From c740f55e5a91cd4ec6cdd460e9e7ff6df11ca404 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 16:07:48 +0100 Subject: [PATCH] v3.0.0-beta.5: basic working functionality quite some features (recording, SIP, transcription, etc.) are not working yet, but a milestone where it should finally take a commit --- README.md | 6 +- dev.env | 45 +---- docker-compose.tmpl.yml | 182 +++--------------- mod/apps-akka/Dockerfile | 14 +- mod/apps-akka/bbb-apps-akka.conf | 2 +- mod/apps-akka/entrypoint.sh | 7 + mod/apps-akka/settings.yml | 7 - mod/bbb-graphql-actions/Dockerfile | 4 +- mod/bbb-graphql-middleware/Dockerfile | 5 +- mod/bbb-graphql-middleware/config.yml | 15 ++ mod/bbb-graphql-server/Dockerfile | 9 +- mod/bbb-graphql-server/config.yaml | 2 +- mod/bbb-graphql-server/entrypoint.sh | 9 +- mod/bbb-graphql-server/start.sh | 14 +- mod/bbb-web/Dockerfile | 4 +- mod/bbb-web/bbb-web.properties | 2 +- mod/bbb-web/entrypoint.sh | 2 +- mod/bbb-web/logback.xml | 2 +- mod/bbb-web/mocked-ps | 8 - mod/etherpad/settings.json | 2 +- mod/freeswitch/Dockerfile | 2 +- .../conf/autoload_configs/acl.conf.xml | 49 ----- .../autoload_configs/event_socket.conf.xml | 4 +- .../conf/autoload_configs/modules.conf.xml | 1 + mod/freeswitch/conf/dialplan/public.xml | 43 ----- .../conf/sip_profiles/external-ipv6.xml | 113 ----------- mod/freeswitch/conf/sip_profiles/external.xml | 128 ------------ mod/freeswitch/conf/vars.xml.tmpl | 78 ++++++-- mod/fsesl-akka/bbb-fsesl-akka.conf | 4 +- mod/html5/Dockerfile | 43 ----- mod/html5/Dockerfile.dev | 16 -- mod/html5/bbb-html5.yml | 25 --- mod/html5/entrypoint.dev.sh | 31 --- mod/html5/entrypoint.sh | 38 ---- mod/livekit/livekit.yaml | 15 ++ mod/mongo/init-replica.sh | 26 --- mod/mongo/mongod.conf | 33 ---- mod/nginx/Dockerfile | 21 +- .../bbb-graphql-client-settings-cache.conf | 1 + mod/nginx/bbb-html5.dev.nginx | 6 - mod/nginx/bbb/bbb-html5.nginx | 54 +----- mod/nginx/bbb/graphql.nginx | 47 +++-- mod/nginx/bbb/learning-dashboard.nginx | 5 - mod/nginx/bbb/livekit.nginx | 11 ++ mod/nginx/bbb/notes.nginx | 4 +- mod/nginx/bbb/presentation-slides.nginx | 27 +-- mod/nginx/bbb/sip.nginx | 15 -- mod/nginx/bbb/web.nginx | 22 +++ mod/nginx/bigbluebutton | 23 +-- mod/webhooks/Dockerfile | 2 +- mod/webhooks/entrypoint.sh | 10 +- mod/webrtc-sfu/Dockerfile | 6 + mod/webrtc-sfu/config.yaml | 40 ++++ repos/bbb-pads | 2 +- repos/bbb-playback | 2 +- repos/bbb-webhooks | 2 +- repos/bbb-webrtc-sfu | 2 +- repos/bigbluebutton | 2 +- repos/freeswitch | 2 +- repos/tags | 12 +- sample.env | 39 ---- scripts/dev | 36 ++-- scripts/fs_cli | 2 +- scripts/functions.sh | 13 +- scripts/generate-compose | 6 +- scripts/setup | 1 + 66 files changed, 386 insertions(+), 1019 deletions(-) delete mode 100644 mod/apps-akka/settings.yml create mode 100644 mod/bbb-graphql-middleware/config.yml delete mode 100755 mod/bbb-web/mocked-ps delete mode 100644 mod/freeswitch/conf/autoload_configs/acl.conf.xml delete mode 100644 mod/freeswitch/conf/dialplan/public.xml delete mode 100644 mod/freeswitch/conf/sip_profiles/external-ipv6.xml delete mode 100644 mod/freeswitch/conf/sip_profiles/external.xml delete mode 100644 mod/html5/Dockerfile delete mode 100644 mod/html5/Dockerfile.dev delete mode 100644 mod/html5/bbb-html5.yml delete mode 100755 mod/html5/entrypoint.dev.sh delete mode 100755 mod/html5/entrypoint.sh create mode 100644 mod/livekit/livekit.yaml delete mode 100755 mod/mongo/init-replica.sh delete mode 100644 mod/mongo/mongod.conf create mode 100644 mod/nginx/bbb-graphql-client-settings-cache.conf delete mode 100644 mod/nginx/bbb-html5.dev.nginx create mode 100644 mod/nginx/bbb/livekit.nginx delete mode 100644 mod/nginx/bbb/sip.nginx create mode 100644 mod/webrtc-sfu/config.yaml diff --git a/README.md b/README.md index c18e2be..385d90c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # 📦 BigBlueButton 3.0 Docker -Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) +Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) ## Features - Easy installation @@ -18,9 +18,7 @@ Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com - Linux (it will not work under Windows/WSL) - Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.) - Public IPv4 (expect issues with a firewall / NAT) - -## What is not implemented yet -- bbb-lti +- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`) ## Install 1. Ensure the requirements above are fulfilled (it really doesn't work without them) diff --git a/dev.env b/dev.env index 76c6935..f747650 100644 --- a/dev.env +++ b/dev.env @@ -6,7 +6,11 @@ # - accept self signed certificates DEV_MODE=true - +# user and group used for +# this avoid any file permission issues with files +# created inside docker (e.g. node_modules) +BBB_DEV_UID=1000 +BBB_DEV_GID=1000 # ==================================== @@ -93,8 +97,6 @@ SIP_IP_ALLOWLIST=0.0.0.0/0 # CUSTOMIZATION # ==================================== -CLIENT_TITLE=BigBlueButton (Development) - # use following lines to replace the default welcome message and footer WELCOME_MESSAGE="Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others." WELCOME_FOOTER="This server is running BigBlueButton." @@ -123,52 +125,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf # - zh-hk-sinmei - Chinese/Hong Kong Sinmei SOUNDS_LANGUAGE=en-us-callie -# set to false to disable listenOnlyMode -LISTEN_ONLY_MODE=true - -# set to true to disable echo test -DISABLE_ECHO_TEST=false - -# set to true to automatically share webcam -AUTO_SHARE_WEBCAM=false - -# set to true to disable video preview for webcam sharing -DISABLE_VIDEO_PREVIEW=false - -# set to false to disable chat -CHAT_ENABLED=true - -# set to true to start chat closed -CHAT_START_CLOSED=false - # set to true to disable announcements "You are now (un-)muted" DISABLE_SOUND_MUTED=false # set to true to disable announcement "You are the only person in this conference" DISABLE_SOUND_ALONE=false -# maximum count of breakout rooms per meeting -# Warning: increasing the limit of breakout rooms per meeting -# can generate excessive overhead to the server. We recommend -# this value to be kept under 12. -BREAKOUTROOM_LIMIT=8 - # set to false to disable the learning dashboard ENABLE_LEARNING_DASHBOARD=true -# ==================================== -# Tuning -# ==================================== -# Default = 2; Min = 1; Max = 4 -# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events -NUMBER_OF_BACKEND_NODEJS_PROCESSES=1 - -# Default = 2; Min = 1; Max = 8 -# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings -# stretching the recommended number of users in BigBlueButton -NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1 - - # ==================================== # GREENLIGHT CONFIGURATION # ==================================== diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 06fec1b..df9c876 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -3,45 +3,6 @@ # don't edit this directly. {{/* -------- */}} -version: '3.6' - -# html5 templates -x-html5-backend: &html5backend - build: - context: mod/html5 - additional_contexts: - - source=./repos/bigbluebutton/bigbluebutton-html5 - args: - BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - TAG_BBB: {{ .Env.TAG_BBB }} - image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }} - restart: unless-stopped - depends_on: - - redis - - mongodb - - etherpad - environment: &html5backend-env - DOMAIN: ${DOMAIN} - CLIENT_TITLE: ${CLIENT_TITLE} - LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true} - DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false} - AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false} - DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false} - CHAT_ENABLED: ${CHAT_ENABLED:-true} - CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false} - BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8} - DEV_MODE: ${DEV_MODE:-} - BBB_HTML5_ROLE: backend - -x-html5-frontend: &html5frontend - <<: *html5backend - volumes: - - html5-static:/html5-static:rw - environment: &html5frontend-env - <<: *html5backend-env - BBB_HTML5_ROLE: frontend -# ========================= - services: bbb-web: build: @@ -81,61 +42,6 @@ services: ipv4_address: 10.7.7.2 -{{ if isTrue .Env.DEV_MODE }} - html5-dev: - build: - context: mod/html5 - dockerfile: Dockerfile.dev - args: - BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - user: ${BBB_DOCKER_USER} - restart: unless-stopped - depends_on: - - redis - - mongodb - - etherpad - volumes: - - ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw - - ./.cache/npm:/tmp/.npm:rw - - ./.cache/meteor:/tmp/.meteor:rw - - ./mod/html5/bbb-html5.yml:/tmp/bbb-html5.yml.tmpl - environment: - <<: *html5backend-env - HOME: /tmp - BBB_HTML5_ROLE: "" - networks: - bbb-net: - ipv4_address: 10.7.7.200 - - -{{ else }} -{{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }} - html5-backend-{{ add $i 1 }}: - <<: *html5backend - environment: - <<: *html5backend-env - INSTANCE_ID: {{ add $i 1 }} - PORT: {{ add 4000 $i }} - networks: - bbb-net: - ipv4_address: 10.7.7.{{ add 100 $i }} -{{end}} - -{{ range $i := loop 0 (atoi .Env.NUMBER_OF_FRONTEND_NODEJS_PROCESSES) }} - html5-frontend-{{ add $i 1 }}: - <<: *html5frontend - environment: - <<: *html5frontend-env - INSTANCE_ID: {{ add $i 1 }} - PORT: {{ add 4100 $i }} - networks: - bbb-net: - ipv4_address: 10.7.7.{{ add 200 $i }} -{{end}} - -{{ end }} - - freeswitch: container_name: bbb-freeswitch build: @@ -168,7 +74,9 @@ services: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker - ./data/freeswitch-meetings:/var/freeswitch/meetings - network_mode: host + networks: + bbb-net: + ipv4_address: 10.7.7.10 logging: # reduce logs to a minimum, so `docker compose logs -f` still works driver: "local" @@ -183,35 +91,30 @@ services: additional_contexts: - src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard - src-playback=./repos/bbb-playback + - src-html5=./repos/bigbluebutton/bigbluebutton-html5 args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - image: alangecker/bbb-docker-nginx:1.25-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }} + TAG_BBB: {{ .Env.TAG_BBB }} + image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25 restart: unless-stopped depends_on: - etherpad - webrtc-sfu - {{ if isTrue .Env.DEV_MODE }} - - html5-dev - {{ else }} - - html5-backend-1 - {{ end }} volumes: - ./data/bigbluebutton:/var/bigbluebutton - - html5-static:/html5-static:ro - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf - {{ if isTrue .Env.DEV_MODE }} - # don't let nginx directly serve static files - - ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro - {{ end }} + tmpfs: + - /tmp network_mode: host extra_hosts: - "host.docker.internal:10.7.7.1" - "bbb-web:10.7.7.2" - "etherpad:10.7.7.4" - "webrtc-sfu:10.7.7.1" - - "html5:10.7.7.11" - "greenlight:10.7.7.21" + - "bbb-graphql-server:10.7.7.31" + - "bbb-graphql-middleware:10.7.7.32" etherpad: build: @@ -220,7 +123,7 @@ services: - plugin=./repos/bbb-etherpad-plugin - skin=./repos/bbb-etherpad-skin args: - TAG_ETHERPAD: "1.9.1" + TAG_ETHERPAD: "1.9.4" image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} restart: unless-stopped depends_on: @@ -259,22 +162,6 @@ services: bbb-net: ipv4_address: 10.7.7.5 - mongodb: - image: mongo:6.0 - restart: unless-stopped - volumes: - - ./mod/mongo/mongod.conf:/etc/mongod.conf - - ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh - tmpfs: - - /data/configdb - - /data/db - command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth - healthcheck: - test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;" - networks: - bbb-net: - ipv4_address: 10.7.7.6 - webrtc-sfu: build: context: mod/webrtc-sfu @@ -288,30 +175,16 @@ services: - redis - freeswitch environment: - CLIENT_HOST: 10.7.7.1 - REDIS_HOST: 10.7.7.5 - FREESWITCH_IP: 10.7.7.1 - FREESWITCH_SIP_IP: ${EXTERNAL_IPv4} - MCS_HOST: 0.0.0.0 - MCS_ADDRESS: 0.0.0.0 - ESL_IP: 10.7.7.1 ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} - RECORDING_ADAPTER: bbb-webrtc-recorder - RECORD_WEBCAMS: "true" - KURENTO: '[]' - # TODO: add mediasoup IPv6 - # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487 - {{ if .Env.EXTERNAL_IPv6 }} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' - {{else}} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' - {{end}} - MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}' volumes: - ./data/mediasoup:/var/mediasoup tmpfs: - /var/log/bbb-webrtc-sfu network_mode: host + security_opt: + - seccomp:unconfined # allow io_uring access for mediasoup + ulimits: + memlock: -1 # allow io_uring_register_buffers to allocate enough ram fsesl-akka: build: @@ -339,8 +212,10 @@ services: additional_contexts: - src-common-message=./repos/bigbluebutton/bbb-common-message - src-apps-akka=./repos/bigbluebutton/akka-bbb-apps + - src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/ args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + TAG_BBB: {{ .Env.TAG_BBB }} image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -352,7 +227,7 @@ services: POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} volumes: - ./data/freeswitch-meetings:/var/freeswitch/meetings - - ./conf/settings.yml:/etc/bigbluebutton/bbb-html5.yml:ro + - ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro networks: bbb-net: ipv4_address: 10.7.7.15 @@ -364,19 +239,21 @@ services: - src=./repos/bigbluebutton/bbb-graphql-server args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + GRAPHQL_ENGINE_TAG: v2.44.0 depends_on: - postgres + - bbb-web + - apps-akka + - bbb-graphql-actions restart: unless-stopped environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} + HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME networks: bbb-net: ipv4_address: 10.7.7.31 - extra_hosts: - - "bbb-web:10.7.7.2" - - "bbb-graphql-actions:10.7.7.30" bbb-graphql-actions: build: @@ -392,6 +269,7 @@ services: restart: unless-stopped depends_on: - redis + - apps-akka environment: BBB_REDIS_HOST: redis networks: @@ -413,11 +291,9 @@ services: restart: unless-stopped depends_on: - bbb-graphql-server + - bbb-graphql-actions + - bbb-web - redis - environment: - BBB_GRAPHQL_MIDDLEWARE_LISTEN_PORT: 8378 - BBB_GRAPHQL_MIDDLEWARE_REDIS_ADDRESS: 10.7.7.5:6379 - BBB_GRAPHQL_MIDDLEWARE_HASURA_WS: ws://bbb-graphql-server:8080/v1/graphql networks: bbb-net: ipv4_address: 10.7.7.32 @@ -442,8 +318,7 @@ services: build: mod/periodic image: alangecker/bbb-docker-periodic:v2.7.0 restart: unless-stopped - depends_on: - - mongodb + volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data/bigbluebutton:/var/bigbluebutton @@ -469,7 +344,7 @@ services: - bbb-conf=./repos/bigbluebutton/bigbluebutton-config args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - TAG_BBB_PRESENTATION_VIDEO: "4.0.3" + TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2" image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -648,7 +523,6 @@ services: volumes: - html5-static: {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} ssl_data: {{end}} diff --git a/mod/apps-akka/Dockerfile b/mod/apps-akka/Dockerfile index 6d9df35..6d4bf57 100644 --- a/mod/apps-akka/Dockerfile +++ b/mod/apps-akka/Dockerfile @@ -19,13 +19,25 @@ RUN cd /source \ # =================================================== + +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings +RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq +COPY --from=src-config /settings.yml /settings.yml +ARG TAG_BBB +RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml +RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml + + +# =================================================== + FROM alangecker/bbb-docker-base-java +COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl COPY logback.xml /bbb-apps-akka/conf/logback.xml COPY entrypoint.sh /entrypoint.sh +COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml -COPY settings.yml /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml USER bigbluebutton ENTRYPOINT /entrypoint.sh diff --git a/mod/apps-akka/bbb-apps-akka.conf b/mod/apps-akka/bbb-apps-akka.conf index 2a7a474..f145c72 100644 --- a/mod/apps-akka/bbb-apps-akka.conf +++ b/mod/apps-akka/bbb-apps-akka.conf @@ -15,7 +15,7 @@ http { postgres { properties = { - serverName = "10.7.7.22" + serverName = "postgres" portNumber = "5432" databaseName = "bbb_graphql" user = "postgres" diff --git a/mod/apps-akka/entrypoint.sh b/mod/apps-akka/entrypoint.sh index d6d2b5a..033429e 100755 --- a/mod/apps-akka/entrypoint.sh +++ b/mod/apps-akka/entrypoint.sh @@ -1,10 +1,17 @@ #!/bin/sh -e +# bbb-apps-akka.conf TARGET=/etc/bigbluebutton/bbb-apps-akka.conf cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET sed -i "s/DOMAIN/$DOMAIN/" $TARGET sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET + +# settings.yml +TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml +yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET +yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET + cd /bbb-apps-akka /bbb-apps-akka/bin/bbb-apps-akka \ No newline at end of file diff --git a/mod/apps-akka/settings.yml b/mod/apps-akka/settings.yml deleted file mode 100644 index 58c4cef..0000000 --- a/mod/apps-akka/settings.yml +++ /dev/null @@ -1,7 +0,0 @@ -# just the default values required for gettting apps-akka running - -# use ./conf/sertings.yml for modifying anything -public: - plugins: [] - userReaction: - expire: 30 \ No newline at end of file diff --git a/mod/bbb-graphql-actions/Dockerfile b/mod/bbb-graphql-actions/Dockerfile index 97c2a61..ab1b441 100644 --- a/mod/bbb-graphql-actions/Dockerfile +++ b/mod/bbb-graphql-actions/Dockerfile @@ -16,7 +16,7 @@ RUN cd /src/dist && \ # ------------------------------ -FROM node:18-bookworm-slim +FROM node:22-bookworm-slim COPY --from=builder /src/dist /app @@ -29,4 +29,6 @@ WORKDIR /app ENV SERVER_HOST 0.0.0.0 +ENV NODE_ENV=production + CMD [ "node", "/app/bbb-graphql-actions.js" ] \ No newline at end of file diff --git a/mod/bbb-graphql-middleware/Dockerfile b/mod/bbb-graphql-middleware/Dockerfile index 22244e3..763ee1a 100644 --- a/mod/bbb-graphql-middleware/Dockerfile +++ b/mod/bbb-graphql-middleware/Dockerfile @@ -2,10 +2,11 @@ ARG BBB_BUILD_TAG FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder COPY --from=src / /src/ -RUN cd /src/ && ./local-build.sh - +RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go # ------------------------------ FROM alpine COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware +COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml +COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml CMD [ "/app/bbb-graphql-middleware" ] \ No newline at end of file diff --git a/mod/bbb-graphql-middleware/config.yml b/mod/bbb-graphql-middleware/config.yml new file mode 100644 index 0000000..3740d32 --- /dev/null +++ b/mod/bbb-graphql-middleware/config.yml @@ -0,0 +1,15 @@ +server: + listen_host: 0.0.0.0 + listen_port: 8378 +redis: + host: redis + port: 6379 + password: "" +hasura: + url: ws://bbb-graphql-server:8085/v1/graphql +graphql-actions: + url: http://bbb-graphql-actions:8093 +auth_hook: + url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization +session_vars_hook: + url: http://apps-akka:8901/userInfo \ No newline at end of file diff --git a/mod/bbb-graphql-server/Dockerfile b/mod/bbb-graphql-server/Dockerfile index f39bf7d..3c087cc 100644 --- a/mod/bbb-graphql-server/Dockerfile +++ b/mod/bbb-graphql-server/Dockerfile @@ -1,17 +1,18 @@ ARG BBB_BUILD_TAG +ARG GRAPHQL_ENGINE_TAG FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder -RUN mkdir -p /hasura-cli && cd /hasura-cli && npm install hasura-cli +RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq # ---------------------------- -FROM hasura/graphql-engine:v2.36.0 +FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG -# install netstat +# install netstat, required for start script RUN apt-get update && apt-get install -y net-tools gosu COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq -COPY --from=builder /hasura-cli/node_modules/hasura-cli/hasura /usr/local/bin/hansura +COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura COPY --from=src /bbb_schema.sql /app/ COPY --from=src /metadata /app/metadata diff --git a/mod/bbb-graphql-server/config.yaml b/mod/bbb-graphql-server/config.yaml index 183404e..cd39dc2 100644 --- a/mod/bbb-graphql-server/config.yaml +++ b/mod/bbb-graphql-server/config.yaml @@ -1,5 +1,5 @@ version: 3 -endpoint: http://localhost:8080 +endpoint: http://localhost:8085 admin_secret: bigbluebutton metadata_directory: metadata actions: diff --git a/mod/bbb-graphql-server/entrypoint.sh b/mod/bbb-graphql-server/entrypoint.sh index ff281dd..096d49c 100755 --- a/mod/bbb-graphql-server/entrypoint.sh +++ b/mod/bbb-graphql-server/entrypoint.sh @@ -12,11 +12,16 @@ export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGR export HASURA_GRAPHQL_LOG_LEVEL=warn export HASURA_GRAPHQL_ENABLE_CONSOLE=false export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250 +export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000 export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100 -export HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton # TODO: improve security +export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000 +export HASURA_GRAPHQL_SERVER_PORT=8085 export HASURA_GRAPHQL_ENABLE_TELEMETRY=false -export HASURA_GRAPHQL_AUTH_HOOK=http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization +export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10 +export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093 +export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql + exec $@ \ No newline at end of file diff --git a/mod/bbb-graphql-server/start.sh b/mod/bbb-graphql-server/start.sh index 2579684..5fc3354 100755 --- a/mod/bbb-graphql-server/start.sh +++ b/mod/bbb-graphql-server/start.sh @@ -1,12 +1,13 @@ #!/bin/bash +set -e cd /app/ # patch database url -# TODO: this should be possible via an environment variable -yq e -i '.[1].configuration.connection_info.database_url.connection_parameters.host = "postgres"' metadata/databases/databases.yaml -yq e -i ".[1].configuration.connection_info.database_url.connection_parameters.password = \"${POSTGRES_PASSWORD}\"" metadata/databases/databases.yaml +# TODO: this should be possible upstream in BBB via an environment variable +yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml +sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql @@ -27,13 +28,12 @@ sleep 1 #Check if Hasura is ready before applying metadata -HASURA_PORT=8080 -while ! netstat -tuln | grep ":$HASURA_PORT " > /dev/null; do - echo "Waiting for Hasura's port ($HASURA_PORT) to be ready..." +while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do + echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..." sleep 1 done echo "Applying new metadata to Hasura" -/usr/local/bin/hansura metadata apply --skip-update-check +/usr/local/bin/hasura metadata apply --skip-update-check wait "$PID" \ No newline at end of file diff --git a/mod/bbb-web/Dockerfile b/mod/bbb-web/Dockerfile index 1b636ec..e5fefa5 100644 --- a/mod/bbb-web/Dockerfile +++ b/mod/bbb-web/Dockerfile @@ -47,12 +47,10 @@ COPY --from=builder /dist /usr/share/bbb-web COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh -COPY mocked-ps /usr/bin/ps - # add entrypoint and templates COPY entrypoint.sh /entrypoint.sh COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl -COPY turn-stun-servers.xml /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl +COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties index 2c51aad..1604d0d 100644 --- a/mod/bbb-web/bbb-web.properties +++ b/mod/bbb-web/bbb-web.properties @@ -14,7 +14,7 @@ securitySalt={{ .Env.SHARED_SECRET }} redisHost=redis {{ if isTrue .Env.DEV_MODE }} -beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf +beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf # fetch presentations without HTTPS presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation {{else}} diff --git a/mod/bbb-web/entrypoint.sh b/mod/bbb-web/entrypoint.sh index 346fac7..f3d7f56 100755 --- a/mod/bbb-web/entrypoint.sh +++ b/mod/bbb-web/entrypoint.sh @@ -23,7 +23,7 @@ echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCE cd /usr/share/bbb-web/ dockerize \ -template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \ - -template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \ + -template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \ gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher diff --git a/mod/bbb-web/logback.xml b/mod/bbb-web/logback.xml index 8fb5838..def4f59 100644 --- a/mod/bbb-web/logback.xml +++ b/mod/bbb-web/logback.xml @@ -22,7 +22,7 @@ - + diff --git a/mod/bbb-web/mocked-ps b/mod/bbb-web/mocked-ps deleted file mode 100755 index bb67da3..0000000 --- a/mod/bbb-web/mocked-ps +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -echo "(mocked-ps for HTML5LoadBalancingService.java)" - -# fake random process load to distribute meetings equally -for i in `seq $(cat /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES)`; do - randomLoad=$(echo $(( $RANDOM % 100 ))) - echo " $randomLoad.1 /usr/share/node-v12.16.1-linux-x64/bin/node main.js NODEJS_BACKEND_INSTANCE_ID=$i" -done diff --git a/mod/etherpad/settings.json b/mod/etherpad/settings.json index 42466c5..4e23f31 100644 --- a/mod/etherpad/settings.json +++ b/mod/etherpad/settings.json @@ -539,7 +539,7 @@ "windowMs": 90000, // maximum number of requests per IP to allow during the rate limit window - "max": 16 + "max": 32 }, /* diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index e57a58b..0153763 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -28,7 +28,7 @@ RUN cd /build && ./build.sh # add english sounds RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \ - wget http://bigbluebutton.org/downloads/sounds.tar.gz -O sounds.tar.gz && \ + wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \ tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \ wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \ unzip mute-and-unmute-sounds-master.zip && \ diff --git a/mod/freeswitch/conf/autoload_configs/acl.conf.xml b/mod/freeswitch/conf/autoload_configs/acl.conf.xml deleted file mode 100644 index 78628d8..0000000 --- a/mod/freeswitch/conf/autoload_configs/acl.conf.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml b/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml index 664aa8f..6d7d4d7 100644 --- a/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml +++ b/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml @@ -4,7 +4,7 @@ - + - \ No newline at end of file + diff --git a/mod/freeswitch/conf/autoload_configs/modules.conf.xml b/mod/freeswitch/conf/autoload_configs/modules.conf.xml index 36f5d4b..f05aa52 100644 --- a/mod/freeswitch/conf/autoload_configs/modules.conf.xml +++ b/mod/freeswitch/conf/autoload_configs/modules.conf.xml @@ -2,6 +2,7 @@ + diff --git a/mod/freeswitch/conf/dialplan/public.xml b/mod/freeswitch/conf/dialplan/public.xml deleted file mode 100644 index ac355dc..0000000 --- a/mod/freeswitch/conf/dialplan/public.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml b/mod/freeswitch/conf/sip_profiles/external-ipv6.xml deleted file mode 100644 index 834441b..0000000 --- a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml +++ /dev/null @@ -1,113 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/sip_profiles/external.xml b/mod/freeswitch/conf/sip_profiles/external.xml deleted file mode 100644 index d8073f7..0000000 --- a/mod/freeswitch/conf/sip_profiles/external.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/vars.xml.tmpl b/mod/freeswitch/conf/vars.xml.tmpl index b31edeb..98dcb84 100644 --- a/mod/freeswitch/conf/vars.xml.tmpl +++ b/mod/freeswitch/conf/vars.xml.tmpl @@ -1,12 +1,15 @@ - @@ -15,6 +18,7 @@ The following variables are set dynamically - calculated if possible by freeswitch - and are available to the config as $${variable}. You can see their calculated value via fs_cli by entering eval $${variable} + hostname local_ip_v4 local_mask_v4 @@ -41,21 +45,23 @@ nat_public_addr nat_private_addr nat_type + --> + + - - - - + + @@ -63,6 +69,7 @@ @@ -70,7 +77,9 @@ NOTICE: When using SRTP it's critical that you do not offer or accept variable bit rate codecs, doing so would leak information and possibly compromise your SRTP stream. (FS-6404) + Supported SRTP Crypto Suites: + AEAD_AES_256_GCM_8 ____________________________________________________________________________ This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of @@ -78,6 +87,8 @@ authentication tag with a length of 8 octets (64 bits) is used. An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its corresponding plaintext. + + AEAD_AES_128_GCM_8 ____________________________________________________________________________ This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of @@ -85,6 +96,8 @@ authentication tag with a length of 8 octets (64 bits) is used. An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its corresponding plaintext. + + AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80 ____________________________________________________________________________ AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher @@ -92,18 +105,25 @@ tag. The master-key length is 128 bits and has a default lifetime of a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes first. + + AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32 ____________________________________________________________________________ This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that the authentication tag is 32 bits. The length of the base64-decoded key and salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise, the crypto attribute is considered invalid. + + AES_CM_128_NULL_AUTH ____________________________________________________________________________ The SRTP default cipher (AES-128 Counter Mode), but to use no authentication method. This policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 of [RFC3711]. + + SRTP variables that modify behaviors based on direction/leg: + rtp_secure_media ____________________________________________________________________________ possible values: @@ -112,11 +132,16 @@ forbidden - More useful for inbound to deny SAVP negotiation false - implies forbidden true - implies mandatory + default if not set is accept SAVP inbound if offered. + + rtp_secure_media_inbound | rtp_secure_media_outbound ____________________________________________________________________________ This is the same as rtp_secure_media, but would apply to either inbound or outbound offers specifically. + + How to specify crypto suites: ____________________________________________________________________________ By default without specifying any crypto suites FreeSWITCH will offer @@ -124,29 +149,39 @@ endpoint has in common. If you wish to force specific crypto suites you can do so by appending the suites in a comma separated list in the order that you wish to offer them in. + Examples: + rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80 rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80 + Additionally you can narrow this down on either inbound or outbound by specifying as so: + rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8 rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8 rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8 rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8 + + rtp_secure_media_suites ____________________________________________________________________________ - Optionaly you can use rtp_secure_media_suites to dictate the suite list + Optionally you can use rtp_secure_media_suites to dictate the suite list and only use rtp_secure_media=[optional|mandatory|false|true] without having to dictate the suite list with the rtp_secure_media* variables. --> @@ -232,7 +274,9 @@ @@ -256,7 +301,7 @@ If unspecified, the bind_server_ip value is used. Used by: sofia.conf.xml dingaling.conf.xml --> - + - + @@ -342,6 +389,7 @@ @@ -354,16 +402,21 @@ @@ -380,7 +433,7 @@ - + @@ -395,4 +448,5 @@ - \ No newline at end of file + + diff --git a/mod/fsesl-akka/bbb-fsesl-akka.conf b/mod/fsesl-akka/bbb-fsesl-akka.conf index ed1b475..12acb3e 100644 --- a/mod/fsesl-akka/bbb-fsesl-akka.conf +++ b/mod/fsesl-akka/bbb-fsesl-akka.conf @@ -4,13 +4,13 @@ include "/bbb-fsesl-akka/conf/application.conf" freeswitch { esl { - host="10.7.7.1" + host="freeswitch" password="FSESL_PASSWORD" } } redis { - host="10.7.7.5" + host="redis" } http { diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile deleted file mode 100644 index 7b050b6..0000000 --- a/mod/html5/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - -# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor -# USER meteor - -COPY --from=source ./ /source -RUN cd /source && meteor npm ci --production \ - && METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \ - && rm -rf /source - -RUN cd /app/bundle/programs/server \ - && npm install --production - -RUN mkdir -p /app/bundle/programs/web.browser/app/files && \ - cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/ - -ARG TAG_BBB -RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \ - && find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \ - && find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \ - && find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \; - -# ------------------------------ - -FROM node:18-bookworm-slim - -RUN apt-get update && apt-get install -y gosu - -# add user & group -RUN groupadd -g 2000 meteor \ - && useradd -m -u 2001 -g meteor meteor - -COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize -COPY --from=builder --chown=meteor:meteor /app/bundle /app -COPY entrypoint.sh /entrypoint.sh -COPY bbb-html5.yml /app/bbb-html5.yml.tmpl - -# expose TAG_BBB in container for the version display -ARG TAG_BBB -ENV TAG_BBB $TAG_BBB - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/mod/html5/Dockerfile.dev b/mod/html5/Dockerfile.dev deleted file mode 100644 index 21ad85c..0000000 --- a/mod/html5/Dockerfile.dev +++ /dev/null @@ -1,16 +0,0 @@ -ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - - -RUN curl https://install.meteor.com/\?release\=2.13 | sh - - -COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize - -# make /root/.meteor accessible for user -RUN chmod 777 /root /root/.meteor - -COPY entrypoint.dev.sh /entrypoint.dev.sh - -ENTRYPOINT ["/entrypoint.dev.sh"] - diff --git a/mod/html5/bbb-html5.yml b/mod/html5/bbb-html5.yml deleted file mode 100644 index 85decd3..0000000 --- a/mod/html5/bbb-html5.yml +++ /dev/null @@ -1,25 +0,0 @@ -public: - app: - html5ClientBuild: {{ .Env.TAG_BBB }} - bbbServerVersion: {{ .Env.TAG_BBB }}-docker - listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} - skipCheck: {{ .Env.DISABLE_ECHO_TEST }} - clientTitle: {{ .Env.CLIENT_TITLE }} - appName: BigBlueButton HTML5 Client (docker) - breakouts: - breakoutRoomLimit: {{ .Env.BREAKOUTROOM_LIMIT }} - kurento: - wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu - autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} - skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }} - chat: - enabled: {{ .Env.CHAT_ENABLED }} - startClosed: {{ .Env.CHAT_START_CLOSED }} - pads: - url: https://{{ .Env.DOMAIN }}/pad -private: - app: - host: 0.0.0.0 - redis: - host: redis - port: '6379' diff --git a/mod/html5/entrypoint.dev.sh b/mod/html5/entrypoint.dev.sh deleted file mode 100755 index 6063e6b..0000000 --- a/mod/html5/entrypoint.dev.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -e - -# use /tmp as home dir as writeable directory for whatever UID we get -export HOME=/tmp - - -export MONGO_OPLOG_URL=mongodb://10.7.7.6/local -export MONGO_URL=mongodb://10.7.7.6/meteor -export ROOT_URL=http://127.0.0.1/html5client -export BIND_IP=0.0.0.0 -export LANG=en_US.UTF-8 -export BBB_HTML5_LOCAL_SETTINGS=/tmp/bbb-html5.yml - -echo "DEV_MODE=true, disable TLS certificate rejecting" -export NODE_TLS_REJECT_UNAUTHORIZED=0 - - -if [ ! -f "/tmp/.meteor/copy-done" ]; then - echo "# copying over .meteor from docker image... (this might take some minutes)" - cp -a /root/.meteor/* /tmp/.meteor - touch /tmp/.meteor/copy-done -fi - -cd /app -echo "# meteor npm install" -meteor npm install - -echo "# npm start" -dockerize \ - -template /tmp/bbb-html5.yml.tmpl:/tmp/bbb-html5.yml \ - npm start diff --git a/mod/html5/entrypoint.sh b/mod/html5/entrypoint.sh deleted file mode 100755 index f6c007b..0000000 --- a/mod/html5/entrypoint.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -set -e - -cd /app -export MONGO_OPLOG_URL=mongodb://10.7.7.6/local -export MONGO_URL=mongodb://10.7.7.6/meteor -export ROOT_URL=http://127.0.0.1/html5client -export NODE_ENV=production -export SERVER_WEBSOCKET_COMPRESSION='{"level":5, "maxWindowBits":13, "memLevel":7, "requestMaxWindowBits":13}' -export BIND_IP=0.0.0.0 -export LANG=en_US.UTF-8 -export INSTANCE_MAX=1 -export ENVIRONMENT_TYPE=production -export NODE_VERSION=node-v14.21.1-linux-x64 -export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml - -if [ "$BBB_HTML5_ROLE" == "backend" ]; then - PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID -fi - - -# if container is the first frontend, do some additional tasks -if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then - - - # copy static files into volume for direct access by nginx - # https://github.com/bigbluebutton/bigbluebutton/issues/10739 - if [ -d "/html5-static" ]; then - rm -rf /html5-static/* - cp -r /app/programs/web.browser/* /html5-static - fi - -fi - -dockerize \ - -template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \ - gosu meteor \ - node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM diff --git a/mod/livekit/livekit.yaml b/mod/livekit/livekit.yaml new file mode 100644 index 0000000..55653f3 --- /dev/null +++ b/mod/livekit/livekit.yaml @@ -0,0 +1,15 @@ +port: 7880 +log_level: debug +# when enabled, LiveKit will expose prometheus metrics on :6789/metrics +#prometheus_port: 6789 +rtc: + port_range_start: 16384 + port_range_end: 32768 + use_external_ip: false +redis: + # redis is recommended for production deploys + address: redis:6379 + +keys: + # TODO: change keys + TEST: TEST diff --git a/mod/mongo/init-replica.sh b/mod/mongo/init-replica.sh deleted file mode 100755 index da06dfd..0000000 --- a/mod/mongo/init-replica.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -set -e - - -host=${HOSTNAME:-$(hostname -f)} - -# shut down again -mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown -# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6 -mongod --oplogSize 8 --replSet rs0 --noauth \ - --config /tmp/docker-entrypoint-temp-config.json \ - --bind_ip 0.0.0.0 --port 27017 \ - --tlsMode disabled \ - --logpath /proc/1/fd/1 --logappend \ - --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork - -# init replset with defaults -mongosh 10.7.7.6 --eval "rs.initiate({ - _id: 'rs0', - members: [ { _id: 0, host: '10.7.7.6:27017' } ] -})" - -echo "Waiting to become a master" -echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongosh - -echo "I'm the master!" \ No newline at end of file diff --git a/mod/mongo/mongod.conf b/mod/mongo/mongod.conf deleted file mode 100644 index f791065..0000000 --- a/mod/mongo/mongod.conf +++ /dev/null @@ -1,33 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -storage: - dbPath: /data/db - journal: - enabled: true - wiredTiger: - engineConfig: - cacheSizeGB: 1 - journalCompressor: none - directoryForIndexes: true - collectionConfig: - blockCompressor: none - indexConfig: - prefixCompression: false - - -net: - port: 27017 - bindIp: 0.0.0.0 - - -replication: - replSetName: rs0 - -setParameter: - diagnosticDataCollectionEnabled: false - -security: - javascriptEnabled: false diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile index 091ebde..692f88f 100644 --- a/mod/nginx/Dockerfile +++ b/mod/nginx/Dockerfile @@ -1,20 +1,29 @@ ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - -# -------------------- - +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard COPY --from=src-learning-dashboard / /bbb-learning-dashboard RUN cd /bbb-learning-dashboard && npm ci && npm run build + +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback COPY --from=src-playback / /bbb-playback RUN cd /bbb-playback && npm install && npm run-script build +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5 +COPY --from=src-html5 / /source +RUN cd /source && CI=true npm ci +RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build +RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \ + && find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \ + && find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \; + # -------------------- FROM nginx:1.25-alpine -COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/ -COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3 +COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/ +COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3 +COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/ COPY ./bbb /etc/nginx/bbb COPY ./bigbluebutton /etc/nginx/conf.d/default.conf +COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf COPY ./nginx.conf /etc/nginx/nginx.conf diff --git a/mod/nginx/bbb-graphql-client-settings-cache.conf b/mod/nginx/bbb-graphql-client-settings-cache.conf new file mode 100644 index 0000000..fbea8b7 --- /dev/null +++ b/mod/nginx/bbb-graphql-client-settings-cache.conf @@ -0,0 +1 @@ +proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off; \ No newline at end of file diff --git a/mod/nginx/bbb-html5.dev.nginx b/mod/nginx/bbb-html5.dev.nginx deleted file mode 100644 index 2ed5689..0000000 --- a/mod/nginx/bbb-html5.dev.nginx +++ /dev/null @@ -1,6 +0,0 @@ -location /html5client { - proxy_pass http://10.7.7.200:4100; # use for production - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; -} diff --git a/mod/nginx/bbb/bbb-html5.nginx b/mod/nginx/bbb/bbb-html5.nginx index 9b0ab89..e62c047 100644 --- a/mod/nginx/bbb/bbb-html5.nginx +++ b/mod/nginx/bbb/bbb-html5.nginx @@ -1,49 +1,13 @@ -location @html5client { - proxy_pass http://poolhtml5servers; # use for production - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; +# running in production (static assets) +location /html5client { + gzip_static on; + alias /usr/share/bigbluebutton/html5-client/; + index index.html; + try_files $uri $uri/ =404; } location /html5client/locales { - alias /html5-static/app/locales; + alias /usr/share/bigbluebutton/html5-client/locales; + autoindex on; + autoindex_format json; } - -location /html5client/compatibility { - gzip_static on; - alias /html5-static/app/compatibility; -} - -location /html5client/resources { - alias /html5-static/app/resources; -} - -location /html5client/svgs { - alias /html5-static/app/svgs; -} - -location /html5client/fonts { - alias /html5-static/app/fonts; -} - -location /html5client/files { - alias /html5-static/app/files; -} - -location /html5client/wasm { - types { - application/wasm wasm; - } - gzip_static on; - alias /html5-static/app/wasm; -} - -location /html5client { - gzip_static on; - alias /html5-static; - try_files $uri @html5client; -} - -location /html5client/sockjs { - try_files $uri @html5client; -} \ No newline at end of file diff --git a/mod/nginx/bbb/graphql.nginx b/mod/nginx/bbb/graphql.nginx index d80c636..91ca2ff 100644 --- a/mod/nginx/bbb/graphql.nginx +++ b/mod/nginx/bbb/graphql.nginx @@ -1,24 +1,39 @@ -location /graphql-test { - proxy_pass http://127.0.0.1:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; -} - # Websocket connection -location /v1/graphql { +location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; - #proxy_pass http://127.0.0.1:8080; #Hasura - proxy_pass http://10.7.7.32:8378; #Graphql Middleware + #proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql) + proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware } -location /api/rest { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; #Hasura +#Set cache system for client settings +location /api/rest/clientSettings { + auth_request /bigbluebutton/connection/checkGraphqlAuthorization; + auth_request_set $meeting_id $sent_http_meeting_id; + + proxy_cache client_settings_cache; + proxy_cache_key "$uri|$meeting_id"; + proxy_cache_use_stale updating; + proxy_cache_valid 24h; + proxy_cache_lock on; + add_header X-Cached $upstream_cache_status; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://bbb-graphql-server:8085; #Hasura +} + +location /api/rest/userMetadata { + auth_request /bigbluebutton/connection/checkGraphqlAuthorization; + auth_request_set $meeting_id $sent_http_meeting_id; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://bbb-graphql-server:8085; #Hasura } diff --git a/mod/nginx/bbb/learning-dashboard.nginx b/mod/nginx/bbb/learning-dashboard.nginx index 2b78e2a..f0b4fc3 100644 --- a/mod/nginx/bbb/learning-dashboard.nginx +++ b/mod/nginx/bbb/learning-dashboard.nginx @@ -1,8 +1,3 @@ -location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) { - alias /var/bigbluebutton/learning-dashboard/$1/$2; - autoindex off; -} - location /learning-analytics-dashboard/ { alias /www/learning-analytics-dashboard/; autoindex off; diff --git a/mod/nginx/bbb/livekit.nginx b/mod/nginx/bbb/livekit.nginx new file mode 100644 index 0000000..c295562 --- /dev/null +++ b/mod/nginx/bbb/livekit.nginx @@ -0,0 +1,11 @@ +location /livekit/ { + proxy_pass http://127.0.0.1:7880/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + proxy_read_timeout 60s; + proxy_send_timeout 60s; + client_body_timeout 60s; + send_timeout 60s; +} diff --git a/mod/nginx/bbb/notes.nginx b/mod/nginx/bbb/notes.nginx index bc37eed..4965d2d 100644 --- a/mod/nginx/bbb/notes.nginx +++ b/mod/nginx/bbb/notes.nginx @@ -15,7 +15,7 @@ location /pad/p/ { proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used proxy_http_version 1.1; auth_request /bigbluebutton/connection/checkAuthorization; @@ -57,7 +57,7 @@ location /pad/socket.io { proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used proxy_set_header Host $host; # pass the host header proxy_http_version 1.1; # recommended with keepalive connections # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html diff --git a/mod/nginx/bbb/presentation-slides.nginx b/mod/nginx/bbb/presentation-slides.nginx index 1ea4c4f..d90adeb 100644 --- a/mod/nginx/bbb/presentation-slides.nginx +++ b/mod/nginx/bbb/presentation-slides.nginx @@ -20,34 +20,27 @@ # causes tomcat to OOM. (ralam sept 20, 2018) location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/svg\/(?\d+)$ { - default_type image/svg+xml; + default_type image/svg+xml; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } - location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/slide\/(?\d+)$ { - alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/pdf\/(?[A-Za-z0-9]+)\/annotated_slides.pdf$ { + default_type application/pdf; + alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf; + add_header 'Access-Control-Allow-Origin' '*' always; } location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/thumbnail\/(?\d+)$ { - default_type image/png; + default_type image/png; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/textfiles\/(?\d+)$ { - default_type text/plain; + default_type text/plain; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } diff --git a/mod/nginx/bbb/sip.nginx b/mod/nginx/bbb/sip.nginx deleted file mode 100644 index ee4993e..0000000 --- a/mod/nginx/bbb/sip.nginx +++ /dev/null @@ -1,15 +0,0 @@ -location /ws { - proxy_pass https://$freeswitch_addr:7443; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Ssl on; - proxy_read_timeout 6h; - proxy_send_timeout 6h; - client_body_timeout 6h; - send_timeout 6h; - - auth_request /bigbluebutton/connection/checkAuthorization; - auth_request_set $auth_status $upstream_status; -} \ No newline at end of file diff --git a/mod/nginx/bbb/web.nginx b/mod/nginx/bbb/web.nginx index 7e6f209..b7c9e69 100755 --- a/mod/nginx/bbb/web.nginx +++ b/mod/nginx/bbb/web.nginx @@ -92,6 +92,16 @@ proxy_set_header X-Original-URI $request_uri; } + location = /bigbluebutton/connection/checkGraphqlAuthorization { + internal; + proxy_pass http://bbb-web:8090; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + # this is required for CORS preflight checks in cluster setup + proxy_set_header X-Original-Method $request_method; + } + location = /bigbluebutton/connection/legacyCheckAuthorization { internal; proxy_pass http://bbb-web:8090; @@ -149,6 +159,18 @@ proxy_set_header X-Original-URI $request_uri; } + location /bigbluebutton/ping { + default_type text/plain; + add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; + add_header Pragma "no-cache"; + add_header Expires "0"; + # this Header is required for cluster setups as the ping check is a + # CORS request. No cookies are required so we can just allow anyone + # to use this endpoint. + add_header 'Access-Control-Allow-Origin' '*'; + return 200 ""; + } + } location @error403 { diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index 759278d..129d2dc 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -1,22 +1,3 @@ -map $remote_addr $freeswitch_addr { - "~:" [::1]; - default 10.7.7.1; -} - -upstream poolhtml5servers { - zone poolhtml5servers 32k; - least_conn; - server 10.7.7.200:4100 fail_timeout=10s max_fails=4 backup; - server 10.7.7.201:4101 fail_timeout=120s max_fails=1; - server 10.7.7.202:4102 fail_timeout=120s max_fails=1; - server 10.7.7.203:4103 fail_timeout=120s max_fails=1; - # TODO: set server list based on NUMBER_OF_FRONTEND_NODEJS_PROCESSES - # server 10.7.7.204:4104 fail_timeout=120s max_fails=1; - # server 10.7.7.205:4105 fail_timeout=120s max_fails=1; - # server 10.7.7.206:4106 fail_timeout=120s max_fails=1; - # server 10.7.7.207:4107 fail_timeout=120s max_fails=1; -} - server { listen 48087 default_server; listen [::]:48087 default_server; @@ -25,6 +6,10 @@ server { absolute_redirect off; root /www/; + # This variable is used instead of $scheme by bigbluebutton nginx include + # files, so $scheme can be overridden in reverse-proxy configurations. + set $real_scheme $scheme; + # opt-out of google's floc tracking # https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea add_header Permissions-Policy "interest-cohort=()"; diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index 7d603fe..69272af 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -7,7 +7,7 @@ RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_ && chmod +x /usr/bin/yq COPY --from=src / /bbb-webhooks -RUN cd /bbb-webhooks && npm install --production +RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git RUN chmod 777 /bbb-webhooks/config # ------------------------------ diff --git a/mod/webhooks/entrypoint.sh b/mod/webhooks/entrypoint.sh index 22107ac..1cd89e0 100755 --- a/mod/webhooks/entrypoint.sh +++ b/mod/webhooks/entrypoint.sh @@ -3,14 +3,14 @@ set -e TARGET=/bbb-webhooks/config/production.yml cp /bbb-webhooks/config/default.example.yml $TARGET -yq e -i ".bbb.sharedSecret = \"$SHARED_SECRET\"" $TARGET -yq e -i ".bbb.serverDomain = \"$DOMAIN\"" $TARGET -yq e -i ".bbb.auth2_0 = true" $TARGET -yq e -i ".server.bind = \"0.0.0.0\"" $TARGET yq e -i ".hooks.getRaw = false" $TARGET -yq e -i ".redis.host = \"redis\"" $TARGET +yq e -i '.modules."../out/webhooks/index.js".config.getRaw = false' $TARGET export NODE_ENV=production +export REDIS_HOST=redis +export SERVER_DOMAIN=$DOMAIN +export BEARER_AUTH=true +export SERVER_BIND_IP=0.0.0.0 cd /bbb-webhooks node app.js diff --git a/mod/webrtc-sfu/Dockerfile b/mod/webrtc-sfu/Dockerfile index 4f8e53c..086b4e9 100644 --- a/mod/webrtc-sfu/Dockerfile +++ b/mod/webrtc-sfu/Dockerfile @@ -27,4 +27,10 @@ RUN mkdir /home/webrtc-sfu && chown -R webrtc-sfu:webrtc-sfu /app/config /home/w USER webrtc-sfu WORKDIR /app + + +COPY config.yaml /etc/bigbluebutton/bbb-webrtc-sfu/production.yml +ENV NODE_ENV=production +ENV NODE_CONFIG_DIR=/app/config/:/etc/bigbluebutton/bbb-webrtc-sfu/ +ENV ALLOW_CONFIG_MUTATIONS=true CMD [ "npm", "start" ] diff --git a/mod/webrtc-sfu/config.yaml b/mod/webrtc-sfu/config.yaml new file mode 100644 index 0000000..50974ea --- /dev/null +++ b/mod/webrtc-sfu/config.yaml @@ -0,0 +1,40 @@ +kurento: [] +redisHost: 10.7.7.5 +clientHost: 10.7.7.1 +recordingAdapter: bbb-webrtc-recorder + +mcs-host: 10.7.7.1 +mcs-address: 10.7.7.1 +freeswitch: + ip: 10.7.7.10 + sip_ip: 10.7.7.10 + port: 5066 + esl_ip: 10.7.7.10 + esl_port: 8021 + +log: + # trace|debug|info|warn|error + level: debug + # Whether to log to stdout + stdout: true + # Whether to log to a file + file: false + +mediasoup: + dedicatedMediaTypeWorkers: + audio: auto + workerBalancing: + strategy: least-loaded + + webrtc: + # announcedIP => it's the host public IPv4 in case the machine is + # behind a 1:1 NAT + # ip => the address on which mediasoup will bind its RTC sockets + listenIps: + - ip: "10.7.7.1" + announcedIp: "10.7.7.1" + + plainRtp: + listenIp: + ip: "0.0.0.0" + announcedIp: "10.7.7.1" \ No newline at end of file diff --git a/repos/bbb-pads b/repos/bbb-pads index 433fe4c..724d55c 160000 --- a/repos/bbb-pads +++ b/repos/bbb-pads @@ -1 +1 @@ -Subproject commit 433fe4c3934edff36cddcfb1e892e323c2fe75ea +Subproject commit 724d55c26b1c94ea22a85b0c7e064f57b54875cb diff --git a/repos/bbb-playback b/repos/bbb-playback index a8f5a72..4e11f93 160000 --- a/repos/bbb-playback +++ b/repos/bbb-playback @@ -1 +1 @@ -Subproject commit a8f5a72a7dc55cc8bab6f980035291b6e8fe5de5 +Subproject commit 4e11f9337cecb36400f8c41caa12431b2667d8bb diff --git a/repos/bbb-webhooks b/repos/bbb-webhooks index 7c0cd8e..a3e2f1f 160000 --- a/repos/bbb-webhooks +++ b/repos/bbb-webhooks @@ -1 +1 @@ -Subproject commit 7c0cd8e6cad144578598f9fa6ea2d9ab78af560b +Subproject commit a3e2f1fe2f12bd9d0be86a8afac71b2a82455269 diff --git a/repos/bbb-webrtc-sfu b/repos/bbb-webrtc-sfu index fe901bd..6fbde34 160000 --- a/repos/bbb-webrtc-sfu +++ b/repos/bbb-webrtc-sfu @@ -1 +1 @@ -Subproject commit fe901bd15cadcb33f935900f804926f36793c48d +Subproject commit 6fbde34c357ba656741842048e936611faf45a09 diff --git a/repos/bigbluebutton b/repos/bigbluebutton index b674477..c36e394 160000 --- a/repos/bigbluebutton +++ b/repos/bigbluebutton @@ -1 +1 @@ -Subproject commit b674477a40a3060738219d8a58915f1bcaf8738b +Subproject commit c36e394e4aaa6be6c429222b7c9a86a8945b5563 diff --git a/repos/freeswitch b/repos/freeswitch index 4cb05e7..a88d069 160000 --- a/repos/freeswitch +++ b/repos/freeswitch @@ -1 +1 @@ -Subproject commit 4cb05e7f4a23645ec387f3b5391194128be7d193 +Subproject commit a88d069d6ffb74df797bcaf001f7e63181c07a09 diff --git a/repos/tags b/repos/tags index b569c71..1857b3b 100644 --- a/repos/tags +++ b/repos/tags @@ -5,9 +5,9 @@ repos/bbb-etherpad-plugin 068ded5 repos/bbb-etherpad-skin 8328b77 -repos/bbb-pads v1.5.2 -repos/bbb-playback v5.0.2 -repos/bbb-webhooks v2.6.1 -repos/bbb-webrtc-sfu v2.12.0 -repos/bigbluebutton v2.7.3 -repos/freeswitch v1.10.10 +repos/bbb-pads v1.5.3 +repos/bbb-playback v5.1.3 +repos/bbb-webhooks v3.3.0 +repos/bbb-webrtc-sfu v2.17.0-alpha.1 +repos/bigbluebutton v3.0.0-beta.5 +repos/freeswitch v1.10.12 diff --git a/sample.env b/sample.env index 4913308..09301ee 100644 --- a/sample.env +++ b/sample.env @@ -82,8 +82,6 @@ SIP_IP_ALLOWLIST= # CUSTOMIZATION # ==================================== -CLIENT_TITLE=BigBlueButton - # use following lines to replace the default welcome message and footer WELCOME_MESSAGE="Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others." WELCOME_FOOTER="This server is running BigBlueButton." @@ -112,52 +110,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf # - zh-hk-sinmei - Chinese/Hong Kong Sinmei SOUNDS_LANGUAGE=en-us-callie -# set to false to disable listenOnlyMode -LISTEN_ONLY_MODE=true - -# set to true to disable echo test -DISABLE_ECHO_TEST=false - -# set to true to automatically share webcam -AUTO_SHARE_WEBCAM=false - -# set to true to disable video preview for webcam sharing -DISABLE_VIDEO_PREVIEW=false - -# set to false to disable chat -CHAT_ENABLED=true - -# set to true to start chat closed -CHAT_START_CLOSED=false - # set to true to disable announcements "You are now (un-)muted" DISABLE_SOUND_MUTED=false # set to true to disable announcement "You are the only person in this conference" DISABLE_SOUND_ALONE=false -# maximum count of breakout rooms per meeting -# Warning: increasing the limit of breakout rooms per meeting -# can generate excessive overhead to the server. We recommend -# this value to be kept under 12. -BREAKOUTROOM_LIMIT=8 - # set to false to disable the learning dashboard ENABLE_LEARNING_DASHBOARD=true -# ==================================== -# Tuning -# ==================================== -# Default = 2; Min = 1; Max = 4 -# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events -NUMBER_OF_BACKEND_NODEJS_PROCESSES=2 - -# Default = 2; Min = 1; Max = 8 -# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings -# stretching the recommended number of users in BigBlueButton -NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2 - - # ==================================== # GREENLIGHT CONFIGURATION # ==================================== diff --git a/scripts/dev b/scripts/dev index bbb59a5..fd3a97e 100755 --- a/scripts/dev +++ b/scripts/dev @@ -4,6 +4,15 @@ set -e cd "$(dirname "$0")/.." . scripts/functions.sh +ensure_bbbhtml5yml + +create_dev_env () { + cp dev.env .env + sed -i "s/BBB_DEV_UID=.*/BBB_DEV_UID=$(id -u)/" .env + sed -i "s/BBB_DEV_GID=.*/BBB_DEV_GID=$(id -g)/" .env + load_env +} + if [ -f ".env" ]; then load_env if [[ "$DEV_MODE" == "" ]]; then @@ -13,7 +22,7 @@ if [ -f ".env" ]; then response=${response,,} # tolower if [[ $response =~ ^(y| ) ]] || [[ -z $response ]]; then cp .env .env.bak - cp dev.env .env + create_dev_env else echo "we can't continue with a .env file configured as a development environment" exit 1 @@ -21,30 +30,7 @@ if [ -f ".env" ]; then fi else echo "# creating a .env for the dev setup" - cp dev.env .env -fi - -# to avoid any file permission issues we want to run some containers with the same -# UID and GID as the current user -export BBB_DOCKER_USER="$(id -u):$(id -g)" - -# also add it to ~/.zshrc and/or ~/.bashrc so -# that people can also use commands like `docker compose up` -# without that variable being missing -function add_permanent_env { - STR='export BBB_DOCKER_USER="$(id -u):$(id -g)"' - if [ -z "$(grep "$STR" "$1")" ]; then - echo "append" - echo "" >> $1 - echo "# following line got added by bbb-docker" >> $1 - echo "$STR" >> $1 - fi -} -if [ -f "$(realpath ~/.zshrc)" ]; then - add_permanent_env "$(realpath ~/.zshrc)" -fi -if [ -f "$(realpath ~/.bashrc)" ]; then - add_permanent_env "$(realpath ~/.bashrc)" + create_dev_env fi diff --git a/scripts/fs_cli b/scripts/fs_cli index 68c2fc3..f252276 100755 --- a/scripts/fs_cli +++ b/scripts/fs_cli @@ -7,4 +7,4 @@ cd $(dirname $0)/.. . ./scripts/functions.sh load_env -docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.1 -p "$FSESL_PASSWORD" +docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.10 -p "$FSESL_PASSWORD" $@ diff --git a/scripts/functions.sh b/scripts/functions.sh index e899e80..b2a71a0 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -1,5 +1,5 @@ function load_env { - export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs) + export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs) } function ensure_submodules { @@ -16,3 +16,14 @@ function ensure_submodules { } +function ensure_bbbhtml5yml { + if [ ! -f conf/bbb-html5.yml ]; then + + cat << EOF > conf/bbb-html5.yml +# this file equals the /etc/bigbluebutton/bbb-html5.yml file referenced in the docs +public: + app: + appName: BigBlueButton HTML5 Client (docker) +EOF + fi +} \ No newline at end of file diff --git a/scripts/generate-compose b/scripts/generate-compose index 3191f60..bbe4cf3 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -7,6 +7,8 @@ cd $(dirname $0)/.. . scripts/functions.sh load_env +ensure_bbbhtml5yml + # check for non-optional environment variables, # which got introduced later and may miss in existing # .env files during upgrades @@ -41,7 +43,7 @@ function get_tag { } # https://hub.docker.com/r/bigbluebutton/bbb-build -BBB_BUILD_TAG=v3.0.x-release--2023-09-26-152524 +BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114 docker run \ --rm \ @@ -65,7 +67,5 @@ docker run \ -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \ -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \ -e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \ - -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \ - -e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \ jwilder/dockerize -template /docker-compose.tmpl.yml \ > docker-compose.yml diff --git a/scripts/setup b/scripts/setup index 1667c0d..9392c94 100755 --- a/scripts/setup +++ b/scripts/setup @@ -18,6 +18,7 @@ then exit 1 fi +ensure_bbbhtml5yml EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com) EXTERNAL_IPv6=$(curl -6 -s -m 10 https://icanhazip.com || true)