split out IGNORE_TLS_CERT_ERRORS from DEV_MODE

this allows running the production version of bbb-docker locally with self signed certificates
2025-01-14 01:38:12 +01:00 · 2024-11-25 16:22:46 +01:00 · 2024-11-25 16:22:46 +01:00 · ed77742a49
commit ed77742a49
parent 1a552e7155
6 changed files with 13 additions and 8 deletions
--- a/dev.env
+++ b/dev.env
@ -6,6 +6,9 @@
 # - accept self signed certificates
 DEV_MODE=true

+# accept self signed certificates 
+IGNORE_TLS_CERT_ERRORS=true
+
 # user and group used for 
 # this avoid any file permission issues with files 
 # created inside docker (e.g. node_modules)
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@ -3,6 +3,8 @@
 # don't edit this directly.
 {{/* -------- */}}

+{{ $ignore_tls_cert_errors :=  or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}}
+
 services:
  bbb-web:
    build: 
@ -24,7 +26,7 @@ services:
      test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
      start_period: 2m
    environment:
-      DEV_MODE: ${DEV_MODE:-}
+      IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }}
      DOMAIN: ${DOMAIN}
      ENABLE_RECORDING: ${ENABLE_RECORDING:-false}
      SHARED_SECRET: ${SHARED_SECRET}
@ -36,7 +38,6 @@ services:
      TURN_EXT_SERVER: ${TURN_EXT_SERVER:-}
      TURN_EXT_SECRET: ${TURN_EXT_SECRET:-}
      ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
-      NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }}
    volumes:
      - ./data/bigbluebutton:/var/bigbluebutton
      - ./data/freeswitch-meetings:/var/freeswitch/meetings
@ -413,7 +414,7 @@ services:
      - ./data/haproxy/letsencrypt:/etc/letsencrypt
      - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
    environment:
-      - DEV_MODE=${DEV_MODE:-}
+      - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
      - CERT1=${DOMAIN}
      - STAGING=true
      - EMAIL=test@chandi.it
@ -449,7 +450,7 @@ services:
    environment:
      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
      REDIS_URL: redis://redis:6379
-      {{ if isTrue .Env.DEV_MODE }}
+      {{ if $ignore_tls_cert_errors }}
      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
      {{else}}
      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
--- a/mod/bbb-web/bbb-web.properties
+++ b/mod/bbb-web/bbb-web.properties
@ -13,7 +13,7 @@ securitySalt={{ .Env.SHARED_SECRET }}

 redisHost=redis

-{{ if isTrue .Env.DEV_MODE }}
+{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }}
 beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
 # fetch presentations without HTTPS
 presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
--- a/mod/bbb-web/turn-stun-servers.xml
+++ b/mod/bbb-web/turn-stun-servers.xml
@ -14,7 +14,7 @@
        <constructor-arg index="2" value="86400"/>
    </bean>

-    {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE))  }}
+    {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS))  }}
    {{/* ignore when using a self signed certificate in dev mode */}}
    <bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
@ -42,7 +42,7 @@
            <set>
                <ref bean="turn0" />
                
-                {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE))  }}
+                {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS))  }}
                <ref bean="turn1" />
                {{end}}

--- a/mod/haproxy/bootstrap.sh
+++ b/mod/haproxy/bootstrap.sh
@ -7,7 +7,7 @@ set -e

 declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env

-if [ "$DEV_MODE" ]; then
+if [ "$IGNORE_TLS_CERT_ERRORS" ]; then
    # use self signed certificate
    if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
        mkdir -p /etc/haproxy/certs
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@ -45,6 +45,7 @@ docker run  \
    -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \
    -e BBB_BUILD_TAG=${BBB_BUILD_TAG} \
    -e DEV_MODE=${DEV_MODE:-false} \
+    -e IGNORE_TLS_CERT_ERRORS=${IGNORE_TLS_CERT_ERRORS:-} \
    -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \
    -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
    -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \