extern/docker
1
0
Fork 1
mirror of https://github.com/bigbluebutton/docker.git synced 2024-11-22 16:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #131 from bigbluebutton/develop

Browse Source 
Release v2.3.4-1
This commit is contained in:
chandi 2021-07-04 21:53:35 +02:00 committed by GitHub
commit 4071a13069
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 267 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -2,6 +2,15 @@
## Unreleased
## Release v2.3.4-1 (2021-06-22) #131
- Applied v2.3.4 changes [#130](https://github.com/bigbluebutton/docker/pull/130) @alangecker
- Reintegrate turn with default ports and support for external certificates [#126](https://github.com/bigbluebutton/docker/pull/126) @cjhille
- Fix freeswitch package names for languages with uppercase characters in the path [#119](https://github.com/bigbluebutton/docker/pull/119) @lexuzieel
- Exclude CLIENT_TITLE when generating compose file [#118](https://github.com/bigbluebutton/docker/pull/118) @bb
- Fix for preuploaded presentations not working [#116](https://github.com/bigbluebutton/docker/pull/116) @manfred-w
- Add POSTGRESQL_SECRET as environement variable [#111](https://github.com/bigbluebutton/docker/pull/111) @caminsha
## Release v2.3.0
- :tada: **BigBlueButton 2.3** including all its changes
- Template based generation of docker-compose.yml [2.2.x#71](https://github.com/alangecker/bigbluebutton-docker/pull/71) [2.2.x#42](https://github.com/alangecker/bigbluebutton-docker/issues/42) @trickert76 @alangecker

4
README.md
View File

@ -1,10 +1,11 @@
# 📦 BigBlueButton 2.3 Docker
Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
Version: 2.3.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
## Features
- Easy installation
- Greenlight included
- TURN server included
- Fully automated HTTPS certificates
- Full IPv6 support
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
@ -26,6 +27,7 @@ Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
```sh
$ git clone -b main --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker
$ cd bbb-docker
$ git submodule update --init
```
3. Run setup:
```bash

26
docker-compose.tmpl.yml
View File

@ -319,6 +319,28 @@ services:
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_COTURN }}
# coturn
coturn:
image: instrumentisto/coturn:4.5
restart: unless-stopped
command:
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}"
volumes:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
- ssl_data:/etc/resty-auto-ssl
{{else}}
- ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
- ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
{{end}}
- ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
@ -330,7 +352,7 @@ services:
DB_HOST: postgres
DB_NAME: greenlight
DB_USERNAME: postgres
DB_PASSWORD: password
DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
{{ if isTrue .Env.DEV_MODE }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/
{{else}}
@ -346,7 +368,7 @@ services:
environment:
POSTGRES_DB: greenlight
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s

3
docs/development.md
View File

@ -7,6 +7,7 @@ you can run bbb-docker locally without any certificate issues with following `.e
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
#ENABLE_PROMETHEUS_EXPORTER=true
@ -16,7 +17,9 @@ DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
TURN_SERVER=turns:localhost:5349?transport=tcp
TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret

4
mod/apps-akka/Dockerfile
View File

@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
ENV TAG_COMMON_MESSAGE v2.3.0
ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@ -14,7 +14,7 @@ RUN cd /bbb-common-message \
# ===================================================
ENV TAG v2.3.0
ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-apps /source \
&& rm -rf /source/.svn

14
mod/bbb-web/Dockerfile
View File

@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
ENV TAG_COMMON_MESSAGE v2.3.0
ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@ -26,7 +26,7 @@ RUN cd /opt \
ENV PATH="/opt/gradle-6.7/bin:${PATH}"
# download bbb-common-web
ENV TAG_COMMON_WEB v2.3.0
ENV TAG_COMMON_WEB v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_WEB/bbb-common-web /bbb-common-web \
&& rm -rf /bbb-common-message/.svn
@ -35,7 +35,7 @@ RUN cd /bbb-common-web \
&& ./deploy.sh
# download bbb-web
ENV TAG_WEB v2.3.0
ENV TAG_WEB v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_WEB/bigbluebutton-web /bbb-web \
&& rm -rf /bbb-web/.svn
@ -77,10 +77,10 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
RUN mkdir -p /usr/share/bigbluebutton/blank \
&& cd /usr/share/bigbluebutton/blank \
&& wget \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-svg.svg \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-thumb.png \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-presentation.pdf \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-png.png \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-svg.svg \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-thumb.png \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-presentation.pdf \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-png.png \
&& sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml
# get bbb-web

31
mod/coturn/entrypoint.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
set -e
if [ "$ENABLE_HTTPS_PROXY" == true ]; then
apk add jq
while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
do
echo "ERROR: certificate doesn't exist yet."
echo "Certificate gets create on the first request to the HTTPS proxy."
echo "We will try again..."
sleep 10
done
# extract cert
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
fi
if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
echo "ERROR: certificate not found, but coturn relies on it."
echo "Use either auto HTTPS proxy or"
echo "provide path to certificates in .env file"
exit 1
fi
# If command starts with an option, prepend with turnserver binary.
if [ "${1:0:1}" == '-' ]; then
set -- turnserver "$@"
fi
exec $(eval "echo $@")

73
mod/coturn/turnserver.conf Normal file
View File

@ -0,0 +1,73 @@
# Example coturn configuration for BigBlueButton
# These are the two network ports used by the TURN server which the client
# may connect to. We enable the standard unencrypted port 3478 for STUN,
listening-port=3478
# and since TLS over SMTP port (465) is now blocked by major browser vendors,
# we reverted to the most common coturn TLS port 5349, which has limitations
# in restrictive firewall environments. For maximum client support run
# coturn on a dedicated host on port 443.
tls-listening-port=5349
# If the server has multiple IP addresses, you may wish to limit which
# addresses coturn is using. Do that by setting this option (it can be
# specified multiple times). The default is to listen on all addresses.
# You do not normally need to set this option.
#listening-ip=172.17.19.101
# If the server is behind NAT, you need to specify the external IP address.
# If there is only one external address, specify it like this:
#external-ip=172.17.19.120
# If you have multiple external addresses, you have to specify which
# internal address each corresponds to, like this. The first address is the
# external ip, and the second address is the corresponding internal IP.
#external-ip=172.17.19.131/10.0.0.11
#external-ip=172.17.18.132/10.0.0.12
# Fingerprints in TURN messages are required for WebRTC
fingerprint
# The long-term credential mechanism is required for WebRTC
lt-cred-mech
# Configure coturn to use the "TURN REST API" method for validating time-
# limited credentials. BigBlueButton will generate credentials in this
# format. Note that the static-auth-secret value specified here must match
# the configuration in BigBlueButton's turn-stun-servers.xml
# You can generate a new random value by running the command:
# openssl rand -hex 16
use-auth-secret
# static-auth-secret=<random value>
# If the realm value is unspecified, it defaults to the TURN server hostname.
# You probably want to configure it to a domain name that you control to
# improve log output. There is no functional impact.
realm=example.com
# Configure TLS support.
# Adjust these paths to match the locations of your certificate files
cert=/tmp/cert.pem
pkey=/tmp/key.pem
# Limit the allowed ciphers to improve security
# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
# Enable longer DH TLS key to improve security
dh2066
# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
# older protocols
no-tlsv1
no-tlsv1_1
# To enable single filename logs you need to enable the simple-log flag
syslog
#verbose
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
keep-address-family

2
mod/freeswitch/Dockerfile
View File

@ -35,7 +35,7 @@ RUN apt-get update && apt-get install -y \
# git sparse-checkout is not yet available with buster and there
# is no other sane way of downloading a single directory via git
ENV TAG v2.3.0
ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \
&& rm -rf /etc/freeswitch/.svn

2
mod/freeswitch/entrypoint.sh
View File

@ -36,7 +36,7 @@ if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
fi
else
SOUNDS_PACKAGE=freeswitch-sounds-${SOUNDS_LANGUAGE}
SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]')
if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then
echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
apt-get install $SOUNDS_PACKAGE

6
mod/fsesl-akka/Dockerfile
View File

@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
ENV TAG_COMMON_MESSAGE v2.3.0
ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@ -13,7 +13,7 @@ RUN cd /bbb-common-message \
# ===================================================
ENV TAG_FSESL v2.3.0
ENV TAG_FSESL v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL/bbb-fsesl-client /bbb-fsesl-client \
&& rm -rf /bbb-fsesl-client/.svn
@ -21,7 +21,7 @@ RUN cd /bbb-fsesl-client \
&& ./deploy.sh
ENV TAG v2.3.0
ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-fsesl /source \
&& rm -rf /source/.svn

4
mod/html5/Dockerfile
View File

@ -14,7 +14,7 @@ USER meteor
ENV METEOR_VERSION 1.10.2
RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh
ENV TAG v2.3.0
ENV TAG v2.3.4
RUN cd ~ \
&& svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
&& mv ~/bigbluebutton-html5 ~/source \
@ -41,4 +41,4 @@ COPY settings.yml /app/programs/server/assets/app/config/settings.yml.tmpl
ENTRYPOINT ["/entrypoint.sh"]
# lets set the tag again, so that it is include in the image for later version retrieval
ENV TAG v2.3.0
ENV TAG v2.3.4

24
mod/html5/settings.yml
View File

@ -3,10 +3,20 @@ public:
mobileFontSize: 16px
desktopFontSize: 14px
audioChatNotification: false
# Shows the audio modal when user joins the room. The audio modal prompts
# user to select an option ("Microphone" and/or "Listen only") for joining
# audio
autoJoin: true
# Disables the listen only option in audio modal.
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
forceListenOnly: false
# Skips the echo test when connecting with microphone.
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
# Skips the echo test when connecting with microphone right after user
# joins the room the first time. Subsequents joins to microphone won't
# have echo test skipped, for example if user leave and join mic again
# or reloading page and joining mic again.
# This setting won't have effect if skipCheck = true
skipCheckOnJoin: false
#
# Allow users to change microphone/speaker dinamically
@ -20,7 +30,7 @@ public:
appName: BigBlueButton HTML5 Client
bbbServerVersion: 2.3-dev-docker
copyright: '©2021 BigBlueButton Inc.'
html5ClientBuild: "1669-docker"
html5ClientBuild: "1783-docker"
helpLink: https://bigbluebutton.org/html5/
lockOnJoin: true
cdn: ''
@ -30,6 +40,7 @@ public:
# in some cases we want only custom logoutUrl to be used when provided on meeting create. Default value: true
allowDefaultLogoutUrl: true
allowUserLookup: false
dynamicGuestPolicy: true
enableGuestLobbyMessage: true
enableNetworkInformation: false
enableLimitOfViewersInWebcam: false
@ -41,6 +52,7 @@ public:
allowLogout: true
allowFullscreen: true
preloadNextSlides: 2
warnAboutUnsavedContentOnMeetingEnd: false
mutedAlert:
enabled: true
interval: 200
@ -58,6 +70,15 @@ public:
# https://github.com/bigbluebutton/bigbluebutton/pull/10826
customHeartbeat: false
showAllAvailableLocales: true
# Show "Audio Filters for Microphone" option in settings menu.
# When set to true, users are able to enable/disable microphone constraints,
# otherwise default values for 'microphoneConstraints' option
# are used.
# For more info, see 'microphoneConstraints' option in this config.
# If not set, default value is true.
showAudioFilters: true
raiseHandActionButton:
enabled: true
defaultSettings:
application:
animations: true
@ -375,6 +396,7 @@ public:
enabled: {{ .Env.CHAT_ENABLED }}
itemsPerPage: 100
timeBetweenFetchs: 1000
enableSaveAndCopyPublicChat: true
bufferChatInsertsMs: 0
startClosed: {{ .Env.CHAT_START_CLOSED }}
min_message_length: 1

2
mod/mongo/mongod.conf
View File

@ -9,7 +9,7 @@ storage:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 0
cacheSizeGB: 1
journalCompressor: none
directoryForIndexes: true
collectionConfig:

4
mod/nginx/Dockerfile
View File

@ -11,12 +11,12 @@ ENV REACT_APP_BBB_PLAYBACK_BUILD=$TAG_PLAYBACK
# for the latest bbb-playback version shipped with 2.3-alpha-6
# so we use the master branch
# RUN svn checkout https://github.com/bigbluebutton/bbb-playback/tags/$TAG_PLAYBACK /bbb-playback
RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout a9d3b7b6648fb5e85e012e73d7e7a2684d02f215
RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout 5934114aa434aba9b73b1a4c2ce228d18f276610
RUN cd /bbb-playback && npm install && npm run-script build
# --------------------
FROM nginx:1.19-alpine
FROM nginx:1.21-alpine
COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
COPY ./bbb /etc/nginx/bbb

7
mod/nginx/bbb/greenlight.nginx
View File

@ -26,4 +26,9 @@ location /b/cable {
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}
# this is necessary for the preupload_presentation feature
location /rails/active_storage {
return 301 /b$request_uri;
}

2
mod/recordings/Dockerfile
View File

@ -45,7 +45,7 @@ RUN mkdir -p \
/usr/local/bigbluebutton/core \
/etc/bigbluebutton
ENV TAG v2.3.0
ENV TAG v2.3.4
# add bbb-record-core (lib, scripts and Gemfile)
RUN cd /usr/local/bigbluebutton/core \

2
mod/recordings/supervisord.conf
View File

@ -4,7 +4,7 @@ user=root
[program:rasque_workers]
command=rake resque:workers
directory=/usr/local/bigbluebutton/core/scripts
environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions",COUNT="1",VVERBOSE="1"
environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0

2
mod/webhooks/Dockerfile
View File

@ -13,7 +13,7 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
USER webhooks
ENV TAG v2.3.0
ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \
&& rm -rf /app/.svn \
&& cd /app && npm install --production

2
mod/webrtc-sfu/bbb-webrtc-sfu

@ -1 +1 @@
Subproject commit 4145f8c1ad9e111bf0d3fe037e9d3be965fe1232
Subproject commit 1f82c241a6383c811c73871224e6f4670b5e45c4

16
sample.env
View File

@ -7,6 +7,13 @@
# fully automated Lets Encrypt certificates
ENABLE_HTTPS_PROXY=true
# coturn (a TURN Server)
# requires either the abhove HTTPS Proxy to be enabled
# or TLS certificates to be mounted to container
ENABLE_COTURN=true
#COTURN_TLS_CERT_PATH=
#COTURN_TLS_KEY_PATH=
# Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
@ -35,6 +42,7 @@ ENABLE_GREENLIGHT=true
SHARED_SECRET=w6y7nycPafjPhVz3gZdBpQhR4H4MvEQzcZzia5LT
ETHERPAD_API_KEY=NEQKi2eFXSBce4kyGjwAzMn2jeF66peNYQmyFVRr
RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c915c651117e0f14358cd98f5287c431929e0f796f4100b2b1c3eb5baad1b0
POSTGRESQL_SECRET=4xksXUDsaqAkZFSu8HF7pFppN34yy0a9g2iSqD14
@ -136,14 +144,14 @@ BREAKOUTROOM_LIMIT=8
# ====================================
# Tuning
# ====================================
# Default = 1; Min = 1; Max = 4
# Default = 2; Min = 1; Max = 4
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
NUMBER_OF_BACKEND_NODEJS_PROCESSES=1
NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
# Default = 1; Min = 1; Max = 8
# Default = 2; Min = 1; Max = 8
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
# stretching the recommended number of users in BigBlueButton
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
# ====================================

21
scripts/generate-compose
View File

@ -6,8 +6,8 @@ cd $(dirname $0)/..
# load .env
if [ -f .env ]
then
# exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
# exclude WELCOME_MESSAGE && WELCOME_FOOTER && CLIENT_TITLE because it may contain invalid characters
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
fi
# check for non-optional environment variables,
@ -19,6 +19,20 @@ if [ -z "$EXTERNAL_IPv4" ]; then
exit 1
fi
if [ "$ENABLE_COTURN" == true ]; then
if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then
echo "ERROR: coturn requires TLS certificates."
echo "Either enable the https proxy for certificate retrival"
echo "or provide a path to your certificates in .env file."
exit 1
fi
if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then
echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
echo "you should disable coturn in .env"
exit 1
fi
fi
docker run \
--rm \
-v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
@ -26,9 +40,10 @@ docker run \
-e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
-e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
-e ENABLE_COTURN=${ENABLE_COTURN:-false} \
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
-e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \
jwilder/dockerize -template /docker-compose.tmpl.yml \
> docker-compose.yml
> docker-compose.yml

42
scripts/setup
View File

@ -32,6 +32,24 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
done
coturn=""
while [[ ! $coturn =~ ^(y|n)$ ]]; do
read -p "Should a coturn be included? (y/n): " coturn
done
if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
then
echo "Coturn needs TLS to function properly."
echo " Since automatic HTTPS Proxy is disabled,"
echo " you must provide a relative or absolute path"
echo " to your certificates."
while [[ -z "$CERTPATH" ]]; do
read -p "Please enter path to cert.pem: " CERTPATH
done
while [[ -z "$KEYPATH" ]]; do
read -p "Please enter path to key.pem: " KEYPATH
done
fi
prometheus_exporter=""
while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
@ -106,6 +124,22 @@ then
sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
fi
if [ "$coturn" == "y" ]
then
sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:5349?transport=tcp/" .env
TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
else
sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
fi
if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
then
sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env
sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env
fi
if [ "$prometheus_exporter" == "y" ]
then
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env
@ -115,9 +149,17 @@ fi
RANDOM_1=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
RANDOM_2=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
RANDOM_3=$(head /dev/urandom | tr -dc a-f0-9 | head -c 128)
if [ ! "$greenlight" == "y" ]
then
RANDOM_4=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
fi
sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=$RANDOM_1/" .env
sed -i "s/ETHERPAD_API_KEY=.*/ETHERPAD_API_KEY=$RANDOM_2/" .env
sed -i "s/RAILS_SECRET=.*/RAILS_SECRET=$RANDOM_3/" .env
if [ ! "$greenlight" == "y" ]
then
sed -i "s/POSTGRESQL_SECRET=.*/POSTGRESQL_SECRET=$RANDOM_4/" .env
fi
./scripts/generate-compose