version: '3' services: # Frontend web: image: jitsi/web restart: unless-stopped ports: - '${HTTP_PORT}:80' - '${HTTPS_PORT}:443' volumes: - ${CONFIG}/web:/config - ${CONFIG}/web/letsencrypt:/etc/letsencrypt - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts environment: - ENABLE_AUTH - ENABLE_GUESTS - ENABLE_LETSENCRYPT - ENABLE_HTTP_REDIRECT - ENABLE_TRANSCRIPTIONS - DISABLE_HTTPS - JICOFO_AUTH_USER - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - ETHERPAD_URL_BASE - TZ - JIBRI_BREWERY_MUC - JIBRI_PENDING_TIMEOUT - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD - ENABLE_RECORDING labels: - "traefik.enable=true" - "traefik.docker.network=traefik_public" - "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_virtual_host }}`)" - "traefik.http.routers.jitsi.entrypoints=websecure" - "traefik.http.routers.jitsi.tls=true" - "traefik.http.routers.jitsi.tls.certresolver=defaultresolver" - "traefik.http.middlewares.jitsi-headers.headers.SSLRedirect=true" - "traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter=true" - "traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff=true" - "traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader=true" - "traefik.http.middlewares.jitsi-headers.headers.STSSeconds=315360000" - "traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.jitsi-headers.headers.STSPreload=true" - "traefik.http.middlewares.jitsi-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" - "traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content" - "traefik.http.routers.jitsi.middlewares=jitsi-headers" networks: public: meet.jitsi: aliases: - ${XMPP_DOMAIN} # XMPP server prosody: image: jitsi/prosody restart: unless-stopped expose: - '5222' - '5347' - '5280' volumes: - ${CONFIG}/prosody:/config environment: - AUTH_TYPE - ENABLE_AUTH - ENABLE_GUESTS - GLOBAL_MODULES - GLOBAL_CONFIG - LDAP_URL - LDAP_BASE - LDAP_BINDDN - LDAP_BINDPW - LDAP_FILTER - LDAP_AUTH_METHOD - LDAP_VERSION - LDAP_USE_TLS - LDAP_TLS_CIPHERS - LDAP_TLS_CHECK_PEER - LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_DIR - LDAP_START_TLS - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MODULES - XMPP_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD - JWT_APP_ID - JWT_APP_SECRET - JWT_ACCEPTED_ISSUERS - JWT_ACCEPTED_AUDIENCES - JWT_ASAP_KEYSERVER - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE - JWT_TOKEN_AUTH_MODULE - LOG_LEVEL - TZ networks: meet.jitsi: aliases: - ${XMPP_SERVER} # Focus component jicofo: image: jitsi/jicofo restart: unless-stopped volumes: - ${CONFIG}/jicofo:/config environment: - ENABLE_AUTH - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD - JICOFO_RESERVATION_REST_BASE_URL - JVB_BREWERY_MUC - JIGASI_BREWERY_MUC - JIBRI_BREWERY_MUC - JIBRI_PENDING_TIMEOUT - TZ depends_on: - prosody networks: meet.jitsi: # Video bridge jvb: image: jitsi/jvb restart: unless-stopped ports: - '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' volumes: - ${CONFIG}/jvb:/config environment: - DOCKER_HOST_ADDRESS - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - JVB_PORT - JVB_TCP_HARVESTER_DISABLED - JVB_TCP_PORT - JVB_STUN_SERVERS - JVB_ENABLE_APIS - TZ depends_on: - prosody networks: meet.jitsi: # Custom network so all services can communicate using a FQDN networks: meet.jitsi: public: external: name: traefik_public