extern/docker
1
0
Fork 1
mirror of https://github.com/bigbluebutton/docker.git synced 2024-11-22 08:03:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #36 from alangecker/develop

Browse Source 
Release v2.2.21-1
This commit is contained in:
chandi 2020-07-30 13:08:53 +02:00 committed by GitHub
commit 279d74f4a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 719 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -6,6 +6,7 @@
- TURN server included - TURN server included
- Fully automated HTTPS certificates - Fully automated HTTPS certificates
- Runs on almost any major linux distributon (Debian, Ubuntu, CentOS,...) - Runs on almost any major linux distributon (Debian, Ubuntu, CentOS,...)
- Full IPv6 support
## Install ## Install
1. Install docker-ce & docker-compose 1. Install docker-ce & docker-compose

3
docker-compose.coturn.yml
View File

@ -4,7 +4,8 @@ services:
image: instrumentisto/coturn:4.5 image: instrumentisto/coturn:4.5
restart: unless-stopped restart: unless-stopped
command: command:
- "--external-ip=${EXTERNAL_IP}" - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}" - "--static-auth-secret=${TURN_SECRET}"
volumes: volumes:
- ssl_data:/etc/resty-auto-ssl - ssl_data:/etc/resty-auto-ssl

2
docker-compose.greenlight.yml
View File

@ -12,7 +12,7 @@ services:
DB_NAME: greenlight DB_NAME: greenlight
DB_USERNAME: postgres DB_USERNAME: postgres
DB_PASSWORD: password DB_PASSWORD: password
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/ BIGBLUEBUTTON_ENDPOINT: ${GREENLIGHT_ENDPOINT}
BIGBLUEBUTTON_SECRET: ${SHARED_SECRET} BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
SECRET_KEY_BASE: ${RAILS_SECRET} SECRET_KEY_BASE: ${RAILS_SECRET}
ports: ports:

8
docker-compose.https.yml
View File

@ -3,14 +3,12 @@ services:
https_proxy: https_proxy:
image: valian/docker-nginx-auto-ssl image: valian/docker-nginx-auto-ssl
restart: unless-stopped restart: unless-stopped
ports:
- 80:80
- 443:443
volumes: volumes:
- ssl_data:/etc/resty-auto-ssl - ssl_data:/etc/resty-auto-ssl
- ./mod/https/${HTTPS_SITE_FILE}:/etc/nginx/conf.d/bbb-docker.conf
environment: environment:
ALLOWED_DOMAINS: ${DOMAIN} ALLOWED_DOMAINS: ${CERTIFICATE_DOMAINS}
SITES: ${DOMAIN}=10.7.7.1:8080 network_mode: host
volumes: volumes:
ssl_data: ssl_data:

15
docker-compose.prometheus.yml Normal file
View File

@ -0,0 +1,15 @@
version: '3.6'
services:
prometheus-exporter:
image: greenstatic/bigbluebutton-exporter:v0.5.0
restart: unless-stopped
environment:
API_BASE_URL: http://10.7.7.1:8080/bigbluebutton/api/
API_SECRET: ${SHARED_SECRET}
RECORDINGS_METRICS_READ_FROM_DISK: "false"
networks:
bbb-net:
ipv4_address: 10.7.7.33
# volumes:
# - bigbluebutton:/var/bigbluebutton

30
docker-compose.yml
View File

@ -7,8 +7,10 @@ services:
depends_on: depends_on:
- redis - redis
environment: environment:
DEV_MODE: ${DEV_MODE:-}
DOMAIN: ${DOMAIN} DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET} SHARED_SECRET: ${SHARED_SECRET}
WELCOME_MESSAGE: ${WELCOME_MESSAGE:-}
WELCOME_FOOTER: ${WELCOME_FOOTER} WELCOME_FOOTER: ${WELCOME_FOOTER}
STUN_SERVER: stun:${STUN_IP}:${STUN_PORT} STUN_SERVER: stun:${STUN_IP}:${STUN_PORT}
TURN_SERVER: ${TURN_SERVER:-} TURN_SERVER: ${TURN_SERVER:-}
@ -31,9 +33,11 @@ services:
- SYS_RESOURCE - SYS_RESOURCE
environment: environment:
DOMAIN: ${DOMAIN} DOMAIN: ${DOMAIN}
EXTERNAL_IP: ${EXTERNAL_IP} EXTERNAL_IPv4: ${EXTERNAL_IPv4}
SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} EXTERNAL_IPv6: ${EXTERNAL_IPv6:-::1}
NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST:-}
DISABLE_SOUND_MUTED: ${DISABLE_SOUND_MUTED:-false}
DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
volumes: volumes:
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
- ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
@ -53,11 +57,13 @@ services:
- ./mod/nginx/bbb:/etc/nginx/bbb - ./mod/nginx/bbb:/etc/nginx/bbb
- ./mod/nginx/bigbluebutton:/etc/nginx/conf.d/default.conf - ./mod/nginx/bigbluebutton:/etc/nginx/conf.d/default.conf
- ${DEFAULT_PRESENTATION:-/dev/null}:/etc/nginx/html/default.pdf - ${DEFAULT_PRESENTATION:-/dev/null}:/etc/nginx/html/default.pdf
networks: network_mode: host
bbb-net:
ipv4_address: 10.7.7.13
extra_hosts: extra_hosts:
- "host.docker.internal:10.7.7.1" - "host.docker.internal:10.7.7.1"
- "core:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.10"
- "html5:10.7.7.11"
etherpad: etherpad:
build: mod/etherpad build: mod/etherpad
@ -94,7 +100,6 @@ services:
KMS_STUN_PORT: ${STUN_PORT} KMS_STUN_PORT: ${STUN_PORT}
KMS_MIN_PORT: 24577 KMS_MIN_PORT: 24577
KMS_MAX_PORT: 32768 KMS_MAX_PORT: 32768
KMS_EXTERNAL_ADDRESS: ${EXTERNAL_IP}
KMS_TURN_URL: KMS_TURN_URL:
KMS_NETWORK_INTERFACES: ${NETWORK_INTERFACE:-} KMS_NETWORK_INTERFACES: ${NETWORK_INTERFACE:-}
network_mode: host network_mode: host
@ -113,10 +118,10 @@ services:
KURENTO_NAME: kurento KURENTO_NAME: kurento
REDIS_HOST: redis REDIS_HOST: redis
FREESWITCH_IP: host.docker.internal FREESWITCH_IP: host.docker.internal
FREESWITCH_SIP_IP: ${EXTERNAL_IP} FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
ESL_IP: host.docker.internal ESL_IP: host.docker.internal
LOG_LEVEL: info LOG_LEVEL: info
NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IP}","url":"ws://kurento:8888/kurento"}]}' NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IPv4}","url":"ws://kurento:8888/kurento"}]}'
ports: ports:
- "127.0.0.1:3008:3008" - "127.0.0.1:3008:3008"
extra_hosts: extra_hosts:
@ -137,6 +142,13 @@ services:
DOMAIN: ${DOMAIN} DOMAIN: ${DOMAIN}
CLIENT_TITLE: ${CLIENT_TITLE} CLIENT_TITLE: ${CLIENT_TITLE}
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false}
CHAT_ENABLED: ${CHAT_ENABLED:-true}
CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false}
DEV_MODE: ${DEV_MODE:-}
networks: networks:
bbb-net: bbb-net:
ipv4_address: 10.7.7.11 ipv4_address: 10.7.7.11

45
docs/development.md Normal file
View File

@ -0,0 +1,45 @@
# bbb-docker Development
## Running
you can run bbb-docker locally without any certificate issues with following `.env` configurations:
```
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
DOMAIN=10.7.7.1
EXTERNAL_IP=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
TURN_SERVER=turns:localhost:465?transport=tcp
TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret
# ====================================
# CUSTOMIZATION
# ====================================
[... add rest of sample.env here ...]
```
- you can than start it with \
`$ ./scripts/compose up -d`
- view the logs with \
`$ ./scripts/compose logs -f`
- and access the API via \
https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
* At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
## Changes
- After doing some changes you usually must...
* rebuild the image(s): \
`$ ./scripts/compose build [containername]`
* restart changes image(s): \
`$ ./scripts/compose up -d`

6
mod/core/Dockerfile
View File

@ -28,7 +28,7 @@ RUN apt-get install -y supervisor apt-transport-https equivs libreoffice haveged
# bbb repo & packages # bbb repo & packages
RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:bigbluebutton/support RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:bigbluebutton/support
RUN sh -c 'wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -' \ RUN sh -c 'wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -' \
&& sh -c 'echo "deb https://packages-eu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list' && sh -c 'echo "deb https://ubuntu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list'
# create dummy packages to satisfy dependencies # create dummy packages to satisfy dependencies
RUN equivs-control redis-server.control \ RUN equivs-control redis-server.control \
@ -37,6 +37,10 @@ RUN equivs-control redis-server.control \
&& dpkg -i /*.deb \ && dpkg -i /*.deb \
&& rm /*.deb && rm /*.deb
# this variable is not used, but it triggers
# rebuilding from here on if changed
ENV VERSION v2.2.21
RUN apt-get update && apt-get install -y bbb-web \ RUN apt-get update && apt-get install -y bbb-web \
bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka bbb-apps \ bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka bbb-apps \
bbb-apps-video bbb-apps-screenshare bbb-apps-video-broadcast bbb-apps-video bbb-apps-screenshare bbb-apps-video-broadcast

6
mod/core/web/bigbluebutton.properties
View File

@ -146,7 +146,7 @@ defaultGuestPolicy=ALWAYS_ACCEPT
# #
# native2ascii -encoding UTF8 bigbluebutton.properties bigbluebutton.properties # native2ascii -encoding UTF8 bigbluebutton.properties bigbluebutton.properties
# #
defaultWelcomeMessage=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="event:http://www.bigbluebutton.org/html5"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others. defaultWelcomeMessage={{ .Env.WELCOME_MESSAGE }}
defaultWelcomeMessageFooter={{ .Env.WELCOME_FOOTER }} defaultWelcomeMessageFooter={{ .Env.WELCOME_FOOTER }}
# Default maximum number of users a meeting can have. # Default maximum number of users a meeting can have.
@ -297,7 +297,11 @@ beans.presentationService.testPresentationName=appkonference
# Uploaded presentation file # Uploaded presentation file
beans.presentationService.testUploadedPresentation=appkonference.txt beans.presentationService.testUploadedPresentation=appkonference.txt
# Default Uploaded presentation file # Default Uploaded presentation file
{{ if isTrue .Env.DEV_MODE }}
beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation

8
mod/coturn/turnserver.conf
View File

@ -61,3 +61,11 @@ no-tlsv1_1
# To enable single filename logs you need to enable the simple-log flag # To enable single filename logs you need to enable the simple-log flag
syslog syslog
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
keep-address-family

284
mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl Normal file
View File

@ -0,0 +1,284 @@
<!-- http://wiki.freeswitch.org/wiki/Mod_conference -->
<!-- None of these paths are real if you want any of these options you need to really set them up -->
<configuration name="conference.conf" description="Audio Conference">
<!-- Advertise certain presence on startup . -->
<advertise>
<room name="3001@$${domain}" status="FreeSWITCH"/>
</advertise>
<!-- These are the default keys that map when you do not specify a caller control group -->
<!-- Note: none and default are reserved names for group names. Disabled if dist-dtmf member flag is set. -->
<caller-controls>
<group name="default">
<control action="mute" digits="0"/>
<control action="deaf mute" digits="*"/>
<control action="energy up" digits="9"/>
<control action="energy equ" digits="8"/>
<control action="energy dn" digits="7"/>
<control action="vol talk up" digits="3"/>
<control action="vol talk zero" digits="2"/>
<control action="vol talk dn" digits="1"/>
<control action="vol listen up" digits="6"/>
<control action="vol listen zero" digits="5"/>
<control action="vol listen dn" digits="4"/>
<!--control action="hangup" digits="#"/ -->
</group>
</caller-controls>
<!-- Profiles are collections of settings you can reference by name. -->
<profiles>
<!--If no profile is specified it will default to "default"-->
<profile name="default">
<!-- Directory to drop CDR's
'auto' means $PREFIX/logs/conference_cdr/<confernece_uuid>.cdr.xml
a non-absolute path means $PREFIX/logs/<value>/<confernece_uuid>.cdr.xml
absolute path means <value>/<confernece_uuid>.cdr.xml
-->
<!-- <param name="cdr-log-dir" value="auto"/> -->
<!-- Domain (for presence) -->
<param name="domain" value="$${domain}"/>
<!-- Sample Rate-->
<param name="rate" value="8000"/>
<!-- Number of milliseconds per frame -->
<param name="interval" value="20"/>
<!-- Energy level required for audio to be sent to the other users -->
<param name="energy-level" value="100"/>
<!--Can be | delim of waste|mute|deaf|dist-dtmf waste will always transmit data to each channel
even during silence. dist-dtmf propagates dtmfs to all other members, but channel controls
via dtmf will be disabled. -->
<!-- <param name="member-flags" value="waste"/> -->
<!-- Name of the caller control group to use for this profile -->
<!-- <param name="caller-controls" value="some name"/> -->
<!-- Name of the caller control group to use for the moderator in this profile -->
<!-- <param name="moderator-controls" value="some name"/> -->
<!-- TTS Engine to use -->
<!-- <param name="tts-engine" value="cepstral"/> -->
<!-- TTS Voice to use -->
<!-- <param name="tts-voice" value="david"/> -->
<!-- If TTS is enabled all audio-file params beginning with -->
<!-- 'say:' will be considered text to say with TTS -->
<!-- Override the default path here, after which you use relative paths in the other sound params -->
<!-- Note: The default path is the conference's first caller's sound_prefix -->
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<!-- File to play to acknowledge succees -->
<!-- <param name="ack-sound" value="beep.wav"/> -->
<!-- File to play to acknowledge failure -->
<!-- <param name="nack-sound" value="beeperr.wav"/> -->
<!-- File to play to acknowledge muted -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<!-- File to play to acknowledge unmuted -->
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<!-- File to play if you are alone in the conference -->
<param name="alone-sound" value="conference/conf-alone.wav"/>
<!-- File to play endlessly (nobody will ever be able to talk) -->
<!-- <param name="perpetual-sound" value="perpetual.wav"/> -->
<!-- File to play when you're alone (music on hold)-->
<param name="moh-sound" value="$${hold_music}"/>
<!-- File to play when you join the conference -->
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<!-- File to play when you leave the conference -->
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<!-- File to play when you are ejected from the conference -->
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<!-- File to play when the conference is locked -->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<!-- File to play when the conference is locked during the call-->
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<!-- File to play when the conference is unlocked during the call-->
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<!-- File to play to prompt for a pin -->
<param name="pin-sound" value="conference/conf-pin.wav"/>
<!-- File to play to when the pin is invalid -->
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<!-- Conference pin -->
<!-- <param name="pin" value="12345"/> -->
<!-- <param name="moderator-pin" value="54321"/> -->
<!-- Max number of times the user can be prompted for PIN -->
<!-- <param name="pin-retries" value="3"/> -->
<!-- Default Caller ID Name for outbound calls -->
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<!-- Default Caller ID Number for outbound calls -->
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- Suppress start and stop talking events -->
<!-- <param name="suppress-events" value="start-talking,stop-talking"/> -->
<!-- enable comfort noise generation -->
<param name="comfort-noise" value="true"/>
<!-- Uncomment auto-record to toggle recording every conference call. -->
<!-- Another valid value is shout://user:pass@server.com/live.mp3 -->
<!--
<param name="auto-record" value="$${recordings_dir}/${conference_name}_${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
-->
<!-- IVR digit machine timeouts -->
<!-- How much to wait between DTMF digits to match caller-controls -->
<!-- <param name="ivr-dtmf-timeout" value="500"/> -->
<!-- How much to wait for the first DTMF, 0 forever -->
<!-- <param name="ivr-input-timeout" value="0" /> -->
<!-- Delay before a conference is asked to be terminated -->
<!-- <param name="endconf-grace-time" value="120" /> -->
<!-- Can be | delim of wait-mod|audio-always|video-bridge|video-floor-only
wait_mod will wait until the moderator in,
audio-always will always mix audio from all members regardless they are talking or not -->
<!-- <param name="conference-flags" value="audio-always"/> -->
<!-- Allow live array sync for Verto -->
<!-- <param name="conference-flags" value="livearray-sync"/> -->
</profile>
<profile name="wideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="ultrawideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="32000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|transcode-video|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1280x720"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
<!-- <param name="video-auto-floor-msec" value="100"/> -->
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="cdquality">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
{{if not (isTrue .Env.DISABLE_SOUND_MUTED) }}
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
{{end}}
{{if not (isTrue .Env.DISABLE_SOUND_ALONE) }}
<param name="alone-sound" value="conference/conf-alone.wav"/>
{{end}}
<!--
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
-->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- param name="comfort-noise" value="true"/ -->
<param name="comfort-noise" value="1400"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1920x1080"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
</profile>
<profile name="video-mcu-stereo">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="channels" value="2"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="local_stream://stereo"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="false"/>
<param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|minimize-video-encoding"/>
<param name="video-mode" value="mux"/>
<param name="video-layout-name" value="3x3"/>
<param name="video-layout-name" value="group:grid"/>
<param name="video-canvas-size" value="1920x1080"/>
<param name="video-canvas-bgcolor" value="#333333"/>
<param name="video-layout-bgcolor" value="#000000"/>
<param name="video-codec-bandwidth" value="1mb"/>
<param name="video-fps" value="15"/>
</profile>
<profile name="sla">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="caller-controls" value="none"/>
<param name="energy-level" value="200"/>
<param name="moh-sound" value="silence"/>
<param name="comfort-noise" value="true"/>
</profile>
</profiles>
</configuration>

113
mod/freeswitch/conf/sip_profiles/external-ipv6.xml
View File

@ -1,4 +1,113 @@
<profile name="external-ipv6">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-ipv6/*.xml"/>
</gateways>
<aliases>
<!-- <!--
IPv6 is disabled for now since there a some more configurations needed <alias name="outbound"/>
to make it work beautifully <alias name="nat"/>
--> -->
</aliases>
<domains>
<!--<domain name="all" alias="false" parse="true"/>-->
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge support
<param name="apply-candidate-acl" value="wan_v6.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v6.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
-->
<param name="apply-candidate-acl" value="deny_private_v6"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="rtp-ip" value="$${external_ip_v6}"/>
<param name="sip-ip" value="$${local_ip_v6}"/>
<!-- Shouldn't set these on IPv6 -->
<!--<param name="ext-rtp-ip" value="auto-nat"/>-->
<!--<param name="ext-sip-ip" value="auto-nat"/>-->
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

7
mod/freeswitch/conf/vars.xml.tmpl
View File

@ -60,7 +60,8 @@
--> -->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/> <X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/> <X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IP }}"/> <X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v6={{ .Env.EXTERNAL_IPv6 }}"/>
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/> <X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/> <X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/> <X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
@ -300,7 +301,7 @@
If unspecified, the bind_server_ip value is used. If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml Used by: sofia.conf.xml dingaling.conf.xml
--> -->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IP }}"/> <X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- external_sip_ip <!-- external_sip_ip
Used as the public IP address for SDP. Used as the public IP address for SDP.
@ -313,7 +314,7 @@
If unspecified, the bind_server_ip value is used. If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml Used by: sofia.conf.xml dingaling.conf.xml
--> -->
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IP }}"/> <X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- unroll-loops <!-- unroll-loops
Used to turn on sip loopback unrolling. Used to turn on sip loopback unrolling.

5
mod/freeswitch/entrypoint.sh
View File

@ -4,8 +4,8 @@
iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D
# block requests to 5060 (tcp/udp) # block requests to 5060 (tcp/udp)
iptables -A INPUT -i "$NETWORK_INTERFACE" -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT iptables -A INPUT -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT
iptables -A INPUT -i "$NETWORK_INTERFACE" -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT iptables -A INPUT -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT
# allow some IPs # allow some IPs
IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST" IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST"
@ -17,4 +17,5 @@ done
dockerize \ dockerize \
-template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \ -template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \
-template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \
/usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf /usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf

4
mod/html5/Dockerfile
View File

@ -14,7 +14,7 @@ USER meteor
ENV METEOR_VERSION 1.8.1 ENV METEOR_VERSION 1.8.1
RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh
ENV TAG v2.2.20 ENV TAG v2.2.21
RUN cd ~ \ RUN cd ~ \
&& svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
&& mv ~/bigbluebutton-html5 ~/source \ && mv ~/bigbluebutton-html5 ~/source \
@ -51,4 +51,4 @@ USER meteor
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
# lets set the tag again, so that it is include in the image for later version retrieval # lets set the tag again, so that it is include in the image for later version retrieval
ENV TAG v2.2.20 ENV TAG v2.2.21

5
mod/html5/entrypoint.sh
View File

@ -8,6 +8,11 @@ export ENVIRONMENT_TYPE=production
export PORT=3000 export PORT=3000
export LANG=en_US.UTF-8 export LANG=en_US.UTF-8
if [ "$DEV_MODE" == true ]; then
echo "DEV_MODE=true, disable TLS certificate rejecting"
export NODE_TLS_REJECT_UNAUTHORIZED=0
fi
rm -f /app/programs/server/assets/app/config/settings.yml rm -f /app/programs/server/assets/app/config/settings.yml
dockerize \ dockerize \
-template /app/programs/server/assets/app/config/settings.yml.tmpl:/app/programs/server/assets/app/config/settings.yml \ -template /app/programs/server/assets/app/config/settings.yml.tmpl:/app/programs/server/assets/app/config/settings.yml \

14
mod/html5/settings.yml
View File

@ -4,14 +4,14 @@ public:
desktopFontSize: 14px desktopFontSize: 14px
audioChatNotification: false audioChatNotification: false
autoJoin: true autoJoin: true
listenOnlyMode: true listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
forceListenOnly: false forceListenOnly: false
skipCheck: false skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
clientTitle: {{ .Env.CLIENT_TITLE }} clientTitle: {{ .Env.CLIENT_TITLE }}
appName: BigBlueButton HTML5 Client appName: BigBlueButton HTML5 Client
bbbServerVersion: 2.2 bbbServerVersion: 2.2
copyright: "©2020 BigBlueButton Inc." copyright: "©2020 BigBlueButton Inc."
html5ClientBuild: 968 html5ClientBuild: 980
helpLink: https://bigbluebutton.org/html5/ helpLink: https://bigbluebutton.org/html5/
lockOnJoin: true lockOnJoin: true
cdn: "" cdn: ""
@ -137,8 +137,8 @@ public:
enableVideoStats: false enableVideoStats: false
enableVideoMenu: true enableVideoMenu: true
enableListenOnly: true enableListenOnly: true
autoShareWebcam: false autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }}
skipVideoPreview: false skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }}
pingPong: pingPong:
clearUsersInSeconds: 180 clearUsersInSeconds: 180
pongTimeInSeconds: 15 pongTimeInSeconds: 15
@ -159,8 +159,8 @@ public:
lines: 2 lines: 2
time: 5000 time: 5000
chat: chat:
enabled: true enabled: {{ .Env.CHAT_ENABLED }}
startClosed: false startClosed: {{ .Env.CHAT_START_CLOSED }}
min_message_length: 1 min_message_length: 1
max_message_length: 5000 max_message_length: 5000
grouping_messages_window: 10000 grouping_messages_window: 10000

28
mod/https/site-ipv4only.conf Normal file
View File

@ -0,0 +1,28 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2 default_server;
# we at still serve https via IPv6 for the
# case that an AAAA record is set.
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}

28
mod/https/site.conf Normal file
View File

@ -0,0 +1,28 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}

4
mod/nginx/bbb/bbb-exporter.nginx Normal file
View File

@ -0,0 +1,4 @@
location /bbb-exporter {
proxy_pass http://10.7.7.33:9688;
proxy_http_version 1.1;
}

26
mod/nginx/bbb/notes.nginx
View File

@ -1,15 +1,21 @@
# https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy # https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
location ~ "^\/pad\/p\/(\w+)$" { location /pad/p/ {
rewrite /pad/(.*) /$1 break; rewrite /pad/p/(.*) /p/$1 break;
rewrite ^/pad$ /pad/ permanent; rewrite ^/pad/p$ /pad/p/ permanent;
proxy_pass http://etherpad:9001; proxy_pass http://etherpad:9001;
proxy_pass_header Server; proxy_pass_header Server;
proxy_redirect / /pad; proxy_redirect / /pad;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_buffering off; proxy_buffering off;
auth_request /bigbluebutton/connection/checkAuthorization; # there is currently no viable source for building the
auth_request_set $auth_status $upstream_status; # bbb-etherpad including sesstiontokens which got introduced in v2.2.21
# https://github.com/bigbluebutton/bigbluebutton/issues/10159
#
# We disable the authentication for now.
# auth_request /bigbluebutton/connection/checkAuthorization;
# auth_request_set $auth_status $upstream_status;
} }
location /pad { location /pad {
@ -22,6 +28,13 @@ location /pad {
proxy_buffering off; proxy_buffering off;
} }
location /pad/socket.io/socket.io.js {
rewrite /pad/socket.io/socket.io.js /socket.io/socket.io.js break;
proxy_pass http://etherpad:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
location /pad/socket.io { location /pad/socket.io {
rewrite /pad/socket.io/(.*) /socket.io/$1 break; rewrite /pad/socket.io/(.*) /socket.io/$1 break;
proxy_pass http://etherpad:9001/; proxy_pass http://etherpad:9001/;
@ -36,6 +49,9 @@ location /pad/socket.io {
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
# auth_request /bigbluebutton/connection/checkAuthorization;
# auth_request_set $auth_status $upstream_status;
} }
location /static { location /static {

5
mod/nginx/bbb/sip.nginx
View File

@ -1,5 +1,5 @@
location /ws { location /ws {
proxy_pass https://host.docker.internal:7443; proxy_pass https://$freeswitch_addr:7443;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
@ -9,4 +9,7 @@ location /ws {
proxy_send_timeout 6h; proxy_send_timeout 6h;
client_body_timeout 6h; client_body_timeout 6h;
send_timeout 6h; send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
} }

11
mod/nginx/bigbluebutton
View File

@ -1,7 +1,14 @@
map $remote_addr $freeswitch_addr {
"~:" [::1];
default 10.7.7.1;
}
server { server {
listen 80 default_server; listen 8080 default_server;
listen [::]:8080 default_server;
server_name _; server_name _;
access_log /var/log/nginx/bigbluebutton.access.log; access_log /dev/stdout;
absolute_redirect off;
# redirect to greenlight # redirect to greenlight
location = / { location = / {

1
mod/webhooks/config.yml
View File

@ -67,4 +67,3 @@ redis:
eventsPrefix: bigbluebutton:webhooks:events eventsPrefix: bigbluebutton:webhooks:events
userMaps: bigbluebutton:webhooks:userMaps userMaps: bigbluebutton:webhooks:userMaps
userMapPrefix: bigbluebutton:webhooks:userMap userMapPrefix: bigbluebutton:webhooks:userMap
userMapPrefix: bigbluebutton:webhooks:userMap

41
sample.env
View File

@ -19,6 +19,11 @@ ENABLE_GREENLIGHT=true
# used by some integrations # used by some integrations
#ENABLE_WEBHOOKS=true #ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
#ENABLE_PROMETHEUS_EXPORTER=true
# ==================================== # ====================================
# SECRETS # SECRETS
# ==================================== # ====================================
@ -35,9 +40,12 @@ RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c
DOMAIN=bbb.example.com DOMAIN=bbb.example.com
EXTERNAL_IP=144.76.97.10 EXTERNAL_IPv4=144.76.97.10
EXTERNAL_IPv6=
# setting the network interface speeds up kurentos WebRTC connection time # setting the network interface speeds up kurentos WebRTC connection time,
# but currently also disables IPv6 for Kurento
# (https://github.com/Kurento/bugtracker/issues/500)
#NETWORK_INTERFACE=ens3 #NETWORK_INTERFACE=ens3
# STUN SERVER # STUN SERVER
@ -63,15 +71,40 @@ SIP_IP_ALLOWLIST=
CLIENT_TITLE=BigBlueButton CLIENT_TITLE=BigBlueButton
WELCOME_FOOTER=This server is running <a href="http://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>. # use following lines to replace the default welcome message and footer
WELCOME_MESSAGE=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="https://www.bigbluebutton.org/html5" target="_blank"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others.
WELCOME_FOOTER=This server is running <a href="https://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>.
# use following line for an additional SIP dial-in message # use following line for an additional SIP dial-in message
#WELCOME_FOOTER=This server is running <a href="http://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number. #WELCOME_FOOTER=This server is running <a href="https://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number.
# for a different default presentation, place the pdf file in ./conf/ and # for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path # adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# set to false to disable listenOnlyMode
LISTEN_ONLY_MODE=true
# set to true to disable echo test
DISABLE_ECHO_TEST=false
# set to true to automatically share webcam
AUTO_SHARE_WEBCAM=false
# set to true to disable video preview for webcam sharing
DISABLE_VIDEO_PREVIEW=false
# set to false to disable chat
CHAT_ENABLED=true
# set to true to start chat closed
CHAT_START_CLOSED=false
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# ==================================== # ====================================
# GREENLIGHT CONFIGURATION # GREENLIGHT CONFIGURATION

33
scripts/compose
View File

@ -6,8 +6,33 @@ cd $(dirname $0)/..
# load .env # load .env
if [ -f .env ] if [ -f .env ]
then then
# exclude WELCOME_FOOTER because it may contain invalid characters # exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | xargs) export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
fi
# check for non-optional environment variables,
# which got introduced later and may miss in existing
# .env files during upgrades
if [ -z "$EXTERNAL_IPv4" ]; then
echo "ERROR: EXTERNAL_IPv4 is not set in .env"
echo "BBB won't work without it."
echo "this can happen if you did an manual upgrade without executing"
echo " ./scripts/upgrade"
echo "try to run it again"
exit 1
fi
# set conditional variables
export CERTIFICATE_DOMAINS=$DOMAIN
export GREENLIGHT_ENDPOINT=https://$DOMAIN/bigbluebutton/api/
if [ "$DEV_MODE" == true ]; then
export CERTIFICATE_DOMAINS="invalid"
export GREENLIGHT_ENDPOINT=http://10.7.7.1:8080/bigbluebutton/api/
fi
if [ ! -z "$EXTERNAL_IPv6" ]; then
export HTTPS_SITE_FILE="site.conf"
else
export HTTPS_SITE_FILE="site-ipv4only.conf"
fi fi
# concatenate docker-compose file # concatenate docker-compose file
@ -28,4 +53,8 @@ if [ "$ENABLE_WEBHOOKS" == true ]; then
COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.webhooks.yml" COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.webhooks.yml"
fi fi
if [ "$ENABLE_PROMETHEUS_EXPORTER" == true ]; then
COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.prometheus.yml"
fi
docker-compose $COMPOSE_FILES $@ docker-compose $COMPOSE_FILES $@

32
scripts/setup
View File

@ -19,7 +19,8 @@ then
fi fi
EXTERNAL_IP=$(curl -s http://whatismyip.akamai.com) EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com)
EXTERNAL_IPv6=$(curl -6 -s https://icanhazip.com || true)
greenlight="" greenlight=""
while [[ ! $greenlight =~ ^(y|n)$ ]]; do while [[ ! $greenlight =~ ^(y|n)$ ]]; do
@ -46,22 +47,39 @@ done
ip_correct="" ip_correct=""
while [[ ! $ip_correct =~ ^(y|n)$ ]]; do while [[ ! $ip_correct =~ ^(y|n)$ ]]; do
read -p "Is $EXTERNAL_IP your external IPv4 address? (y/n): " ip_correct read -p "Is $EXTERNAL_IPv4 your external IPv4 address? (y/n): " ip_correct
done done
if [ ! "$ip_correct" == "y" ] if [ ! "$ip_correct" == "y" ]
then then
EXTERNAL_IP="" EXTERNAL_IPv4=""
while [[ ! $EXTERNAL_IP =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do while [[ ! $EXTERNAL_IPv4 =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do
read -p "Please enter correct IPv4 address: " EXTERNAL_IP read -p "Please enter correct IPv4 address: " EXTERNAL_IPv4
done done
fi fi
if [ -n "$EXTERNAL_IPv6" ]
then
ip_correct=""
while [[ ! $ip_correct =~ ^(y|n)$ ]]; do
read -p "Is $EXTERNAL_IPv6 your external IPv6 address? (y/n): " ip_correct
done
if [ ! "$ip_correct" == "y" ]
then
EXTERNAL_IPv6=""
while [[ ! $EXTERNAL_IPv6 =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do
read -p "Please enter correct IPv6 address: " EXTERNAL_IPv6
done
fi
fi
# write settings # write settings
cp sample.env .env cp sample.env .env
sed -i "s/EXTERNAL_IP=.*/EXTERNAL_IP=$EXTERNAL_IP/" .env sed -i "s/EXTERNAL_IPv4=.*/EXTERNAL_IPv4=$EXTERNAL_IPv4/" .env
sed -i "s/EXTERNAL_IPv6=.*/EXTERNAL_IPv6=$EXTERNAL_IPv6/" .env
sed -i "s/DOMAIN=.*/DOMAIN=$DOMAIN/" .env sed -i "s/DOMAIN=.*/DOMAIN=$DOMAIN/" .env
if [ ! "$greenlight" == "y" ] if [ ! "$greenlight" == "y" ]
@ -79,7 +97,7 @@ then
sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:465?transport=tcp/" .env sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:465?transport=tcp/" .env
TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32) TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IP/" .env sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
else else
sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
fi fi

9
scripts/upgrade
View File

@ -13,6 +13,9 @@ then
RESTARTED=1 ./scripts/upgrade RESTARTED=1 ./scripts/upgrade
else else
# update changed environment variable
sed -i 's/EXTERNAL_IP=/EXTERNAL_IPv4=/' .env
echo "" echo ""
echo "# pull newest bbb-webrtc-sfu" echo "# pull newest bbb-webrtc-sfu"
git submodule update --remote git submodule update --remote
@ -25,13 +28,9 @@ else
echo "" echo ""
echo "# rebuild images" echo "# rebuild images"
# rebuild core without caching, since the deb-packages might have changed # rebuild everything which got modified
./scripts/compose build --pull --no-cache core
# rebuild everything else only when modified
./scripts/compose build --pull ./scripts/compose build --pull
COMMIT_HASH=$(git rev-parse --short HEAD) COMMIT_HASH=$(git rev-parse --short HEAD)
BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)