mirror of
https://github.com/bigbluebutton/docker.git
synced 2024-11-26 10:03:25 +01:00
commit
78d9de9866
3
.gitignore
vendored
3
.gitignore
vendored
@ -1 +1,4 @@
|
||||
id_rsa.pub
|
||||
mac-vpn/docker-for-mac.ovpn
|
||||
mac-vpn/config
|
||||
certs/
|
||||
|
23
.travis.yml
23
.travis.yml
@ -1,23 +0,0 @@
|
||||
sudo: required
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
script:
|
||||
- docker build -t bigbluebutton/bigbluebutton:master .
|
||||
|
||||
after_script:
|
||||
- docker images
|
||||
|
||||
before_deploy:
|
||||
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
|
||||
|
||||
deploy:
|
||||
provider: script
|
||||
script: docker push bigbluebutton/bigbluebutton:master
|
||||
on:
|
||||
branch: master
|
||||
|
||||
notifications:
|
||||
slack:
|
||||
secure: 45+AWSHhNUFPUpDQY88tW5cquLhP7epb5hE1GXcWX0+5rAomY0W8cw1B9L57iCgzU0rFV9ztm3pKqijYuG7BWxts7nLpAvNQWzLy5IqqBoy1sclKAT1upIUCu72iqJog32Vx+XJUyZDVpsqMyp/VR2zCAqtgh8ThdgNhuLCkVTB7ZGLGaU7yCQYdP4tfYape/ISYbRr2qKDi5qWQ61kUAChkEGeYN7gbQkvR8szuaDR4tj/zOmE/2R1xR/PAZz0We6SpzQjCebf4vfp6adF2na9Ev/bKlMEIKyA2KYp5YOkZQcdrj9/FeR2muUD4IgBAOdUiinVhvYs6Ig7o1xeBQ6YLA9FWOSj8XTuGC+C9K4VJGXqDjefRSf11pmFSbMlXA66r/CQZslcnQrZu06ns5jMR46jiUYqXvU5vzg+4oPFyNso+SuQ9R7RtTHYDxCrTFEr4DlYVZ25D6FNX4ZD2Uu5FQDxKxJaDk9xMxMAEXrUMABe3tZyeNabyiKIt7RkHVJiadpF7oEuwD7luQmfPd9blbRE7ZcqArT10RIQGMAEHQ+8XnSfWfb+4v6l1xYiL6ifT+/6P+xfXWNH5JNCDptER28Hf1R4bUF8joi/sn037F3/1bOXiE6TlLqaerZe6qK/FfM5SPgLv0LmMtxEKkG4ta8GzDMwSC43jzB0OSr8=
|
78
Dockerfile
78
Dockerfile
@ -2,20 +2,28 @@ FROM ubuntu:16.04
|
||||
MAINTAINER ffdixon@bigbluebutton.org
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
# RUN echo 'Acquire::http::Proxy "http://192.168.2.69:3142";' > /etc/apt/apt.conf.d/01proxy
|
||||
RUN apt-get update && apt-get install -y wget apt-transport-https
|
||||
ENV container docker
|
||||
|
||||
RUN echo "deb http://ubuntu.bigbluebutton.org/xenial-200 bigbluebutton-xenial main " | tee /etc/apt/sources.list.d/bigbluebutton.list
|
||||
RUN wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -
|
||||
RUN apt-get update && apt-get install -y netcat
|
||||
|
||||
# -- Test if we have apt cache running on docker host, if yes, use it.
|
||||
# RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";' > /etc/apt/apt.conf.d/01proxy
|
||||
|
||||
# -- Install utils
|
||||
RUN apt-get update && apt-get install -y wget apt-transport-https
|
||||
|
||||
RUN apt-get install -y language-pack-en
|
||||
RUN update-locale LANG=en_US.UTF-8
|
||||
|
||||
RUN apt-get update && apt-get install -y wget software-properties-common
|
||||
# -- Install system utils
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y --no-install-recommends apt-utils
|
||||
RUN apt-get install -y wget software-properties-common
|
||||
|
||||
RUN add-apt-repository ppa:jonathonf/ffmpeg-4 -y
|
||||
RUN LC_CTYPE=en_US.UTF-8 add-apt-repository ppa:rmescandon/yq -y
|
||||
RUN apt-get update && apt-get -y dist-upgrade
|
||||
# -- Install yq
|
||||
RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:rmescandon/yq
|
||||
RUN apt update
|
||||
RUN LC_CTYPE=C.UTF-8 apt install yq -y
|
||||
|
||||
# -- Setup tomcat7 to run under docker
|
||||
RUN apt-get install -y \
|
||||
@ -29,41 +37,31 @@ RUN sed -i 's|securerandom.source=file:/dev/random|securerandom.source=file:/dev
|
||||
ADD mod/tomcat7 /etc/init.d/tomcat7
|
||||
RUN chmod +x /etc/init.d/tomcat7
|
||||
|
||||
# -- Install BigBlueButton
|
||||
RUN echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections
|
||||
RUN apt-get install -y bigbluebutton
|
||||
RUN apt-get install -y bbb-demo
|
||||
# -- Modify systemd to be able to run inside container
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y systemd
|
||||
|
||||
# -- Install mongodb (for HTML5 client)
|
||||
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
|
||||
RUN echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
|
||||
RUN sudo apt-get update && sudo apt-get install -y mongodb-org curl
|
||||
# -- Install Dependencies
|
||||
RUN apt-get install -y mlocate strace iputils-ping telnet tcpdump vim htop
|
||||
|
||||
# -- Install nodejs (for HTML5 client)
|
||||
RUN apt-get install -y apt-transport-https
|
||||
RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
|
||||
RUN echo 'deb http://deb.nodesource.com/node_8.x xenial main' > /etc/apt/sources.list.d/nodesource.list
|
||||
RUN echo 'deb-src http://deb.nodesource.com/node_8.x xenial main' >> /etc/apt/sources.list.d/nodesource.list
|
||||
RUN apt-get update && apt-get install -y nodejs
|
||||
# -- Install nginx (in order to enable it - to avoid the "nginx.service is not active" error)
|
||||
RUN apt-get install -y nginx
|
||||
RUN systemctl enable nginx
|
||||
|
||||
# -- Install HTML5 client
|
||||
RUN apt-get install -y bbb-html5
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y coturn xmlstarlet vim mlocate
|
||||
|
||||
# -- Install supervisor to run all the BigBlueButton processes (replaces systemd)
|
||||
RUN apt-get install -y supervisor
|
||||
RUN mkdir -p /var/log/supervisor
|
||||
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# -- Modify FreeSWITCH event_socket.conf.xml to listen to IPV4
|
||||
ADD mod/event_socket.conf.xml /opt/freeswitch/etc/freeswitch/autoload_configs
|
||||
ADD mod/external.xml /opt/freeswitch/conf/sip_profiles/external.xml
|
||||
|
||||
# RUN apt-get install -y bbb-etherpad
|
||||
# -- Disable unneeded services
|
||||
RUN systemctl disable systemd-journal-flush
|
||||
RUN systemctl disable systemd-update-utmp.service
|
||||
|
||||
# -- Finish startup
|
||||
ADD setup.sh /root/setup.sh
|
||||
ENTRYPOINT ["/root/setup.sh"]
|
||||
# Add a number there to force update of files on build
|
||||
RUN echo "Finishing ... @13"
|
||||
RUN mkdir /opt/docker-bbb/
|
||||
RUN wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh -O- | sed 's|https://\$PACKAGE_REPOSITORY|http://\$PACKAGE_REPOSITORY|g' > /opt/docker-bbb/bbb-install.sh
|
||||
RUN chmod 755 /opt/docker-bbb/bbb-install.sh
|
||||
ADD setup.sh /opt/docker-bbb/setup.sh
|
||||
ADD rc.local /etc/
|
||||
RUN chmod 755 /etc/rc.local
|
||||
|
||||
ENTRYPOINT ["/bin/systemd", "--system", "--unit=multi-user.target"]
|
||||
CMD []
|
||||
|
||||
|
105
README.md
105
README.md
@ -1,26 +1,101 @@
|
||||
# BigBlueButton Docker
|
||||
|
||||
![Travis CI](https://travis-ci.org/bigbluebutton/docker.svg?branch=master)
|
||||
![Docker Pulls](https://img.shields.io/docker/pulls/bigbluebutton/bigbluebutton.svg)
|
||||
## Dependencies
|
||||
|
||||
These are scripts to build a Docker that runs BigBlueButton with both the Flash and HTML5 client. To build the Docker container, run the command
|
||||
This container depends on docker-ce.
|
||||
|
||||
~~~
|
||||
docker build -t bigbluebutton .
|
||||
~~~
|
||||
1 - Make sure you don't have docker installed:
|
||||
`sudo apt-get remove docker docker-engine docker.io`
|
||||
|
||||
Here we called the BigBlueButton container `bigbluebutton`. To run BigBlueButton in Docker, run the command
|
||||
2 - Install docker-ce:
|
||||
```
|
||||
sudo apt-get update;
|
||||
sudo apt-get install \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
curl \
|
||||
software-properties-common;
|
||||
|
||||
~~~
|
||||
docker run --rm -p 80:80/tcp -p 1935:1935 -p 3478:3478 -p 3478:3478/udp bigbluebutton -h <HOST_IP>
|
||||
~~~
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
|
||||
Make sure you provide the host IP of the server on which you run the docker command. Once running, you can navigate to `http://<HOST_IP>` to access your BigBlueButton server.
|
||||
sudo add-apt-repository \
|
||||
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
|
||||
$(lsb_release -cs) \
|
||||
stable"
|
||||
|
||||
For details see the [setup instructions](http://docs.bigbluebutton.org/install/docker.html).
|
||||
sudo apt-get update
|
||||
|
||||
## Future Plans
|
||||
sudo apt-get install docker-ce
|
||||
|
||||
Our goal was to allow developers to run BigBlueButton server with a single command. This Docker image is not meant for production use, but rather for testing and trying out BigBlueButton.
|
||||
sudo addgroup `whoami` docker
|
||||
|
||||
Still, it good step towards separating BigBlueButton into individual components for running under docker-compose or kubernetes.
|
||||
```
|
||||
|
||||
## Setting up the SSL
|
||||
Generate a certificate to your container using letsencrypt and then copy your certificate to certs/ folder with the commands:
|
||||
```
|
||||
mkdir certs/
|
||||
cp fullchain.pem certs/
|
||||
cp privkey.pem certs/
|
||||
```
|
||||
|
||||
## Creating container
|
||||
In order to create the container you must specify the hostname of container and the domain name.
|
||||
|
||||
In this example your container will be acessible from https://bbb001.bbbvm.imdt.com.br :
|
||||
|
||||
```
|
||||
docker-compose build bbb
|
||||
NAME=bbb001 DOMAIN=bbbvm.imdt.com.br sh -c 'docker-compose run --name $NAME bbb'
|
||||
```
|
||||
## Defining an entry in your `/etc/hosts` file
|
||||
|
||||
In order to access the container, you need to get the IP address of container by running the following command:
|
||||
|
||||
```
|
||||
docker exec -it bbb001 ifconfig eth0
|
||||
```
|
||||
|
||||
After that, add a line in your `/etc/hosts` file with the full domain name specified at previous step.
|
||||
|
||||
In this example, the line added on hosts file is:
|
||||
```
|
||||
172.20.0.2 bbb001.bbbvm.imdt.com.br
|
||||
```
|
||||
|
||||
## Useful commands
|
||||
|
||||
### Start container (after host reboot)
|
||||
```
|
||||
docker start bbb001
|
||||
docker attach bbb001
|
||||
```
|
||||
|
||||
### Stop the container
|
||||
```
|
||||
docker stop bbb001
|
||||
```
|
||||
|
||||
### Kill the container (force exit)
|
||||
```
|
||||
docker kill bbb001
|
||||
```
|
||||
|
||||
## MAC users
|
||||
Docker for Mac OS doesn't allow direct access to container IP's.
|
||||
|
||||
In order to access the BBB container from your MAC os host, you can use openvpn:
|
||||
|
||||
1. Build containers:
|
||||
```
|
||||
docker-compose build mac_proxy mac_openvpn
|
||||
```
|
||||
|
||||
2. Add `comp-lzo no` at bottom of `mac-vpn/docker-for-mac.ovpn`
|
||||
|
||||
3. Install openvpn configuration generated on `mac-vpn/docker-for-mac.ovpn` (double click and open on Tunnelblick)
|
||||
|
||||
4. Start containers
|
||||
```
|
||||
docker-compose start mac_proxy mac_openvpn
|
||||
```
|
||||
|
52
docker-compose.yml
Normal file
52
docker-compose.yml
Normal file
@ -0,0 +1,52 @@
|
||||
version: '2'
|
||||
|
||||
networks:
|
||||
backend:
|
||||
|
||||
services:
|
||||
bbb:
|
||||
build: .
|
||||
privileged: true
|
||||
environment:
|
||||
- "NAME=${NAME}"
|
||||
- "DOMAIN=${DOMAIN}"
|
||||
hostname: ${NAME}.${DOMAIN}
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
environment:
|
||||
- container=docker
|
||||
tmpfs:
|
||||
- /run
|
||||
- /run/lock
|
||||
- /tmp
|
||||
volumes:
|
||||
- ./certs/:/local/certs/
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
security_opt:
|
||||
- seccomp:unconfined
|
||||
networks:
|
||||
- backend
|
||||
|
||||
mac_proxy:
|
||||
build: mac-vpn/
|
||||
ports:
|
||||
- "127.0.0.1:13194:13194"
|
||||
command: TCP-LISTEN:13194,fork TCP:172.17.0.1:1194
|
||||
restart: always
|
||||
networks:
|
||||
- backend
|
||||
|
||||
mac_openvpn:
|
||||
image: kylemanna/openvpn
|
||||
volumes:
|
||||
- ./mac-vpn:/local
|
||||
- ./mac-vpn/config:/etc/openvpn
|
||||
network_mode: host
|
||||
privileged: true
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
environment:
|
||||
dest: docker-for-mac.ovpn
|
||||
DEBUG: '1'
|
||||
command: /local/helpers/run-vpn.sh
|
||||
restart: always
|
4
mac-vpn/Dockerfile
Normal file
4
mac-vpn/Dockerfile
Normal file
@ -0,0 +1,4 @@
|
||||
FROM alpine
|
||||
RUN apk add --no-cache socat
|
||||
ENTRYPOINT ["socat"]
|
||||
|
22
mac-vpn/helpers/run-vpn.sh
Executable file
22
mac-vpn/helpers/run-vpn.sh
Executable file
@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
|
||||
dest=${dest:-docker.ovpn}
|
||||
|
||||
if [ ! -f "/local/$dest" ]; then
|
||||
echo "*** REGENERATING ALL CONFIGS ***"
|
||||
set -ex
|
||||
#rm -rf /etc/openvpn/*
|
||||
ovpn_genconfig -u tcp://localhost
|
||||
sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf
|
||||
echo localhost | ovpn_initpki nopass
|
||||
easyrsa build-client-full host nopass
|
||||
ovpn_getclient host | sed '
|
||||
s|localhost 1194|localhost 13194|;
|
||||
s|redirect-gateway.*|route 172.16.0.0 255.240.0.0|;
|
||||
' > "/local/$dest"
|
||||
fi
|
||||
|
||||
# Workaround for https://github.com/wojas/docker-mac-network/issues/6
|
||||
/sbin/iptables -I FORWARD 1 -i tun+ -j ACCEPT
|
||||
|
||||
exec ovpn_run
|
@ -1,11 +0,0 @@
|
||||
<configuration name="event_socket.conf" description="Socket Client">
|
||||
<settings>
|
||||
<param name="nat-map" value="false"/>
|
||||
<param name="listen-ip" value="127.0.0.1"/>
|
||||
<param name="listen-port" value="8021"/>
|
||||
<param name="password" value="ClueCon"/>
|
||||
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
|
||||
<!--<param name="stop-on-bind-error" value="true"/>-->
|
||||
</settings>
|
||||
</configuration>
|
||||
|
113
mod/external.xml
113
mod/external.xml
@ -1,113 +0,0 @@
|
||||
<profile name="external">
|
||||
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
|
||||
<!-- This profile is only for outbound registrations to providers -->
|
||||
<gateways>
|
||||
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
|
||||
</gateways>
|
||||
|
||||
<aliases>
|
||||
<!--
|
||||
<alias name="outbound"/>
|
||||
<alias name="nat"/>
|
||||
-->
|
||||
</aliases>
|
||||
|
||||
<domains>
|
||||
<domain name="all" alias="false" parse="true"/>
|
||||
</domains>
|
||||
|
||||
<settings>
|
||||
<param name="debug" value="0"/>
|
||||
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
|
||||
<!-- <param name="shutdown-on-fail" value="true"/> -->
|
||||
<param name="sip-trace" value="no"/>
|
||||
<param name="sip-capture" value="no"/>
|
||||
<param name="rfc2833-pt" value="101"/>
|
||||
<!-- RFC 5626 : Send reg-id and sip.instance -->
|
||||
<!--<param name="enable-rfc-5626" value="true"/> -->
|
||||
<param name="sip-port" value="$${external_sip_port}"/>
|
||||
<param name="dialplan" value="XML"/>
|
||||
<param name="context" value="public"/>
|
||||
<param name="dtmf-duration" value="2000"/>
|
||||
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
|
||||
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
|
||||
<param name="hold-music" value="$${hold_music}"/>
|
||||
<param name="rtp-timer-name" value="soft"/>
|
||||
<!--<param name="enable-100rel" value="true"/>-->
|
||||
<!--<param name="disable-srv503" value="true"/>-->
|
||||
<!-- This could be set to "passive" -->
|
||||
<param name="local-network-acl" value="localnet.auto"/>
|
||||
<param name="manage-presence" value="false"/>
|
||||
|
||||
<!-- used to share presence info across sofia profiles
|
||||
manage-presence needs to be set to passive on this profile
|
||||
if you want it to behave as if it were the internal profile
|
||||
for presence.
|
||||
-->
|
||||
<!-- Name of the db to use for this profile -->
|
||||
<!--<param name="dbname" value="share_presence"/>-->
|
||||
<!--<param name="presence-hosts" value="$${domain}"/>-->
|
||||
<!--<param name="force-register-domain" value="$${domain}"/>-->
|
||||
<!--all inbound reg will stored in the db using this domain -->
|
||||
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
|
||||
<!-- ************************************************* -->
|
||||
|
||||
<!--<param name="aggressive-nat-detection" value="true"/>-->
|
||||
<param name="inbound-codec-negotiation" value="generous"/>
|
||||
<param name="nonce-ttl" value="60"/>
|
||||
<param name="auth-calls" value="false"/>
|
||||
<param name="inbound-late-negotiation" value="true"/>
|
||||
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
|
||||
<!--
|
||||
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
|
||||
<param name="rtp-ip" value="$${local_ip_v4}"/>
|
||||
<param name="sip-ip" value="$${local_ip_v4}"/>
|
||||
<param name="ext-rtp-ip" value="auto-nat"/>
|
||||
<param name="ext-sip-ip" value="auto-nat"/>
|
||||
-->
|
||||
|
||||
<param name="rtp-ip" value="$${local_ip_v4}"/>
|
||||
<param name="sip-ip" value="$${local_ip_v4}"/>
|
||||
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
|
||||
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
|
||||
|
||||
<param name="rtp-timeout-sec" value="300"/>
|
||||
<param name="rtp-hold-timeout-sec" value="1800"/>
|
||||
<param name="enable-3pcc" value="true"/>
|
||||
|
||||
<!-- TLS: disabled by default, set to "true" to enable -->
|
||||
<param name="tls" value="$${external_ssl_enable}"/>
|
||||
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
|
||||
<param name="tls-only" value="false"/>
|
||||
<!-- additional bind parameters for TLS -->
|
||||
<param name="tls-bind-params" value="transport=tls"/>
|
||||
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
|
||||
<param name="tls-sip-port" value="$${external_tls_port}"/>
|
||||
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
|
||||
<!--<param name="tls-cert-dir" value=""/>-->
|
||||
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
|
||||
<param name="tls-passphrase" value=""/>
|
||||
<!-- Verify the date on TLS certificates -->
|
||||
<param name="tls-verify-date" value="true"/>
|
||||
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
|
||||
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
|
||||
<param name="tls-verify-policy" value="none"/>
|
||||
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
|
||||
<param name="tls-verify-depth" value="2"/>
|
||||
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
|
||||
<param name="tls-verify-in-subjects" value=""/>
|
||||
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
|
||||
<param name="tls-version" value="$${sip_tls_version}"/>
|
||||
<param name="ws-binding" value=":5066"/>
|
||||
<param name="apply-candidate-acl" value="webrtc-turn"/>
|
||||
|
||||
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
|
||||
<param name="rtcp-audio-interval-msec" value="5000"/>
|
||||
<param name="rtcp-video-interval-msec" value="5000"/>
|
||||
|
||||
<!-- Cut down in the join time -->
|
||||
<param name="dtmf-type" value="info"/>
|
||||
<param name="liberal-dtmf" value="true"/>
|
||||
</settings>
|
||||
</profile>
|
||||
|
2
rc.local
Normal file
2
rc.local
Normal file
@ -0,0 +1,2 @@
|
||||
#!/bin/sh
|
||||
[ ! -f /opt/docker-bbb/setup-executed ] && /opt/docker-bbb/setup.sh
|
257
setup.sh
257
setup.sh
@ -19,249 +19,34 @@
|
||||
#
|
||||
set -x
|
||||
|
||||
change_var_value () {
|
||||
sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
|
||||
}
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
change_yml_value () {
|
||||
sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1
|
||||
}
|
||||
useradd bbb
|
||||
mkdir /home/bbb
|
||||
chown bbb /home/bbb
|
||||
echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
|
||||
|
||||
echo "bbb:bbb" | chpasswd
|
||||
|
||||
# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935 -p 5066:5066 -p 3478:3478 -p 3478:3478/udp b2 -h 192.168.0.130
|
||||
# Allow to have executable files in /tmp/ folder (tomcat JNA)
|
||||
mount /tmp -o remount,exec
|
||||
|
||||
while getopts ":eh:s:" opt; do
|
||||
case $opt in
|
||||
e)
|
||||
env
|
||||
exit
|
||||
;;
|
||||
h)
|
||||
HOST=$OPTARG
|
||||
;;
|
||||
s)
|
||||
SECRET=$OPTARG
|
||||
;;
|
||||
:)
|
||||
echo "Missing option argument for -$OPTARG" >&2;
|
||||
exit 1
|
||||
;;
|
||||
\?)
|
||||
echo "Invalid option: -$OPTARG" >&2
|
||||
cat<<HERE
|
||||
Docker startup script for BigBlueButton.
|
||||
./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
|
||||
sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
|
||||
|
||||
-h Hostname for BigBlueButton server
|
||||
-s Shared secret
|
||||
# Repository is broken (remove it later)
|
||||
cd /usr/local/bigbluebutton/bbb-webrtc-sfu/
|
||||
npm install --unsafe-perm
|
||||
|
||||
HERE
|
||||
exit 1
|
||||
;;
|
||||
:)
|
||||
echo "Option -$OPTARG requires an argument." >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
apt-get install -y bbb-demo && /etc/init.d/tomcat7 start
|
||||
while [ ! -f /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp ]; do sleep 1; done
|
||||
sudo /etc/init.d/tomcat7 stop
|
||||
|
||||
# In a standard BigBlueButton server you would use `bbb-conf --setip IP` to configure it listen to a given IP, but
|
||||
# we are using supervisorctl (not systemd) in, so we apply all the configuration changes before running supervisorctl at
|
||||
# the end of this script
|
||||
|
||||
|
||||
# Setup the BigBlueButton configuration files
|
||||
#
|
||||
PROTOCOL_HTTP=http
|
||||
PROTOCOL_RTMP=rtmp
|
||||
|
||||
IP=$(echo "$(LANG=c ifconfig | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^et.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')$(LANG=c ifconfig | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^en.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')" | head -n1)
|
||||
|
||||
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]/@data' --value "external_rtp_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
|
||||
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]/@data' --value "external_sip_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
|
||||
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]/@data' --value "local_ip_v4=${IP}" /opt/freeswitch/conf/vars.xml
|
||||
|
||||
if [ -f /opt/freeswitch/conf/sip_profiles/external-ipv6.xml ]; then
|
||||
mv /opt/freeswitch/conf/sip_profiles/external-ipv6.xml /opt/freeswitch/conf/sip_profiles/external-ipv6.xml_
|
||||
fi
|
||||
if [ -f /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml ]; then
|
||||
mv /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml_
|
||||
fi
|
||||
|
||||
sed -i "s/proxy_pass .*/proxy_pass $PROTOCOL_HTTP:\/\/$IP:5066;/g" /etc/bigbluebutton/nginx/sip.nginx
|
||||
|
||||
sed -i "s/http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_HTTP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
|
||||
sed -i "s/rtmp[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_RTMP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
|
||||
|
||||
sed -i "s/server_name .*/server_name $HOST;/g" /etc/nginx/sites-available/bigbluebutton
|
||||
|
||||
sed -i "s/bigbluebutton.web.serverURL=http[s]*:\/\/.*/bigbluebutton.web.serverURL=$PROTOCOL_HTTP:\/\/$HOST/g" \
|
||||
/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
|
||||
|
||||
# Update Java screen share configuration
|
||||
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties streamBaseUrl rtmp://$HOST/screenshare
|
||||
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpUrl $PROTOCOL_HTTP://$HOST/screenshare
|
||||
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpFile $PROTOCOL_HTTP://$HOST/screenshare/screenshare.jnlp
|
||||
|
||||
change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties bbb.sip.app.ip $IP
|
||||
change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties freeswitch.ip $IP
|
||||
|
||||
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoUrl "ws://$IP:8888/kurento"
|
||||
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoIp "$IP"
|
||||
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml localIpAddress "$IP"
|
||||
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml ip "$IP"
|
||||
|
||||
sed -i "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL_HTTP}:\/\/$HOST\/bigbluebutton\/api\"/g" \
|
||||
/usr/share/bbb-apps-akka/conf/application.conf
|
||||
sed -i "s/bbbWebHost[ ]*=[ ]*\"[^\"]*\"/bbbWebHost=\"$HOST\"/g" \
|
||||
/usr/share/bbb-apps-akka/conf/application.conf
|
||||
sed -i "s/deskshareip[ ]*=[ ]*\"[^\"]*\"/deskshareip=\"$HOST\"/g" \
|
||||
/usr/share/bbb-apps-akka/conf/application.conf
|
||||
sed -i "s/defaultPresentationURL[ ]*=[ ]*\"[^\"]*\"/defaultPresentationURL=\"${PROTOCOL_HTTP}:\/\/$HOST\/default.pdf\"/g" \
|
||||
/usr/share/bbb-apps-akka/conf/application.conf
|
||||
|
||||
cat > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini << HERE
|
||||
; Only IP address are supported, not domain names for addresses
|
||||
; You have to find a valid stun server. You can check if it works
|
||||
; using this tool:
|
||||
; http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
|
||||
;stunServerAddress=64.233.177.127
|
||||
;stunServerPort=19302
|
||||
|
||||
turnURL=kurento:kurento@${HOST}:3478
|
||||
|
||||
;pemCertificate is deprecated. Please use pemCertificateRSA instead
|
||||
;pemCertificate=<path>
|
||||
;pemCertificateRSA=<path>
|
||||
;pemCertificateECDSA=<path>
|
||||
HERE
|
||||
|
||||
TURN_SECRET=`openssl rand -hex 16`
|
||||
|
||||
# Configure coturn to handle incoming UDP connections
|
||||
cat > /etc/turnserver.conf << HERE
|
||||
denied-peer-ip=0.0.0.0-255.255.255.255
|
||||
allowed-peer-ip=$IP
|
||||
fingerprint
|
||||
lt-cred-mech
|
||||
use-auth-secret
|
||||
static-auth-secret=$TURN_SECRET
|
||||
user=user:password
|
||||
log-file=/var/log/turn.log
|
||||
HERE
|
||||
|
||||
# Setup tomcat7 to share the TURN server information with clients (with matching secret)
|
||||
cat > /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/spring/turn-stun-servers.xml << HERE
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
|
||||
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
|
||||
<constructor-arg index="0" value="$TURN_SECRET" />
|
||||
<constructor-arg index="1" value="turn:$HOST:3478" />
|
||||
<constructor-arg index="2" value="86400" />
|
||||
</bean>
|
||||
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
|
||||
<constructor-arg index="0" value="$TURN_SECRET" />
|
||||
<constructor-arg index="1" value="turn:$HOST:3478?transport=tcp" />
|
||||
<constructor-arg index="2" value="86400" />
|
||||
</bean>
|
||||
<bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
|
||||
<property name="stunServers">
|
||||
<set />
|
||||
</property>
|
||||
<property name="turnServers">
|
||||
<set>
|
||||
<ref bean="turn0" />
|
||||
<ref bean="turn1" />
|
||||
</set>
|
||||
</property>
|
||||
<property name="remoteIceCandidates">
|
||||
<set />
|
||||
</property>
|
||||
</bean>
|
||||
</beans>
|
||||
HERE
|
||||
|
||||
cat > /opt/freeswitch/conf/autoload_configs/acl.conf.xml << HERE
|
||||
<configuration name="acl.conf" description="Network Lists">
|
||||
<network-lists>
|
||||
<list name="domains" default="allow">
|
||||
<!-- domain= is special it scans the domain from the directory to build the ACL -->
|
||||
<node type="allow" domain="\$\${domain}"/>
|
||||
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
|
||||
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
|
||||
</list>
|
||||
|
||||
<list name="webrtc-turn" default="deny">
|
||||
<node type="allow" cidr="$IP/32"/>
|
||||
</list>
|
||||
|
||||
</network-lists>
|
||||
</configuration>
|
||||
HERE
|
||||
|
||||
|
||||
# Ensure bbb-apps-akka has the latest shared secret from bbb-web
|
||||
if [ -z "$SECRET" ]; then
|
||||
SECRET=$(cat /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | grep securitySalt | cut -d= -f2);
|
||||
else
|
||||
change_var_value /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties securitySalt $SECRET
|
||||
sed -i "s/String salt = .*/String salt = \"$SECRET\";/g" /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
|
||||
fi
|
||||
|
||||
sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
|
||||
/usr/share/bbb-apps-akka/conf/application.conf
|
||||
|
||||
sed -i "s/BigBlueButtonURL = \"http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/BigBlueButtonURL = \"$PROTOCOL_HTTP:\/\/$HOST\2/g" \
|
||||
/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
|
||||
|
||||
sed -i "s/playback_host: .*/playback_host: $HOST/g" /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
|
||||
|
||||
sed -i 's/daemonize no/daemonize yes/g' /etc/redis/redis.conf
|
||||
|
||||
sed -i "s|\"wsUrl.*|\"wsUrl\": \"ws://$HOST/bbb-webrtc-sfu\",|g" \
|
||||
/usr/share/meteor/bundle/programs/server/assets/app/config/settings-production.json
|
||||
|
||||
rm /usr/share/red5/log/sip.log
|
||||
|
||||
# Add a sleep to each recording process so we can restart with supervisord
|
||||
# (This works around the limitation that supervisord can't restart after intervals)
|
||||
sed -i 's/BigBlueButton.logger.debug("rap-archive-worker done")/sleep 20; BigBlueButton.logger.debug("rap-archive-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-archive-worker.rb
|
||||
sed -i 's/BigBlueButton.logger.debug("rap-process-worker done")/sleep 20; BigBlueButton.logger.debug("rap-process-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-process-worker.rb
|
||||
sed -i 's/BigBlueButton.logger.debug("rap-sanity-worker done")/sleep 20 ; BigBlueButton.logger.debug("rap-sanity-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-sanity-worker.rb
|
||||
sed -i 's/BigBlueButton.logger.debug("rap-publish-worker done")/sleep 20; BigBlueButton.logger.debug("rap-publish-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-publish-worker.rb
|
||||
|
||||
# Start BigBlueButton!
|
||||
#
|
||||
|
||||
export NODE_ENV=production
|
||||
|
||||
export DAEMON_LOG=/var/log/kurento-media-server
|
||||
export GST_DEBUG="3,Kurento*:4,kms*:4"
|
||||
export KURENTO_LOGS_PATH=$DAEMON_LOG
|
||||
|
||||
cat << HERE
|
||||
|
||||
BigBlueButton is now starting up. You can access the API demos here (use FireFox for WebRTC audio/video)
|
||||
|
||||
http://$HOST/demo/demo1.jsp
|
||||
|
||||
For API calls, use the following credentials
|
||||
|
||||
host: $HOST
|
||||
secret: $SECRET
|
||||
|
||||
To interactively create API calls, here's a link to configure APIMate
|
||||
|
||||
http://mconf.github.io/api-mate/#server=http://$HOST/bigbluebutton/&sharedSecret=$SECRET
|
||||
|
||||
HERE
|
||||
# Restart
|
||||
bbb-conf --restart
|
||||
|
||||
# Update files
|
||||
updatedb
|
||||
|
||||
exec /usr/bin/supervisord > /var/log/supervisord.log
|
||||
# Tell system to not run this script again
|
||||
touch /opt/docker-bbb/setup-executed
|
||||
|
||||
echo "BBB configuration completed.";
|
||||
exit 0;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user