mirror of
https://github.com/bigbluebutton/docker.git
synced 2024-12-27 09:08:51 +01:00
v3.0.0-beta.5: basic working functionality
quite some features (recording, SIP, transcription, etc.) are not working yet, but a milestone where it should finally take a commit
This commit is contained in:
parent
20315c1cf8
commit
c740f55e5a
@ -3,7 +3,7 @@
|
||||
|
||||
# 📦 BigBlueButton 3.0 Docker
|
||||
|
||||
Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
|
||||
Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
|
||||
|
||||
## Features
|
||||
- Easy installation
|
||||
@ -18,9 +18,7 @@ Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com
|
||||
- Linux (it will not work under Windows/WSL)
|
||||
- Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
|
||||
- Public IPv4 (expect issues with a firewall / NAT)
|
||||
|
||||
## What is not implemented yet
|
||||
- bbb-lti
|
||||
- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
|
||||
|
||||
## Install
|
||||
1. Ensure the requirements above are fulfilled (it really doesn't work without them)
|
||||
|
45
dev.env
45
dev.env
@ -6,7 +6,11 @@
|
||||
# - accept self signed certificates
|
||||
DEV_MODE=true
|
||||
|
||||
|
||||
# user and group used for
|
||||
# this avoid any file permission issues with files
|
||||
# created inside docker (e.g. node_modules)
|
||||
BBB_DEV_UID=1000
|
||||
BBB_DEV_GID=1000
|
||||
|
||||
|
||||
# ====================================
|
||||
@ -93,8 +97,6 @@ SIP_IP_ALLOWLIST=0.0.0.0/0
|
||||
# CUSTOMIZATION
|
||||
# ====================================
|
||||
|
||||
CLIENT_TITLE=BigBlueButton (Development)
|
||||
|
||||
# use following lines to replace the default welcome message and footer
|
||||
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
|
||||
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
|
||||
@ -123,52 +125,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf
|
||||
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
|
||||
SOUNDS_LANGUAGE=en-us-callie
|
||||
|
||||
# set to false to disable listenOnlyMode
|
||||
LISTEN_ONLY_MODE=true
|
||||
|
||||
# set to true to disable echo test
|
||||
DISABLE_ECHO_TEST=false
|
||||
|
||||
# set to true to automatically share webcam
|
||||
AUTO_SHARE_WEBCAM=false
|
||||
|
||||
# set to true to disable video preview for webcam sharing
|
||||
DISABLE_VIDEO_PREVIEW=false
|
||||
|
||||
# set to false to disable chat
|
||||
CHAT_ENABLED=true
|
||||
|
||||
# set to true to start chat closed
|
||||
CHAT_START_CLOSED=false
|
||||
|
||||
# set to true to disable announcements "You are now (un-)muted"
|
||||
DISABLE_SOUND_MUTED=false
|
||||
|
||||
# set to true to disable announcement "You are the only person in this conference"
|
||||
DISABLE_SOUND_ALONE=false
|
||||
|
||||
# maximum count of breakout rooms per meeting
|
||||
# Warning: increasing the limit of breakout rooms per meeting
|
||||
# can generate excessive overhead to the server. We recommend
|
||||
# this value to be kept under 12.
|
||||
BREAKOUTROOM_LIMIT=8
|
||||
|
||||
# set to false to disable the learning dashboard
|
||||
ENABLE_LEARNING_DASHBOARD=true
|
||||
|
||||
# ====================================
|
||||
# Tuning
|
||||
# ====================================
|
||||
# Default = 2; Min = 1; Max = 4
|
||||
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
|
||||
NUMBER_OF_BACKEND_NODEJS_PROCESSES=1
|
||||
|
||||
# Default = 2; Min = 1; Max = 8
|
||||
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
|
||||
# stretching the recommended number of users in BigBlueButton
|
||||
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1
|
||||
|
||||
|
||||
# ====================================
|
||||
# GREENLIGHT CONFIGURATION
|
||||
# ====================================
|
||||
|
@ -3,45 +3,6 @@
|
||||
# don't edit this directly.
|
||||
{{/* -------- */}}
|
||||
|
||||
version: '3.6'
|
||||
|
||||
# html5 templates
|
||||
x-html5-backend: &html5backend
|
||||
build:
|
||||
context: mod/html5
|
||||
additional_contexts:
|
||||
- source=./repos/bigbluebutton/bigbluebutton-html5
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
TAG_BBB: {{ .Env.TAG_BBB }}
|
||||
image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }}
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- redis
|
||||
- mongodb
|
||||
- etherpad
|
||||
environment: &html5backend-env
|
||||
DOMAIN: ${DOMAIN}
|
||||
CLIENT_TITLE: ${CLIENT_TITLE}
|
||||
LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
|
||||
DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
|
||||
AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
|
||||
DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false}
|
||||
CHAT_ENABLED: ${CHAT_ENABLED:-true}
|
||||
CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false}
|
||||
BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8}
|
||||
DEV_MODE: ${DEV_MODE:-}
|
||||
BBB_HTML5_ROLE: backend
|
||||
|
||||
x-html5-frontend: &html5frontend
|
||||
<<: *html5backend
|
||||
volumes:
|
||||
- html5-static:/html5-static:rw
|
||||
environment: &html5frontend-env
|
||||
<<: *html5backend-env
|
||||
BBB_HTML5_ROLE: frontend
|
||||
# =========================
|
||||
|
||||
services:
|
||||
bbb-web:
|
||||
build:
|
||||
@ -81,61 +42,6 @@ services:
|
||||
ipv4_address: 10.7.7.2
|
||||
|
||||
|
||||
{{ if isTrue .Env.DEV_MODE }}
|
||||
html5-dev:
|
||||
build:
|
||||
context: mod/html5
|
||||
dockerfile: Dockerfile.dev
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
user: ${BBB_DOCKER_USER}
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- redis
|
||||
- mongodb
|
||||
- etherpad
|
||||
volumes:
|
||||
- ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw
|
||||
- ./.cache/npm:/tmp/.npm:rw
|
||||
- ./.cache/meteor:/tmp/.meteor:rw
|
||||
- ./mod/html5/bbb-html5.yml:/tmp/bbb-html5.yml.tmpl
|
||||
environment:
|
||||
<<: *html5backend-env
|
||||
HOME: /tmp
|
||||
BBB_HTML5_ROLE: ""
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.200
|
||||
|
||||
|
||||
{{ else }}
|
||||
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }}
|
||||
html5-backend-{{ add $i 1 }}:
|
||||
<<: *html5backend
|
||||
environment:
|
||||
<<: *html5backend-env
|
||||
INSTANCE_ID: {{ add $i 1 }}
|
||||
PORT: {{ add 4000 $i }}
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.{{ add 100 $i }}
|
||||
{{end}}
|
||||
|
||||
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_FRONTEND_NODEJS_PROCESSES) }}
|
||||
html5-frontend-{{ add $i 1 }}:
|
||||
<<: *html5frontend
|
||||
environment:
|
||||
<<: *html5frontend-env
|
||||
INSTANCE_ID: {{ add $i 1 }}
|
||||
PORT: {{ add 4100 $i }}
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.{{ add 200 $i }}
|
||||
{{end}}
|
||||
|
||||
{{ end }}
|
||||
|
||||
|
||||
freeswitch:
|
||||
container_name: bbb-freeswitch
|
||||
build:
|
||||
@ -168,7 +74,9 @@ services:
|
||||
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
|
||||
- ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
|
||||
- ./data/freeswitch-meetings:/var/freeswitch/meetings
|
||||
network_mode: host
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.10
|
||||
logging:
|
||||
# reduce logs to a minimum, so `docker compose logs -f` still works
|
||||
driver: "local"
|
||||
@ -183,35 +91,30 @@ services:
|
||||
additional_contexts:
|
||||
- src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard
|
||||
- src-playback=./repos/bbb-playback
|
||||
- src-html5=./repos/bigbluebutton/bigbluebutton-html5
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
image: alangecker/bbb-docker-nginx:1.25-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }}
|
||||
TAG_BBB: {{ .Env.TAG_BBB }}
|
||||
image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- etherpad
|
||||
- webrtc-sfu
|
||||
{{ if isTrue .Env.DEV_MODE }}
|
||||
- html5-dev
|
||||
{{ else }}
|
||||
- html5-backend-1
|
||||
{{ end }}
|
||||
volumes:
|
||||
- ./data/bigbluebutton:/var/bigbluebutton
|
||||
- html5-static:/html5-static:ro
|
||||
- ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf
|
||||
|
||||
{{ if isTrue .Env.DEV_MODE }}
|
||||
# don't let nginx directly serve static files
|
||||
- ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro
|
||||
{{ end }}
|
||||
tmpfs:
|
||||
- /tmp
|
||||
network_mode: host
|
||||
extra_hosts:
|
||||
- "host.docker.internal:10.7.7.1"
|
||||
- "bbb-web:10.7.7.2"
|
||||
- "etherpad:10.7.7.4"
|
||||
- "webrtc-sfu:10.7.7.1"
|
||||
- "html5:10.7.7.11"
|
||||
- "greenlight:10.7.7.21"
|
||||
- "bbb-graphql-server:10.7.7.31"
|
||||
- "bbb-graphql-middleware:10.7.7.32"
|
||||
|
||||
etherpad:
|
||||
build:
|
||||
@ -220,7 +123,7 @@ services:
|
||||
- plugin=./repos/bbb-etherpad-plugin
|
||||
- skin=./repos/bbb-etherpad-skin
|
||||
args:
|
||||
TAG_ETHERPAD: "1.9.1"
|
||||
TAG_ETHERPAD: "1.9.4"
|
||||
image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
@ -259,22 +162,6 @@ services:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.5
|
||||
|
||||
mongodb:
|
||||
image: mongo:6.0
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./mod/mongo/mongod.conf:/etc/mongod.conf
|
||||
- ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh
|
||||
tmpfs:
|
||||
- /data/configdb
|
||||
- /data/db
|
||||
command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth
|
||||
healthcheck:
|
||||
test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;"
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.6
|
||||
|
||||
webrtc-sfu:
|
||||
build:
|
||||
context: mod/webrtc-sfu
|
||||
@ -288,30 +175,16 @@ services:
|
||||
- redis
|
||||
- freeswitch
|
||||
environment:
|
||||
CLIENT_HOST: 10.7.7.1
|
||||
REDIS_HOST: 10.7.7.5
|
||||
FREESWITCH_IP: 10.7.7.1
|
||||
FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
|
||||
MCS_HOST: 0.0.0.0
|
||||
MCS_ADDRESS: 0.0.0.0
|
||||
ESL_IP: 10.7.7.1
|
||||
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
|
||||
RECORDING_ADAPTER: bbb-webrtc-recorder
|
||||
RECORD_WEBCAMS: "true"
|
||||
KURENTO: '[]'
|
||||
# TODO: add mediasoup IPv6
|
||||
# TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
|
||||
{{ if .Env.EXTERNAL_IPv6 }}
|
||||
MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
|
||||
{{else}}
|
||||
MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
|
||||
{{end}}
|
||||
MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
|
||||
volumes:
|
||||
- ./data/mediasoup:/var/mediasoup
|
||||
tmpfs:
|
||||
- /var/log/bbb-webrtc-sfu
|
||||
network_mode: host
|
||||
security_opt:
|
||||
- seccomp:unconfined # allow io_uring access for mediasoup
|
||||
ulimits:
|
||||
memlock: -1 # allow io_uring_register_buffers to allocate enough ram
|
||||
|
||||
fsesl-akka:
|
||||
build:
|
||||
@ -339,8 +212,10 @@ services:
|
||||
additional_contexts:
|
||||
- src-common-message=./repos/bigbluebutton/bbb-common-message
|
||||
- src-apps-akka=./repos/bigbluebutton/akka-bbb-apps
|
||||
- src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
TAG_BBB: {{ .Env.TAG_BBB }}
|
||||
image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }}
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
@ -352,7 +227,7 @@ services:
|
||||
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
|
||||
volumes:
|
||||
- ./data/freeswitch-meetings:/var/freeswitch/meetings
|
||||
- ./conf/settings.yml:/etc/bigbluebutton/bbb-html5.yml:ro
|
||||
- ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.15
|
||||
@ -364,19 +239,21 @@ services:
|
||||
- src=./repos/bigbluebutton/bbb-graphql-server
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
GRAPHQL_ENGINE_TAG: v2.44.0
|
||||
depends_on:
|
||||
- postgres
|
||||
- bbb-web
|
||||
- apps-akka
|
||||
- bbb-graphql-actions
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
|
||||
HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.31
|
||||
|
||||
extra_hosts:
|
||||
- "bbb-web:10.7.7.2"
|
||||
- "bbb-graphql-actions:10.7.7.30"
|
||||
|
||||
bbb-graphql-actions:
|
||||
build:
|
||||
@ -392,6 +269,7 @@ services:
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- redis
|
||||
- apps-akka
|
||||
environment:
|
||||
BBB_REDIS_HOST: redis
|
||||
networks:
|
||||
@ -413,11 +291,9 @@ services:
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- bbb-graphql-server
|
||||
- bbb-graphql-actions
|
||||
- bbb-web
|
||||
- redis
|
||||
environment:
|
||||
BBB_GRAPHQL_MIDDLEWARE_LISTEN_PORT: 8378
|
||||
BBB_GRAPHQL_MIDDLEWARE_REDIS_ADDRESS: 10.7.7.5:6379
|
||||
BBB_GRAPHQL_MIDDLEWARE_HASURA_WS: ws://bbb-graphql-server:8080/v1/graphql
|
||||
networks:
|
||||
bbb-net:
|
||||
ipv4_address: 10.7.7.32
|
||||
@ -442,8 +318,7 @@ services:
|
||||
build: mod/periodic
|
||||
image: alangecker/bbb-docker-periodic:v2.7.0
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- mongodb
|
||||
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./data/bigbluebutton:/var/bigbluebutton
|
||||
@ -469,7 +344,7 @@ services:
|
||||
- bbb-conf=./repos/bigbluebutton/bigbluebutton-config
|
||||
args:
|
||||
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
|
||||
TAG_BBB_PRESENTATION_VIDEO: "4.0.3"
|
||||
TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2"
|
||||
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
@ -648,7 +523,6 @@ services:
|
||||
|
||||
|
||||
volumes:
|
||||
html5-static:
|
||||
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
|
||||
ssl_data:
|
||||
{{end}}
|
||||
|
@ -19,13 +19,25 @@ RUN cd /source \
|
||||
|
||||
# ===================================================
|
||||
|
||||
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings
|
||||
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
|
||||
COPY --from=src-config /settings.yml /settings.yml
|
||||
ARG TAG_BBB
|
||||
RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml
|
||||
RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml
|
||||
|
||||
|
||||
# ===================================================
|
||||
|
||||
FROM alangecker/bbb-docker-base-java
|
||||
|
||||
COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq
|
||||
COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka
|
||||
COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl
|
||||
COPY logback.xml /bbb-apps-akka/conf/logback.xml
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml
|
||||
|
||||
COPY settings.yml /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
|
||||
USER bigbluebutton
|
||||
ENTRYPOINT /entrypoint.sh
|
||||
|
@ -15,7 +15,7 @@ http {
|
||||
|
||||
postgres {
|
||||
properties = {
|
||||
serverName = "10.7.7.22"
|
||||
serverName = "postgres"
|
||||
portNumber = "5432"
|
||||
databaseName = "bbb_graphql"
|
||||
user = "postgres"
|
||||
|
@ -1,10 +1,17 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
# bbb-apps-akka.conf
|
||||
TARGET=/etc/bigbluebutton/bbb-apps-akka.conf
|
||||
cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET
|
||||
sed -i "s/DOMAIN/$DOMAIN/" $TARGET
|
||||
sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET
|
||||
sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET
|
||||
|
||||
|
||||
# settings.yml
|
||||
TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml
|
||||
yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET
|
||||
yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET
|
||||
|
||||
cd /bbb-apps-akka
|
||||
/bbb-apps-akka/bin/bbb-apps-akka
|
@ -1,7 +0,0 @@
|
||||
# just the default values required for gettting apps-akka running
|
||||
|
||||
# use ./conf/sertings.yml for modifying anything
|
||||
public:
|
||||
plugins: []
|
||||
userReaction:
|
||||
expire: 30
|
@ -16,7 +16,7 @@ RUN cd /src/dist && \
|
||||
|
||||
|
||||
# ------------------------------
|
||||
FROM node:18-bookworm-slim
|
||||
FROM node:22-bookworm-slim
|
||||
|
||||
COPY --from=builder /src/dist /app
|
||||
|
||||
@ -29,4 +29,6 @@ WORKDIR /app
|
||||
|
||||
ENV SERVER_HOST 0.0.0.0
|
||||
|
||||
ENV NODE_ENV=production
|
||||
|
||||
CMD [ "node", "/app/bbb-graphql-actions.js" ]
|
@ -2,10 +2,11 @@ ARG BBB_BUILD_TAG
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
|
||||
|
||||
COPY --from=src / /src/
|
||||
RUN cd /src/ && ./local-build.sh
|
||||
|
||||
RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go
|
||||
|
||||
# ------------------------------
|
||||
FROM alpine
|
||||
COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware
|
||||
COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml
|
||||
COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml
|
||||
CMD [ "/app/bbb-graphql-middleware" ]
|
15
mod/bbb-graphql-middleware/config.yml
Normal file
15
mod/bbb-graphql-middleware/config.yml
Normal file
@ -0,0 +1,15 @@
|
||||
server:
|
||||
listen_host: 0.0.0.0
|
||||
listen_port: 8378
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
password: ""
|
||||
hasura:
|
||||
url: ws://bbb-graphql-server:8085/v1/graphql
|
||||
graphql-actions:
|
||||
url: http://bbb-graphql-actions:8093
|
||||
auth_hook:
|
||||
url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization
|
||||
session_vars_hook:
|
||||
url: http://apps-akka:8901/userInfo
|
@ -1,17 +1,18 @@
|
||||
ARG BBB_BUILD_TAG
|
||||
ARG GRAPHQL_ENGINE_TAG
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
|
||||
|
||||
RUN mkdir -p /hasura-cli && cd /hasura-cli && npm install hasura-cli
|
||||
RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash
|
||||
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
|
||||
|
||||
# ----------------------------
|
||||
FROM hasura/graphql-engine:v2.36.0
|
||||
FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG
|
||||
|
||||
# install netstat
|
||||
# install netstat, required for start script
|
||||
RUN apt-get update && apt-get install -y net-tools gosu
|
||||
|
||||
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
|
||||
COPY --from=builder /hasura-cli/node_modules/hasura-cli/hasura /usr/local/bin/hansura
|
||||
COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura
|
||||
|
||||
COPY --from=src /bbb_schema.sql /app/
|
||||
COPY --from=src /metadata /app/metadata
|
||||
|
@ -1,5 +1,5 @@
|
||||
version: 3
|
||||
endpoint: http://localhost:8080
|
||||
endpoint: http://localhost:8085
|
||||
admin_secret: bigbluebutton
|
||||
metadata_directory: metadata
|
||||
actions:
|
||||
|
@ -12,11 +12,16 @@ export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGR
|
||||
export HASURA_GRAPHQL_LOG_LEVEL=warn
|
||||
export HASURA_GRAPHQL_ENABLE_CONSOLE=false
|
||||
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250
|
||||
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
|
||||
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
|
||||
export HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton # TODO: improve security
|
||||
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
|
||||
export HASURA_GRAPHQL_SERVER_PORT=8085
|
||||
export HASURA_GRAPHQL_ENABLE_TELEMETRY=false
|
||||
export HASURA_GRAPHQL_AUTH_HOOK=http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization
|
||||
export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10
|
||||
export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo
|
||||
export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093
|
||||
|
||||
|
||||
export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql
|
||||
|
||||
exec $@
|
@ -1,12 +1,13 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
cd /app/
|
||||
|
||||
# patch database url
|
||||
# TODO: this should be possible via an environment variable
|
||||
yq e -i '.[1].configuration.connection_info.database_url.connection_parameters.host = "postgres"' metadata/databases/databases.yaml
|
||||
yq e -i ".[1].configuration.connection_info.database_url.connection_parameters.password = \"${POSTGRES_PASSWORD}\"" metadata/databases/databases.yaml
|
||||
# TODO: this should be possible upstream in BBB via an environment variable
|
||||
yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml
|
||||
|
||||
sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml
|
||||
|
||||
echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql
|
||||
|
||||
@ -27,13 +28,12 @@ sleep 1
|
||||
|
||||
|
||||
#Check if Hasura is ready before applying metadata
|
||||
HASURA_PORT=8080
|
||||
while ! netstat -tuln | grep ":$HASURA_PORT " > /dev/null; do
|
||||
echo "Waiting for Hasura's port ($HASURA_PORT) to be ready..."
|
||||
while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do
|
||||
echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..."
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo "Applying new metadata to Hasura"
|
||||
/usr/local/bin/hansura metadata apply --skip-update-check
|
||||
/usr/local/bin/hasura metadata apply --skip-update-check
|
||||
|
||||
wait "$PID"
|
@ -47,12 +47,10 @@ COPY --from=builder /dist /usr/share/bbb-web
|
||||
COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib
|
||||
COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh
|
||||
|
||||
COPY mocked-ps /usr/bin/ps
|
||||
|
||||
# add entrypoint and templates
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
|
||||
COPY turn-stun-servers.xml /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl
|
||||
COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl
|
||||
COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml
|
||||
COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh
|
||||
|
||||
|
@ -14,7 +14,7 @@ securitySalt={{ .Env.SHARED_SECRET }}
|
||||
redisHost=redis
|
||||
|
||||
{{ if isTrue .Env.DEV_MODE }}
|
||||
beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf
|
||||
beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
|
||||
# fetch presentations without HTTPS
|
||||
presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
|
||||
{{else}}
|
||||
|
@ -23,7 +23,7 @@ echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCE
|
||||
cd /usr/share/bbb-web/
|
||||
dockerize \
|
||||
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
|
||||
-template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \
|
||||
-template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \
|
||||
gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher
|
||||
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
<logger name="org.grails.commons" level="ERROR" />
|
||||
<logger name="org.springframework" level="ERROR" />
|
||||
|
||||
<root level="ERROR">
|
||||
<root level="WARN">
|
||||
<appender-ref ref="STDOUT" />
|
||||
</root>
|
||||
</configuration>
|
||||
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
echo "(mocked-ps for HTML5LoadBalancingService.java)"
|
||||
|
||||
# fake random process load to distribute meetings equally
|
||||
for i in `seq $(cat /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES)`; do
|
||||
randomLoad=$(echo $(( $RANDOM % 100 )))
|
||||
echo " $randomLoad.1 /usr/share/node-v12.16.1-linux-x64/bin/node main.js NODEJS_BACKEND_INSTANCE_ID=$i"
|
||||
done
|
@ -539,7 +539,7 @@
|
||||
"windowMs": 90000,
|
||||
|
||||
// maximum number of requests per IP to allow during the rate limit window
|
||||
"max": 16
|
||||
"max": 32
|
||||
},
|
||||
|
||||
/*
|
||||
|
@ -28,7 +28,7 @@ RUN cd /build && ./build.sh
|
||||
|
||||
# add english sounds
|
||||
RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \
|
||||
wget http://bigbluebutton.org/downloads/sounds.tar.gz -O sounds.tar.gz && \
|
||||
wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \
|
||||
tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \
|
||||
wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
|
||||
unzip mute-and-unmute-sounds-master.zip && \
|
||||
|
@ -1,49 +0,0 @@
|
||||
<configuration name="acl.conf" description="Network Lists">
|
||||
<network-lists>
|
||||
<!--
|
||||
These ACL's are automatically created on startup.
|
||||
rfc1918.auto - RFC1918 Space
|
||||
nat.auto - RFC1918 Excluding your local lan.
|
||||
localnet.auto - ACL for your local lan.
|
||||
loopback.auto - ACL for your local lan.
|
||||
-->
|
||||
|
||||
<list name="lan" default="allow">
|
||||
<node type="allow" cidr="127.0.0.1/32"/>
|
||||
<node type="allow" cidr="10.130.218.147/32"/>
|
||||
<node type="allow" cidr="10.0.0.0/8"/>
|
||||
<node type="allow" cidr="192.168.0.0/16"/>
|
||||
</list>
|
||||
|
||||
<!--
|
||||
custom "loopback" so that traffic from docker
|
||||
containers is also considered as local
|
||||
-->
|
||||
<list name="loopback.custom" default="deny">
|
||||
<node type="allow" cidr="127.0.0.1/32"/>
|
||||
<node type="allow" cidr="10.0.0.0/8"/>
|
||||
<node type="allow" cidr="192.168.0.0/16"/>
|
||||
<node type="allow" cidr="172.16.0.0/12" />
|
||||
<node type="allow" cidr="$${external_ip_v4}/32"/>
|
||||
</list>
|
||||
|
||||
<list name="deny_private_v6" default="allow">
|
||||
<node type="deny" cidr="0.0.0.0/0"/>
|
||||
<node type="deny" cidr="fe80::/10"/>
|
||||
<node type="deny" cidr="fc00::/7"/>
|
||||
</list>
|
||||
<!--
|
||||
This will traverse the directory adding all users
|
||||
with the cidr= tag to this ACL, when this ACL matches
|
||||
the users variables and params apply as if they
|
||||
digest authenticated.
|
||||
-->
|
||||
<list name="domains" default="allow">
|
||||
<!-- domain= is special it scans the domain from the directory to build the ACL -->
|
||||
<node type="allow" domain="$${domain}"/>
|
||||
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
|
||||
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
|
||||
</list>
|
||||
|
||||
</network-lists>
|
||||
</configuration>
|
@ -4,7 +4,7 @@
|
||||
<param name="listen-ip" value="$${local_ip_v4}"/>
|
||||
<param name="listen-port" value="8021"/>
|
||||
<param name="password" value="$${esl_password}"/>
|
||||
<param name="apply-inbound-acl" value="loopback.custom"/>
|
||||
<param name="apply-inbound-acl" value="rfc1918.auto"/>
|
||||
<!--<param name="stop-on-bind-error" value="true"/>-->
|
||||
</settings>
|
||||
</configuration>
|
@ -2,6 +2,7 @@
|
||||
<modules>
|
||||
<!-- Loggers (I'd load these first) -->
|
||||
<load module="mod_console"/>
|
||||
<!-- <load module="mod_logfile"/> -->
|
||||
|
||||
<!-- Event Handlers -->
|
||||
<load module="mod_event_socket"/>
|
||||
|
@ -1,43 +0,0 @@
|
||||
<!--
|
||||
NOTICE:
|
||||
This context is usually accessed via the external sip profile listening on port 5080.
|
||||
|
||||
It is recommended to have separate inbound and outbound contexts. Not only for security
|
||||
but clearing up why you would need to do such a thing. You don't want outside un-authenticated
|
||||
callers hitting your default context which allows dialing calls thru your providers and results
|
||||
in Toll Fraud.
|
||||
-->
|
||||
|
||||
<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML -->
|
||||
<include>
|
||||
<context name="public">
|
||||
|
||||
<extension name="unloop">
|
||||
<condition field="${unroll_loops}" expression="^true$"/>
|
||||
<condition field="${sip_looped_call}" expression="^true$">
|
||||
<action application="deflect" data="${destination_number}"/>
|
||||
</condition>
|
||||
</extension>
|
||||
<!--
|
||||
Tag anything pass thru here as an outside_call so you can make sure not
|
||||
to create any routing loops based on the conditions that it came from
|
||||
the outside of the switch.
|
||||
-->
|
||||
<extension name="outside_call" continue="true">
|
||||
<condition>
|
||||
<action application="set" data="outside_call=true"/>
|
||||
<action application="export" data="RFC2822_DATE=${strftime(%a, %d %b %Y %T %z)}"/>
|
||||
</condition>
|
||||
</extension>
|
||||
|
||||
<!--
|
||||
You can place files in the public directory to get included.
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="include" data="public_docker/*.xml"/>
|
||||
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
|
||||
|
||||
|
||||
</context>
|
||||
|
||||
</include>
|
||||
|
@ -1,113 +0,0 @@
|
||||
<profile name="external-ipv6">
|
||||
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
|
||||
<!-- This profile is only for outbound registrations to providers -->
|
||||
<gateways>
|
||||
<X-PRE-PROCESS cmd="include" data="external-ipv6/*.xml"/>
|
||||
</gateways>
|
||||
|
||||
<aliases>
|
||||
<!--
|
||||
<alias name="outbound"/>
|
||||
<alias name="nat"/>
|
||||
-->
|
||||
</aliases>
|
||||
|
||||
<domains>
|
||||
<!--<domain name="all" alias="false" parse="true"/>-->
|
||||
</domains>
|
||||
|
||||
<settings>
|
||||
<param name="debug" value="0"/>
|
||||
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
|
||||
<!-- <param name="shutdown-on-fail" value="true"/> -->
|
||||
<param name="sip-trace" value="no"/>
|
||||
<param name="sip-capture" value="no"/>
|
||||
<param name="rfc2833-pt" value="101"/>
|
||||
<!-- RFC 5626 : Send reg-id and sip.instance -->
|
||||
<!--<param name="enable-rfc-5626" value="true"/> -->
|
||||
<param name="sip-port" value="$${external_sip_port}"/>
|
||||
<param name="dialplan" value="XML"/>
|
||||
<param name="context" value="public"/>
|
||||
<param name="dtmf-duration" value="2000"/>
|
||||
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
|
||||
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
|
||||
<param name="hold-music" value="$${hold_music}"/>
|
||||
<param name="rtp-timer-name" value="soft"/>
|
||||
<!--<param name="enable-100rel" value="true"/>-->
|
||||
<!--<param name="disable-srv503" value="true"/>-->
|
||||
<!-- This could be set to "passive" -->
|
||||
<param name="local-network-acl" value="none"/>
|
||||
<param name="manage-presence" value="false"/>
|
||||
|
||||
<!-- Added for Microsoft Edge support
|
||||
<param name="apply-candidate-acl" value="wan_v6.auto"/>
|
||||
<param name="apply-candidate-acl" value="rfc1918.auto"/>
|
||||
<param name="apply-candidate-acl" value="any_v6.auto"/>
|
||||
<param name="apply-candidate-acl" value="wan_v4.auto"/>
|
||||
<param name="apply-candidate-acl" value="any_v4.auto"/>
|
||||
-->
|
||||
<param name="apply-candidate-acl" value="deny_private_v6"/>
|
||||
|
||||
<!-- used to share presence info across sofia profiles
|
||||
manage-presence needs to be set to passive on this profile
|
||||
if you want it to behave as if it were the internal profile
|
||||
for presence.
|
||||
-->
|
||||
<!-- Name of the db to use for this profile -->
|
||||
<param name="dbname" value="sqlite://memory://file:external-ipv6?mode=memory&cache=shared"/>
|
||||
<!--<param name="presence-hosts" value="$${domain}"/>-->
|
||||
<!--<param name="force-register-domain" value="$${domain}"/>-->
|
||||
<!--all inbound reg will stored in the db using this domain -->
|
||||
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
|
||||
<!-- ************************************************* -->
|
||||
|
||||
<!--<param name="aggressive-nat-detection" value="true"/>-->
|
||||
<param name="inbound-codec-negotiation" value="generous"/>
|
||||
<param name="nonce-ttl" value="60"/>
|
||||
<param name="auth-calls" value="false"/>
|
||||
<param name="inbound-late-negotiation" value="true"/>
|
||||
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
|
||||
<!--
|
||||
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
|
||||
-->
|
||||
<param name="rtp-ip" value="$${external_ip_v6}"/>
|
||||
<param name="sip-ip" value="$${local_ip_v6}"/>
|
||||
<!-- Shouldn't set these on IPv6 -->
|
||||
<!--<param name="ext-rtp-ip" value="auto-nat"/>-->
|
||||
<!--<param name="ext-sip-ip" value="auto-nat"/>-->
|
||||
<param name="rtp-timeout-sec" value="300"/>
|
||||
<param name="rtp-hold-timeout-sec" value="1800"/>
|
||||
<!--<param name="enable-3pcc" value="true"/>-->
|
||||
|
||||
<!-- TLS: disabled by default, set to "true" to enable -->
|
||||
<param name="tls" value="$${external_ssl_enable}"/>
|
||||
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
|
||||
<param name="tls-only" value="false"/>
|
||||
<!-- additional bind parameters for TLS -->
|
||||
<param name="tls-bind-params" value="transport=tls"/>
|
||||
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
|
||||
<param name="tls-sip-port" value="$${external_tls_port}"/>
|
||||
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
|
||||
<!--<param name="tls-cert-dir" value=""/>-->
|
||||
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
|
||||
<param name="tls-passphrase" value=""/>
|
||||
<!-- Verify the date on TLS certificates -->
|
||||
<param name="tls-verify-date" value="true"/>
|
||||
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
|
||||
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
|
||||
<param name="tls-verify-policy" value="none"/>
|
||||
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
|
||||
<param name="tls-verify-depth" value="2"/>
|
||||
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
|
||||
<param name="tls-verify-in-subjects" value=""/>
|
||||
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
|
||||
<param name="tls-version" value="$${sip_tls_version}"/>
|
||||
<param name="ws-binding" value=":5066"/>
|
||||
<param name="wss-binding" value=":7443"/>
|
||||
<param name="rtcp-audio-interval-msec" value="5000"/>
|
||||
<param name="rtcp-video-interval-msec" value="5000"/>
|
||||
<param name="dtmf-type" value="info"/>
|
||||
<param name="liberal-dtmf" value="true"/>
|
||||
</settings>
|
||||
</profile>
|
||||
|
@ -1,128 +0,0 @@
|
||||
<profile name="external">
|
||||
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
|
||||
<!-- This profile is only for outbound registrations to providers -->
|
||||
<gateways>
|
||||
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
|
||||
</gateways>
|
||||
|
||||
<aliases>
|
||||
<!--
|
||||
<alias name="outbound"/>
|
||||
<alias name="nat"/>
|
||||
-->
|
||||
</aliases>
|
||||
|
||||
<domains>
|
||||
<domain name="all" alias="false" parse="true"/>
|
||||
</domains>
|
||||
|
||||
<settings>
|
||||
<param name="debug" value="0"/>
|
||||
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
|
||||
<!-- <param name="shutdown-on-fail" value="true"/> -->
|
||||
<param name="sip-trace" value="no"/>
|
||||
<param name="sip-capture" value="no"/>
|
||||
<param name="rfc2833-pt" value="101"/>
|
||||
<!-- RFC 5626 : Send reg-id and sip.instance -->
|
||||
<!--<param name="enable-rfc-5626" value="true"/> -->
|
||||
<param name="sip-port" value="$${external_sip_port}"/>
|
||||
<param name="dialplan" value="XML"/>
|
||||
<param name="context" value="public"/>
|
||||
<param name="dtmf-duration" value="2000"/>
|
||||
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
|
||||
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
|
||||
<param name="hold-music" value="$${hold_music}"/>
|
||||
<param name="rtp-timer-name" value="soft"/>
|
||||
<!--<param name="enable-100rel" value="true"/>-->
|
||||
<!--<param name="disable-srv503" value="true"/>-->
|
||||
<!-- This could be set to "passive" -->
|
||||
<param name="local-network-acl" value="none"/>
|
||||
<param name="manage-presence" value="false"/>
|
||||
|
||||
|
||||
<!-- Added for Microsoft Edge browser -->
|
||||
<param name="apply-candidate-acl" value="localnet.auto"/>
|
||||
<param name="apply-candidate-acl" value="wan_v4.auto"/>
|
||||
<param name="apply-candidate-acl" value="rfc1918.auto"/>
|
||||
<param name="apply-candidate-acl" value="any_v4.auto"/>
|
||||
|
||||
<!-- used to share presence info across sofia profiles
|
||||
manage-presence needs to be set to passive on this profile
|
||||
if you want it to behave as if it were the internal profile
|
||||
for presence.
|
||||
-->
|
||||
<!-- Name of the db to use for this profile -->
|
||||
<param name="dbname" value="sqlite://memory://file:external?mode=memory&cache=shared"/>
|
||||
<!--<param name="presence-hosts" value="$${domain}"/>-->
|
||||
<!--<param name="force-register-domain" value="$${domain}"/>-->
|
||||
<!--all inbound reg will stored in the db using this domain -->
|
||||
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
|
||||
<!-- ************************************************* -->
|
||||
|
||||
<!--<param name="aggressive-nat-detection" value="true"/>-->
|
||||
<param name="inbound-codec-negotiation" value="generous"/>
|
||||
<param name="nonce-ttl" value="60"/>
|
||||
<param name="auth-calls" value="false"/>
|
||||
<param name="inbound-late-negotiation" value="true"/>
|
||||
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
|
||||
<!--
|
||||
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
|
||||
<param name="rtp-ip" value="$${local_ip_v4}"/>
|
||||
<param name="sip-ip" value="$${local_ip_v4}"/>
|
||||
<param name="ext-rtp-ip" value="auto-nat"/>
|
||||
<param name="ext-sip-ip" value="auto-nat"/>
|
||||
-->
|
||||
|
||||
<param name="rtp-ip" value="$${external_ip_v4}"/>
|
||||
<param name="sip-ip" value="$${local_ip_v4}"/>
|
||||
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
|
||||
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
|
||||
|
||||
<!--
|
||||
Listen only clients somehow run into this timeout
|
||||
causing
|
||||
Hangup sofia/external/GLOBAL_AUDIO_76116@10.7.7.1 [CS_EXECUTE] [MEDIA_TIMEOUT]
|
||||
[mcs-freeswitch] Dispatching conference new video floor event released
|
||||
[mcs-freeswitch] Received CHANNEL_HANGUP for
|
||||
-->
|
||||
<param name="rtp-timeout-sec" value="86400"/>
|
||||
|
||||
<param name="rtp-hold-timeout-sec" value="1800"/>
|
||||
<param name="enable-3pcc" value="proxy"/>
|
||||
|
||||
<!-- TLS: disabled by default, set to "true" to enable -->
|
||||
<param name="tls" value="$${external_ssl_enable}"/>
|
||||
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
|
||||
<param name="tls-only" value="false"/>
|
||||
<!-- additional bind parameters for TLS -->
|
||||
<param name="tls-bind-params" value="transport=tls"/>
|
||||
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
|
||||
<param name="tls-sip-port" value="$${external_tls_port}"/>
|
||||
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
|
||||
<!--<param name="tls-cert-dir" value=""/>-->
|
||||
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
|
||||
<param name="tls-passphrase" value=""/>
|
||||
<!-- Verify the date on TLS certificates -->
|
||||
<param name="tls-verify-date" value="true"/>
|
||||
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
|
||||
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
|
||||
<param name="tls-verify-policy" value="none"/>
|
||||
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
|
||||
<param name="tls-verify-depth" value="2"/>
|
||||
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
|
||||
<param name="tls-verify-in-subjects" value=""/>
|
||||
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
|
||||
<param name="tls-version" value="$${sip_tls_version}"/>
|
||||
<param name="ws-binding" value="0.0.0.0:5066"/>
|
||||
<param name="wss-binding" value="$${local_ip_v4}:7443"/>
|
||||
|
||||
|
||||
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
|
||||
<param name="rtcp-audio-interval-msec" value="5000"/>
|
||||
<param name="rtcp-video-interval-msec" value="5000"/>
|
||||
|
||||
<!-- Cut down in the join time -->
|
||||
<param name="dtmf-type" value="info"/>
|
||||
<param name="liberal-dtmf" value="true"/>
|
||||
</settings>
|
||||
</profile>
|
@ -1,12 +1,15 @@
|
||||
<include>
|
||||
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
|
||||
<!-- Preprocessor Variables
|
||||
These are introduced when configuration strings must be consistent across modules.
|
||||
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
|
||||
|
||||
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
||||
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
|
||||
toll fraud in the future. It's your responsibility to secure your own system.
|
||||
|
||||
This default config is used to demonstrate the feature set of FreeSWITCH.
|
||||
|
||||
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
|
||||
@ -15,6 +18,7 @@
|
||||
The following variables are set dynamically - calculated if possible by freeswitch - and
|
||||
are available to the config as $${variable}. You can see their calculated value via fs_cli
|
||||
by entering eval $${variable}
|
||||
|
||||
hostname
|
||||
local_ip_v4
|
||||
local_mask_v4
|
||||
@ -41,21 +45,23 @@
|
||||
nat_public_addr
|
||||
nat_private_addr
|
||||
nat_type
|
||||
|
||||
-->
|
||||
|
||||
|
||||
<X-PRE-PROCESS cmd="set" data="sound_prefix={{ .Env.SOUNDS_PATH }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
|
||||
|
||||
|
||||
<!--
|
||||
This setting is what sets the default domain FreeSWITCH will use if all else fails.
|
||||
|
||||
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
|
||||
affect the sip authentication. Please review conf/directory/default.xml for more
|
||||
information on this topic.
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/>
|
||||
<X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/>
|
||||
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="external_ip_v6={{ .Env.EXTERNAL_IPv6 }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.10"/>
|
||||
|
||||
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
|
||||
@ -63,6 +69,7 @@
|
||||
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
|
||||
<!--
|
||||
Enable ZRTP globally you can override this on a per channel basis
|
||||
|
||||
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
|
||||
@ -70,7 +77,9 @@
|
||||
NOTICE: When using SRTP it's critical that you do not offer or accept
|
||||
variable bit rate codecs, doing so would leak information and possibly
|
||||
compromise your SRTP stream. (FS-6404)
|
||||
|
||||
Supported SRTP Crypto Suites:
|
||||
|
||||
AEAD_AES_256_GCM_8
|
||||
____________________________________________________________________________
|
||||
This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
|
||||
@ -78,6 +87,8 @@
|
||||
authentication tag with a length of 8 octets (64 bits) is used.
|
||||
An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
|
||||
corresponding plaintext.
|
||||
|
||||
|
||||
AEAD_AES_128_GCM_8
|
||||
____________________________________________________________________________
|
||||
This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
|
||||
@ -85,6 +96,8 @@
|
||||
authentication tag with a length of 8 octets (64 bits) is used.
|
||||
An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
|
||||
corresponding plaintext.
|
||||
|
||||
|
||||
AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
|
||||
____________________________________________________________________________
|
||||
AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
|
||||
@ -92,18 +105,25 @@
|
||||
tag. The master-key length is 128 bits and has a default lifetime of
|
||||
a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
|
||||
first.
|
||||
|
||||
|
||||
AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
|
||||
____________________________________________________________________________
|
||||
This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
|
||||
the authentication tag is 32 bits. The length of the base64-decoded key and
|
||||
salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
|
||||
the crypto attribute is considered invalid.
|
||||
|
||||
|
||||
AES_CM_128_NULL_AUTH
|
||||
____________________________________________________________________________
|
||||
The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
|
||||
method. This policy is NOT RECOMMENDED unless it is unavoidable; see
|
||||
Section 7.5 of [RFC3711].
|
||||
|
||||
|
||||
SRTP variables that modify behaviors based on direction/leg:
|
||||
|
||||
rtp_secure_media
|
||||
____________________________________________________________________________
|
||||
possible values:
|
||||
@ -112,11 +132,16 @@
|
||||
forbidden - More useful for inbound to deny SAVP negotiation
|
||||
false - implies forbidden
|
||||
true - implies mandatory
|
||||
|
||||
default if not set is accept SAVP inbound if offered.
|
||||
|
||||
|
||||
rtp_secure_media_inbound | rtp_secure_media_outbound
|
||||
____________________________________________________________________________
|
||||
This is the same as rtp_secure_media, but would apply to either inbound
|
||||
or outbound offers specifically.
|
||||
|
||||
|
||||
How to specify crypto suites:
|
||||
____________________________________________________________________________
|
||||
By default without specifying any crypto suites FreeSWITCH will offer
|
||||
@ -124,29 +149,39 @@
|
||||
endpoint has in common. If you wish to force specific crypto suites you
|
||||
can do so by appending the suites in a comma separated list in the order
|
||||
that you wish to offer them in.
|
||||
|
||||
Examples:
|
||||
|
||||
rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
|
||||
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
|
||||
rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
|
||||
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
|
||||
|
||||
Additionally you can narrow this down on either inbound or outbound by
|
||||
specifying as so:
|
||||
|
||||
rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
|
||||
rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
|
||||
rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
|
||||
rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
|
||||
|
||||
|
||||
rtp_secure_media_suites
|
||||
____________________________________________________________________________
|
||||
Optionaly you can use rtp_secure_media_suites to dictate the suite list
|
||||
Optionally you can use rtp_secure_media_suites to dictate the suite list
|
||||
and only use rtp_secure_media=[optional|mandatory|false|true] without having
|
||||
to dictate the suite list with the rtp_secure_media* variables.
|
||||
-->
|
||||
<!--
|
||||
Examples of codec options: (module must be compiled and loaded)
|
||||
|
||||
codecname[@8000h|16000h|32000h[@XXi]]
|
||||
XX is the frame size must be multples allowed for the codec
|
||||
|
||||
XX is the frame size must be multiples allowed for the codec
|
||||
FreeSWITCH can support 10-120ms on some codecs.
|
||||
We do not support exceeding the MTU of the RTP packet.
|
||||
|
||||
|
||||
iLBC@30i - iLBC using mode=30 which will win in all cases.
|
||||
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
|
||||
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
|
||||
@ -173,17 +208,23 @@
|
||||
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
|
||||
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
|
||||
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
|
||||
|
||||
These are the passthru audio codecs:
|
||||
|
||||
G729 - G729 in passthru mode. (mod_g729)
|
||||
G723 - G723.1 in passthru mode. (mod_g723_1)
|
||||
AMR - AMR in passthru mode. (mod_amr)
|
||||
|
||||
These are the passthru video codecs: (mod_h26x)
|
||||
|
||||
H261 - H.261 Video
|
||||
H263 - H.263 Video
|
||||
H263-1998 - H.263-1998 Video
|
||||
H263-2000 - H.263-2000 Video
|
||||
H264 - H.264 Video
|
||||
|
||||
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
|
||||
|
||||
96 - AMR
|
||||
97 - iLBC (30)
|
||||
98 - iLBC (20)
|
||||
@ -216,6 +257,7 @@
|
||||
125 -
|
||||
126 -
|
||||
127 - BV32
|
||||
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G722,PCMU,PCMA"/>
|
||||
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,speex@16000h@20i,G722,PCMU,PCMA"/>
|
||||
@ -232,7 +274,9 @@
|
||||
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
|
||||
<!--
|
||||
THIS IS ONLY USED FOR DINGALING
|
||||
|
||||
bind_server_ip
|
||||
|
||||
Can be an ip address, a dns name, or "auto".
|
||||
This determines an ip address available on this host to bind.
|
||||
If you are separating RTP and SIP traffic, you will want to have
|
||||
@ -242,6 +286,7 @@
|
||||
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
|
||||
|
||||
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
|
||||
|
||||
If you're going to load test FreeSWITCH please input real IP addresses
|
||||
for external_rtp_ip and external_sip_ip
|
||||
-->
|
||||
@ -256,7 +301,7 @@
|
||||
If unspecified, the bind_server_ip value is used.
|
||||
Used by: sofia.conf.xml dingaling.conf.xml
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IPv4 }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.l.google.com:19302"/>
|
||||
|
||||
<!-- external_sip_ip
|
||||
Used as the public IP address for SDP.
|
||||
@ -269,7 +314,7 @@
|
||||
If unspecified, the bind_server_ip value is used.
|
||||
Used by: sofia.conf.xml dingaling.conf.xml
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IPv4 }}"/>
|
||||
<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.l.google.com:19302"/>
|
||||
|
||||
<!-- unroll-loops
|
||||
Used to turn on sip loopback unrolling.
|
||||
@ -328,9 +373,11 @@
|
||||
|
||||
<!--
|
||||
Digits Dialed filter: (FS-6940)
|
||||
|
||||
The digits stream may contain valid credit card numbers or social security numbers, These digit
|
||||
filters will allow you to make a valant effort to stamp out sensitive information for
|
||||
PCI/HIPPA compliance. (see xml_cdr dialed_digits)
|
||||
|
||||
df_us_ssn = US Social Security Number pattern
|
||||
df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB
|
||||
-->
|
||||
@ -342,6 +389,7 @@
|
||||
<!--
|
||||
Setting up your default sip provider is easy.
|
||||
Below are some values that should work in most cases.
|
||||
|
||||
These are for conf/directory/default/example.com.xml
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
|
||||
@ -354,16 +402,21 @@
|
||||
|
||||
<!--
|
||||
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
|
||||
|
||||
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
|
||||
|
||||
default: tlsv1,tlsv1.1,tlsv1.2
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
|
||||
|
||||
<!--
|
||||
TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
|
||||
|
||||
The actual ciphers supported will change per platform.
|
||||
|
||||
openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
|
||||
Will show you what is available in your verion of openssl.
|
||||
|
||||
Will show you what is available in your version of openssl.
|
||||
-->
|
||||
<X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
|
||||
|
||||
@ -380,7 +433,7 @@
|
||||
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
|
||||
|
||||
<!-- Video Settings -->
|
||||
<!-- Setting the max bandwdith -->
|
||||
<!-- Setting the max bandwidth -->
|
||||
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=1mb"/>
|
||||
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=1mb"/>
|
||||
|
||||
@ -396,3 +449,4 @@
|
||||
<X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
|
||||
|
||||
</include>
|
||||
|
||||
|
@ -4,13 +4,13 @@ include "/bbb-fsesl-akka/conf/application.conf"
|
||||
|
||||
freeswitch {
|
||||
esl {
|
||||
host="10.7.7.1"
|
||||
host="freeswitch"
|
||||
password="FSESL_PASSWORD"
|
||||
}
|
||||
}
|
||||
|
||||
redis {
|
||||
host="10.7.7.5"
|
||||
host="redis"
|
||||
}
|
||||
|
||||
http {
|
||||
|
@ -1,43 +0,0 @@
|
||||
ARG BBB_BUILD_TAG
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
|
||||
|
||||
# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor
|
||||
# USER meteor
|
||||
|
||||
COPY --from=source ./ /source
|
||||
RUN cd /source && meteor npm ci --production \
|
||||
&& METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \
|
||||
&& rm -rf /source
|
||||
|
||||
RUN cd /app/bundle/programs/server \
|
||||
&& npm install --production
|
||||
|
||||
RUN mkdir -p /app/bundle/programs/web.browser/app/files && \
|
||||
cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/
|
||||
|
||||
ARG TAG_BBB
|
||||
RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \
|
||||
&& find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \
|
||||
&& find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \
|
||||
&& find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \;
|
||||
|
||||
# ------------------------------
|
||||
|
||||
FROM node:18-bookworm-slim
|
||||
|
||||
RUN apt-get update && apt-get install -y gosu
|
||||
|
||||
# add user & group
|
||||
RUN groupadd -g 2000 meteor \
|
||||
&& useradd -m -u 2001 -g meteor meteor
|
||||
|
||||
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
|
||||
COPY --from=builder --chown=meteor:meteor /app/bundle /app
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY bbb-html5.yml /app/bbb-html5.yml.tmpl
|
||||
|
||||
# expose TAG_BBB in container for the version display
|
||||
ARG TAG_BBB
|
||||
ENV TAG_BBB $TAG_BBB
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
@ -1,16 +0,0 @@
|
||||
ARG BBB_BUILD_TAG
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
|
||||
|
||||
|
||||
RUN curl https://install.meteor.com/\?release\=2.13 | sh
|
||||
|
||||
|
||||
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
|
||||
|
||||
# make /root/.meteor accessible for user
|
||||
RUN chmod 777 /root /root/.meteor
|
||||
|
||||
COPY entrypoint.dev.sh /entrypoint.dev.sh
|
||||
|
||||
ENTRYPOINT ["/entrypoint.dev.sh"]
|
||||
|
@ -1,25 +0,0 @@
|
||||
public:
|
||||
app:
|
||||
html5ClientBuild: {{ .Env.TAG_BBB }}
|
||||
bbbServerVersion: {{ .Env.TAG_BBB }}-docker
|
||||
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
|
||||
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
|
||||
clientTitle: {{ .Env.CLIENT_TITLE }}
|
||||
appName: BigBlueButton HTML5 Client (docker)
|
||||
breakouts:
|
||||
breakoutRoomLimit: {{ .Env.BREAKOUTROOM_LIMIT }}
|
||||
kurento:
|
||||
wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu
|
||||
autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }}
|
||||
skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }}
|
||||
chat:
|
||||
enabled: {{ .Env.CHAT_ENABLED }}
|
||||
startClosed: {{ .Env.CHAT_START_CLOSED }}
|
||||
pads:
|
||||
url: https://{{ .Env.DOMAIN }}/pad
|
||||
private:
|
||||
app:
|
||||
host: 0.0.0.0
|
||||
redis:
|
||||
host: redis
|
||||
port: '6379'
|
@ -1,31 +0,0 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
# use /tmp as home dir as writeable directory for whatever UID we get
|
||||
export HOME=/tmp
|
||||
|
||||
|
||||
export MONGO_OPLOG_URL=mongodb://10.7.7.6/local
|
||||
export MONGO_URL=mongodb://10.7.7.6/meteor
|
||||
export ROOT_URL=http://127.0.0.1/html5client
|
||||
export BIND_IP=0.0.0.0
|
||||
export LANG=en_US.UTF-8
|
||||
export BBB_HTML5_LOCAL_SETTINGS=/tmp/bbb-html5.yml
|
||||
|
||||
echo "DEV_MODE=true, disable TLS certificate rejecting"
|
||||
export NODE_TLS_REJECT_UNAUTHORIZED=0
|
||||
|
||||
|
||||
if [ ! -f "/tmp/.meteor/copy-done" ]; then
|
||||
echo "# copying over .meteor from docker image... (this might take some minutes)"
|
||||
cp -a /root/.meteor/* /tmp/.meteor
|
||||
touch /tmp/.meteor/copy-done
|
||||
fi
|
||||
|
||||
cd /app
|
||||
echo "# meteor npm install"
|
||||
meteor npm install
|
||||
|
||||
echo "# npm start"
|
||||
dockerize \
|
||||
-template /tmp/bbb-html5.yml.tmpl:/tmp/bbb-html5.yml \
|
||||
npm start
|
@ -1,38 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
cd /app
|
||||
export MONGO_OPLOG_URL=mongodb://10.7.7.6/local
|
||||
export MONGO_URL=mongodb://10.7.7.6/meteor
|
||||
export ROOT_URL=http://127.0.0.1/html5client
|
||||
export NODE_ENV=production
|
||||
export SERVER_WEBSOCKET_COMPRESSION='{"level":5, "maxWindowBits":13, "memLevel":7, "requestMaxWindowBits":13}'
|
||||
export BIND_IP=0.0.0.0
|
||||
export LANG=en_US.UTF-8
|
||||
export INSTANCE_MAX=1
|
||||
export ENVIRONMENT_TYPE=production
|
||||
export NODE_VERSION=node-v14.21.1-linux-x64
|
||||
export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml
|
||||
|
||||
if [ "$BBB_HTML5_ROLE" == "backend" ]; then
|
||||
PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID
|
||||
fi
|
||||
|
||||
|
||||
# if container is the first frontend, do some additional tasks
|
||||
if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then
|
||||
|
||||
|
||||
# copy static files into volume for direct access by nginx
|
||||
# https://github.com/bigbluebutton/bigbluebutton/issues/10739
|
||||
if [ -d "/html5-static" ]; then
|
||||
rm -rf /html5-static/*
|
||||
cp -r /app/programs/web.browser/* /html5-static
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
dockerize \
|
||||
-template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \
|
||||
gosu meteor \
|
||||
node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM
|
15
mod/livekit/livekit.yaml
Normal file
15
mod/livekit/livekit.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
port: 7880
|
||||
log_level: debug
|
||||
# when enabled, LiveKit will expose prometheus metrics on :6789/metrics
|
||||
#prometheus_port: 6789
|
||||
rtc:
|
||||
port_range_start: 16384
|
||||
port_range_end: 32768
|
||||
use_external_ip: false
|
||||
redis:
|
||||
# redis is recommended for production deploys
|
||||
address: redis:6379
|
||||
|
||||
keys:
|
||||
# TODO: change keys
|
||||
TEST: TEST
|
@ -1,26 +0,0 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
|
||||
host=${HOSTNAME:-$(hostname -f)}
|
||||
|
||||
# shut down again
|
||||
mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown
|
||||
# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6
|
||||
mongod --oplogSize 8 --replSet rs0 --noauth \
|
||||
--config /tmp/docker-entrypoint-temp-config.json \
|
||||
--bind_ip 0.0.0.0 --port 27017 \
|
||||
--tlsMode disabled \
|
||||
--logpath /proc/1/fd/1 --logappend \
|
||||
--pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork
|
||||
|
||||
# init replset with defaults
|
||||
mongosh 10.7.7.6 --eval "rs.initiate({
|
||||
_id: 'rs0',
|
||||
members: [ { _id: 0, host: '10.7.7.6:27017' } ]
|
||||
})"
|
||||
|
||||
echo "Waiting to become a master"
|
||||
echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongosh
|
||||
|
||||
echo "I'm the master!"
|
@ -1,33 +0,0 @@
|
||||
# mongod.conf
|
||||
|
||||
# for documentation of all options, see:
|
||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||
|
||||
storage:
|
||||
dbPath: /data/db
|
||||
journal:
|
||||
enabled: true
|
||||
wiredTiger:
|
||||
engineConfig:
|
||||
cacheSizeGB: 1
|
||||
journalCompressor: none
|
||||
directoryForIndexes: true
|
||||
collectionConfig:
|
||||
blockCompressor: none
|
||||
indexConfig:
|
||||
prefixCompression: false
|
||||
|
||||
|
||||
net:
|
||||
port: 27017
|
||||
bindIp: 0.0.0.0
|
||||
|
||||
|
||||
replication:
|
||||
replSetName: rs0
|
||||
|
||||
setParameter:
|
||||
diagnosticDataCollectionEnabled: false
|
||||
|
||||
security:
|
||||
javascriptEnabled: false
|
@ -1,20 +1,29 @@
|
||||
ARG BBB_BUILD_TAG
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
|
||||
|
||||
# --------------------
|
||||
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard
|
||||
COPY --from=src-learning-dashboard / /bbb-learning-dashboard
|
||||
RUN cd /bbb-learning-dashboard && npm ci && npm run build
|
||||
|
||||
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback
|
||||
COPY --from=src-playback / /bbb-playback
|
||||
RUN cd /bbb-playback && npm install && npm run-script build
|
||||
|
||||
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5
|
||||
COPY --from=src-html5 / /source
|
||||
RUN cd /source && CI=true npm ci
|
||||
RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build
|
||||
RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
|
||||
&& find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
|
||||
&& find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
|
||||
|
||||
# --------------------
|
||||
|
||||
FROM nginx:1.25-alpine
|
||||
|
||||
COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
|
||||
COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
|
||||
COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
|
||||
COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
|
||||
COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/
|
||||
COPY ./bbb /etc/nginx/bbb
|
||||
COPY ./bigbluebutton /etc/nginx/conf.d/default.conf
|
||||
COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf
|
||||
COPY ./nginx.conf /etc/nginx/nginx.conf
|
||||
|
1
mod/nginx/bbb-graphql-client-settings-cache.conf
Normal file
1
mod/nginx/bbb-graphql-client-settings-cache.conf
Normal file
@ -0,0 +1 @@
|
||||
proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off;
|
@ -1,6 +0,0 @@
|
||||
location /html5client {
|
||||
proxy_pass http://10.7.7.200:4100; # use for production
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
@ -1,49 +1,13 @@
|
||||
location @html5client {
|
||||
proxy_pass http://poolhtml5servers; # use for production
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
# running in production (static assets)
|
||||
location /html5client {
|
||||
gzip_static on;
|
||||
alias /usr/share/bigbluebutton/html5-client/;
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /html5client/locales {
|
||||
alias /html5-static/app/locales;
|
||||
}
|
||||
|
||||
location /html5client/compatibility {
|
||||
gzip_static on;
|
||||
alias /html5-static/app/compatibility;
|
||||
}
|
||||
|
||||
location /html5client/resources {
|
||||
alias /html5-static/app/resources;
|
||||
}
|
||||
|
||||
location /html5client/svgs {
|
||||
alias /html5-static/app/svgs;
|
||||
}
|
||||
|
||||
location /html5client/fonts {
|
||||
alias /html5-static/app/fonts;
|
||||
}
|
||||
|
||||
location /html5client/files {
|
||||
alias /html5-static/app/files;
|
||||
}
|
||||
|
||||
location /html5client/wasm {
|
||||
types {
|
||||
application/wasm wasm;
|
||||
}
|
||||
gzip_static on;
|
||||
alias /html5-static/app/wasm;
|
||||
}
|
||||
|
||||
location /html5client {
|
||||
gzip_static on;
|
||||
alias /html5-static;
|
||||
try_files $uri @html5client;
|
||||
}
|
||||
|
||||
location /html5client/sockjs {
|
||||
try_files $uri @html5client;
|
||||
alias /usr/share/bigbluebutton/html5-client/locales;
|
||||
autoindex on;
|
||||
autoindex_format json;
|
||||
}
|
@ -1,24 +1,39 @@
|
||||
location /graphql-test {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
# Websocket connection
|
||||
location /v1/graphql {
|
||||
location /graphql {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
#proxy_pass http://127.0.0.1:8080; #Hasura
|
||||
proxy_pass http://10.7.7.32:8378; #Graphql Middleware
|
||||
#proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql)
|
||||
proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware
|
||||
}
|
||||
|
||||
location /api/rest {
|
||||
#Set cache system for client settings
|
||||
location /api/rest/clientSettings {
|
||||
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
|
||||
auth_request_set $meeting_id $sent_http_meeting_id;
|
||||
|
||||
proxy_cache client_settings_cache;
|
||||
proxy_cache_key "$uri|$meeting_id";
|
||||
proxy_cache_use_stale updating;
|
||||
proxy_cache_valid 24h;
|
||||
proxy_cache_lock on;
|
||||
add_header X-Cached $upstream_cache_status;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://127.0.0.1:8080; #Hasura
|
||||
proxy_pass http://bbb-graphql-server:8085; #Hasura
|
||||
}
|
||||
|
||||
location /api/rest/userMetadata {
|
||||
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
|
||||
auth_request_set $meeting_id $sent_http_meeting_id;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://bbb-graphql-server:8085; #Hasura
|
||||
}
|
||||
|
@ -1,8 +1,3 @@
|
||||
location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) {
|
||||
alias /var/bigbluebutton/learning-dashboard/$1/$2;
|
||||
autoindex off;
|
||||
}
|
||||
|
||||
location /learning-analytics-dashboard/ {
|
||||
alias /www/learning-analytics-dashboard/;
|
||||
autoindex off;
|
||||
|
11
mod/nginx/bbb/livekit.nginx
Normal file
11
mod/nginx/bbb/livekit.nginx
Normal file
@ -0,0 +1,11 @@
|
||||
location /livekit/ {
|
||||
proxy_pass http://127.0.0.1:7880/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
client_body_timeout 60s;
|
||||
send_timeout 60s;
|
||||
}
|
@ -15,7 +15,7 @@ location /pad/p/ {
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
|
||||
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
|
||||
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
|
||||
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
|
||||
proxy_http_version 1.1;
|
||||
|
||||
auth_request /bigbluebutton/connection/checkAuthorization;
|
||||
@ -57,7 +57,7 @@ location /pad/socket.io {
|
||||
proxy_buffering off;
|
||||
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
|
||||
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
|
||||
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
|
||||
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
|
||||
proxy_set_header Host $host; # pass the host header
|
||||
proxy_http_version 1.1; # recommended with keepalive connections
|
||||
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
|
||||
|
@ -22,32 +22,25 @@
|
||||
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/svg\/(?<page_num>\d+)$ {
|
||||
default_type image/svg+xml;
|
||||
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg;
|
||||
if ($bbb_loadbalancer_node) {
|
||||
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
|
||||
}
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
}
|
||||
|
||||
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/slide\/(?<page_num>\d+)$ {
|
||||
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf;
|
||||
if ($bbb_loadbalancer_node) {
|
||||
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
|
||||
}
|
||||
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/pdf\/(?<job_id>[A-Za-z0-9]+)\/annotated_slides.pdf$ {
|
||||
default_type application/pdf;
|
||||
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf;
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
}
|
||||
|
||||
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/thumbnail\/(?<page_num>\d+)$ {
|
||||
default_type image/png;
|
||||
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png;
|
||||
if ($bbb_loadbalancer_node) {
|
||||
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
|
||||
}
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
}
|
||||
|
||||
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/textfiles\/(?<page_num>\d+)$ {
|
||||
default_type text/plain;
|
||||
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt;
|
||||
if ($bbb_loadbalancer_node) {
|
||||
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
|
||||
}
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,15 +0,0 @@
|
||||
location /ws {
|
||||
proxy_pass https://$freeswitch_addr:7443;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_read_timeout 6h;
|
||||
proxy_send_timeout 6h;
|
||||
client_body_timeout 6h;
|
||||
send_timeout 6h;
|
||||
|
||||
auth_request /bigbluebutton/connection/checkAuthorization;
|
||||
auth_request_set $auth_status $upstream_status;
|
||||
}
|
@ -92,6 +92,16 @@
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
}
|
||||
|
||||
location = /bigbluebutton/connection/checkGraphqlAuthorization {
|
||||
internal;
|
||||
proxy_pass http://bbb-web:8090;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
# this is required for CORS preflight checks in cluster setup
|
||||
proxy_set_header X-Original-Method $request_method;
|
||||
}
|
||||
|
||||
location = /bigbluebutton/connection/legacyCheckAuthorization {
|
||||
internal;
|
||||
proxy_pass http://bbb-web:8090;
|
||||
@ -149,6 +159,18 @@
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
}
|
||||
|
||||
location /bigbluebutton/ping {
|
||||
default_type text/plain;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
|
||||
add_header Pragma "no-cache";
|
||||
add_header Expires "0";
|
||||
# this Header is required for cluster setups as the ping check is a
|
||||
# CORS request. No cookies are required so we can just allow anyone
|
||||
# to use this endpoint.
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
return 200 "";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
location @error403 {
|
||||
|
@ -1,22 +1,3 @@
|
||||
map $remote_addr $freeswitch_addr {
|
||||
"~:" [::1];
|
||||
default 10.7.7.1;
|
||||
}
|
||||
|
||||
upstream poolhtml5servers {
|
||||
zone poolhtml5servers 32k;
|
||||
least_conn;
|
||||
server 10.7.7.200:4100 fail_timeout=10s max_fails=4 backup;
|
||||
server 10.7.7.201:4101 fail_timeout=120s max_fails=1;
|
||||
server 10.7.7.202:4102 fail_timeout=120s max_fails=1;
|
||||
server 10.7.7.203:4103 fail_timeout=120s max_fails=1;
|
||||
# TODO: set server list based on NUMBER_OF_FRONTEND_NODEJS_PROCESSES
|
||||
# server 10.7.7.204:4104 fail_timeout=120s max_fails=1;
|
||||
# server 10.7.7.205:4105 fail_timeout=120s max_fails=1;
|
||||
# server 10.7.7.206:4106 fail_timeout=120s max_fails=1;
|
||||
# server 10.7.7.207:4107 fail_timeout=120s max_fails=1;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 48087 default_server;
|
||||
listen [::]:48087 default_server;
|
||||
@ -25,6 +6,10 @@ server {
|
||||
absolute_redirect off;
|
||||
root /www/;
|
||||
|
||||
# This variable is used instead of $scheme by bigbluebutton nginx include
|
||||
# files, so $scheme can be overridden in reverse-proxy configurations.
|
||||
set $real_scheme $scheme;
|
||||
|
||||
# opt-out of google's floc tracking
|
||||
# https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
|
||||
add_header Permissions-Policy "interest-cohort=()";
|
||||
|
@ -7,7 +7,7 @@ RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_
|
||||
&& chmod +x /usr/bin/yq
|
||||
|
||||
COPY --from=src / /bbb-webhooks
|
||||
RUN cd /bbb-webhooks && npm install --production
|
||||
RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git
|
||||
|
||||
RUN chmod 777 /bbb-webhooks/config
|
||||
# ------------------------------
|
||||
|
@ -3,14 +3,14 @@ set -e
|
||||
TARGET=/bbb-webhooks/config/production.yml
|
||||
cp /bbb-webhooks/config/default.example.yml $TARGET
|
||||
|
||||
yq e -i ".bbb.sharedSecret = \"$SHARED_SECRET\"" $TARGET
|
||||
yq e -i ".bbb.serverDomain = \"$DOMAIN\"" $TARGET
|
||||
yq e -i ".bbb.auth2_0 = true" $TARGET
|
||||
yq e -i ".server.bind = \"0.0.0.0\"" $TARGET
|
||||
yq e -i ".hooks.getRaw = false" $TARGET
|
||||
yq e -i ".redis.host = \"redis\"" $TARGET
|
||||
yq e -i '.modules."../out/webhooks/index.js".config.getRaw = false' $TARGET
|
||||
|
||||
export NODE_ENV=production
|
||||
export REDIS_HOST=redis
|
||||
export SERVER_DOMAIN=$DOMAIN
|
||||
export BEARER_AUTH=true
|
||||
export SERVER_BIND_IP=0.0.0.0
|
||||
|
||||
cd /bbb-webhooks
|
||||
node app.js
|
||||
|
@ -27,4 +27,10 @@ RUN mkdir /home/webrtc-sfu && chown -R webrtc-sfu:webrtc-sfu /app/config /home/w
|
||||
|
||||
USER webrtc-sfu
|
||||
WORKDIR /app
|
||||
|
||||
|
||||
COPY config.yaml /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
|
||||
ENV NODE_ENV=production
|
||||
ENV NODE_CONFIG_DIR=/app/config/:/etc/bigbluebutton/bbb-webrtc-sfu/
|
||||
ENV ALLOW_CONFIG_MUTATIONS=true
|
||||
CMD [ "npm", "start" ]
|
||||
|
40
mod/webrtc-sfu/config.yaml
Normal file
40
mod/webrtc-sfu/config.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
kurento: []
|
||||
redisHost: 10.7.7.5
|
||||
clientHost: 10.7.7.1
|
||||
recordingAdapter: bbb-webrtc-recorder
|
||||
|
||||
mcs-host: 10.7.7.1
|
||||
mcs-address: 10.7.7.1
|
||||
freeswitch:
|
||||
ip: 10.7.7.10
|
||||
sip_ip: 10.7.7.10
|
||||
port: 5066
|
||||
esl_ip: 10.7.7.10
|
||||
esl_port: 8021
|
||||
|
||||
log:
|
||||
# trace|debug|info|warn|error
|
||||
level: debug
|
||||
# Whether to log to stdout
|
||||
stdout: true
|
||||
# Whether to log to a file
|
||||
file: false
|
||||
|
||||
mediasoup:
|
||||
dedicatedMediaTypeWorkers:
|
||||
audio: auto
|
||||
workerBalancing:
|
||||
strategy: least-loaded
|
||||
|
||||
webrtc:
|
||||
# announcedIP => it's the host public IPv4 in case the machine is
|
||||
# behind a 1:1 NAT
|
||||
# ip => the address on which mediasoup will bind its RTC sockets
|
||||
listenIps:
|
||||
- ip: "10.7.7.1"
|
||||
announcedIp: "10.7.7.1"
|
||||
|
||||
plainRtp:
|
||||
listenIp:
|
||||
ip: "0.0.0.0"
|
||||
announcedIp: "10.7.7.1"
|
@ -1 +1 @@
|
||||
Subproject commit 433fe4c3934edff36cddcfb1e892e323c2fe75ea
|
||||
Subproject commit 724d55c26b1c94ea22a85b0c7e064f57b54875cb
|
@ -1 +1 @@
|
||||
Subproject commit a8f5a72a7dc55cc8bab6f980035291b6e8fe5de5
|
||||
Subproject commit 4e11f9337cecb36400f8c41caa12431b2667d8bb
|
@ -1 +1 @@
|
||||
Subproject commit 7c0cd8e6cad144578598f9fa6ea2d9ab78af560b
|
||||
Subproject commit a3e2f1fe2f12bd9d0be86a8afac71b2a82455269
|
@ -1 +1 @@
|
||||
Subproject commit fe901bd15cadcb33f935900f804926f36793c48d
|
||||
Subproject commit 6fbde34c357ba656741842048e936611faf45a09
|
@ -1 +1 @@
|
||||
Subproject commit b674477a40a3060738219d8a58915f1bcaf8738b
|
||||
Subproject commit c36e394e4aaa6be6c429222b7c9a86a8945b5563
|
@ -1 +1 @@
|
||||
Subproject commit 4cb05e7f4a23645ec387f3b5391194128be7d193
|
||||
Subproject commit a88d069d6ffb74df797bcaf001f7e63181c07a09
|
12
repos/tags
12
repos/tags
@ -5,9 +5,9 @@
|
||||
|
||||
repos/bbb-etherpad-plugin 068ded5
|
||||
repos/bbb-etherpad-skin 8328b77
|
||||
repos/bbb-pads v1.5.2
|
||||
repos/bbb-playback v5.0.2
|
||||
repos/bbb-webhooks v2.6.1
|
||||
repos/bbb-webrtc-sfu v2.12.0
|
||||
repos/bigbluebutton v2.7.3
|
||||
repos/freeswitch v1.10.10
|
||||
repos/bbb-pads v1.5.3
|
||||
repos/bbb-playback v5.1.3
|
||||
repos/bbb-webhooks v3.3.0
|
||||
repos/bbb-webrtc-sfu v2.17.0-alpha.1
|
||||
repos/bigbluebutton v3.0.0-beta.5
|
||||
repos/freeswitch v1.10.12
|
||||
|
39
sample.env
39
sample.env
@ -82,8 +82,6 @@ SIP_IP_ALLOWLIST=
|
||||
# CUSTOMIZATION
|
||||
# ====================================
|
||||
|
||||
CLIENT_TITLE=BigBlueButton
|
||||
|
||||
# use following lines to replace the default welcome message and footer
|
||||
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
|
||||
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
|
||||
@ -112,52 +110,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf
|
||||
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
|
||||
SOUNDS_LANGUAGE=en-us-callie
|
||||
|
||||
# set to false to disable listenOnlyMode
|
||||
LISTEN_ONLY_MODE=true
|
||||
|
||||
# set to true to disable echo test
|
||||
DISABLE_ECHO_TEST=false
|
||||
|
||||
# set to true to automatically share webcam
|
||||
AUTO_SHARE_WEBCAM=false
|
||||
|
||||
# set to true to disable video preview for webcam sharing
|
||||
DISABLE_VIDEO_PREVIEW=false
|
||||
|
||||
# set to false to disable chat
|
||||
CHAT_ENABLED=true
|
||||
|
||||
# set to true to start chat closed
|
||||
CHAT_START_CLOSED=false
|
||||
|
||||
# set to true to disable announcements "You are now (un-)muted"
|
||||
DISABLE_SOUND_MUTED=false
|
||||
|
||||
# set to true to disable announcement "You are the only person in this conference"
|
||||
DISABLE_SOUND_ALONE=false
|
||||
|
||||
# maximum count of breakout rooms per meeting
|
||||
# Warning: increasing the limit of breakout rooms per meeting
|
||||
# can generate excessive overhead to the server. We recommend
|
||||
# this value to be kept under 12.
|
||||
BREAKOUTROOM_LIMIT=8
|
||||
|
||||
# set to false to disable the learning dashboard
|
||||
ENABLE_LEARNING_DASHBOARD=true
|
||||
|
||||
# ====================================
|
||||
# Tuning
|
||||
# ====================================
|
||||
# Default = 2; Min = 1; Max = 4
|
||||
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
|
||||
NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
|
||||
|
||||
# Default = 2; Min = 1; Max = 8
|
||||
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
|
||||
# stretching the recommended number of users in BigBlueButton
|
||||
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
|
||||
|
||||
|
||||
# ====================================
|
||||
# GREENLIGHT CONFIGURATION
|
||||
# ====================================
|
||||
|
36
scripts/dev
36
scripts/dev
@ -4,6 +4,15 @@ set -e
|
||||
cd "$(dirname "$0")/.."
|
||||
. scripts/functions.sh
|
||||
|
||||
ensure_bbbhtml5yml
|
||||
|
||||
create_dev_env () {
|
||||
cp dev.env .env
|
||||
sed -i "s/BBB_DEV_UID=.*/BBB_DEV_UID=$(id -u)/" .env
|
||||
sed -i "s/BBB_DEV_GID=.*/BBB_DEV_GID=$(id -g)/" .env
|
||||
load_env
|
||||
}
|
||||
|
||||
if [ -f ".env" ]; then
|
||||
load_env
|
||||
if [[ "$DEV_MODE" == "" ]]; then
|
||||
@ -13,7 +22,7 @@ if [ -f ".env" ]; then
|
||||
response=${response,,} # tolower
|
||||
if [[ $response =~ ^(y| ) ]] || [[ -z $response ]]; then
|
||||
cp .env .env.bak
|
||||
cp dev.env .env
|
||||
create_dev_env
|
||||
else
|
||||
echo "we can't continue with a .env file configured as a development environment"
|
||||
exit 1
|
||||
@ -21,30 +30,7 @@ if [ -f ".env" ]; then
|
||||
fi
|
||||
else
|
||||
echo "# creating a .env for the dev setup"
|
||||
cp dev.env .env
|
||||
fi
|
||||
|
||||
# to avoid any file permission issues we want to run some containers with the same
|
||||
# UID and GID as the current user
|
||||
export BBB_DOCKER_USER="$(id -u):$(id -g)"
|
||||
|
||||
# also add it to ~/.zshrc and/or ~/.bashrc so
|
||||
# that people can also use commands like `docker compose up`
|
||||
# without that variable being missing
|
||||
function add_permanent_env {
|
||||
STR='export BBB_DOCKER_USER="$(id -u):$(id -g)"'
|
||||
if [ -z "$(grep "$STR" "$1")" ]; then
|
||||
echo "append"
|
||||
echo "" >> $1
|
||||
echo "# following line got added by bbb-docker" >> $1
|
||||
echo "$STR" >> $1
|
||||
fi
|
||||
}
|
||||
if [ -f "$(realpath ~/.zshrc)" ]; then
|
||||
add_permanent_env "$(realpath ~/.zshrc)"
|
||||
fi
|
||||
if [ -f "$(realpath ~/.bashrc)" ]; then
|
||||
add_permanent_env "$(realpath ~/.bashrc)"
|
||||
create_dev_env
|
||||
fi
|
||||
|
||||
|
||||
|
@ -7,4 +7,4 @@ cd $(dirname $0)/..
|
||||
. ./scripts/functions.sh
|
||||
load_env
|
||||
|
||||
docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.1 -p "$FSESL_PASSWORD"
|
||||
docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.10 -p "$FSESL_PASSWORD" $@
|
||||
|
@ -1,5 +1,5 @@
|
||||
function load_env {
|
||||
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
|
||||
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
|
||||
}
|
||||
|
||||
function ensure_submodules {
|
||||
@ -16,3 +16,14 @@ function ensure_submodules {
|
||||
|
||||
}
|
||||
|
||||
function ensure_bbbhtml5yml {
|
||||
if [ ! -f conf/bbb-html5.yml ]; then
|
||||
|
||||
cat << EOF > conf/bbb-html5.yml
|
||||
# this file equals the /etc/bigbluebutton/bbb-html5.yml file referenced in the docs
|
||||
public:
|
||||
app:
|
||||
appName: BigBlueButton HTML5 Client (docker)
|
||||
EOF
|
||||
fi
|
||||
}
|
@ -7,6 +7,8 @@ cd $(dirname $0)/..
|
||||
. scripts/functions.sh
|
||||
load_env
|
||||
|
||||
ensure_bbbhtml5yml
|
||||
|
||||
# check for non-optional environment variables,
|
||||
# which got introduced later and may miss in existing
|
||||
# .env files during upgrades
|
||||
@ -41,7 +43,7 @@ function get_tag {
|
||||
}
|
||||
|
||||
# https://hub.docker.com/r/bigbluebutton/bbb-build
|
||||
BBB_BUILD_TAG=v3.0.x-release--2023-09-26-152524
|
||||
BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114
|
||||
|
||||
docker run \
|
||||
--rm \
|
||||
@ -65,7 +67,5 @@ docker run \
|
||||
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
|
||||
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
|
||||
-e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \
|
||||
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
|
||||
-e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \
|
||||
jwilder/dockerize -template /docker-compose.tmpl.yml \
|
||||
> docker-compose.yml
|
||||
|
@ -18,6 +18,7 @@ then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ensure_bbbhtml5yml
|
||||
|
||||
EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com)
|
||||
EXTERNAL_IPv6=$(curl -6 -s -m 10 https://icanhazip.com || true)
|
||||
|
Loading…
Reference in New Issue
Block a user