From 14a49e83f34c86332ae1ff32635b514abb4d95af Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 00:34:03 -0300
Subject: [PATCH 1/7] Add docker for 2.2.x

---
 .gitignore                 |   3 +
 .travis.yml                |  23 ----
 Dockerfile                 |  78 ++++++-----
 README.md                  |  45 ++++---
 docker-compose.yml         |  52 ++++++++
 mac-vpn/Dockerfile         |   4 +
 mac-vpn/helpers/run-vpn.sh |  22 ++++
 mod/event_socket.conf.xml  |  11 --
 mod/external.xml           | 113 ----------------
 rc.local                   |   2 +
 setup.sh                   | 257 +++----------------------------------
 11 files changed, 170 insertions(+), 440 deletions(-)
 delete mode 100644 .travis.yml
 create mode 100644 docker-compose.yml
 create mode 100644 mac-vpn/Dockerfile
 create mode 100755 mac-vpn/helpers/run-vpn.sh
 delete mode 100644 mod/event_socket.conf.xml
 delete mode 100644 mod/external.xml
 create mode 100644 rc.local

diff --git a/.gitignore b/.gitignore
index 5e22a1f..b510c6f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 id_rsa.pub
+mac-vpn/docker-for-mac.ovpn
+mac-vpn/config
+certs/
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 3a8555b..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-sudo: required
-
-services:
-  - docker
-
-script:
-  - docker build -t bigbluebutton/bigbluebutton:master .
-
-after_script:
-  - docker images
-
-before_deploy:
-  - docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
-
-deploy:
-  provider: script
-  script: docker push bigbluebutton/bigbluebutton:master
-  on:
-    branch: master
-
-notifications:
-  slack:
-    secure: 45+AWSHhNUFPUpDQY88tW5cquLhP7epb5hE1GXcWX0+5rAomY0W8cw1B9L57iCgzU0rFV9ztm3pKqijYuG7BWxts7nLpAvNQWzLy5IqqBoy1sclKAT1upIUCu72iqJog32Vx+XJUyZDVpsqMyp/VR2zCAqtgh8ThdgNhuLCkVTB7ZGLGaU7yCQYdP4tfYape/ISYbRr2qKDi5qWQ61kUAChkEGeYN7gbQkvR8szuaDR4tj/zOmE/2R1xR/PAZz0We6SpzQjCebf4vfp6adF2na9Ev/bKlMEIKyA2KYp5YOkZQcdrj9/FeR2muUD4IgBAOdUiinVhvYs6Ig7o1xeBQ6YLA9FWOSj8XTuGC+C9K4VJGXqDjefRSf11pmFSbMlXA66r/CQZslcnQrZu06ns5jMR46jiUYqXvU5vzg+4oPFyNso+SuQ9R7RtTHYDxCrTFEr4DlYVZ25D6FNX4ZD2Uu5FQDxKxJaDk9xMxMAEXrUMABe3tZyeNabyiKIt7RkHVJiadpF7oEuwD7luQmfPd9blbRE7ZcqArT10RIQGMAEHQ+8XnSfWfb+4v6l1xYiL6ifT+/6P+xfXWNH5JNCDptER28Hf1R4bUF8joi/sn037F3/1bOXiE6TlLqaerZe6qK/FfM5SPgLv0LmMtxEKkG4ta8GzDMwSC43jzB0OSr8=
diff --git a/Dockerfile b/Dockerfile
index a8df291..832a773 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,20 +2,28 @@ FROM ubuntu:16.04
 MAINTAINER ffdixon@bigbluebutton.org
 
 ENV DEBIAN_FRONTEND noninteractive
-# RUN echo 'Acquire::http::Proxy "http://192.168.2.69:3142";'  > /etc/apt/apt.conf.d/01proxy
-RUN apt-get update && apt-get install -y wget apt-transport-https
+ENV container docker
 
-RUN echo "deb http://ubuntu.bigbluebutton.org/xenial-200 bigbluebutton-xenial main " | tee /etc/apt/sources.list.d/bigbluebutton.list
-RUN wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -
+RUN apt-get update && apt-get install -y netcat
+
+# -- Test if we have apt cache running on docker host, if yes, use it.
+RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";'  > /etc/apt/apt.conf.d/01proxy
+
+# -- Install utils
+RUN apt-get update && apt-get install -y wget apt-transport-https
 
 RUN apt-get install -y language-pack-en
 RUN update-locale LANG=en_US.UTF-8
 
-RUN apt-get update && apt-get install -y wget software-properties-common
+# -- Install system utils
+RUN apt-get update 
+RUN apt-get install -y --no-install-recommends apt-utils
+RUN apt-get install -y wget software-properties-common
 
-RUN add-apt-repository ppa:jonathonf/ffmpeg-4 -y
-RUN LC_CTYPE=en_US.UTF-8 add-apt-repository ppa:rmescandon/yq -y
-RUN apt-get update && apt-get -y dist-upgrade
+# -- Install yq 
+RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:rmescandon/yq
+RUN apt update
+RUN LC_CTYPE=C.UTF-8 apt install yq -y
 
 # -- Setup tomcat7 to run under docker
 RUN apt-get install -y \
@@ -29,41 +37,31 @@ RUN sed -i 's|securerandom.source=file:/dev/random|securerandom.source=file:/dev
 ADD mod/tomcat7 /etc/init.d/tomcat7
 RUN chmod +x /etc/init.d/tomcat7
 
-# -- Install BigBlueButton
-RUN echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections
-RUN apt-get install -y bigbluebutton 
-RUN apt-get install -y bbb-demo 
+# -- Modify systemd to be able to run inside container
+RUN apt-get update \
+    && apt-get install -y systemd
 
-# -- Install mongodb (for HTML5 client)
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
-RUN echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
-RUN sudo apt-get update && sudo apt-get install -y mongodb-org curl
+# -- Install Dependencies
+RUN apt-get install -y mlocate strace iputils-ping telnet tcpdump vim htop
 
-# -- Install nodejs (for HTML5 client)
-RUN apt-get install -y apt-transport-https
-RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
-RUN echo 'deb http://deb.nodesource.com/node_8.x xenial main' > /etc/apt/sources.list.d/nodesource.list
-RUN echo 'deb-src http://deb.nodesource.com/node_8.x xenial main' >> /etc/apt/sources.list.d/nodesource.list
-RUN apt-get update && apt-get install -y nodejs 
+# -- Install nginx (in order to enable it - to avoid the "nginx.service is not active" error)
+RUN apt-get install -y nginx
+RUN systemctl enable nginx
 
-# -- Install HTML5 client
-RUN apt-get install -y bbb-html5
+# -- Disable unneeded services
+RUN systemctl disable systemd-journal-flush
+RUN systemctl disable systemd-update-utmp.service
 
-RUN apt-get update 
-RUN apt-get install -y coturn xmlstarlet vim mlocate
+# -- Finish startup 
+#    Add a number there to force update of files on build
+RUN echo "Finishing ... @12"
+RUN mkdir /opt/docker-bbb/
+RUN wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh -O- | sed 's|https://\$PACKAGE_REPOSITORY|http://\$PACKAGE_REPOSITORY|g' > /opt/docker-bbb/bbb-install.sh
+RUN chmod 755 /opt/docker-bbb/bbb-install.sh
+ADD setup.sh /opt/docker-bbb/setup.sh
+ADD rc.local /etc/
+RUN chmod 755 /etc/rc.local
 
-# -- Install supervisor to run all the BigBlueButton processes (replaces systemd)
-RUN apt-get install -y supervisor
-RUN mkdir -p /var/log/supervisor
-ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-
-# -- Modify FreeSWITCH event_socket.conf.xml to listen to IPV4
-ADD mod/event_socket.conf.xml /opt/freeswitch/etc/freeswitch/autoload_configs
-ADD mod/external.xml          /opt/freeswitch/conf/sip_profiles/external.xml
-
-# RUN apt-get install -y bbb-etherpad
-
-# -- Finish startup
-ADD setup.sh /root/setup.sh
-ENTRYPOINT ["/root/setup.sh"]
+ENTRYPOINT ["/bin/systemd", "--system", "--unit=multi-user.target"]
 CMD []
+
diff --git a/README.md b/README.md
index bd19e1e..5f97fd2 100644
--- a/README.md
+++ b/README.md
@@ -1,26 +1,39 @@
 # BigBlueButton Docker
 
-![Travis CI](https://travis-ci.org/bigbluebutton/docker.svg?branch=master)
-![Docker Pulls](https://img.shields.io/docker/pulls/bigbluebutton/bigbluebutton.svg)
+## Setting up the SSL
+Generate a certificate to your container using letsencrypt and then copy your certificate to certs/ folder with the commands:
+```
+mkdir certs/
+cp fullchain.pem certs/
+cp privkey.pem certs/
+```
 
-These are scripts to build a Docker that runs BigBlueButton with both the Flash and HTML5 client.  To build the Docker container, run the command
+## Creating container
+```
+docker-compose build bbb
+NAME=bbb001 DOMAIN=bbbvm.imdt.com.br sh -c 'docker-compose run --name $NAME bbb'
+```
 
-~~~
-docker build -t bigbluebutton .
-~~~
+## Defining an entry in your `/etc/hosts` file
+```
+docker exec -it bbb001 ifconfig eth0
+```
 
-Here we called the BigBlueButton container `bigbluebutton`. To run BigBlueButton in Docker, run the command
+## MAC users
+Docker for Mac OS doesn't allow direct access to container IP's.
 
-~~~
-docker run --rm -p 80:80/tcp -p 1935:1935 -p 3478:3478 -p 3478:3478/udp bigbluebutton -h <HOST_IP>
-~~~
+In order to access the BBB container from your MAC os host, you can use openvpn:
 
-Make sure you provide the host IP of the server on which you run the docker command. Once running, you can navigate to `http://<HOST_IP>` to access your BigBlueButton server.
+1. Build containers:
+```
+docker-compose build mac_proxy mac_openvpn
+```
 
-For details see the [setup instructions](http://docs.bigbluebutton.org/install/docker.html).
+2. Add `comp-lzo no` at bottom of `mac-vpn/docker-for-mac.ovpn`
 
-## Future Plans
+3. Install openvpn configuration generated on `mac-vpn/docker-for-mac.ovpn` (double click and open on Tunnelblick)
 
-Our goal was to allow developers to run BigBlueButton server with a single command.  This Docker image is not meant for production use, but rather for testing and trying out BigBlueButton.
-
-Still, it good step towards separating BigBlueButton into individual components for running under docker-compose or kubernetes.
+4. Start containers
+```
+docker-compose start mac_proxy mac_openvpn
+```
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..0571a82
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,52 @@
+version: '2'
+
+networks:
+  backend:
+
+services:
+  bbb:
+    build: .
+    privileged: true
+    environment:
+      - "NAME=${NAME}"
+      - "DOMAIN=${DOMAIN}"
+    hostname: ${NAME}.${DOMAIN}
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - container=docker
+    tmpfs:
+      - /run
+      - /run/lock
+      - /tmp
+    volumes:
+      - ./certs/:/local/certs/
+      - /var/run/docker.sock:/var/run/docker.sock
+    security_opt:
+      - seccomp:unconfined
+    networks:
+      - backend
+
+  mac_proxy:
+      build: mac-vpn/
+      ports:
+          - "127.0.0.1:13194:13194"
+      command: TCP-LISTEN:13194,fork TCP:172.17.0.1:1194
+      restart: always
+      networks:
+        - backend
+
+  mac_openvpn:
+      image: kylemanna/openvpn
+      volumes:
+          - ./mac-vpn:/local
+          - ./mac-vpn/config:/etc/openvpn
+      network_mode: host
+      privileged: true
+      cap_add:
+          - NET_ADMIN
+      environment:
+          dest: docker-for-mac.ovpn
+          DEBUG: '1'
+      command: /local/helpers/run-vpn.sh
+      restart: always
diff --git a/mac-vpn/Dockerfile b/mac-vpn/Dockerfile
new file mode 100644
index 0000000..bc5892c
--- /dev/null
+++ b/mac-vpn/Dockerfile
@@ -0,0 +1,4 @@
+FROM alpine
+RUN apk add --no-cache socat
+ENTRYPOINT ["socat"]
+
diff --git a/mac-vpn/helpers/run-vpn.sh b/mac-vpn/helpers/run-vpn.sh
new file mode 100755
index 0000000..a05ba64
--- /dev/null
+++ b/mac-vpn/helpers/run-vpn.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+dest=${dest:-docker.ovpn}
+
+if [ ! -f "/local/$dest" ]; then
+    echo "*** REGENERATING ALL CONFIGS ***"
+    set -ex
+    #rm -rf /etc/openvpn/*
+    ovpn_genconfig -u tcp://localhost
+    sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf
+    echo localhost | ovpn_initpki nopass
+    easyrsa build-client-full host nopass
+    ovpn_getclient host | sed '
+    	s|localhost 1194|localhost 13194|;
+	s|redirect-gateway.*|route 172.16.0.0 255.240.0.0|;
+    ' > "/local/$dest"
+fi
+
+# Workaround for https://github.com/wojas/docker-mac-network/issues/6
+/sbin/iptables -I FORWARD 1 -i tun+ -j ACCEPT
+
+exec ovpn_run
diff --git a/mod/event_socket.conf.xml b/mod/event_socket.conf.xml
deleted file mode 100644
index 05e74d4..0000000
--- a/mod/event_socket.conf.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<configuration name="event_socket.conf" description="Socket Client">
-  <settings>
-    <param name="nat-map" value="false"/>
-    <param name="listen-ip" value="127.0.0.1"/> 
-    <param name="listen-port" value="8021"/>
-    <param name="password" value="ClueCon"/>
-    <!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
-    <!--<param name="stop-on-bind-error" value="true"/>-->
-  </settings>
-</configuration>
-
diff --git a/mod/external.xml b/mod/external.xml
deleted file mode 100644
index 9d813c9..0000000
--- a/mod/external.xml
+++ /dev/null
@@ -1,113 +0,0 @@
-<profile name="external">
-  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
-  <!-- This profile is only for outbound registrations to providers -->
-  <gateways>
-    <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
-  </gateways>
-
-  <aliases>
-    <!--
-        <alias name="outbound"/>
-        <alias name="nat"/>
-    -->
-  </aliases>
-
-  <domains>
-    <domain name="all" alias="false" parse="true"/>
-  </domains>
-
-  <settings>
-    <param name="debug" value="0"/>
-    <!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
-    <!-- <param name="shutdown-on-fail" value="true"/> -->
-    <param name="sip-trace" value="no"/>
-    <param name="sip-capture" value="no"/>
-    <param name="rfc2833-pt" value="101"/>
-    <!-- RFC 5626 : Send reg-id and sip.instance -->
-    <!--<param name="enable-rfc-5626" value="true"/> -->
-    <param name="sip-port" value="$${external_sip_port}"/>
-    <param name="dialplan" value="XML"/>
-    <param name="context" value="public"/>
-    <param name="dtmf-duration" value="2000"/>
-    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
-    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
-    <param name="hold-music" value="$${hold_music}"/>
-    <param name="rtp-timer-name" value="soft"/>
-    <!--<param name="enable-100rel" value="true"/>-->
-    <!--<param name="disable-srv503" value="true"/>-->
-    <!-- This could be set to "passive" -->
-    <param name="local-network-acl" value="localnet.auto"/>
-    <param name="manage-presence" value="false"/>
-
-    <!-- used to share presence info across sofia profiles
-         manage-presence needs to be set to passive on this profile
-         if you want it to behave as if it were the internal profile
-         for presence.
-    -->
-    <!-- Name of the db to use for this profile -->
-    <!--<param name="dbname" value="share_presence"/>-->
-    <!--<param name="presence-hosts" value="$${domain}"/>-->
-    <!--<param name="force-register-domain" value="$${domain}"/>-->
-    <!--all inbound reg will stored in the db using this domain -->
-    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
-    <!-- ************************************************* -->
-
-    <!--<param name="aggressive-nat-detection" value="true"/>-->
-    <param name="inbound-codec-negotiation" value="generous"/>
-    <param name="nonce-ttl" value="60"/>
-    <param name="auth-calls" value="false"/>
-    <param name="inbound-late-negotiation" value="true"/>
-    <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
-    <!--
-        DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-    <param name="rtp-ip" value="$${local_ip_v4}"/>
-    <param name="sip-ip" value="$${local_ip_v4}"/>
-    <param name="ext-rtp-ip" value="auto-nat"/>
-    <param name="ext-sip-ip" value="auto-nat"/>
-    -->
-
-    <param name="rtp-ip" value="$${local_ip_v4}"/>
-    <param name="sip-ip" value="$${local_ip_v4}"/>
-    <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
-    <param name="ext-sip-ip" value="$${local_ip_v4}"/>
-
-    <param name="rtp-timeout-sec" value="300"/>
-    <param name="rtp-hold-timeout-sec" value="1800"/>
-    <param name="enable-3pcc" value="true"/>
-
-    <!-- TLS: disabled by default, set to "true" to enable -->
-    <param name="tls" value="$${external_ssl_enable}"/>
-    <!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
-    <param name="tls-only" value="false"/>
-    <!-- additional bind parameters for TLS -->
-    <param name="tls-bind-params" value="transport=tls"/>
-    <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
-    <param name="tls-sip-port" value="$${external_tls_port}"/>
-    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
-    <!--<param name="tls-cert-dir" value=""/>-->
-    <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
-    <param name="tls-passphrase" value=""/>
-    <!-- Verify the date on TLS certificates -->
-    <param name="tls-verify-date" value="true"/>
-    <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
-    <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
-    <param name="tls-verify-policy" value="none"/>
-    <!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
-    <param name="tls-verify-depth" value="2"/>
-    <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
-    <param name="tls-verify-in-subjects" value=""/>
-    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
-    <param name="tls-version" value="$${sip_tls_version}"/>
-    <param name="ws-binding"  value=":5066"/>
-    <param name="apply-candidate-acl" value="webrtc-turn"/>
-
-    <!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
-    <param name="rtcp-audio-interval-msec" value="5000"/>
-    <param name="rtcp-video-interval-msec" value="5000"/>
-
-    <!-- Cut down in the join time -->
-    <param name="dtmf-type" value="info"/>
-    <param name="liberal-dtmf" value="true"/>
-  </settings>
-</profile>
-
diff --git a/rc.local b/rc.local
new file mode 100644
index 0000000..0eee91b
--- /dev/null
+++ b/rc.local
@@ -0,0 +1,2 @@
+#!/bin/sh
+[ ! -f /opt/docker-bbb/setup-executed ] && /opt/docker-bbb/setup.sh
diff --git a/setup.sh b/setup.sh
index 06a706e..fc2e8dd 100755
--- a/setup.sh
+++ b/setup.sh
@@ -19,249 +19,32 @@
 #
 set -x
 
-change_var_value () {
-  sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
-}
+cd "$(dirname "$0")"
 
-change_yml_value () {
-  sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1
-}
+useradd bbb
+mkdir /home/bbb
+chown bbb /home/bbb
+echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
 
+./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
+sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
 
-# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935 -p 5066:5066 -p 3478:3478 -p 3478:3478/udp b2 -h 192.168.0.130
+# Repository is broken (remove it later)
+cd /usr/local/bigbluebutton/bbb-webrtc-sfu/
+npm install --unsafe-perm
 
-while getopts ":eh:s:" opt; do
-  case $opt in
-    e)
-      env
-      exit
-      ;;
-    h)
-      HOST=$OPTARG
-      ;;
-    s)
-      SECRET=$OPTARG
-      ;;
-    :)
-      echo "Missing option argument for -$OPTARG" >&2;
-      exit 1
-      ;;
-    \?)
-      echo "Invalid option: -$OPTARG" >&2
-      cat<<HERE
-Docker startup script for BigBlueButton.
+# Allow to have executable files in /tmp/ folder (tomcat JNA)
+mount /tmp -o remount,exec
 
-  -h   Hostname for BigBlueButton server
-  -s   Shared secret
-
-HERE
-      exit 1
-      ;;
-    :)
-      echo "Option -$OPTARG requires an argument." >&2
-      exit 1
-      ;;
-  esac
-done
-
-apt-get install -y bbb-demo && /etc/init.d/tomcat7 start
-while [ ! -f /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp ]; do sleep 1; done
-sudo /etc/init.d/tomcat7 stop
-
-# In a standard BigBlueButton server you would use `bbb-conf --setip IP` to configure it listen to a given IP, but
-# we are using supervisorctl (not systemd) in, so we apply all the configuration changes before running supervisorctl at
-# the end of this script
-
-
-# Setup the BigBlueButton configuration files
-#
-PROTOCOL_HTTP=http
-PROTOCOL_RTMP=rtmp
-
-IP=$(echo "$(LANG=c ifconfig  | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^et.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')$(LANG=c ifconfig  | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^en.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')" | head -n1)
-
-xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]/@data' --value "external_rtp_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
-xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]/@data' --value "external_sip_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
-xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]/@data' --value "local_ip_v4=${IP}" /opt/freeswitch/conf/vars.xml
-
-if [ -f /opt/freeswitch/conf/sip_profiles/external-ipv6.xml ]; then
-  mv /opt/freeswitch/conf/sip_profiles/external-ipv6.xml /opt/freeswitch/conf/sip_profiles/external-ipv6.xml_
-fi
-if [ -f /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml ]; then
-  mv /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml_
-fi
-
-sed -i "s/proxy_pass .*/proxy_pass $PROTOCOL_HTTP:\/\/$IP:5066;/g" /etc/bigbluebutton/nginx/sip.nginx
-
-sed -i "s/http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_HTTP:\/\/$HOST\2/g"  /var/www/bigbluebutton/client/conf/config.xml
-sed -i "s/rtmp[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_RTMP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
-
-sed -i "s/server_name  .*/server_name  $HOST;/g" /etc/nginx/sites-available/bigbluebutton
-
-sed -i "s/bigbluebutton.web.serverURL=http[s]*:\/\/.*/bigbluebutton.web.serverURL=$PROTOCOL_HTTP:\/\/$HOST/g" \
-  /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
-
-# Update Java screen share configuration
-change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties streamBaseUrl rtmp://$HOST/screenshare
-change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpUrl $PROTOCOL_HTTP://$HOST/screenshare
-change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpFile $PROTOCOL_HTTP://$HOST/screenshare/screenshare.jnlp
-
-change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties bbb.sip.app.ip $IP
-change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties freeswitch.ip $IP
-
-change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoUrl "ws://$IP:8888/kurento"
-change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoIp "$IP"
-change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml localIpAddress "$IP"
-change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml ip "$IP"
-
-sed -i  "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL_HTTP}:\/\/$HOST\/bigbluebutton\/api\"/g" \
-  /usr/share/bbb-apps-akka/conf/application.conf
-sed -i "s/bbbWebHost[ ]*=[ ]*\"[^\"]*\"/bbbWebHost=\"$HOST\"/g" \
-  /usr/share/bbb-apps-akka/conf/application.conf
-sed -i "s/deskshareip[ ]*=[ ]*\"[^\"]*\"/deskshareip=\"$HOST\"/g" \
-  /usr/share/bbb-apps-akka/conf/application.conf
-sed -i  "s/defaultPresentationURL[ ]*=[ ]*\"[^\"]*\"/defaultPresentationURL=\"${PROTOCOL_HTTP}:\/\/$HOST\/default.pdf\"/g" \
-  /usr/share/bbb-apps-akka/conf/application.conf
-
-cat > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini  << HERE
-; Only IP address are supported, not domain names for addresses
-; You have to find a valid stun server. You can check if it works
-; using this tool:
-;   http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
-;stunServerAddress=64.233.177.127
-;stunServerPort=19302
-
-turnURL=kurento:kurento@${HOST}:3478
-
-;pemCertificate is deprecated. Please use pemCertificateRSA instead
-;pemCertificate=<path>
-;pemCertificateRSA=<path>
-;pemCertificateECDSA=<path>
-HERE
-
-TURN_SECRET=`openssl rand -hex 16`
-
-# Configure coturn to handle incoming UDP connections
-cat > /etc/turnserver.conf << HERE
-denied-peer-ip=0.0.0.0-255.255.255.255
-allowed-peer-ip=$IP
-fingerprint
-lt-cred-mech
-use-auth-secret
-static-auth-secret=$TURN_SECRET
-user=user:password
-log-file=/var/log/turn.log
-HERE
-
-# Setup tomcat7 to share the TURN server information with clients (with matching secret)
-cat > /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/spring/turn-stun-servers.xml << HERE
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" 
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
-   <bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
-      <constructor-arg index="0" value="$TURN_SECRET" />
-      <constructor-arg index="1" value="turn:$HOST:3478" />
-      <constructor-arg index="2" value="86400" />
-   </bean>
-   <bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
-      <constructor-arg index="0" value="$TURN_SECRET" />
-      <constructor-arg index="1" value="turn:$HOST:3478?transport=tcp" />
-      <constructor-arg index="2" value="86400" />
-   </bean>
-   <bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
-      <property name="stunServers">
-         <set />
-      </property>
-      <property name="turnServers">
-         <set>
-            <ref bean="turn0" />
-            <ref bean="turn1" />
-         </set>
-      </property>
-      <property name="remoteIceCandidates">
-         <set />
-      </property>
-   </bean>
-</beans>
-HERE
-
-cat > /opt/freeswitch/conf/autoload_configs/acl.conf.xml << HERE
-<configuration name="acl.conf" description="Network Lists">
-  <network-lists>
-    <list name="domains" default="allow">
-      <!-- domain= is special it scans the domain from the directory to build the ACL -->
-      <node type="allow" domain="\$\${domain}"/>
-      <!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
-      <!-- <node type="allow" cidr="192.168.0.0/24"/> -->
-    </list>
-
-    <list name="webrtc-turn" default="deny">
-      <node type="allow" cidr="$IP/32"/>
-    </list>
-
-  </network-lists>
-</configuration>
-HERE
-
-
-# Ensure bbb-apps-akka has the latest shared secret from bbb-web
-if [ -z "$SECRET" ]; then 
-  SECRET=$(cat /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | grep securitySalt | cut -d= -f2);
-else
-  change_var_value /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties securitySalt $SECRET
-  sed -i "s/String salt = .*/String salt = \"$SECRET\";/g" /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
-fi
-
-sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
-  /usr/share/bbb-apps-akka/conf/application.conf
-
-sed -i "s/BigBlueButtonURL = \"http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/BigBlueButtonURL = \"$PROTOCOL_HTTP:\/\/$HOST\2/g" \
-  /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
-
-sed -i "s/playback_host: .*/playback_host: $HOST/g" /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
-
-sed -i 's/daemonize no/daemonize yes/g' /etc/redis/redis.conf
-
-sed -i "s|\"wsUrl.*|\"wsUrl\": \"ws://$HOST/bbb-webrtc-sfu\",|g" \
-  /usr/share/meteor/bundle/programs/server/assets/app/config/settings-production.json
-
-rm /usr/share/red5/log/sip.log
-
-# Add a sleep to each recording process so we can restart with supervisord
-# (This works around the limitation that supervisord can't restart after intervals)
-sed -i 's/BigBlueButton.logger.debug("rap-archive-worker done")/sleep 20; BigBlueButton.logger.debug("rap-archive-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-archive-worker.rb
-sed -i 's/BigBlueButton.logger.debug("rap-process-worker done")/sleep 20; BigBlueButton.logger.debug("rap-process-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-process-worker.rb
-sed -i 's/BigBlueButton.logger.debug("rap-sanity-worker done")/sleep 20 ; BigBlueButton.logger.debug("rap-sanity-worker done")/g'  /usr/local/bigbluebutton/core/scripts/rap-sanity-worker.rb
-sed -i 's/BigBlueButton.logger.debug("rap-publish-worker done")/sleep 20; BigBlueButton.logger.debug("rap-publish-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-publish-worker.rb
-
-# Start BigBlueButton!
-#
-
-export NODE_ENV=production
-
-export DAEMON_LOG=/var/log/kurento-media-server
-export GST_DEBUG="3,Kurento*:4,kms*:4"
-export KURENTO_LOGS_PATH=$DAEMON_LOG
-
-cat << HERE
-
-BigBlueButton is now starting up.  You can access the API demos here (use FireFox for WebRTC audio/video)
-
-  http://$HOST/demo/demo1.jsp
-
-For API calls, use the following credentials
-
-   host: $HOST
- secret: $SECRET
-
-To interactively create API calls, here's a link to configure APIMate
-
-  http://mconf.github.io/api-mate/#server=http://$HOST/bigbluebutton/&sharedSecret=$SECRET
-
-HERE
+# Restart
+bbb-conf --restart
 
+# Update files
 updatedb
 
-exec /usr/bin/supervisord > /var/log/supervisord.log
+# Tell system to not run this script again
+touch /opt/docker-bbb/setup-executed
+
+echo "BBB configuration completed.";
+exit 0;
 

From 1ec6490c8fdde233ce7b5801067a298f615e4352 Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 00:46:05 -0300
Subject: [PATCH 2/7] Add default password and improve README

---
 Dockerfile |  2 +-
 README.md  | 24 +++++++++++++++++++++++-
 setup.sh   |  2 ++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 832a773..7c8fb59 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -54,7 +54,7 @@ RUN systemctl disable systemd-update-utmp.service
 
 # -- Finish startup 
 #    Add a number there to force update of files on build
-RUN echo "Finishing ... @12"
+RUN echo "Finishing ... @13"
 RUN mkdir /opt/docker-bbb/
 RUN wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh -O- | sed 's|https://\$PACKAGE_REPOSITORY|http://\$PACKAGE_REPOSITORY|g' > /opt/docker-bbb/bbb-install.sh
 RUN chmod 755 /opt/docker-bbb/bbb-install.sh
diff --git a/README.md b/README.md
index 5f97fd2..52b9ef3 100644
--- a/README.md
+++ b/README.md
@@ -13,12 +13,34 @@ cp privkey.pem certs/
 docker-compose build bbb
 NAME=bbb001 DOMAIN=bbbvm.imdt.com.br sh -c 'docker-compose run --name $NAME bbb'
 ```
-
 ## Defining an entry in your `/etc/hosts` file
+
+In order to access the container, you need to get the IP address of container by running the following command:
+
 ```
 docker exec -it bbb001 ifconfig eth0
 ```
 
+After that, add a line in your `/etc/hosts` file with the full domain name specified at previous step.
+
+## Useful commands
+
+### Start container (after host reboot)
+```
+docker start bbb001
+docker attach bbb001
+```
+
+### Stop the container
+```
+docker stop bbb001
+```
+
+### Kill the container (force exit)
+```
+docker kill bbb001
+```
+
 ## MAC users
 Docker for Mac OS doesn't allow direct access to container IP's.
 
diff --git a/setup.sh b/setup.sh
index fc2e8dd..cf3304d 100755
--- a/setup.sh
+++ b/setup.sh
@@ -26,6 +26,8 @@ mkdir /home/bbb
 chown bbb /home/bbb
 echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
 
+RUN echo "bbb:bbb" | chpasswd
+
 ./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
 sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
 

From f30af58388ca9e42213fe535e154fa192e5f51ab Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 00:49:08 -0300
Subject: [PATCH 3/7] Add more details to README file

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 52b9ef3..f1deaa8 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,10 @@ cp privkey.pem certs/
 ```
 
 ## Creating container
+In order to create the container you must specify the hostname of container and the domain name.
+
+In this example your container will be acessible from https://bbb001.bbbvm.imdt.com.br :
+
 ```
 docker-compose build bbb
 NAME=bbb001 DOMAIN=bbbvm.imdt.com.br sh -c 'docker-compose run --name $NAME bbb'
@@ -23,6 +27,11 @@ docker exec -it bbb001 ifconfig eth0
 
 After that, add a line in your `/etc/hosts` file with the full domain name specified at previous step.
 
+In this example, the line added on hosts file is:
+```
+172.20.0.2      bbb001.bbbvm.imdt.com.br
+```
+
 ## Useful commands
 
 ### Start container (after host reboot)

From ca969900fb6e9ca9086d1fda1906df3f7f6115d4 Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 01:46:00 -0300
Subject: [PATCH 4/7] Fix change of default password

---
 setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.sh b/setup.sh
index cf3304d..ff1c58e 100755
--- a/setup.sh
+++ b/setup.sh
@@ -26,7 +26,7 @@ mkdir /home/bbb
 chown bbb /home/bbb
 echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
 
-RUN echo "bbb:bbb" | chpasswd
+echo "bbb:bbb" | chpasswd
 
 ./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
 sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml

From 697fd054fb74db0fe8caf3edb3ed1e458dbca94e Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 01:46:31 -0300
Subject: [PATCH 5/7] Comment apt cache line

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7c8fb59..4c07ca6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ ENV container docker
 RUN apt-get update && apt-get install -y netcat
 
 # -- Test if we have apt cache running on docker host, if yes, use it.
-RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";'  > /etc/apt/apt.conf.d/01proxy
+# RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";'  > /etc/apt/apt.conf.d/01proxy
 
 # -- Install utils
 RUN apt-get update && apt-get install -y wget apt-transport-https

From 41e63c71b17c7ce072236a79b69a5c18809a2f08 Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 01:50:43 -0300
Subject: [PATCH 6/7] Remount tmp before installing BBB (allow packages to run
 scripts in /tmp)

---
 setup.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup.sh b/setup.sh
index ff1c58e..ffd8325 100755
--- a/setup.sh
+++ b/setup.sh
@@ -28,6 +28,9 @@ echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
 
 echo "bbb:bbb" | chpasswd
 
+# Allow to have executable files in /tmp/ folder (tomcat JNA)
+mount /tmp -o remount,exec
+
 ./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
 sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
 
@@ -35,9 +38,6 @@ sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_so
 cd /usr/local/bigbluebutton/bbb-webrtc-sfu/
 npm install --unsafe-perm
 
-# Allow to have executable files in /tmp/ folder (tomcat JNA)
-mount /tmp -o remount,exec
-
 # Restart
 bbb-conf --restart
 

From e4e92211b023901c9e6c8dac8499a548e5acf561 Mon Sep 17 00:00:00 2001
From: Tiago Daniel Jacobs <tiago@imdt.com.br>
Date: Mon, 9 Dec 2019 11:51:02 -0300
Subject: [PATCH 7/7] Improve README

---
 README.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/README.md b/README.md
index f1deaa8..7b74c17 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,36 @@
 # BigBlueButton Docker
 
+## Dependencies
+
+This container depends on docker-ce.
+
+1 - Make sure you don't have docker installed:
+`sudo apt-get remove docker docker-engine docker.io`
+
+2 - Install docker-ce:
+```
+sudo apt-get update;
+sudo apt-get install \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    software-properties-common;
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+
+sudo apt-get update
+
+sudo apt-get install docker-ce
+
+sudo addgroup `whoami` docker
+
+```
+
 ## Setting up the SSL
 Generate a certificate to your container using letsencrypt and then copy your certificate to certs/ folder with the commands:
 ```