From 8c0409fa5348ebd37a678ae002a0c3062ee46372 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 8 Dec 2023 12:32:50 +0100 Subject: [PATCH 01/40] README: remove docker-compose version check, repeat requirements again, more links on top --- README.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 0a0ebf4..e8ad7bb 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # 📦 BigBlueButton 2.7 Docker -Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) +Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) ## Features - Easy installation @@ -15,7 +15,7 @@ Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue ## Requirements - 4GB of RAM -- Linux (it will not work under WSL) +- Linux (it will not work under Windows/WSL) - Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.) - Public IPv4 (expect issues with a firewall / NAT) @@ -23,16 +23,16 @@ Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue - bbb-lti ## Install -1. Install docker-ce & docker-compose-plugin +1. Ensure the requirements above are fulfilled (it really doesn't work without them) +2. Install docker-ce & docker-compose-plugin 1. follow instructions * Debian: https://docs.docker.com/engine/install/debian/ * CentOS: https://docs.docker.com/engine/install/centos/ * Fedora: https://docs.docker.com/engine/install/fedora/ * Ubuntu: https://docs.docker.com/engine/install/ubuntu/ 2. Ensure docker works with `$ docker run hello-world` - 3. Install docker compose V2: https://docs.docker.com/compose/install/ - 4. Ensure docker compose works and that you use a version ≥ 1.28 : `$ docker compose --version` -2. Clone this repository + 3. Ensure you use a docker version ≥ 23.0 : `$ docker --version` +3. Clone this repository ```sh $ git clone https://github.com/bigbluebutton/docker.git bbb-docker $ cd bbb-docker @@ -40,28 +40,26 @@ Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue # use the more stable main branch (sometimes older) $ git checkout main ``` -3. Run setup: +4. Run setup: ```bash $ ./scripts/setup ``` -4. (optional) Make additional configuration adjustments +5. (optional) Make additional configuration adjustments ```bash $ nano .env # always recreate the docker-compose.yml file after making any changes $ ./scripts/generate-compose ``` -5. Start containers: +6. Start containers: ```bash $ docker compose up -d --no-build ``` -6. If you use greenlight, you can create an admin account with: +7. If you use greenlight, you can create an admin account with: ```bash $ docker compose exec greenlight bundle exec rake admin:create ``` ## Further How-To's -- [Upgrading](docs/upgrading.md) - [Running behind NAT](docs/behind-nat.md) -- [BBB-Docker Development](docs/development.md) - [Integration into an existing web server](docs/existing-web-server.md) From 1b0c9a9602a8416b5a75d2669874febf1e0aeccf Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 7 Dec 2023 19:16:47 +0100 Subject: [PATCH 02/40] script for instant development mode --- .cache/meteor/.gitkeep | 0 .cache/npm/.gitkeep | 0 .gitignore | 6 +- dev.env | 213 ++++++++++++++++++++++++++++++++++ docker-compose.tmpl.yml | 39 +++++++ docs/development.md | 59 +++------- mod/html5/Dockerfile | 3 +- mod/html5/Dockerfile.dev | 16 +++ mod/html5/bbb-html5.yml | 4 +- mod/html5/entrypoint.dev.sh | 31 +++++ mod/nginx/bbb-html5.dev.nginx | 6 + scripts/dev | 76 ++++++++++++ scripts/functions.sh | 12 +- scripts/generate-compose | 1 + scripts/upgrade-and-build | 5 - 15 files changed, 405 insertions(+), 66 deletions(-) create mode 100644 .cache/meteor/.gitkeep create mode 100644 .cache/npm/.gitkeep create mode 100644 dev.env create mode 100644 mod/html5/Dockerfile.dev create mode 100755 mod/html5/entrypoint.dev.sh create mode 100644 mod/nginx/bbb-html5.dev.nginx create mode 100755 scripts/dev diff --git a/.cache/meteor/.gitkeep b/.cache/meteor/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.cache/npm/.gitkeep b/.cache/npm/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.gitignore b/.gitignore index aec982e..9f57d52 100644 --- a/.gitignore +++ b/.gitignore @@ -14,5 +14,9 @@ docker-compose.override.yml # App generated .env +.env.bak postgres-data -greenlight-data \ No newline at end of file +greenlight-data + +.cache/*/** +!.cache/*/.gitkeep \ No newline at end of file diff --git a/dev.env b/dev.env new file mode 100644 index 0000000..a19e233 --- /dev/null +++ b/dev.env @@ -0,0 +1,213 @@ +# fixed environment for an working dev setup + +DEV_MODE=true + +# use meteor dev server for html5 +DEV_HTML5=true + + + + +# ==================================== +# ADDITIONS to BigBlueButton +# ==================================== +# (place a '#' before to disable them) + +# HTTPS Proxy +# fully automated Lets Encrypt certificates +ENABLE_HTTPS_PROXY=true +# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers +#RESOLVER_ADDRESS=x.x.x.x + +# coturn (a TURN Server) +# requires either the abhove HTTPS Proxy to be enabled +# or TLS certificates to be mounted to container +ENABLE_COTURN=false +#COTURN_TLS_CERT_PATH= +#COTURN_TLS_KEY_PATH= + +# Greenlight Frontend +# https://docs.bigbluebutton.org/greenlight/gl-overview.html +ENABLE_GREENLIGHT=true + +# Enable Webhooks +# used by some integrations +ENABLE_WEBHOOKS=true + +# Prometheus Exporter +# serves the bigbluebutton-exporter under following URL: +# https://yourdomain/bbb-exporter +ENABLE_PROMETHEUS_EXPORTER=true +#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true + +# Recording +# IMPORTANT: this is currently a big privacy issues, because it will +# record everything which happens in the conference, even when the button +# suggets, that it does not. +# https://github.com/bigbluebutton/bigbluebutton/issues/9202 +# make sure that you get peoples consent, before they join a room +ENABLE_RECORDING=true +#REMOVE_OLD_RECORDING=false +#RECORDING_MAX_AGE_DAYS=14 + +# ==================================== +# SECRETS +# ==================================== +# important! change these to any random values +SHARED_SECRET=SuperSecret +ETHERPAD_API_KEY=SuperEtherpadKey +RAILS_SECRET=SuperRailsSecret_SuperRailsSecret +POSTGRESQL_SECRET=SuperPostgresSecret +FSESL_PASSWORD=SuperFreeswitchESLPassword + + + +# ==================================== +# CONNECTION +# ==================================== + +DOMAIN=10.7.7.1 + +EXTERNAL_IPv4=10.7.7.1 +EXTERNAL_IPv6= + +# STUN SERVER +# stun.freeswitch.org +STUN_IP=147.182.188.245 +STUN_PORT=3478 + +# TURN SERVER +# uncomment and adjust following two lines to add an external TURN server +#TURN_SERVER=turns:localhost:465?transport=tcp +#TURN_SECRET= + +# Allowed SIP IPs +# due to high traffic caused by bots, by default the SIP port is blocked. +# but you can allow access by your providers IP or IP ranges (comma seperated) +# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0 +SIP_IP_ALLOWLIST=0.0.0.0/0 + + +# ==================================== +# CUSTOMIZATION +# ==================================== + +CLIENT_TITLE=BigBlueButton (Development) + +# use following lines to replace the default welcome message and footer +WELCOME_MESSAGE="Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others." +WELCOME_FOOTER="This server is running BigBlueButton." + +# use following line for an additional SIP dial-in message +#WELCOME_FOOTER="This server is running BigBlueButton.

To join this meeting by phone, dial:
INSERT_YOUR_PHONE_NUMBER_HERE
Then enter %%CONFNUM%% as the conference PIN number." + +# for a different default presentation, place the pdf file in ./conf/ and +# adjust the following path +DEFAULT_PRESENTATION=./mod/nginx/default.pdf + +# language of sound announcements +# options: +# - en-ca-june - EN Canadian June +# - en-us-allison - US English Allison +# - en-us-callie - US English Callie (default) +# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles) +# - es-ar-mario - Spanish/Argentina Mario +# - fr-ca-june - FR Canadian June +# - pt-br-karina - Brazilian Portuguese Karina +# - ru-RU-elena - RU Russian Elena +# - ru-RU-kirill - RU Russian Kirill +# - ru-RU-vika - RU Russian Viktoriya +# - sv-se-jakob - Swedish (Sweden) Jakob +# - zh-cn-sinmei - Chinese/China Sinmei +# - zh-hk-sinmei - Chinese/Hong Kong Sinmei +SOUNDS_LANGUAGE=en-us-callie + +# set to false to disable listenOnlyMode +LISTEN_ONLY_MODE=true + +# set to true to disable echo test +DISABLE_ECHO_TEST=false + +# set to true to automatically share webcam +AUTO_SHARE_WEBCAM=false + +# set to true to disable video preview for webcam sharing +DISABLE_VIDEO_PREVIEW=false + +# set to false to disable chat +CHAT_ENABLED=true + +# set to true to start chat closed +CHAT_START_CLOSED=false + +# set to true to disable announcements "You are now (un-)muted" +DISABLE_SOUND_MUTED=false + +# set to true to disable announcement "You are the only person in this conference" +DISABLE_SOUND_ALONE=false + +# maximum count of breakout rooms per meeting +# Warning: increasing the limit of breakout rooms per meeting +# can generate excessive overhead to the server. We recommend +# this value to be kept under 12. +BREAKOUTROOM_LIMIT=8 + +# set to false to disable the learning dashboard +ENABLE_LEARNING_DASHBOARD=true + +# ==================================== +# Tuning +# ==================================== +# Default = 2; Min = 1; Max = 4 +# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events +NUMBER_OF_BACKEND_NODEJS_PROCESSES=1 + +# Default = 2; Min = 1; Max = 8 +# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings +# stretching the recommended number of users in BigBlueButton +NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1 + + +# ==================================== +# GREENLIGHT CONFIGURATION +# ==================================== + +### SMTP CONFIGURATION +# Emails are required for the basic features of Greenlight to function. +# Please refer to your SMTP provider to get the values for the variables below +#SMTP_SENDER_EMAIL= +#SMTP_SENDER_NAME= +#SMTP_SERVER= +#SMTP_PORT= +#SMTP_DOMAIN= +#SMTP_USERNAME= +#SMTP_PASSWORD= +#SMTP_AUTH= +#SMTP_STARTTLS_AUTO=true +#SMTP_STARTTLS=false +#SMTP_TLS=false +#SMTP_SSL_VERIFY=true + +### EXTERNAL AUTHENTICATION METHODS +# +#OPENID_CONNECT_CLIENT_ID= +#OPENID_CONNECT_CLIENT_SECRET= +#OPENID_CONNECT_ISSUER= +#OPENID_CONNECT_REDIRECT= + +# To enable hCaptcha on the user sign up and sign in, define these 2 keys +#HCAPTCHA_SITE_KEY= +#HCAPTCHA_SECRET_KEY= + +# Set these if you are using a Simple Storage Service (S3) +# Uncomment S3_ENDPOINT only if you are using a S3 OTHER than Amazon Web Service (AWS) S3. +#S3_ACCESS_KEY_ID= +#S3_SECRET_ACCESS_KEY= +#S3_REGION= +#S3_BUCKET= +#S3_ENDPOINT= + +# Define the default locale language code (i.e. 'en' for English) from the fallowing list: +# [en, ar, fr, es] +#DEFAULT_LOCALE=en + diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index aef1b68..3ec8f47 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -81,6 +81,34 @@ services: ipv4_address: 10.7.7.2 +{{ if isTrue .Env.DEV_HTML5 }} + html5-dev: + build: + context: mod/html5 + dockerfile: Dockerfile.dev + args: + BBB_BUILD_TAG: bbb27-2023-06-13-java17 + user: ${BBB_DOCKER_USER} + restart: unless-stopped + depends_on: + - redis + - mongodb + - etherpad + volumes: + - ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw + - ./.cache/npm:/tmp/.npm:rw + - ./.cache/meteor:/tmp/.meteor:rw + - ./mod/html5/bbb-html5.yml:/tmp/bbb-html5.yml.tmpl + environment: + <<: *html5backend-env + HOME: /tmp + BBB_HTML5_ROLE: "" + networks: + bbb-net: + ipv4_address: 10.7.7.200 + + +{{ else }} {{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }} html5-backend-{{ add $i 1 }}: <<: *html5backend @@ -105,6 +133,8 @@ services: ipv4_address: 10.7.7.{{ add 200 $i }} {{end}} +{{ end }} + freeswitch: container_name: bbb-freeswitch @@ -160,11 +190,20 @@ services: depends_on: - etherpad - webrtc-sfu + {{ if isTrue .Env.DEV_HTML5 }} + - html5-dev + {{ else }} - html5-backend-1 + {{ end }} volumes: - bigbluebutton:/var/bigbluebutton - html5-static:/html5-static:ro - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf + + {{ if isTrue .Env.DEV_HTML5 }} + # don't let nginx directly serve static files + - ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro + {{ end }} network_mode: host extra_hosts: - "host.docker.internal:10.7.7.1" diff --git a/docs/development.md b/docs/development.md index c791b1b..ca5a3a9 100644 --- a/docs/development.md +++ b/docs/development.md @@ -1,50 +1,29 @@ # bbb-docker Development ## Basics -normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out: +normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out ```sh -$ git submodule update --init +$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev +$ cd bbb-dev ``` - ## Running -you can run bbb-docker locally without any certificate issues with following `.env` configurations: +you can now run bbb-docker locally by simply starting -``` -DEV_MODE=true - -ENABLE_HTTPS_PROXY=true -#ENABLE_COTURN=true -#ENABLE_GREENLIGHT=true -#ENABLE_WEBHOOKS=true -#ENABLE_PROMETHEUS_EXPORTER=true -#ENABLE_RECORDING=true - -DOMAIN=10.7.7.1 -EXTERNAL_IPv4=10.7.7.1 -STUN_IP=216.93.246.18 -STUN_PORT=3478 -TURN_SERVER=turns:localhost:5349?transport=tcp - -TURN_SECRET=SuperTurnSecret -SHARED_SECRET=SuperSecret -ETHERPAD_API_KEY=SuperEtherpadKey -RAILS_SECRET=SuperRailsSecret_SuperRailsSecret - -# ==================================== -# CUSTOMIZATION -# ==================================== - -[... add rest of sample.env here ...] +```sh +$ ./scripts/dev ``` -- regenerate `docker-compose.yml` \ +### Hints +- the html5 component will watch and automatically reload on any changes 🚀 +- if you change anything in the other components, you need to + * manually rebuilt it \ + `$ docker compose build CONTAINERNAME` + * restart it \ + `$ docker compose up -d CONTAINERNAME` +- if you change any variable in .env, always run following to rebuild the `docker-compose.yml`` `$ ./scripts/generate-compose` -- build the images \ - `$ docker compose build` -- you can than start it with \ - `$ docker compose up -d` - view the logs with \ `$ docker compose logs -f` - and access the API via \ @@ -55,16 +34,6 @@ RAILS_SECRET=SuperRailsSecret_SuperRailsSecret ## Notes - Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode -## Changes -- After doing some changes you usually must... - - recreate `docker-compose.yml` \ - `$ ./scripts/generate-compose` - * rebuild the image(s): \ - `$ docker compose build [containername]` - * restart changes image(s): \ - `$ docker compose up -d` - - ## How to do create a new update for a newer BBB release? This always consists out of following steps 1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \ diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 5f092c0..812e215 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -4,8 +4,6 @@ FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder # RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor # USER meteor -ARG TAG_HTML5 - COPY --from=source ./ /source RUN cd /source && meteor npm ci --production \ && METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \ @@ -17,6 +15,7 @@ RUN cd /app/bundle/programs/server \ RUN mkdir -p /app/bundle/programs/web.browser/app/files && \ cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/ +ARG TAG_BBB RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \ && find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \ && find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \ diff --git a/mod/html5/Dockerfile.dev b/mod/html5/Dockerfile.dev new file mode 100644 index 0000000..21ad85c --- /dev/null +++ b/mod/html5/Dockerfile.dev @@ -0,0 +1,16 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + + +RUN curl https://install.meteor.com/\?release\=2.13 | sh + + +COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize + +# make /root/.meteor accessible for user +RUN chmod 777 /root /root/.meteor + +COPY entrypoint.dev.sh /entrypoint.dev.sh + +ENTRYPOINT ["/entrypoint.dev.sh"] + diff --git a/mod/html5/bbb-html5.yml b/mod/html5/bbb-html5.yml index 17db535..85decd3 100644 --- a/mod/html5/bbb-html5.yml +++ b/mod/html5/bbb-html5.yml @@ -1,7 +1,7 @@ public: app: - html5ClientBuild: {{ .Env.TAG_HTML5 }} - bbbServerVersion: {{ .Env.TAG_HTML5 }}-docker + html5ClientBuild: {{ .Env.TAG_BBB }} + bbbServerVersion: {{ .Env.TAG_BBB }}-docker listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} skipCheck: {{ .Env.DISABLE_ECHO_TEST }} clientTitle: {{ .Env.CLIENT_TITLE }} diff --git a/mod/html5/entrypoint.dev.sh b/mod/html5/entrypoint.dev.sh new file mode 100755 index 0000000..6063e6b --- /dev/null +++ b/mod/html5/entrypoint.dev.sh @@ -0,0 +1,31 @@ +#!/bin/sh -e + +# use /tmp as home dir as writeable directory for whatever UID we get +export HOME=/tmp + + +export MONGO_OPLOG_URL=mongodb://10.7.7.6/local +export MONGO_URL=mongodb://10.7.7.6/meteor +export ROOT_URL=http://127.0.0.1/html5client +export BIND_IP=0.0.0.0 +export LANG=en_US.UTF-8 +export BBB_HTML5_LOCAL_SETTINGS=/tmp/bbb-html5.yml + +echo "DEV_MODE=true, disable TLS certificate rejecting" +export NODE_TLS_REJECT_UNAUTHORIZED=0 + + +if [ ! -f "/tmp/.meteor/copy-done" ]; then + echo "# copying over .meteor from docker image... (this might take some minutes)" + cp -a /root/.meteor/* /tmp/.meteor + touch /tmp/.meteor/copy-done +fi + +cd /app +echo "# meteor npm install" +meteor npm install + +echo "# npm start" +dockerize \ + -template /tmp/bbb-html5.yml.tmpl:/tmp/bbb-html5.yml \ + npm start diff --git a/mod/nginx/bbb-html5.dev.nginx b/mod/nginx/bbb-html5.dev.nginx new file mode 100644 index 0000000..2ed5689 --- /dev/null +++ b/mod/nginx/bbb-html5.dev.nginx @@ -0,0 +1,6 @@ +location /html5client { + proxy_pass http://10.7.7.200:4100; # use for production + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} diff --git a/scripts/dev b/scripts/dev new file mode 100755 index 0000000..bbb59a5 --- /dev/null +++ b/scripts/dev @@ -0,0 +1,76 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +. scripts/functions.sh + +if [ -f ".env" ]; then + load_env + if [[ "$DEV_MODE" == "" ]]; then + echo "Error: .env is not configured as a development environment" + echo "" + read -r -p "Should .env be automatically overwritten with a predefined .env? [Y/n]" response + response=${response,,} # tolower + if [[ $response =~ ^(y| ) ]] || [[ -z $response ]]; then + cp .env .env.bak + cp dev.env .env + else + echo "we can't continue with a .env file configured as a development environment" + exit 1 + fi + fi +else + echo "# creating a .env for the dev setup" + cp dev.env .env +fi + +# to avoid any file permission issues we want to run some containers with the same +# UID and GID as the current user +export BBB_DOCKER_USER="$(id -u):$(id -g)" + +# also add it to ~/.zshrc and/or ~/.bashrc so +# that people can also use commands like `docker compose up` +# without that variable being missing +function add_permanent_env { + STR='export BBB_DOCKER_USER="$(id -u):$(id -g)"' + if [ -z "$(grep "$STR" "$1")" ]; then + echo "append" + echo "" >> $1 + echo "# following line got added by bbb-docker" >> $1 + echo "$STR" >> $1 + fi +} +if [ -f "$(realpath ~/.zshrc)" ]; then + add_permanent_env "$(realpath ~/.zshrc)" +fi +if [ -f "$(realpath ~/.bashrc)" ]; then + add_permanent_env "$(realpath ~/.bashrc)" +fi + + +echo "" +echo "# ensure submodules are checked out" +ensure_submodules + +echo "" +echo "# recreating docker-compose.yml" +./scripts/generate-compose + +echo "" +echo "# rebuilding images" +docker compose build + + +echo "" +echo "============================================" +echo "BBB Development server" +echo "============================================" +echo "API Mate: https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret" +echo "Greenlight: https://10.7.7.1/" +echo "Check containers: docker-compose ps" +echo "Rebuilding container: docker-compose up --build CONTAINERNAME" +echo "============================================" + +sleep 1 + +docker compose up \ No newline at end of file diff --git a/scripts/functions.sh b/scripts/functions.sh index 4f42e62..e899e80 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -1,15 +1,5 @@ function load_env { - FILE=.env - if [ "$BBB_DOCKER_DEV" = "1" ]; then - FILE=dev.env - else - FILE=.env - fi - - if [ -f $FILE ] - then - export $(cat $FILE | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs) - fi + export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs) } function ensure_submodules { diff --git a/scripts/generate-compose b/scripts/generate-compose index 6348c9c..b0ee54e 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -52,6 +52,7 @@ docker run \ -e COMMIT_ETHERPAD_SKIN=$(get_tag repos/bbb-etherpad-skin) \ -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \ -e DEV_MODE=${DEV_MODE:-false} \ + -e DEV_HTML5=${DEV_HTML5:-false} \ -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ diff --git a/scripts/upgrade-and-build b/scripts/upgrade-and-build index 9543c30..c4a2644 100755 --- a/scripts/upgrade-and-build +++ b/scripts/upgrade-and-build @@ -14,11 +14,6 @@ then exit else - - echo "" - echo "# pull newest git submodules" - ./scripts/checkout-submodules - echo "" echo "# recreate docker-compose.yml" ./scripts/generate-compose From 4290c1616d2199f2b8b76a95cc79da17cdd5d6f8 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:33:05 +0100 Subject: [PATCH 03/40] avoid duplicated BBB_BUILD_TAG values --- docker-compose.tmpl.yml | 19 +++++++++---------- scripts/generate-compose | 6 +++++- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 3ec8f47..2e7b288 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -12,7 +12,7 @@ x-html5-backend: &html5backend additional_contexts: - source=./repos/bigbluebutton/bigbluebutton-html5 args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} TAG_BBB: {{ .Env.TAG_BBB }} image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }} restart: unless-stopped @@ -51,7 +51,7 @@ services: - src-common-message=./repos/bigbluebutton/bbb-common-message - src-common-web=./repos/bigbluebutton/bbb-common-web args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -87,7 +87,7 @@ services: context: mod/html5 dockerfile: Dockerfile.dev args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} user: ${BBB_DOCKER_USER} restart: unless-stopped depends_on: @@ -145,7 +145,7 @@ services: - build-files=./repos/bigbluebutton/build/packages-template/bbb-freeswitch-core/ - fs-config=./repos/bigbluebutton/bbb-voice-conference/config/freeswitch/conf/ args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FREESWITCH }}-{{ .Env.TAG_BBB }} restart: unless-stopped cap_add: @@ -184,7 +184,7 @@ services: - src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard - src-playback=./repos/bbb-playback args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-nginx:1.23-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -290,13 +290,12 @@ services: additional_contexts: - source=./repos/bbb-webrtc-sfu args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-webrtc-sfu:{{ .Env.TAG_WEBRTC_SFU }} restart: unless-stopped depends_on: - redis - freeswitch - - kurento environment: CLIENT_HOST: 10.7.7.1 REDIS_HOST: 10.7.7.5 @@ -328,7 +327,7 @@ services: - src-fsesl-client=./repos/bigbluebutton/bbb-fsesl-client - src-fsesl-akka=./repos/bigbluebutton/akka-bbb-fsesl args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -347,7 +346,7 @@ services: - src-common-message=./repos/bigbluebutton/bbb-common-message - src-apps-akka=./repos/bigbluebutton/akka-bbb-apps args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -407,7 +406,7 @@ services: - presentation=./repos/bigbluebutton/record-and-playback/presentation - bbb-conf=./repos/bigbluebutton/bigbluebutton-config args: - BBB_BUILD_TAG: bbb27-2023-06-13-java17 + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} TAG_BBB_PRESENTATION_VIDEO: "4.0.3" image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }} restart: unless-stopped diff --git a/scripts/generate-compose b/scripts/generate-compose index b0ee54e..3191f60 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -40,6 +40,9 @@ function get_tag { fi } +# https://hub.docker.com/r/bigbluebutton/bbb-build +BBB_BUILD_TAG=v3.0.x-release--2023-09-26-152524 + docker run \ --rm \ -v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \ @@ -48,11 +51,12 @@ docker run \ -e TAG_WEBRTC_SFU=$(get_tag repos/bbb-webrtc-sfu) \ -e TAG_WEBHOOKS=$(get_tag repos/bbb-webhooks) \ -e TAG_PLAYBACK=$(get_tag repos/bbb-playback) \ + -e TAG_WEBRTC_RECORDER=$(get_tag repos/bbb-webrtc-recorder) \ -e TAG_PADS=$(get_tag repos/bbb-pads) \ -e COMMIT_ETHERPAD_SKIN=$(get_tag repos/bbb-etherpad-skin) \ -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \ + -e BBB_BUILD_TAG=${BBB_BUILD_TAG} \ -e DEV_MODE=${DEV_MODE:-false} \ - -e DEV_HTML5=${DEV_HTML5:-false} \ -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ From 426349d0d73b016c0616350931cfa33919254727 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:36:12 +0100 Subject: [PATCH 04/40] one variable DEV_MODE instead of multiple (would become quite a lot) --- dev.env | 6 +++--- docker-compose.tmpl.yml | 8 ++++---- mod/html5/entrypoint.sh | 5 ----- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/dev.env b/dev.env index a19e233..4b284ba 100644 --- a/dev.env +++ b/dev.env @@ -1,10 +1,10 @@ # fixed environment for an working dev setup +# enables +# - meteor dev server +# - accept self signed certificates DEV_MODE=true -# use meteor dev server for html5 -DEV_HTML5=true - diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 2e7b288..25be495 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -81,7 +81,7 @@ services: ipv4_address: 10.7.7.2 -{{ if isTrue .Env.DEV_HTML5 }} +{{ if isTrue .Env.DEV_MODE }} html5-dev: build: context: mod/html5 @@ -190,17 +190,17 @@ services: depends_on: - etherpad - webrtc-sfu - {{ if isTrue .Env.DEV_HTML5 }} + {{ if isTrue .Env.DEV_MODE }} - html5-dev {{ else }} - html5-backend-1 {{ end }} volumes: - - bigbluebutton:/var/bigbluebutton + - ./data/bigbluebutton:/var/bigbluebutton - html5-static:/html5-static:ro - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf - {{ if isTrue .Env.DEV_HTML5 }} + {{ if isTrue .Env.DEV_MODE }} # don't let nginx directly serve static files - ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro {{ end }} diff --git a/mod/html5/entrypoint.sh b/mod/html5/entrypoint.sh index a0cb369..f6c007b 100755 --- a/mod/html5/entrypoint.sh +++ b/mod/html5/entrypoint.sh @@ -14,11 +14,6 @@ export ENVIRONMENT_TYPE=production export NODE_VERSION=node-v14.21.1-linux-x64 export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml -if [ "$DEV_MODE" == true ]; then - echo "DEV_MODE=true, disable TLS certificate rejecting" - export NODE_TLS_REJECT_UNAUTHORIZED=0 -fi - if [ "$BBB_HTML5_ROLE" == "backend" ]; then PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID fi From 4b89a5b52fc8a6d767cf86a7c0c52b4193c5ca11 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:43:55 +0100 Subject: [PATCH 05/40] bbb3.0: graphql container, postgres with multiple db, repo updates --- .gitignore | 4 +- README.md | 4 +- data/.gitkeep | 0 dev.env | 1 + docker-compose.tmpl.yml | 93 +++++++++++++++++++---- mod/apps-akka/Dockerfile | 1 + mod/apps-akka/bbb-apps-akka.conf | 10 +++ mod/apps-akka/entrypoint.sh | 1 + mod/apps-akka/settings.yml | 7 ++ mod/bbb-graphql-actions/Dockerfile | 32 ++++++++ mod/bbb-graphql-actions/Dockerfile.dev | 14 ++++ mod/bbb-graphql-actions/dev-entrypoint.sh | 12 +++ mod/bbb-graphql-middleware/Dockerfile | 11 +++ mod/bbb-graphql-server/Dockerfile | 24 ++++++ mod/bbb-graphql-server/config.yaml | 7 ++ mod/bbb-graphql-server/entrypoint.sh | 22 ++++++ mod/bbb-graphql-server/start.sh | 39 ++++++++++ mod/mongo/init-replica.sh | 4 +- mod/nginx/bbb/graphql.nginx | 24 ++++++ mod/postgres/initdb.sh | 21 +++++ repos/bbb-webrtc-sfu | 2 +- repos/bigbluebutton | 2 +- 22 files changed, 312 insertions(+), 23 deletions(-) create mode 100644 data/.gitkeep create mode 100644 mod/apps-akka/settings.yml create mode 100644 mod/bbb-graphql-actions/Dockerfile create mode 100644 mod/bbb-graphql-actions/Dockerfile.dev create mode 100755 mod/bbb-graphql-actions/dev-entrypoint.sh create mode 100644 mod/bbb-graphql-middleware/Dockerfile create mode 100644 mod/bbb-graphql-server/Dockerfile create mode 100644 mod/bbb-graphql-server/config.yaml create mode 100755 mod/bbb-graphql-server/entrypoint.sh create mode 100755 mod/bbb-graphql-server/start.sh create mode 100644 mod/nginx/bbb/graphql.nginx create mode 100755 mod/postgres/initdb.sh diff --git a/.gitignore b/.gitignore index 9f57d52..6032faa 100644 --- a/.gitignore +++ b/.gitignore @@ -19,4 +19,6 @@ postgres-data greenlight-data .cache/*/** -!.cache/*/.gitkeep \ No newline at end of file +!.cache/*/.gitkeep +data/* +!data/.gitkeep diff --git a/README.md b/README.md index e8ad7bb..c18e2be 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ bbb-docker-banner -# 📦 BigBlueButton 2.7 Docker +# 📦 BigBlueButton 3.0 Docker -Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) +Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) ## Features - Easy installation diff --git a/data/.gitkeep b/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dev.env b/dev.env index 4b284ba..76c6935 100644 --- a/dev.env +++ b/dev.env @@ -2,6 +2,7 @@ # enables # - meteor dev server +# - watch & restart of bbb-grahql-actions # - accept self signed certificates DEV_MODE=true diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 25be495..499af90 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -260,8 +260,7 @@ services: ipv4_address: 10.7.7.5 mongodb: - container_name: bbb-mongodb - image: mongo:4.4 + image: mongo:6.0 restart: unless-stopped volumes: - ./mod/mongo/mongod.conf:/etc/mongod.conf @@ -276,14 +275,6 @@ services: bbb-net: ipv4_address: 10.7.7.6 - # TODO: remove as soon as not required anymore by webrtc-sfu - kurento: - image: kurento/kurento-media-server:6.18 - restart: unless-stopped - network_mode: host - volumes: - - vol-kurento:/var/kurento - webrtc-sfu: build: context: mod/webrtc-sfu @@ -302,9 +293,12 @@ services: FREESWITCH_IP: 10.7.7.1 FREESWITCH_SIP_IP: ${EXTERNAL_IPv4} MCS_HOST: 0.0.0.0 - MCS_ADDRESS: 127.0.0.1 + MCS_ADDRESS: 0.0.0.0 ESL_IP: 10.7.7.1 ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} + RECORDING_ADAPTER: bbb-webrtc-recorder + RECORD_WEBCAMS: "true" + KURENTO: '[]' # TODO: add mediasoup IPv6 # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487 {{ if .Env.EXTERNAL_IPv6 }} @@ -351,15 +345,83 @@ services: restart: unless-stopped depends_on: - redis + - postgres environment: DOMAIN: ${DOMAIN} SHARED_SECRET: ${SHARED_SECRET} + POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} volumes: - - vol-freeswitch:/var/freeswitch/meetings + - ./data/freeswitch-meetings:/var/freeswitch/meetings + - ./conf/settings.yml:/etc/bigbluebutton/bbb-html5.yml:ro networks: bbb-net: ipv4_address: 10.7.7.15 + bbb-graphql-server: + build: + context: mod/bbb-graphql-server + additional_contexts: + - src=./repos/bigbluebutton/bbb-graphql-server + args: + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + depends_on: + - postgres + restart: unless-stopped + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} + networks: + bbb-net: + ipv4_address: 10.7.7.31 + + extra_hosts: + - "bbb-web:10.7.7.2" + - "bbb-graphql-actions:10.7.7.30" + + bbb-graphql-actions: + build: + context: mod/bbb-graphql-actions + {{ if isTrue .Env.DEV_MODE }} + dockerfile: Dockerfile.dev + {{ else }} + additional_contexts: + - src=./repos/bigbluebutton/bbb-graphql-actions + {{ end }} + args: + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + restart: unless-stopped + depends_on: + - redis + environment: + BBB_REDIS_HOST: redis + networks: + bbb-net: + ipv4_address: 10.7.7.30 + {{ if isTrue .Env.DEV_MODE }} + volumes: + - ./repos/bigbluebutton/bbb-graphql-actions:/app/:rw + - ./.cache/npm:/tmp/.npm:rw + {{ end }} + + bbb-graphql-middleware: + build: + context: mod/bbb-graphql-middleware + additional_contexts: + - src=./repos/bigbluebutton/bbb-graphql-middleware + args: + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + restart: unless-stopped + depends_on: + - bbb-graphql-server + - redis + environment: + BBB_GRAPHQL_MIDDLEWARE_LISTEN_PORT: 8378 + BBB_GRAPHQL_MIDDLEWARE_REDIS_ADDRESS: 10.7.7.5:6379 + BBB_GRAPHQL_MIDDLEWARE_HASURA_WS: ws://bbb-graphql-server:8080/v1/graphql + networks: + bbb-net: + ipv4_address: 10.7.7.32 + jodconverter: build: mod/jodconverter image: alangecker/bbb-docker-jodconverter:latest @@ -527,10 +589,10 @@ services: ipv4_address: 10.7.7.21 postgres: - image: postgres:12-alpine + image: postgres:16-alpine restart: unless-stopped environment: - POSTGRES_DB: greenlight-v3 + POSTGRES_MULTIPLE_DATABASES: bbb_graphql,hasura_app,greenlight POSTGRES_USER: postgres POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} healthcheck: @@ -539,11 +601,10 @@ services: timeout: 5s retries: 5 volumes: - - ./postgres-data:/var/lib/postgresql/data + - ./mod/postgres/initdb.sh:/docker-entrypoint-initdb.d/initdb.sh networks: bbb-net: ipv4_address: 10.7.7.22 -{{end}} {{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }} # prometheus diff --git a/mod/apps-akka/Dockerfile b/mod/apps-akka/Dockerfile index fcd876c..6d9df35 100644 --- a/mod/apps-akka/Dockerfile +++ b/mod/apps-akka/Dockerfile @@ -26,5 +26,6 @@ COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl COPY logback.xml /bbb-apps-akka/conf/logback.xml COPY entrypoint.sh /entrypoint.sh +COPY settings.yml /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml USER bigbluebutton ENTRYPOINT /entrypoint.sh diff --git a/mod/apps-akka/bbb-apps-akka.conf b/mod/apps-akka/bbb-apps-akka.conf index d05cebc..2a7a474 100644 --- a/mod/apps-akka/bbb-apps-akka.conf +++ b/mod/apps-akka/bbb-apps-akka.conf @@ -11,4 +11,14 @@ services { } http { interface = "0.0.0.0" +} + +postgres { + properties = { + serverName = "10.7.7.22" + portNumber = "5432" + databaseName = "bbb_graphql" + user = "postgres" + password = "POSTGRES_PASSWORD" + } } \ No newline at end of file diff --git a/mod/apps-akka/entrypoint.sh b/mod/apps-akka/entrypoint.sh index 3938a7c..d6d2b5a 100755 --- a/mod/apps-akka/entrypoint.sh +++ b/mod/apps-akka/entrypoint.sh @@ -4,6 +4,7 @@ TARGET=/etc/bigbluebutton/bbb-apps-akka.conf cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET sed -i "s/DOMAIN/$DOMAIN/" $TARGET sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET +sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET cd /bbb-apps-akka /bbb-apps-akka/bin/bbb-apps-akka \ No newline at end of file diff --git a/mod/apps-akka/settings.yml b/mod/apps-akka/settings.yml new file mode 100644 index 0000000..58c4cef --- /dev/null +++ b/mod/apps-akka/settings.yml @@ -0,0 +1,7 @@ +# just the default values required for gettting apps-akka running + +# use ./conf/sertings.yml for modifying anything +public: + plugins: [] + userReaction: + expire: 30 \ No newline at end of file diff --git a/mod/bbb-graphql-actions/Dockerfile b/mod/bbb-graphql-actions/Dockerfile new file mode 100644 index 0000000..97c2a61 --- /dev/null +++ b/mod/bbb-graphql-actions/Dockerfile @@ -0,0 +1,32 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + +COPY --from=src ./ /src +RUN cd /src && \ + npm ci --no-progress && \ + npm run build + +# delete node_modules (it should create a fresh one inside /src/dist/) +RUN rm -rf /src/node_modules + +RUN cd /src/dist && \ + mv index.js bbb-graphql-actions.js && \ + cp ../package.json ../package-lock.json . && \ + npm ci --no-progress --omit=dev + + +# ------------------------------ +FROM node:18-bookworm-slim + +COPY --from=builder /src/dist /app + +RUN groupadd -g 2062 app \ + && useradd -m -u 2063 -g app app + +USER app + +WORKDIR /app + +ENV SERVER_HOST 0.0.0.0 + +CMD [ "node", "/app/bbb-graphql-actions.js" ] \ No newline at end of file diff --git a/mod/bbb-graphql-actions/Dockerfile.dev b/mod/bbb-graphql-actions/Dockerfile.dev new file mode 100644 index 0000000..52147f7 --- /dev/null +++ b/mod/bbb-graphql-actions/Dockerfile.dev @@ -0,0 +1,14 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + +RUN apt-get update && apt-get install -y gosu + +# allow any user to use node in /root/.nvm +RUN chmod 755 /root + +COPY dev-entrypoint.sh /dev-entrypoint.sh +ENTRYPOINT [ "/dev-entrypoint.sh" ] + +WORKDIR /app +ENV SERVER_HOST 0.0.0.0 +CMD [ "npm install && npm start" ] \ No newline at end of file diff --git a/mod/bbb-graphql-actions/dev-entrypoint.sh b/mod/bbb-graphql-actions/dev-entrypoint.sh new file mode 100755 index 0000000..7c3700c --- /dev/null +++ b/mod/bbb-graphql-actions/dev-entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# get owner of /app +OWNER="$(stat -c '%u' "/app")" +GROUP="$(stat -c '%g' "/app")" +useradd --home-dir /tmp -u $OWNER user || /bin/true + +# run with same user to avoid any issues +# with file permissions +. /root/.nvm/nvm.sh +gosu $OWNER:$GROUP bash -c "$@" + diff --git a/mod/bbb-graphql-middleware/Dockerfile b/mod/bbb-graphql-middleware/Dockerfile new file mode 100644 index 0000000..22244e3 --- /dev/null +++ b/mod/bbb-graphql-middleware/Dockerfile @@ -0,0 +1,11 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + +COPY --from=src / /src/ +RUN cd /src/ && ./local-build.sh + + +# ------------------------------ +FROM alpine +COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware +CMD [ "/app/bbb-graphql-middleware" ] \ No newline at end of file diff --git a/mod/bbb-graphql-server/Dockerfile b/mod/bbb-graphql-server/Dockerfile new file mode 100644 index 0000000..f39bf7d --- /dev/null +++ b/mod/bbb-graphql-server/Dockerfile @@ -0,0 +1,24 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + +RUN mkdir -p /hasura-cli && cd /hasura-cli && npm install hasura-cli +RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq + +# ---------------------------- +FROM hasura/graphql-engine:v2.36.0 + +# install netstat +RUN apt-get update && apt-get install -y net-tools gosu + +COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq +COPY --from=builder /hasura-cli/node_modules/hasura-cli/hasura /usr/local/bin/hansura + +COPY --from=src /bbb_schema.sql /app/ +COPY --from=src /metadata /app/metadata + +COPY config.yaml /app/config.yaml +COPY entrypoint.sh /entrypoint.sh +COPY start.sh /app/start.sh + +ENTRYPOINT [ "/entrypoint.sh" ] +CMD [ "/app/start.sh" ] diff --git a/mod/bbb-graphql-server/config.yaml b/mod/bbb-graphql-server/config.yaml new file mode 100644 index 0000000..183404e --- /dev/null +++ b/mod/bbb-graphql-server/config.yaml @@ -0,0 +1,7 @@ +version: 3 +endpoint: http://localhost:8080 +admin_secret: bigbluebutton +metadata_directory: metadata +actions: + kind: synchronous + handler_webhook_baseurl: http://localhost:3000 diff --git a/mod/bbb-graphql-server/entrypoint.sh b/mod/bbb-graphql-server/entrypoint.sh new file mode 100755 index 0000000..ff281dd --- /dev/null +++ b/mod/bbb-graphql-server/entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# for psql +export PGHOST=postgres +export PGUSER="${POSTGRES_USER}" +export PGPASSWORD="${POSTGRES_PASSWORD}" + + +# for hasura +export HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app +export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app +export HASURA_GRAPHQL_LOG_LEVEL=warn +export HASURA_GRAPHQL_ENABLE_CONSOLE=false +export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250 +export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100 +export HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton # TODO: improve security +export HASURA_GRAPHQL_ENABLE_TELEMETRY=false +export HASURA_GRAPHQL_AUTH_HOOK=http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization +export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093 + + +exec $@ \ No newline at end of file diff --git a/mod/bbb-graphql-server/start.sh b/mod/bbb-graphql-server/start.sh new file mode 100755 index 0000000..2579684 --- /dev/null +++ b/mod/bbb-graphql-server/start.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +cd /app/ + +# patch database url +# TODO: this should be possible via an environment variable +yq e -i '.[1].configuration.connection_info.database_url.connection_parameters.host = "postgres"' metadata/databases/databases.yaml +yq e -i ".[1].configuration.connection_info.database_url.connection_parameters.password = \"${POSTGRES_PASSWORD}\"" metadata/databases/databases.yaml + + +echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql + +echo "Restarting database bbb_graphql" +psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'" > /dev/null +psql -c "drop database if exists bbb_graphql with (force)" +psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'" +psql -c "alter database bbb_graphql set timezone to 'UTC'" + +echo "Creating tables in bbb_graphql" +psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on + +echo "Starting hasura-graphql-engine" +gosu nobody graphql-engine serve & +PID=$! + +sleep 1 + + +#Check if Hasura is ready before applying metadata +HASURA_PORT=8080 +while ! netstat -tuln | grep ":$HASURA_PORT " > /dev/null; do + echo "Waiting for Hasura's port ($HASURA_PORT) to be ready..." + sleep 1 +done + +echo "Applying new metadata to Hasura" +/usr/local/bin/hansura metadata apply --skip-update-check + +wait "$PID" \ No newline at end of file diff --git a/mod/mongo/init-replica.sh b/mod/mongo/init-replica.sh index 188cdda..da06dfd 100755 --- a/mod/mongo/init-replica.sh +++ b/mod/mongo/init-replica.sh @@ -15,12 +15,12 @@ mongod --oplogSize 8 --replSet rs0 --noauth \ --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork # init replset with defaults -mongo 10.7.7.6 --eval "rs.initiate({ +mongosh 10.7.7.6 --eval "rs.initiate({ _id: 'rs0', members: [ { _id: 0, host: '10.7.7.6:27017' } ] })" echo "Waiting to become a master" -echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongo +echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongosh echo "I'm the master!" \ No newline at end of file diff --git a/mod/nginx/bbb/graphql.nginx b/mod/nginx/bbb/graphql.nginx new file mode 100644 index 0000000..d80c636 --- /dev/null +++ b/mod/nginx/bbb/graphql.nginx @@ -0,0 +1,24 @@ +location /graphql-test { + proxy_pass http://127.0.0.1:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} + +# Websocket connection +location /v1/graphql { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + #proxy_pass http://127.0.0.1:8080; #Hasura + proxy_pass http://10.7.7.32:8378; #Graphql Middleware +} + +location /api/rest { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8080; #Hasura +} diff --git a/mod/postgres/initdb.sh b/mod/postgres/initdb.sh new file mode 100755 index 0000000..fb0560e --- /dev/null +++ b/mod/postgres/initdb.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -u + +function create_user_and_database() { + local database=$1 + echo " Creating user and database '$database'" + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE DATABASE $database; + GRANT ALL PRIVILEGES ON DATABASE $database TO $POSTGRES_USER; +EOSQL +} + +if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then + echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" + for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do + create_user_and_database $db + done + echo "Multiple databases created" +fi \ No newline at end of file diff --git a/repos/bbb-webrtc-sfu b/repos/bbb-webrtc-sfu index c0de0ff..fe901bd 160000 --- a/repos/bbb-webrtc-sfu +++ b/repos/bbb-webrtc-sfu @@ -1 +1 @@ -Subproject commit c0de0ff3857146da4924233d36b710874d16a26f +Subproject commit fe901bd15cadcb33f935900f804926f36793c48d diff --git a/repos/bigbluebutton b/repos/bigbluebutton index 5d671b3..b674477 160000 --- a/repos/bigbluebutton +++ b/repos/bigbluebutton @@ -1 +1 @@ -Subproject commit 5d671b3b506712e54093f50c2a4bdb9995982fab +Subproject commit b674477a40a3060738219d8a58915f1bcaf8738b From 4216d36eb8d09769d702f31a1d8c1e4112451478 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:46:09 +0100 Subject: [PATCH 06/40] reduce logging verbosity --- mod/apps-akka/logback.xml | 4 +++- mod/fsesl-akka/logback.xml | 3 +-- mod/recordings/supervisord.conf | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/mod/apps-akka/logback.xml b/mod/apps-akka/logback.xml index 0d9c004..c29b1fb 100644 --- a/mod/apps-akka/logback.xml +++ b/mod/apps-akka/logback.xml @@ -9,8 +9,10 @@ + - + + diff --git a/mod/fsesl-akka/logback.xml b/mod/fsesl-akka/logback.xml index a6749c0..9e587d9 100644 --- a/mod/fsesl-akka/logback.xml +++ b/mod/fsesl-akka/logback.xml @@ -11,8 +11,7 @@ - + - diff --git a/mod/recordings/supervisord.conf b/mod/recordings/supervisord.conf index 443be88..22e456d 100644 --- a/mod/recordings/supervisord.conf +++ b/mod/recordings/supervisord.conf @@ -4,7 +4,7 @@ user=root [program:rasque_workers] command=bundle exec rake -f Rakefile resque:workers directory=/usr/local/bigbluebutton/core/scripts -environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1",HOME="/home/bigbluebutton" +environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",HOME="/home/bigbluebutton" user=bigbluebutton stdout_logfile=/dev/fd/1 stdout_logfile_maxbytes=0 From 72bd71c8bfad6bd16fca5aec7ea7f5f2d331571e Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:48:34 +0100 Subject: [PATCH 07/40] update base images - debian: bullseye -> bookworm - ubuntu: 20.04 -> 22.04 - ruby: 2.7 -> 3.0 --- docker-compose.tmpl.yml | 2 +- mod/bbb-pads/Dockerfile | 4 ++-- mod/freeswitch/Dockerfile | 4 ++-- mod/html5/Dockerfile | 2 +- mod/periodic/Dockerfile | 2 +- mod/recordings/Dockerfile | 2 +- mod/webhooks/Dockerfile | 4 ++-- mod/webrtc-sfu/Dockerfile | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 499af90..8d4e2a8 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -185,7 +185,7 @@ services: - src-playback=./repos/bbb-playback args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - image: alangecker/bbb-docker-nginx:1.23-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }} + image: alangecker/bbb-docker-nginx:1.25-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: - etherpad diff --git a/mod/bbb-pads/Dockerfile b/mod/bbb-pads/Dockerfile index 6109675..7498a10 100644 --- a/mod/bbb-pads/Dockerfile +++ b/mod/bbb-pads/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bullseye-slim AS builder +FROM node:18-bookworm-slim AS builder COPY --from=src / /bbb-pads RUN cd /bbb-pads && rm -r .git && npm install --production @@ -7,7 +7,7 @@ RUN cd /bbb-pads && rm -r .git && npm install --production RUN chmod 777 /bbb-pads/config # ------------------------------ -FROM node:18-bullseye-slim +FROM node:18-bookworm-slim RUN apt update && apt install -y jq moreutils \ && useradd --uid 2003 --create-home --user-group bbb-pads diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index 19107e1..e57a58b 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -42,11 +42,11 @@ COPY --from=fs-config / /build/staging/opt/freeswitch/etc/freeswitch/ # =============================================== # we are using ubuntu here, because libjpeg8 is required, but not available in debian -FROM ubuntu:20.04 +FROM ubuntu:22.04 RUN apt-get update && \ apt-get install -y \ xmlstarlet wget iptables curl \ - libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns2 libedit2 libtiff5 libpng16-16 \ + libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns3 libedit2 libtiff5 libpng16-16 libsqlite3-0 \ && \ # install libopusenc0 wget -O /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb2_amd64.deb \ diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile index 812e215..7b050b6 100644 --- a/mod/html5/Dockerfile +++ b/mod/html5/Dockerfile @@ -23,7 +23,7 @@ RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \ # ------------------------------ -FROM node:14.21-bullseye-slim +FROM node:18-bookworm-slim RUN apt-get update && apt-get install -y gosu diff --git a/mod/periodic/Dockerfile b/mod/periodic/Dockerfile index 184cc89..770dcaf 100644 --- a/mod/periodic/Dockerfile +++ b/mod/periodic/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bookworm-slim # -- install docker cli COPY --from=library/docker:latest /usr/local/bin/docker /usr/bin/docker diff --git a/mod/recordings/Dockerfile b/mod/recordings/Dockerfile index 9f08763..56c7d9f 100644 --- a/mod/recordings/Dockerfile +++ b/mod/recordings/Dockerfile @@ -1,5 +1,5 @@ -FROM ruby:2.7-slim-bullseye +FROM ruby:3.0-slim-bullseye # install apt dependencies RUN apt-get update && apt-get install -y \ diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index f0aaa9f..7d603fe 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bullseye-slim AS builder +FROM node:18-bookworm-slim AS builder RUN apt-get update && apt-get install -y git wget @@ -12,7 +12,7 @@ RUN cd /bbb-webhooks && npm install --production RUN chmod 777 /bbb-webhooks/config # ------------------------------ -FROM node:18-bullseye-slim +FROM node:18-bookworm-slim RUN useradd --uid 2004 --user-group bbb-webhooks COPY --from=builder /usr/bin/yq /usr/bin/yq diff --git a/mod/webrtc-sfu/Dockerfile b/mod/webrtc-sfu/Dockerfile index b3f57af..4f8e53c 100644 --- a/mod/webrtc-sfu/Dockerfile +++ b/mod/webrtc-sfu/Dockerfile @@ -18,7 +18,7 @@ RUN cd /app \ # ============================= -FROM node:18-bullseye-slim +FROM node:18-bookworm-slim RUN useradd --uid 2004 --user-group webrtc-sfu ENV NODE_ENV production From a3f346d8a0e0f961c1bb566a3dbb0f29533e1814 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:52:02 +0100 Subject: [PATCH 08/40] all data under ./data instead in docker volumes - easier backups - people can access recordings with existing scripts --- docker-compose.tmpl.yml | 29 +++++++++++++---------------- scripts/upgrade | 24 ++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 8d4e2a8..e9e2d48 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -74,8 +74,8 @@ services: ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }} volumes: - - bigbluebutton:/var/bigbluebutton - - vol-freeswitch:/var/freeswitch/meetings + - ./data/bigbluebutton:/var/bigbluebutton + - ./data/freeswitch-meetings:/var/freeswitch/meetings networks: bbb-net: ipv4_address: 10.7.7.2 @@ -167,7 +167,7 @@ services: volumes: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker - - vol-freeswitch:/var/freeswitch/meetings + - ./data/freeswitch-meetings:/var/freeswitch/meetings network_mode: host logging: # reduce logs to a minimum, so `docker compose logs -f` still works @@ -308,7 +308,7 @@ services: {{end}} MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}' volumes: - - vol-mediasoup:/var/mediasoup + - ./data/mediasoup:/var/mediasoup tmpfs: - /var/log/bbb-webrtc-sfu network_mode: host @@ -446,8 +446,8 @@ services: - mongodb volumes: - /var/run/docker.sock:/var/run/docker.sock - - bigbluebutton:/var/bigbluebutton - - vol-mediasoup:/var/mediasoup + - ./data/bigbluebutton:/var/bigbluebutton + - ./data/mediasoup:/var/mediasoup tmpfs: - /var/log/bigbluebutton environment: @@ -479,10 +479,9 @@ services: DOMAIN: ${DOMAIN} SHARED_SECRET: ${SHARED_SECRET} volumes: - - bigbluebutton:/var/bigbluebutton - - vol-freeswitch:/var/freeswitch/meetings - - vol-mediasoup:/var/mediasoup - - vol-kurento:/var/kurento + - ./data/bigbluebutton:/var/bigbluebutton + - ./data/freeswitch-meetings:/var/freeswitch/meetings + - ./data/mediasoup:/var/mediasoup tmpfs: - /var/log/bigbluebutton - /tmp @@ -583,10 +582,11 @@ services: SECRET_KEY_BASE: ${RAILS_SECRET} RELATIVE_URL_ROOT: / volumes: - - ./greenlight-data:/usr/src/app/storage + - ./data/greenlight:/usr/src/app/storage networks: bbb-net: ipv4_address: 10.7.7.21 +{{end}} postgres: image: postgres:16-alpine @@ -601,6 +601,7 @@ services: timeout: 5s retries: 5 volumes: + - ./data/postgres:/var/lib/postgresql/data - ./mod/postgres/initdb.sh:/docker-entrypoint-initdb.d/initdb.sh networks: bbb-net: @@ -620,7 +621,7 @@ services: ipv4_address: 10.7.7.33 {{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION }} volumes: - - bigbluebutton:/var/bigbluebutton:ro + - ./data/bigbluebutton:/var/bigbluebutton:ro {{end}} # the exporter requires /etc/bigbluebutton/bigbluebutton-release @@ -631,10 +632,6 @@ services: volumes: - bigbluebutton: - vol-freeswitch: - vol-kurento: - vol-mediasoup: html5-static: {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} ssl_data: diff --git a/scripts/upgrade b/scripts/upgrade index 4d403b5..454d02e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,6 +19,30 @@ else echo "# recreate docker-compose.yml" ./scripts/generate-compose + + echo "" + echo "# checking for old volumes & migrate them" + COMPOSE_PREFIX=$(docker compose config | grep '^name:' | awk '{print $2}') + + function migrate { + VOLUME=${COMPOSE_PREFIX}_${1} + EXISTING=$(docker volume ls | grep $VOLUME | tail -n1 | awk '{print $2}') + if [ -n "$EXISTING" ]; then + # ensure volume is not used + docker compose down --remove-orphans + + echo "Migrating $VOLUME to $2" + docker run --rm -v $VOLUME:/src -v $2:/dest --entrypoint /bin/sh eeacms/rsync -c 'rsync -av /src/ /dest' + docker volume rm $EXISTING + fi + } + migrate bigbluebutton ./data/bigbluebutton + migrate vol-freeswitch ./data/freeswitch-meetings + migrate vol-mediasoup ./data/mediasoup + + # TODO: migrate postgres database + # TODO: migrate greenlight-data + echo "" echo "# pull newest images" docker compose pull --ignore-pull-failures From cdfe3a87c1046efbf7d7bf388aef5039629d72de Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:54:28 +0100 Subject: [PATCH 09/40] bbb3.0: add webrtc-recorder --- docker-compose.tmpl.yml | 16 ++++++++ mod/bbb-webrtc-recorder/Dockerfile | 35 +++++++++++++++++ .../bbb-webrtc-recorder.yml | 39 +++++++++++++++++++ 3 files changed, 90 insertions(+) create mode 100644 mod/bbb-webrtc-recorder/Dockerfile create mode 100644 mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index e9e2d48..06fec1b 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -482,12 +482,28 @@ services: - ./data/bigbluebutton:/var/bigbluebutton - ./data/freeswitch-meetings:/var/freeswitch/meetings - ./data/mediasoup:/var/mediasoup + - ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder tmpfs: - /var/log/bigbluebutton - /tmp networks: bbb-net: ipv4_address: 10.7.7.16 + + bbb-webrtc-recorder: + build: + context: mod/bbb-webrtc-recorder + additional_contexts: + - src=./repos/bbb-webrtc-recorder + image: alangecker/bbb-docker-webrtc-recorder:{{ .Env.TAG_WEBRTC_RECORDER }} + depends_on: + - redis + volumes: + - ./mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml:/etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml + - ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder + networks: + bbb-net: + ipv4_address: 10.7.7.19 {{end}} {{ if isTrue .Env.ENABLE_WEBHOOKS }} diff --git a/mod/bbb-webrtc-recorder/Dockerfile b/mod/bbb-webrtc-recorder/Dockerfile new file mode 100644 index 0000000..bfe04a0 --- /dev/null +++ b/mod/bbb-webrtc-recorder/Dockerfile @@ -0,0 +1,35 @@ +# Build stage +FROM golang:1.19 as builder + +ARG APP_VERSION=devel +ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder + +WORKDIR /app + +COPY --from=src go.* ./ + +RUN go mod tidy + +COPY --from=src . ./ + +RUN go build -o ./build/bbb-webrtc-recorder \ + -buildvcs=false \ + -ldflags="-X '${GOMOD}/internal.AppVersion=${APP_VERSION}'" \ + ./cmd/bbb-webrtc-recorder + +RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder + +RUN rm -rf /app + +# Running stage +FROM debian:bookworm-slim + +RUN apt-get update && apt-get install -y gosu + +# Copy the binary to the production image from the builder stage. +COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder + +# use same UID as in the recordings container +RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton + +CMD ["/bin/sh", "-c", "chown -R bigbluebutton:bigbluebutton /var/lib/bbb-webrtc-recorder && gosu bigbluebutton /usr/bin/bbb-webrtc-recorder"] \ No newline at end of file diff --git a/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml b/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml new file mode 100644 index 0000000..6b284ca --- /dev/null +++ b/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml @@ -0,0 +1,39 @@ +debug: false + +recorder: + directory: /var/lib/bbb-webrtc-recorder + dirFileMode: 0700 + fileMode: 0600 + +pubsub: + channels: + subscribe: to-bbb-webrtc-recorder + publish: from-bbb-webrtc-recorder + adapter: redis + adapters: + redis: + address: redis:6379 + network: tcp + #password: foobared + +webrtc: + rtcMinPort: 24577 + rtcMaxPort: 32768 + jitterBuffer: 512 + iceServers: + - urls: [] +# Example turn server +# - urls: +# - turn:turnserver.example.org:1234 +# username: webrtc +# credential: turnpassword + +# HTTP server for testing +# (should be disabled in production) +http: + port: 8080 + enable: false + +prometheus: + enable: false + listenAddress: 127.0.0.1:3200 From 13f55a1be9f808611b70c7eccff144e1482e3322 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:55:03 +0100 Subject: [PATCH 10/40] fs_cli: fix for wrong path to functions.sh --- scripts/fs_cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/fs_cli b/scripts/fs_cli index de7fc5d..68c2fc3 100755 --- a/scripts/fs_cli +++ b/scripts/fs_cli @@ -4,7 +4,7 @@ set -e cd $(dirname $0)/.. # load .env -. functions.sh +. ./scripts/functions.sh load_env docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.1 -p "$FSESL_PASSWORD" From b4918c53d32cde9a4639afa12903303ac7d90f87 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:55:52 +0100 Subject: [PATCH 11/40] dev mode: allow presentation access via http --- mod/bbb-web/bbb-web.properties | 2 ++ mod/https/force-https.conf | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties index 0f500d2..2c51aad 100644 --- a/mod/bbb-web/bbb-web.properties +++ b/mod/bbb-web/bbb-web.properties @@ -15,6 +15,8 @@ redisHost=redis {{ if isTrue .Env.DEV_MODE }} beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf +# fetch presentations without HTTPS +presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation {{else}} beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf {{end}} diff --git a/mod/https/force-https.conf b/mod/https/force-https.conf index b9ad46a..a890042 100644 --- a/mod/https/force-https.conf +++ b/mod/https/force-https.conf @@ -5,7 +5,7 @@ location /bigbluebutton/api/join { } # allow /api calls without redirecting to https -location /bigbluebutton/api { +location /bigbluebutton/ { proxy_pass https://127.0.0.1:443; proxy_ssl_verify off; } From 20315c1cf8028c61c84f0f053895c99565e52ac0 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 7 Jan 2024 23:56:34 +0100 Subject: [PATCH 12/40] add missing bbb-webrtc-recorder submodule --- .gitmodules | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitmodules b/.gitmodules index 9065c08..310486d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -22,3 +22,6 @@ [submodule "repos/bbb-pads"] path = repos/bbb-pads url = https://github.com/bigbluebutton/bbb-pads.git +[submodule "repos/bbb-webrtc-recorder"] + path = repos/bbb-webrtc-recorder + url = https://github.com/bigbluebutton/bbb-webrtc-recorder From 082e1295dfacf0af2320369d1b6d7b04cfabe8d5 Mon Sep 17 00:00:00 2001 From: Benjamin Brauner <11899021@auf.bundeswehr.de> Date: Thu, 29 Feb 2024 13:20:50 +0100 Subject: [PATCH 13/40] adding bbb-export-annotations configurations -> to build it see necessary for the bigbluebutton source also; https://github.com/bigbluebutton/bigbluebutton/pull/19707 --- docker-compose.tmpl.yml | 21 ++++++++++ docs/network-config.md | 1 + mod/bbb-export-annotations/Dockerfile | 24 +++++++++++ .../config/settings.json | 41 +++++++++++++++++++ mod/bbb-export-annotations/entrypoint.sh | 6 +++ 5 files changed, 93 insertions(+) create mode 100644 mod/bbb-export-annotations/Dockerfile create mode 100644 mod/bbb-export-annotations/config/settings.json create mode 100755 mod/bbb-export-annotations/entrypoint.sh diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 7c840e4..5c56c79 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -192,6 +192,27 @@ services: bbb-net: ipv4_address: 10.7.7.18 + bbb-export-annotations: + build: + context: mod/bbb-export-annotations + additional_contexts: + bigbluebutton: ./repos/bigbluebutton + image: alangecker/bbb-docker-bbb-export-annotations:v2.7.0 + restart: unless-stopped + depends_on: + - redis + - etherpad + - bbb-pads + networks: + # need connections to: + # https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json + # "bbbWebAPI": "http://127.0.0.1:8090", -> bbb-web + # "bbbPadsAPI": "http://127.0.0.1:9002", -> bbb-pads + bbb-net: + ipv4_address: 10.7.7.19 + volumes: + - bigbluebutton:/var/bigbluebutton + redis: image: redis:7.2-alpine restart: unless-stopped diff --git a/docs/network-config.md b/docs/network-config.md index 8382fb9..3289183 100644 --- a/docs/network-config.md +++ b/docs/network-config.md @@ -24,6 +24,7 @@ Services as configured. | coturn | network_mode: host | | | greenlight | | | ports: 10.7.7.1:5000:80 | prometheus | bbb-net | 10.7.7.33 | +| bbb-export-annotations | bbb-net | 10.7.7.19 | ```yml networks: diff --git a/mod/bbb-export-annotations/Dockerfile b/mod/bbb-export-annotations/Dockerfile new file mode 100644 index 0000000..0723860 --- /dev/null +++ b/mod/bbb-export-annotations/Dockerfile @@ -0,0 +1,24 @@ +FROM node:18-bullseye-slim AS builder + +COPY --from=bigbluebutton /bbb-export-annotations /bbb-export-annotations +RUN cd /bbb-export-annotations && npm ci && npm install + +# -------------------- + +FROM node:18-bullseye-slim + +#depends on; +#Depends: nodejs,npm,bbb-apps-akka,bbb-web,cairosvg,ghostscript,imagemagick, nodejs (>= 18), nodejs (<< 20) +#see repo https://ubuntu.bigbluebutton.org/focal-270/ bigbluebutton-focal main +#apt info bbb-export-annotations +#missing dependency: poppler-utils for pdftocairo bin -> covert background / original presentation to png +RUN apt update && apt install -y \ + nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils +# && useradd --uid 2004 --create-home --user-group bbb-export + +COPY --from=builder /bbb-export-annotations /bbb-export-annotations +#we need acces to volume bigbluebutton! +USER root +COPY ./config/settings.json /bbb-export-annotations/config/settings.json +COPY entrypoint.sh /entrypoint.sh +ENTRYPOINT /entrypoint.sh diff --git a/mod/bbb-export-annotations/config/settings.json b/mod/bbb-export-annotations/config/settings.json new file mode 100644 index 0000000..3283a8b --- /dev/null +++ b/mod/bbb-export-annotations/config/settings.json @@ -0,0 +1,41 @@ +{ + "log": { + "level": "info", + "msgName": "PresAnnStatusMsg" + }, + "shared": { + "presDir": "/var/bigbluebutton", + "presAnnDropboxDir": "/tmp/pres-ann-dropbox", + "cairosvg": "/usr/bin/cairosvg", + "ghostscript": "/usr/bin/gs", + "imagemagick": "/usr/bin/convert", + "pdftocairo": "/usr/bin/pdftocairo" + }, + "collector": { + "pngWidthRasterizedSlides": 2560 + }, + "process": { + "whiteboardTextEncoding": "utf-8", + "maxImageWidth": 1440, + "maxImageHeight": 1080, + "textScaleFactor": 2, + "pointsPerInch": 72, + "pixelsPerInch": 96 + }, + "notifier": { + "pod_id": "DEFAULT_PRESENTATION_POD", + "is_downloadable": "false", + "msgName": "NewPresFileAvailableMsg" + }, + "bbbWebAPI": "http://bbb-web:8090", + "bbbPadsAPI": "http://bbb-pads:9002", + "redis": { + "host": "redis", + "port": 6379, + "password": null, + "channels": { + "queue": "exportJobs", + "publish": "to-akka-apps-redis-channel" + } + } +} diff --git a/mod/bbb-export-annotations/entrypoint.sh b/mod/bbb-export-annotations/entrypoint.sh new file mode 100755 index 0000000..a637c84 --- /dev/null +++ b/mod/bbb-export-annotations/entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +cd /bbb-export-annotations +export NODE_ENV=production +npm start From c740f55e5a91cd4ec6cdd460e9e7ff6df11ca404 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 16:07:48 +0100 Subject: [PATCH 14/40] v3.0.0-beta.5: basic working functionality quite some features (recording, SIP, transcription, etc.) are not working yet, but a milestone where it should finally take a commit --- README.md | 6 +- dev.env | 45 +---- docker-compose.tmpl.yml | 182 +++--------------- mod/apps-akka/Dockerfile | 14 +- mod/apps-akka/bbb-apps-akka.conf | 2 +- mod/apps-akka/entrypoint.sh | 7 + mod/apps-akka/settings.yml | 7 - mod/bbb-graphql-actions/Dockerfile | 4 +- mod/bbb-graphql-middleware/Dockerfile | 5 +- mod/bbb-graphql-middleware/config.yml | 15 ++ mod/bbb-graphql-server/Dockerfile | 9 +- mod/bbb-graphql-server/config.yaml | 2 +- mod/bbb-graphql-server/entrypoint.sh | 9 +- mod/bbb-graphql-server/start.sh | 14 +- mod/bbb-web/Dockerfile | 4 +- mod/bbb-web/bbb-web.properties | 2 +- mod/bbb-web/entrypoint.sh | 2 +- mod/bbb-web/logback.xml | 2 +- mod/bbb-web/mocked-ps | 8 - mod/etherpad/settings.json | 2 +- mod/freeswitch/Dockerfile | 2 +- .../conf/autoload_configs/acl.conf.xml | 49 ----- .../autoload_configs/event_socket.conf.xml | 4 +- .../conf/autoload_configs/modules.conf.xml | 1 + mod/freeswitch/conf/dialplan/public.xml | 43 ----- .../conf/sip_profiles/external-ipv6.xml | 113 ----------- mod/freeswitch/conf/sip_profiles/external.xml | 128 ------------ mod/freeswitch/conf/vars.xml.tmpl | 78 ++++++-- mod/fsesl-akka/bbb-fsesl-akka.conf | 4 +- mod/html5/Dockerfile | 43 ----- mod/html5/Dockerfile.dev | 16 -- mod/html5/bbb-html5.yml | 25 --- mod/html5/entrypoint.dev.sh | 31 --- mod/html5/entrypoint.sh | 38 ---- mod/livekit/livekit.yaml | 15 ++ mod/mongo/init-replica.sh | 26 --- mod/mongo/mongod.conf | 33 ---- mod/nginx/Dockerfile | 21 +- .../bbb-graphql-client-settings-cache.conf | 1 + mod/nginx/bbb-html5.dev.nginx | 6 - mod/nginx/bbb/bbb-html5.nginx | 54 +----- mod/nginx/bbb/graphql.nginx | 47 +++-- mod/nginx/bbb/learning-dashboard.nginx | 5 - mod/nginx/bbb/livekit.nginx | 11 ++ mod/nginx/bbb/notes.nginx | 4 +- mod/nginx/bbb/presentation-slides.nginx | 27 +-- mod/nginx/bbb/sip.nginx | 15 -- mod/nginx/bbb/web.nginx | 22 +++ mod/nginx/bigbluebutton | 23 +-- mod/webhooks/Dockerfile | 2 +- mod/webhooks/entrypoint.sh | 10 +- mod/webrtc-sfu/Dockerfile | 6 + mod/webrtc-sfu/config.yaml | 40 ++++ repos/bbb-pads | 2 +- repos/bbb-playback | 2 +- repos/bbb-webhooks | 2 +- repos/bbb-webrtc-sfu | 2 +- repos/bigbluebutton | 2 +- repos/freeswitch | 2 +- repos/tags | 12 +- sample.env | 39 ---- scripts/dev | 36 ++-- scripts/fs_cli | 2 +- scripts/functions.sh | 13 +- scripts/generate-compose | 6 +- scripts/setup | 1 + 66 files changed, 386 insertions(+), 1019 deletions(-) delete mode 100644 mod/apps-akka/settings.yml create mode 100644 mod/bbb-graphql-middleware/config.yml delete mode 100755 mod/bbb-web/mocked-ps delete mode 100644 mod/freeswitch/conf/autoload_configs/acl.conf.xml delete mode 100644 mod/freeswitch/conf/dialplan/public.xml delete mode 100644 mod/freeswitch/conf/sip_profiles/external-ipv6.xml delete mode 100644 mod/freeswitch/conf/sip_profiles/external.xml delete mode 100644 mod/html5/Dockerfile delete mode 100644 mod/html5/Dockerfile.dev delete mode 100644 mod/html5/bbb-html5.yml delete mode 100755 mod/html5/entrypoint.dev.sh delete mode 100755 mod/html5/entrypoint.sh create mode 100644 mod/livekit/livekit.yaml delete mode 100755 mod/mongo/init-replica.sh delete mode 100644 mod/mongo/mongod.conf create mode 100644 mod/nginx/bbb-graphql-client-settings-cache.conf delete mode 100644 mod/nginx/bbb-html5.dev.nginx create mode 100644 mod/nginx/bbb/livekit.nginx delete mode 100644 mod/nginx/bbb/sip.nginx create mode 100644 mod/webrtc-sfu/config.yaml diff --git a/README.md b/README.md index c18e2be..385d90c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # 📦 BigBlueButton 3.0 Docker -Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) +Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) ## Features - Easy installation @@ -18,9 +18,7 @@ Version: 3.0.0-alpha.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com - Linux (it will not work under Windows/WSL) - Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.) - Public IPv4 (expect issues with a firewall / NAT) - -## What is not implemented yet -- bbb-lti +- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`) ## Install 1. Ensure the requirements above are fulfilled (it really doesn't work without them) diff --git a/dev.env b/dev.env index 76c6935..f747650 100644 --- a/dev.env +++ b/dev.env @@ -6,7 +6,11 @@ # - accept self signed certificates DEV_MODE=true - +# user and group used for +# this avoid any file permission issues with files +# created inside docker (e.g. node_modules) +BBB_DEV_UID=1000 +BBB_DEV_GID=1000 # ==================================== @@ -93,8 +97,6 @@ SIP_IP_ALLOWLIST=0.0.0.0/0 # CUSTOMIZATION # ==================================== -CLIENT_TITLE=BigBlueButton (Development) - # use following lines to replace the default welcome message and footer WELCOME_MESSAGE="Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others." WELCOME_FOOTER="This server is running BigBlueButton." @@ -123,52 +125,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf # - zh-hk-sinmei - Chinese/Hong Kong Sinmei SOUNDS_LANGUAGE=en-us-callie -# set to false to disable listenOnlyMode -LISTEN_ONLY_MODE=true - -# set to true to disable echo test -DISABLE_ECHO_TEST=false - -# set to true to automatically share webcam -AUTO_SHARE_WEBCAM=false - -# set to true to disable video preview for webcam sharing -DISABLE_VIDEO_PREVIEW=false - -# set to false to disable chat -CHAT_ENABLED=true - -# set to true to start chat closed -CHAT_START_CLOSED=false - # set to true to disable announcements "You are now (un-)muted" DISABLE_SOUND_MUTED=false # set to true to disable announcement "You are the only person in this conference" DISABLE_SOUND_ALONE=false -# maximum count of breakout rooms per meeting -# Warning: increasing the limit of breakout rooms per meeting -# can generate excessive overhead to the server. We recommend -# this value to be kept under 12. -BREAKOUTROOM_LIMIT=8 - # set to false to disable the learning dashboard ENABLE_LEARNING_DASHBOARD=true -# ==================================== -# Tuning -# ==================================== -# Default = 2; Min = 1; Max = 4 -# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events -NUMBER_OF_BACKEND_NODEJS_PROCESSES=1 - -# Default = 2; Min = 1; Max = 8 -# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings -# stretching the recommended number of users in BigBlueButton -NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1 - - # ==================================== # GREENLIGHT CONFIGURATION # ==================================== diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 06fec1b..df9c876 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -3,45 +3,6 @@ # don't edit this directly. {{/* -------- */}} -version: '3.6' - -# html5 templates -x-html5-backend: &html5backend - build: - context: mod/html5 - additional_contexts: - - source=./repos/bigbluebutton/bigbluebutton-html5 - args: - BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - TAG_BBB: {{ .Env.TAG_BBB }} - image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }} - restart: unless-stopped - depends_on: - - redis - - mongodb - - etherpad - environment: &html5backend-env - DOMAIN: ${DOMAIN} - CLIENT_TITLE: ${CLIENT_TITLE} - LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true} - DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false} - AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false} - DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false} - CHAT_ENABLED: ${CHAT_ENABLED:-true} - CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false} - BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8} - DEV_MODE: ${DEV_MODE:-} - BBB_HTML5_ROLE: backend - -x-html5-frontend: &html5frontend - <<: *html5backend - volumes: - - html5-static:/html5-static:rw - environment: &html5frontend-env - <<: *html5backend-env - BBB_HTML5_ROLE: frontend -# ========================= - services: bbb-web: build: @@ -81,61 +42,6 @@ services: ipv4_address: 10.7.7.2 -{{ if isTrue .Env.DEV_MODE }} - html5-dev: - build: - context: mod/html5 - dockerfile: Dockerfile.dev - args: - BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - user: ${BBB_DOCKER_USER} - restart: unless-stopped - depends_on: - - redis - - mongodb - - etherpad - volumes: - - ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw - - ./.cache/npm:/tmp/.npm:rw - - ./.cache/meteor:/tmp/.meteor:rw - - ./mod/html5/bbb-html5.yml:/tmp/bbb-html5.yml.tmpl - environment: - <<: *html5backend-env - HOME: /tmp - BBB_HTML5_ROLE: "" - networks: - bbb-net: - ipv4_address: 10.7.7.200 - - -{{ else }} -{{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }} - html5-backend-{{ add $i 1 }}: - <<: *html5backend - environment: - <<: *html5backend-env - INSTANCE_ID: {{ add $i 1 }} - PORT: {{ add 4000 $i }} - networks: - bbb-net: - ipv4_address: 10.7.7.{{ add 100 $i }} -{{end}} - -{{ range $i := loop 0 (atoi .Env.NUMBER_OF_FRONTEND_NODEJS_PROCESSES) }} - html5-frontend-{{ add $i 1 }}: - <<: *html5frontend - environment: - <<: *html5frontend-env - INSTANCE_ID: {{ add $i 1 }} - PORT: {{ add 4100 $i }} - networks: - bbb-net: - ipv4_address: 10.7.7.{{ add 200 $i }} -{{end}} - -{{ end }} - - freeswitch: container_name: bbb-freeswitch build: @@ -168,7 +74,9 @@ services: - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker - ./data/freeswitch-meetings:/var/freeswitch/meetings - network_mode: host + networks: + bbb-net: + ipv4_address: 10.7.7.10 logging: # reduce logs to a minimum, so `docker compose logs -f` still works driver: "local" @@ -183,35 +91,30 @@ services: additional_contexts: - src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard - src-playback=./repos/bbb-playback + - src-html5=./repos/bigbluebutton/bigbluebutton-html5 args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - image: alangecker/bbb-docker-nginx:1.25-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }} + TAG_BBB: {{ .Env.TAG_BBB }} + image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25 restart: unless-stopped depends_on: - etherpad - webrtc-sfu - {{ if isTrue .Env.DEV_MODE }} - - html5-dev - {{ else }} - - html5-backend-1 - {{ end }} volumes: - ./data/bigbluebutton:/var/bigbluebutton - - html5-static:/html5-static:ro - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf - {{ if isTrue .Env.DEV_MODE }} - # don't let nginx directly serve static files - - ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro - {{ end }} + tmpfs: + - /tmp network_mode: host extra_hosts: - "host.docker.internal:10.7.7.1" - "bbb-web:10.7.7.2" - "etherpad:10.7.7.4" - "webrtc-sfu:10.7.7.1" - - "html5:10.7.7.11" - "greenlight:10.7.7.21" + - "bbb-graphql-server:10.7.7.31" + - "bbb-graphql-middleware:10.7.7.32" etherpad: build: @@ -220,7 +123,7 @@ services: - plugin=./repos/bbb-etherpad-plugin - skin=./repos/bbb-etherpad-skin args: - TAG_ETHERPAD: "1.9.1" + TAG_ETHERPAD: "1.9.4" image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} restart: unless-stopped depends_on: @@ -259,22 +162,6 @@ services: bbb-net: ipv4_address: 10.7.7.5 - mongodb: - image: mongo:6.0 - restart: unless-stopped - volumes: - - ./mod/mongo/mongod.conf:/etc/mongod.conf - - ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh - tmpfs: - - /data/configdb - - /data/db - command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth - healthcheck: - test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;" - networks: - bbb-net: - ipv4_address: 10.7.7.6 - webrtc-sfu: build: context: mod/webrtc-sfu @@ -288,30 +175,16 @@ services: - redis - freeswitch environment: - CLIENT_HOST: 10.7.7.1 - REDIS_HOST: 10.7.7.5 - FREESWITCH_IP: 10.7.7.1 - FREESWITCH_SIP_IP: ${EXTERNAL_IPv4} - MCS_HOST: 0.0.0.0 - MCS_ADDRESS: 0.0.0.0 - ESL_IP: 10.7.7.1 ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} - RECORDING_ADAPTER: bbb-webrtc-recorder - RECORD_WEBCAMS: "true" - KURENTO: '[]' - # TODO: add mediasoup IPv6 - # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487 - {{ if .Env.EXTERNAL_IPv6 }} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' - {{else}} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' - {{end}} - MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}' volumes: - ./data/mediasoup:/var/mediasoup tmpfs: - /var/log/bbb-webrtc-sfu network_mode: host + security_opt: + - seccomp:unconfined # allow io_uring access for mediasoup + ulimits: + memlock: -1 # allow io_uring_register_buffers to allocate enough ram fsesl-akka: build: @@ -339,8 +212,10 @@ services: additional_contexts: - src-common-message=./repos/bigbluebutton/bbb-common-message - src-apps-akka=./repos/bigbluebutton/akka-bbb-apps + - src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/ args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + TAG_BBB: {{ .Env.TAG_BBB }} image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -352,7 +227,7 @@ services: POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} volumes: - ./data/freeswitch-meetings:/var/freeswitch/meetings - - ./conf/settings.yml:/etc/bigbluebutton/bbb-html5.yml:ro + - ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro networks: bbb-net: ipv4_address: 10.7.7.15 @@ -364,19 +239,21 @@ services: - src=./repos/bigbluebutton/bbb-graphql-server args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + GRAPHQL_ENGINE_TAG: v2.44.0 depends_on: - postgres + - bbb-web + - apps-akka + - bbb-graphql-actions restart: unless-stopped environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} + HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME networks: bbb-net: ipv4_address: 10.7.7.31 - extra_hosts: - - "bbb-web:10.7.7.2" - - "bbb-graphql-actions:10.7.7.30" bbb-graphql-actions: build: @@ -392,6 +269,7 @@ services: restart: unless-stopped depends_on: - redis + - apps-akka environment: BBB_REDIS_HOST: redis networks: @@ -413,11 +291,9 @@ services: restart: unless-stopped depends_on: - bbb-graphql-server + - bbb-graphql-actions + - bbb-web - redis - environment: - BBB_GRAPHQL_MIDDLEWARE_LISTEN_PORT: 8378 - BBB_GRAPHQL_MIDDLEWARE_REDIS_ADDRESS: 10.7.7.5:6379 - BBB_GRAPHQL_MIDDLEWARE_HASURA_WS: ws://bbb-graphql-server:8080/v1/graphql networks: bbb-net: ipv4_address: 10.7.7.32 @@ -442,8 +318,7 @@ services: build: mod/periodic image: alangecker/bbb-docker-periodic:v2.7.0 restart: unless-stopped - depends_on: - - mongodb + volumes: - /var/run/docker.sock:/var/run/docker.sock - ./data/bigbluebutton:/var/bigbluebutton @@ -469,7 +344,7 @@ services: - bbb-conf=./repos/bigbluebutton/bigbluebutton-config args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - TAG_BBB_PRESENTATION_VIDEO: "4.0.3" + TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2" image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -648,7 +523,6 @@ services: volumes: - html5-static: {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} ssl_data: {{end}} diff --git a/mod/apps-akka/Dockerfile b/mod/apps-akka/Dockerfile index 6d9df35..6d4bf57 100644 --- a/mod/apps-akka/Dockerfile +++ b/mod/apps-akka/Dockerfile @@ -19,13 +19,25 @@ RUN cd /source \ # =================================================== + +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings +RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq +COPY --from=src-config /settings.yml /settings.yml +ARG TAG_BBB +RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml +RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml + + +# =================================================== + FROM alangecker/bbb-docker-base-java +COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl COPY logback.xml /bbb-apps-akka/conf/logback.xml COPY entrypoint.sh /entrypoint.sh +COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml -COPY settings.yml /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml USER bigbluebutton ENTRYPOINT /entrypoint.sh diff --git a/mod/apps-akka/bbb-apps-akka.conf b/mod/apps-akka/bbb-apps-akka.conf index 2a7a474..f145c72 100644 --- a/mod/apps-akka/bbb-apps-akka.conf +++ b/mod/apps-akka/bbb-apps-akka.conf @@ -15,7 +15,7 @@ http { postgres { properties = { - serverName = "10.7.7.22" + serverName = "postgres" portNumber = "5432" databaseName = "bbb_graphql" user = "postgres" diff --git a/mod/apps-akka/entrypoint.sh b/mod/apps-akka/entrypoint.sh index d6d2b5a..033429e 100755 --- a/mod/apps-akka/entrypoint.sh +++ b/mod/apps-akka/entrypoint.sh @@ -1,10 +1,17 @@ #!/bin/sh -e +# bbb-apps-akka.conf TARGET=/etc/bigbluebutton/bbb-apps-akka.conf cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET sed -i "s/DOMAIN/$DOMAIN/" $TARGET sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET + +# settings.yml +TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml +yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET +yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET + cd /bbb-apps-akka /bbb-apps-akka/bin/bbb-apps-akka \ No newline at end of file diff --git a/mod/apps-akka/settings.yml b/mod/apps-akka/settings.yml deleted file mode 100644 index 58c4cef..0000000 --- a/mod/apps-akka/settings.yml +++ /dev/null @@ -1,7 +0,0 @@ -# just the default values required for gettting apps-akka running - -# use ./conf/sertings.yml for modifying anything -public: - plugins: [] - userReaction: - expire: 30 \ No newline at end of file diff --git a/mod/bbb-graphql-actions/Dockerfile b/mod/bbb-graphql-actions/Dockerfile index 97c2a61..ab1b441 100644 --- a/mod/bbb-graphql-actions/Dockerfile +++ b/mod/bbb-graphql-actions/Dockerfile @@ -16,7 +16,7 @@ RUN cd /src/dist && \ # ------------------------------ -FROM node:18-bookworm-slim +FROM node:22-bookworm-slim COPY --from=builder /src/dist /app @@ -29,4 +29,6 @@ WORKDIR /app ENV SERVER_HOST 0.0.0.0 +ENV NODE_ENV=production + CMD [ "node", "/app/bbb-graphql-actions.js" ] \ No newline at end of file diff --git a/mod/bbb-graphql-middleware/Dockerfile b/mod/bbb-graphql-middleware/Dockerfile index 22244e3..763ee1a 100644 --- a/mod/bbb-graphql-middleware/Dockerfile +++ b/mod/bbb-graphql-middleware/Dockerfile @@ -2,10 +2,11 @@ ARG BBB_BUILD_TAG FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder COPY --from=src / /src/ -RUN cd /src/ && ./local-build.sh - +RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go # ------------------------------ FROM alpine COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware +COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml +COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml CMD [ "/app/bbb-graphql-middleware" ] \ No newline at end of file diff --git a/mod/bbb-graphql-middleware/config.yml b/mod/bbb-graphql-middleware/config.yml new file mode 100644 index 0000000..3740d32 --- /dev/null +++ b/mod/bbb-graphql-middleware/config.yml @@ -0,0 +1,15 @@ +server: + listen_host: 0.0.0.0 + listen_port: 8378 +redis: + host: redis + port: 6379 + password: "" +hasura: + url: ws://bbb-graphql-server:8085/v1/graphql +graphql-actions: + url: http://bbb-graphql-actions:8093 +auth_hook: + url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization +session_vars_hook: + url: http://apps-akka:8901/userInfo \ No newline at end of file diff --git a/mod/bbb-graphql-server/Dockerfile b/mod/bbb-graphql-server/Dockerfile index f39bf7d..3c087cc 100644 --- a/mod/bbb-graphql-server/Dockerfile +++ b/mod/bbb-graphql-server/Dockerfile @@ -1,17 +1,18 @@ ARG BBB_BUILD_TAG +ARG GRAPHQL_ENGINE_TAG FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder -RUN mkdir -p /hasura-cli && cd /hasura-cli && npm install hasura-cli +RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq # ---------------------------- -FROM hasura/graphql-engine:v2.36.0 +FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG -# install netstat +# install netstat, required for start script RUN apt-get update && apt-get install -y net-tools gosu COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq -COPY --from=builder /hasura-cli/node_modules/hasura-cli/hasura /usr/local/bin/hansura +COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura COPY --from=src /bbb_schema.sql /app/ COPY --from=src /metadata /app/metadata diff --git a/mod/bbb-graphql-server/config.yaml b/mod/bbb-graphql-server/config.yaml index 183404e..cd39dc2 100644 --- a/mod/bbb-graphql-server/config.yaml +++ b/mod/bbb-graphql-server/config.yaml @@ -1,5 +1,5 @@ version: 3 -endpoint: http://localhost:8080 +endpoint: http://localhost:8085 admin_secret: bigbluebutton metadata_directory: metadata actions: diff --git a/mod/bbb-graphql-server/entrypoint.sh b/mod/bbb-graphql-server/entrypoint.sh index ff281dd..096d49c 100755 --- a/mod/bbb-graphql-server/entrypoint.sh +++ b/mod/bbb-graphql-server/entrypoint.sh @@ -12,11 +12,16 @@ export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGR export HASURA_GRAPHQL_LOG_LEVEL=warn export HASURA_GRAPHQL_ENABLE_CONSOLE=false export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250 +export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000 export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100 -export HASURA_GRAPHQL_ADMIN_SECRET=bigbluebutton # TODO: improve security +export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000 +export HASURA_GRAPHQL_SERVER_PORT=8085 export HASURA_GRAPHQL_ENABLE_TELEMETRY=false -export HASURA_GRAPHQL_AUTH_HOOK=http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization +export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10 +export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093 +export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql + exec $@ \ No newline at end of file diff --git a/mod/bbb-graphql-server/start.sh b/mod/bbb-graphql-server/start.sh index 2579684..5fc3354 100755 --- a/mod/bbb-graphql-server/start.sh +++ b/mod/bbb-graphql-server/start.sh @@ -1,12 +1,13 @@ #!/bin/bash +set -e cd /app/ # patch database url -# TODO: this should be possible via an environment variable -yq e -i '.[1].configuration.connection_info.database_url.connection_parameters.host = "postgres"' metadata/databases/databases.yaml -yq e -i ".[1].configuration.connection_info.database_url.connection_parameters.password = \"${POSTGRES_PASSWORD}\"" metadata/databases/databases.yaml +# TODO: this should be possible upstream in BBB via an environment variable +yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml +sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql @@ -27,13 +28,12 @@ sleep 1 #Check if Hasura is ready before applying metadata -HASURA_PORT=8080 -while ! netstat -tuln | grep ":$HASURA_PORT " > /dev/null; do - echo "Waiting for Hasura's port ($HASURA_PORT) to be ready..." +while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do + echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..." sleep 1 done echo "Applying new metadata to Hasura" -/usr/local/bin/hansura metadata apply --skip-update-check +/usr/local/bin/hasura metadata apply --skip-update-check wait "$PID" \ No newline at end of file diff --git a/mod/bbb-web/Dockerfile b/mod/bbb-web/Dockerfile index 1b636ec..e5fefa5 100644 --- a/mod/bbb-web/Dockerfile +++ b/mod/bbb-web/Dockerfile @@ -47,12 +47,10 @@ COPY --from=builder /dist /usr/share/bbb-web COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh -COPY mocked-ps /usr/bin/ps - # add entrypoint and templates COPY entrypoint.sh /entrypoint.sh COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl -COPY turn-stun-servers.xml /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl +COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties index 2c51aad..1604d0d 100644 --- a/mod/bbb-web/bbb-web.properties +++ b/mod/bbb-web/bbb-web.properties @@ -14,7 +14,7 @@ securitySalt={{ .Env.SHARED_SECRET }} redisHost=redis {{ if isTrue .Env.DEV_MODE }} -beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf +beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf # fetch presentations without HTTPS presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation {{else}} diff --git a/mod/bbb-web/entrypoint.sh b/mod/bbb-web/entrypoint.sh index 346fac7..f3d7f56 100755 --- a/mod/bbb-web/entrypoint.sh +++ b/mod/bbb-web/entrypoint.sh @@ -23,7 +23,7 @@ echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCE cd /usr/share/bbb-web/ dockerize \ -template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \ - -template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \ + -template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \ gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher diff --git a/mod/bbb-web/logback.xml b/mod/bbb-web/logback.xml index 8fb5838..def4f59 100644 --- a/mod/bbb-web/logback.xml +++ b/mod/bbb-web/logback.xml @@ -22,7 +22,7 @@ - + diff --git a/mod/bbb-web/mocked-ps b/mod/bbb-web/mocked-ps deleted file mode 100755 index bb67da3..0000000 --- a/mod/bbb-web/mocked-ps +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -echo "(mocked-ps for HTML5LoadBalancingService.java)" - -# fake random process load to distribute meetings equally -for i in `seq $(cat /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES)`; do - randomLoad=$(echo $(( $RANDOM % 100 ))) - echo " $randomLoad.1 /usr/share/node-v12.16.1-linux-x64/bin/node main.js NODEJS_BACKEND_INSTANCE_ID=$i" -done diff --git a/mod/etherpad/settings.json b/mod/etherpad/settings.json index 42466c5..4e23f31 100644 --- a/mod/etherpad/settings.json +++ b/mod/etherpad/settings.json @@ -539,7 +539,7 @@ "windowMs": 90000, // maximum number of requests per IP to allow during the rate limit window - "max": 16 + "max": 32 }, /* diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile index e57a58b..0153763 100644 --- a/mod/freeswitch/Dockerfile +++ b/mod/freeswitch/Dockerfile @@ -28,7 +28,7 @@ RUN cd /build && ./build.sh # add english sounds RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \ - wget http://bigbluebutton.org/downloads/sounds.tar.gz -O sounds.tar.gz && \ + wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \ tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \ wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \ unzip mute-and-unmute-sounds-master.zip && \ diff --git a/mod/freeswitch/conf/autoload_configs/acl.conf.xml b/mod/freeswitch/conf/autoload_configs/acl.conf.xml deleted file mode 100644 index 78628d8..0000000 --- a/mod/freeswitch/conf/autoload_configs/acl.conf.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml b/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml index 664aa8f..6d7d4d7 100644 --- a/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml +++ b/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml @@ -4,7 +4,7 @@ - + - \ No newline at end of file + diff --git a/mod/freeswitch/conf/autoload_configs/modules.conf.xml b/mod/freeswitch/conf/autoload_configs/modules.conf.xml index 36f5d4b..f05aa52 100644 --- a/mod/freeswitch/conf/autoload_configs/modules.conf.xml +++ b/mod/freeswitch/conf/autoload_configs/modules.conf.xml @@ -2,6 +2,7 @@ + diff --git a/mod/freeswitch/conf/dialplan/public.xml b/mod/freeswitch/conf/dialplan/public.xml deleted file mode 100644 index ac355dc..0000000 --- a/mod/freeswitch/conf/dialplan/public.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml b/mod/freeswitch/conf/sip_profiles/external-ipv6.xml deleted file mode 100644 index 834441b..0000000 --- a/mod/freeswitch/conf/sip_profiles/external-ipv6.xml +++ /dev/null @@ -1,113 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/sip_profiles/external.xml b/mod/freeswitch/conf/sip_profiles/external.xml deleted file mode 100644 index d8073f7..0000000 --- a/mod/freeswitch/conf/sip_profiles/external.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/mod/freeswitch/conf/vars.xml.tmpl b/mod/freeswitch/conf/vars.xml.tmpl index b31edeb..98dcb84 100644 --- a/mod/freeswitch/conf/vars.xml.tmpl +++ b/mod/freeswitch/conf/vars.xml.tmpl @@ -1,12 +1,15 @@ - @@ -15,6 +18,7 @@ The following variables are set dynamically - calculated if possible by freeswitch - and are available to the config as $${variable}. You can see their calculated value via fs_cli by entering eval $${variable} + hostname local_ip_v4 local_mask_v4 @@ -41,21 +45,23 @@ nat_public_addr nat_private_addr nat_type + --> + + - - - - + + @@ -63,6 +69,7 @@ @@ -70,7 +77,9 @@ NOTICE: When using SRTP it's critical that you do not offer or accept variable bit rate codecs, doing so would leak information and possibly compromise your SRTP stream. (FS-6404) + Supported SRTP Crypto Suites: + AEAD_AES_256_GCM_8 ____________________________________________________________________________ This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of @@ -78,6 +87,8 @@ authentication tag with a length of 8 octets (64 bits) is used. An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its corresponding plaintext. + + AEAD_AES_128_GCM_8 ____________________________________________________________________________ This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of @@ -85,6 +96,8 @@ authentication tag with a length of 8 octets (64 bits) is used. An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its corresponding plaintext. + + AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80 ____________________________________________________________________________ AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher @@ -92,18 +105,25 @@ tag. The master-key length is 128 bits and has a default lifetime of a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes first. + + AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32 ____________________________________________________________________________ This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that the authentication tag is 32 bits. The length of the base64-decoded key and salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise, the crypto attribute is considered invalid. + + AES_CM_128_NULL_AUTH ____________________________________________________________________________ The SRTP default cipher (AES-128 Counter Mode), but to use no authentication method. This policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 of [RFC3711]. + + SRTP variables that modify behaviors based on direction/leg: + rtp_secure_media ____________________________________________________________________________ possible values: @@ -112,11 +132,16 @@ forbidden - More useful for inbound to deny SAVP negotiation false - implies forbidden true - implies mandatory + default if not set is accept SAVP inbound if offered. + + rtp_secure_media_inbound | rtp_secure_media_outbound ____________________________________________________________________________ This is the same as rtp_secure_media, but would apply to either inbound or outbound offers specifically. + + How to specify crypto suites: ____________________________________________________________________________ By default without specifying any crypto suites FreeSWITCH will offer @@ -124,29 +149,39 @@ endpoint has in common. If you wish to force specific crypto suites you can do so by appending the suites in a comma separated list in the order that you wish to offer them in. + Examples: + rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32 rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80 rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80 + Additionally you can narrow this down on either inbound or outbound by specifying as so: + rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8 rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8 rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8 rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8 + + rtp_secure_media_suites ____________________________________________________________________________ - Optionaly you can use rtp_secure_media_suites to dictate the suite list + Optionally you can use rtp_secure_media_suites to dictate the suite list and only use rtp_secure_media=[optional|mandatory|false|true] without having to dictate the suite list with the rtp_secure_media* variables. --> @@ -232,7 +274,9 @@ @@ -256,7 +301,7 @@ If unspecified, the bind_server_ip value is used. Used by: sofia.conf.xml dingaling.conf.xml --> - + - + @@ -342,6 +389,7 @@ @@ -354,16 +402,21 @@ @@ -380,7 +433,7 @@ - + @@ -395,4 +448,5 @@ - \ No newline at end of file + + diff --git a/mod/fsesl-akka/bbb-fsesl-akka.conf b/mod/fsesl-akka/bbb-fsesl-akka.conf index ed1b475..12acb3e 100644 --- a/mod/fsesl-akka/bbb-fsesl-akka.conf +++ b/mod/fsesl-akka/bbb-fsesl-akka.conf @@ -4,13 +4,13 @@ include "/bbb-fsesl-akka/conf/application.conf" freeswitch { esl { - host="10.7.7.1" + host="freeswitch" password="FSESL_PASSWORD" } } redis { - host="10.7.7.5" + host="redis" } http { diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile deleted file mode 100644 index 7b050b6..0000000 --- a/mod/html5/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - -# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor -# USER meteor - -COPY --from=source ./ /source -RUN cd /source && meteor npm ci --production \ - && METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \ - && rm -rf /source - -RUN cd /app/bundle/programs/server \ - && npm install --production - -RUN mkdir -p /app/bundle/programs/web.browser/app/files && \ - cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/ - -ARG TAG_BBB -RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \ - && find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \ - && find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \ - && find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \; - -# ------------------------------ - -FROM node:18-bookworm-slim - -RUN apt-get update && apt-get install -y gosu - -# add user & group -RUN groupadd -g 2000 meteor \ - && useradd -m -u 2001 -g meteor meteor - -COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize -COPY --from=builder --chown=meteor:meteor /app/bundle /app -COPY entrypoint.sh /entrypoint.sh -COPY bbb-html5.yml /app/bbb-html5.yml.tmpl - -# expose TAG_BBB in container for the version display -ARG TAG_BBB -ENV TAG_BBB $TAG_BBB - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/mod/html5/Dockerfile.dev b/mod/html5/Dockerfile.dev deleted file mode 100644 index 21ad85c..0000000 --- a/mod/html5/Dockerfile.dev +++ /dev/null @@ -1,16 +0,0 @@ -ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - - -RUN curl https://install.meteor.com/\?release\=2.13 | sh - - -COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize - -# make /root/.meteor accessible for user -RUN chmod 777 /root /root/.meteor - -COPY entrypoint.dev.sh /entrypoint.dev.sh - -ENTRYPOINT ["/entrypoint.dev.sh"] - diff --git a/mod/html5/bbb-html5.yml b/mod/html5/bbb-html5.yml deleted file mode 100644 index 85decd3..0000000 --- a/mod/html5/bbb-html5.yml +++ /dev/null @@ -1,25 +0,0 @@ -public: - app: - html5ClientBuild: {{ .Env.TAG_BBB }} - bbbServerVersion: {{ .Env.TAG_BBB }}-docker - listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }} - skipCheck: {{ .Env.DISABLE_ECHO_TEST }} - clientTitle: {{ .Env.CLIENT_TITLE }} - appName: BigBlueButton HTML5 Client (docker) - breakouts: - breakoutRoomLimit: {{ .Env.BREAKOUTROOM_LIMIT }} - kurento: - wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu - autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }} - skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }} - chat: - enabled: {{ .Env.CHAT_ENABLED }} - startClosed: {{ .Env.CHAT_START_CLOSED }} - pads: - url: https://{{ .Env.DOMAIN }}/pad -private: - app: - host: 0.0.0.0 - redis: - host: redis - port: '6379' diff --git a/mod/html5/entrypoint.dev.sh b/mod/html5/entrypoint.dev.sh deleted file mode 100755 index 6063e6b..0000000 --- a/mod/html5/entrypoint.dev.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -e - -# use /tmp as home dir as writeable directory for whatever UID we get -export HOME=/tmp - - -export MONGO_OPLOG_URL=mongodb://10.7.7.6/local -export MONGO_URL=mongodb://10.7.7.6/meteor -export ROOT_URL=http://127.0.0.1/html5client -export BIND_IP=0.0.0.0 -export LANG=en_US.UTF-8 -export BBB_HTML5_LOCAL_SETTINGS=/tmp/bbb-html5.yml - -echo "DEV_MODE=true, disable TLS certificate rejecting" -export NODE_TLS_REJECT_UNAUTHORIZED=0 - - -if [ ! -f "/tmp/.meteor/copy-done" ]; then - echo "# copying over .meteor from docker image... (this might take some minutes)" - cp -a /root/.meteor/* /tmp/.meteor - touch /tmp/.meteor/copy-done -fi - -cd /app -echo "# meteor npm install" -meteor npm install - -echo "# npm start" -dockerize \ - -template /tmp/bbb-html5.yml.tmpl:/tmp/bbb-html5.yml \ - npm start diff --git a/mod/html5/entrypoint.sh b/mod/html5/entrypoint.sh deleted file mode 100755 index f6c007b..0000000 --- a/mod/html5/entrypoint.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -set -e - -cd /app -export MONGO_OPLOG_URL=mongodb://10.7.7.6/local -export MONGO_URL=mongodb://10.7.7.6/meteor -export ROOT_URL=http://127.0.0.1/html5client -export NODE_ENV=production -export SERVER_WEBSOCKET_COMPRESSION='{"level":5, "maxWindowBits":13, "memLevel":7, "requestMaxWindowBits":13}' -export BIND_IP=0.0.0.0 -export LANG=en_US.UTF-8 -export INSTANCE_MAX=1 -export ENVIRONMENT_TYPE=production -export NODE_VERSION=node-v14.21.1-linux-x64 -export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml - -if [ "$BBB_HTML5_ROLE" == "backend" ]; then - PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID -fi - - -# if container is the first frontend, do some additional tasks -if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then - - - # copy static files into volume for direct access by nginx - # https://github.com/bigbluebutton/bigbluebutton/issues/10739 - if [ -d "/html5-static" ]; then - rm -rf /html5-static/* - cp -r /app/programs/web.browser/* /html5-static - fi - -fi - -dockerize \ - -template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \ - gosu meteor \ - node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM diff --git a/mod/livekit/livekit.yaml b/mod/livekit/livekit.yaml new file mode 100644 index 0000000..55653f3 --- /dev/null +++ b/mod/livekit/livekit.yaml @@ -0,0 +1,15 @@ +port: 7880 +log_level: debug +# when enabled, LiveKit will expose prometheus metrics on :6789/metrics +#prometheus_port: 6789 +rtc: + port_range_start: 16384 + port_range_end: 32768 + use_external_ip: false +redis: + # redis is recommended for production deploys + address: redis:6379 + +keys: + # TODO: change keys + TEST: TEST diff --git a/mod/mongo/init-replica.sh b/mod/mongo/init-replica.sh deleted file mode 100755 index da06dfd..0000000 --- a/mod/mongo/init-replica.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -set -e - - -host=${HOSTNAME:-$(hostname -f)} - -# shut down again -mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown -# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6 -mongod --oplogSize 8 --replSet rs0 --noauth \ - --config /tmp/docker-entrypoint-temp-config.json \ - --bind_ip 0.0.0.0 --port 27017 \ - --tlsMode disabled \ - --logpath /proc/1/fd/1 --logappend \ - --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork - -# init replset with defaults -mongosh 10.7.7.6 --eval "rs.initiate({ - _id: 'rs0', - members: [ { _id: 0, host: '10.7.7.6:27017' } ] -})" - -echo "Waiting to become a master" -echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongosh - -echo "I'm the master!" \ No newline at end of file diff --git a/mod/mongo/mongod.conf b/mod/mongo/mongod.conf deleted file mode 100644 index f791065..0000000 --- a/mod/mongo/mongod.conf +++ /dev/null @@ -1,33 +0,0 @@ -# mongod.conf - -# for documentation of all options, see: -# http://docs.mongodb.org/manual/reference/configuration-options/ - -storage: - dbPath: /data/db - journal: - enabled: true - wiredTiger: - engineConfig: - cacheSizeGB: 1 - journalCompressor: none - directoryForIndexes: true - collectionConfig: - blockCompressor: none - indexConfig: - prefixCompression: false - - -net: - port: 27017 - bindIp: 0.0.0.0 - - -replication: - replSetName: rs0 - -setParameter: - diagnosticDataCollectionEnabled: false - -security: - javascriptEnabled: false diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile index 091ebde..692f88f 100644 --- a/mod/nginx/Dockerfile +++ b/mod/nginx/Dockerfile @@ -1,20 +1,29 @@ ARG BBB_BUILD_TAG -FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder - -# -------------------- - +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard COPY --from=src-learning-dashboard / /bbb-learning-dashboard RUN cd /bbb-learning-dashboard && npm ci && npm run build + +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback COPY --from=src-playback / /bbb-playback RUN cd /bbb-playback && npm install && npm run-script build +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5 +COPY --from=src-html5 / /source +RUN cd /source && CI=true npm ci +RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build +RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \ + && find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \ + && find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \; + # -------------------- FROM nginx:1.25-alpine -COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/ -COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3 +COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/ +COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3 +COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/ COPY ./bbb /etc/nginx/bbb COPY ./bigbluebutton /etc/nginx/conf.d/default.conf +COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf COPY ./nginx.conf /etc/nginx/nginx.conf diff --git a/mod/nginx/bbb-graphql-client-settings-cache.conf b/mod/nginx/bbb-graphql-client-settings-cache.conf new file mode 100644 index 0000000..fbea8b7 --- /dev/null +++ b/mod/nginx/bbb-graphql-client-settings-cache.conf @@ -0,0 +1 @@ +proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off; \ No newline at end of file diff --git a/mod/nginx/bbb-html5.dev.nginx b/mod/nginx/bbb-html5.dev.nginx deleted file mode 100644 index 2ed5689..0000000 --- a/mod/nginx/bbb-html5.dev.nginx +++ /dev/null @@ -1,6 +0,0 @@ -location /html5client { - proxy_pass http://10.7.7.200:4100; # use for production - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; -} diff --git a/mod/nginx/bbb/bbb-html5.nginx b/mod/nginx/bbb/bbb-html5.nginx index 9b0ab89..e62c047 100644 --- a/mod/nginx/bbb/bbb-html5.nginx +++ b/mod/nginx/bbb/bbb-html5.nginx @@ -1,49 +1,13 @@ -location @html5client { - proxy_pass http://poolhtml5servers; # use for production - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; +# running in production (static assets) +location /html5client { + gzip_static on; + alias /usr/share/bigbluebutton/html5-client/; + index index.html; + try_files $uri $uri/ =404; } location /html5client/locales { - alias /html5-static/app/locales; + alias /usr/share/bigbluebutton/html5-client/locales; + autoindex on; + autoindex_format json; } - -location /html5client/compatibility { - gzip_static on; - alias /html5-static/app/compatibility; -} - -location /html5client/resources { - alias /html5-static/app/resources; -} - -location /html5client/svgs { - alias /html5-static/app/svgs; -} - -location /html5client/fonts { - alias /html5-static/app/fonts; -} - -location /html5client/files { - alias /html5-static/app/files; -} - -location /html5client/wasm { - types { - application/wasm wasm; - } - gzip_static on; - alias /html5-static/app/wasm; -} - -location /html5client { - gzip_static on; - alias /html5-static; - try_files $uri @html5client; -} - -location /html5client/sockjs { - try_files $uri @html5client; -} \ No newline at end of file diff --git a/mod/nginx/bbb/graphql.nginx b/mod/nginx/bbb/graphql.nginx index d80c636..91ca2ff 100644 --- a/mod/nginx/bbb/graphql.nginx +++ b/mod/nginx/bbb/graphql.nginx @@ -1,24 +1,39 @@ -location /graphql-test { - proxy_pass http://127.0.0.1:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; -} - # Websocket connection -location /v1/graphql { +location /graphql { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; - #proxy_pass http://127.0.0.1:8080; #Hasura - proxy_pass http://10.7.7.32:8378; #Graphql Middleware + #proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql) + proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware } -location /api/rest { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8080; #Hasura +#Set cache system for client settings +location /api/rest/clientSettings { + auth_request /bigbluebutton/connection/checkGraphqlAuthorization; + auth_request_set $meeting_id $sent_http_meeting_id; + + proxy_cache client_settings_cache; + proxy_cache_key "$uri|$meeting_id"; + proxy_cache_use_stale updating; + proxy_cache_valid 24h; + proxy_cache_lock on; + add_header X-Cached $upstream_cache_status; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://bbb-graphql-server:8085; #Hasura +} + +location /api/rest/userMetadata { + auth_request /bigbluebutton/connection/checkGraphqlAuthorization; + auth_request_set $meeting_id $sent_http_meeting_id; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://bbb-graphql-server:8085; #Hasura } diff --git a/mod/nginx/bbb/learning-dashboard.nginx b/mod/nginx/bbb/learning-dashboard.nginx index 2b78e2a..f0b4fc3 100644 --- a/mod/nginx/bbb/learning-dashboard.nginx +++ b/mod/nginx/bbb/learning-dashboard.nginx @@ -1,8 +1,3 @@ -location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) { - alias /var/bigbluebutton/learning-dashboard/$1/$2; - autoindex off; -} - location /learning-analytics-dashboard/ { alias /www/learning-analytics-dashboard/; autoindex off; diff --git a/mod/nginx/bbb/livekit.nginx b/mod/nginx/bbb/livekit.nginx new file mode 100644 index 0000000..c295562 --- /dev/null +++ b/mod/nginx/bbb/livekit.nginx @@ -0,0 +1,11 @@ +location /livekit/ { + proxy_pass http://127.0.0.1:7880/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + proxy_read_timeout 60s; + proxy_send_timeout 60s; + client_body_timeout 60s; + send_timeout 60s; +} diff --git a/mod/nginx/bbb/notes.nginx b/mod/nginx/bbb/notes.nginx index bc37eed..4965d2d 100644 --- a/mod/nginx/bbb/notes.nginx +++ b/mod/nginx/bbb/notes.nginx @@ -15,7 +15,7 @@ location /pad/p/ { proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used proxy_http_version 1.1; auth_request /bigbluebutton/connection/checkAuthorization; @@ -57,7 +57,7 @@ location /pad/socket.io { proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used proxy_set_header Host $host; # pass the host header proxy_http_version 1.1; # recommended with keepalive connections # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html diff --git a/mod/nginx/bbb/presentation-slides.nginx b/mod/nginx/bbb/presentation-slides.nginx index 1ea4c4f..d90adeb 100644 --- a/mod/nginx/bbb/presentation-slides.nginx +++ b/mod/nginx/bbb/presentation-slides.nginx @@ -20,34 +20,27 @@ # causes tomcat to OOM. (ralam sept 20, 2018) location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/svg\/(?\d+)$ { - default_type image/svg+xml; + default_type image/svg+xml; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } - location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/slide\/(?\d+)$ { - alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/pdf\/(?[A-Za-z0-9]+)\/annotated_slides.pdf$ { + default_type application/pdf; + alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf; + add_header 'Access-Control-Allow-Origin' '*' always; } location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/thumbnail\/(?\d+)$ { - default_type image/png; + default_type image/png; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } location ~^\/bigbluebutton\/presentation\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/(?[A-Za-z0-9\-]+)\/textfiles\/(?\d+)$ { - default_type text/plain; + default_type text/plain; alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt; - if ($bbb_loadbalancer_node) { - add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always; - } + add_header 'Access-Control-Allow-Origin' '*' always; } diff --git a/mod/nginx/bbb/sip.nginx b/mod/nginx/bbb/sip.nginx deleted file mode 100644 index ee4993e..0000000 --- a/mod/nginx/bbb/sip.nginx +++ /dev/null @@ -1,15 +0,0 @@ -location /ws { - proxy_pass https://$freeswitch_addr:7443; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Ssl on; - proxy_read_timeout 6h; - proxy_send_timeout 6h; - client_body_timeout 6h; - send_timeout 6h; - - auth_request /bigbluebutton/connection/checkAuthorization; - auth_request_set $auth_status $upstream_status; -} \ No newline at end of file diff --git a/mod/nginx/bbb/web.nginx b/mod/nginx/bbb/web.nginx index 7e6f209..b7c9e69 100755 --- a/mod/nginx/bbb/web.nginx +++ b/mod/nginx/bbb/web.nginx @@ -92,6 +92,16 @@ proxy_set_header X-Original-URI $request_uri; } + location = /bigbluebutton/connection/checkGraphqlAuthorization { + internal; + proxy_pass http://bbb-web:8090; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + # this is required for CORS preflight checks in cluster setup + proxy_set_header X-Original-Method $request_method; + } + location = /bigbluebutton/connection/legacyCheckAuthorization { internal; proxy_pass http://bbb-web:8090; @@ -149,6 +159,18 @@ proxy_set_header X-Original-URI $request_uri; } + location /bigbluebutton/ping { + default_type text/plain; + add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; + add_header Pragma "no-cache"; + add_header Expires "0"; + # this Header is required for cluster setups as the ping check is a + # CORS request. No cookies are required so we can just allow anyone + # to use this endpoint. + add_header 'Access-Control-Allow-Origin' '*'; + return 200 ""; + } + } location @error403 { diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index 759278d..129d2dc 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -1,22 +1,3 @@ -map $remote_addr $freeswitch_addr { - "~:" [::1]; - default 10.7.7.1; -} - -upstream poolhtml5servers { - zone poolhtml5servers 32k; - least_conn; - server 10.7.7.200:4100 fail_timeout=10s max_fails=4 backup; - server 10.7.7.201:4101 fail_timeout=120s max_fails=1; - server 10.7.7.202:4102 fail_timeout=120s max_fails=1; - server 10.7.7.203:4103 fail_timeout=120s max_fails=1; - # TODO: set server list based on NUMBER_OF_FRONTEND_NODEJS_PROCESSES - # server 10.7.7.204:4104 fail_timeout=120s max_fails=1; - # server 10.7.7.205:4105 fail_timeout=120s max_fails=1; - # server 10.7.7.206:4106 fail_timeout=120s max_fails=1; - # server 10.7.7.207:4107 fail_timeout=120s max_fails=1; -} - server { listen 48087 default_server; listen [::]:48087 default_server; @@ -25,6 +6,10 @@ server { absolute_redirect off; root /www/; + # This variable is used instead of $scheme by bigbluebutton nginx include + # files, so $scheme can be overridden in reverse-proxy configurations. + set $real_scheme $scheme; + # opt-out of google's floc tracking # https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea add_header Permissions-Policy "interest-cohort=()"; diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index 7d603fe..69272af 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -7,7 +7,7 @@ RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_ && chmod +x /usr/bin/yq COPY --from=src / /bbb-webhooks -RUN cd /bbb-webhooks && npm install --production +RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git RUN chmod 777 /bbb-webhooks/config # ------------------------------ diff --git a/mod/webhooks/entrypoint.sh b/mod/webhooks/entrypoint.sh index 22107ac..1cd89e0 100755 --- a/mod/webhooks/entrypoint.sh +++ b/mod/webhooks/entrypoint.sh @@ -3,14 +3,14 @@ set -e TARGET=/bbb-webhooks/config/production.yml cp /bbb-webhooks/config/default.example.yml $TARGET -yq e -i ".bbb.sharedSecret = \"$SHARED_SECRET\"" $TARGET -yq e -i ".bbb.serverDomain = \"$DOMAIN\"" $TARGET -yq e -i ".bbb.auth2_0 = true" $TARGET -yq e -i ".server.bind = \"0.0.0.0\"" $TARGET yq e -i ".hooks.getRaw = false" $TARGET -yq e -i ".redis.host = \"redis\"" $TARGET +yq e -i '.modules."../out/webhooks/index.js".config.getRaw = false' $TARGET export NODE_ENV=production +export REDIS_HOST=redis +export SERVER_DOMAIN=$DOMAIN +export BEARER_AUTH=true +export SERVER_BIND_IP=0.0.0.0 cd /bbb-webhooks node app.js diff --git a/mod/webrtc-sfu/Dockerfile b/mod/webrtc-sfu/Dockerfile index 4f8e53c..086b4e9 100644 --- a/mod/webrtc-sfu/Dockerfile +++ b/mod/webrtc-sfu/Dockerfile @@ -27,4 +27,10 @@ RUN mkdir /home/webrtc-sfu && chown -R webrtc-sfu:webrtc-sfu /app/config /home/w USER webrtc-sfu WORKDIR /app + + +COPY config.yaml /etc/bigbluebutton/bbb-webrtc-sfu/production.yml +ENV NODE_ENV=production +ENV NODE_CONFIG_DIR=/app/config/:/etc/bigbluebutton/bbb-webrtc-sfu/ +ENV ALLOW_CONFIG_MUTATIONS=true CMD [ "npm", "start" ] diff --git a/mod/webrtc-sfu/config.yaml b/mod/webrtc-sfu/config.yaml new file mode 100644 index 0000000..50974ea --- /dev/null +++ b/mod/webrtc-sfu/config.yaml @@ -0,0 +1,40 @@ +kurento: [] +redisHost: 10.7.7.5 +clientHost: 10.7.7.1 +recordingAdapter: bbb-webrtc-recorder + +mcs-host: 10.7.7.1 +mcs-address: 10.7.7.1 +freeswitch: + ip: 10.7.7.10 + sip_ip: 10.7.7.10 + port: 5066 + esl_ip: 10.7.7.10 + esl_port: 8021 + +log: + # trace|debug|info|warn|error + level: debug + # Whether to log to stdout + stdout: true + # Whether to log to a file + file: false + +mediasoup: + dedicatedMediaTypeWorkers: + audio: auto + workerBalancing: + strategy: least-loaded + + webrtc: + # announcedIP => it's the host public IPv4 in case the machine is + # behind a 1:1 NAT + # ip => the address on which mediasoup will bind its RTC sockets + listenIps: + - ip: "10.7.7.1" + announcedIp: "10.7.7.1" + + plainRtp: + listenIp: + ip: "0.0.0.0" + announcedIp: "10.7.7.1" \ No newline at end of file diff --git a/repos/bbb-pads b/repos/bbb-pads index 433fe4c..724d55c 160000 --- a/repos/bbb-pads +++ b/repos/bbb-pads @@ -1 +1 @@ -Subproject commit 433fe4c3934edff36cddcfb1e892e323c2fe75ea +Subproject commit 724d55c26b1c94ea22a85b0c7e064f57b54875cb diff --git a/repos/bbb-playback b/repos/bbb-playback index a8f5a72..4e11f93 160000 --- a/repos/bbb-playback +++ b/repos/bbb-playback @@ -1 +1 @@ -Subproject commit a8f5a72a7dc55cc8bab6f980035291b6e8fe5de5 +Subproject commit 4e11f9337cecb36400f8c41caa12431b2667d8bb diff --git a/repos/bbb-webhooks b/repos/bbb-webhooks index 7c0cd8e..a3e2f1f 160000 --- a/repos/bbb-webhooks +++ b/repos/bbb-webhooks @@ -1 +1 @@ -Subproject commit 7c0cd8e6cad144578598f9fa6ea2d9ab78af560b +Subproject commit a3e2f1fe2f12bd9d0be86a8afac71b2a82455269 diff --git a/repos/bbb-webrtc-sfu b/repos/bbb-webrtc-sfu index fe901bd..6fbde34 160000 --- a/repos/bbb-webrtc-sfu +++ b/repos/bbb-webrtc-sfu @@ -1 +1 @@ -Subproject commit fe901bd15cadcb33f935900f804926f36793c48d +Subproject commit 6fbde34c357ba656741842048e936611faf45a09 diff --git a/repos/bigbluebutton b/repos/bigbluebutton index b674477..c36e394 160000 --- a/repos/bigbluebutton +++ b/repos/bigbluebutton @@ -1 +1 @@ -Subproject commit b674477a40a3060738219d8a58915f1bcaf8738b +Subproject commit c36e394e4aaa6be6c429222b7c9a86a8945b5563 diff --git a/repos/freeswitch b/repos/freeswitch index 4cb05e7..a88d069 160000 --- a/repos/freeswitch +++ b/repos/freeswitch @@ -1 +1 @@ -Subproject commit 4cb05e7f4a23645ec387f3b5391194128be7d193 +Subproject commit a88d069d6ffb74df797bcaf001f7e63181c07a09 diff --git a/repos/tags b/repos/tags index b569c71..1857b3b 100644 --- a/repos/tags +++ b/repos/tags @@ -5,9 +5,9 @@ repos/bbb-etherpad-plugin 068ded5 repos/bbb-etherpad-skin 8328b77 -repos/bbb-pads v1.5.2 -repos/bbb-playback v5.0.2 -repos/bbb-webhooks v2.6.1 -repos/bbb-webrtc-sfu v2.12.0 -repos/bigbluebutton v2.7.3 -repos/freeswitch v1.10.10 +repos/bbb-pads v1.5.3 +repos/bbb-playback v5.1.3 +repos/bbb-webhooks v3.3.0 +repos/bbb-webrtc-sfu v2.17.0-alpha.1 +repos/bigbluebutton v3.0.0-beta.5 +repos/freeswitch v1.10.12 diff --git a/sample.env b/sample.env index 4913308..09301ee 100644 --- a/sample.env +++ b/sample.env @@ -82,8 +82,6 @@ SIP_IP_ALLOWLIST= # CUSTOMIZATION # ==================================== -CLIENT_TITLE=BigBlueButton - # use following lines to replace the default welcome message and footer WELCOME_MESSAGE="Welcome to %%CONFNAME%%!

For help on using BigBlueButton see these (short) tutorial videos.

To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others." WELCOME_FOOTER="This server is running BigBlueButton." @@ -112,52 +110,15 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf # - zh-hk-sinmei - Chinese/Hong Kong Sinmei SOUNDS_LANGUAGE=en-us-callie -# set to false to disable listenOnlyMode -LISTEN_ONLY_MODE=true - -# set to true to disable echo test -DISABLE_ECHO_TEST=false - -# set to true to automatically share webcam -AUTO_SHARE_WEBCAM=false - -# set to true to disable video preview for webcam sharing -DISABLE_VIDEO_PREVIEW=false - -# set to false to disable chat -CHAT_ENABLED=true - -# set to true to start chat closed -CHAT_START_CLOSED=false - # set to true to disable announcements "You are now (un-)muted" DISABLE_SOUND_MUTED=false # set to true to disable announcement "You are the only person in this conference" DISABLE_SOUND_ALONE=false -# maximum count of breakout rooms per meeting -# Warning: increasing the limit of breakout rooms per meeting -# can generate excessive overhead to the server. We recommend -# this value to be kept under 12. -BREAKOUTROOM_LIMIT=8 - # set to false to disable the learning dashboard ENABLE_LEARNING_DASHBOARD=true -# ==================================== -# Tuning -# ==================================== -# Default = 2; Min = 1; Max = 4 -# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events -NUMBER_OF_BACKEND_NODEJS_PROCESSES=2 - -# Default = 2; Min = 1; Max = 8 -# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings -# stretching the recommended number of users in BigBlueButton -NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2 - - # ==================================== # GREENLIGHT CONFIGURATION # ==================================== diff --git a/scripts/dev b/scripts/dev index bbb59a5..fd3a97e 100755 --- a/scripts/dev +++ b/scripts/dev @@ -4,6 +4,15 @@ set -e cd "$(dirname "$0")/.." . scripts/functions.sh +ensure_bbbhtml5yml + +create_dev_env () { + cp dev.env .env + sed -i "s/BBB_DEV_UID=.*/BBB_DEV_UID=$(id -u)/" .env + sed -i "s/BBB_DEV_GID=.*/BBB_DEV_GID=$(id -g)/" .env + load_env +} + if [ -f ".env" ]; then load_env if [[ "$DEV_MODE" == "" ]]; then @@ -13,7 +22,7 @@ if [ -f ".env" ]; then response=${response,,} # tolower if [[ $response =~ ^(y| ) ]] || [[ -z $response ]]; then cp .env .env.bak - cp dev.env .env + create_dev_env else echo "we can't continue with a .env file configured as a development environment" exit 1 @@ -21,30 +30,7 @@ if [ -f ".env" ]; then fi else echo "# creating a .env for the dev setup" - cp dev.env .env -fi - -# to avoid any file permission issues we want to run some containers with the same -# UID and GID as the current user -export BBB_DOCKER_USER="$(id -u):$(id -g)" - -# also add it to ~/.zshrc and/or ~/.bashrc so -# that people can also use commands like `docker compose up` -# without that variable being missing -function add_permanent_env { - STR='export BBB_DOCKER_USER="$(id -u):$(id -g)"' - if [ -z "$(grep "$STR" "$1")" ]; then - echo "append" - echo "" >> $1 - echo "# following line got added by bbb-docker" >> $1 - echo "$STR" >> $1 - fi -} -if [ -f "$(realpath ~/.zshrc)" ]; then - add_permanent_env "$(realpath ~/.zshrc)" -fi -if [ -f "$(realpath ~/.bashrc)" ]; then - add_permanent_env "$(realpath ~/.bashrc)" + create_dev_env fi diff --git a/scripts/fs_cli b/scripts/fs_cli index 68c2fc3..f252276 100755 --- a/scripts/fs_cli +++ b/scripts/fs_cli @@ -7,4 +7,4 @@ cd $(dirname $0)/.. . ./scripts/functions.sh load_env -docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.1 -p "$FSESL_PASSWORD" +docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.10 -p "$FSESL_PASSWORD" $@ diff --git a/scripts/functions.sh b/scripts/functions.sh index e899e80..b2a71a0 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -1,5 +1,5 @@ function load_env { - export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs) + export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs) } function ensure_submodules { @@ -16,3 +16,14 @@ function ensure_submodules { } +function ensure_bbbhtml5yml { + if [ ! -f conf/bbb-html5.yml ]; then + + cat << EOF > conf/bbb-html5.yml +# this file equals the /etc/bigbluebutton/bbb-html5.yml file referenced in the docs +public: + app: + appName: BigBlueButton HTML5 Client (docker) +EOF + fi +} \ No newline at end of file diff --git a/scripts/generate-compose b/scripts/generate-compose index 3191f60..bbe4cf3 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -7,6 +7,8 @@ cd $(dirname $0)/.. . scripts/functions.sh load_env +ensure_bbbhtml5yml + # check for non-optional environment variables, # which got introduced later and may miss in existing # .env files during upgrades @@ -41,7 +43,7 @@ function get_tag { } # https://hub.docker.com/r/bigbluebutton/bbb-build -BBB_BUILD_TAG=v3.0.x-release--2023-09-26-152524 +BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114 docker run \ --rm \ @@ -65,7 +67,5 @@ docker run \ -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \ -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \ -e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \ - -e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \ - -e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \ jwilder/dockerize -template /docker-compose.tmpl.yml \ > docker-compose.yml diff --git a/scripts/setup b/scripts/setup index 1667c0d..9392c94 100755 --- a/scripts/setup +++ b/scripts/setup @@ -18,6 +18,7 @@ then exit 1 fi +ensure_bbbhtml5yml EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com) EXTERNAL_IPv6=$(curl -6 -s -m 10 https://icanhazip.com || true) From c298e051fcbfcaed8daa01545a608e598495925a Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 16:31:25 +0100 Subject: [PATCH 15/40] office-conversion: switch from jodconverter to collabora --- docker-compose.tmpl.yml | 16 +++++++--------- mod/bbb-web/office-convert.sh | 22 ++++++++++++++-------- mod/jodconverter/Dockerfile | 17 ----------------- 3 files changed, 21 insertions(+), 34 deletions(-) delete mode 100644 mod/jodconverter/Dockerfile diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index df9c876..af458e1 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -19,6 +19,7 @@ services: - redis - etherpad - bbb-pads + - collabora healthcheck: test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1 start_period: 2m @@ -298,21 +299,18 @@ services: bbb-net: ipv4_address: 10.7.7.32 - jodconverter: - build: mod/jodconverter - image: alangecker/bbb-docker-jodconverter:latest - security_opt: - - 'no-new-privileges:true' + collabora: + image: collabora/code:latest restart: unless-stopped tmpfs: - /tmp - deploy: - resources: - limits: - memory: 512M networks: bbb-net: ipv4_address: 10.7.7.20 + # disable logging (way to verbose) + logging: + driver: none + periodic: build: mod/periodic diff --git a/mod/bbb-web/office-convert.sh b/mod/bbb-web/office-convert.sh index b4c7c9e..f896bfc 100755 --- a/mod/bbb-web/office-convert.sh +++ b/mod/bbb-web/office-convert.sh @@ -7,6 +7,8 @@ PATH="/bin/:/usr/bin/" # Param 1: Input office file path (e.g. "/tmp/test.odt") # Param 2: Output pdf file path (e.g. "/tmp/test.pdf") # Param 3: Destination Format (pdf default) +# Param 4: Timeout (secs) (optional) + if (( $# == 0 )); then echo "Missing parameter 1 (Input office file path)"; exit 1 @@ -16,15 +18,19 @@ elif (( $# == 1 )); then fi; -source="${1}" -dest="${2}" +source="$1" +dest="$2" -#If output format is missing, define PDF +# If output format is missing, define PDF convertTo="${3:-pdf}" -curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \ - -H "accept: application/octet-stream" \ - -H "Content-Type: multipart/form-data" \ - -F "data=@${source}" > "${dest}" +# If timeout is missing, define 60 +timeoutSecs="${4:-60}" +# Truncate timeout to max 3 digits (as expected by sudoers) +timeoutSecs="${timeoutSecs:0:3}" -exit 0 \ No newline at end of file +# The timeout is important. + +timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}" + +exit 0 diff --git a/mod/jodconverter/Dockerfile b/mod/jodconverter/Dockerfile deleted file mode 100644 index 8ae7e27..0000000 --- a/mod/jodconverter/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM ghcr.io/jodconverter/jodconverter-examples:rest -RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections -RUN sed -i 's/main/main contrib/' /etc/apt/sources.list.d/debian.sources && apt-get update -RUN apt-get update && apt -y install --no-install-recommends \ - fonts-arkpandora \ - fonts-crosextra-carlito \ - fonts-crosextra-caladea \ - fonts-noto \ - fonts-noto-cjk \ - fonts-liberation \ - fontconfig \ - ttf-mscorefonts-installer - - -# avoid "APPLICATION FAILED TO START. Config data location '/etc/app/' does not exist" -# https://github.com/bigbluebutton/docker/issues/178 -CMD ["--spring.config.additional-location=optional:/etc/app/"] \ No newline at end of file From 31818062b0de1671f9b2d33a55256178482a6a75 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 19:14:36 +0100 Subject: [PATCH 16/40] webrtc-sfu: announce correct webrtc IP --- docker-compose.tmpl.yml | 5 +++++ mod/webrtc-sfu/config.yaml | 8 -------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index af458e1..fc1d83a 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -177,6 +177,11 @@ services: - freeswitch environment: ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} + {{ if .Env.EXTERNAL_IPv6 }} + MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}]' + {{else}} + MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}]' + {{end}} volumes: - ./data/mediasoup:/var/mediasoup tmpfs: diff --git a/mod/webrtc-sfu/config.yaml b/mod/webrtc-sfu/config.yaml index 50974ea..e06ea17 100644 --- a/mod/webrtc-sfu/config.yaml +++ b/mod/webrtc-sfu/config.yaml @@ -26,14 +26,6 @@ mediasoup: workerBalancing: strategy: least-loaded - webrtc: - # announcedIP => it's the host public IPv4 in case the machine is - # behind a 1:1 NAT - # ip => the address on which mediasoup will bind its RTC sockets - listenIps: - - ip: "10.7.7.1" - announcedIp: "10.7.7.1" - plainRtp: listenIp: ip: "0.0.0.0" From e6c1b47fb238e473cc621dffb3b5a193a9de01c4 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 19:14:56 +0100 Subject: [PATCH 17/40] .gitignore: conf/bbb-html5.yml --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 6032faa..ef811d5 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,5 @@ greenlight-data !.cache/*/.gitkeep data/* !data/.gitkeep + +conf/bbb-html5.yml \ No newline at end of file From 325690e0c15e75b6cfb5b8ad466cdd5d31c62ba6 Mon Sep 17 00:00:00 2001 From: chandi Date: Sun, 24 Nov 2024 21:26:31 +0100 Subject: [PATCH 18/40] v3.0.0-beta.5: recording via bbb-webrtc-recorder and etherpad export --- .gitmodules | 2 +- docker-compose.tmpl.yml | 10 +++-- mod/bbb-web/entrypoint.sh | 10 ++--- mod/bbb-webrtc-recorder/Dockerfile | 23 ++++++----- .../bbb-webrtc-recorder.yml | 39 ------------------- mod/etherpad/etherpad-export.sh | 5 +-- repos/bbb-webrtc-recorder | 1 + 7 files changed, 28 insertions(+), 62 deletions(-) delete mode 100644 mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml create mode 160000 repos/bbb-webrtc-recorder diff --git a/.gitmodules b/.gitmodules index 310486d..5a8521f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -24,4 +24,4 @@ url = https://github.com/bigbluebutton/bbb-pads.git [submodule "repos/bbb-webrtc-recorder"] path = repos/bbb-webrtc-recorder - url = https://github.com/bigbluebutton/bbb-webrtc-recorder + url = https://github.com/bigbluebutton/bbb-webrtc-recorder.git diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index fc1d83a..cdb4a48 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -129,6 +129,7 @@ services: restart: unless-stopped depends_on: - redis + - collabora environment: ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} networks: @@ -377,11 +378,12 @@ services: depends_on: - redis volumes: - - ./mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml:/etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml - ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder - networks: - bbb-net: - ipv4_address: 10.7.7.19 + # WebRTC connection to bbb-webrtc-sfu seem to + # only to work via the external IP + network_mode: host + extra_hosts: + - "redis:10.7.7.5" {{end}} {{ if isTrue .Env.ENABLE_WEBHOOKS }} diff --git a/mod/bbb-web/entrypoint.sh b/mod/bbb-web/entrypoint.sh index f3d7f56..7eddb0f 100755 --- a/mod/bbb-web/entrypoint.sh +++ b/mod/bbb-web/entrypoint.sh @@ -2,6 +2,9 @@ set -e # create recording directory structure if it doesn't exist yet +mkdir -p /var/bigbluebutton/recording/status +mkdir -p /var/bigbluebutton/events +mkdir -p /var/bigbluebutton/recording mkdir -p /var/bigbluebutton/recording/raw mkdir -p /var/bigbluebutton/recording/process mkdir -p /var/bigbluebutton/recording/publish @@ -9,17 +12,14 @@ mkdir -p /var/bigbluebutton/recording/status/recorded mkdir -p /var/bigbluebutton/recording/status/archived mkdir -p /var/bigbluebutton/recording/status/processed mkdir -p /var/bigbluebutton/recording/status/sanity -mkdir -p /var/bigbluebutton/recording/status/ended mkdir -p /var/bigbluebutton/recording/status/published -mkdir -p /var/bigbluebutton/captions/inbox +mkdir -p /var/bigbluebutton/captions mkdir -p /var/bigbluebutton/published -mkdir -p /var/bigbluebutton/published/notes mkdir -p /var/bigbluebutton/deleted mkdir -p /var/bigbluebutton/unpublished +mkdir -p /var/bigbluebutton/basic_stats chown -R bigbluebutton:bigbluebutton /var/bigbluebutton -echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES - cd /usr/share/bbb-web/ dockerize \ -template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \ diff --git a/mod/bbb-webrtc-recorder/Dockerfile b/mod/bbb-webrtc-recorder/Dockerfile index bfe04a0..07fd1c4 100644 --- a/mod/bbb-webrtc-recorder/Dockerfile +++ b/mod/bbb-webrtc-recorder/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.19 as builder +FROM golang:1.21 as builder ARG APP_VERSION=devel ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder @@ -12,24 +12,29 @@ RUN go mod tidy COPY --from=src . ./ -RUN go build -o ./build/bbb-webrtc-recorder \ - -buildvcs=false \ - -ldflags="-X '${GOMOD}/internal.AppVersion=${APP_VERSION}'" \ +RUN APP_VERSION=$(cat ./VERSION | sed 's/ /-/g') \ + go build -o ./build/bbb-webrtc-recorder \ + -ldflags="-X '$GOMOD/internal.AppVersion=v${APP_VERSION1}'" \ ./cmd/bbb-webrtc-recorder -RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder -RUN rm -rf /app +RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder # Running stage FROM debian:bookworm-slim RUN apt-get update && apt-get install -y gosu -# Copy the binary to the production image from the builder stage. -COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder - # use same UID as in the recordings container RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton +# config +ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_ADDRESS=redis:6379 +ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_NETWORK=tcp +ENV BBBRECORDER_DEBUG=true + +# Copy the binary to the production image from the builder stage. +COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder +COPY --from=builder /app/config/bbb-webrtc-recorder.yml /etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml + CMD ["/bin/sh", "-c", "chown -R bigbluebutton:bigbluebutton /var/lib/bbb-webrtc-recorder && gosu bigbluebutton /usr/bin/bbb-webrtc-recorder"] \ No newline at end of file diff --git a/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml b/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml deleted file mode 100644 index 6b284ca..0000000 --- a/mod/bbb-webrtc-recorder/bbb-webrtc-recorder.yml +++ /dev/null @@ -1,39 +0,0 @@ -debug: false - -recorder: - directory: /var/lib/bbb-webrtc-recorder - dirFileMode: 0700 - fileMode: 0600 - -pubsub: - channels: - subscribe: to-bbb-webrtc-recorder - publish: from-bbb-webrtc-recorder - adapter: redis - adapters: - redis: - address: redis:6379 - network: tcp - #password: foobared - -webrtc: - rtcMinPort: 24577 - rtcMaxPort: 32768 - jitterBuffer: 512 - iceServers: - - urls: [] -# Example turn server -# - urls: -# - turn:turnserver.example.org:1234 -# username: webrtc -# credential: turnpassword - -# HTTP server for testing -# (should be disabled in production) -http: - port: 8080 - enable: false - -prometheus: - enable: false - listenAddress: 127.0.0.1:3200 diff --git a/mod/etherpad/etherpad-export.sh b/mod/etherpad/etherpad-export.sh index f23c72e..6bf6e67 100755 --- a/mod/etherpad/etherpad-export.sh +++ b/mod/etherpad/etherpad-export.sh @@ -4,9 +4,6 @@ dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')" convertTo="$7" -curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \ - -H "accept: application/octet-stream" \ - -H "Content-Type: multipart/form-data" \ - -F "data=@$src" > $dest +curl -v -F "data=@${src}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}" exit 0 \ No newline at end of file diff --git a/repos/bbb-webrtc-recorder b/repos/bbb-webrtc-recorder new file mode 160000 index 0000000..b121d3c --- /dev/null +++ b/repos/bbb-webrtc-recorder @@ -0,0 +1 @@ +Subproject commit b121d3caa4ff8101e4d9404247686913b1552fe3 From ca0a159cc0a09dc0dc379c9498d8f2bc28c0cb3b Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 00:35:18 +0100 Subject: [PATCH 19/40] new https proxy based on haproxy, also proxying TURN --- docker-compose.tmpl.yml | 52 +++++--------------- mod/base-java/Dockerfile | 2 +- mod/bbb-web/turn-stun-servers.xml | 32 +++++++++++-- mod/coturn/entrypoint.sh | 31 ------------ mod/coturn/turnserver.conf | 76 +++++++---------------------- mod/haproxy/Dockerfile | 4 ++ mod/haproxy/bootstrap.sh | 26 ++++++++++ mod/haproxy/haproxy.cfg | 80 +++++++++++++++++++++++++++++++ mod/https/force-https.conf | 15 ------ mod/https/site-ipv4only.conf | 33 ------------- mod/https/site.conf | 33 ------------- mod/nginx/bigbluebutton | 6 +++ sample.env | 12 ++--- scripts/generate-compose | 15 ------ scripts/setup | 18 ++----- 15 files changed, 181 insertions(+), 254 deletions(-) delete mode 100755 mod/coturn/entrypoint.sh create mode 100644 mod/haproxy/Dockerfile create mode 100755 mod/haproxy/bootstrap.sh create mode 100644 mod/haproxy/haproxy.cfg delete mode 100644 mod/https/force-https.conf delete mode 100644 mod/https/site-ipv4only.conf delete mode 100644 mod/https/site.conf diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index cdb4a48..4c94dcd 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -31,8 +31,10 @@ services: WELCOME_MESSAGE: ${WELCOME_MESSAGE:-} WELCOME_FOOTER: ${WELCOME_FOOTER} STUN_SERVER: stun:${STUN_IP}:${STUN_PORT} - TURN_SERVER: ${TURN_SERVER:-} + ENABLE_HTTPS_PROXY: ${ENABLE_HTTPS_PROXY:-false} TURN_SECRET: ${TURN_SECRET:-} + TURN_EXT_SERVER: ${TURN_EXT_SERVER:-} + TURN_EXT_SECRET: ${TURN_EXT_SECRET:-} ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }} volumes: @@ -406,32 +408,20 @@ services: {{end}} {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} - # https - https_proxy: - image: valian/docker-nginx-auto-ssl - restart: unless-stopped + + haproxy: + build: mod/haproxy + image: alangecker/bbb-haproxy:2.8.10 volumes: - - ssl_data:/etc/resty-auto-ssl - {{ if .Env.EXTERNAL_IPv6 }} - - ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf - {{else}} - - ./mod/https/site-ipv4only.conf:/etc/nginx/conf.d/bbb-docker.conf - {{end}} - {{ if isTrue .Env.DEV_MODE }} - # allow bbb api access without https - - ./mod/https/force-https.conf:/usr/local/openresty/nginx/conf/force-https.conf - {{end}} + - ./data/haproxy/letsencrypt:/etc/letsencrypt + - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg environment: - {{ if isTrue .Env.DEV_MODE }} - ALLOWED_DOMAINS: "" - {{else}} - ALLOWED_DOMAINS: ${DOMAIN} - {{end}} - RESOLVER_ADDRESS: ${RESOLVER_ADDRESS:-9.9.9.9} + - CERT1=${DOMAIN} + - STAGING=true + - EMAIL=test@chandi.it network_mode: host {{end}} -{{ if isTrue .Env.ENABLE_COTURN }} # coturn coturn: image: coturn/coturn:4.6-alpine @@ -440,20 +430,10 @@ services: - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}" - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - "--static-auth-secret=${TURN_SECRET}" + - "--allowed-peer-ip=${EXTERNAL_IPv4}" volumes: - {{ if isTrue .Env.ENABLE_HTTPS_PROXY }} - - ssl_data:/etc/resty-auto-ssl - {{else}} - - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem - - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem - {{end}} - - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf - environment: - ENABLE_HTTPS_PROXY: - user: root network_mode: host -{{end}} {{ if isTrue .Env.ENABLE_GREENLIGHT }} @@ -526,12 +506,6 @@ services: entrypoint: sh -c 'echo "BIGBLUEBUTTON_RELEASE=2.7.3" > /etc/bigbluebutton/bigbluebutton-release && python server.py' {{end}} - -volumes: -{{ if isTrue .Env.ENABLE_HTTPS_PROXY }} - ssl_data: -{{end}} - networks: bbb-net: ipam: diff --git a/mod/base-java/Dockerfile b/mod/base-java/Dockerfile index 154e876..810feee 100644 --- a/mod/base-java/Dockerfile +++ b/mod/base-java/Dockerfile @@ -16,7 +16,7 @@ RUN groupadd -g 998 bigbluebutton \ && chown bigbluebutton:bigbluebutton /etc/bigbluebutton # add dockerize -ENV DOCKERIZE_VERSION v0.6.1 +ENV DOCKERIZE_VERSION v0.7.0 RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz diff --git a/mod/bbb-web/turn-stun-servers.xml b/mod/bbb-web/turn-stun-servers.xml index e97dcab..3ede32b 100644 --- a/mod/bbb-web/turn-stun-servers.xml +++ b/mod/bbb-web/turn-stun-servers.xml @@ -8,10 +8,26 @@ - {{if .Env.TURN_SERVER }} - - - + + + + + + + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (ne .Env.DOMAIN "10.7.7.1") }} + {{/* ignore when using a self signed certificate in dev mode */}} + + + + + + {{end}} + + + {{if .Env.TURN_EXT_SERVER }} + + + {{end}} @@ -24,8 +40,14 @@ - {{if .Env.TURN_SERVER }} + + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (ne .Env.DOMAIN "10.7.7.1") }} + + {{end}} + + {{if .Env.TURN_EXT_SERVER }} + {{end}} diff --git a/mod/coturn/entrypoint.sh b/mod/coturn/entrypoint.sh deleted file mode 100755 index 62cd126..0000000 --- a/mod/coturn/entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -set -e -apk add jq su-exec -if [ "$ENABLE_HTTPS_PROXY" == true ]; then - - while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ] - do - echo "ERROR: certificate doesn't exist yet." - echo "Certificate gets create on the first request to the HTTPS proxy." - echo "We will try again..." - sleep 10 - done - - # extract cert - cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem - cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem -fi - -if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then - echo "ERROR: certificate not found, but coturn relies on it." - echo "Use either auto HTTPS proxy or" - echo "provide path to certificates in .env file" - exit 1 -fi - -# If command starts with an option, prepend with turnserver binary. -if [ "${1:0:1}" == '-' ]; then - set -- turnserver "$@" -fi - -su-exec nobody $(eval "echo $@") \ No newline at end of file diff --git a/mod/coturn/turnserver.conf b/mod/coturn/turnserver.conf index be71ffe..5cf8e51 100644 --- a/mod/coturn/turnserver.conf +++ b/mod/coturn/turnserver.conf @@ -1,73 +1,29 @@ -# Example coturn configuration for BigBlueButton - -# These are the two network ports used by the TURN server which the client -# may connect to. We enable the standard unencrypted port 3478 for STUN, listening-port=3478 -# and since TLS over SMTP port (465) is now blocked by major browser vendors, -# we reverted to the most common coturn TLS port 5349, which has limitations -# in restrictive firewall environments. For maximum client support run -# coturn on a dedicated host on port 443. -tls-listening-port=5349 +# listening-ip=${INTERNAL_IP:-$IP} +# relay-ip=${INTERNAL_IP:-$IP} -# If the server has multiple IP addresses, you may wish to limit which -# addresses coturn is using. Do that by setting this option (it can be -# specified multiple times). The default is to listen on all addresses. -# You do not normally need to set this option. -#listening-ip=172.17.19.101 +min-port=32769 +max-port=65535 +# verbose -# If the server is behind NAT, you need to specify the external IP address. -# If there is only one external address, specify it like this: -#external-ip=172.17.19.120 -# If you have multiple external addresses, you have to specify which -# internal address each corresponds to, like this. The first address is the -# external ip, and the second address is the corresponding internal IP. -#external-ip=172.17.19.131/10.0.0.11 -#external-ip=172.17.18.132/10.0.0.12 - -# Fingerprints in TURN messages are required for WebRTC fingerprint - -# The long-term credential mechanism is required for WebRTC lt-cred-mech - -# Configure coturn to use the "TURN REST API" method for validating time- -# limited credentials. BigBlueButton will generate credentials in this -# format. Note that the static-auth-secret value specified here must match -# the configuration in BigBlueButton's turn-stun-servers.xml -# You can generate a new random value by running the command: -# openssl rand -hex 16 use-auth-secret -# static-auth-secret= +realm=bbb-docker -# If the realm value is unspecified, it defaults to the TURN server hostname. -# You probably want to configure it to a domain name that you control to -# improve log output. There is no functional impact. -realm=example.com +keep-address-family -# Configure TLS support. -# Adjust these paths to match the locations of your certificate files -cert=/tmp/cert.pem -pkey=/tmp/key.pem -# Limit the allowed ciphers to improve security -# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ -cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" - -# Enable longer DH TLS key to improve security -dh2066 - -# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable -# older protocols +no-cli no-tlsv1 no-tlsv1_1 -# To enable single filename logs you need to enable the simple-log flag -syslog -#verbose +# Block connections to IP ranges which shouldn't be reachable +no-loopback-peers +no-multicast-peers -# Allocate Address Family according -# If enabled then TURN server allocates address family according the TURN -# Client <=> Server communication address family. -# (By default Coturn works according RFC 6156.) -# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!! -keep-address-family + +# we only need to allow peer connections from the machine itself (from mediasoup or freeswitch). +denied-peer-ip=0.0.0.0-255.255.255.255 +denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +allowed-peer-ip=10.7.7.1 diff --git a/mod/haproxy/Dockerfile b/mod/haproxy/Dockerfile new file mode 100644 index 0000000..f172a4b --- /dev/null +++ b/mod/haproxy/Dockerfile @@ -0,0 +1,4 @@ +FROM ghcr.io/tomdess/docker-haproxy-certbot:2.8.10 + +# overwrite bootstrap.sh +COPY bootstrap.sh /bootstrap.sh \ No newline at end of file diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh new file mode 100755 index 0000000..9daef7f --- /dev/null +++ b/mod/haproxy/bootstrap.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -e + +# save container environment variables to use it +# in cron scripts + +declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env + + +if [ "x$CERT1" = "x10.7.7.1" ]; then + # use self signed certificate + if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then + mkdir -p /etc/haproxy/certs + # generate self signed certificate + openssl req -x509 -nodes -days 700 -newkey rsa:2048 \ + -keyout /tmp/domain.key -out /tmp/domain.crt \ + -subj "/C=CA/ST=Quebec/L=Montreal/O=BigBlueButton Development/OU=bbb-docker/CN=10.7.7.1" + + cat /tmp/domain.key /tmp/domain.crt | tee /etc/haproxy/certs/haproxy-10.7.7.1.pem >/dev/null + fi +else + # obtain certificates from lets encrypt + /certs.sh +fi +supervisord -c /etc/supervisord.conf -n \ No newline at end of file diff --git a/mod/haproxy/haproxy.cfg b/mod/haproxy/haproxy.cfg new file mode 100644 index 0000000..d03000f --- /dev/null +++ b/mod/haproxy/haproxy.cfg @@ -0,0 +1,80 @@ +global + log stdout format raw local0 debug + + maxconn 20480 + ############# IMPORTANT ################################# + ## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ## + ## acme-http01-webroot.lua file ## + # chroot /jail ## + ######################################################### + lua-load /etc/haproxy/acme-http01-webroot.lua + # + # SSL options + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS + ssl-default-bind-options ssl-min-ver TLSv1.2 + tune.ssl.default-dh-param 4096 + + + # workaround for bug #14 (Cert renewal blocks HAProxy indefinitely with Websocket connections) + hard-stop-after 3s + + +# DNS runt-time resolution on backend hosts +resolvers docker + nameserver dns "127.0.0.11:53" + +defaults + log global + mode http + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + # option forwardfor + option httplog + + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + + # never fail on address resolution + default-server init-addr last,libc,none + +frontend http + bind *:80,[::]:80 + mode http + acl url_acme_http01 path_beg /.well-known/acme-challenge/ + http-request use-service lua.acme-http01 if METH_GET url_acme_http01 + redirect scheme https code 301 if !{ ssl_fc } + +frontend nginx_or_turn + bind *:443,:::443 ssl crt /etc/haproxy/certs/ ssl-min-ver TLSv1.2 alpn h2,http/1.1,stun.turn + mode tcp + option tcplog + tcp-request content capture req.payload(0,1) len 1 + log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+X}[capture.req.hdr(0)]" + tcp-request inspect-delay 30s + # We terminate SSL on haproxy. HTTP2 is a binary protocol. haproxy has to + # decide which protocol is spoken. This is negotiated by ALPN. + # + # Depending on the ALPN value traffic is redirected to either port 82 (HTTP2, + # ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value) + # If no ALPN value is set, the first byte is inspected and depending on the + # value traffic is sent to either port 81 or coturn. + use_backend nginx-http2 if { ssl_fc_alpn h2 } + use_backend nginx if { ssl_fc_alpn http/1.1 } + use_backend turn if { ssl_fc_alpn stun.turn } + # use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)] + default_backend turn + +backend turn + mode tcp + server localhost 10.7.7.1:3478 check + +backend nginx + mode tcp + server localhost 10.7.7.1:48081 send-proxy check + +backend nginx-http2 + mode tcp + server localhost 10.7.7.1:48082 send-proxy check diff --git a/mod/https/force-https.conf b/mod/https/force-https.conf deleted file mode 100644 index a890042..0000000 --- a/mod/https/force-https.conf +++ /dev/null @@ -1,15 +0,0 @@ -# overwriting force-https.conf from valian/docker-nginx-auto-ssl - -location /bigbluebutton/api/join { - return 301 https://$host$request_uri; -} - -# allow /api calls without redirecting to https -location /bigbluebutton/ { - proxy_pass https://127.0.0.1:443; - proxy_ssl_verify off; -} - -location / { - return 301 https://$host$request_uri; -} diff --git a/mod/https/site-ipv4only.conf b/mod/https/site-ipv4only.conf deleted file mode 100644 index 3ab9c1c..0000000 --- a/mod/https/site-ipv4only.conf +++ /dev/null @@ -1,33 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen 443 ssl http2 default_server; - - # we at still serve https via IPv6 for the - # case that an AAAA record is set. - listen [::]:443 ssl http2 default_server; - - server_name _; - - include resty-server-https.conf; - - location / { - proxy_http_version 1.1; - proxy_pass http://127.0.0.1:48087; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_cache_bypass $http_upgrade; - - proxy_read_timeout 6h; - proxy_send_timeout 6h; - client_body_timeout 6h; - send_timeout 6h; - } -} diff --git a/mod/https/site.conf b/mod/https/site.conf deleted file mode 100644 index ba81f57..0000000 --- a/mod/https/site.conf +++ /dev/null @@ -1,33 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} -map $remote_addr $endpoint_addr { - "~:" [::1]; - default 127.0.0.1; -} - -server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - server_name _; - - include resty-server-https.conf; - - location / { - proxy_http_version 1.1; - proxy_pass http://$endpoint_addr:48087; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_cache_bypass $http_upgrade; - - proxy_read_timeout 6h; - proxy_send_timeout 6h; - client_body_timeout 6h; - send_timeout 6h; - } -} diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index 129d2dc..33b3f32 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -1,6 +1,12 @@ server { + # proxied from HAProxy + listen 48082 http2 proxy_protocol; + listen 48081 proxy_protocol; + + # optional ports for other reverse proxies listen 48087 default_server; listen [::]:48087 default_server; + server_name _; access_log /dev/stdout; absolute_redirect off; diff --git a/sample.env b/sample.env index 09301ee..e92c508 100644 --- a/sample.env +++ b/sample.env @@ -9,13 +9,6 @@ ENABLE_HTTPS_PROXY=true # If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers #RESOLVER_ADDRESS=x.x.x.x -# coturn (a TURN Server) -# requires either the abhove HTTPS Proxy to be enabled -# or TLS certificates to be mounted to container -ENABLE_COTURN=true -#COTURN_TLS_CERT_PATH= -#COTURN_TLS_KEY_PATH= - # Greenlight Frontend # https://docs.bigbluebutton.org/greenlight/gl-overview.html ENABLE_GREENLIGHT=true @@ -49,6 +42,7 @@ ETHERPAD_API_KEY=SuperEtherpadKey RAILS_SECRET=SuperRailsSecret_SuperRailsSecret POSTGRESQL_SECRET=SuperPostgresSecret FSESL_PASSWORD=SuperFreeswitchESLPassword +TURN_SECRET=SuperTurnSecret @@ -68,8 +62,8 @@ STUN_PORT=3478 # TURN SERVER # uncomment and adjust following two lines to add an external TURN server -#TURN_SERVER=turns:turn.example.com:443?transport=tcp -#TURN_SECRET= +#TURN_EXT_SERVER=turns:example.org:443?transport=tcp +#TURN_EXT_SECRET= # Allowed SIP IPs # due to high traffic caused by bots, by default the SIP port is blocked. diff --git a/scripts/generate-compose b/scripts/generate-compose index bbe4cf3..3da41cb 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -18,20 +18,6 @@ if [ -z "$EXTERNAL_IPv4" ]; then exit 1 fi -if [ "$ENABLE_COTURN" == true ]; then - if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then - echo "ERROR: coturn requires TLS certificates." - echo "Either enable the https proxy for certificate retrival" - echo "or provide a path to your certificates in .env file." - exit 1 - fi - if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then - echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start" - echo "you should disable coturn in .env" - exit 1 - fi -fi - function get_tag { # is submodule checked out? if [ -f "$1/.git" ]; then @@ -63,7 +49,6 @@ docker run \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \ - -e ENABLE_COTURN=${ENABLE_COTURN:-false} \ -e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \ -e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \ -e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \ diff --git a/scripts/setup b/scripts/setup index 9392c94..53e0895 100755 --- a/scripts/setup +++ b/scripts/setup @@ -33,10 +33,6 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy done -coturn="" -while [[ ! $coturn =~ ^(y|n)$ ]]; do - read -p "Should a coturn be included? (y/n): " coturn -done if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ] then echo "Coturn needs TLS to function properly." @@ -136,6 +132,7 @@ cp sample.env .env sed -i "s/EXTERNAL_IPv4=.*/EXTERNAL_IPv4=$EXTERNAL_IPv4/" .env sed -i "s/EXTERNAL_IPv6=.*/EXTERNAL_IPv6=$EXTERNAL_IPv6/" .env sed -i "s/DOMAIN=.*/DOMAIN=$DOMAIN/" .env +sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env if [ ! "$greenlight" == "y" ] then @@ -158,15 +155,6 @@ then sed -i "s/#RECORDING_MAX_AGE_DAYS=.*/RECORDING_MAX_AGE_DAYS=$recording_max_age_days/" .env fi -if [ "$coturn" == "y" ] -then - sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:5349?transport=tcp/" .env - TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32) - sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env - sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env -else - sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env -fi if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ] then @@ -190,12 +178,16 @@ RANDOM_2=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) RANDOM_3=$(head /dev/urandom | tr -dc a-f0-9 | head -c 128) RANDOM_4=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) RANDOM_5=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40) +TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32) + sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=$RANDOM_1/" .env sed -i "s/ETHERPAD_API_KEY=.*/ETHERPAD_API_KEY=$RANDOM_2/" .env sed -i "s/RAILS_SECRET=.*/RAILS_SECRET=$RANDOM_3/" .env sed -i "s/FSESL_PASSWORD=.*/FSESL_PASSWORD=$RANDOM_4/" .env sed -i "s/POSTGRESQL_SECRET=.*/POSTGRESQL_SECRET=$RANDOM_5/" .env +sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env + ./scripts/generate-compose From 6623813f9cbae94356ef599ceff411a76ec8aca4 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 00:52:49 +0100 Subject: [PATCH 20/40] greenlight: latest version and fix for failing API requests due to self signed certificate --- docker-compose.tmpl.yml | 4 ++-- mod/nginx/nginx.conf | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 4c94dcd..e06c02a 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -439,7 +439,7 @@ services: {{ if isTrue .Env.ENABLE_GREENLIGHT }} # greenlight greenlight: - image: bigbluebutton/greenlight:v3.0.6.1 + image: bigbluebutton/greenlight:v3.4.1 restart: unless-stopped env_file: .env depends_on: @@ -450,7 +450,7 @@ services: DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3 REDIS_URL: redis://redis:6379 {{ if isTrue .Env.DEV_MODE }} - BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1/bigbluebutton/api + BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api {{else}} BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api {{end}} diff --git a/mod/nginx/nginx.conf b/mod/nginx/nginx.conf index 993eb82..270b9ea 100644 --- a/mod/nginx/nginx.conf +++ b/mod/nginx/nginx.conf @@ -29,4 +29,25 @@ http { #gzip on; include /etc/nginx/conf.d/*.conf; + + + server { + # additional server only used for greenlight in dev mode + # allows it to use the BBB API without failing + # due to the self signed certificates + # + # all other requests (e.g. /join) is then redirected + listen 48083 http2; + + location /bigbluebutton/api/join { + return 301 https://10.7.7.1$request_uri; + } + location /bigbluebutton/api { + proxy_pass http://127.0.0.1:48087; + } + location / { + return 301 https://10.7.7.1$request_uri; + } + } + } From d6c1b0a5ec4f8053195e775d2f9164bce88f0f66 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 00:53:42 +0100 Subject: [PATCH 21/40] dev.env: coturn is now a fixed/non-optional component --- dev.env | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/dev.env b/dev.env index f747650..86a6e76 100644 --- a/dev.env +++ b/dev.env @@ -24,13 +24,6 @@ ENABLE_HTTPS_PROXY=true # If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers #RESOLVER_ADDRESS=x.x.x.x -# coturn (a TURN Server) -# requires either the abhove HTTPS Proxy to be enabled -# or TLS certificates to be mounted to container -ENABLE_COTURN=false -#COTURN_TLS_CERT_PATH= -#COTURN_TLS_KEY_PATH= - # Greenlight Frontend # https://docs.bigbluebutton.org/greenlight/gl-overview.html ENABLE_GREENLIGHT=true @@ -64,7 +57,7 @@ ETHERPAD_API_KEY=SuperEtherpadKey RAILS_SECRET=SuperRailsSecret_SuperRailsSecret POSTGRESQL_SECRET=SuperPostgresSecret FSESL_PASSWORD=SuperFreeswitchESLPassword - +#TURN_SECRET= # ==================================== @@ -81,11 +74,6 @@ EXTERNAL_IPv6= STUN_IP=147.182.188.245 STUN_PORT=3478 -# TURN SERVER -# uncomment and adjust following two lines to add an external TURN server -#TURN_SERVER=turns:localhost:465?transport=tcp -#TURN_SECRET= - # Allowed SIP IPs # due to high traffic caused by bots, by default the SIP port is blocked. # but you can allow access by your providers IP or IP ranges (comma seperated) From 17aa49968d8fcc092f03be8206a6db31aee0c58d Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 13:08:38 +0100 Subject: [PATCH 22/40] dev mode: use local networks IP instead of docker internal 10.7.7.1 this led to multiple issues with UDP pakets being lost due to IP mismatch --- docker-compose.tmpl.yml | 7 +++++-- mod/bbb-web/turn-stun-servers.xml | 4 ++-- mod/coturn/turnserver.conf | 3 +-- mod/haproxy/bootstrap.sh | 3 +-- scripts/dev | 12 ++++++++++-- 5 files changed, 19 insertions(+), 10 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index e06c02a..09ad9bb 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -181,9 +181,9 @@ services: environment: ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} {{ if .Env.EXTERNAL_IPv6 }} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}]' + MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"${EXTERNAL_IPv6}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' {{else}} - MS_WEBRTC_LISTEN_IPS: '[{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}]' + MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' {{end}} volumes: - ./data/mediasoup:/var/mediasoup @@ -416,6 +416,7 @@ services: - ./data/haproxy/letsencrypt:/etc/letsencrypt - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg environment: + - DEV_MODE=${DEV_MODE:-} - CERT1=${DOMAIN} - STAGING=true - EMAIL=test@chandi.it @@ -431,6 +432,8 @@ services: - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - "--static-auth-secret=${TURN_SECRET}" - "--allowed-peer-ip=${EXTERNAL_IPv4}" + - "--relay-ip=${EXTERNAL_IPv4}" + - "--relay-ip=${EXTERNAL_IPv6:-::1}" volumes: - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf network_mode: host diff --git a/mod/bbb-web/turn-stun-servers.xml b/mod/bbb-web/turn-stun-servers.xml index 3ede32b..02a2c27 100644 --- a/mod/bbb-web/turn-stun-servers.xml +++ b/mod/bbb-web/turn-stun-servers.xml @@ -14,7 +14,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (ne .Env.DOMAIN "10.7.7.1") }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} {{/* ignore when using a self signed certificate in dev mode */}} @@ -42,7 +42,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (ne .Env.DOMAIN "10.7.7.1") }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} {{end}} diff --git a/mod/coturn/turnserver.conf b/mod/coturn/turnserver.conf index 5cf8e51..55cdf9d 100644 --- a/mod/coturn/turnserver.conf +++ b/mod/coturn/turnserver.conf @@ -25,5 +25,4 @@ no-multicast-peers # we only need to allow peer connections from the machine itself (from mediasoup or freeswitch). denied-peer-ip=0.0.0.0-255.255.255.255 -denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff -allowed-peer-ip=10.7.7.1 +denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff \ No newline at end of file diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh index 9daef7f..c74a831 100755 --- a/mod/haproxy/bootstrap.sh +++ b/mod/haproxy/bootstrap.sh @@ -7,8 +7,7 @@ set -e declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env - -if [ "x$CERT1" = "x10.7.7.1" ]; then +if [ "$DEV_MODE" ]; then # use self signed certificate if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then mkdir -p /etc/haproxy/certs diff --git a/scripts/dev b/scripts/dev index fd3a97e..e599ea8 100755 --- a/scripts/dev +++ b/scripts/dev @@ -38,6 +38,14 @@ echo "" echo "# ensure submodules are checked out" ensure_submodules +echo "" +echo "# ensure IP in .env is correct" +EXTERNAL_IPv4=$(ip route get 8.8.8.8 | head -1 | awk '{ print $7 }') +echo "The IP of this machine in the local network seems to be" +echo " $EXTERNAL_IPv4" +sed -i "s/EXTERNAL_IPv4=.*/EXTERNAL_IPv4=${EXTERNAL_IPv4}/" .env +sed -i "s/DOMAIN=.*/DOMAIN=${EXTERNAL_IPv4}/" .env + echo "" echo "# recreating docker-compose.yml" ./scripts/generate-compose @@ -51,8 +59,8 @@ echo "" echo "============================================" echo "BBB Development server" echo "============================================" -echo "API Mate: https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret" -echo "Greenlight: https://10.7.7.1/" +echo "API Mate: https://mconf.github.io/api-mate/#server=https://${EXTERNAL_IPv4}/bigbluebutton/api&sharedSecret=SuperSecret" +echo "Greenlight: https://${EXTERNAL_IPv4}/" echo "Check containers: docker-compose ps" echo "Rebuilding container: docker-compose up --build CONTAINERNAME" echo "============================================" From 1a552e71554039568cf456cdd17fcad32690e561 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 13:10:19 +0100 Subject: [PATCH 23/40] nginx: stay running even when depending container restart --- docker-compose.tmpl.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 09ad9bb..b923a60 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -100,9 +100,6 @@ services: TAG_BBB: {{ .Env.TAG_BBB }} image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25 restart: unless-stopped - depends_on: - - etherpad - - webrtc-sfu volumes: - ./data/bigbluebutton:/var/bigbluebutton - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf From ed77742a49df4a6569f4540bcf9661355ab35454 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 16:22:46 +0100 Subject: [PATCH 24/40] split out IGNORE_TLS_CERT_ERRORS from DEV_MODE this allows running the production version of bbb-docker locally with self signed certificates --- dev.env | 3 +++ docker-compose.tmpl.yml | 9 +++++---- mod/bbb-web/bbb-web.properties | 2 +- mod/bbb-web/turn-stun-servers.xml | 4 ++-- mod/haproxy/bootstrap.sh | 2 +- scripts/generate-compose | 1 + 6 files changed, 13 insertions(+), 8 deletions(-) diff --git a/dev.env b/dev.env index 86a6e76..a4e1af4 100644 --- a/dev.env +++ b/dev.env @@ -6,6 +6,9 @@ # - accept self signed certificates DEV_MODE=true +# accept self signed certificates +IGNORE_TLS_CERT_ERRORS=true + # user and group used for # this avoid any file permission issues with files # created inside docker (e.g. node_modules) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index b923a60..c4c71b6 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -3,6 +3,8 @@ # don't edit this directly. {{/* -------- */}} +{{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}} + services: bbb-web: build: @@ -24,7 +26,7 @@ services: test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1 start_period: 2m environment: - DEV_MODE: ${DEV_MODE:-} + IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }} DOMAIN: ${DOMAIN} ENABLE_RECORDING: ${ENABLE_RECORDING:-false} SHARED_SECRET: ${SHARED_SECRET} @@ -36,7 +38,6 @@ services: TURN_EXT_SERVER: ${TURN_EXT_SERVER:-} TURN_EXT_SECRET: ${TURN_EXT_SECRET:-} ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} - NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }} volumes: - ./data/bigbluebutton:/var/bigbluebutton - ./data/freeswitch-meetings:/var/freeswitch/meetings @@ -413,7 +414,7 @@ services: - ./data/haproxy/letsencrypt:/etc/letsencrypt - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg environment: - - DEV_MODE=${DEV_MODE:-} + - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}} - CERT1=${DOMAIN} - STAGING=true - EMAIL=test@chandi.it @@ -449,7 +450,7 @@ services: environment: DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3 REDIS_URL: redis://redis:6379 - {{ if isTrue .Env.DEV_MODE }} + {{ if $ignore_tls_cert_errors }} BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api {{else}} BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties index 1604d0d..1357f23 100644 --- a/mod/bbb-web/bbb-web.properties +++ b/mod/bbb-web/bbb-web.properties @@ -13,7 +13,7 @@ securitySalt={{ .Env.SHARED_SECRET }} redisHost=redis -{{ if isTrue .Env.DEV_MODE }} +{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }} beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf # fetch presentations without HTTPS presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation diff --git a/mod/bbb-web/turn-stun-servers.xml b/mod/bbb-web/turn-stun-servers.xml index 02a2c27..de92838 100644 --- a/mod/bbb-web/turn-stun-servers.xml +++ b/mod/bbb-web/turn-stun-servers.xml @@ -14,7 +14,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }} {{/* ignore when using a self signed certificate in dev mode */}} @@ -42,7 +42,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }} {{end}} diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh index c74a831..88c28e1 100755 --- a/mod/haproxy/bootstrap.sh +++ b/mod/haproxy/bootstrap.sh @@ -7,7 +7,7 @@ set -e declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env -if [ "$DEV_MODE" ]; then +if [ "$IGNORE_TLS_CERT_ERRORS" ]; then # use self signed certificate if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then mkdir -p /etc/haproxy/certs diff --git a/scripts/generate-compose b/scripts/generate-compose index 3da41cb..5db14b9 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -45,6 +45,7 @@ docker run \ -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \ -e BBB_BUILD_TAG=${BBB_BUILD_TAG} \ -e DEV_MODE=${DEV_MODE:-false} \ + -e IGNORE_TLS_CERT_ERRORS=${IGNORE_TLS_CERT_ERRORS:-} \ -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ From 7c0c55a9daab90b2dca8e655ddabaeda655b2192 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 17:12:29 +0100 Subject: [PATCH 25/40] html5 dev mode --- dev.env | 4 +--- docker-compose.tmpl.yml | 18 ++++++++++++++++++ mod/html5-dev/Dockerfile | 13 +++++++++++++ mod/html5-dev/entrypoint.sh | 11 +++++++++++ mod/nginx/bbb-html5.dev.nginx | 18 ++++++++++++++++++ 5 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 mod/html5-dev/Dockerfile create mode 100755 mod/html5-dev/entrypoint.sh create mode 100644 mod/nginx/bbb-html5.dev.nginx diff --git a/dev.env b/dev.env index a4e1af4..3a43775 100644 --- a/dev.env +++ b/dev.env @@ -1,9 +1,7 @@ # fixed environment for an working dev setup # enables -# - meteor dev server -# - watch & restart of bbb-grahql-actions -# - accept self signed certificates +# - html5: webpack dev server DEV_MODE=true # accept self signed certificates diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index c4c71b6..24f9531 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -6,6 +6,20 @@ {{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}} services: + {{ if isTrue .Env.DEV_MODE }} + html5-dev: + build: + context: mod/html5-dev + args: + BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + user: ${BBB_DEV_UID}:${BBB_DEV_GID} + restart: unless-stopped + volumes: + - ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw + - ./.cache/npm:/tmp/.npm:rw + network_mode: host + {{ end }} + bbb-web: build: context: mod/bbb-web @@ -105,6 +119,10 @@ services: - ./data/bigbluebutton:/var/bigbluebutton - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf + {{ if isTrue .Env.DEV_MODE }} + # overwrite html5 config + - ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro + {{ end }} tmpfs: - /tmp network_mode: host diff --git a/mod/html5-dev/Dockerfile b/mod/html5-dev/Dockerfile new file mode 100644 index 0000000..474410a --- /dev/null +++ b/mod/html5-dev/Dockerfile @@ -0,0 +1,13 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG + + +# use /tmp as home dir as writeable directory for whatever UID we get +ENV HOME /tmp + +# allow all user to access .nvm in root +RUN chmod 755 /root + +WORKDIR /app +COPY /entrypoint.sh /entrypoint.sh +ENTRYPOINT /entrypoint.sh diff --git a/mod/html5-dev/entrypoint.sh b/mod/html5-dev/entrypoint.sh new file mode 100755 index 0000000..09c1ee1 --- /dev/null +++ b/mod/html5-dev/entrypoint.sh @@ -0,0 +1,11 @@ +set -e + +# enable nvm +. /root/.nvm/nvm.sh + +if [ -n "$1" ]; then + exec "$@" +else + npm install + npm start -- --host 0.0.0.0 +fi \ No newline at end of file diff --git a/mod/nginx/bbb-html5.dev.nginx b/mod/nginx/bbb-html5.dev.nginx new file mode 100644 index 0000000..17f82bf --- /dev/null +++ b/mod/nginx/bbb-html5.dev.nginx @@ -0,0 +1,18 @@ +# serve locale index from prebuilt static files +location = /html5client/locales/ { + alias /usr/share/bigbluebutton/html5-client/locales/; + autoindex on; + autoindex_format json; +} + +# running from source (npm start) +location /html5client/ { + rewrite /html5client/(.*) /$1 break; + gzip_static on; + proxy_pass http://10.7.7.1:3000/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; +} + From 56d8f768e4f1653cbcc0d75ec9f74c8d1240803c Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 17:21:23 +0100 Subject: [PATCH 26/40] graphql-actions dev mode --- dev.env | 1 + docker-compose.tmpl.yml | 2 -- mod/bbb-graphql-actions/Dockerfile | 6 +++--- mod/bbb-graphql-actions/Dockerfile.dev | 2 ++ 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/dev.env b/dev.env index 3a43775..1a30f32 100644 --- a/dev.env +++ b/dev.env @@ -2,6 +2,7 @@ # enables # - html5: webpack dev server +# - bbb-grahql-actions: watch & restart DEV_MODE=true # accept self signed certificates diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 24f9531..b897d1f 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -295,8 +295,6 @@ services: depends_on: - redis - apps-akka - environment: - BBB_REDIS_HOST: redis networks: bbb-net: ipv4_address: 10.7.7.30 diff --git a/mod/bbb-graphql-actions/Dockerfile b/mod/bbb-graphql-actions/Dockerfile index ab1b441..66ac9b8 100644 --- a/mod/bbb-graphql-actions/Dockerfile +++ b/mod/bbb-graphql-actions/Dockerfile @@ -18,8 +18,6 @@ RUN cd /src/dist && \ # ------------------------------ FROM node:22-bookworm-slim -COPY --from=builder /src/dist /app - RUN groupadd -g 2062 app \ && useradd -m -u 2063 -g app app @@ -28,7 +26,9 @@ USER app WORKDIR /app ENV SERVER_HOST 0.0.0.0 - +ENV BBB_REDIS_HOST redis ENV NODE_ENV=production +COPY --from=builder /src/dist /app + CMD [ "node", "/app/bbb-graphql-actions.js" ] \ No newline at end of file diff --git a/mod/bbb-graphql-actions/Dockerfile.dev b/mod/bbb-graphql-actions/Dockerfile.dev index 52147f7..22babbb 100644 --- a/mod/bbb-graphql-actions/Dockerfile.dev +++ b/mod/bbb-graphql-actions/Dockerfile.dev @@ -11,4 +11,6 @@ ENTRYPOINT [ "/dev-entrypoint.sh" ] WORKDIR /app ENV SERVER_HOST 0.0.0.0 +ENV BBB_REDIS_HOST redis + CMD [ "npm install && npm start" ] \ No newline at end of file From 1a79f73fe37cef7014ae4e4f7762d9a82ad6ca2c Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 17:50:15 +0100 Subject: [PATCH 27/40] bbb-graphql-middleware dev mode --- .cache/go-build/.gitkeep | 0 .cache/go/.gitkeep | 0 dev.env | 1 + docker-compose.tmpl.yml | 14 ++++++++++++++ mod/bbb-graphql-middleware/Dockerfile.dev | 8 ++++++++ 5 files changed, 23 insertions(+) create mode 100644 .cache/go-build/.gitkeep create mode 100644 .cache/go/.gitkeep create mode 100644 mod/bbb-graphql-middleware/Dockerfile.dev diff --git a/.cache/go-build/.gitkeep b/.cache/go-build/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.cache/go/.gitkeep b/.cache/go/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/dev.env b/dev.env index 1a30f32..58fb4ae 100644 --- a/dev.env +++ b/dev.env @@ -3,6 +3,7 @@ # enables # - html5: webpack dev server # - bbb-grahql-actions: watch & restart +# - bbb-graphql-middleware: building on start DEV_MODE=true # accept self signed certificates diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index b897d1f..a05ab65 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -307,8 +307,12 @@ services: bbb-graphql-middleware: build: context: mod/bbb-graphql-middleware + {{ if isTrue .Env.DEV_MODE }} + dockerfile: Dockerfile.dev + {{ else }} additional_contexts: - src=./repos/bigbluebutton/bbb-graphql-middleware + {{ end }} args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} restart: unless-stopped @@ -321,6 +325,16 @@ services: bbb-net: ipv4_address: 10.7.7.32 + {{ if isTrue .Env.DEV_MODE }} + user: ${BBB_DEV_UID}:${BBB_DEV_GID} + volumes: + - ./repos/bigbluebutton/bbb-graphql-middleware:/app/:ro + - ./repos/bigbluebutton/bbb-graphql-middleware/config/config.yml:/usr/share/bbb-graphql-middleware/config.yml:ro + - ./mod/bbb-graphql-middleware/config.yml:/etc/bigbluebutton/bbb-graphql-middleware.yml:ro + - ./.cache/go:/gopath:rw + - ./.cache/go-build:/.cache/go-build:rw + {{ end }} + collabora: image: collabora/code:latest restart: unless-stopped diff --git a/mod/bbb-graphql-middleware/Dockerfile.dev b/mod/bbb-graphql-middleware/Dockerfile.dev new file mode 100644 index 0000000..d1952d4 --- /dev/null +++ b/mod/bbb-graphql-middleware/Dockerfile.dev @@ -0,0 +1,8 @@ +ARG BBB_BUILD_TAG +FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder + +WORKDIR /app + +ENV GOPATH /gopath + +CMD ["go", "run", "cmd/bbb-graphql-middleware/main.go", "--signal", "SIGTERM"] \ No newline at end of file From 4afa12bcf202eb674e8542062d5d40c2cac49bd4 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 28 Nov 2024 13:04:33 +0100 Subject: [PATCH 28/40] lets encrypt: email required, remove staging flag --- docker-compose.tmpl.yml | 3 +-- mod/haproxy/bootstrap.sh | 2 +- sample.env | 3 +-- scripts/generate-compose | 7 +++++++ scripts/setup | 22 ++++++---------------- 5 files changed, 16 insertions(+), 21 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index a05ab65..0365d49 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -446,8 +446,7 @@ services: environment: - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}} - CERT1=${DOMAIN} - - STAGING=true - - EMAIL=test@chandi.it + - EMAIL=${LETSENCRYPT_EMAIL} network_mode: host {{end}} diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh index 88c28e1..35c045d 100755 --- a/mod/haproxy/bootstrap.sh +++ b/mod/haproxy/bootstrap.sh @@ -7,7 +7,7 @@ set -e declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env -if [ "$IGNORE_TLS_CERT_ERRORS" ]; then +if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then # use self signed certificate if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then mkdir -p /etc/haproxy/certs diff --git a/sample.env b/sample.env index e92c508..99b654e 100644 --- a/sample.env +++ b/sample.env @@ -6,8 +6,7 @@ # HTTPS Proxy # fully automated Lets Encrypt certificates ENABLE_HTTPS_PROXY=true -# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers -#RESOLVER_ADDRESS=x.x.x.x +LETSENCRYPT_EMAIL=test@example.net # Greenlight Frontend # https://docs.bigbluebutton.org/greenlight/gl-overview.html diff --git a/scripts/generate-compose b/scripts/generate-compose index 5db14b9..3c1c171 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -18,6 +18,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then exit 1 fi +if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then + echo "ERROR: LETSENCRYPT_EMAIL is not set in .env" + echo "you need to specify an email adress, otherwise the certificate" + echo "retrieval will fail" + exit 1 +fi + function get_tag { # is submodule checked out? if [ -f "$1/.git" ]; then diff --git a/scripts/setup b/scripts/setup index 53e0895..0284520 100755 --- a/scripts/setup +++ b/scripts/setup @@ -18,6 +18,7 @@ then exit 1 fi +. scripts/functions.sh ensure_bbbhtml5yml EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com) @@ -29,21 +30,15 @@ while [[ ! $greenlight =~ ^(y|n)$ ]]; do done https_proxy="" +LETSENCRYPT_EMAIL="" while [[ ! $https_proxy =~ ^(y|n)$ ]]; do read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy done -if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ] +if [ "$https_proxy" == "y" ] then - echo "Coturn needs TLS to function properly." - echo " Since automatic HTTPS Proxy is disabled," - echo " you must provide a relative or absolute path" - echo " to your certificates." - while [[ -z "$CERTPATH" ]]; do - read -p "Please enter path to cert.pem: " CERTPATH - done - while [[ -z "$KEYPATH" ]]; do - read -p "Please enter path to key.pem: " KEYPATH + while [[ ! $LETSENCRYPT_EMAIL =~ ^.+@.+\..+$ ]]; do + read -p "Please enter an Email adress for the Let's Encrypt notifications: " LETSENCRYPT_EMAIL done fi @@ -142,6 +137,7 @@ fi if [ ! "$https_proxy" == "y" ] then sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env + sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env fi if [ "$recording" == "y" ] @@ -156,12 +152,6 @@ then fi -if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ] -then - sed -i "s,#COTURN_TLS_CERT_PATH=.*,COTURN_TLS_CERT_PATH=$CERTPATH," .env - sed -i "s,#COTURN_TLS_KEY_PATH=.*,COTURN_TLS_KEY_PATH=$KEYPATH," .env -fi - if [ "$prometheus_exporter" == "y" ] then sed -i "s/#ENABLE_PROMETHEUS_EXPORTER=.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env From 329b6bfae6f92c64aea95195948f0742ba2aa70a Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 28 Nov 2024 13:16:32 +0100 Subject: [PATCH 29/40] freeswitch: SIP dial in support --- conf/dialplan_public/.gitkeep | 0 conf/dialplan_public/example.xml | 17 --- docker-compose.tmpl.yml | 7 +- .../conf/dialplan/public/dialin.xml | 31 +++++ .../conf/sip_profiles/external-dialin.xml | 86 +++++++++++++ mod/freeswitch/conf/sip_profiles/external.xml | 115 ++++++++++++++++++ mod/freeswitch/conf/vars.xml.tmpl | 1 + scripts/generate-compose | 1 + 8 files changed, 239 insertions(+), 19 deletions(-) delete mode 100644 conf/dialplan_public/.gitkeep delete mode 100644 conf/dialplan_public/example.xml create mode 100644 mod/freeswitch/conf/dialplan/public/dialin.xml create mode 100644 mod/freeswitch/conf/sip_profiles/external-dialin.xml create mode 100644 mod/freeswitch/conf/sip_profiles/external.xml diff --git a/conf/dialplan_public/.gitkeep b/conf/dialplan_public/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/conf/dialplan_public/example.xml b/conf/dialplan_public/example.xml deleted file mode 100644 index a7b7429..0000000 --- a/conf/dialplan_public/example.xml +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 0365d49..4cac062 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -88,9 +88,12 @@ services: DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false} SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie} ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} + {{ if .Env.SIP_IP_ALLOWLIST }} + ports: + - 5060:5060/udp + {{ end }} volumes: - - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker + - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external-dialin - ./data/freeswitch-meetings:/var/freeswitch/meetings networks: bbb-net: diff --git a/mod/freeswitch/conf/dialplan/public/dialin.xml b/mod/freeswitch/conf/dialplan/public/dialin.xml new file mode 100644 index 0000000..02c4ed7 --- /dev/null +++ b/mod/freeswitch/conf/dialplan/public/dialin.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/mod/freeswitch/conf/sip_profiles/external-dialin.xml b/mod/freeswitch/conf/sip_profiles/external-dialin.xml new file mode 100644 index 0000000..fbe7ca3 --- /dev/null +++ b/mod/freeswitch/conf/sip_profiles/external-dialin.xml @@ -0,0 +1,86 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mod/freeswitch/conf/sip_profiles/external.xml b/mod/freeswitch/conf/sip_profiles/external.xml new file mode 100644 index 0000000..53c9de1 --- /dev/null +++ b/mod/freeswitch/conf/sip_profiles/external.xml @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mod/freeswitch/conf/vars.xml.tmpl b/mod/freeswitch/conf/vars.xml.tmpl index 98dcb84..b86502d 100644 --- a/mod/freeswitch/conf/vars.xml.tmpl +++ b/mod/freeswitch/conf/vars.xml.tmpl @@ -61,6 +61,7 @@ information on this topic. --> + diff --git a/scripts/generate-compose b/scripts/generate-compose index 3c1c171..c0b82a9 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -54,6 +54,7 @@ docker run \ -e DEV_MODE=${DEV_MODE:-false} \ -e IGNORE_TLS_CERT_ERRORS=${IGNORE_TLS_CERT_ERRORS:-} \ -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \ + -e SIP_IP_ALLOWLIST=${SIP_IP_ALLOWLIST:-} \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \ -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \ From 340e9fdb3018cbadf330e72ef4e4b22a5455bf93 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 29 Nov 2024 00:14:18 +0100 Subject: [PATCH 30/40] setup: fix LETSENCRYPT_EMAIL not being set --- scripts/setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/setup b/scripts/setup index 0284520..94927a6 100755 --- a/scripts/setup +++ b/scripts/setup @@ -137,9 +137,11 @@ fi if [ ! "$https_proxy" == "y" ] then sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env - sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env fi +sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env + + if [ "$recording" == "y" ] then sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env From 8704ec21475989b9726852bd45ad0bd8e995707c Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 29 Nov 2024 01:06:58 +0100 Subject: [PATCH 31/40] haproxy: correctly identify http traffic --- docker-compose.tmpl.yml | 1 + mod/haproxy/haproxy.cfg | 2 +- mod/haproxy/protocolmap | 52 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 mod/haproxy/protocolmap diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 4cac062..6304eec 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -446,6 +446,7 @@ services: volumes: - ./data/haproxy/letsencrypt:/etc/letsencrypt - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg + - ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap environment: - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}} - CERT1=${DOMAIN} diff --git a/mod/haproxy/haproxy.cfg b/mod/haproxy/haproxy.cfg index d03000f..a66c2dd 100644 --- a/mod/haproxy/haproxy.cfg +++ b/mod/haproxy/haproxy.cfg @@ -64,7 +64,7 @@ frontend nginx_or_turn use_backend nginx-http2 if { ssl_fc_alpn h2 } use_backend nginx if { ssl_fc_alpn http/1.1 } use_backend turn if { ssl_fc_alpn stun.turn } - # use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)] + use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)] default_backend turn backend turn diff --git a/mod/haproxy/protocolmap b/mod/haproxy/protocolmap new file mode 100644 index 0000000..0f85dd0 --- /dev/null +++ b/mod/haproxy/protocolmap @@ -0,0 +1,52 @@ +a nginx +b nginx +c nginx +d nginx +e nginx +f nginx +g nginx +h nginx +i nginx +j nginx +k nginx +l nginx +m nginx +n nginx +o nginx +p nginx +q nginx +r nginx +s nginx +t nginx +u nginx +v nginx +w nginx +x nginx +y nginx +z nginx +A nginx +B nginx +C nginx +D nginx +E nginx +F nginx +G nginx +H nginx +I nginx +J nginx +K nginx +L nginx +M nginx +N nginx +O nginx +P nginx +Q nginx +R nginx +S nginx +T nginx +U nginx +V nginx +W nginx +X nginx +Y nginx +Z nginx \ No newline at end of file From 861902531bef4dc90b22edc0d71ff371c3b24a66 Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 29 Nov 2024 18:14:36 +0100 Subject: [PATCH 32/40] ignore missing LETSENCRYPT_EMAIL in dev mode --- scripts/generate-compose | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate-compose b/scripts/generate-compose index c0b82a9..5f61bab 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -18,7 +18,7 @@ if [ -z "$EXTERNAL_IPv4" ]; then exit 1 fi -if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then +if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ] && [ -z "$DEV_MODE" ]; then echo "ERROR: LETSENCRYPT_EMAIL is not set in .env" echo "you need to specify an email adress, otherwise the certificate" echo "retrieval will fail" From ca63812903465cbcf2d4e0d164a04bcc9a233cbd Mon Sep 17 00:00:00 2001 From: chandi Date: Fri, 29 Nov 2024 18:42:14 +0100 Subject: [PATCH 33/40] recordings: fix missing directories --- mod/bbb-web/entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mod/bbb-web/entrypoint.sh b/mod/bbb-web/entrypoint.sh index 7eddb0f..7c9506b 100755 --- a/mod/bbb-web/entrypoint.sh +++ b/mod/bbb-web/entrypoint.sh @@ -11,9 +11,11 @@ mkdir -p /var/bigbluebutton/recording/publish mkdir -p /var/bigbluebutton/recording/status/recorded mkdir -p /var/bigbluebutton/recording/status/archived mkdir -p /var/bigbluebutton/recording/status/processed +mkdir -p /var/bigbluebutton/recording/status/ended mkdir -p /var/bigbluebutton/recording/status/sanity mkdir -p /var/bigbluebutton/recording/status/published mkdir -p /var/bigbluebutton/captions +mkdir -p /var/bigbluebutton/captions/inbox mkdir -p /var/bigbluebutton/published mkdir -p /var/bigbluebutton/deleted mkdir -p /var/bigbluebutton/unpublished From 7ad3a3356a8ff5bfb054b7bcbe0b9e615534ffa6 Mon Sep 17 00:00:00 2001 From: chandi Date: Sat, 30 Nov 2024 01:23:47 +0100 Subject: [PATCH 34/40] bbb-export-annotations: fix moved bigbluebutton volume --- docker-compose.tmpl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 41750f6..509a0e4 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -192,7 +192,7 @@ services: bbb-net: ipv4_address: 10.7.7.19 volumes: - - bigbluebutton:/var/bigbluebutton + - ./data/bigbluebutton:/var/bigbluebutton redis: image: redis:7.2-alpine From f99a1632cd4c57576bdb5b6e60e2ba38242c2663 Mon Sep 17 00:00:00 2001 From: chandi Date: Thu, 5 Dec 2024 13:20:28 +0100 Subject: [PATCH 35/40] etherpad 2.2.6 --- docker-compose.tmpl.yml | 4 +- mod/etherpad/Dockerfile | 17 +++--- mod/etherpad/entrypoint.sh | 4 +- mod/etherpad/settings.json | 117 +++++++++++++++++++++++++++++++------ repos/bbb-etherpad-plugin | 2 +- 5 files changed, 113 insertions(+), 31 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 509a0e4..a00c34f 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -145,8 +145,8 @@ services: - plugin=./repos/bbb-etherpad-plugin - skin=./repos/bbb-etherpad-skin args: - TAG_ETHERPAD: "1.9.4" - image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} + TAG_ETHERPAD: "2.2.6" + image: alangecker/bbb-docker-etherpad:2.2.6-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} restart: unless-stopped depends_on: - redis diff --git a/mod/etherpad/Dockerfile b/mod/etherpad/Dockerfile index c530952..e421fc2 100644 --- a/mod/etherpad/Dockerfile +++ b/mod/etherpad/Dockerfile @@ -7,20 +7,21 @@ RUN apk add git curl USER etherpad -RUN npm install \ - ep_cursortrace@3.1.16 \ - git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \ - git+https://github.com/mconf/ep_redis_publisher.git#2b6e47c1c59362916a0b2961a29b259f2977b694 \ - ep_disable_chat@0.0.8 \ +RUN pnpm run plugins i \ + ep_cursortrace@3.1.18 \ + ep_disable_chat@0.0.10 \ ep_auth_session@1.1.1 \ -# remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches - && rm package-lock.json package.json + --github \ + mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \ + mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694 + # add skin from git submodule COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton # add plugin from git submodule -COPY --chown=etherpad:0 --from=plugin / /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches +COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches +RUN pnpm run plugins i --path /ep_bigbluebutton_patches COPY settings.json /opt/etherpad-lite/settings.json COPY etherpad-export.sh /etherpad-export.sh diff --git a/mod/etherpad/entrypoint.sh b/mod/etherpad/entrypoint.sh index 79a0ecd..acc2392 100755 --- a/mod/etherpad/entrypoint.sh +++ b/mod/etherpad/entrypoint.sh @@ -1,5 +1,3 @@ #!/bin/sh echo $ETHERPAD_API_KEY > /tmp/apikey -export NODE_ENV=production - -node /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js --apikey /tmp/apikey \ No newline at end of file +pnpm run prod --apikey /tmp/apikey \ No newline at end of file diff --git a/mod/etherpad/settings.json b/mod/etherpad/settings.json index 4e23f31..d3c1c4e 100644 --- a/mod/etherpad/settings.json +++ b/mod/etherpad/settings.json @@ -140,7 +140,7 @@ * "full-width-editor" variant (by default editor is rendered as a page, with * a max-width of 900px). */ - "skinVariants": "super-light-toolbar super-light-editor light-background", + "skinVariants": "", /* * IP and port which Etherpad should bind at. @@ -162,6 +162,14 @@ */ "showSettingsInAdminPage": true, + /* + * Settings for cleanup of pads + */ + "cleanup": { + "enabled": false, + "keepRevisions": 5 + }, + /* * Node native SSL support * @@ -271,6 +279,14 @@ "pageDown": true }, + /* + * Enables the use of a different server. We have a different one that syncs changes from the original server. + * It is hosted on GitHub and should not be blocked by many firewalls. + * https://etherpad.org/ep_infos + */ + + "updateServer": "https://etherpad.org/ep_infos", + /* * Should we suppress errors from being visible in the default Pad Text? */ @@ -323,14 +339,6 @@ */ "soffice": "/etherpad-export.sh", - /* - * Path to the Tidy executable. - * - * Tidy is used to improve the quality of exported pads. - * Setting it to null disables Tidy. - */ - "tidyHtml": null, - /* * Allow import of file types other than the supported ones: * txt, doc, docx, rtf, odt, html & htm @@ -364,6 +372,22 @@ * Settings controlling the session cookie issued by Etherpad. */ "cookie": { + /* + * How often (in milliseconds) the key used to sign the express_sid cookie + * should be rotated. Long rotation intervals reduce signature verification + * overhead (because there are fewer historical keys to check) and database + * load (fewer historical keys to store, and less frequent queries to + * get/update the keys). Short rotation intervals are slightly more secure. + * + * Multiple Etherpad processes sharing the same database (table) is + * supported as long as the clock sync error is significantly less than this + * value. + * + * Key rotation can be disabled (not recommended) by setting this to 0 or + * null, or by disabling session expiration (see sessionLifetime). + */ + "keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s + /* * Value of the SameSite cookie property. "Lax" is recommended unless * Etherpad will be embedded in an iframe from another site, in which case @@ -375,7 +399,51 @@ * significant usability drawbacks vs. "Lax". See * https://stackoverflow.com/q/41841880 for discussion. */ - "sameSite": "None" + "sameSite": "None", + + /* + * How long (in milliseconds) after navigating away from Etherpad before the + * user is required to log in again. (The express_sid cookie is set to + * expire at time now + sessionLifetime when first created, and its + * expiration time is periodically refreshed to a new now + sessionLifetime + * value.) If requireAuthentication is false then this value does not really + * matter. + * + * The "best" value depends on your users' usage patterns and the amount of + * convenience you desire. A long lifetime is more convenient (users won't + * have to log back in as often) but has some drawbacks: + * - It increases the amount of state kept in the database. + * - It might weaken security somewhat: The cookie expiration is refreshed + * indefinitely without consulting authentication or authorization + * hooks, so once a user has accessed a pad, the user can continue to + * use the pad until the user leaves for longer than sessionLifetime. + * - More historical keys (sessionLifetime / keyRotationInterval) must be + * checked when verifying signatures. + * + * Session lifetime can be set to infinity (not recommended) by setting this + * to null or 0. Note that if the session does not expire, most browsers + * will delete the cookie when the browser exits, but a session record is + * kept in the database forever. + */ + "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s + + /* + * How long (in milliseconds) before the expiration time of an active user's + * session is refreshed (to now + sessionLifetime). This setting affects the + * following: + * - How often a new session expiration time will be written to the + * database. + * - How often each user's browser will ping the Etherpad server to + * refresh the expiration time of the session cookie. + * + * High values reduce the load on the database and the load from browsers, + * but can shorten the effective session lifetime if Etherpad is restarted + * or the user navigates away. + * + * Automatic session refreshes can be disabled (not recommended) by setting + * this to null. + */ + "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s }, /* @@ -475,7 +543,7 @@ /* * Restrict socket.io transport methods */ - "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketTransportProtocols" : ["websocket", "polling"], "socketIo": { /* @@ -485,7 +553,7 @@ * value to work properly, but increasing the value increases susceptibility * to denial of service attacks (malicious clients can exhaust memory). */ - "maxHttpBufferSize": 10000 + "maxHttpBufferSize": 50000 }, /* @@ -550,6 +618,13 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 + /* + The authentication method used by the server. + The default value is sso + If you want to use the old authentication system, change this to apikey + */ + "authenticationMethod": "apikey", + /* * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * @@ -566,7 +641,6 @@ "points": 100 }, - /* * Toolbar buttons configuration. * @@ -596,6 +670,13 @@ */ "loglevel": "INFO", + /* + * The log layout type to use. + * + * Valid values: basic, colored + */ + "logLayoutType": "colored", + /* Override any strings found in locale directories */ "customLocaleStrings": { "de": { @@ -633,8 +714,10 @@ }, /* Disable Admin UI tests */ - "enableAdminUITests": false -} - - + "enableAdminUITests": false, + /* + * Enable/Disable case-insensitive pad names. + */ + "lowerCasePadIds": false +} \ No newline at end of file diff --git a/repos/bbb-etherpad-plugin b/repos/bbb-etherpad-plugin index 068ded5..927747e 160000 --- a/repos/bbb-etherpad-plugin +++ b/repos/bbb-etherpad-plugin @@ -1 +1 @@ -Subproject commit 068ded573380087e120713d1ccc3c86713ec8c88 +Subproject commit 927747e0e18500f027a91bea2742e6061d388e28 From 133ec8e29d610fa848b6cb637cd4d2b7be95a3f0 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 3 Mar 2025 19:04:49 +0100 Subject: [PATCH 36/40] BBB v3.0 changes --- docker-compose.tmpl.yml | 17 +++++++++++------ mod/apps-akka/bbb-apps-akka.conf | 1 + mod/bbb-graphql-middleware/config.yml | 2 +- mod/bbb-pads/Dockerfile | 4 ++-- mod/bbb-webrtc-recorder/Dockerfile | 2 +- mod/etherpad/Dockerfile | 2 +- mod/haproxy/bootstrap.sh | 5 +++++ mod/nginx/Dockerfile | 5 ++++- mod/nginx/bbb-html5.dev.nginx | 5 +++++ mod/nginx/bbb/graphql.nginx | 4 ++-- mod/nginx/bbb/web.nginx | 2 +- mod/nginx/bigbluebutton | 25 +++++++++++++++++++++++++ mod/recordings/Dockerfile | 4 ++-- mod/webhooks/Dockerfile | 4 ++-- mod/webrtc-sfu/Dockerfile | 8 +++++++- repos/bbb-etherpad-plugin | 2 +- repos/bbb-playback | 2 +- repos/bbb-webrtc-sfu | 2 +- repos/bigbluebutton | 2 +- repos/tags | 9 +++++---- scripts/bbb-record | 2 +- scripts/functions.sh | 2 ++ scripts/generate-compose | 2 +- 23 files changed, 83 insertions(+), 30 deletions(-) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index a00c34f..27bef7b 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -145,8 +145,8 @@ services: - plugin=./repos/bbb-etherpad-plugin - skin=./repos/bbb-etherpad-skin args: - TAG_ETHERPAD: "2.2.6" - image: alangecker/bbb-docker-etherpad:2.2.6-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} + TAG_ETHERPAD: "2.2.7" + image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }} restart: unless-stopped depends_on: - redis @@ -178,7 +178,7 @@ services: context: mod/bbb-export-annotations additional_contexts: bigbluebutton: ./repos/bigbluebutton - image: alangecker/bbb-docker-bbb-export-annotations:v2.7.0 + image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: - redis @@ -288,7 +288,8 @@ services: - src=./repos/bigbluebutton/bbb-graphql-server args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} - GRAPHQL_ENGINE_TAG: v2.44.0 + GRAPHQL_ENGINE_TAG: v2.45.0 + image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }} depends_on: - postgres - bbb-web @@ -315,6 +316,7 @@ services: {{ end }} args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: - redis @@ -339,6 +341,7 @@ services: {{ end }} args: BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }} + image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: - bbb-graphql-server @@ -348,6 +351,8 @@ services: networks: bbb-net: ipv4_address: 10.7.7.32 + extra_hosts: + - "nginx:10.7.7.1" {{ if isTrue .Env.DEV_MODE }} user: ${BBB_DEV_UID}:${BBB_DEV_GID} @@ -374,7 +379,7 @@ services: periodic: build: mod/periodic - image: alangecker/bbb-docker-periodic:v2.7.0 + image: alangecker/bbb-docker-periodic:v3.0.0 restart: unless-stopped volumes: @@ -494,7 +499,7 @@ services: {{ if isTrue .Env.ENABLE_GREENLIGHT }} # greenlight greenlight: - image: bigbluebutton/greenlight:v3.4.1 + image: bigbluebutton/greenlight:v3.5.0 restart: unless-stopped env_file: .env depends_on: diff --git a/mod/apps-akka/bbb-apps-akka.conf b/mod/apps-akka/bbb-apps-akka.conf index f145c72..e9e3954 100644 --- a/mod/apps-akka/bbb-apps-akka.conf +++ b/mod/apps-akka/bbb-apps-akka.conf @@ -8,6 +8,7 @@ redis { services { bbbWebAPI="https://DOMAIN/bigbluebutton/api" sharedSecret="SHARED_SECRET" + graphqlMiddlewareAPI = "http://10.7.7.32:8378" } http { interface = "0.0.0.0" diff --git a/mod/bbb-graphql-middleware/config.yml b/mod/bbb-graphql-middleware/config.yml index 3740d32..f323157 100644 --- a/mod/bbb-graphql-middleware/config.yml +++ b/mod/bbb-graphql-middleware/config.yml @@ -6,7 +6,7 @@ redis: port: 6379 password: "" hasura: - url: ws://bbb-graphql-server:8085/v1/graphql + url: ws://nginx:8185/v1/graphql graphql-actions: url: http://bbb-graphql-actions:8093 auth_hook: diff --git a/mod/bbb-pads/Dockerfile b/mod/bbb-pads/Dockerfile index 7498a10..fa6762c 100644 --- a/mod/bbb-pads/Dockerfile +++ b/mod/bbb-pads/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bookworm-slim AS builder +FROM node:22-bookworm-slim AS builder COPY --from=src / /bbb-pads RUN cd /bbb-pads && rm -r .git && npm install --production @@ -7,7 +7,7 @@ RUN cd /bbb-pads && rm -r .git && npm install --production RUN chmod 777 /bbb-pads/config # ------------------------------ -FROM node:18-bookworm-slim +FROM node:22-bookworm-slim RUN apt update && apt install -y jq moreutils \ && useradd --uid 2003 --create-home --user-group bbb-pads diff --git a/mod/bbb-webrtc-recorder/Dockerfile b/mod/bbb-webrtc-recorder/Dockerfile index 07fd1c4..d7d7e4b 100644 --- a/mod/bbb-webrtc-recorder/Dockerfile +++ b/mod/bbb-webrtc-recorder/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.21 as builder +FROM golang:1.23 as builder ARG APP_VERSION=devel ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder diff --git a/mod/etherpad/Dockerfile b/mod/etherpad/Dockerfile index e421fc2..705867c 100644 --- a/mod/etherpad/Dockerfile +++ b/mod/etherpad/Dockerfile @@ -8,10 +8,10 @@ RUN apk add git curl USER etherpad RUN pnpm run plugins i \ - ep_cursortrace@3.1.18 \ ep_disable_chat@0.0.10 \ ep_auth_session@1.1.1 \ --github \ + mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \ mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \ mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694 diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh index 35c045d..c17e9f9 100755 --- a/mod/haproxy/bootstrap.sh +++ b/mod/haproxy/bootstrap.sh @@ -7,6 +7,11 @@ set -e declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env +# when used with an IP, we'll also disable certbot +if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + IGNORE_TLS_CERT_ERRORS=true +fi + if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then # use self signed certificate if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile index 692f88f..0bf0ab3 100644 --- a/mod/nginx/Dockerfile +++ b/mod/nginx/Dockerfile @@ -16,9 +16,12 @@ RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \ && find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \ && find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \; +RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \ + sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css + # -------------------- -FROM nginx:1.25-alpine +FROM nginx:1.27-alpine COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/ COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3 diff --git a/mod/nginx/bbb-html5.dev.nginx b/mod/nginx/bbb-html5.dev.nginx index 17f82bf..aa3a4a6 100644 --- a/mod/nginx/bbb-html5.dev.nginx +++ b/mod/nginx/bbb-html5.dev.nginx @@ -3,6 +3,11 @@ location = /html5client/locales/ { alias /usr/share/bigbluebutton/html5-client/locales/; autoindex on; autoindex_format json; + + # Prevent browsers from caching + add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; + add_header Pragma "no-cache"; + add_header Expires 0; } # running from source (npm start) diff --git a/mod/nginx/bbb/graphql.nginx b/mod/nginx/bbb/graphql.nginx index 91ca2ff..526ce5f 100644 --- a/mod/nginx/bbb/graphql.nginx +++ b/mod/nginx/bbb/graphql.nginx @@ -24,7 +24,7 @@ location /api/rest/clientSettings { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; - proxy_pass http://bbb-graphql-server:8085; #Hasura + proxy_pass http://127.0.0.1:8185; #Hasura } location /api/rest/userMetadata { @@ -35,5 +35,5 @@ location /api/rest/userMetadata { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; - proxy_pass http://bbb-graphql-server:8085; #Hasura + proxy_pass http://127.0.0.1:8185; #Hasura } diff --git a/mod/nginx/bbb/web.nginx b/mod/nginx/bbb/web.nginx index b7c9e69..5849527 100755 --- a/mod/nginx/bbb/web.nginx +++ b/mod/nginx/bbb/web.nginx @@ -159,7 +159,7 @@ proxy_set_header X-Original-URI $request_uri; } - location /bigbluebutton/ping { + location /bigbluebutton/rtt-check { default_type text/plain; add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0"; add_header Pragma "no-cache"; diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton index 33b3f32..58c5b20 100644 --- a/mod/nginx/bigbluebutton +++ b/mod/nginx/bigbluebutton @@ -59,3 +59,28 @@ server { send_timeout 6h; } } + +upstream hasura { + least_conn; + server bbb-graphql-server:8085; + # you might want to add more bbb-graphql-server@ instances to balance the + # load to multiple bbb-graphql-server instances. Execute + # `systemctl enable --now bbb-graphql-server@8086` and uncomment the + # following line: + # server 127.0.0.1:8086; +} +server { + listen 10.7.7.1:8185; + listen 127.0.0.1:8185; + + root /var/www/html; + + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + + proxy_pass http://hasura; + } +} \ No newline at end of file diff --git a/mod/recordings/Dockerfile b/mod/recordings/Dockerfile index 56c7d9f..828aa1d 100644 --- a/mod/recordings/Dockerfile +++ b/mod/recordings/Dockerfile @@ -38,7 +38,7 @@ ENV LANGUAGE en_US.UTF-8 # compile and install mkclean RUN cd /tmp \ - && wget https://netcologne.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \ + && wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \ && tar -xf /tmp/mkclean-0.8.10.tar.bz2 \ && cd /tmp/mkclean-0.8.10 \ && sed -i 's/\r//g' ./mkclean/configure.compiled \ @@ -54,7 +54,7 @@ RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VE && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz # add yq for bbb-record -RUN wget -q https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq \ +RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq \ && chmod +x /usr/bin/yq RUN mkdir -p \ diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile index 69272af..e4b7ce3 100644 --- a/mod/webhooks/Dockerfile +++ b/mod/webhooks/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bookworm-slim AS builder +FROM node:22-bookworm-slim AS builder RUN apt-get update && apt-get install -y git wget @@ -12,7 +12,7 @@ RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git RUN chmod 777 /bbb-webhooks/config # ------------------------------ -FROM node:18-bookworm-slim +FROM node:22-bookworm-slim RUN useradd --uid 2004 --user-group bbb-webhooks COPY --from=builder /usr/bin/yq /usr/bin/yq diff --git a/mod/webrtc-sfu/Dockerfile b/mod/webrtc-sfu/Dockerfile index 086b4e9..cd2ee00 100644 --- a/mod/webrtc-sfu/Dockerfile +++ b/mod/webrtc-sfu/Dockerfile @@ -4,11 +4,17 @@ FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder RUN useradd --uid 2004 --user-group webrtc-sfu +# cache packages +COPY --from=source /package.json /cache/package.json +RUN cd /cache && npm install --unsafe-perm + COPY --from=source / /app ENV NODE_ENV production + RUN cd /app \ + && rm -rf /app/node_modules && cp -a /cache/node_modules /app/node_modules \ && cp config/default.example.yml config/production.yml \ && npm install --unsafe-perm \ && npm cache clear --force \ @@ -18,7 +24,7 @@ RUN cd /app \ # ============================= -FROM node:18-bookworm-slim +FROM node:22-bookworm-slim RUN useradd --uid 2004 --user-group webrtc-sfu ENV NODE_ENV production diff --git a/repos/bbb-etherpad-plugin b/repos/bbb-etherpad-plugin index 927747e..88f3f6b 160000 --- a/repos/bbb-etherpad-plugin +++ b/repos/bbb-etherpad-plugin @@ -1 +1 @@ -Subproject commit 927747e0e18500f027a91bea2742e6061d388e28 +Subproject commit 88f3f6b06a1988436cb2edde5dc7e26e014e3a08 diff --git a/repos/bbb-playback b/repos/bbb-playback index 4e11f93..4c8e316 160000 --- a/repos/bbb-playback +++ b/repos/bbb-playback @@ -1 +1 @@ -Subproject commit 4e11f9337cecb36400f8c41caa12431b2667d8bb +Subproject commit 4c8e3166a9c059f9b553c4038ec4db99f85834d6 diff --git a/repos/bbb-webrtc-sfu b/repos/bbb-webrtc-sfu index 6fbde34..0bda4b0 160000 --- a/repos/bbb-webrtc-sfu +++ b/repos/bbb-webrtc-sfu @@ -1 +1 @@ -Subproject commit 6fbde34c357ba656741842048e936611faf45a09 +Subproject commit 0bda4b00a2f680b2c1264591736512ac846e7914 diff --git a/repos/bigbluebutton b/repos/bigbluebutton index c36e394..bf162e8 160000 --- a/repos/bigbluebutton +++ b/repos/bigbluebutton @@ -1 +1 @@ -Subproject commit c36e394e4aaa6be6c429222b7c9a86a8945b5563 +Subproject commit bf162e81fb427e8b2dfb9dbd1f9c120e3ac369d9 diff --git a/repos/tags b/repos/tags index 1857b3b..065296c 100644 --- a/repos/tags +++ b/repos/tags @@ -3,11 +3,12 @@ # used to determine submodule tags without the need for # checking out the whole submodule -repos/bbb-etherpad-plugin 068ded5 +repos/bbb-etherpad-plugin 88f3f6b repos/bbb-etherpad-skin 8328b77 repos/bbb-pads v1.5.3 -repos/bbb-playback v5.1.3 +repos/bbb-playback v5.2.1 repos/bbb-webhooks v3.3.0 -repos/bbb-webrtc-sfu v2.17.0-alpha.1 -repos/bigbluebutton v3.0.0-beta.5 +repos/bbb-webrtc-recorder v0.7.0 +repos/bbb-webrtc-sfu v2.17.0-beta.4 +repos/bigbluebutton v3.0.0 repos/freeswitch v1.10.12 diff --git a/scripts/bbb-record b/scripts/bbb-record index 31071bd..5038a77 100755 --- a/scripts/bbb-record +++ b/scripts/bbb-record @@ -4,7 +4,7 @@ set -e cd $(dirname $0)/.. # load .env -. functions.sh +. scripts/functions.sh load_env if [ ! "$ENABLE_RECORDING" == true ]; then diff --git a/scripts/functions.sh b/scripts/functions.sh index b2a71a0..5edb57a 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -16,6 +16,8 @@ function ensure_submodules { } +# this file should exist, otherwise it is created by docker +# with the wrong permissions function ensure_bbbhtml5yml { if [ ! -f conf/bbb-html5.yml ]; then diff --git a/scripts/generate-compose b/scripts/generate-compose index 5f61bab..81a546f 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -36,7 +36,7 @@ function get_tag { } # https://hub.docker.com/r/bigbluebutton/bbb-build -BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114 +BBB_BUILD_TAG=v3.0.x-release--2025-02-06-143818 docker run \ --rm \ From b4d2b2043c6428b06b5c197467e32026366ca6c7 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 4 Mar 2025 00:49:28 +0100 Subject: [PATCH 37/40] bbb-export-annotations: update to 3.0.0, drop privileges, reduce docker context --- docker-compose.tmpl.yml | 4 ++- mod/bbb-export-annotations/Dockerfile | 25 +++++++++---------- .../config/settings.json | 23 ++++++++--------- mod/bbb-export-annotations/entrypoint.sh | 6 ----- 4 files changed, 26 insertions(+), 32 deletions(-) delete mode 100755 mod/bbb-export-annotations/entrypoint.sh diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index 27bef7b..e79e905 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -177,7 +177,7 @@ services: build: context: mod/bbb-export-annotations additional_contexts: - bigbluebutton: ./repos/bigbluebutton + src: ./repos/bigbluebutton/bbb-export-annotations image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }} restart: unless-stopped depends_on: @@ -193,6 +193,8 @@ services: ipv4_address: 10.7.7.19 volumes: - ./data/bigbluebutton:/var/bigbluebutton + tmpfs: + - /tmp redis: image: redis:7.2-alpine diff --git a/mod/bbb-export-annotations/Dockerfile b/mod/bbb-export-annotations/Dockerfile index 0723860..d6c591f 100644 --- a/mod/bbb-export-annotations/Dockerfile +++ b/mod/bbb-export-annotations/Dockerfile @@ -1,24 +1,23 @@ -FROM node:18-bullseye-slim AS builder +FROM node:22-bookworm-slim AS builder -COPY --from=bigbluebutton /bbb-export-annotations /bbb-export-annotations +COPY --from=src / /bbb-export-annotations RUN cd /bbb-export-annotations && npm ci && npm install # -------------------- -FROM node:18-bullseye-slim +FROM node:22-bookworm-slim + +RUN groupadd -g 998 bigbluebutton \ + && useradd -m -u 998 -g bigbluebutton bigbluebutton -#depends on; -#Depends: nodejs,npm,bbb-apps-akka,bbb-web,cairosvg,ghostscript,imagemagick, nodejs (>= 18), nodejs (<< 20) -#see repo https://ubuntu.bigbluebutton.org/focal-270/ bigbluebutton-focal main -#apt info bbb-export-annotations -#missing dependency: poppler-utils for pdftocairo bin -> covert background / original presentation to png RUN apt update && apt install -y \ nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils -# && useradd --uid 2004 --create-home --user-group bbb-export COPY --from=builder /bbb-export-annotations /bbb-export-annotations -#we need acces to volume bigbluebutton! -USER root COPY ./config/settings.json /bbb-export-annotations/config/settings.json -COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT /entrypoint.sh + +USER bigbluebutton +WORKDIR /bbb-export-annotations +ENV NODE_ENV=production + +ENTRYPOINT npm start diff --git a/mod/bbb-export-annotations/config/settings.json b/mod/bbb-export-annotations/config/settings.json index 3283a8b..7fe69f4 100644 --- a/mod/bbb-export-annotations/config/settings.json +++ b/mod/bbb-export-annotations/config/settings.json @@ -4,23 +4,16 @@ "msgName": "PresAnnStatusMsg" }, "shared": { - "presDir": "/var/bigbluebutton", "presAnnDropboxDir": "/tmp/pres-ann-dropbox", "cairosvg": "/usr/bin/cairosvg", - "ghostscript": "/usr/bin/gs", - "imagemagick": "/usr/bin/convert", - "pdftocairo": "/usr/bin/pdftocairo" - }, - "collector": { - "pngWidthRasterizedSlides": 2560 + "ghostscript": "/usr/bin/gs" }, "process": { - "whiteboardTextEncoding": "utf-8", "maxImageWidth": 1440, "maxImageHeight": 1080, - "textScaleFactor": 2, "pointsPerInch": 72, - "pixelsPerInch": 96 + "pixelsPerInch": 96, + "cairoSVGUnsafeFlag": false }, "notifier": { "pod_id": "DEFAULT_PRESENTATION_POD", @@ -37,5 +30,11 @@ "queue": "exportJobs", "publish": "to-akka-apps-redis-channel" } - } -} + }, + "fonts": { + "draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf", + "sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf", + "serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf", + "mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf" + } +} \ No newline at end of file diff --git a/mod/bbb-export-annotations/entrypoint.sh b/mod/bbb-export-annotations/entrypoint.sh deleted file mode 100755 index a637c84..0000000 --- a/mod/bbb-export-annotations/entrypoint.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -set -e - -cd /bbb-export-annotations -export NODE_ENV=production -npm start From b61e8c8a17c14e9f6fed3c7e256400da4e00d767 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 11 Mar 2025 16:40:50 +0100 Subject: [PATCH 38/40] bbb v3.0.1 --- README.md | 2 +- repos/bigbluebutton | 2 +- repos/tags | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 385d90c..779a38e 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # 📦 BigBlueButton 3.0 Docker -Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) +Version: 3.0.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md) ## Features - Easy installation diff --git a/repos/bigbluebutton b/repos/bigbluebutton index bf162e8..398c4bc 160000 --- a/repos/bigbluebutton +++ b/repos/bigbluebutton @@ -1 +1 @@ -Subproject commit bf162e81fb427e8b2dfb9dbd1f9c120e3ac369d9 +Subproject commit 398c4bc47ca312da283d26064ec8c32e2ca67a9b diff --git a/repos/tags b/repos/tags index 065296c..e4b270b 100644 --- a/repos/tags +++ b/repos/tags @@ -10,5 +10,5 @@ repos/bbb-playback v5.2.1 repos/bbb-webhooks v3.3.0 repos/bbb-webrtc-recorder v0.7.0 repos/bbb-webrtc-sfu v2.17.0-beta.4 -repos/bigbluebutton v3.0.0 +repos/bigbluebutton v3.0.1 repos/freeswitch v1.10.12 From 70d9b0166d2e1ed47647d4dac7550b68519053e5 Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 11 Mar 2025 18:35:12 +0100 Subject: [PATCH 39/40] update docs for 3.0 --- README.md | 22 ++++++++++++++++++++-- docs/development.md | 7 +++---- docs/upgrading.md | 22 ++++++++++------------ 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 779a38e..1f85b7e 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,11 @@ Version: 3.0.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue - Full IPv6 support - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...) +## currently missing / broken +- NAT support +- bbb-transcription-controller +- livekit + ## Requirements - 4GB of RAM - Linux (it will not work under Windows/WSL) @@ -20,7 +25,7 @@ Version: 3.0.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue - Public IPv4 (expect issues with a firewall / NAT) - firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`) -## Install +## Install production server 1. Ensure the requirements above are fulfilled (it really doesn't work without them) 2. Install docker-ce & docker-compose-plugin 1. follow instructions @@ -57,7 +62,20 @@ Version: 3.0.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue $ docker compose exec greenlight bundle exec rake admin:create ``` +## Development setup +1. Clone this repository + ```sh + $ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev + ``` +2. Start dev server + ```sh + $ cd bbb-dev + $ ./scripts/dev + ``` +3. Use API Mate with the link presented in the console to create & join a conference + + ## Further How-To's -- [Running behind NAT](docs/behind-nat.md) + - [Integration into an existing web server](docs/existing-web-server.md) diff --git a/docs/development.md b/docs/development.md index ca5a3a9..e782a97 100644 --- a/docs/development.md +++ b/docs/development.md @@ -15,6 +15,8 @@ you can now run bbb-docker locally by simply starting $ ./scripts/dev ``` +Use the API Mate with the link presented in the console to create & join a conference. + ### Hints - the html5 component will watch and automatically reload on any changes 🚀 - if you change anything in the other components, you need to @@ -26,10 +28,7 @@ $ ./scripts/dev `$ ./scripts/generate-compose` - view the logs with \ `$ docker compose logs -f` -- and access the API via \ - https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret - * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_ - +- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_ ## Notes - Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode diff --git a/docs/upgrading.md b/docs/upgrading.md index 0000c33..50f0b43 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -1,29 +1,27 @@ # How To Upgrade bbb-docker -### Upgrading from `v2.6.x` -- **Breaking change:** We use now Docker Compose V2 +### Breaking changes `v2.7.x` -> `v3.0.x` +- **A setup behind NAT does currently not work!** +- on every SIP Profiles the extension field needs to be set to "DIALIN" + +### Breaking changes `v2.6.x` -> `v2.7.x` +- We use now Docker Compose V2 * make sure you have docker ≥ 23.0 installed (`$ docker -v`) * update all usages of `docker-compose` to `docker compose` in your scripts -apart from that follow the guide (_within v2.7.x_) below. - -### Upgrading from `v2.5.x` - -- **Breaking change:** Greenlight got fully rewritten +### Breaking changes `v2.5.x` -> `v2.6.x` +- Greenlight got fully rewritten * it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3` * some greenlight settings under `.env` have changed. compare your version with `sample.env` * it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly! -apart from that follow the guide below. - -### within `v2.7.x` -#### Backup +### Backup if you use greenlight, create a database backup first ```bash docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql ``` -#### Upgrading +### Upgrading ```bash # upgrade! ./scripts/upgrade From 2bee0acb10c1d2652dcc884c71413177a321ac5d Mon Sep 17 00:00:00 2001 From: chandi Date: Tue, 11 Mar 2025 18:44:33 +0100 Subject: [PATCH 40/40] changelog for release 3.0.1 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5862751..c4a21fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ ## Unreleased +## Release v3.0.1 (2025-03-11) +**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md) + +- :tada: **BigBlueButton 3.0** [#313](https://github.com/bigbluebutton/docker/pull/313) + + ## Release v2.7.3 (2023-12-08) **Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)