jotbe/ansible-role-jitsi-docker
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Wiki Activity
ansible-role-jitsi-docker/templates/docker-compose.jitsi.yml.j2
Jan Beilicke fb6cb0c52d Sorted ENV vars
2020-12-13 00:32:38 +01:00

243 lines
7.9 KiB
Django/Jinja
Raw Blame History

version: '3'
services:
# Frontend
web:
image: jitsi/web
restart: unless-stopped
volumes:
- ${CONFIG}/web:/config
- ${CONFIG}/web/letsencrypt:/etc/letsencrypt
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- BRANDING_DATA_URL
- BRIDGE_CHANNEL
- CALLSTATS_CUSTOM_SCRIPT_URL
- CALLSTATS_ID
- CALLSTATS_SECRET
- CHROME_EXTENSION_BANNER_JSON
- CONFCODE_URL
- CONFIG_EXTERNAL_CONNECT
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_USERREGION
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_HTTPS
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTH
- ENABLE_CALENDAR
- ENABLE_FILE_RECORDING_SERVICE
- ENABLE_FILE_RECORDING_SERVICE_SHARING
- ENABLE_GUESTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_P2P
- ENABLE_PREJOIN_PAGE
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
- ENABLE_SUBDOMAINS
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_XMPP_WEBSOCKET
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- INVITE_SERVICE_URL
- JICOFO_AUTH_USER
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_RESOLVER
- PEOPLE_SEARCH_URL
- PUBLIC_URL
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_BITRATE
- START_VIDEO_MUTED
- TESTING_CAP_SCREENSHARE_BITRATE
- TESTING_OCTO_PROBABILITY
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
- "traefik.http.routers.jitsi.rule=Host(`{{ jitsi_virtual_host }}`)"
- "traefik.http.routers.jitsi.entrypoints=websecure"
- "traefik.http.routers.jitsi.tls=true"
- "traefik.http.routers.jitsi.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.jitsi-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.jitsi-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.jitsi-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.jitsi-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.jitsi-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.jitsi-headers.headers.STSPreload=true"
- "traefik.http.middlewares.jitsi-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
- "traefik.http.middlewares.jitsi-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.jitsi.middlewares=jitsi-headers"
networks:
public:
meet.jitsi:
aliases:
- ${XMPP_DOMAIN}
# XMPP server
prosody:
image: jitsi/prosody
restart: unless-stopped
expose:
- '5222'
- '5347'
- '5280'
volumes:
- ${CONFIG}/prosody:/config
environment:
- AUTH_TYPE
- ENABLE_AUTH
- ENABLE_GUESTS
- ENABLE_LOBBY
- ENABLE_XMPP_WEBSOCKET
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_PASSWORD
- JIBRI_RECORDER_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_XMPP_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_AUTH_USER
- JICOFO_COMPONENT_SECRET
- JIGASI_XMPP_PASSWORD
- JIGASI_XMPP_USER
- JVB_AUTH_PASSWORD
- JVB_AUTH_USER
- JWT_ACCEPTED_AUDIENCES
- JWT_ACCEPTED_ISSUERS
- JWT_ALLOW_EMPTY
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ASAP_KEYSERVER
- JWT_AUTH_TYPE
- JWT_TOKEN_AUTH_MODULE
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_START_TLS
- LDAP_TLS_CACERT_DIR
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CIPHERS
- LDAP_URL
- LDAP_USE_TLS
- LDAP_VERSION
- LOG_LEVEL
- PUBLIC_URL
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_INTERNAL_MUC_MODULES
- XMPP_MODULES
- XMPP_MUC_DOMAIN
- XMPP_MUC_MODULES
- XMPP_RECORDER_DOMAIN
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER}
# Focus component
jicofo:
image: jitsi/jicofo
restart: unless-stopped
volumes:
- ${CONFIG}/jicofo:/config
environment:
- ENABLE_AUTH
- JIBRI_BREWERY_MUC
- JIBRI_PENDING_TIMEOUT
- JICOFO_AUTH_PASSWORD
- JICOFO_AUTH_USER
- JICOFO_COMPONENT_SECRET
- JICOFO_RESERVATION_REST_BASE_URL
- JIGASI_BREWERY_MUC
- JVB_BREWERY_MUC
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
depends_on:
- prosody
networks:
meet.jitsi:
# Video bridge
jvb:
image: jitsi/jvb
restart: unless-stopped
ports:
- '${JVB_PORT}:${JVB_PORT}/udp'
- '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
volumes:
- ${CONFIG}/jvb:/config
environment:
- DOCKER_HOST_ADDRESS
- JVB_AUTH_PASSWORD
- JVB_AUTH_USER
- JVB_BREWERY_MUC
- JVB_ENABLE_APIS
- JVB_PORT
- JVB_STUN_SERVERS
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_MAPPED_PORT
- JVB_TCP_PORT
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- PUBLIC_URL
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
depends_on:
- prosody
networks:
meet.jitsi:
labels:
traefik.udp.routers.jvb.entrypoints: video
traefik.udp.routers.jvb.service: jvb
traefik.udp.services.jvb.loadbalancer.server.port: '10000'
# Custom network so all services can communicate using a FQDN
networks:
meet.jitsi:
public:
external:
name: traefik_public
Reference in a new issue View git blame Copy permalink