mirror of
https://github.com/bigbluebutton/docker.git
synced 2024-11-22 16:13:20 +01:00
remove coturn due to #73
This commit is contained in:
parent
4e3e1dd851
commit
f49ef6b625
@ -12,7 +12,6 @@ you can find a **stable bbb-docker release for 2.2** here: https://github.com/al
|
|||||||
## Features
|
## Features
|
||||||
- Easy installation
|
- Easy installation
|
||||||
- Greenlight included
|
- Greenlight included
|
||||||
- TURN server included
|
|
||||||
- Fully automated HTTPS certificates
|
- Fully automated HTTPS certificates
|
||||||
- Full IPv6 support
|
- Full IPv6 support
|
||||||
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
|
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
|
||||||
|
@ -319,23 +319,6 @@ services:
|
|||||||
network_mode: host
|
network_mode: host
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
{{ if isTrue .Env.ENABLE_COTURN }}
|
|
||||||
# coturn
|
|
||||||
coturn:
|
|
||||||
image: instrumentisto/coturn:4.5
|
|
||||||
restart: unless-stopped
|
|
||||||
command:
|
|
||||||
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
|
|
||||||
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
|
|
||||||
- "--static-auth-secret=${TURN_SECRET}"
|
|
||||||
volumes:
|
|
||||||
- ssl_data:/etc/resty-auto-ssl
|
|
||||||
- ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
|
|
||||||
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
|
|
||||||
network_mode: host
|
|
||||||
|
|
||||||
{{end}}
|
|
||||||
|
|
||||||
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
|
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
|
||||||
# greenlight
|
# greenlight
|
||||||
greenlight:
|
greenlight:
|
||||||
|
@ -7,7 +7,6 @@ you can run bbb-docker locally without any certificate issues with following `.e
|
|||||||
DEV_MODE=true
|
DEV_MODE=true
|
||||||
|
|
||||||
ENABLE_HTTPS_PROXY=true
|
ENABLE_HTTPS_PROXY=true
|
||||||
#ENABLE_COTURN=true
|
|
||||||
#ENABLE_GREENLIGHT=true
|
#ENABLE_GREENLIGHT=true
|
||||||
#ENABLE_WEBHOOKS=true
|
#ENABLE_WEBHOOKS=true
|
||||||
#ENABLE_PROMETHEUS_EXPORTER=true
|
#ENABLE_PROMETHEUS_EXPORTER=true
|
||||||
@ -17,9 +16,7 @@ DOMAIN=10.7.7.1
|
|||||||
EXTERNAL_IPv4=10.7.7.1
|
EXTERNAL_IPv4=10.7.7.1
|
||||||
STUN_IP=216.93.246.18
|
STUN_IP=216.93.246.18
|
||||||
STUN_PORT=3478
|
STUN_PORT=3478
|
||||||
TURN_SERVER=turns:localhost:465?transport=tcp
|
|
||||||
|
|
||||||
TURN_SECRET=SuperTurnSecret
|
|
||||||
SHARED_SECRET=SuperSecret
|
SHARED_SECRET=SuperSecret
|
||||||
ETHERPAD_API_KEY=SuperEtherpadKey
|
ETHERPAD_API_KEY=SuperEtherpadKey
|
||||||
RAILS_SECRET=SuperRailsSecret
|
RAILS_SECRET=SuperRailsSecret
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
set -e
|
|
||||||
apk add jq
|
|
||||||
|
|
||||||
while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
|
|
||||||
do
|
|
||||||
echo "ERROR: certificate doesn't exist yet."
|
|
||||||
echo "Certificate gets create on the first request to the HTTPS proxy."
|
|
||||||
echo "We will try again..."
|
|
||||||
sleep 10
|
|
||||||
done
|
|
||||||
|
|
||||||
# extract cert
|
|
||||||
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
|
|
||||||
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
|
|
||||||
|
|
||||||
|
|
||||||
# If command starts with an option, prepend with turnserver binary.
|
|
||||||
if [ "${1:0:1}" == '-' ]; then
|
|
||||||
set -- turnserver "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
exec $(eval "echo $@")
|
|
@ -1,71 +0,0 @@
|
|||||||
# Example coturn configuration for BigBlueButton
|
|
||||||
|
|
||||||
# These are the two network ports used by the TURN server which the client
|
|
||||||
# may connect to. We enable the standard unencrypted port 3478 for STUN,
|
|
||||||
# as well as port 443 for TURN over TLS, which can bypass firewalls.
|
|
||||||
listening-port=3478
|
|
||||||
|
|
||||||
# we use the SMTP over TLS Port, since 443 is already used for HTTPS
|
|
||||||
tls-listening-port=465
|
|
||||||
|
|
||||||
# If the server has multiple IP addresses, you may wish to limit which
|
|
||||||
# addresses coturn is using. Do that by setting this option (it can be
|
|
||||||
# specified multiple times). The default is to listen on all addresses.
|
|
||||||
# You do not normally need to set this option.
|
|
||||||
#listening-ip=172.17.19.101
|
|
||||||
|
|
||||||
# If the server is behind NAT, you need to specify the external IP address.
|
|
||||||
# If there is only one external address, specify it like this:
|
|
||||||
#external-ip=172.17.19.120
|
|
||||||
# If you have multiple external addresses, you have to specify which
|
|
||||||
# internal address each corresponds to, like this. The first address is the
|
|
||||||
# external ip, and the second address is the corresponding internal IP.
|
|
||||||
#external-ip=172.17.19.131/10.0.0.11
|
|
||||||
#external-ip=172.17.18.132/10.0.0.12
|
|
||||||
|
|
||||||
# Fingerprints in TURN messages are required for WebRTC
|
|
||||||
fingerprint
|
|
||||||
|
|
||||||
# The long-term credential mechanism is required for WebRTC
|
|
||||||
lt-cred-mech
|
|
||||||
|
|
||||||
# Configure coturn to use the "TURN REST API" method for validating time-
|
|
||||||
# limited credentials. BigBlueButton will generate credentials in this
|
|
||||||
# format. Note that the static-auth-secret value specified here must match
|
|
||||||
# the configuration in BigBlueButton's turn-stun-servers.xml
|
|
||||||
# You can generate a new random value by running the command:
|
|
||||||
# openssl rand -hex 16
|
|
||||||
use-auth-secret
|
|
||||||
# static-auth-secret=<random value>
|
|
||||||
|
|
||||||
# If the realm value is unspecified, it defaults to the TURN server hostname.
|
|
||||||
# You probably want to configure it to a domain name that you control to
|
|
||||||
# improve log output. There is no functional impact.
|
|
||||||
realm=example.com
|
|
||||||
|
|
||||||
# Configure TLS support.
|
|
||||||
# Adjust these paths to match the locations of your certificate files
|
|
||||||
cert=/tmp/cert.pem
|
|
||||||
pkey=/tmp/key.pem
|
|
||||||
# Limit the allowed ciphers to improve security
|
|
||||||
# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
|
||||||
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
|
|
||||||
|
|
||||||
# Enable longer DH TLS key to improve security
|
|
||||||
dh2066
|
|
||||||
|
|
||||||
# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
|
|
||||||
# older protocols
|
|
||||||
no-tlsv1
|
|
||||||
no-tlsv1_1
|
|
||||||
|
|
||||||
# To enable single filename logs you need to enable the simple-log flag
|
|
||||||
syslog
|
|
||||||
|
|
||||||
|
|
||||||
# Allocate Address Family according
|
|
||||||
# If enabled then TURN server allocates address family according the TURN
|
|
||||||
# Client <=> Server communication address family.
|
|
||||||
# (By default Coturn works according RFC 6156.)
|
|
||||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
|
||||||
keep-address-family
|
|
@ -7,10 +7,6 @@
|
|||||||
# fully automated Lets Encrypt certificates
|
# fully automated Lets Encrypt certificates
|
||||||
ENABLE_HTTPS_PROXY=true
|
ENABLE_HTTPS_PROXY=true
|
||||||
|
|
||||||
# coturn (a TURN Server)
|
|
||||||
# requires HTTPS Proxy to be enabled
|
|
||||||
ENABLE_COTURN=true
|
|
||||||
|
|
||||||
# Greenlight Frontend
|
# Greenlight Frontend
|
||||||
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
|
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
|
||||||
ENABLE_GREENLIGHT=true
|
ENABLE_GREENLIGHT=true
|
||||||
|
@ -19,22 +19,6 @@ if [ -z "$EXTERNAL_IPv4" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$ENABLE_COTURN" == true ]; then
|
|
||||||
if [ -z "$ENABLE_HTTPS_PROXY" ]; then
|
|
||||||
echo "ERROR: coturn requires the https proxy for certificate retrival."
|
|
||||||
echo "you must also set ENABLE_HTTPS_PROXY=true"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ "$DEV_MODE" == true ]; then
|
|
||||||
echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
|
|
||||||
echo "you should disable coturn in .env"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
docker run \
|
docker run \
|
||||||
--rm \
|
--rm \
|
||||||
-v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
|
-v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
|
||||||
@ -42,7 +26,6 @@ docker run \
|
|||||||
-e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
|
-e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
|
||||||
-e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
|
-e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
|
||||||
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
|
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
|
||||||
-e ENABLE_COTURN=${ENABLE_COTURN:-false} \
|
|
||||||
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
|
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
|
||||||
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
|
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
|
||||||
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
|
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
|
||||||
|
@ -32,14 +32,6 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
|
|||||||
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
|
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
|
||||||
done
|
done
|
||||||
|
|
||||||
coturn=""
|
|
||||||
if [ "$https_proxy" == "y" ]
|
|
||||||
then
|
|
||||||
while [[ ! $coturn =~ ^(y|n)$ ]]; do
|
|
||||||
read -p "Should a coturn be included? (y/n): " coturn
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
prometheus_exporter=""
|
prometheus_exporter=""
|
||||||
while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
|
while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
|
||||||
read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
|
read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
|
||||||
@ -114,16 +106,6 @@ then
|
|||||||
sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
|
sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$coturn" == "y" ]
|
|
||||||
then
|
|
||||||
sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:465?transport=tcp/" .env
|
|
||||||
TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
|
|
||||||
sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
|
|
||||||
sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
|
|
||||||
else
|
|
||||||
sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$prometheus_exporter" == "y" ]
|
if [ "$prometheus_exporter" == "y" ]
|
||||||
then
|
then
|
||||||
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env
|
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env
|
||||||
|
Loading…
Reference in New Issue
Block a user