From e247cd1a455926e25ad93edad66f6f22eaf03424 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 22 Jun 2020 23:57:59 +0200 Subject: [PATCH 01/45] updated README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4bf8daf..ca850de 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,12 @@ # BigBlueButton Docker +## Features +- Easy installation +- Greenlight included +- TURN server included +- Fully automated HTTPS certificates +- Runs on almost any major linux distributon (Debian, Ubuntu, CentOS,...) + ## Install 1. Install docker-ce & docker-compose 1. follow instructions @@ -72,7 +79,6 @@ A simple `$ git pull` resolves that, by fetching a newer version which includes ## Open Tasks - add support for recording -- add coturn - add prometheus exporter - further separate `bbb-core` into individual container - enable IPv6 support From a79e6a58606170166de531cf6c8100f128b5f085 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 23 Jun 2020 00:08:41 +0200 Subject: [PATCH 02/45] apply v2.2.18 changes --- mod/html5/Dockerfile | 4 ++-- mod/html5/settings.yml | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 3276c5c..d2394df 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -14,7 +14,7 @@ USER meteor ENV METEOR_VERSION 1.8.1 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh -ENV TAG v2.2.16 +ENV TAG v2.2.18 RUN cd ~ \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && mv ~/bigbluebutton-html5 ~/source \ @@ -51,4 +51,4 @@ USER meteor ENTRYPOINT ["/entrypoint.sh"] # lets set the tag again, so that it is include in the image for later version retrieval -ENV TAG v2.2.14 +ENV TAG v2.2.18 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index 6a4bda0..ba19f69 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -10,8 +10,8 @@ public: clientTitle: {{ .Env.CLIENT_TITLE }} appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 - copyright: "©2019 BigBlueButton Inc." - html5ClientBuild: 933 + copyright: "©2020 BigBlueButton Inc." + html5ClientBuild: 960 helpLink: https://bigbluebutton.org/html5/ lockOnJoin: true cdn: "" @@ -21,10 +21,13 @@ public: enableNetworkInformation: false enableLimitOfViewersInWebcam: false enableTalkingIndicator: true + mirrorOwnWebcam: false viewersInWebcam: 8 ipv4FallbackDomain: "" allowLogout: true allowFullscreen: true + remainingTimeThreshold: 30 + remainingTimeAlertThreshold: 1 defaultSettings: application: animations: true From 7f375832e8f3185b977fea6056cd1ab627592c08 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 23 Jun 2020 00:10:33 +0200 Subject: [PATCH 03/45] update nginx and kurento images --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ee97f2d..f044300 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,7 +38,7 @@ services: network_mode: host nginx: - image: nginx:1.18-alpine + image: nginx:1.19-alpine restart: unless-stopped depends_on: - etherpad @@ -85,7 +85,7 @@ services: ipv4_address: 10.7.7.6 kurento: - image: kurento/kurento-media-server:6.13.2 + image: kurento/kurento-media-server:6.14 restart: unless-stopped environment: KMS_STUN_IP: ${STUN_IP} From 38dbfa8528d41ddab84905b7a9d191497ee08299 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 23 Jun 2020 00:21:24 +0200 Subject: [PATCH 04/45] SIP port access for allowlist only --- docker-compose.yml | 2 ++ mod/freeswitch/Dockerfile | 3 ++- mod/freeswitch/entrypoint.sh | 15 +++++++++++++++ sample.env | 6 ++++++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index f044300..fa540db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -32,6 +32,8 @@ services: environment: DOMAIN: ${DOMAIN} EXTERNAL_IP: ${EXTERNAL_IP} + SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} + NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} volumes: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index fb3bf26..5b8cf95 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -49,7 +49,8 @@ RUN apt-get update && apt-get install -y \ freeswitch-mod-spandsp \ freeswitch-mod-tone-stream \ freeswitch-mod-verto \ - freeswitch-sounds-en-us-callie + freeswitch-sounds-en-us-callie \ + iptables # Potentially missing # (included in bbb-freeswitch-core but not referenced in https://github.com/bigbluebutton/bigbluebutton/issues/9064) diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh index 05dcec4..780e2ab 100755 --- a/mod/freeswitch/entrypoint.sh +++ b/mod/freeswitch/entrypoint.sh @@ -1,5 +1,20 @@ #!/bin/bash +# remove all SIP (port 5060) iptable rules +iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D + +# block requests to 5060 (tcp/udp) +iptables -A INPUT -i "$NETWORK_INTERFACE" -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT +iptables -A INPUT -i "$NETWORK_INTERFACE" -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT + +# allow some IPs +IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST" +for IP in "${ADDR[@]}"; do + # process "$i" + echo "allow port 5060/udp for $IP" + iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT +done + dockerize \ -template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \ /usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf diff --git a/sample.env b/sample.env index d4157b8..f822b3f 100644 --- a/sample.env +++ b/sample.env @@ -47,6 +47,12 @@ STUN_PORT=3478 #TURN_SERVER=turns:turn.example.com:443?transport=tcp #TURN_SECRET= +# Allowed SIP IPs +# due to high traffic caused by bots, by default the SIP port is blocked. +# but you can allow access by your providers IP or IP ranges (comma seperated) +# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0 +SIP_IP_ALLOWLIST= + # ==================================== # CUSTOMIZATION From ad6075b6cace616703e227a7d9ef28b9cbea887f Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 30 Jun 2020 22:32:08 +0200 Subject: [PATCH 05/45] Move tasks to github issues --- README.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/README.md b/README.md index ca850de..5e36771 100644 --- a/README.md +++ b/README.md @@ -76,11 +76,3 @@ A simple `$ git pull` resolves that, by fetching a newer version which includes ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. - -## Open Tasks -- add support for recording -- add prometheus exporter -- further separate `bbb-core` into individual container -- enable IPv6 support -- switch `html5` to node v12 -- drop root privileges in `webrtc-sfu` \ No newline at end of file From e0d019d999fb11b08d0e62c72a39e631ac7e139a Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 30 Jun 2020 18:07:15 +0200 Subject: [PATCH 06/45] add missing guest-wait.html --- mod/nginx/bbb/client.nginx | 4 ++ mod/nginx/bbb/guest-wait.html | 81 +++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 mod/nginx/bbb/client.nginx create mode 100644 mod/nginx/bbb/guest-wait.html diff --git a/mod/nginx/bbb/client.nginx b/mod/nginx/bbb/client.nginx new file mode 100644 index 0000000..2a4e787 --- /dev/null +++ b/mod/nginx/bbb/client.nginx @@ -0,0 +1,4 @@ +location = /client/guest-wait.html { + alias /etc/nginx/bbb/guest-wait.html; +} + diff --git a/mod/nginx/bbb/guest-wait.html b/mod/nginx/bbb/guest-wait.html new file mode 100644 index 0000000..c1c4b53 --- /dev/null +++ b/mod/nginx/bbb/guest-wait.html @@ -0,0 +1,81 @@ + + + + + Guest Lobby + + + + + + + + +
+

Please wait for a moderator to approve you joining the meeting.

+
+ + + From 8b921bc624fd2fb3fdc3465974067615c1ef7c52 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 30 Jun 2020 19:44:20 +0200 Subject: [PATCH 07/45] add webhooks --- docker-compose.webhooks.yml | 13 +++++++ mod/nginx/bbb/webhooks.nginx | 9 +++++ mod/webhooks/Dockerfile | 26 ++++++++++++++ mod/webhooks/config.yml | 67 ++++++++++++++++++++++++++++++++++++ mod/webhooks/entrypoint.sh | 9 +++++ sample.env | 3 ++ scripts/compose | 4 +++ 7 files changed, 131 insertions(+) create mode 100644 docker-compose.webhooks.yml create mode 100644 mod/nginx/bbb/webhooks.nginx create mode 100644 mod/webhooks/Dockerfile create mode 100644 mod/webhooks/config.yml create mode 100755 mod/webhooks/entrypoint.sh diff --git a/docker-compose.webhooks.yml b/docker-compose.webhooks.yml new file mode 100644 index 0000000..b7ed70b --- /dev/null +++ b/docker-compose.webhooks.yml @@ -0,0 +1,13 @@ +version: '3.6' +services: + webhooks: + build: mod/webhooks + restart: unless-stopped + environment: + DOMAIN: ${DOMAIN} + SHARED_SECRET: ${SHARED_SECRET} + extra_hosts: + - "redis:10.7.7.5" + networks: + bbb-net: + ipv4_address: 10.7.7.15 \ No newline at end of file diff --git a/mod/nginx/bbb/webhooks.nginx b/mod/nginx/bbb/webhooks.nginx new file mode 100644 index 0000000..533fc84 --- /dev/null +++ b/mod/nginx/bbb/webhooks.nginx @@ -0,0 +1,9 @@ +# Pass to the webhooks app all requests made to the webhooks API. +location /bigbluebutton/api/hooks { + proxy_pass http://10.7.7.15:3005; + proxy_redirect default; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; +} diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile new file mode 100644 index 0000000..ecfbee1 --- /dev/null +++ b/mod/webhooks/Dockerfile @@ -0,0 +1,26 @@ +FROM node:12-alpine + +# download dockerize +ENV DOCKERIZE_VERSION v0.6.1 +RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ + && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ + && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ + && apk add subversion \ + && mkdir /app \ + && adduser -D -u 2002 -g webhooks webhooks \ + && chown webhooks:webhooks /app + +USER webhooks + + +ENV TAG v2.2.19 +RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \ + && rm -rf /app/.svn \ + && cd /app && npm install --production + +COPY entrypoint.sh /entrypoint.sh +COPY config.yml /app/config/default.yml.tmpl + +ENTRYPOINT /entrypoint.sh + + diff --git a/mod/webhooks/config.yml b/mod/webhooks/config.yml new file mode 100644 index 0000000..56cdc7e --- /dev/null +++ b/mod/webhooks/config.yml @@ -0,0 +1,67 @@ +# Shared secret of your BigBlueButton server. +bbb: + serverDomain: {{ .Env.DOMAIN }} + sharedSecret: {{ .Env.SHARED_SECRET }} + # Whether to use Auth2.0 or not, Auth2.0 sends the sharedSecret whithin an Authorization header as a bearer + auth2_0: true + apiPath: /bigbluebutton/api + +# The port in which the API server will run. +server: + port: 3005 + +# Web hooks configs +hooks: + channels: + - from-akka-apps-redis-channel + - from-bbb-web-redis-channel + - from-akka-apps-chat-redis-channel + - bigbluebutton:from-bbb-apps:meeting + - bigbluebutton:from-bbb-apps:users + - bigbluebutton:from-bbb-apps:chat + - bigbluebutton:from-rap + # IP where permanent hook will post data (more than 1 URL means more than 1 permanent hook) + permanentURLs: [] + # How many messages will be enqueued to be processed at the same time + queueSize: 10000 + # Allow permanent hooks to receive raw message, which is the message straight from BBB + getRaw: false + # If set to higher than 1, will send events on the format: + # "event=[{event1},{event2}],timestamp=000" or "[{event1},{event2}]" (based on using auth2_0 or not) + # when there are more than 1 event on the queue at the moment of processing the queue. + multiEvent: 1 + # Retry intervals for failed attempts for perform callback calls. + # In ms. Totals to around 5min. + retryIntervals: + - 100 + - 500 + - 1000 + - 2000 + - 4000 + - 8000 + - 10000 + - 30000 + - 60000 + - 60000 + - 60000 + - 60000 + # Reset permanent interval when exceeding maximum attemps + permanentIntervalReset: 8 + +# Mappings of internal to external meeting IDs +mappings: + cleanupInterval: 10000 # 10 secs, in ms + timeout: 86400000 # 24 hours, in ms + +# Redis +redis: + host: redis + port: 6379 + keys: + hookPrefix: bigbluebutton:webhooks:hook + hooks: bigbluebutton:webhooks:hooks + mappings: bigbluebutton:webhooks:mappings + mappingPrefix: bigbluebutton:webhooks:mapping + eventsPrefix: bigbluebutton:webhooks:events + userMaps: bigbluebutton:webhooks:userMaps + userMapPrefix: bigbluebutton:webhooks:userMap \ No newline at end of file diff --git a/mod/webhooks/entrypoint.sh b/mod/webhooks/entrypoint.sh new file mode 100755 index 0000000..79131c2 --- /dev/null +++ b/mod/webhooks/entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +export NODE_ENV=production +cd /app +dockerize \ + -wait tcp://redis:6379 \ + -template /app/config/default.yml.tmpl:/app/config/default.yml \ + node app.js + diff --git a/sample.env b/sample.env index f822b3f..7482387 100644 --- a/sample.env +++ b/sample.env @@ -15,6 +15,9 @@ ENABLE_COTURN=true # https://docs.bigbluebutton.org/greenlight/gl-overview.html ENABLE_GREENLIGHT=true +# Enable Webhooks +# used by some integrations +#ENABLE_WEBHOOKS=true # ==================================== # SECRETS diff --git a/scripts/compose b/scripts/compose index 357df59..220c416 100755 --- a/scripts/compose +++ b/scripts/compose @@ -24,4 +24,8 @@ if [ "$ENABLE_GREENLIGHT" == true ]; then COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.greenlight.yml" fi +if [ "$ENABLE_WEBHOOKS" == true ]; then + COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.webhooks.yml" +fi + docker-compose $COMPOSE_FILES $@ From 5f1a9da90de5336de1036db7809ee01983ab91ee Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 10 Jul 2020 22:53:56 +0200 Subject: [PATCH 08/45] apply v2.2.20 changes --- mod/html5/Dockerfile | 4 ++-- mod/html5/settings.yml | 13 ++++++++++++- mod/webhooks/Dockerfile | 2 +- mod/webhooks/config.yml | 3 +++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index d2394df..31def3a 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -14,7 +14,7 @@ USER meteor ENV METEOR_VERSION 1.8.1 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh -ENV TAG v2.2.18 +ENV TAG v2.2.20 RUN cd ~ \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && mv ~/bigbluebutton-html5 ~/source \ @@ -51,4 +51,4 @@ USER meteor ENTRYPOINT ["/entrypoint.sh"] # lets set the tag again, so that it is include in the image for later version retrieval -ENV TAG v2.2.18 +ENV TAG v2.2.20 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index ba19f69..cd9136f 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -11,7 +11,7 @@ public: appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 copyright: "©2020 BigBlueButton Inc." - html5ClientBuild: 960 + html5ClientBuild: 968 helpLink: https://bigbluebutton.org/html5/ lockOnJoin: true cdn: "" @@ -86,6 +86,16 @@ public: packetLostThreshold: 10 kurento: wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu + # Valid for video-provider. Time (ms) before its WS connection times out + # and tries to reconnect. + wsConnectionTimeout: 4000 + cameraTimeouts: + # Base camera timeout: used as the camera *sharing* timeout and + # as the minimum camera subscribe reconnection timeout + baseTimeout: 15000 + # Max timeout: used as the max camera subscribe reconnection timeout. Each + # subscribe reattempt increases the reconnection timer up to this + maxTimeout: 60000 chromeDefaultExtensionKey: akgoaoikmbmhcopjgakkcepdgdgkjfbc chromeDefaultExtensionLink: https://chrome.google.com/webstore/detail/bigbluebutton-screenshare/akgoaoikmbmhcopjgakkcepdgdgkjfbc chromeExtensionKey: KEY @@ -190,6 +200,7 @@ public: callHangupMaximumRetries: 10 echoTestNumber: 'echo' relayOnlyOnReconnect: false + listenOnlyCallTimeout: 15000 presentation: defaultPresentationFile: default.pdf panZoomThrottle: 32 diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index ecfbee1..36b1019 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -13,7 +13,7 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI USER webhooks -ENV TAG v2.2.19 +ENV TAG v2.2.20 RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \ && rm -rf /app/.svn \ && cd /app && npm install --production diff --git a/mod/webhooks/config.yml b/mod/webhooks/config.yml index 56cdc7e..ae51d64 100644 --- a/mod/webhooks/config.yml +++ b/mod/webhooks/config.yml @@ -47,6 +47,8 @@ hooks: - 60000 # Reset permanent interval when exceeding maximum attemps permanentIntervalReset: 8 + # Hook's request module timeout for socket conn establishment and/or responses (ms) + requestTimeout: 5000 # Mappings of internal to external meeting IDs mappings: @@ -64,4 +66,5 @@ redis: mappingPrefix: bigbluebutton:webhooks:mapping eventsPrefix: bigbluebutton:webhooks:events userMaps: bigbluebutton:webhooks:userMaps + userMapPrefix: bigbluebutton:webhooks:userMap userMapPrefix: bigbluebutton:webhooks:userMap \ No newline at end of file From 060f08e68cd0fa30cf10331bcb01890e984e3e08 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 12 Jul 2020 19:15:40 +0200 Subject: [PATCH 09/45] initial IPv6 support --- docker-compose.coturn.yml | 2 +- docker-compose.yml | 15 ++++++++------- .../conf/sip_profiles/external-ipv6.xml | 4 ---- mod/freeswitch/conf/vars.xml.tmpl | 6 +++--- mod/nginx/bbb/sip.nginx | 2 +- mod/nginx/bigbluebutton | 10 ++++++++-- sample.env | 6 ++++-- scripts/setup | 16 ++++++++++++---- scripts/upgrade | 1 + 9 files changed, 38 insertions(+), 24 deletions(-) delete mode 100644 mod/freeswitch/conf/sip_profiles/external-ipv6.xml diff --git a/docker-compose.coturn.yml b/docker-compose.coturn.yml index e50708d..0e65a57 100644 --- a/docker-compose.coturn.yml +++ b/docker-compose.coturn.yml @@ -4,7 +4,7 @@ services: image: instrumentisto/coturn:4.5 restart: unless-stopped command: - - "--external-ip=${EXTERNAL_IP}" + - "--external-ip=${EXTERNAL_IPv4}" - "--static-auth-secret=${TURN_SECRET}" volumes: - ssl_data:/etc/resty-auto-ssl diff --git a/docker-compose.yml b/docker-compose.yml index fa540db..1d3e887 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,7 +31,7 @@ services: - SYS_RESOURCE environment: DOMAIN: ${DOMAIN} - EXTERNAL_IP: ${EXTERNAL_IP} + EXTERNAL_IPv4: ${EXTERNAL_IPv4} SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} volumes: @@ -53,11 +53,13 @@ services: - ./mod/nginx/bbb:/etc/nginx/bbb - ./mod/nginx/bigbluebutton:/etc/nginx/conf.d/default.conf - ${DEFAULT_PRESENTATION:-/dev/null}:/etc/nginx/html/default.pdf - networks: - bbb-net: - ipv4_address: 10.7.7.13 + network_mode: host extra_hosts: - "host.docker.internal:10.7.7.1" + - "core:10.7.7.2" + - "etherpad:10.7.7.4" + - "webrtc-sfu:10.7.7.10" + - "html5:10.7.7.11" etherpad: build: mod/etherpad @@ -94,7 +96,6 @@ services: KMS_STUN_PORT: ${STUN_PORT} KMS_MIN_PORT: 24577 KMS_MAX_PORT: 32768 - KMS_EXTERNAL_ADDRESS: ${EXTERNAL_IP} KMS_TURN_URL: KMS_NETWORK_INTERFACES: ${NETWORK_INTERFACE:-} network_mode: host @@ -113,10 +114,10 @@ services: KURENTO_NAME: kurento REDIS_HOST: redis FREESWITCH_IP: host.docker.internal - FREESWITCH_SIP_IP: ${EXTERNAL_IP} + FREESWITCH_SIP_IP: ${EXTERNAL_IPv4} ESL_IP: host.docker.internal LOG_LEVEL: info - NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IP}","url":"ws://kurento:8888/kurento"}]}' + NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IPv4}","url":"ws://kurento:8888/kurento"}]}' ports: - "127.0.0.1:3008:3008" extra_hosts: diff --git a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml b/mod/freeswitch/conf/sip_profiles/external-ipv6.xml deleted file mode 100644 index a01b6cd..0000000 --- a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml +++ /dev/null @@ -1,4 +0,0 @@ - \ No newline at end of file diff --git a/mod/freeswitch/conf/vars.xml.tmpl b/mod/freeswitch/conf/vars.xml.tmpl index 04ef431..d95bffc 100644 --- a/mod/freeswitch/conf/vars.xml.tmpl +++ b/mod/freeswitch/conf/vars.xml.tmpl @@ -60,7 +60,7 @@ --> - + @@ -300,7 +300,7 @@ If unspecified, the bind_server_ip value is used. Used by: sofia.conf.xml dingaling.conf.xml --> - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mod/freeswitch/conf/vars.xml.tmpl b/mod/freeswitch/conf/vars.xml.tmpl index d95bffc..e8a070f 100644 --- a/mod/freeswitch/conf/vars.xml.tmpl +++ b/mod/freeswitch/conf/vars.xml.tmpl @@ -60,7 +60,8 @@ --> - + + diff --git a/sample.env b/sample.env index 1c3fe88..6a7c89e 100644 --- a/sample.env +++ b/sample.env @@ -33,6 +33,7 @@ RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c DOMAIN=bbb.example.com EXTERNAL_IPv4=144.76.97.10 +EXTERNAL_IPv6= # setting the network interface speeds up kurentos WebRTC connection time, # but currently also disables IPv6 for Kurento From c412619d403363a803fe9c681eae390020f6fb5d Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 13 Jul 2020 17:22:31 +0200 Subject: [PATCH 11/45] ipv6: conditional proxy target --- docker-compose.https.yml | 6 ++---- mod/https/site.conf | 28 ++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 mod/https/site.conf diff --git a/docker-compose.https.yml b/docker-compose.https.yml index cf0ca3a..3f01cdd 100644 --- a/docker-compose.https.yml +++ b/docker-compose.https.yml @@ -3,14 +3,12 @@ services: https_proxy: image: valian/docker-nginx-auto-ssl restart: unless-stopped - ports: - - 80:80 - - 443:443 volumes: - ssl_data:/etc/resty-auto-ssl + - ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf environment: ALLOWED_DOMAINS: ${DOMAIN} - SITES: ${DOMAIN}=10.7.7.1:8080 + network_mode: host volumes: ssl_data: diff --git a/mod/https/site.conf b/mod/https/site.conf new file mode 100644 index 0000000..a144563 --- /dev/null +++ b/mod/https/site.conf @@ -0,0 +1,28 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +map $remote_addr $endpoint_addr { + "~:" [::1]; + default 127.0.0.1; +} + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name _; + + include resty-server-https.conf; + + location / { + proxy_http_version 1.1; + proxy_pass http://$endpoint_addr:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_cache_bypass $http_upgrade; + } +} From 2bea8f2de7235330fdfaaf050234b92541ca914e Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 13 Jul 2020 17:40:55 +0200 Subject: [PATCH 12/45] ipv6: small variable updates --- README.md | 1 + docker-compose.yml | 5 ++--- mod/freeswitch/entrypoint.sh | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5e36771..249c126 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ - TURN server included - Fully automated HTTPS certificates - Runs on almost any major linux distributon (Debian, Ubuntu, CentOS,...) +- Full IPv6 support ## Install 1. Install docker-ce & docker-compose diff --git a/docker-compose.yml b/docker-compose.yml index 6effb5b..a7a1916 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -32,9 +32,8 @@ services: environment: DOMAIN: ${DOMAIN} EXTERNAL_IPv4: ${EXTERNAL_IPv4} - EXTERNAL_IPv6: ${EXTERNAL_IPv6} - SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} - NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} + EXTERNAL_IPv6: ${EXTERNAL_IPv6:-::1} + SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST:-} volumes: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh index 780e2ab..75cce30 100755 --- a/mod/freeswitch/entrypoint.sh +++ b/mod/freeswitch/entrypoint.sh @@ -4,8 +4,8 @@ iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D # block requests to 5060 (tcp/udp) -iptables -A INPUT -i "$NETWORK_INTERFACE" -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT -iptables -A INPUT -i "$NETWORK_INTERFACE" -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT +iptables -A INPUT -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT +iptables -A INPUT -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT # allow some IPs IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST" From 3e5b3d8a740430ac0642efaa15b14e3b16cec06f Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 13 Jul 2020 17:52:14 +0200 Subject: [PATCH 13/45] ipv6: setup script --- scripts/setup | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/scripts/setup b/scripts/setup index 8b874a4..d57e013 100755 --- a/scripts/setup +++ b/scripts/setup @@ -20,6 +20,7 @@ fi EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com) +EXTERNAL_IPv6=$(curl -6 -s https://icanhazip.com || true) greenlight="" while [[ ! $greenlight =~ ^(y|n)$ ]]; do @@ -57,12 +58,20 @@ then done fi -if [ ! "$ip_correct" == "y" ] +if [ -n "$EXTERNAL_IPv6" ] then - EXTERNAL_IP="" - while [[ ! $EXTERNAL_IP =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do - read -p "Please enter correct IPv4 address: " EXTERNAL_IP + ip_correct="" + while [[ ! $ip_correct =~ ^(y|n)$ ]]; do + read -p "Is $EXTERNAL_IPv6 your external IPv6 address? (y/n): " ip_correct done + + if [ ! "$ip_correct" == "y" ] + then + EXTERNAL_IPv6="" + while [[ ! $EXTERNAL_IPv6 =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do + read -p "Please enter correct IPv6 address: " EXTERNAL_IPv6 + done + fi fi @@ -70,6 +79,7 @@ fi # write settings cp sample.env .env sed -i "s/EXTERNAL_IPv4=.*/EXTERNAL_IPv4=$EXTERNAL_IPv4/" .env +sed -i "s/EXTERNAL_IPv6=.*/EXTERNAL_IPv6=$EXTERNAL_IPv6/" .env sed -i "s/DOMAIN=.*/DOMAIN=$DOMAIN/" .env if [ ! "$greenlight" == "y" ] From 81a024a8e69bab597476c323b26bb8507005ed83 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 13 Jul 2020 17:52:31 +0200 Subject: [PATCH 14/45] ipv6: fix for broken 302 redirect locations --- mod/nginx/bigbluebutton | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index c5c819b..51623b9 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -8,7 +8,8 @@ server { listen [::]:8080 default_server; server_name _; access_log /dev/stdout; - + absolute_redirect off; + # redirect to greenlight location = / { return 302 /b; From 5e8a1ca91b5779e77521ead7de83022d1ad6e965 Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Thu, 9 Jul 2020 19:44:39 +0200 Subject: [PATCH 15/45] + paragraph "Install bbb-docker into Apache setup" --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/README.md b/README.md index 5e36771..0dae6fe 100644 --- a/README.md +++ b/README.md @@ -74,5 +74,37 @@ If you're on an old version, you might get following error: \ `no such file or directory: ./scripts/upgrade` \ A simple `$ git pull` resolves that, by fetching a newer version which includes the upgrade script. +## How to integrate into an existing Apache setup + +Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web Server may be already in use. + +You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. + +1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. +> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton using Apache features. Please notice that you will not be able to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file which is created after completion of the setup script. +2. Now all the Docker containers should be running. BigBlueButton listens to port 8080. Create a virtual host on Apache by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the _https_ virtual host. It is suggested to add some directives to the _http_ virtual host to redirect all requests to the _https_ one, for example: +``` +RewriteEngine On +RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] +``` +Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. +3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules if they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. +4. Add the following directives to the _https_ virtual host named `bbb.example.com`: +``` +ProxyPreserveHost On + +RewriteEngine On +RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] +RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] +RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] + + + Require all granted + ProxyPass http://127.0.0.1:8080/ + ProxyPassReverse http://127.0.0.1:8080/ + +``` +5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to access to it. The APIs will be accessible through `https://bbb.example.com/bigbluebutton`. + ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. From f5edf9d2559c8b1b907441dc66552df51d3597e3 Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 01:16:06 +0200 Subject: [PATCH 16/45] Minor changes --- README.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0dae6fe..4f9adbe 100644 --- a/README.md +++ b/README.md @@ -81,15 +81,14 @@ Since the non-dockerized version of BigBlueButton has [many requirements](https: You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. 1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. -> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton using Apache features. Please notice that you will not be able to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file which is created after completion of the setup script. -2. Now all the Docker containers should be running. BigBlueButton listens to port 8080. Create a virtual host on Apache by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the _https_ virtual host. It is suggested to add some directives to the _http_ virtual host to redirect all requests to the _https_ one, for example: +> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that you will not be able to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. +2. Now all the Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: ``` RewriteEngine On RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] ``` -Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. -3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules if they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. -4. Add the following directives to the _https_ virtual host named `bbb.example.com`: +3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. +4. Add the following directives to the _https_ virtual host `bbb.example.com`: ``` ProxyPreserveHost On @@ -104,7 +103,7 @@ RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] ProxyPassReverse http://127.0.0.1:8080/ ``` -5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to access to it. The APIs will be accessible through `https://bbb.example.com/bigbluebutton`. +5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton`. ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. From b6180f4fbda12c98fbfe503390f9c08aeb9968f2 Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 01:22:18 +0200 Subject: [PATCH 17/45] Minor changes 2 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4f9adbe..409df3f 100644 --- a/README.md +++ b/README.md @@ -81,8 +81,8 @@ Since the non-dockerized version of BigBlueButton has [many requirements](https: You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. 1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. -> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that you will not be able to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. -2. Now all the Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: +> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. +2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: ``` RewriteEngine On RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] From eca12ba71346e257c10984c85ecf3ddc2cdb8000 Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 01:24:08 +0200 Subject: [PATCH 18/45] Minor changes 3 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 409df3f..a8f0702 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] ProxyPassReverse http://127.0.0.1:8080/ ``` -5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton`. +5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. From 9dbea2947f26a2dbb1751a3c3d90ca9ebb713028 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 10 Jul 2020 11:28:33 +0200 Subject: [PATCH 19/45] swap out instructions into a docs folder --- README.md | 73 +++-------------------------------------- docs/behind-nat.md | 14 ++++++++ docs/existing-apache.md | 30 +++++++++++++++++ docs/upgrading.md | 21 ++++++++++++ 4 files changed, 69 insertions(+), 69 deletions(-) create mode 100644 docs/behind-nat.md create mode 100644 docs/existing-apache.md create mode 100644 docs/upgrading.md diff --git a/README.md b/README.md index a8f0702..f3128ef 100644 --- a/README.md +++ b/README.md @@ -35,75 +35,10 @@ $ ./scripts/compose exec greenlight bundle exec rake admin:create ``` - - - - -## Note if you use a Firewall / NAT -Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface. - -##### Temporary way (until next reboot) -``` -$ ip addr add 144.76.97.34/32 dev ens3 -``` - -##### Permanent way -Specific to your linux distribution. Use a search engine of your choice. ;) - -### Ports -Also don't forget to forward all necassary ports listed in http://docs.bigbluebutton.org/2.2/configure-firewall.html - - -## Upgrading - -```bash -cd bbb-docker - -# if you use greenlight: -# create a database backup -docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql - -# upgrade! -./scripts/upgrade - -# restart updated services -./scripts/compose up -d -``` - -If you're on an old version, you might get following error: \ -`no such file or directory: ./scripts/upgrade` \ -A simple `$ git pull` resolves that, by fetching a newer version which includes the upgrade script. - -## How to integrate into an existing Apache setup - -Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web Server may be already in use. - -You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. - -1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. -> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. -2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: -``` -RewriteEngine On -RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] -``` -3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. -4. Add the following directives to the _https_ virtual host `bbb.example.com`: -``` -ProxyPreserveHost On - -RewriteEngine On -RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] -RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] -RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] - - - Require all granted - ProxyPass http://127.0.0.1:8080/ - ProxyPassReverse http://127.0.0.1:8080/ - -``` -5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. +## How-To's +- [Upgrade](docs/upgrading.md) +- [Behind NAT](docs/behind-nat.md) +- [Integration into an existing Apache setup](docs/existing-apache.md) ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. diff --git a/docs/behind-nat.md b/docs/behind-nat.md new file mode 100644 index 0000000..3453aad --- /dev/null +++ b/docs/behind-nat.md @@ -0,0 +1,14 @@ +# Note if you use a Firewall / NAT +Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface. + +#### Temporary way (until next reboot) +``` +$ ip addr add 144.76.97.34/32 dev ens3 +``` + +#### Permanent way +Specific to your linux distribution. Use a search engine of your choice. ;) + +## Ports +Also don't forget to forward all necassary ports listed in http://docs.bigbluebutton.org/2.2/configure-firewall.html + diff --git a/docs/existing-apache.md b/docs/existing-apache.md new file mode 100644 index 0000000..8577349 --- /dev/null +++ b/docs/existing-apache.md @@ -0,0 +1,30 @@ +# How to integrate into an existing Apache setup + +Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web Server may be already in use. + +You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. + +1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. +> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. +2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: +``` +RewriteEngine On +RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] +``` +3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. +4. Add the following directives to the _https_ virtual host `bbb.example.com`: +``` +ProxyPreserveHost On + +RewriteEngine On +RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] +RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] +RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] + + + Require all granted + ProxyPass http://127.0.0.1:8080/ + ProxyPassReverse http://127.0.0.1:8080/ + +``` +5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. diff --git a/docs/upgrading.md b/docs/upgrading.md new file mode 100644 index 0000000..f3a2bc5 --- /dev/null +++ b/docs/upgrading.md @@ -0,0 +1,21 @@ +# How To Upgrade bbb-docker + +## Backup +if you use greenlight, create a database backup first +```bash +docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql +``` + +## Upgrading +```bash +# upgrade! +./scripts/upgrade + +# restart updated services +./scripts/compose up -d +``` + + +## "no such file or directory: ./scripts/upgrade" +If you're on an old version, you might get this error. +A simple `$ git pull` resolves that, by fetching a newer version which includes the upgrade script. From 6776c6d75c1328d211daf01c8873e529d7484cdd Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 12:33:47 +0200 Subject: [PATCH 20/45] Generalized for all existing Web servers --- docs/existing-apache.md | 30 ------------------------------ docs/existing-web-server.md | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 30 deletions(-) delete mode 100644 docs/existing-apache.md create mode 100644 docs/existing-web-server.md diff --git a/docs/existing-apache.md b/docs/existing-apache.md deleted file mode 100644 index 8577349..0000000 --- a/docs/existing-apache.md +++ /dev/null @@ -1,30 +0,0 @@ -# How to integrate into an existing Apache setup - -Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web Server may be already in use. - -You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. If your server is running Apache, the following steps are an example of how to set up a working configuration. - -1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. -> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using Apache features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. -2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. On Apache, create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one, for example: -``` -RewriteEngine On -RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R] -``` -3. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. -4. Add the following directives to the _https_ virtual host `bbb.example.com`: -``` -ProxyPreserveHost On - -RewriteEngine On -RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] -RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] -RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] - - - Require all granted - ProxyPass http://127.0.0.1:8080/ - ProxyPassReverse http://127.0.0.1:8080/ - -``` -5. After restarting Apache, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md new file mode 100644 index 0000000..92caa00 --- /dev/null +++ b/docs/existing-web-server.md @@ -0,0 +1,34 @@ +# How to integrate into an existing Web server setup + +Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web server may be already in use. + +You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy. + +> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using your Web server features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script. + +## Installation +1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`. +2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one. + +At this point, choose one of the following sections according to which Web server you're running ([Apache](#integration-with-apache)). + +Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. + +## Integration with Apache +1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. +2. Add the following directives to the _https_ virtual host `bbb.example.com`: +``` +ProxyPreserveHost On + +RewriteEngine On +RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] +RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] +RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] + + + Require all granted + ProxyPass http://127.0.0.1:8080/ + ProxyPassReverse http://127.0.0.1:8080/ + +``` +3. Restart Apache: `service apache2 restart`. From a35669f175cbab1adc1eb829a85c069f0f58b5ac Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 12:37:02 +0200 Subject: [PATCH 21/45] Minor changes --- docs/existing-web-server.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md index 92caa00..1b1de5c 100644 --- a/docs/existing-web-server.md +++ b/docs/existing-web-server.md @@ -15,7 +15,8 @@ At this point, choose one of the following sections according to which Web serve Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. ## Integration with Apache -1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: `sudo a2enmod proxy rewrite proxy_http proxy_wstunnel`. +1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: +```sudo a2enmod proxy rewrite proxy_http proxy_wstunnel``` 2. Add the following directives to the _https_ virtual host `bbb.example.com`: ``` ProxyPreserveHost On @@ -31,4 +32,5 @@ RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] ProxyPassReverse http://127.0.0.1:8080/ ``` -3. Restart Apache: `service apache2 restart`. +3. Restart Apache: +```service apache2 restart``` From 6b7e228c1623fbf520ef7b742f43444946558f2c Mon Sep 17 00:00:00 2001 From: Giorgio Senatore <63369966+senatoregiorgio@users.noreply.github.com> Date: Fri, 10 Jul 2020 12:39:12 +0200 Subject: [PATCH 22/45] Minor changes 2 --- docs/existing-web-server.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md index 1b1de5c..7fb8cdf 100644 --- a/docs/existing-web-server.md +++ b/docs/existing-web-server.md @@ -16,7 +16,9 @@ Eventually, BigBlueButton should be publicly accessible on `https://bbb.example. ## Integration with Apache 1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: -```sudo a2enmod proxy rewrite proxy_http proxy_wstunnel``` +``` +sudo a2enmod proxy rewrite proxy_http proxy_wstunnel +``` 2. Add the following directives to the _https_ virtual host `bbb.example.com`: ``` ProxyPreserveHost On @@ -33,4 +35,6 @@ RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L] ``` 3. Restart Apache: -```service apache2 restart``` +``` +service apache2 restart +``` From bdc0f6f6402767537ceda6bec1c1f21444916256 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 13 Jul 2020 18:06:43 +0200 Subject: [PATCH 23/45] fix link and nginx note --- README.md | 2 +- docs/existing-web-server.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3128ef..9d5ad39 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ ## How-To's - [Upgrade](docs/upgrading.md) - [Behind NAT](docs/behind-nat.md) -- [Integration into an existing Apache setup](docs/existing-apache.md) +- [Integration into an existing web server](docs/existing-web-server.md) ## Special thanks to - @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs. diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md index 7fb8cdf..d4f4f33 100644 --- a/docs/existing-web-server.md +++ b/docs/existing-web-server.md @@ -14,6 +14,9 @@ At this point, choose one of the following sections according to which Web serve Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`. +## Integration with nginx +> *Not written yet. can you imagine writing down some instructions?* + ## Integration with Apache 1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled: ``` From 8292fbae607e02aab4aec4844bc9214c1553dddc Mon Sep 17 00:00:00 2001 From: cjhille Date: Mon, 13 Jul 2020 16:34:09 +0200 Subject: [PATCH 24/45] expose more BBB settings in .env file --- docker-compose.yml | 8 ++++++++ mod/core/web/bigbluebutton.properties | 2 +- mod/freeswitch/entrypoint.sh | 5 +++++ mod/html5/settings.yml | 12 ++++++------ sample.env | 22 ++++++++++++++++++++++ scripts/compose | 4 ++-- 6 files changed, 44 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index fa540db..ed73cc2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: environment: DOMAIN: ${DOMAIN} SHARED_SECRET: ${SHARED_SECRET} + WELCOME_MESSAGE: ${WELCOME_MESSAGE} WELCOME_FOOTER: ${WELCOME_FOOTER} STUN_SERVER: stun:${STUN_IP}:${STUN_PORT} TURN_SERVER: ${TURN_SERVER:-} @@ -34,6 +35,7 @@ services: EXTERNAL_IP: ${EXTERNAL_IP} SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} + REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS: ${REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS} volumes: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker @@ -137,6 +139,12 @@ services: DOMAIN: ${DOMAIN} CLIENT_TITLE: ${CLIENT_TITLE} ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} + LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE} + SKIP_CHECK: ${SKIP_CHECK} + AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM} + SKIP_VIDEO_PREVIEW: ${SKIP_VIDEO_PREVIEW} + CHAT_ENABLED: ${CHAT_ENABLED} + CHAT_START_CLOSED: ${CHAT_START_CLOSED} networks: bbb-net: ipv4_address: 10.7.7.11 diff --git a/mod/core/web/bigbluebutton.properties b/mod/core/web/bigbluebutton.properties index 03b2575..5791073 100644 --- a/mod/core/web/bigbluebutton.properties +++ b/mod/core/web/bigbluebutton.properties @@ -146,7 +146,7 @@ defaultGuestPolicy=ALWAYS_ACCEPT # # native2ascii -encoding UTF8 bigbluebutton.properties bigbluebutton.properties # -defaultWelcomeMessage=Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others. +defaultWelcomeMessage={{ .Env.WELCOME_MESSAGE }} defaultWelcomeMessageFooter={{ .Env.WELCOME_FOOTER }} # Default maximum number of users a meeting can have. diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh index 780e2ab..84a59ce 100755 --- a/mod/freeswitch/entrypoint.sh +++ b/mod/freeswitch/entrypoint.sh @@ -15,6 +15,11 @@ for IP in "${ADDR[@]}"; do iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT done +# remove English audio annoucements +if [ "$REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS" == 'true' ]; then + rm -rf /usr/share/freeswitch/sounds/en/us/callie/conference/ +fi + dockerize \ -template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \ /usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index cd9136f..e0327ac 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -4,9 +4,9 @@ public: desktopFontSize: 14px audioChatNotification: false autoJoin: true - listenOnlyMode: true + listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} forceListenOnly: false - skipCheck: false + skipCheck: {{ .Env.SKIP_CHECK }} clientTitle: {{ .Env.CLIENT_TITLE }} appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 @@ -137,8 +137,8 @@ public: enableVideoStats: false enableVideoMenu: true enableListenOnly: true - autoShareWebcam: false - skipVideoPreview: false + autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} + skipVideoPreview: {{ .Env.SKIP_VIDEO_PREVIEW }} pingPong: clearUsersInSeconds: 180 pongTimeInSeconds: 15 @@ -159,8 +159,8 @@ public: lines: 2 time: 5000 chat: - enabled: true - startClosed: false + enabled: {{ .Env.CHAT_ENABLED }} + startClosed: {{ .Env.CHAT_START_CLOSED }} min_message_length: 1 max_message_length: 5000 grouping_messages_window: 10000 diff --git a/sample.env b/sample.env index 7482387..a0ff418 100644 --- a/sample.env +++ b/sample.env @@ -63,6 +63,8 @@ SIP_IP_ALLOWLIST= CLIENT_TITLE=BigBlueButton +# use following lines to replace the default welcome message and footer +WELCOME_MESSAGE=Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others. WELCOME_FOOTER=This server is running BigBlueButton. # use following line for an additional SIP dial-in message @@ -72,6 +74,26 @@ WELCOME_FOOTER=This server is running Date: Mon, 13 Jul 2020 16:34:43 +0200 Subject: [PATCH 25/45] fix webhooks --- mod/webhooks/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/mod/webhooks/config.yml b/mod/webhooks/config.yml index ae51d64..9f6f632 100644 --- a/mod/webhooks/config.yml +++ b/mod/webhooks/config.yml @@ -66,5 +66,4 @@ redis: mappingPrefix: bigbluebutton:webhooks:mapping eventsPrefix: bigbluebutton:webhooks:events userMaps: bigbluebutton:webhooks:userMaps - userMapPrefix: bigbluebutton:webhooks:userMap userMapPrefix: bigbluebutton:webhooks:userMap \ No newline at end of file From 7b9b7845485eefc8187f5c3fa4c0f055dd116940 Mon Sep 17 00:00:00 2001 From: chandi Date: Sat, 18 Jul 2020 19:12:19 +0200 Subject: [PATCH 26/45] change how announcement disabling is archived --- docker-compose.yml | 3 +- .../autoload_configs/conference.conf.xml.tmpl | 284 ++++++++++++++++++ mod/freeswitch/entrypoint.sh | 6 +- sample.env | 7 +- 4 files changed, 292 insertions(+), 8 deletions(-) create mode 100644 mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl diff --git a/docker-compose.yml b/docker-compose.yml index ed73cc2..1b5a0e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,7 +35,8 @@ services: EXTERNAL_IP: ${EXTERNAL_IP} SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST} NETWORK_INTERFACE: ${NETWORK_INTERFACE:-} - REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS: ${REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS} + DISABLE_SOUND_MUTED: ${DISABLE_SOUND_MUTED:-false} + DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false} volumes: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker diff --git a/mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl b/mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl new file mode 100644 index 0000000..516b2c7 --- /dev/null +++ b/mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl @@ -0,0 +1,284 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {{if not (isTrue .Env.DISABLE_SOUND_MUTED) }} + + + {{end}} + {{if not (isTrue .Env.DISABLE_SOUND_ALONE) }} + + {{end}} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh index 84a59ce..bde349a 100755 --- a/mod/freeswitch/entrypoint.sh +++ b/mod/freeswitch/entrypoint.sh @@ -15,11 +15,7 @@ for IP in "${ADDR[@]}"; do iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT done -# remove English audio annoucements -if [ "$REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS" == 'true' ]; then - rm -rf /usr/share/freeswitch/sounds/en/us/callie/conference/ -fi - dockerize \ -template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \ + -template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \ /usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf diff --git a/sample.env b/sample.env index a0ff418..a8a5d82 100644 --- a/sample.env +++ b/sample.env @@ -92,8 +92,11 @@ CHAT_ENABLED=true # set to true to start chat closed CHAT_START_CLOSED=false -# set to true to remove the English audio announcements from freeswitch, e.g. "You are the only person in this conference" -REMOVE_ENGLISH_FREESWITCH_AUDIO_ANNOUNCEMENS=false +# set to true to disable announcements "You are now (un-)muted" +DISABLE_SOUND_MUTED=false + +# set to true to disable announcement "You are the only person in this conference" +DISABLE_SOUND_ALONE=false # ==================================== # GREENLIGHT CONFIGURATION From 1ee27758eee9f4cea3942d896987501b143c4444 Mon Sep 17 00:00:00 2001 From: chandi Date: Sat, 18 Jul 2020 19:13:29 +0200 Subject: [PATCH 27/45] default envrionment variables and more understandable names --- docker-compose.yml | 14 +++++++------- mod/html5/settings.yml | 4 ++-- sample.env | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1b5a0e2..8e54324 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: environment: DOMAIN: ${DOMAIN} SHARED_SECRET: ${SHARED_SECRET} - WELCOME_MESSAGE: ${WELCOME_MESSAGE} + WELCOME_MESSAGE: ${WELCOME_MESSAGE:-} WELCOME_FOOTER: ${WELCOME_FOOTER} STUN_SERVER: stun:${STUN_IP}:${STUN_PORT} TURN_SERVER: ${TURN_SERVER:-} @@ -140,12 +140,12 @@ services: DOMAIN: ${DOMAIN} CLIENT_TITLE: ${CLIENT_TITLE} ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} - LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE} - SKIP_CHECK: ${SKIP_CHECK} - AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM} - SKIP_VIDEO_PREVIEW: ${SKIP_VIDEO_PREVIEW} - CHAT_ENABLED: ${CHAT_ENABLED} - CHAT_START_CLOSED: ${CHAT_START_CLOSED} + LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true} + DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false} + AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false} + DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false} + CHAT_ENABLED: ${CHAT_ENABLED:-true} + CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false} networks: bbb-net: ipv4_address: 10.7.7.11 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index e0327ac..f85505c 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -6,7 +6,7 @@ public: autoJoin: true listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} forceListenOnly: false - skipCheck: {{ .Env.SKIP_CHECK }} + skipCheck: {{ .Env.DISABLE_ECHO_TEST }} clientTitle: {{ .Env.CLIENT_TITLE }} appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 @@ -138,7 +138,7 @@ public: enableVideoMenu: true enableListenOnly: true autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} - skipVideoPreview: {{ .Env.SKIP_VIDEO_PREVIEW }} + skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }} pingPong: clearUsersInSeconds: 180 pongTimeInSeconds: 15 diff --git a/sample.env b/sample.env index a8a5d82..d6c4717 100644 --- a/sample.env +++ b/sample.env @@ -78,13 +78,13 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf LISTEN_ONLY_MODE=true # set to true to disable echo test -SKIP_CHECK=false +DISABLE_ECHO_TEST=false # set to true to automatically share webcam AUTO_SHARE_WEBCAM=false # set to true to disable video preview for webcam sharing -SKIP_VIDEO_PREVIEW=false +DISABLE_VIDEO_PREVIEW=false # set to false to disable chat CHAT_ENABLED=true From d1ed3f7549e2be3e2542a28531a167bce95c84db Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 21 Jul 2020 17:22:58 +0200 Subject: [PATCH 28/45] ipv6: fix for wrong target ipv4 --- mod/nginx/bigbluebutton | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index 51623b9..78f54c9 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -1,6 +1,6 @@ map $remote_addr $freeswitch_addr { "~:" [::1]; - default 127.0.0.1; + default 10.7.7.1; } server { From 4e97de7cb7a2608fe2ca245f0d05b7106d06e4f1 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 21 Jul 2020 17:23:08 +0200 Subject: [PATCH 29/45] ipv6: coturn support --- docker-compose.coturn.yml | 3 ++- mod/coturn/turnserver.conf | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docker-compose.coturn.yml b/docker-compose.coturn.yml index 0e65a57..6485378 100644 --- a/docker-compose.coturn.yml +++ b/docker-compose.coturn.yml @@ -4,7 +4,8 @@ services: image: instrumentisto/coturn:4.5 restart: unless-stopped command: - - "--external-ip=${EXTERNAL_IPv4}" + - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}" + - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - "--static-auth-secret=${TURN_SECRET}" volumes: - ssl_data:/etc/resty-auto-ssl diff --git a/mod/coturn/turnserver.conf b/mod/coturn/turnserver.conf index 832897e..ddb8111 100644 --- a/mod/coturn/turnserver.conf +++ b/mod/coturn/turnserver.conf @@ -60,4 +60,12 @@ no-tlsv1 no-tlsv1_1 # To enable single filename logs you need to enable the simple-log flag -syslog \ No newline at end of file +syslog + + +# Allocate Address Family according +# If enabled then TURN server allocates address family according the TURN +# Client <=> Server communication address family. +# (By default Coturn works according RFC 6156.) +# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! +keep-address-family From 2deb3a008c4c19e57dc41cda22caefff224258d4 Mon Sep 17 00:00:00 2001 From: chandi Date: Wed, 22 Jul 2020 00:39:28 +0200 Subject: [PATCH 30/45] add development mode --- docker-compose.yml | 2 ++ mod/core/web/bigbluebutton.properties | 4 ++++ mod/html5/entrypoint.sh | 5 +++++ 3 files changed, 11 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 130ee20..c124ac7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,7 @@ services: depends_on: - redis environment: + DEV_MODE: ${DEV_MODE:-} DOMAIN: ${DOMAIN} SHARED_SECRET: ${SHARED_SECRET} WELCOME_MESSAGE: ${WELCOME_MESSAGE:-} @@ -147,6 +148,7 @@ services: DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false} CHAT_ENABLED: ${CHAT_ENABLED:-true} CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false} + DEV_MODE: ${DEV_MODE:-} networks: bbb-net: ipv4_address: 10.7.7.11 diff --git a/mod/core/web/bigbluebutton.properties b/mod/core/web/bigbluebutton.properties index 5791073..2af6d9f 100644 --- a/mod/core/web/bigbluebutton.properties +++ b/mod/core/web/bigbluebutton.properties @@ -297,7 +297,11 @@ beans.presentationService.testPresentationName=appkonference # Uploaded presentation file beans.presentationService.testUploadedPresentation=appkonference.txt # Default Uploaded presentation file +{{ if isTrue .Env.DEV_MODE }} +beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf +{{else}} beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf +{{end}} presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation diff --git a/mod/html5/entrypoint.sh b/mod/html5/entrypoint.sh index 08be159..4bbb8d7 100755 --- a/mod/html5/entrypoint.sh +++ b/mod/html5/entrypoint.sh @@ -8,6 +8,11 @@ export ENVIRONMENT_TYPE=production export PORT=3000 export LANG=en_US.UTF-8 +if [ "$DEV_MODE" == true ]; then + echo "DEV_MODE=true, disable TLS certificate rejecting" + export NODE_TLS_REJECT_UNAUTHORIZED=0 +fi + rm -f /app/programs/server/assets/app/config/settings.yml dockerize \ -template /app/programs/server/assets/app/config/settings.yml.tmpl:/app/programs/server/assets/app/config/settings.yml \ From 65abffea4d892d3717fab019e4c23ed7da073cf9 Mon Sep 17 00:00:00 2001 From: chandi Date: Wed, 22 Jul 2020 00:57:51 +0200 Subject: [PATCH 31/45] development instructions --- docs/development.md | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 docs/development.md diff --git a/docs/development.md b/docs/development.md new file mode 100644 index 0000000..4a72642 --- /dev/null +++ b/docs/development.md @@ -0,0 +1,45 @@ +# bbb-docker Development + +## Running +you can run bbb-docker locally without any certificate issues with following `.env` configurations: + +``` +DEV_MODE=true + +ENABLE_HTTPS_PROXY=true +#ENABLE_COTURN=true +#ENABLE_GREENLIGHT=true +#ENABLE_WEBHOOKS=true + +DOMAIN=10.7.7.1 +EXTERNAL_IP=10.7.7.1 +STUN_IP=216.93.246.18 +STUN_PORT=3478 +TURN_SERVER=turns:localhost:465?transport=tcp + +TURN_SECRET=SuperTurnSecret +SHARED_SECRET=SuperSecret +ETHERPAD_API_KEY=SuperEtherpadKey +RAILS_SECRET=SuperRailsSecret + +# ==================================== +# CUSTOMIZATION +# ==================================== + +[... add rest of sample.env here ...] +``` + +- you can than start it with \ + `$ ./scripts/compose up -d` +- view the logs with \ + `$ ./scripts/compose logs -f` +- and access the API via \ + https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret + * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_ + +## Changes +- After doing some changes you usually must... + * rebuild the image(s): \ + `$ ./scripts/compose build [containername]` + * restart changes image(s): \ + `$ ./scripts/compose up -d` \ No newline at end of file From 656ace609670990954df80f5d917ca89002e5b4e Mon Sep 17 00:00:00 2001 From: chandi Date: Wed, 22 Jul 2020 23:02:50 +0200 Subject: [PATCH 32/45] devmode: disable lets encrypt, greenlight support --- docker-compose.greenlight.yml | 2 +- docker-compose.https.yml | 2 +- scripts/compose | 5 +++++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docker-compose.greenlight.yml b/docker-compose.greenlight.yml index 018ca9c..3c03908 100644 --- a/docker-compose.greenlight.yml +++ b/docker-compose.greenlight.yml @@ -12,7 +12,7 @@ services: DB_NAME: greenlight DB_USERNAME: postgres DB_PASSWORD: password - BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/ + BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/ BIGBLUEBUTTON_SECRET: ${SHARED_SECRET} SECRET_KEY_BASE: ${RAILS_SECRET} ports: diff --git a/docker-compose.https.yml b/docker-compose.https.yml index 3f01cdd..6abc6ec 100644 --- a/docker-compose.https.yml +++ b/docker-compose.https.yml @@ -7,7 +7,7 @@ services: - ssl_data:/etc/resty-auto-ssl - ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf environment: - ALLOWED_DOMAINS: ${DOMAIN} + ALLOWED_DOMAINS: ${CERTIFICATE_DOMAINS} network_mode: host volumes: diff --git a/scripts/compose b/scripts/compose index 7661339..b2ecb46 100755 --- a/scripts/compose +++ b/scripts/compose @@ -10,6 +10,11 @@ then export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs) fi +export CERTIFICATE_DOMAINS=$DOMAIN +if [ "$DEV_MODE" == true ]; then + export CERTIFICATE_DOMAINS="invalid" +fi + # concatenate docker-compose file COMPOSE_FILES="-f docker-compose.yml" if [ "$ENABLE_HTTPS_PROXY" == true ]; then From 64c904119e6af56008655fb2e06201352fbcf6df Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 24 Jul 2020 19:08:17 +0200 Subject: [PATCH 33/45] added prometheus bigbluebutton-exporter --- docker-compose.prometheus.yml | 15 +++++++++++++++ mod/nginx/bbb/bbb-exporter.nginx | 4 ++++ sample.env | 5 +++++ scripts/compose | 4 ++++ 4 files changed, 28 insertions(+) create mode 100644 docker-compose.prometheus.yml create mode 100644 mod/nginx/bbb/bbb-exporter.nginx diff --git a/docker-compose.prometheus.yml b/docker-compose.prometheus.yml new file mode 100644 index 0000000..ab8d57d --- /dev/null +++ b/docker-compose.prometheus.yml @@ -0,0 +1,15 @@ +version: '3.6' + +services: + prometheus-exporter: + image: greenstatic/bigbluebutton-exporter:v0.5.0 + restart: unless-stopped + environment: + API_BASE_URL: http://10.7.7.1:8080/bigbluebutton/api/ + API_SECRET: ${SHARED_SECRET} + RECORDINGS_METRICS_READ_FROM_DISK: "false" + networks: + bbb-net: + ipv4_address: 10.7.7.33 + # volumes: + # - bigbluebutton:/var/bigbluebutton \ No newline at end of file diff --git a/mod/nginx/bbb/bbb-exporter.nginx b/mod/nginx/bbb/bbb-exporter.nginx new file mode 100644 index 0000000..2a2be48 --- /dev/null +++ b/mod/nginx/bbb/bbb-exporter.nginx @@ -0,0 +1,4 @@ +location /bbb-exporter { + proxy_pass http://10.7.7.33:9688; + proxy_http_version 1.1; +} \ No newline at end of file diff --git a/sample.env b/sample.env index e14e57d..46e6280 100644 --- a/sample.env +++ b/sample.env @@ -19,6 +19,11 @@ ENABLE_GREENLIGHT=true # used by some integrations #ENABLE_WEBHOOKS=true +# Prometheus Exporter +# serves the bigbluebutton-exporter under following URL: +# https://yourdomain/bbb-exporter +#ENABLE_PROMETHEUS_EXPORTER=true + # ==================================== # SECRETS # ==================================== diff --git a/scripts/compose b/scripts/compose index b2ecb46..f8421e9 100755 --- a/scripts/compose +++ b/scripts/compose @@ -33,4 +33,8 @@ if [ "$ENABLE_WEBHOOKS" == true ]; then COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.webhooks.yml" fi +if [ "$ENABLE_PROMETHEUS_EXPORTER" == true ]; then + COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.prometheus.yml" +fi + docker-compose $COMPOSE_FILES $@ From 02856103d7db7470aa283c4448dcb7832c36649c Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 27 Jul 2020 18:45:04 +0200 Subject: [PATCH 34/45] devmode: fix wrong redirect by greenlight in non-devmode --- docker-compose.greenlight.yml | 2 +- scripts/compose | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.greenlight.yml b/docker-compose.greenlight.yml index 3c03908..0ca79fa 100644 --- a/docker-compose.greenlight.yml +++ b/docker-compose.greenlight.yml @@ -12,7 +12,7 @@ services: DB_NAME: greenlight DB_USERNAME: postgres DB_PASSWORD: password - BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/ + BIGBLUEBUTTON_ENDPOINT: ${GREENLIGHT_ENDPOINT} BIGBLUEBUTTON_SECRET: ${SHARED_SECRET} SECRET_KEY_BASE: ${RAILS_SECRET} ports: diff --git a/scripts/compose b/scripts/compose index f8421e9..ce47189 100755 --- a/scripts/compose +++ b/scripts/compose @@ -11,8 +11,10 @@ then fi export CERTIFICATE_DOMAINS=$DOMAIN +export GREENLIGHT_ENDPOINT=https://$DOMAIN/bigbluebutton/api/ if [ "$DEV_MODE" == true ]; then export CERTIFICATE_DOMAINS="invalid" + export GREENLIGHT_ENDPOINT=http://10.7.7.1:8080/bigbluebutton/api/ fi # concatenate docker-compose file From 0d52b6def6ebc7fdc4493041028cb8c2105ae654 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 12:07:03 +0200 Subject: [PATCH 35/45] apply v2.2.21 changes --- mod/html5/Dockerfile | 4 ++-- mod/html5/settings.yml | 2 +- mod/nginx/bbb/notes.nginx | 26 +++++++++++++++++++++----- mod/nginx/bbb/sip.nginx | 3 +++ sample.env | 6 +++--- 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 31def3a..2897746 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -14,7 +14,7 @@ USER meteor ENV METEOR_VERSION 1.8.1 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh -ENV TAG v2.2.20 +ENV TAG v2.2.21 RUN cd ~ \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && mv ~/bigbluebutton-html5 ~/source \ @@ -51,4 +51,4 @@ USER meteor ENTRYPOINT ["/entrypoint.sh"] # lets set the tag again, so that it is include in the image for later version retrieval -ENV TAG v2.2.20 +ENV TAG v2.2.21 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index f85505c..02f04ca 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -11,7 +11,7 @@ public: appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 copyright: "©2020 BigBlueButton Inc." - html5ClientBuild: 968 + html5ClientBuild: 980 helpLink: https://bigbluebutton.org/html5/ lockOnJoin: true cdn: "" diff --git a/mod/nginx/bbb/notes.nginx b/mod/nginx/bbb/notes.nginx index 6a1b0ce..17f1e43 100644 --- a/mod/nginx/bbb/notes.nginx +++ b/mod/nginx/bbb/notes.nginx @@ -1,15 +1,21 @@ # https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy -location ~ "^\/pad\/p\/(\w+)$" { - rewrite /pad/(.*) /$1 break; - rewrite ^/pad$ /pad/ permanent; +location /pad/p/ { + rewrite /pad/p/(.*) /p/$1 break; + rewrite ^/pad/p$ /pad/p/ permanent; proxy_pass http://etherpad:9001; proxy_pass_header Server; proxy_redirect / /pad; proxy_set_header Host $host; proxy_buffering off; - auth_request /bigbluebutton/connection/checkAuthorization; - auth_request_set $auth_status $upstream_status; + # there is currently no viable source for building the + # bbb-etherpad including sesstiontokens which got introduced in v2.2.21 + # https://github.com/bigbluebutton/bigbluebutton/issues/10159 + # + # We disable the authentication for now. + + # auth_request /bigbluebutton/connection/checkAuthorization; + # auth_request_set $auth_status $upstream_status; } location /pad { @@ -22,6 +28,13 @@ location /pad { proxy_buffering off; } +location /pad/socket.io/socket.io.js { + rewrite /pad/socket.io/socket.io.js /socket.io/socket.io.js break; + proxy_pass http://etherpad:9001/; + proxy_set_header Host $host; + proxy_buffering off; +} + location /pad/socket.io { rewrite /pad/socket.io/(.*) /socket.io/$1 break; proxy_pass http://etherpad:9001/; @@ -36,6 +49,9 @@ location /pad/socket.io { # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + + # auth_request /bigbluebutton/connection/checkAuthorization; + # auth_request_set $auth_status $upstream_status; } location /static { diff --git a/mod/nginx/bbb/sip.nginx b/mod/nginx/bbb/sip.nginx index 4cd05c0..ee4993e 100644 --- a/mod/nginx/bbb/sip.nginx +++ b/mod/nginx/bbb/sip.nginx @@ -9,4 +9,7 @@ location /ws { proxy_send_timeout 6h; client_body_timeout 6h; send_timeout 6h; + + auth_request /bigbluebutton/connection/checkAuthorization; + auth_request_set $auth_status $upstream_status; } \ No newline at end of file diff --git a/sample.env b/sample.env index 46e6280..8782e2a 100644 --- a/sample.env +++ b/sample.env @@ -72,11 +72,11 @@ SIP_IP_ALLOWLIST= CLIENT_TITLE=BigBlueButton # use following lines to replace the default welcome message and footer -WELCOME_MESSAGE=Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others. -WELCOME_FOOTER=This server is running BigBlueButton. +WELCOME_MESSAGE=Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others. +WELCOME_FOOTER=This server is running BigBlueButton. # use following line for an additional SIP dial-in message -#WELCOME_FOOTER=This server is running BigBlueButton.

To join this meeting by phone, dial:
INSERT_YOUR_PHONE_NUMBER_HERE
Then enter %%CONFNUM%% as the conference PIN number. +#WELCOME_FOOTER=This server is running BigBlueButton.

To join this meeting by phone, dial:
INSERT_YOUR_PHONE_NUMBER_HERE
Then enter %%CONFNUM%% as the conference PIN number. # for a different default presentation, place the pdf file in ./conf/ and # adjust the following path From 6d6d42b27f19f70e3a121dfd21d0c36c673b5a0e Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 12:11:34 +0200 Subject: [PATCH 36/45] core: only rebuild on changes --- mod/core/Dockerfile | 6 +++++- scripts/upgrade | 12 +++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/mod/core/Dockerfile b/mod/core/Dockerfile index d755859..06b52a3 100644 --- a/mod/core/Dockerfile +++ b/mod/core/Dockerfile @@ -28,7 +28,7 @@ RUN apt-get install -y supervisor apt-transport-https equivs libreoffice haveged # bbb repo & packages RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:bigbluebutton/support RUN sh -c 'wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -' \ - && sh -c 'echo "deb https://packages-eu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list' + && sh -c 'echo "deb https://ubuntu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list' # create dummy packages to satisfy dependencies RUN equivs-control redis-server.control \ @@ -37,6 +37,10 @@ RUN equivs-control redis-server.control \ && dpkg -i /*.deb \ && rm /*.deb +# this variable is not used, but it triggers +# rebuilding from here on if changed +ENV VERSION v2.2.21 + RUN apt-get update && apt-get install -y bbb-web \ bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka bbb-apps \ bbb-apps-video bbb-apps-screenshare bbb-apps-video-broadcast diff --git a/scripts/upgrade b/scripts/upgrade index f223130..07bdb12 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,6 +13,9 @@ then RESTARTED=1 ./scripts/upgrade else + # update changed environment variable + sed -i 's/EXTERNAL_IP=/EXTERNAL_IPv4=/' .env + echo "" echo "# pull newest bbb-webrtc-sfu" git submodule update --remote @@ -25,13 +28,8 @@ else echo "" echo "# rebuild images" - # rebuild core without caching, since the deb-packages might have changed - ./scripts/compose build --pull --no-cache core - - # rebuild everything else only when modified - ./scripts/compose build --pull - - sed -i 's/EXTERNAL_IP=/EXTERNAL_IPv4=/' .env + # rebuild everything which got modified + ./scripts/compose build --pull COMMIT_HASH=$(git rev-parse --short HEAD) BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) From d123b163e635974d278ad8f820485715e76bd069 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 12:12:13 +0200 Subject: [PATCH 37/45] ipv6: warning if EXTERNAL_IPv4 is missing --- scripts/compose | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/compose b/scripts/compose index ce47189..f246ac2 100755 --- a/scripts/compose +++ b/scripts/compose @@ -10,6 +10,18 @@ then export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs) fi +# check for non-optional environment variables, +# which got introduced later and may miss in existing +# .env files during upgrades +if [ -z "$EXTERNAL_IPv4" ]; then + echo "ERROR: EXTERNAL_IPv4 is not set in .env" + echo "BBB won't work without it." + echo "this can happen if you did an manual upgrade without executing" + echo " ./scripts/upgrade" + echo "try to run it again" + exit 1 +fi + export CERTIFICATE_DOMAINS=$DOMAIN export GREENLIGHT_ENDPOINT=https://$DOMAIN/bigbluebutton/api/ if [ "$DEV_MODE" == true ]; then From 8956a60b3b0ab85a75df7c0cb735028560df6b5b Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 12:12:36 +0200 Subject: [PATCH 38/45] ipv6: disable IPv6 if no IP is set --- docker-compose.https.yml | 2 +- mod/https/site-ipv4only.conf | 23 +++++++++++++++++++++++ scripts/compose | 6 ++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 mod/https/site-ipv4only.conf diff --git a/docker-compose.https.yml b/docker-compose.https.yml index 6abc6ec..4ed824f 100644 --- a/docker-compose.https.yml +++ b/docker-compose.https.yml @@ -5,7 +5,7 @@ services: restart: unless-stopped volumes: - ssl_data:/etc/resty-auto-ssl - - ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf + - ./mod/https/${HTTPS_SITE_FILE}:/etc/nginx/conf.d/bbb-docker.conf environment: ALLOWED_DOMAINS: ${CERTIFICATE_DOMAINS} network_mode: host diff --git a/mod/https/site-ipv4only.conf b/mod/https/site-ipv4only.conf new file mode 100644 index 0000000..4c335e1 --- /dev/null +++ b/mod/https/site-ipv4only.conf @@ -0,0 +1,23 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 443 ssl http2 default_server; + server_name _; + + include resty-server-https.conf; + + location / { + proxy_http_version 1.1; + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_cache_bypass $http_upgrade; + } +} diff --git a/scripts/compose b/scripts/compose index f246ac2..7d9d785 100755 --- a/scripts/compose +++ b/scripts/compose @@ -22,12 +22,18 @@ if [ -z "$EXTERNAL_IPv4" ]; then exit 1 fi +# set conditional variables export CERTIFICATE_DOMAINS=$DOMAIN export GREENLIGHT_ENDPOINT=https://$DOMAIN/bigbluebutton/api/ if [ "$DEV_MODE" == true ]; then export CERTIFICATE_DOMAINS="invalid" export GREENLIGHT_ENDPOINT=http://10.7.7.1:8080/bigbluebutton/api/ fi +if [ ! -z "$EXTERNAL_IPv6" ]; then + export HTTPS_SITE_FILE="site.conf" +else + export HTTPS_SITE_FILE="site-ipv4only.conf" +fi # concatenate docker-compose file COMPOSE_FILES="-f docker-compose.yml" From 8b2eb9a1773a14ca6c5acde088384cf4614bb6b4 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 13:02:00 +0200 Subject: [PATCH 39/45] ipv6: always serve https --- mod/https/site-ipv4only.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mod/https/site-ipv4only.conf b/mod/https/site-ipv4only.conf index 4c335e1..f5c21fb 100644 --- a/mod/https/site-ipv4only.conf +++ b/mod/https/site-ipv4only.conf @@ -5,6 +5,11 @@ map $http_upgrade $connection_upgrade { server { listen 443 ssl http2 default_server; + + # we at still serve https via IPv6 for the + # case that an AAAA record is set. + listen [::]:443 ssl http2 default_server; + server_name _; include resty-server-https.conf; From 56cbd6b4d3f72b756fd9550925d738a16c445380 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 30 Jul 2020 14:13:46 +0200 Subject: [PATCH 40/45] docs: add development link --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 72a5183..5eafa02 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ ## How-To's - [Upgrade](docs/upgrading.md) - [Behind NAT](docs/behind-nat.md) +- [BBB-Docker Development](docs/development.md) - [Integration into an existing web server](docs/existing-web-server.md) ## Special thanks to From 2b28bac2fe7d969b41ea66c13cce2f23e4687075 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 31 Jul 2020 09:42:23 +0200 Subject: [PATCH 41/45] setup: working IPv6 regex and less strict IPv4 regex --- scripts/setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/setup b/scripts/setup index d57e013..d04e93c 100755 --- a/scripts/setup +++ b/scripts/setup @@ -53,7 +53,7 @@ done if [ ! "$ip_correct" == "y" ] then EXTERNAL_IPv4="" - while [[ ! $EXTERNAL_IPv4 =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do + while [[ ! $EXTERNAL_IPv4 =~ ^[1-9][0-9]{0,2}\.[0-9]{0,3}\.[0-9]{0,3}\.[1-9][0-9]{0,2}$ ]]; do read -p "Please enter correct IPv4 address: " EXTERNAL_IPv4 done fi @@ -68,7 +68,7 @@ then if [ ! "$ip_correct" == "y" ] then EXTERNAL_IPv6="" - while [[ ! $EXTERNAL_IPv6 =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do + while [[ ! $EXTERNAL_IPv6 =~ ^[0-9a-z:]{3,39}$ ]]; do read -p "Please enter correct IPv6 address: " EXTERNAL_IPv6 done fi From 0ff4d22457053cc2d5fb8aa1a1034f1ebe791b80 Mon Sep 17 00:00:00 2001 From: chandi Date: Wed, 12 Aug 2020 18:08:07 +0200 Subject: [PATCH 42/45] apply v2.2.22 changes --- mod/core/Dockerfile | 2 +- mod/html5/Dockerfile | 4 ++-- mod/html5/settings.yml | 48 ++++++++++++++++++++++++++++++++++++--- mod/nginx/bbb/notes.nginx | 3 +++ 4 files changed, 51 insertions(+), 6 deletions(-) diff --git a/mod/core/Dockerfile b/mod/core/Dockerfile index 06b52a3..c00024b 100644 --- a/mod/core/Dockerfile +++ b/mod/core/Dockerfile @@ -39,7 +39,7 @@ RUN equivs-control redis-server.control \ # this variable is not used, but it triggers # rebuilding from here on if changed -ENV VERSION v2.2.21 +ENV VERSION v2.2.22 RUN apt-get update && apt-get install -y bbb-web \ bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka bbb-apps \ diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 2897746..96d1e7b 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -14,7 +14,7 @@ USER meteor ENV METEOR_VERSION 1.8.1 RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh -ENV TAG v2.2.21 +ENV TAG v2.2.22 RUN cd ~ \ && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \ && mv ~/bigbluebutton-html5 ~/source \ @@ -51,4 +51,4 @@ USER meteor ENTRYPOINT ["/entrypoint.sh"] # lets set the tag again, so that it is include in the image for later version retrieval -ENV TAG v2.2.21 +ENV TAG v2.2.22 diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index 02f04ca..2cdbc10 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -11,7 +11,7 @@ public: appName: BigBlueButton HTML5 Client bbbServerVersion: 2.2 copyright: "©2020 BigBlueButton Inc." - html5ClientBuild: 980 + html5ClientBuild: 992 helpLink: https://bigbluebutton.org/html5/ lockOnJoin: true cdn: "" @@ -20,6 +20,7 @@ public: allowUserLookup: false enableNetworkInformation: false enableLimitOfViewersInWebcam: false + enableMultipleCameras: false enableTalkingIndicator: true mirrorOwnWebcam: false viewersInWebcam: 8 @@ -115,7 +116,49 @@ public: - window - screen firefoxScreenshareSource: window + # cameraProfiles is an array of: + # - id: profile identifier + # name: human-readable profile name + # bitrate + # hidden: whether this profile will be hidden in the video preview dropdown + # constraints: a video media constraints dictionary (without the video key) cameraProfiles: + - id: low-u30 + name: low-u30 + bitrate: 30 + hidden: true + constraints: + frameRate: 3 + - id: low-u25 + name: low-u25 + bitrate: 40 + hidden: true + constraints: + frameRate: 3 + - id: low-u20 + name: low-u20 + bitrate: 50 + hidden: true + constraints: + frameRate: 5 + - id: low-u15 + name: low-u15 + bitrate: 70 + hidden: true + constraints: + frameRate: 8 + - id: low-u12 + name: low-u12 + bitrate: 90 + hidden: true + constraints: + frameRate: 10 + - id: low-u8 + name: low-u8 + bitrate: 100 + hidden: true + constraints: + frameRate: 10 - id: low name: Low quality default: false @@ -134,7 +177,6 @@ public: bitrate: 800 enableScreensharing: true enableVideo: true - enableVideoStats: false enableVideoMenu: true enableListenOnly: true autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} @@ -184,7 +226,7 @@ public: config: showLineNumbers: false showChat: false - noColors: false + noColors: true showControls: true rtl: false layout: diff --git a/mod/nginx/bbb/notes.nginx b/mod/nginx/bbb/notes.nginx index 17f1e43..ea8705d 100644 --- a/mod/nginx/bbb/notes.nginx +++ b/mod/nginx/bbb/notes.nginx @@ -8,6 +8,9 @@ location /pad/p/ { proxy_set_header Host $host; proxy_buffering off; + proxy_set_header X-Forwarded-Proto https; # for EP to set secure cookie flag when https is used + proxy_http_version 1.1; + # there is currently no viable source for building the # bbb-etherpad including sesstiontokens which got introduced in v2.2.21 # https://github.com/bigbluebutton/bigbluebutton/issues/10159 From ffb326ecd6e172139d7ec508cc9537485661fa1e Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 13 Aug 2020 11:00:09 +0200 Subject: [PATCH 43/45] adding accidently missing cameraQualityThresholds --- mod/html5/settings.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml index 2cdbc10..2f0b247 100644 --- a/mod/html5/settings.yml +++ b/mod/html5/settings.yml @@ -181,6 +181,25 @@ public: enableListenOnly: true autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }} + # Entry `thresholds` is an array of: + # - threshold: minimum number of cameras being shared for profile to applied + # profile: a camera profile id from the cameraProfiles configuration array + # that will be applied to all cameras when threshold is hit + cameraQualityThresholds: + enabled: false + thresholds: + - threshold: 8 + profile: low-u8 + - threshold: 12 + profile: low-u12 + - threshold: 15 + profile: low-u15 + - threshold: 20 + profile: low-u20 + - threshold: 25 + profile: low-u25 + - threshold: 30 + profile: low-u30 pingPong: clearUsersInSeconds: 180 pongTimeInSeconds: 15 From 5735258202b68e78ab8823099722f9aad661e4b9 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 13 Aug 2020 11:04:46 +0200 Subject: [PATCH 44/45] disable endless growing fresswitch logfiles. logs are still getting written to stdout/stderr and therefore collected by docker. --- mod/freeswitch/Dockerfile | 1 - .../conf/autoload_configs/modules.conf.xml | 144 ++++++++++++++++++ 2 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 mod/freeswitch/conf/autoload_configs/modules.conf.xml diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index 5b8cf95..a15c4fc 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -35,7 +35,6 @@ RUN apt-get update && apt-get install -y \ freeswitch-mod-hash \ freeswitch-mod-httapi \ freeswitch-mod-local-stream \ - freeswitch-mod-logfile \ freeswitch-mod-loopback \ freeswitch-mod-lua \ freeswitch-mod-native-file \ diff --git a/mod/freeswitch/conf/autoload_configs/modules.conf.xml b/mod/freeswitch/conf/autoload_configs/modules.conf.xml new file mode 100644 index 0000000..d99e78a --- /dev/null +++ b/mod/freeswitch/conf/autoload_configs/modules.conf.xml @@ -0,0 +1,144 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 688f25065595c4a8a4fe9caac5560f87d8872fb4 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 14 Aug 2020 12:26:40 +0200 Subject: [PATCH 45/45] switch to much smaller bbb-exporter version 0.5.1 --- docker-compose.prometheus.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.prometheus.yml b/docker-compose.prometheus.yml index ab8d57d..94d96f1 100644 --- a/docker-compose.prometheus.yml +++ b/docker-compose.prometheus.yml @@ -2,7 +2,7 @@ version: '3.6' services: prometheus-exporter: - image: greenstatic/bigbluebutton-exporter:v0.5.0 + image: greenstatic/bigbluebutton-exporter:v0.5.1 restart: unless-stopped environment: API_BASE_URL: http://10.7.7.1:8080/bigbluebutton/api/