greenlight v3

2024-11-22 08:03:19 +01:00 · 2023-03-21 12:58:28 +01:00 · 2023-03-21 12:58:28 +01:00 · 3d433f8a5c
commit 3d433f8a5c
parent 0766a4033c
7 changed files with 99 additions and 221 deletions
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@ -156,6 +156,7 @@ services:
      - "etherpad:10.7.7.4"
      - "webrtc-sfu:10.7.7.1"
      - "html5:10.7.7.11"
+      - "greenlight:10.7.7.21"

  etherpad:
    build: mod/etherpad
@ -380,6 +381,10 @@ services:
    {{else}}
      - ./mod/https/site-ipv4only.conf:/etc/nginx/conf.d/bbb-docker.conf
    {{end}}
+    {{ if isTrue .Env.DEV_MODE }}
+      # allow bbb api access without https
+      - ./mod/https/force-https.conf:/usr/local/openresty/nginx/conf/force-https.conf
+    {{end}}
    environment:
      {{ if isTrue .Env.DEV_MODE }}
      ALLOWED_DOMAINS: ""
@ -417,24 +422,29 @@ services:
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
  # greenlight
  greenlight:
-    image: bigbluebutton/greenlight:v2
+    image: bigbluebutton/greenlight:{{ .Env.TAG_GREENLIGHT }}-alpine
    restart: unless-stopped
    env_file: .env
+    depends_on:
+      - postgres
+      - redis
+
    environment:
-      DB_ADAPTER: postgresql
-      DB_HOST: postgres
-      DB_NAME: greenlight
-      DB_USERNAME: postgres
-      DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
+      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
+      REDIS_URL: redis://redis:6379
      {{ if isTrue .Env.DEV_MODE }}
-      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48087/bigbluebutton/api/
+      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1/bigbluebutton/api
      {{else}}
-      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/
+      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
      {{end}}
      BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
      SECRET_KEY_BASE: ${RAILS_SECRET}
-    ports:
-      - 10.7.7.1:5000:80
+    volumes:
+       - ./greenlight-data:/usr/src/app/storage
+    networks:
+      bbb-net:
+        ipv4_address: 10.7.7.21
+
  postgres:
    image: postgres:12-alpine
    restart: unless-stopped
@ -449,6 +459,9 @@ services:
      retries: 5
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
+    networks:
+      bbb-net:
+        ipv4_address: 10.7.7.22
 {{end}}

 {{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
--- a/mod/https/force-https.conf
+++ b/mod/https/force-https.conf
@ -0,0 +1,15 @@
+# overwriting force-https.conf from valian/docker-nginx-auto-ssl
+
+location /bigbluebutton/api/join {
+  return 301 https://$host$request_uri;
+}
+
+# allow /api calls without redirecting to https
+location /bigbluebutton/api {
+  proxy_pass https://127.0.0.1:443;
+  proxy_ssl_verify off;
+}
+
+location / {
+  return 301 https://$host$request_uri;
+}
--- a/mod/nginx/bbb/greenlight.nginx
+++ b/mod/nginx/bbb/greenlight.nginx
@ -1,35 +0,0 @@
-# Routes requests to Greenlight based on the '/b' prefix.
-# Use this file to route '/b' paths on your BigBlueButton server
-# to the Greenlight application. If you are using a different
-# subpath, you should change it here.
-
-
-location /b {
-  proxy_pass           http://host.docker.internal:5000;
-  proxy_set_header     Host              $host;
-  proxy_set_header     X-Forwarded-For   $proxy_add_x_forwarded_for;
-  proxy_set_header     X-Forwarded-Proto $scheme;
-  proxy_set_header     X-Forwarded-Ssl on;
-  proxy_http_version   1.1;
-  client_max_body_size 1000m;
-}
-
-location /b/cable {
-  proxy_pass           http://host.docker.internal:5000;
-  proxy_set_header     Host              $host;
-  proxy_set_header     X-Forwarded-For   $proxy_add_x_forwarded_for;
-  proxy_set_header     X-Forwarded-Proto $scheme;
-  proxy_set_header     X-Forwarded-Ssl on;
-  proxy_set_header     Upgrade           $http_upgrade;
-  proxy_set_header     Connection        "Upgrade";
-  proxy_http_version   1.1;
-  proxy_read_timeout   6h;
-  proxy_send_timeout   6h;
-  client_body_timeout  6h;
-  send_timeout         6h;
-}
-
-# this is necessary for the preupload_presentation feature
-location /rails/active_storage {
-  return 301 /b$request_uri;
-}
--- a/mod/nginx/bigbluebutton
+++ b/mod/nginx/bigbluebutton
@ -29,12 +29,33 @@ server {
  # https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
  add_header Permissions-Policy "interest-cohort=()";

-  # redirect to greenlight
-  location = / {
-      return 302 /b;
-  }

  # Include specific rules for record and playback
  include /etc/nginx/bbb/*.nginx;

+
+  location / {
+    proxy_pass          http://greenlight:3000;
+    proxy_set_header    Host              $host;
+    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto $scheme;
+    proxy_set_header    X-Forwarded-Ssl on;
+    proxy_http_version  1.1;
+    client_max_body_size 1000m;
+  }
+
+  location /cable {
+    proxy_pass          http://greenlight:3000;
+    proxy_set_header    Host              $host;
+    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto $scheme;
+    proxy_set_header    X-Forwarded-Ssl on;
+    proxy_set_header    Upgrade           $http_upgrade;
+    proxy_set_header    Connection        "Upgrade";
+    proxy_http_version  1.1;
+    proxy_read_timeout  6h;
+    proxy_send_timeout  6h;
+    client_body_timeout 6h;
+    send_timeout        6h;
+  }
 }
--- a/sample.env
+++ b/sample.env
@ -160,180 +160,42 @@ NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
 # GREENLIGHT CONFIGURATION
 # ====================================

-# Microsoft Office365 Login Provider (optional)
-#
-# For in-depth steps on setting up a Office 365 Login Provider, see:
-#
-#   https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
-#
-OFFICE365_KEY=
-OFFICE365_SECRET=
-OFFICE365_HD=
+### SMTP CONFIGURATION
+# Emails are required for the basic features of Greenlight to function.
+# Please refer to your SMTP provider to get the values for the variables below
+#SMTP_SENDER_EMAIL=
+#SMTP_SENDER_NAME=
+#SMTP_SERVER=
+#SMTP_PORT=
+#SMTP_DOMAIN=
+#SMTP_USERNAME=
+#SMTP_PASSWORD=
+#SMTP_AUTH=
+#SMTP_STARTTLS_AUTO=true
+#SMTP_STARTTLS=false
+#SMTP_TLS=false
+#SMTP_SSL_VERIFY=true

-# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
-# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
-OAUTH2_REDIRECT=
+### EXTERNAL AUTHENTICATION METHODS
+#
+#OPENID_CONNECT_CLIENT_ID=
+#OPENID_CONNECT_CLIENT_SECRET=
+#OPENID_CONNECT_ISSUER=
+#OPENID_CONNECT_REDIRECT=

-# LDAP Login Provider (optional)
-#
-# You can enable LDAP authentication by providing values for the variables below.
-# Configuring LDAP authentication will take precedence over all other providers.
-# For information about setting up LDAP, see:
-#
-#   https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
-#
-#   LDAP_SERVER=ldap.example.com
-#   LDAP_PORT=389
-#   LDAP_METHOD=plain
-#   LDAP_UID=uid
-#   LDAP_BASE=dc=example,dc=com
-#   LDAP_AUTH=simple
-#   LDAP_BIND_DN=cn=admin,dc=example,dc=com
-#   LDAP_PASSWORD=password
-#   LDAP_ROLE_FIELD=ou
-#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
-LDAP_SERVER=
-LDAP_PORT=
-LDAP_METHOD=
-LDAP_UID=
-LDAP_BASE=
-LDAP_BIND_DN=
-LDAP_AUTH=
-LDAP_PASSWORD=
-LDAP_ROLE_FIELD=
-LDAP_FILTER=
+# To enable hCaptcha on the user sign up and sign in, define these 2 keys
+#HCAPTCHA_SITE_KEY=
+#HCAPTCHA_SECRET_KEY=

-# Set this to true if you want GreenLight to support user signup and login without
-# Omniauth. For more information, see:
-#
-#   https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
-#
-ALLOW_GREENLIGHT_ACCOUNTS=true
+# Set these if you are using a Simple Storage Service (S3)
+# Uncomment S3_ENDPOINT only if you are using a S3 OTHER than Amazon Web Service (AWS) S3.
+#S3_ACCESS_KEY_ID=
+#S3_SECRET_ACCESS_KEY=
+#S3_REGION=
+#S3_BUCKET=
+#S3_ENDPOINT=

-# Set this to true if you want GreenLight to send verification emails upon
-# the creation of a new account
-#
-#   ALLOW_MAIL_NOTIFICATIONS=true
-#
-# The notifications are sent using sendmail, unless the SMTP_SERVER variable is set.
-# In that case, make sure the rest of the variables are properly set.
-#
-#   SMTP_SERVER=smtp.gmail.com
-#   SMTP_PORT=587
-#   SMTP_DOMAIN=gmail.com
-#   SMTP_USERNAME=<youremail@gmail.com>
-#   SMTP_PASSWORD=<yourpassword>
-#   SMTP_AUTH=plain
-#   SMTP_STARTTLS_AUTO=true
-#
-# If your mail server has a self-signed certificate, you'll also need to include the line below.
-# Please note that enable this presents its own security risks and should not be done unless necessary.
-#   SMTP_OPENSSL_VERIFY_MODE=none
-#
-SMTP_SERVER=
-SMTP_PORT=
-SMTP_DOMAIN=
-SMTP_USERNAME=
-SMTP_PASSWORD=
-SMTP_AUTH=
-SMTP_STARTTLS_AUTO=
+# Define the default locale language code (i.e. 'en' for English) from the fallowing list:
+#  [en, ar, fr, es]
+#DEFAULT_LOCALE=en

-# Specify the email address that all mail is sent from
-SMTP_SENDER=
-
-# Prefix for the applications root URL.
-# Useful for deploying the application to a subdirectory, which is highly recommended
-# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
-# have to update your authentication callback URL's to reflect this change.
-#
-#   The recommended prefix is "/b".
-#
-RELATIVE_URL_ROOT=/b
-
-# Specify which settings you would like the users to configure on room creation
-# or edit after the room has been created
-# By default, all settings are turned OFF.
-#
-# Current settings available:
-#   mute-on-join: Automatically mute users by default when they join a room
-#   require-moderator-approval: Require moderators to approve new users before they can join the room
-#   anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
-#   all-join-moderator: All users join as moderators in BigBlueButton
-ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
-
-# Specify the maximum number of records to be sent to the BigBlueButton API in one call
-# Default is set to 25 records
-PAGINATION_NUMBER=25
-
-# Specify the maximum number of rows that should be displayed per page for a paginated table
-# Default is set to 25 rows
-NUMBER_OF_ROWS=25
-
-# Specify if you want to display the Google Calendar button
-#   ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
-ENABLE_GOOGLE_CALENDAR_BUTTON=
-
-# Set the application into Maintenance Mode
-#
-# Current options supported:
-# true: Renders an error page that does not allow users to access any of the features in the application
-# false: Application runs normally
-MAINTENANCE_MODE=false
-
-# Displays a flash that appears to inform the user of a scheduled maintenance window
-# This variable should contain ONLY the date and time of the scheduled maintenance
-#
-# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
-MAINTENANCE_WINDOW=
-
-# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
-#
-# Defaults to the Github Issues Page for Greenlight
-# Button can be disabled by setting the value to blank
-#
-# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
-
-# The link to the Need help? button that appears on the Account Dropdown
-#
-# Defaults to the Greenlight documentation
-# Button can be disabled by setting the value to blank
-HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
-
-# Comment this out to send logs to STDOUT in production instead of log/production.log .
-#
-# RAILS_LOG_TO_STDOUT=true
-#
-# When using docker-compose the logs can be sent to an centralized repository like PaperTrail
-# just by using the built in driver. Make sure to add to docker-compose.yml the next lines:
-#
-#     logging:
-#      driver: $LOG_DRIVER
-#      options:
-#        syslog-address: $LOG_ADDRESS
-#        tag: $LOG_TAG
-#
-# And set this variables up:
-#
-# LOG_DRIVER=syslog
-# LOG_ADDRESS=udp://logs4.papertrailapp.com:[99999]
-# LOG_TAG=greenlight.example.com:v2
-#
-# Check docker-compose and papertrail documentation for encrypting and
-# protecting access to the log repository.
-# https://docs.docker.com/config/containers/logging/syslog/#options
-# https://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl/
-#
-# For sending logs to a remote aggregator enable these variables:
-#
-# RAILS_LOG_REMOTE_NAME=logxx.papertrailapp.com
-# RAILS_LOG_REMOTE_PORT=9999
-# RAILS_LOG_REMOTE_TAG=greenlight
-#
-
-# Specify the default registration to be used by Greenlight until an administrator sets the
-# registration method
-# Allowed values are:
-#   open - For open registration
-#   invite - For invite only registration
-#   approval - For approve/decline registration
-DEFAULT_REGISTRATION=open
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@ -53,6 +53,7 @@ docker run  \
    -e TAG_PLAYBACK=${TAG_PLAYBACK} \
    -e TAG_PADS=${TAG_PADS} \
    -e TAG_FREESWITCH=${TAG_FREESWITCH} \
+    -e TAG_GREENLIGHT=${TAG_GREENLIGHT} \
    -e DEV_MODE=${DEV_MODE:-false} \
    -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \
    -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
--- a/tags.env
+++ b/tags.env
@ -18,6 +18,7 @@ TAG_FS_CONFIG=v2.6.0
 TAG_FS_BUILD_FILES=v2.6.0

 TAG_FREESWITCH=v1.10.9
+TAG_GREENLIGHT=v3.0.1

 # individual git submodules
 # use `./scripts/checkout-submodules` to ensure, that the submodules