From 2ba82afaa1aef01cbeb3167b7cec67bdd0b1dd5d Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 9 Apr 2020 08:48:47 +0200 Subject: [PATCH] seperate nginx --- docker-compose.yml | 27 +- mod/html5/config.yml | 2 +- mod/nginx/bbb/bbb-html5.nginx | 10 + mod/nginx/bbb/demo.nginx | 23 ++ mod/nginx/bbb/notes.nginx | 47 +++ mod/nginx/bbb/presentation-slides.nginx | 41 ++ mod/nginx/bbb/presentation.nginx | 36 ++ mod/nginx/bbb/screenshare.nginx | 17 + mod/nginx/{ => bbb}/sip.nginx | 0 mod/nginx/bbb/verto.nginx | 10 + mod/nginx/bbb/web.nginx | 118 ++++++ mod/nginx/bbb/webrtc-sfu.nginx | 14 + mod/nginx/bigbluebutton | 6 +- mod/pad/settings.json | 527 ++++++++++++++++++++++++ setup.sh | 5 + 15 files changed, 877 insertions(+), 6 deletions(-) create mode 100644 mod/nginx/bbb/bbb-html5.nginx create mode 100644 mod/nginx/bbb/demo.nginx create mode 100644 mod/nginx/bbb/notes.nginx create mode 100644 mod/nginx/bbb/presentation-slides.nginx create mode 100644 mod/nginx/bbb/presentation.nginx create mode 100644 mod/nginx/bbb/screenshare.nginx rename mod/nginx/{ => bbb}/sip.nginx (100%) create mode 100644 mod/nginx/bbb/verto.nginx create mode 100755 mod/nginx/bbb/web.nginx create mode 100644 mod/nginx/bbb/webrtc-sfu.nginx create mode 100644 mod/pad/settings.json diff --git a/docker-compose.yml b/docker-compose.yml index e25e3fe..3a1f4ed 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,7 @@ version: '2' + + services: bbb: image: bbb @@ -18,12 +20,33 @@ services: - ./setup.sh:/opt/setup.sh - ./mod/freeswitch/vars.xml:/opt/freeswitch/conf/vars.xml - ./mod/freeswitch/external.xml:/opt/freeswitch/conf/sip_profiles/external.xml - - ./mod/nginx/sip.nginx:/etc/bigbluebutton/nginx/sip.nginx - - ./mod/nginx/bigbluebutton:/etc/nginx/sites-available/bigbluebutton - ./mod/html5/systemd_start.sh:/usr/share/meteor/bundle/systemd_start.sh - ./mod/html5/config.yml:/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml - ./mod/web/override.conf:/etc/systemd/system/bbb-web.service.d/override.conf - ./mod/web/bigbluebutton.properties:/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties - ./mod/kurento/WebRtcEndpoint.conf.ini:/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini - ./mod/bbb-webrtc-sfu/config.yml:/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml + - ./mod/pad/settings.json:/usr/share/etherpad-lite/settings.json network_mode: host + + nginx: + image: nginx:1.17 + ports: + - "80:80" + volumes: + - ./mod/nginx/bbb:/etc/nginx/bbb + - ./mod/nginx/bigbluebutton:/etc/nginx/conf.d/default.conf + networks: + - bluenet + extra_hosts: + - "host.docker.internal:10.7.7.1" + + + +networks: + bluenet: + driver: bridge + ipam: + config: + - subnet: 10.7.7.0/24 + gateway: 10.7.7.1 \ No newline at end of file diff --git a/mod/html5/config.yml b/mod/html5/config.yml index 47d33bb..6aa8011 100644 --- a/mod/html5/config.yml +++ b/mod/html5/config.yml @@ -315,7 +315,7 @@ private: etherpad: apikey: 9xLdxQJ8XoTUy3q7W4ZgpvKYqX16yqirdESk9i54FVm6PiJ1paRd8JOI1MT4pywm version: 1.2.13 - host: 127.0.0.1 + host: 10.7.7.1 port: 9001 redis: host: 127.0.0.1 diff --git a/mod/nginx/bbb/bbb-html5.nginx b/mod/nginx/bbb/bbb-html5.nginx new file mode 100644 index 0000000..767525c --- /dev/null +++ b/mod/nginx/bbb/bbb-html5.nginx @@ -0,0 +1,10 @@ +location /html5client { + proxy_pass http://host.docker.internal:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} + +location /_timesync { + proxy_pass http://host.docker.internal:3000; +} diff --git a/mod/nginx/bbb/demo.nginx b/mod/nginx/bbb/demo.nginx new file mode 100644 index 0000000..9e6ff55 --- /dev/null +++ b/mod/nginx/bbb/demo.nginx @@ -0,0 +1,23 @@ + # Forward request to /demo to tomcat. This is for + # the BigBlueButton api demos. + location /demo { + proxy_pass http://host.docker.internal:8080; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Allow 30M uploaded presentation document. + client_max_body_size 30m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + + include fastcgi_params; + } + diff --git a/mod/nginx/bbb/notes.nginx b/mod/nginx/bbb/notes.nginx new file mode 100644 index 0000000..0d0c172 --- /dev/null +++ b/mod/nginx/bbb/notes.nginx @@ -0,0 +1,47 @@ +# https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy +location ~ "^\/pad\/p\/(\w+)$" { + rewrite /pad/(.*) /$1 break; + rewrite ^/pad$ /pad/ permanent; + proxy_pass http://host.docker.internal:9001; + proxy_pass_header Server; + proxy_redirect / /pad; + proxy_set_header Host $host; + proxy_buffering off; + + auth_request /bigbluebutton/connection/checkAuthorization; + auth_request_set $auth_status $upstream_status; +} + +location /pad { + rewrite /pad/(.*) /$1 break; + rewrite ^/pad$ /pad/ permanent; + proxy_pass http://host.docker.internal:9001/; + proxy_pass_header Server; + proxy_redirect / /pad/; + proxy_set_header Host $host; + proxy_buffering off; +} + +location /pad/socket.io { + rewrite /pad/socket.io/(.*) /socket.io/$1 break; + proxy_pass http://host.docker.internal:9001/; + proxy_redirect / /pad/; + proxy_set_header Host $host; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule + proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP + proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header Host $host; # pass the host header + proxy_http_version 1.1; # recommended with keepalive connections + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} + +location /static { + rewrite /static/(.*) /static/$1 break; + proxy_pass http://host.docker.internal:9001/; + proxy_set_header Host $host; + proxy_buffering off; +} + diff --git a/mod/nginx/bbb/presentation-slides.nginx b/mod/nginx/bbb/presentation-slides.nginx new file mode 100644 index 0000000..63f9bfa --- /dev/null +++ b/mod/nginx/bbb/presentation-slides.nginx @@ -0,0 +1,41 @@ +# +# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/ +# +# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below). +# +# This program is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free Software +# Foundation; either version 3.0 of the License, or (at your option) any later +# version. +# +# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License along +# with BigBlueButton; if not, see . +# + +# Have nginx serve the presentation slides instead of tomcat as large files +# causes tomcat to OOM. (ralam sept 20, 2018) + + # location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/svg\/(?\d+)$ { + # default_type image/svg+xml; + # alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg; + # } + + # location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/slide\/(?\d+)$ { + # alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf; + # } + + # location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/thumbnail\/(?\d+)$ { + # default_type image/png; + # alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png; + # } + + # location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/textfiles\/(?\d+)$ { + # default_type text/plain; + # alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt; + # } + + diff --git a/mod/nginx/bbb/presentation.nginx b/mod/nginx/bbb/presentation.nginx new file mode 100644 index 0000000..8aaa662 --- /dev/null +++ b/mod/nginx/bbb/presentation.nginx @@ -0,0 +1,36 @@ +# +# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/ +# +# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below). +# +# This program is free software; you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free Software +# Foundation; either version 3.0 of the License, or (at your option) any later +# version. +# +# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License along +# with BigBlueButton; if not, see . +# + + # location /playback/presentation/playback.html { + # return 301 /playback/presentation/0.81/playback.html?$query_string; + # # If you have recordings from 0.9.0 beta versions and are sure + # # that you will never want to play recordings made with + # # BigBlueButton 0.81, comment the line above and uncomment the + # # following line: + # #return 301 /playback/presentation/0.9.0/playback.html?$query_string; + # } + + # location /playback/presentation { + # root /var/bigbluebutton; + # index index.html index.htm; + # } + + # location /presentation { + # root /var/bigbluebutton/published; + # index index.html index.htm; + # } diff --git a/mod/nginx/bbb/screenshare.nginx b/mod/nginx/bbb/screenshare.nginx new file mode 100644 index 0000000..1b3cb88 --- /dev/null +++ b/mod/nginx/bbb/screenshare.nginx @@ -0,0 +1,17 @@ + # Handle desktop sharing tunneling. Forwards + # requests to Red5 on port 5080. + location /screenshare { + proxy_pass http://host.docker.internal:5080; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + client_max_body_size 10m; + client_body_buffer_size 128k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + include fastcgi_params; + } diff --git a/mod/nginx/sip.nginx b/mod/nginx/bbb/sip.nginx similarity index 100% rename from mod/nginx/sip.nginx rename to mod/nginx/bbb/sip.nginx diff --git a/mod/nginx/bbb/verto.nginx b/mod/nginx/bbb/verto.nginx new file mode 100644 index 0000000..cfafdab --- /dev/null +++ b/mod/nginx/bbb/verto.nginx @@ -0,0 +1,10 @@ +location /verto { + proxy_pass https://host.docker.internal:8082; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_read_timeout 6h; + proxy_send_timeout 6h; + client_body_timeout 6h; + send_timeout 6h; +} diff --git a/mod/nginx/bbb/web.nginx b/mod/nginx/bbb/web.nginx new file mode 100755 index 0000000..a509a07 --- /dev/null +++ b/mod/nginx/bbb/web.nginx @@ -0,0 +1,118 @@ + # Handle request to bbb-web running within a SpringBoot Tomcat embedded servlet container. This is for BBB-API and Presentation. + location /bigbluebutton { + proxy_http_version 1.1; + + location /bigbluebutton { + proxy_pass http://host.docker.internal:8090; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Workaround IE refusal to set cookies in iframe + add_header P3P 'CP="No P3P policy available"'; + } + + + location ~ "^\/bigbluebutton\/presentation\/(?[a-zA-Z0-9_-]+)/upload$" { + proxy_pass http://host.docker.internal:8090; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # Workaround IE refusal to set cookies in iframe + add_header P3P 'CP="No P3P policy available"'; + + # Allow 30M uploaded presentation document. + client_max_body_size 30m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + + include fastcgi_params; + + proxy_request_buffering off; + + # Send a sub-request to allow bbb-web to refuse before loading + auth_request /bigbluebutton/presentation/checkPresentation; + + } + + location = /bigbluebutton/presentation/checkPresentation { + proxy_pass http://host.docker.internal:8090; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Presentation-Token $prestoken; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-Content-Length $http_content_length; + + # Allow 30M uploaded presentation document. + client_max_body_size 30m; + client_body_buffer_size 128k; + + proxy_pass_request_body off; + proxy_request_buffering off; + + } + + # To check connection authentication, include: + # auth_request /bigbluebutton/connection/checkAuthorization; + # auth_request_set $auth_status $upstream_status; + # + # and make sure to add sessionToken param in the request URI + location = /bigbluebutton/connection/checkAuthorization { + internal; + proxy_pass http://host.docker.internal:8090; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + } + + location ~ "^/bigbluebutton\/textTrack\/(?[a-zA-Z0-9]+)\/(?[a-zA-Z0-9_-]+)\/(?.+)$" { + # Workaround IE refusal to set cookies in iframe + add_header P3P 'CP="No P3P policy available"'; + + # Allow 30M uploaded presentation document. + client_max_body_size 30m; + client_body_buffer_size 128k; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + + include fastcgi_params; + + proxy_request_buffering off; + + # Send a sub-request to allow bbb-web to refuse before loading + auth_request /bigbluebutton/textTrack/validateAuthToken; + + default_type text/plain; + alias /var/bigbluebutton/captions/$recordId/$textTrack; + + } + + location = /bigbluebutton/textTrack/validateAuthToken { + internal; + proxy_pass http://host.docker.internal:8090; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-textTrack-token $textTrackToken; + proxy_set_header X-textTrack-recordId $recordId; + proxy_set_header X-textTrack-track $textTrack; + proxy_set_header X-Original-URI $request_uri; + } + + } diff --git a/mod/nginx/bbb/webrtc-sfu.nginx b/mod/nginx/bbb/webrtc-sfu.nginx new file mode 100644 index 0000000..7b8689b --- /dev/null +++ b/mod/nginx/bbb/webrtc-sfu.nginx @@ -0,0 +1,14 @@ +location /bbb-webrtc-sfu { + proxy_pass http://host.docker.internal:3008; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_read_timeout 6h; + proxy_send_timeout 6h; + client_body_timeout 6h; + send_timeout 6h; + + auth_request /bigbluebutton/connection/checkAuthorization; + auth_request_set $auth_status $upstream_status; +} + diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index f3725d9..dbc2534 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -6,7 +6,7 @@ server { # Handle RTMPT (RTMP Tunneling). Forwards requests # to Red5 on port 5080 location ~ (/open/|/close/|/idle/|/send/|/fcs/) { - proxy_pass http://127.0.0.1:5080; + proxy_pass http://10.7.7.1:5080; proxy_redirect off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -24,7 +24,7 @@ server { # Handle desktop sharing tunneling. Forwards # requests to Red5 on port 5080. location /deskshare { - proxy_pass http://127.0.0.1:5080; + proxy_pass http://10.7.7.1:5080; proxy_redirect default; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; @@ -47,7 +47,7 @@ server { } # Include specific rules for record and playback - include /etc/bigbluebutton/nginx/*.nginx; + include /etc/nginx/bbb/*.nginx; #error_page 404 /404.html; diff --git a/mod/pad/settings.json b/mod/pad/settings.json new file mode 100644 index 0000000..f7c9ebc --- /dev/null +++ b/mod/pad/settings.json @@ -0,0 +1,527 @@ +/* + * This file must be valid JSON. But comments are allowed + * + * Please edit settings.json, not settings.json.template + * + * Please note that starting from Etherpad 1.6.0 you can store DB credentials in + * a separate file (credentials.json). + * + * + * ENVIRONMENT VARIABLE SUBSTITUTION + * ================================= + * + * All the configuration values can be read from environment variables using the + * syntax "${ENV_VAR}" or "${ENV_VAR:default_value}". + * + * This is useful, for example, when running in a Docker container. + * + * EXAMPLE: + * "port": "${PORT:9001}" + * "minify": "${MINIFY}" + * "skinName": "${SKIN_NAME:colibris}" + * + * Would read the configuration values for those items from the environment + * variables PORT, MINIFY and SKIN_NAME. + * + * If PORT and SKIN_NAME variables were not defined, the default values 9001 and + * "colibris" would be used. + * The configuration value "minify", on the other hand, does not have a + * designated default value. Thus, if the environment variable MINIFY were + * undefined, "minify" would be null. + * + * REMARKS: + * 1) please note that variable substitution always needs to be quoted. + * + * "port": 9001, <-- Literal values. When not using + * "minify": false substitution, only strings must be + * "skinName": "colibris" quoted. Booleans and numbers must not. + * + * "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable + * "minify": "${MINIFY:true}" substitution, put quotes around its name, + * "skinName": "${SKIN_NAME}" even if the required value is a number or + * a boolean. + * Etherpad will take care of rewriting it + * to the proper type if necessary. + * + * "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes + * "minify": ${MINIFY} around variable names are missing. + * "skinName": ${SKIN_NAME} + * + * 2) Beware of undefined variables and default values: nulls and empty strings + * are different! + * + * This is particularly important for user's passwords (see the relevant + * section): + * + * "password": "${PASSW}" // if PASSW is not defined would result in password === null + * "password": "${PASSW:}" // if PASSW is not defined would result in password === '' + * + */ + { + /* + * Name your instance! + */ + "title": "Etherpad", + + /* + * favicon default name + * alternatively, set up a fully specified Url to your own favicon + */ + "favicon": "favicon.ico", + + /* + * Skin name. + * + * Its value has to be an existing directory under src/static/skins. + * You can write your own, or use one of the included ones: + * + * - "no-skin": an empty skin (default). This yields the unmodified, + * traditional Etherpad theme. + * - "colibris": the new experimental skin (since Etherpad 1.8), candidate to + * become the default in Etherpad 2.0 + */ + "skinName": "no-skin", + + /* + * IP and port which etherpad should bind at + */ + "ip": "10.7.7.1", + "port": 9001, + + /* + * Option to hide/show the settings.json in admin page. + * + * Default option is set to true + */ + "showSettingsInAdminPage": true, + + /* + * Node native SSL support + * + * This is disabled by default. + * Make sure to have the minimum and correct file access permissions set so + * that the Etherpad server can access them + */ + + /* + "ssl" : { + "key" : "/path-to-your/epl-server.key", + "cert" : "/path-to-your/epl-server.crt", + "ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"] + }, + */ + + /* + * The type of the database. + * + * You can choose between many DB drivers, for example: dirty, postgres, + * sqlite, mysql. + * + * You shouldn't use "dirty" for for anything else than testing or + * development. + * + * + * Database specific settings are dependent on dbType, and go in dbSettings. + * Remember that since Etherpad 1.6.0 you can also store these informations in + * credentials.json. + * + * For a complete list of the supported drivers, please refer to: + * https://www.npmjs.com/package/ueberdb2 + */ + + "dbType": "redis", + "dbSettings": { + "host": "localhost", + "port": 6379 + }, + + /* + * An Example of MySQL Configuration (commented out). + * + * See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL + */ + + /* + "dbType" : "mysql", + "dbSettings" : { + "user": "etherpaduser", + "host": "localhost", + "port": 3306, + "password": "PASSWORD", + "database": "etherpad_lite_db", + "charset": "utf8mb4" + }, + */ + + /* + "dbType" : "redis", + "dbSettings" : { + "host": "localhost", + "port": 6379, + "client_options": { + "password": "PASSWORD" + } + }, + */ + + /* + * The default text of a pad + */ + "defaultPadText" : "", + + /* + * Default Pad behavior. + * + * Change them if you want to override. + */ + "padOptions": { + "noColors": true, + "showControls": true, + "showChat": false, + "showLineNumbers": false, + "useMonospaceFont": false, + "userName": false, + "userColor": false, + "rtl": false, + "alwaysShowChat": false, + "chatAndUsers": false, + "lang": "en-gb" + }, + + /* + * Pad Shortcut Keys + */ + "padShortcutEnabled" : { + "altF9": true, /* focus on the File Menu and/or editbar */ + "altC": false, /* focus on the Chat window */ + "cmdShift2": true, /* shows a gritter popup showing a line author */ + "delete": true, + "return": true, + "esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */ + "cmdS": true, /* save a revision */ + "tab": true, /* indent */ + "cmdZ": true, /* undo/redo */ + "cmdY": true, /* redo */ + "cmdI": true, /* italic */ + "cmdB": true, /* bold */ + "cmdU": true, /* underline */ + "cmd5": true, /* strike through */ + "cmdShiftL": true, /* unordered list */ + "cmdShiftN": true, /* ordered list */ + "cmdShift1": true, /* ordered list */ + "cmdShiftC": true, /* clear authorship */ + "cmdH": true, /* backspace */ + "ctrlHome": true, /* scroll to top of pad */ + "pageUp": true, + "pageDown": true + }, + + /* + * Should we suppress errors from being visible in the default Pad Text? + */ + "suppressErrorsInPadText": true, + + /* + * If this option is enabled, a user must have a session to access pads. + * This effectively allows only group pads to be accessed. + */ + "requireSession": false, + + /* + * Users may edit pads but not create new ones. + * + * Pad creation is only via the API. + * This applies both to group pads and regular pads. + */ + "editOnly": false, + + /* + * If set to true, those users who have a valid session will automatically be + * granted access to password protected pads. + */ + "sessionNoPassword": false, + + /* + * If true, all css & js will be minified before sending to the client. + * + * This will improve the loading performance massively, but makes it difficult + * to debug the javascript/css + */ + "minify": true, + + /* + * How long may clients use served javascript code (in seconds)? + * + * Not setting this may cause problems during deployment. + * Set to 0 to disable caching. + */ + "maxAge": 21600, // 60 * 60 * 6 = 6 hours + + /* + * Absolute path to the Abiword executable. + * + * Abiword is needed to get advanced import/export features of pads. Setting + * it to null disables Abiword and will only allow plain text and HTML + * import/exports. + */ + "abiword": null, + + /* + * This is the absolute path to the soffice executable. + * + * LibreOffice can be used in lieu of Abiword to export pads. + * Setting it to null disables LibreOffice exporting. + */ + "soffice": null, + + /* + * Path to the Tidy executable. + * + * Tidy is used to improve the quality of exported pads. + * Setting it to null disables Tidy. + */ + "tidyHtml": null, + + /* + * Allow import of file types other than the supported ones: + * txt, doc, docx, rtf, odt, html & htm + */ + "allowUnknownFileEnds": false, + + /* + * This setting is used if you require authentication of all users. + * + * Note: "/admin" always requires authentication. + */ + "requireAuthentication": false, + + /* + * Require authorization by a module, or a user with is_admin set, see below. + */ + "requireAuthorization": false, + + /* + * When you use NGINX or another proxy/load-balancer set this to true. + * + * This is especially necessary when the reverse proxy performs SSL + * termination, otherwise the cookies will not have the "secure" flag. + * + * The other effect will be that the logs will contain the real client's IP, + * instead of the reverse proxy's IP. + */ + "trustProxy": true, + + /* + * Privacy: disable IP logging + */ + "disableIPlogging": false, + + /* + * Time (in seconds) to automatically reconnect pad when a "Force reconnect" + * message is shown to user. + * + * Set to 0 to disable automatic reconnection. + */ + "automaticReconnectionTimeout": 0, + + /* + * By default, when caret is moved out of viewport, it scrolls the minimum + * height needed to make this line visible. + */ + "scrollWhenFocusLineIsOutOfViewport": { + + /* + * Percentage of viewport height to be additionally scrolled. + * + * E.g.: use "percentage.editionAboveViewport": 0.5, to place caret line in + * the middle of viewport, when user edits a line above of the + * viewport + * + * Set to 0 to disable extra scrolling + */ + "percentage": { + "editionAboveViewport": 0, + "editionBelowViewport": 0 + }, + + /* + * Time (in milliseconds) used to animate the scroll transition. + * Set to 0 to disable animation + */ + "duration": 0, + + /* + * Flag to control if it should scroll when user places the caret in the + * last line of the viewport + */ + "scrollWhenCaretIsInTheLastLineOfViewport": false, + + /* + * Percentage of viewport height to be additionally scrolled when user + * presses arrow up in the line of the top of the viewport. + * + * Set to 0 to let the scroll to be handled as default by Etherpad + */ + "percentageToScrollWhenUserPressesArrowUp": 0 + }, + + /* + * Users for basic authentication. + * + * is_admin = true gives access to /admin. + * If you do not uncomment this, /admin will not be available! + * + * WARNING: passwords should not be stored in plaintext in this file. + * If you want to mitigate this, please install ep_hash_auth and + * follow the section "secure your installation" in README.md + */ + + /* + "users": { + "admin": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": true + }, + "user": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": false + } + }, + */ + + /* + * Restrict socket.io transport methods + */ + "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + + /* + * Allow Load Testing tools to hit the Etherpad Instance. + * + * WARNING: this will disable security on the instance. + */ + "loadTest": false, + + /* + * Disable indentation on new line when previous line ends with some special + * chars (':', '[', '(', '{') + */ + + /* + "indentationOnNewLine": false, + */ + + /* + * Delete pads plugin configuration. + * npm i ep_delete_after_delay_lite + */ + + "ep_delete_after_delay_lite": { + "delay": 86400, // one day, in seconds + "loop": true, + "loopDelay": 3600, // one hour, in seconds + "deleteAtStart": true + }, + + /* + * Redis publisher plugin configuration. + * npm i git+https://git@github.com/pedrobmarin/ep_redis_publisher.git + */ + + "ep_redis_publisher": { + "host": "localhost", + "port": 6379 + }, + + /* + "ep_redis_publisher": { + "host": "localhost", + "port": 6379, + "password": "PASSWORD" + }, + */ + + /* + * Toolbar buttons configuration. + * + * Uncomment to customize. + */ + + "toolbar": { + "left": [ + ["bold", "italic", "underline", "strikethrough"], + ["orderedlist", "unorderedlist", "undo", "redo"] + ], + "right": [["importexport"]] + }, + + /* + * Expose Etherpad version in the web interface and in the Server http header. + * + * Do not enable on production machines. + */ + "exposeVersion": false, + + /* + * The log level we are using. + * + * Valid values: DEBUG, INFO, WARN, ERROR + */ + "loglevel": "INFO", + + /* + * Logging configuration. See log4js documentation for further information: + * https://github.com/nomiddlename/log4js-node + * + * You can add as many appenders as you want here. + */ + "logconfig" : + { "appenders": [ + { "type": "console" + //, "category": "access"// only logs pad access + } + + /* + , { "type": "file" + , "filename": "your-log-file-here.log" + , "maxLogSize": 1024 + , "backups": 3 // how many log files there're gonna be at max + //, "category": "test" // only log a specific category + } + */ + + /* + , { "type": "logLevelFilter" + , "level": "warn" // filters out all log messages that have a lower level than "error" + , "appender": + { Use whatever appender you want here } + } + */ + + /* + , { "type": "logLevelFilter" + , "level": "error" // filters out all log messages that have a lower level than "error" + , "appender": + { "type": "smtp" + , "subject": "An error occurred in your EPL instance!" + , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com" + , "sendInterval": 300 // 60 * 5 = 5 minutes -- will buffer log messages; set to 0 to send a mail for every message + , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods + "host": "smtp.example.com", "port": 465, + "secureConnection": true, + "auth": { + "user": "foo@example.com", + "pass": "bar_foo" + } + } + } + } + */ + + ] + } // logconfig + } + \ No newline at end of file diff --git a/setup.sh b/setup.sh index 96f314e..f7f8786 100755 --- a/setup.sh +++ b/setup.sh @@ -10,6 +10,11 @@ TURN_XML=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml while [ ! -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; do sleep 1; echo -n '.'; done +# provide dummy nginx config +# so bbb scripts are happy, even if we don't use nginx here +echo -e "pid /run/nginx.pid;\n events {}" > /etc/nginx/nginx.conf +systemctl restart nginx + # delete IPv6 sip profiles rm -rf /opt/freeswitch/conf/sip_profiles/*-ipv6*