Merge pull request #131 from bigbluebutton/develop

Release v2.3.4-1
2024-11-22 16:13:20 +01:00 · 2021-07-04 21:53:35 +02:00 · 2021-07-04 21:53:35 +02:00 · 4071a13069
commit 4071a13069
parent 0c37742980 0dd3d9a0bc
23 changed files with 267 additions and 35 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,15 @@

 ## Unreleased

+## Release v2.3.4-1 (2021-06-22) #131
+- Applied v2.3.4 changes [#130](https://github.com/bigbluebutton/docker/pull/130) @alangecker 
+- Reintegrate turn with default ports and support for external certificates [#126](https://github.com/bigbluebutton/docker/pull/126) @cjhille
+- Fix freeswitch package names for languages with uppercase characters in the path  [#119](https://github.com/bigbluebutton/docker/pull/119) @lexuzieel
+- Exclude CLIENT_TITLE when generating compose file [#118](https://github.com/bigbluebutton/docker/pull/118) @bb
+- Fix for preuploaded presentations not working [#116](https://github.com/bigbluebutton/docker/pull/116) @manfred-w
+- Add POSTGRESQL_SECRET as environement variable [#111](https://github.com/bigbluebutton/docker/pull/111) @caminsha
+
+
 ## Release v2.3.0
 - :tada: **BigBlueButton 2.3** including all its changes
 - Template based generation of docker-compose.yml [2.2.x#71](https://github.com/alangecker/bigbluebutton-docker/pull/71) [2.2.x#42](https://github.com/alangecker/bigbluebutton-docker/issues/42) @trickert76 @alangecker
--- a/README.md
+++ b/README.md
@ -1,10 +1,11 @@
 # 📦 BigBlueButton 2.3 Docker

-Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
+Version: 2.3.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)

 ## Features
 - Easy installation
 - Greenlight included
+- TURN server included
 - Fully automated HTTPS certificates
 - Full IPv6 support
 - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
@ -26,6 +27,7 @@ Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
   ```sh
   $ git clone -b main --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker
   $ cd bbb-docker
+   $ git submodule update --init
   ```
 3. Run setup:
   ```bash
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@ -319,6 +319,28 @@ services:
    network_mode: host
 {{end}}

+{{ if isTrue .Env.ENABLE_COTURN }}
+  # coturn
+  coturn:
+    image: instrumentisto/coturn:4.5
+    restart: unless-stopped
+    command:
+      - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
+      - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
+      - "--static-auth-secret=${TURN_SECRET}"
+    volumes:
+      {{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
+      - ssl_data:/etc/resty-auto-ssl
+      {{else}}
+      - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
+      - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
+      {{end}}
+      - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
+      - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
+    network_mode: host
+{{end}}
+
+
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
  # greenlight
  greenlight:
@ -330,7 +352,7 @@ services:
      DB_HOST: postgres
      DB_NAME: greenlight
      DB_USERNAME: postgres
-      DB_PASSWORD: password
+      DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
      {{ if isTrue .Env.DEV_MODE }}
      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/
      {{else}}
@ -346,7 +368,7 @@ services:
    environment:
      POSTGRES_DB: greenlight
      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: password
+      POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
--- a/docs/development.md
+++ b/docs/development.md
@ -7,6 +7,7 @@ you can run bbb-docker locally without any certificate issues with following `.e
 DEV_MODE=true

 ENABLE_HTTPS_PROXY=true
+#ENABLE_COTURN=true
 #ENABLE_GREENLIGHT=true
 #ENABLE_WEBHOOKS=true
 #ENABLE_PROMETHEUS_EXPORTER=true
@ -16,7 +17,9 @@ DOMAIN=10.7.7.1
 EXTERNAL_IPv4=10.7.7.1
 STUN_IP=216.93.246.18
 STUN_PORT=3478
+TURN_SERVER=turns:localhost:5349?transport=tcp

+TURN_SECRET=SuperTurnSecret
 SHARED_SECRET=SuperSecret
 ETHERPAD_API_KEY=SuperEtherpadKey
 RAILS_SECRET=SuperRailsSecret
--- a/mod/apps-akka/Dockerfile
+++ b/mod/apps-akka/Dockerfile
@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
 RUN apt-get update && apt-get install -y subversion

 # download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
    && rm -rf /bbb-common-message/.svn

@ -14,7 +14,7 @@ RUN cd /bbb-common-message \

 # ===================================================

-ENV TAG v2.3.0
+ENV TAG v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-apps /source \
    && rm -rf /source/.svn

--- a/mod/bbb-web/Dockerfile
+++ b/mod/bbb-web/Dockerfile
@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
 RUN apt-get update && apt-get install -y subversion

 # download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
    && rm -rf /bbb-common-message/.svn

@ -26,7 +26,7 @@ RUN cd /opt \
 ENV PATH="/opt/gradle-6.7/bin:${PATH}"

 # download bbb-common-web
-ENV TAG_COMMON_WEB v2.3.0
+ENV TAG_COMMON_WEB v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_WEB/bbb-common-web /bbb-common-web \
    && rm -rf /bbb-common-message/.svn

@ -35,7 +35,7 @@ RUN cd /bbb-common-web \
 && ./deploy.sh

 # download bbb-web
-ENV TAG_WEB v2.3.0
+ENV TAG_WEB v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_WEB/bigbluebutton-web /bbb-web \
    && rm -rf /bbb-web/.svn

@ -77,10 +77,10 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
 RUN mkdir -p /usr/share/bigbluebutton/blank \
    && cd /usr/share/bigbluebutton/blank \
    && wget \
-        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-svg.svg \
-        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-thumb.png \
-        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-presentation.pdf \
-        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-png.png \
+        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-svg.svg \
+        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-thumb.png \
+        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-presentation.pdf \
+        https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-png.png \
    && sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml

 # get bbb-web
--- a/mod/coturn/entrypoint.sh
+++ b/mod/coturn/entrypoint.sh
@ -0,0 +1,31 @@
+#!/bin/sh
+set -e 
+if [ "$ENABLE_HTTPS_PROXY" == true ]; then
+  apk add jq
+
+  while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
+  do
+    echo "ERROR: certificate doesn't exist yet."
+    echo "Certificate gets create on the first request to the HTTPS proxy."
+    echo "We will try again..."
+    sleep 10
+  done
+
+  # extract cert
+  cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
+  cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
+fi
+
+if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
+  echo "ERROR: certificate not found, but coturn relies on it."
+  echo "Use either auto HTTPS proxy or"
+  echo "provide path to certificates in .env file"
+  exit 1
+fi
+
+# If command starts with an option, prepend with turnserver binary.
+if [ "${1:0:1}" == '-' ]; then
+  set -- turnserver "$@"
+fi
+
+exec $(eval "echo $@")
--- a/mod/coturn/turnserver.conf
+++ b/mod/coturn/turnserver.conf
@ -0,0 +1,73 @@
+# Example coturn configuration for BigBlueButton
+
+# These are the two network ports used by the TURN server which the client
+# may connect to. We enable the standard unencrypted port 3478 for STUN,
+listening-port=3478
+
+# and since TLS over SMTP port (465) is now blocked by major browser vendors, 
+# we reverted to the most common coturn TLS port 5349, which has limitations
+# in restrictive firewall environments. For maximum client support run 
+# coturn on a dedicated host on port 443.
+tls-listening-port=5349
+
+# If the server has multiple IP addresses, you may wish to limit which
+# addresses coturn is using. Do that by setting this option (it can be
+# specified multiple times). The default is to listen on all addresses.
+# You do not normally need to set this option.
+#listening-ip=172.17.19.101
+
+# If the server is behind NAT, you need to specify the external IP address.
+# If there is only one external address, specify it like this:
+#external-ip=172.17.19.120
+# If you have multiple external addresses, you have to specify which
+# internal address each corresponds to, like this. The first address is the
+# external ip, and the second address is the corresponding internal IP.
+#external-ip=172.17.19.131/10.0.0.11
+#external-ip=172.17.18.132/10.0.0.12
+
+# Fingerprints in TURN messages are required for WebRTC
+fingerprint
+
+# The long-term credential mechanism is required for WebRTC
+lt-cred-mech
+
+# Configure coturn to use the "TURN REST API" method for validating time-
+# limited credentials. BigBlueButton will generate credentials in this
+# format. Note that the static-auth-secret value specified here must match
+# the configuration in BigBlueButton's turn-stun-servers.xml
+# You can generate a new random value by running the command:
+#   openssl rand -hex 16
+use-auth-secret
+# static-auth-secret=<random value>
+
+# If the realm value is unspecified, it defaults to the TURN server hostname.
+# You probably want to configure it to a domain name that you control to
+# improve log output. There is no functional impact.
+realm=example.com
+
+# Configure TLS support.
+# Adjust these paths to match the locations of your certificate files
+cert=/tmp/cert.pem
+pkey=/tmp/key.pem
+# Limit the allowed ciphers to improve security
+# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
+
+# Enable longer DH TLS key to improve security
+dh2066
+
+# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
+# older protocols
+no-tlsv1
+no-tlsv1_1
+
+# To enable single filename logs you need to enable the simple-log flag
+syslog
+#verbose
+
+# Allocate Address Family according 
+# If enabled then TURN server allocates address family according  the TURN 
+# Client <=> Server communication address family.
+# (By default Coturn works according RFC 6156.)
+# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
+keep-address-family
--- a/mod/freeswitch/Dockerfile
+++ b/mod/freeswitch/Dockerfile
@ -35,7 +35,7 @@ RUN apt-get update && apt-get install -y \
 # git sparse-checkout is not yet available with buster and there
 # is no other sane way of downloading a single directory via git

-ENV TAG v2.3.0
+ENV TAG v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \
    && rm -rf /etc/freeswitch/.svn

--- a/mod/freeswitch/entrypoint.sh
+++ b/mod/freeswitch/entrypoint.sh
@ -36,7 +36,7 @@ if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then

    fi
 else
-    SOUNDS_PACKAGE=freeswitch-sounds-${SOUNDS_LANGUAGE}
+    SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]')
    if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then
        echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
        apt-get install $SOUNDS_PACKAGE
--- a/mod/fsesl-akka/Dockerfile
+++ b/mod/fsesl-akka/Dockerfile
@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
 RUN apt-get update && apt-get install -y subversion

 # download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
    && rm -rf /bbb-common-message/.svn

@ -13,7 +13,7 @@ RUN cd /bbb-common-message \


 # ===================================================
-ENV TAG_FSESL v2.3.0
+ENV TAG_FSESL v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL/bbb-fsesl-client /bbb-fsesl-client \
    && rm -rf /bbb-fsesl-client/.svn

@ -21,7 +21,7 @@ RUN cd /bbb-fsesl-client \
    && ./deploy.sh


-ENV TAG v2.3.0
+ENV TAG v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-fsesl /source \
    && rm -rf /source/.svn

--- a/mod/html5/Dockerfile
+++ b/mod/html5/Dockerfile
@ -14,7 +14,7 @@ USER meteor
 ENV METEOR_VERSION 1.10.2
 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh

-ENV TAG v2.3.0
+ENV TAG v2.3.4
 RUN cd ~ \
    && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
    && mv ~/bigbluebutton-html5 ~/source \
@ -41,4 +41,4 @@ COPY settings.yml /app/programs/server/assets/app/config/settings.yml.tmpl
 ENTRYPOINT ["/entrypoint.sh"]

 # lets set the tag again, so that it is include in the image for later version retrieval
-ENV TAG v2.3.0
+ENV TAG v2.3.4
--- a/mod/html5/settings.yml
+++ b/mod/html5/settings.yml
@ -3,10 +3,20 @@ public:
    mobileFontSize: 16px
    desktopFontSize: 14px
    audioChatNotification: false
+    # Shows the audio modal when user joins the room. The audio modal prompts
+    # user to select an option ("Microphone" and/or "Listen only") for joining
+    # audio
    autoJoin: true
+    # Disables the listen only option in audio modal.
    listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
    forceListenOnly: false
+    # Skips the echo test when connecting with microphone.
    skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
+    # Skips the echo test when connecting with microphone right after user
+    # joins the room the first time. Subsequents joins  to microphone won't
+    # have echo test skipped, for example if user leave and join mic again
+    # or reloading page and joining mic again.
+    # This setting won't have effect if skipCheck = true
    skipCheckOnJoin: false
    #
    # Allow users to change microphone/speaker dinamically
@ -20,7 +30,7 @@ public:
    appName: BigBlueButton HTML5 Client
    bbbServerVersion: 2.3-dev-docker
    copyright: '©2021 BigBlueButton Inc.'
-    html5ClientBuild: "1669-docker"
+    html5ClientBuild: "1783-docker"
    helpLink: https://bigbluebutton.org/html5/
    lockOnJoin: true
    cdn: ''
@ -30,6 +40,7 @@ public:
    # in some cases we want only custom logoutUrl to be used when provided on meeting create. Default value: true
    allowDefaultLogoutUrl: true
    allowUserLookup: false
+    dynamicGuestPolicy: true
    enableGuestLobbyMessage: true
    enableNetworkInformation: false
    enableLimitOfViewersInWebcam: false
@ -41,6 +52,7 @@ public:
    allowLogout: true
    allowFullscreen: true
    preloadNextSlides: 2
+    warnAboutUnsavedContentOnMeetingEnd: false
    mutedAlert:
      enabled: true
      interval: 200
@ -58,6 +70,15 @@ public:
    # https://github.com/bigbluebutton/bigbluebutton/pull/10826
    customHeartbeat: false
    showAllAvailableLocales: true
+    # Show "Audio Filters for Microphone" option in settings menu.
+    # When set to true, users are able to enable/disable microphone constraints,
+    # otherwise default values for 'microphoneConstraints' option
+    # are used.
+    # For more info, see 'microphoneConstraints' option in this config.
+    # If not set, default value is true.
+    showAudioFilters: true
+    raiseHandActionButton:
+      enabled: true
    defaultSettings:
      application:
        animations: true
@ -375,6 +396,7 @@ public:
    enabled: {{ .Env.CHAT_ENABLED }}
    itemsPerPage: 100
    timeBetweenFetchs: 1000
+    enableSaveAndCopyPublicChat: true
    bufferChatInsertsMs: 0
    startClosed: {{ .Env.CHAT_START_CLOSED }}
    min_message_length: 1
--- a/mod/mongo/mongod.conf
+++ b/mod/mongo/mongod.conf
@ -9,7 +9,7 @@ storage:
   enabled: true
  wiredTiger:
    engineConfig:
-         cacheSizeGB: 0
+         cacheSizeGB: 1
         journalCompressor: none
         directoryForIndexes: true
    collectionConfig:
--- a/mod/nginx/Dockerfile
+++ b/mod/nginx/Dockerfile
@ -11,12 +11,12 @@ ENV REACT_APP_BBB_PLAYBACK_BUILD=$TAG_PLAYBACK
 # for the latest bbb-playback version shipped with 2.3-alpha-6
 # so we use the master branch 
 # RUN svn checkout https://github.com/bigbluebutton/bbb-playback/tags/$TAG_PLAYBACK /bbb-playback
-RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout a9d3b7b6648fb5e85e012e73d7e7a2684d02f215
+RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout 5934114aa434aba9b73b1a4c2ce228d18f276610
 RUN cd /bbb-playback && npm install && npm run-script build

 # --------------------

-FROM nginx:1.19-alpine
+FROM nginx:1.21-alpine

 COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
 COPY ./bbb /etc/nginx/bbb
--- a/mod/nginx/bbb/greenlight.nginx
+++ b/mod/nginx/bbb/greenlight.nginx
@ -26,4 +26,9 @@ location /b/cable {
  proxy_send_timeout  6h;
  client_body_timeout 6h;
  send_timeout        6h;
-}
+}
+
+# this is necessary for the preupload_presentation feature
+location /rails/active_storage {
+  return 301 /b$request_uri;
+}
--- a/mod/recordings/Dockerfile
+++ b/mod/recordings/Dockerfile
@ -45,7 +45,7 @@ RUN mkdir -p \
    /usr/local/bigbluebutton/core \
    /etc/bigbluebutton

-ENV TAG v2.3.0
+ENV TAG v2.3.4

 # add bbb-record-core (lib, scripts and Gemfile)
 RUN cd /usr/local/bigbluebutton/core \
--- a/mod/recordings/supervisord.conf
+++ b/mod/recordings/supervisord.conf
@ -4,7 +4,7 @@ user=root
 [program:rasque_workers]
 command=rake resque:workers
 directory=/usr/local/bigbluebutton/core/scripts
-environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions",COUNT="1",VVERBOSE="1"
+environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1"
 user=bigbluebutton
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
--- a/mod/webhooks/Dockerfile
+++ b/mod/webhooks/Dockerfile
@ -13,7 +13,7 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
 USER webhooks


-ENV TAG v2.3.0
+ENV TAG v2.3.4
 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \
    && rm -rf /app/.svn \
    && cd /app && npm install --production
--- a/mod/webrtc-sfu/bbb-webrtc-sfu
+++ b/mod/webrtc-sfu/bbb-webrtc-sfu
@ -1 +1 @@
-Subproject commit 4145f8c1ad9e111bf0d3fe037e9d3be965fe1232
+Subproject commit 1f82c241a6383c811c73871224e6f4670b5e45c4
--- a/sample.env
+++ b/sample.env
@ -7,6 +7,13 @@
 # fully automated Lets Encrypt certificates
 ENABLE_HTTPS_PROXY=true

+# coturn (a TURN Server)
+# requires either the abhove HTTPS Proxy to be enabled 
+# or TLS certificates to be mounted to container
+ENABLE_COTURN=true
+#COTURN_TLS_CERT_PATH=
+#COTURN_TLS_KEY_PATH=
+
 # Greenlight Frontend
 # https://docs.bigbluebutton.org/greenlight/gl-overview.html
 ENABLE_GREENLIGHT=true
@ -35,6 +42,7 @@ ENABLE_GREENLIGHT=true
 SHARED_SECRET=w6y7nycPafjPhVz3gZdBpQhR4H4MvEQzcZzia5LT
 ETHERPAD_API_KEY=NEQKi2eFXSBce4kyGjwAzMn2jeF66peNYQmyFVRr
 RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c915c651117e0f14358cd98f5287c431929e0f796f4100b2b1c3eb5baad1b0
+POSTGRESQL_SECRET=4xksXUDsaqAkZFSu8HF7pFppN34yy0a9g2iSqD14



@ -136,14 +144,14 @@ BREAKOUTROOM_LIMIT=8
 # ====================================
 # Tuning
 # ====================================
-# Default = 1; Min = 1; Max = 4
+# Default = 2; Min = 1; Max = 4
 # On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
-NUMBER_OF_BACKEND_NODEJS_PROCESSES=1
+NUMBER_OF_BACKEND_NODEJS_PROCESSES=2

-# Default = 1; Min = 1; Max = 8
+# Default = 2; Min = 1; Max = 8
 # Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
 # stretching the recommended number of users in BigBlueButton
-NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1
+NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2


 # ====================================
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@ -6,8 +6,8 @@ cd $(dirname $0)/..
 # load .env
 if [ -f .env ]
 then
-  # exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters
-  export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
+  # exclude WELCOME_MESSAGE && WELCOME_FOOTER && CLIENT_TITLE because it may contain invalid characters
+  export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
 fi

 # check for non-optional environment variables,
@ -19,6 +19,20 @@ if [ -z "$EXTERNAL_IPv4" ]; then
    exit 1
 fi

+if [ "$ENABLE_COTURN" == true ]; then
+  if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then
+    echo "ERROR: coturn requires TLS certificates."
+    echo "Either enable the https proxy for certificate retrival"
+    echo "or provide a path to your certificates in .env file."
+    exit 1
+  fi
+  if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then
+    echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
+    echo "you should disable coturn in .env"
+    exit 1
+  fi
+fi
+
 docker run  \
    --rm  \
    -v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
@ -26,9 +40,10 @@ docker run  \
    -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
    -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
    -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
+    -e ENABLE_COTURN=${ENABLE_COTURN:-false} \
    -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
    -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
    -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
    -e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \
    jwilder/dockerize -template /docker-compose.tmpl.yml \
-    > docker-compose.yml
+    > docker-compose.yml
--- a/scripts/setup
+++ b/scripts/setup
@ -32,6 +32,24 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
    read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
 done

+coturn=""
+while [[ ! $coturn =~ ^(y|n)$ ]]; do
+    read -p "Should a coturn be included? (y/n): " coturn
+done
+if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
+then
+    echo "Coturn needs TLS to function properly."
+    echo "   Since automatic HTTPS Proxy is disabled,"
+    echo "   you must provide a relative or absolute path"
+    echo "   to your certificates."
+    while [[ -z "$CERTPATH" ]]; do
+        read -p "Please enter path to cert.pem: " CERTPATH 
+    done
+    while [[ -z "$KEYPATH" ]]; do
+        read -p "Please enter path to key.pem: " KEYPATH 
+    done
+fi
+
 prometheus_exporter=""
 while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
    read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
@ -106,6 +124,22 @@ then
    sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
 fi

+if [ "$coturn" == "y" ]
+then
+    sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:5349?transport=tcp/" .env
+    TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
+    sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
+    sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
+else
+    sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
+fi
+
+if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
+then
+    sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env
+    sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env
+fi
+
 if [ "$prometheus_exporter" == "y" ]
 then
    sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env
@ -115,9 +149,17 @@ fi
 RANDOM_1=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
 RANDOM_2=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
 RANDOM_3=$(head /dev/urandom | tr -dc a-f0-9 | head -c 128)
+if [ ! "$greenlight" == "y" ]
+then
+    RANDOM_4=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
+fi
 sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=$RANDOM_1/" .env
 sed -i "s/ETHERPAD_API_KEY=.*/ETHERPAD_API_KEY=$RANDOM_2/" .env
 sed -i "s/RAILS_SECRET=.*/RAILS_SECRET=$RANDOM_3/" .env
+if [ ! "$greenlight" == "y" ]
+then
+    sed -i "s/POSTGRESQL_SECRET=.*/POSTGRESQL_SECRET=$RANDOM_4/" .env
+fi

 ./scripts/generate-compose