (uncomment to enable).
# Set etherpad-lite URL in docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
# Name your etherpad instance!
ETHERPAD_TITLE="Video Chat"
ETHERPAD_TITLE=Video Chat
# The default text of a pad
ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
# Name of the skin for etherpad
ETHERPAD_SKIN_NAME="colibris"
ETHERPAD_SKIN_NAME=colibris
# Skin variants for etherpad
ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
@ -62,13 +117,13 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls.
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt).
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
@ -78,53 +133,53 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see README for details)
# Authentication configuration (see handbook for details)
#
# Enable authentication.
# Enable authentication
#ENABLE_AUTH=1
# Enable guest access.
# Enable guest access
#ENABLE_GUESTS=1
# Select authentication type: internal, jwt or ldap
#AUTH_TYPE=internal
# JWT auuthentication
# JWT authentication
#
# Application identifier.
# Application identifier
#JWT_APP_ID=my_jitsi_app_id
# Application secret known only to your token.
# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret
# (Optional) Set asap_accepted_issuers as a comma separated list.
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
# (Optional) Set asap_accepted_audiences as a comma separated list.
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection.
# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/
# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com
# LDAP user DN. Do not specify this parameter for the anonymous bind.
# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
# LDAP user password. Do not specify this parameter for the anonymous bind.
# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail.
# %s - %s is replaced by the complete service string.
# %r - %r is replaced by the complete realm string.
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
# LDAP authentication method
@ -136,16 +191,16 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow.
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server sertificate verify is enabled.
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server sertificate verify is enabled.
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
@ -156,7 +211,7 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background
# Advanced configuration options (you generally don't need to change these)
#
# Internal XMPP domain.
# Internal XMPP domain
XMPP_DOMAIN=meet.jitsi
# Internal XMPP server
@ -165,16 +220,16 @@ XMPP_SERVER=xmpp.meet.jitsi
# Internal XMPP server URL
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
# Internal XMPP domain for authenticated services.
# Internal XMPP domain for authenticated services
XMPP_AUTH_DOMAIN=auth.meet.jitsi
# XMPP domain for the MUC.
# XMPP domain for the MUC
XMPP_MUC_DOMAIN=muc.meet.jitsi
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
# XMPP domain for unauthenticated users.
# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# Comma separated list of domains for cross domain policy or "true" to allow all
@ -190,16 +245,13 @@ XMPP_MUC_MODULES=
# Custom Prosody modules for internal MUC component (comma separated)
XMPP_INTERNAL_MUC_MODULES=
# MUC for the JVB pool.
# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery
# XMPP user for JVB client connections.
# XMPP user for JVB client connections
JVB_AUTH_USER={{ jitsi_jvb_auth_user }}
# XMPP password for JVB client connections.
JVB_AUTH_PASSWORD={{ jitsi_jvb_auth_password }}
# STUN servers used to discover the server's public IP.
# STUN servers used to discover the server's public IP
JVB_STUN_SERVERS={{ jitsi_jvb_stun_servers }}
# Media port for the Jitsi Videobridge
@ -210,35 +262,26 @@ JVB_TCP_HARVESTER_DISABLED=true
JVB_TCP_PORT=4443
JVB_TCP_MAPPED_PORT=4443
# A comma separated list of APIs to enable when the JVB is started. The default is none.
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information
#JVB_ENABLE_APIS=rest,colibri
# XMPP component password for Jicofo.
JICOFO_COMPONENT_SECRET={{ jitsi_jicofo_component_secret }}
# XMPP user for Jicofo client connections. NOTE: this option doesn't currently work due to a bug.
# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER={{ jitsi_jicofo_auth_user }}
# XMPP password for Jicofo client connections.
JICOFO_AUTH_PASSWORD={{ jitsi_jicofo_auth_password }}
# Base URL of Jicofo's reservation REST API
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
# XMPP user for Jigasi MUC client connections.
# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
#JICOFO_ENABLE_HEALTH_CHECKS=true
# XMPP user for Jigasi MUC client connections
JIGASI_XMPP_USER={{ jitsi_jigasi_xmpp_user }}
# XMPP password for Jigasi MUC client connections.
JIGASI_XMPP_PASSWORD={{ jitsi_jigasi_xmpp_password }}
# MUC name for the Jigasi pool.
# MUC name for the Jigasi pool
JIGASI_BREWERY_MUC=jigasibrewery
# Minimum port for media used by Jigasi.
# Minimum port for media used by Jigasi
JIGASI_PORT_MIN=20000
# Maximum port for media used by Jigasi.
# Maximum port for media used by Jigasi
JIGASI_PORT_MAX=20050
# Enable SDES srtp
@ -253,23 +296,28 @@ JIGASI_PORT_MAX=20050
# Health-check interval
#JIGASI_HEALTH_CHECK_INTERVAL=300000
#
# Enable Jigasi transcription.
# Enable Jigasi transcription
#ENABLE_TRANSCRIPTIONS=1
# Jigasi will recordord an audio when transcriber is on. Default false.
# Jigasi will record audio when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
# Jigasi will send transcribed text to the chat when transcriber is on. Default false.
# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
#JIGASI_TRANSCRIBER_SEND_TXT=true
# Jigasi post to the chat an url with transcription file. Default false.
# Jigasi will post an url to the chat with transcription file [default: false]
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
# Credentials for connect to Cloud Google API from Jigasi
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
# section "Before you begin" from 1 to 5 paragraph. Copy the key on
# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
# section "Before you begin" paragraph 1 to 5
# Copy the values from the json to the related env vars
#GC_PROJECT_ID=
#GC_PRIVATE_KEY_ID=
#GC_PRIVATE_KEY=
#GC_CLIENT_EMAIL=
#GC_CLIENT_ID=
#GC_CLIENT_CERT_URL=
# Enable recording
#ENABLE_RECORDING=1
@ -277,25 +325,19 @@ JIGASI_PORT_MAX=20050
# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
# XMPP recorder user for Jibri client connections.
# XMPP recorder user for Jibri client connections
JIBRI_RECORDER_USER={{ jitsi_jibri_recorder_user }}
# XMPP recorder password for Jibri client connections.
JIBRI_RECORDER_PASSWORD={{ jitsi_jibri_recorder_password }}
# Directory for recordings inside Jibri container.
# Directory for recordings inside Jibri container
JIBRI_RECORDING_DIR=/config/recordings
# The finalizing script. Will run after recording is complete.
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
# The finalizing script. Will run after recording is complete
#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
# XMPP user for Jibri client connections.
# XMPP user for Jibri client connections
JIBRI_XMPP_USER={{ jitsi_jibri_xmpp_user }}
# XMPP password for Jibri client connections.
JIBRI_XMPP_PASSWORD={{ jitsi_jibri_xmpp_password }}
# MUC name for the Jibri pool.
# MUC name for the Jibri pool
JIBRI_BREWERY_MUC=jibribrewery
# MUC connection timeout
@ -308,18 +350,35 @@ JIBRI_PENDING_TIMEOUT=90
# So if there are any prefixes in the jid (like jitsi meet, which
# has its participants join a muc at conference.xmpp_domain) then
# list that prefix here so it can be stripped out to generate
# the call url correctly.
# the call url correctly
JIBRI_STRIP_DOMAIN_JID=muc
# Directory for logs inside Jibri container.
# Directory for logs inside Jibri container
JIBRI_LOGS_DIR=/config/logs
# Disable HTTPS. This can be useful if TLS connections are going to be handled outside of this setup.
# Configure an external TURN server
# TURN_CREDENTIALS=secret
# TURN_HOST=turnserver.example.com
# TURN_PORT=443
# TURNS_HOST=turnserver.example.com
# TURNS_PORT=443
# Disable HTTPS: handle TLS connections outside of this setup
#DISABLE_HTTPS=1
# Redirects HTTP traffic to HTTPS. Only works with the standard HTTPS port (443).
# Enable FLoC
# Opt-In to Federated Learning of Cohorts tracking
#ENABLE_FLOC=0
# Redirect HTTP traffic to HTTPS
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1
# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1
# Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1
@ -330,3 +389,26 @@ RESTART_POLICY=unless-stopped
# Authenticate using external service or just focus external auth window if there is one already.
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
# Sentry Error Tracking
# Sentry Data Source Name (Endpoint for Sentry project)
# Example: https://public:private@host:port/1
#JVB_SENTRY_DSN=
#JICOFO_SENTRY_DSN=
#JIGASI_SENTRY_DSN=
# Optional environment info to filter events
#SENTRY_ENVIRONMENT=production
# Optional release info to filter events
#SENTRY_RELEASE=1.0.0
# Optional properties for shutdown api
#COLIBRI_REST_ENABLED=true
#SHUTDOWN_REST_ENABLED=true
# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma)
#TOOLBAR_BUTTONS=
# Hide the buttons at pre-join screen. Add the buttons name separated with comma
#HIDE_PREMEETING_BUTTONS=

8
templates/etherpad.yml
View file

@ -3,7 +3,13 @@ version: '3'
services:
# Etherpad: real-time collaborative document editing
etherpad:
image: jitsi/etherpad
image: etherpad/etherpad:1.8.6
restart: ${RESTART_POLICY}
environment:
- TITLE=${ETHERPAD_TITLE}
- DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT}
- SKIN_NAME=${ETHERPAD_SKIN_NAME}
- SKIN_VARIANTS=${ETHERPAD_SKIN_VARIANTS}
networks:
meet.jitsi:
aliases:

29
templates/jibri.yml
View file

@ -2,9 +2,10 @@ version: '3'
services:
jibri:
image: jitsi/jibri
image: jitsi/jibri:stable-6865
restart: ${RESTART_POLICY}
volumes:
- ${CONFIG}/jibri:/config
- ${CONFIG}/jibri:/config:Z
- /dev/shm:/dev/shm
cap_add:
- SYS_ADMIN
@ -12,11 +13,15 @@ services:
devices:
- /dev/snd:/dev/snd
environment:
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- XMPP_DOMAIN
- CHROMIUM_FLAGS
- DISPLAY=:0
- ENABLE_STATS_D
- JIBRI_FFMPEG_AUDIO_SOURCE
- JIBRI_FFMPEG_AUDIO_DEVICE
- JIBRI_HTTP_API_EXTERNAL_PORT
- JIBRI_HTTP_API_INTERNAL_PORT
- JIBRI_RECORDING_RESOLUTION
- JIBRI_USAGE_TIMEOUT
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_BREWERY_MUC
@ -26,8 +31,16 @@ services:
- JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
- JIBRI_STRIP_DOMAIN_JID
- JIBRI_LOGS_DIR
- DISPLAY=:0
- PUBLIC_URL
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER
- XMPP_TRUST_ALL_CERTS
depends_on:
- jicofo
networks:
meet.jitsi:

21
templates/jigasi.yml
View file

@ -3,15 +3,19 @@ version: '3'
services:
# SIP gateway (audio)
jigasi:
image: jitsi/jigasi
image: jitsi/jigasi:stable-6865
restart: ${RESTART_POLICY}
ports:
- '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp'
volumes:
- ${CONFIG}/jigasi:/config
- ${CONFIG}/transcripts:/tmp/transcripts
- ${CONFIG}/jigasi:/config:Z
- ${CONFIG}/transcripts:/tmp/transcripts:Z
environment:
- ENABLE_AUTH
- ENABLE_GUESTS
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_DOMAIN
@ -21,6 +25,7 @@ services:
- JIGASI_SIP_SERVER
- JIGASI_SIP_PORT
- JIGASI_SIP_TRANSPORT
- JIGASI_SIP_DEFAULT_ROOM
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JIGASI_BREWERY_MUC
@ -34,7 +39,15 @@ services:
- JIGASI_TRANSCRIBER_ADVERTISE_URL
- JIGASI_TRANSCRIBER_RECORD_AUDIO
- JIGASI_TRANSCRIBER_SEND_TXT
- GOOGLE_APPLICATION_CREDENTIALS
- GC_PROJECT_ID
- GC_PRIVATE_KEY_ID
- GC_PRIVATE_KEY
- GC_CLIENT_EMAIL
- GC_CLIENT_ID
- GC_CLIENT_CERT_URL
- SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
depends_on:
- prosody