version: '3' services: # Frontend web: image: jitsi/web restart: unless-stopped volumes: - ${CONFIG}/web:/config - ${CONFIG}/web/letsencrypt:/etc/letsencrypt - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts environment: - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS - ANALYTICS_WHITELISTED_EVENTS - BRANDING_DATA_URL - BRIDGE_CHANNEL - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE - DEPLOYMENTINFO_USERREGION - DIALIN_NUMBERS_URL - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DISABLE_HTTPS - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH - ENABLE_CALENDAR - ENABLE_FILE_RECORDING_SERVICE - ENABLE_FILE_RECORDING_SERVICE_SHARING - ENABLE_GUESTS - ENABLE_HTTP_REDIRECT - ENABLE_IPV6 - ENABLE_LETSENCRYPT - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - ENABLE_P2P - ENABLE_PREJOIN_PAGE - ENABLE_RECORDING - ENABLE_REMB - ENABLE_REQUIRE_DISPLAY_NAME - ENABLE_SIMULCAST - ENABLE_STATS_ID - ENABLE_STEREO - ENABLE_SUBDOMAINS - ENABLE_TALK_WHILE_MUTED - ENABLE_TCC - ENABLE_TRANSCRIPTIONS - ENABLE_XMPP_WEBSOCKET - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE - GOOGLE_ANALYTICS_ID - GOOGLE_API_APP_CLIENT_ID - INVITE_SERVICE_URL - JICOFO_AUTH_USER - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID - NGINX_RESOLVER - PEOPLE_SEARCH_URL - PUBLIC_URL - RESOLUTION - RESOLUTION_MIN - RESOLUTION_WIDTH - RESOLUTION_WIDTH_MIN - START_AUDIO_MUTED - START_AUDIO_ONLY - START_BITRATE - START_VIDEO_MUTED - TESTING_CAP_SCREENSHARE_BITRATE - TESTING_OCTO_PROBABILITY - TZ - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN labels: traefik.enable: true traefik.docker.network: traefik_public traefik.http.routers.jitsi.rule: Host(`{{ jitsi_virtual_host }}`) traefik.http.routers.jitsi.entrypoints: websecure traefik.http.routers.jitsi.tls: true traefik.http.routers.jitsi.tls.certresolver: defaultresolver traefik.http.middlewares.jitsi-headers.headers.SSLRedirect: true traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter: true traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff: true traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader: true traefik.http.middlewares.jitsi-headers.headers.STSSeconds: 315360000 traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains: true traefik.http.middlewares.jitsi-headers.headers.STSPreload: true traefik.http.middlewares.jitsi-headers.headers.featurePolicy: geolocation 'none'; payment 'none' traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy: default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content traefik.http.routers.jitsi.middlewares: jitsi-headers networks: public: meet.jitsi: aliases: - ${XMPP_DOMAIN} # XMPP server prosody: image: jitsi/prosody restart: unless-stopped expose: - '5222' - '5347' - '5280' volumes: - ${CONFIG}/prosody:/config environment: - AUTH_TYPE - ENABLE_AUTH - ENABLE_GUESTS - ENABLE_LOBBY - ENABLE_XMPP_WEBSOCKET - GLOBAL_CONFIG - GLOBAL_MODULES - JIBRI_RECORDER_PASSWORD - JIBRI_RECORDER_USER - JIBRI_XMPP_PASSWORD - JIBRI_XMPP_USER - JICOFO_AUTH_PASSWORD - JICOFO_AUTH_USER - JICOFO_COMPONENT_SECRET - JIGASI_XMPP_PASSWORD - JIGASI_XMPP_USER - JVB_AUTH_PASSWORD - JVB_AUTH_USER - JWT_ACCEPTED_AUDIENCES - JWT_ACCEPTED_ISSUERS - JWT_ALLOW_EMPTY - JWT_APP_ID - JWT_APP_SECRET - JWT_ASAP_KEYSERVER - JWT_AUTH_TYPE - JWT_TOKEN_AUTH_MODULE - LDAP_AUTH_METHOD - LDAP_BASE - LDAP_BINDDN - LDAP_BINDPW - LDAP_FILTER - LDAP_START_TLS - LDAP_TLS_CACERT_DIR - LDAP_TLS_CACERT_FILE - LDAP_TLS_CHECK_PEER - LDAP_TLS_CIPHERS - LDAP_URL - LDAP_USE_TLS - LDAP_VERSION - LOG_LEVEL - PUBLIC_URL - TZ - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_MODULES - XMPP_MODULES - XMPP_MUC_DOMAIN - XMPP_MUC_MODULES - XMPP_RECORDER_DOMAIN networks: meet.jitsi: aliases: - ${XMPP_SERVER} # Focus component jicofo: image: jitsi/jicofo restart: unless-stopped volumes: - ${CONFIG}/jicofo:/config environment: - ENABLE_AUTH - JIBRI_BREWERY_MUC - JIBRI_PENDING_TIMEOUT - JICOFO_AUTH_PASSWORD - JICOFO_AUTH_USER - JICOFO_COMPONENT_SECRET - JICOFO_RESERVATION_REST_BASE_URL - JIGASI_BREWERY_MUC - JVB_BREWERY_MUC - TZ - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER depends_on: - prosody networks: meet.jitsi: # Video bridge jvb: image: jitsi/jvb restart: unless-stopped ports: - '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' volumes: - ${CONFIG}/jvb:/config environment: - DOCKER_HOST_ADDRESS - JVB_AUTH_PASSWORD - JVB_AUTH_USER - JVB_BREWERY_MUC - JVB_ENABLE_APIS - JVB_PORT - JVB_STUN_SERVERS - JVB_TCP_HARVESTER_DISABLED - JVB_TCP_MAPPED_PORT - JVB_TCP_PORT - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - PUBLIC_URL - TZ - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER depends_on: - prosody networks: meet.jitsi: labels: traefik.udp.routers.jvb.entrypoints: video traefik.udp.routers.jvb.service: jvb traefik.udp.services.jvb.loadbalancer.server.port: '10000' # Custom network so all services can communicate using a FQDN networks: meet.jitsi: public: external: name: traefik_public