From ed77742a49df4a6569f4540bcf9661355ab35454 Mon Sep 17 00:00:00 2001 From: chandi Date: Mon, 25 Nov 2024 16:22:46 +0100 Subject: [PATCH] split out IGNORE_TLS_CERT_ERRORS from DEV_MODE this allows running the production version of bbb-docker locally with self signed certificates --- dev.env | 3 +++ docker-compose.tmpl.yml | 9 +++++---- mod/bbb-web/bbb-web.properties | 2 +- mod/bbb-web/turn-stun-servers.xml | 4 ++-- mod/haproxy/bootstrap.sh | 2 +- scripts/generate-compose | 1 + 6 files changed, 13 insertions(+), 8 deletions(-) diff --git a/dev.env b/dev.env index 86a6e76..a4e1af4 100644 --- a/dev.env +++ b/dev.env @@ -6,6 +6,9 @@ # - accept self signed certificates DEV_MODE=true +# accept self signed certificates +IGNORE_TLS_CERT_ERRORS=true + # user and group used for # this avoid any file permission issues with files # created inside docker (e.g. node_modules) diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml index b923a60..c4c71b6 100644 --- a/docker-compose.tmpl.yml +++ b/docker-compose.tmpl.yml @@ -3,6 +3,8 @@ # don't edit this directly. {{/* -------- */}} +{{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}} + services: bbb-web: build: @@ -24,7 +26,7 @@ services: test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1 start_period: 2m environment: - DEV_MODE: ${DEV_MODE:-} + IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }} DOMAIN: ${DOMAIN} ENABLE_RECORDING: ${ENABLE_RECORDING:-false} SHARED_SECRET: ${SHARED_SECRET} @@ -36,7 +38,6 @@ services: TURN_EXT_SERVER: ${TURN_EXT_SERVER:-} TURN_EXT_SECRET: ${TURN_EXT_SECRET:-} ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} - NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }} volumes: - ./data/bigbluebutton:/var/bigbluebutton - ./data/freeswitch-meetings:/var/freeswitch/meetings @@ -413,7 +414,7 @@ services: - ./data/haproxy/letsencrypt:/etc/letsencrypt - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg environment: - - DEV_MODE=${DEV_MODE:-} + - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}} - CERT1=${DOMAIN} - STAGING=true - EMAIL=test@chandi.it @@ -449,7 +450,7 @@ services: environment: DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3 REDIS_URL: redis://redis:6379 - {{ if isTrue .Env.DEV_MODE }} + {{ if $ignore_tls_cert_errors }} BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api {{else}} BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties index 1604d0d..1357f23 100644 --- a/mod/bbb-web/bbb-web.properties +++ b/mod/bbb-web/bbb-web.properties @@ -13,7 +13,7 @@ securitySalt={{ .Env.SHARED_SECRET }} redisHost=redis -{{ if isTrue .Env.DEV_MODE }} +{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }} beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf # fetch presentations without HTTPS presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation diff --git a/mod/bbb-web/turn-stun-servers.xml b/mod/bbb-web/turn-stun-servers.xml index 02a2c27..de92838 100644 --- a/mod/bbb-web/turn-stun-servers.xml +++ b/mod/bbb-web/turn-stun-servers.xml @@ -14,7 +14,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }} {{/* ignore when using a self signed certificate in dev mode */}} @@ -42,7 +42,7 @@ - {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.DEV_MODE)) }} + {{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }} {{end}} diff --git a/mod/haproxy/bootstrap.sh b/mod/haproxy/bootstrap.sh index c74a831..88c28e1 100755 --- a/mod/haproxy/bootstrap.sh +++ b/mod/haproxy/bootstrap.sh @@ -7,7 +7,7 @@ set -e declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env -if [ "$DEV_MODE" ]; then +if [ "$IGNORE_TLS_CERT_ERRORS" ]; then # use self signed certificate if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then mkdir -p /etc/haproxy/certs diff --git a/scripts/generate-compose b/scripts/generate-compose index 3da41cb..5db14b9 100755 --- a/scripts/generate-compose +++ b/scripts/generate-compose @@ -45,6 +45,7 @@ docker run \ -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \ -e BBB_BUILD_TAG=${BBB_BUILD_TAG} \ -e DEV_MODE=${DEV_MODE:-false} \ + -e IGNORE_TLS_CERT_ERRORS=${IGNORE_TLS_CERT_ERRORS:-} \ -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \ -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \ -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \