From 2bb8b21817f69d3cee771fcfc9ca3e47548dc88c Mon Sep 17 00:00:00 2001 From: Yonggan <30302975+Y0ngg4n@users.noreply.github.com> Date: Wed, 12 May 2021 11:53:44 +0200 Subject: [PATCH 01/11] Add git submodule update --init to README.md Adding `git submodule update --init` to README.md to fix Errors with Building the Container as mentioned in Issue #101 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b5b5e57..afb6e0f 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue ```sh $ git clone -b main --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker $ cd bbb-docker + $ git submodule update --init ``` 3. Run setup: ```bash From 63a72de927445d41d3bb7853bd929a1573f9f75e Mon Sep 17 00:00:00 2001 From: caminsha Date: Fri, 14 May 2021 03:05:07 +0200 Subject: [PATCH 02/11] Add POSTGRESQL_SECRET as environement variable The way like this it is possible to have the password for PostgreSQL as an environment variable --- docker-compose.tmpl.yml | 2 +- sample.env | 1 + scripts/setup | 8 ++++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index f7149a3..0740e4f 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -330,7 +330,7 @@ services: DB_HOST: postgres DB_NAME: greenlight DB_USERNAME: postgres - DB_PASSWORD: password + DB_PASSWORD: ${POSTGRESQL_SECRET} {{ if isTrue .Env.DEV_MODE }} BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/ {{else}} diff --git a/sample.env b/sample.env index 0010ad1..6d3c328 100644 --- a/sample.env +++ b/sample.env @@ -35,6 +35,7 @@ ENABLE_GREENLIGHT=true SHARED_SECRET=w6y7nycPafjPhVz3gZdBpQhR4H4MvEQzcZzia5LT ETHERPAD_API_KEY=NEQKi2eFXSBce4kyGjwAzMn2jeF66peNYQmyFVRr RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c915c651117e0f14358cd98f5287c431929e0f796f4100b2b1c3eb5baad1b0 +POSTGRESQL_SECRET=4xksXUDsaqAkZFSu8HF7pFppN34yy0a9g2iSqD14 diff --git a/scripts/setup b/scripts/setup index fa9c7c8..101cc1a 100755 --- a/scripts/setup +++ b/scripts/setup @@ -115,9 +115,17 @@ fi RANDOM_1=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) RANDOM_2=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) RANDOM_3=$(head /dev/urandom | tr -dc a-f0-9 | head -c 128) +if [ ! "$greenlight" == "y" ] +then + RANDOM_4=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) +fi sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=$RANDOM_1/" .env sed -i "s/ETHERPAD_API_KEY=.*/ETHERPAD_API_KEY=$RANDOM_2/" .env sed -i "s/RAILS_SECRET=.*/RAILS_SECRET=$RANDOM_3/" .env +if [ ! "$greenlight" == "y" ] +then + sed -i "s/POSTGRESQL_SECRET=.*/POSTGRESQL_SECRET=$RANDOM_4/" .env +fi ./scripts/generate-compose From f0433a263b79f727f2c1ebd34498146c344b413c Mon Sep 17 00:00:00 2001 From: caminsha Date: Mon, 17 May 2021 14:01:58 +0200 Subject: [PATCH 03/11] Replaced one more occurence of the password 'password' --- docker-compose.tmpl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 0740e4f..36b9f32 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -346,7 +346,7 @@ services: environment: POSTGRES_DB: greenlight POSTGRES_USER: postgres - POSTGRES_PASSWORD: password + POSTGRES_PASSWORD: ${POSTGRESQL_SECRET} healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 10s From 551246434bf4553fc74c541add10b980ec297484 Mon Sep 17 00:00:00 2001 From: manfred-w Date: Tue, 18 May 2021 14:21:54 +0200 Subject: [PATCH 04/11] Fix for missing preuploaded presentations Add a nginx redirect to allow bbb find a pre-uploaded presentation. ref: https://docs.bigbluebutton.org/greenlight/gl-config.html#updating-from-version-prior-to-27 --- mod/nginx/bbb/greenlight.nginx | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mod/nginx/bbb/greenlight.nginx b/mod/nginx/bbb/greenlight.nginx index 8ed654b..4ed4626 100644 --- a/mod/nginx/bbb/greenlight.nginx +++ b/mod/nginx/bbb/greenlight.nginx @@ -26,4 +26,9 @@ location /b/cable { proxy_send_timeout 6h; client_body_timeout 6h; send_timeout 6h; -} \ No newline at end of file +} + +# this is necessary for the preupload_presentation feature +location /rails/active_storage { + return 301 /b$request_uri; +} From a10094b538ca87cd6411d9fd4cdb08621dec505a Mon Sep 17 00:00:00 2001 From: Benjamin Bock Date: Wed, 19 May 2021 20:39:59 +0200 Subject: [PATCH 05/11] Exclude CLIENT_TITLE when generating compose file --- scripts/generate-compose | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/generate-compose b/scripts/generate-compose index 0e88a93..e2e7691 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -6,8 +6,8 @@ cd $(dirname $0)/.. # load .env if [ -f .env ] then - # exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters - export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs) + # exclude WELCOME_MESSAGE && WELCOME_FOOTER && CLIENT_TITLE because it may contain invalid characters + export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs) fi # check for non-optional environment variables, @@ -31,4 +31,4 @@ docker run \ -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \ -e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \ jwilder/dockerize -template /docker-compose.tmpl.yml \ - > docker-compose.yml \ No newline at end of file + > docker-compose.yml From 8ddffc493e20052320c2f4af2872769909b20a59 Mon Sep 17 00:00:00 2001 From: Aleksei Ivanov Date: Sat, 22 May 2021 21:04:32 +0300 Subject: [PATCH 06/11] Update freeswitch entrypoint Always install using lowercase package name --- mod/freeswitch/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh index 68b07bd..14d2c8a 100755 --- a/mod/freeswitch/entrypoint.sh +++ b/mod/freeswitch/entrypoint.sh @@ -36,7 +36,7 @@ if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then fi else - SOUNDS_PACKAGE=freeswitch-sounds-${SOUNDS_LANGUAGE} + SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]') if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then echo "sounds package for $SOUNDS_LANGUAGE not installed yet" apt-get install $SOUNDS_PACKAGE From 0ff8da7f674c4608967d48a44936298671c7cc45 Mon Sep 17 00:00:00 2001 From: cjhille Date: Tue, 1 Jun 2021 15:51:55 +0000 Subject: [PATCH 07/11] restore coturn code with default port 5349 --- README.md | 1 + docker-compose.tmpl.yml | 17 +++++++++ docs/development.md | 3 ++ mod/coturn/entrypoint.sh | 22 ++++++++++++ mod/coturn/turnserver.conf | 73 ++++++++++++++++++++++++++++++++++++++ sample.env | 4 +++ scripts/generate-compose | 14 ++++++++ scripts/setup | 18 ++++++++++ 8 files changed, 152 insertions(+) create mode 100755 mod/coturn/entrypoint.sh create mode 100644 mod/coturn/turnserver.conf diff --git a/README.md b/README.md index b5b5e57..a90ae14 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue ## Features - Easy installation - Greenlight included +- TURN server included - Fully automated HTTPS certificates - Full IPv6 support - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index f7149a3..b112692 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -319,6 +319,23 @@ services: network_mode: host {{end}} +{{ if isTrue .Env.ENABLE_COTURN }} + # coturn + coturn: + image: instrumentisto/coturn:4.5 + restart: unless-stopped + command: + - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}" + - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" + - "--static-auth-secret=${TURN_SECRET}" + volumes: + - ssl_data:/etc/resty-auto-ssl + - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh + - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf + network_mode: host +{{end}} + + {{ if isTrue .Env.ENABLE_GREENLIGHT }} # greenlight greenlight: diff --git a/docs/development.md b/docs/development.md index 96b6629..4985548 100644 --- a/docs/development.md +++ b/docs/development.md @@ -7,6 +7,7 @@ you can run bbb-docker locally without any certificate issues with following `.e DEV_MODE=true ENABLE_HTTPS_PROXY=true +#ENABLE_COTURN=true #ENABLE_GREENLIGHT=true #ENABLE_WEBHOOKS=true #ENABLE_PROMETHEUS_EXPORTER=true @@ -16,7 +17,9 @@ DOMAIN=10.7.7.1 EXTERNAL_IPv4=10.7.7.1 STUN_IP=216.93.246.18 STUN_PORT=3478 +TURN_SERVER=turns:localhost:5349?transport=tcp +TURN_SECRET=SuperTurnSecret SHARED_SECRET=SuperSecret ETHERPAD_API_KEY=SuperEtherpadKey RAILS_SECRET=SuperRailsSecret diff --git a/mod/coturn/entrypoint.sh b/mod/coturn/entrypoint.sh new file mode 100755 index 0000000..093ee6f --- /dev/null +++ b/mod/coturn/entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/sh +set -e +apk add jq + +while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ] +do + echo "ERROR: certificate doesn't exist yet." + echo "Certificate gets create on the first request to the HTTPS proxy." + echo "We will try again..." + sleep 10 +done + +# extract cert +cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem +cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem + +# If command starts with an option, prepend with turnserver binary. +if [ "${1:0:1}" == '-' ]; then + set -- turnserver "$@" +fi + +exec $(eval "echo $@") \ No newline at end of file diff --git a/mod/coturn/turnserver.conf b/mod/coturn/turnserver.conf new file mode 100644 index 0000000..be71ffe --- /dev/null +++ b/mod/coturn/turnserver.conf @@ -0,0 +1,73 @@ +# Example coturn configuration for BigBlueButton + +# These are the two network ports used by the TURN server which the client +# may connect to. We enable the standard unencrypted port 3478 for STUN, +listening-port=3478 + +# and since TLS over SMTP port (465) is now blocked by major browser vendors, +# we reverted to the most common coturn TLS port 5349, which has limitations +# in restrictive firewall environments. For maximum client support run +# coturn on a dedicated host on port 443. +tls-listening-port=5349 + +# If the server has multiple IP addresses, you may wish to limit which +# addresses coturn is using. Do that by setting this option (it can be +# specified multiple times). The default is to listen on all addresses. +# You do not normally need to set this option. +#listening-ip=172.17.19.101 + +# If the server is behind NAT, you need to specify the external IP address. +# If there is only one external address, specify it like this: +#external-ip=172.17.19.120 +# If you have multiple external addresses, you have to specify which +# internal address each corresponds to, like this. The first address is the +# external ip, and the second address is the corresponding internal IP. +#external-ip=172.17.19.131/10.0.0.11 +#external-ip=172.17.18.132/10.0.0.12 + +# Fingerprints in TURN messages are required for WebRTC +fingerprint + +# The long-term credential mechanism is required for WebRTC +lt-cred-mech + +# Configure coturn to use the "TURN REST API" method for validating time- +# limited credentials. BigBlueButton will generate credentials in this +# format. Note that the static-auth-secret value specified here must match +# the configuration in BigBlueButton's turn-stun-servers.xml +# You can generate a new random value by running the command: +# openssl rand -hex 16 +use-auth-secret +# static-auth-secret= + +# If the realm value is unspecified, it defaults to the TURN server hostname. +# You probably want to configure it to a domain name that you control to +# improve log output. There is no functional impact. +realm=example.com + +# Configure TLS support. +# Adjust these paths to match the locations of your certificate files +cert=/tmp/cert.pem +pkey=/tmp/key.pem +# Limit the allowed ciphers to improve security +# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ +cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" + +# Enable longer DH TLS key to improve security +dh2066 + +# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable +# older protocols +no-tlsv1 +no-tlsv1_1 + +# To enable single filename logs you need to enable the simple-log flag +syslog +#verbose + +# Allocate Address Family according +# If enabled then TURN server allocates address family according the TURN +# Client <=> Server communication address family. +# (By default Coturn works according RFC 6156.) +# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! +keep-address-family diff --git a/sample.env b/sample.env index 0010ad1..65254a6 100644 --- a/sample.env +++ b/sample.env @@ -7,6 +7,10 @@ # fully automated Lets Encrypt certificates ENABLE_HTTPS_PROXY=true +# coturn (a TURN Server) +# requires HTTPS Proxy to be enabled +ENABLE_COTURN=true + # Greenlight Frontend # https://docs.bigbluebutton.org/greenlight/gl-overview.html ENABLE_GREENLIGHT=true diff --git a/scripts/generate-compose b/scripts/generate-compose index 0e88a93..f01f8a0 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -19,6 +19,19 @@ if [ -z "$EXTERNAL_IPv4" ]; then exit 1 fi +if [ "$ENABLE_COTURN" == true ]; then + if [ -z "$ENABLE_HTTPS_PROXY" ]; then + echo "ERROR: coturn requires the https proxy for certificate retrival." + echo "you must also set ENABLE_HTTPS_PROXY=true" + exit 1 + fi + if [ "$DEV_MODE" == true ]; then + echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start" + echo "you should disable coturn in .env" + exit 1 + fi +fi + docker run \ --rm \ -v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \ @@ -26,6 +39,7 @@ docker run \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \ + -e ENABLE_COTURN=${ENABLE_COTURN:-false} \ -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \ -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \ -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \ diff --git a/scripts/setup b/scripts/setup index fa9c7c8..57453b3 100755 --- a/scripts/setup +++ b/scripts/setup @@ -32,6 +32,14 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy done +coturn="" +if [ "$https_proxy" == "y" ] +then + while [[ ! $coturn =~ ^(y|n)$ ]]; do + read -p "Should a coturn be included? (y/n): " coturn + done +fi + prometheus_exporter="" while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter @@ -106,6 +114,16 @@ then sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env fi +if [ "$coturn" == "y" ] +then + sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:5349?transport=tcp/" .env + TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32) + sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env + sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env +else + sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env +fi + if [ "$prometheus_exporter" == "y" ] then sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env From eb2408cb17ad97fa224c75c4aa672b1edc022c5c Mon Sep 17 00:00:00 2001 From: cjhille Date: Tue, 8 Jun 2021 16:28:24 +0000 Subject: [PATCH 08/11] give coturn the option to run with manual certificates --- docker-compose.tmpl.yml | 5 +++++ mod/coturn/entrypoint.sh | 31 ++++++++++++++++++++----------- sample.env | 5 ++++- scripts/generate-compose | 9 +++++---- scripts/setup | 22 +++++++++++++++++++--- 5 files changed, 53 insertions(+), 19 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index b112692..b43825b 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -329,7 +329,12 @@ services: - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - "--static-auth-secret=${TURN_SECRET}" volumes: + {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} - ssl_data:/etc/resty-auto-ssl + {{else}} + - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem + - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem + {{end}} - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf network_mode: host diff --git a/mod/coturn/entrypoint.sh b/mod/coturn/entrypoint.sh index 093ee6f..c916cee 100755 --- a/mod/coturn/entrypoint.sh +++ b/mod/coturn/entrypoint.sh @@ -1,18 +1,27 @@ #!/bin/sh set -e -apk add jq +if [ "$ENABLE_HTTPS_PROXY" == true ]; then + apk add jq -while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ] -do - echo "ERROR: certificate doesn't exist yet." - echo "Certificate gets create on the first request to the HTTPS proxy." - echo "We will try again..." - sleep 10 -done + while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ] + do + echo "ERROR: certificate doesn't exist yet." + echo "Certificate gets create on the first request to the HTTPS proxy." + echo "We will try again..." + sleep 10 + done -# extract cert -cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem -cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem + # extract cert + cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem + cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem +fi + +if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then + echo "ERROR: certificate not found, but coturn relies on it." + echo "Use either auto HTTPS proxy or" + echo "provide path to certificates in .env file" + exit 1 +fi # If command starts with an option, prepend with turnserver binary. if [ "${1:0:1}" == '-' ]; then diff --git a/sample.env b/sample.env index 65254a6..8d052ce 100644 --- a/sample.env +++ b/sample.env @@ -8,8 +8,11 @@ ENABLE_HTTPS_PROXY=true # coturn (a TURN Server) -# requires HTTPS Proxy to be enabled +# requires either the abhove HTTPS Proxy to be enabled +# or TLS certificates to be mounted to container ENABLE_COTURN=true +#COTURN_TLS_CERT_PATH= +#COTURN_TLS_KEY_PATH= # Greenlight Frontend # https://docs.bigbluebutton.org/greenlight/gl-overview.html diff --git a/scripts/generate-compose b/scripts/generate-compose index f01f8a0..b75f1cf 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -20,12 +20,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then fi if [ "$ENABLE_COTURN" == true ]; then - if [ -z "$ENABLE_HTTPS_PROXY" ]; then - echo "ERROR: coturn requires the https proxy for certificate retrival." - echo "you must also set ENABLE_HTTPS_PROXY=true" + if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then + echo "ERROR: coturn requires TLS certificates." + echo "Either enable the https proxy for certificate retrival" + echo "or provide a path to your certificates in .env file." exit 1 fi - if [ "$DEV_MODE" == true ]; then + if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start" echo "you should disable coturn in .env" exit 1 diff --git a/scripts/setup b/scripts/setup index 57453b3..5333213 100755 --- a/scripts/setup +++ b/scripts/setup @@ -33,10 +33,20 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do done coturn="" -if [ "$https_proxy" == "y" ] +while [[ ! $coturn =~ ^(y|n)$ ]]; do + read -p "Should a coturn be included? (y/n): " coturn +done +if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ] then - while [[ ! $coturn =~ ^(y|n)$ ]]; do - read -p "Should a coturn be included? (y/n): " coturn + echo "Coturn needs TLS to function properly." + echo " Since automatic HTTPS Proxy is disabled," + echo " you must provide a relative or absolute path" + echo " to your certificates." + while [[ -z "$CERTPATH" ]]; do + read -p "Please enter path to cert.pem: " CERTPATH + done + while [[ -z "$KEYPATH" ]]; do + read -p "Please enter path to key.pem: " KEYPATH done fi @@ -124,6 +134,12 @@ else sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env fi +if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ] +then + sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env + sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env +fi + if [ "$prometheus_exporter" == "y" ] then sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env From 3e4cef3ce614411dd575f81616dbbbd834c4df7d Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 21 Jun 2021 16:16:16 +0200 Subject: [PATCH 09/11] add fallback password if POSTGRESQL_SECRET is undefined --- docker-compose.tmpl.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 36b9f32..d7c0640 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -330,7 +330,7 @@ services: DB_HOST: postgres DB_NAME: greenlight DB_USERNAME: postgres - DB_PASSWORD: ${POSTGRESQL_SECRET} + DB_PASSWORD: ${POSTGRESQL_SECRET:-password} {{ if isTrue .Env.DEV_MODE }} BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/ {{else}} @@ -346,7 +346,7 @@ services: environment: POSTGRES_DB: greenlight POSTGRES_USER: postgres - POSTGRES_PASSWORD: ${POSTGRESQL_SECRET} + POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 10s From 5e96b2a7d94afe102247b1ec059854d2f5a9ca43 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 22 Jun 2021 00:16:00 +0200 Subject: [PATCH 10/11] updates for v2.3.4 --- README.md | 2 +- mod/apps-akka/Dockerfile | 4 ++-- mod/bbb-web/Dockerfile | 14 +++++++------- mod/freeswitch/Dockerfile | 2 +- mod/fsesl-akka/Dockerfile | 6 +++--- mod/html5/Dockerfile | 4 ++-- mod/html5/settings.yml | 24 +++++++++++++++++++++++- mod/mongo/mongod.conf | 2 +- mod/nginx/Dockerfile | 4 ++-- mod/recordings/Dockerfile | 2 +- mod/recordings/supervisord.conf | 2 +- mod/webhooks/Dockerfile | 2 +- mod/webrtc-sfu/bbb-webrtc-sfu | 2 +- sample.env | 8 ++++---- 14 files changed, 50 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index afb6e0f..33cdb95 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 📦 BigBlueButton 2.3 Docker -Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) +Version: 2.3.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) ## Features - Easy installation diff --git a/mod/apps-akka/Dockerfile b/mod/apps-akka/Dockerfile index c76acb7..1d7c2d6 100644 --- a/mod/apps-akka/Dockerfile +++ b/mod/apps-akka/Dockerfile @@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder RUN apt-get update && apt-get install -y subversion # download bbb-common-message -ENV TAG_COMMON_MESSAGE v2.3.0 +ENV TAG_COMMON_MESSAGE v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \ && rm -rf /bbb-common-message/.svn @@ -14,7 +14,7 @@ RUN cd /bbb-common-message \ # =================================================== -ENV TAG v2.3.0 +ENV TAG v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-apps /source \ && rm -rf /source/.svn diff --git a/mod/bbb-web/Dockerfile b/mod/bbb-web/Dockerfile index 3dbed29..33a22bd 100644 --- a/mod/bbb-web/Dockerfile +++ b/mod/bbb-web/Dockerfile @@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder RUN apt-get update && apt-get install -y subversion # download bbb-common-message -ENV TAG_COMMON_MESSAGE v2.3.0 +ENV TAG_COMMON_MESSAGE v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \ && rm -rf /bbb-common-message/.svn @@ -26,7 +26,7 @@ RUN cd /opt \ ENV PATH="/opt/gradle-6.7/bin:${PATH}" # download bbb-common-web -ENV TAG_COMMON_WEB v2.3.0 +ENV TAG_COMMON_WEB v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_WEB/bbb-common-web /bbb-common-web \ && rm -rf /bbb-common-message/.svn @@ -35,7 +35,7 @@ RUN cd /bbb-common-web \ && ./deploy.sh # download bbb-web -ENV TAG_WEB v2.3.0 +ENV TAG_WEB v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_WEB/bigbluebutton-web /bbb-web \ && rm -rf /bbb-web/.svn @@ -77,10 +77,10 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI RUN mkdir -p /usr/share/bigbluebutton/blank \ && cd /usr/share/bigbluebutton/blank \ && wget \ - https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-svg.svg \ - https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-thumb.png \ - https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-presentation.pdf \ - https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-png.png \ + https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-svg.svg \ + https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-thumb.png \ + https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-presentation.pdf \ + https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-png.png \ && sed -i 's///g' /etc/ImageMagick-6/policy.xml # get bbb-web diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index fd7c1a1..2cb4d30 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -35,7 +35,7 @@ RUN apt-get update && apt-get install -y \ # git sparse-checkout is not yet available with buster and there # is no other sane way of downloading a single directory via git -ENV TAG v2.3.0 +ENV TAG v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \ && rm -rf /etc/freeswitch/.svn diff --git a/mod/fsesl-akka/Dockerfile b/mod/fsesl-akka/Dockerfile index 8821fe9..726d7ea 100644 --- a/mod/fsesl-akka/Dockerfile +++ b/mod/fsesl-akka/Dockerfile @@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder RUN apt-get update && apt-get install -y subversion # download bbb-common-message -ENV TAG_COMMON_MESSAGE v2.3.0 +ENV TAG_COMMON_MESSAGE v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \ && rm -rf /bbb-common-message/.svn @@ -13,7 +13,7 @@ RUN cd /bbb-common-message \ # =================================================== -ENV TAG_FSESL v2.3.0 +ENV TAG_FSESL v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL/bbb-fsesl-client /bbb-fsesl-client \ && rm -rf /bbb-fsesl-client/.svn @@ -21,7 +21,7 @@ RUN cd /bbb-fsesl-client \ && ./deploy.sh -ENV TAG v2.3.0 +ENV TAG v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-fsesl /source \ && rm -rf /source/.svn diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 2b9fc5a..9189355 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -14,7 +14,7 @@ USER meteor ENV METEOR_VERSION 1.10.2 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh -ENV TAG v2.3.0 +ENV TAG v2.3.4 RUN cd ~ \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && mv ~/bigbluebutton-html5 ~/source \ @@ -41,4 +41,4 @@ COPY settings.yml /app/programs/server/assets/app/config/settings.yml.tmpl ENTRYPOINT ["/entrypoint.sh"] # lets set the tag again, so that it is include in the image for later version retrieval -ENV TAG v2.3.0 +ENV TAG v2.3.4 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index 1ffcc62..0831649 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -3,10 +3,20 @@ public: mobileFontSize: 16px desktopFontSize: 14px audioChatNotification: false + # Shows the audio modal when user joins the room. The audio modal prompts + # user to select an option ("Microphone" and/or "Listen only") for joining + # audio autoJoin: true + # Disables the listen only option in audio modal. listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} forceListenOnly: false + # Skips the echo test when connecting with microphone. skipCheck: {{ .Env.DISABLE_ECHO_TEST }} + # Skips the echo test when connecting with microphone right after user + # joins the room the first time. Subsequents joins to microphone won't + # have echo test skipped, for example if user leave and join mic again + # or reloading page and joining mic again. + # This setting won't have effect if skipCheck = true skipCheckOnJoin: false # # Allow users to change microphone/speaker dinamically @@ -20,7 +30,7 @@ public: appName: BigBlueButton HTML5 Client bbbServerVersion: 2.3-dev-docker copyright: '©2021 BigBlueButton Inc.' - html5ClientBuild: "1669-docker" + html5ClientBuild: "1783-docker" helpLink: https://bigbluebutton.org/html5/ lockOnJoin: true cdn: '' @@ -30,6 +40,7 @@ public: # in some cases we want only custom logoutUrl to be used when provided on meeting create. Default value: true allowDefaultLogoutUrl: true allowUserLookup: false + dynamicGuestPolicy: true enableGuestLobbyMessage: true enableNetworkInformation: false enableLimitOfViewersInWebcam: false @@ -41,6 +52,7 @@ public: allowLogout: true allowFullscreen: true preloadNextSlides: 2 + warnAboutUnsavedContentOnMeetingEnd: false mutedAlert: enabled: true interval: 200 @@ -58,6 +70,15 @@ public: # https://github.com/bigbluebutton/bigbluebutton/pull/10826 customHeartbeat: false showAllAvailableLocales: true + # Show "Audio Filters for Microphone" option in settings menu. + # When set to true, users are able to enable/disable microphone constraints, + # otherwise default values for 'microphoneConstraints' option + # are used. + # For more info, see 'microphoneConstraints' option in this config. + # If not set, default value is true. + showAudioFilters: true + raiseHandActionButton: + enabled: true defaultSettings: application: animations: true @@ -375,6 +396,7 @@ public: enabled: {{ .Env.CHAT_ENABLED }} itemsPerPage: 100 timeBetweenFetchs: 1000 + enableSaveAndCopyPublicChat: true bufferChatInsertsMs: 0 startClosed: {{ .Env.CHAT_START_CLOSED }} min_message_length: 1 diff --git a/mod/mongo/mongod.conf b/mod/mongo/mongod.conf index 7eac8bf..bce6bd9 100644 --- a/mod/mongo/mongod.conf +++ b/mod/mongo/mongod.conf @@ -9,7 +9,7 @@ storage: enabled: true wiredTiger: engineConfig: - cacheSizeGB: 0 + cacheSizeGB: 1 journalCompressor: none directoryForIndexes: true collectionConfig: diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile index b7049d1..f0ba87b 100644 --- a/mod/nginx/Dockerfile +++ b/mod/nginx/Dockerfile @@ -11,12 +11,12 @@ ENV REACT_APP_BBB_PLAYBACK_BUILD=$TAG_PLAYBACK # for the latest bbb-playback version shipped with 2.3-alpha-6 # so we use the master branch # RUN svn checkout https://github.com/bigbluebutton/bbb-playback/tags/$TAG_PLAYBACK /bbb-playback -RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout a9d3b7b6648fb5e85e012e73d7e7a2684d02f215 +RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout 5934114aa434aba9b73b1a4c2ce228d18f276610 RUN cd /bbb-playback && npm install && npm run-script build # -------------------- -FROM nginx:1.19-alpine +FROM nginx:1.21-alpine COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3 COPY ./bbb /etc/nginx/bbb diff --git a/mod/recordings/Dockerfile b/mod/recordings/Dockerfile index 3eb6d6e..992fe79 100644 --- a/mod/recordings/Dockerfile +++ b/mod/recordings/Dockerfile @@ -45,7 +45,7 @@ RUN mkdir -p \ /usr/local/bigbluebutton/core \ /etc/bigbluebutton -ENV TAG v2.3.0 +ENV TAG v2.3.4 # add bbb-record-core (lib, scripts and Gemfile) RUN cd /usr/local/bigbluebutton/core \ diff --git a/mod/recordings/supervisord.conf b/mod/recordings/supervisord.conf index 36b3650..aa71b41 100644 --- a/mod/recordings/supervisord.conf +++ b/mod/recordings/supervisord.conf @@ -4,7 +4,7 @@ user=root [program:rasque_workers] command=rake resque:workers directory=/usr/local/bigbluebutton/core/scripts -environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions",COUNT="1",VVERBOSE="1" +environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1" user=bigbluebutton stdout_logfile=/dev/fd/1 stdout_logfile_maxbytes=0 diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index 0778b04..2992d07 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -13,7 +13,7 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI USER webhooks -ENV TAG v2.3.0 +ENV TAG v2.3.4 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \ && rm -rf /app/.svn \ && cd /app && npm install --production diff --git a/mod/webrtc-sfu/bbb-webrtc-sfu b/mod/webrtc-sfu/bbb-webrtc-sfu index 4145f8c..1f82c24 160000 --- a/mod/webrtc-sfu/bbb-webrtc-sfu +++ b/mod/webrtc-sfu/bbb-webrtc-sfu @@ -1 +1 @@ -Subproject commit 4145f8c1ad9e111bf0d3fe037e9d3be965fe1232 +Subproject commit 1f82c241a6383c811c73871224e6f4670b5e45c4 diff --git a/sample.env b/sample.env index 6d3c328..28b09dc 100644 --- a/sample.env +++ b/sample.env @@ -137,14 +137,14 @@ BREAKOUTROOM_LIMIT=8 # ==================================== # Tuning # ==================================== -# Default = 1; Min = 1; Max = 4 +# Default = 2; Min = 1; Max = 4 # On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events -NUMBER_OF_BACKEND_NODEJS_PROCESSES=1 +NUMBER_OF_BACKEND_NODEJS_PROCESSES=2 -# Default = 1; Min = 1; Max = 8 +# Default = 2; Min = 1; Max = 8 # Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings # stretching the recommended number of users in BigBlueButton -NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1 +NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2 # ==================================== From 0dd3d9a0bc7ea3169e71f27246702f870a3607db Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 22 Jun 2021 01:21:38 +0200 Subject: [PATCH 11/11] changelog entries v2.3.4-1 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0934c55..f1e64d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ ## Unreleased +## Release v2.3.4-1 (2021-06-22) #131 +- Applied v2.3.4 changes [#130](https://github.com/bigbluebutton/docker/pull/130) @alangecker +- Reintegrate turn with default ports and support for external certificates [#126](https://github.com/bigbluebutton/docker/pull/126) @cjhille +- Fix freeswitch package names for languages with uppercase characters in the path [#119](https://github.com/bigbluebutton/docker/pull/119) @lexuzieel +- Exclude CLIENT_TITLE when generating compose file [#118](https://github.com/bigbluebutton/docker/pull/118) @bb +- Fix for preuploaded presentations not working [#116](https://github.com/bigbluebutton/docker/pull/116) @manfred-w +- Add POSTGRESQL_SECRET as environement variable [#111](https://github.com/bigbluebutton/docker/pull/111) @caminsha + + ## Release v2.3.0 - :tada: **BigBlueButton 2.3** including all its changes - Template based generation of docker-compose.yml [2.2.x#71](https://github.com/alangecker/bigbluebutton-docker/pull/71) [2.2.x#42](https://github.com/alangecker/bigbluebutton-docker/issues/42) @trickert76 @alangecker