update docs for 3.0

adding bbb-export-annotations configurations ->

README.md

@@ -3,7 +3,7 @@
 
 # 📦 BigBlueButton 3.0 Docker
 
-Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
+Version: 3.0.1 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
 
 ## Features
 - Easy installation
@@ -13,6 +13,11 @@ Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/
 - Full IPv6 support
 - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
 
+## currently missing / broken
+- NAT support
+- bbb-transcription-controller
+- livekit
+
 ## Requirements
 - 4GB of RAM
 - Linux (it will not work under Windows/WSL)
@@ -20,7 +25,7 @@ Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/
 - Public IPv4 (expect issues with a firewall / NAT)
 - firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
 
-## Install
+## Install production server
 1. Ensure the requirements above are fulfilled (it really doesn't work without them)
 2. Install docker-ce & docker-compose-plugin
     1. follow instructions
@@ -57,7 +62,20 @@ Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/
     $ docker compose exec greenlight bundle exec rake admin:create
     ```
 
+## Development setup
+1. Clone this repository
+   ```sh
+   $  git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
+   ```
+2. Start dev server
+   ```sh
+   $ cd bbb-dev
+   $ ./scripts/dev
+   ```
+3. Use API Mate with the link presented in the console to create & join a conference
+
+
 ## Further How-To's
-- [Running behind NAT](docs/behind-nat.md)
+<!-- - [Running behind NAT](docs/behind-nat.md) -->
 - [Integration into an existing web server](docs/existing-web-server.md)
 

conf/dialplan_public/example.xml

@@ -1,17 +0,0 @@
-<!--
-<extension name="from_my_provider">
- <condition field="destination_number" expression="^EXTERNALDID">
-   <action application="answer"/>
-   <action application="sleep" data="500"/>
-   <action application="play_and_get_digits" data="5 5 3 7000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
-   <action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
- </condition>
-</extension>
-<extension name="check_if_conference_active">
- <condition field="${conference ${pin} list}" expression="/sofia/g" />
- <condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
-   <action application="set" data="bbb_authorized=true"/>
-   <action application="transfer" data="${pin} XML default"/>
- </condition>
-</extension>
--->

docker-compose.tmpl.yml

@@ -88,9 +88,12 @@ services:
       DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
       SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie}
       ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
+    {{ if .Env.SIP_IP_ALLOWLIST }}
+    ports:
+      - 5060:5060/udp
+    {{ end }}
     volumes:
-      - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
+      - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external-dialin
-      - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
       - ./data/freeswitch-meetings:/var/freeswitch/meetings
     networks:
       bbb-net:
@@ -142,8 +145,8 @@ services:
         - plugin=./repos/bbb-etherpad-plugin
         - skin=./repos/bbb-etherpad-skin
       args:
-        TAG_ETHERPAD: "1.9.4"
+        TAG_ETHERPAD: "2.2.7"
-    image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
+    image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
     restart: unless-stopped
     depends_on:
       - redis
@@ -170,6 +173,29 @@ services:
       bbb-net:
         ipv4_address: 10.7.7.18
 
+  bbb-export-annotations:
+    build:
+      context: mod/bbb-export-annotations
+      additional_contexts:
+        src: ./repos/bigbluebutton/bbb-export-annotations
+    image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }}
+    restart: unless-stopped
+    depends_on:
+      - redis
+      - etherpad
+      - bbb-pads
+    networks:
+    # need connections to:
+    # https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json
+    # "bbbWebAPI": "http://127.0.0.1:8090",    -> bbb-web
+    # "bbbPadsAPI": "http://127.0.0.1:9002",   -> bbb-pads
+      bbb-net:
+        ipv4_address: 10.7.7.19
+    volumes:
+      - ./data/bigbluebutton:/var/bigbluebutton
+    tmpfs:
+      - /tmp
+
   redis:
     image: redis:7.2-alpine
     restart: unless-stopped
@@ -264,7 +290,8 @@ services:
         - src=./repos/bigbluebutton/bbb-graphql-server
       args:
         BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
-        GRAPHQL_ENGINE_TAG: v2.44.0
+        GRAPHQL_ENGINE_TAG: v2.45.0
+    image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
     depends_on:
       - postgres
       - bbb-web
@@ -291,6 +318,7 @@ services:
       {{ end }}
       args:
         BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
+    image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - redis
@@ -315,6 +343,7 @@ services:
       {{ end }}
       args:
         BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
+    image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - bbb-graphql-server
@@ -324,6 +353,8 @@ services:
     networks:
       bbb-net:
         ipv4_address: 10.7.7.32
+    extra_hosts:
+      - "nginx:10.7.7.1"
 
     {{ if isTrue .Env.DEV_MODE }}
     user: ${BBB_DEV_UID}:${BBB_DEV_GID}
@@ -350,7 +381,7 @@ services:
 
   periodic:
     build: mod/periodic
-    image: alangecker/bbb-docker-periodic:v2.7.0
+    image: alangecker/bbb-docker-periodic:v3.0.0
     restart: unless-stopped
 
     volumes:
@@ -443,6 +474,7 @@ services:
     volumes:
       - ./data/haproxy/letsencrypt:/etc/letsencrypt
       - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
+      - ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap
     environment:
       - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
       - CERT1=${DOMAIN}
@@ -469,7 +501,7 @@ services:
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
   # greenlight
   greenlight:
-    image: bigbluebutton/greenlight:v3.4.1
+    image: bigbluebutton/greenlight:v3.5.0
     restart: unless-stopped
     env_file: .env
     depends_on:

docs/development.md

@@ -15,6 +15,8 @@ you can now run bbb-docker locally by simply starting
 $ ./scripts/dev
 ```
 
+Use the API Mate with the link presented in the console to create & join a conference.
+
 ### Hints
 - the html5 component will watch and automatically reload on any changes 🚀
 - if you change anything in the other components, you need to
@@ -26,10 +28,7 @@ $ ./scripts/dev
   `$ ./scripts/generate-compose`
 - view the logs with \
   `$ docker compose logs -f`
-- and access the API via \
+- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
-  https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
-    * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
-
 
 ## Notes
 - Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode

docs/network-config.md

@@ -24,6 +24,7 @@ Services as configured.
 | coturn | network_mode: host | |
 | greenlight | | | ports: 10.7.7.1:5000:80
 | prometheus | bbb-net | 10.7.7.33 |
+| bbb-export-annotations | bbb-net | 10.7.7.19 |
 
 ```yml
 networks:  

docs/upgrading.md

@@ -1,29 +1,27 @@
 # How To Upgrade bbb-docker
 
-### Upgrading from `v2.6.x`
+### Breaking changes `v2.7.x` -> `v3.0.x`
-- **Breaking change:** We use now Docker Compose V2
+- **A setup behind NAT does currently not work!**
+- on every SIP Profiles the extension field needs to be set to "DIALIN" 
+
+### Breaking changes `v2.6.x` -> `v2.7.x`
+- We use now Docker Compose V2
     * make sure you have docker ≥ 23.0 installed (`$ docker -v`)
     * update all usages of `docker-compose` to `docker compose` in your scripts
 
-apart from that follow the guide (_within v2.7.x_) below.
+### Breaking changes `v2.5.x` -> `v2.6.x`
-
+- Greenlight got fully rewritten
-### Upgrading from `v2.5.x`
-
-- **Breaking change:** Greenlight got fully rewritten
     * it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
     * some greenlight settings under `.env` have changed. compare your version with `sample.env`
     * it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
 
-apart from that follow the guide below.
+### Backup
-
-### within `v2.7.x`
-#### Backup
 if you use greenlight, create a database backup first
 ```bash
 docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
 ```
 
-#### Upgrading
+### Upgrading
 ```bash
 # upgrade!
 ./scripts/upgrade

mod/apps-akka/bbb-apps-akka.conf

@@ -8,6 +8,7 @@ redis {
 services {
   bbbWebAPI="https://DOMAIN/bigbluebutton/api"
   sharedSecret="SHARED_SECRET"
+  graphqlMiddlewareAPI = "http://10.7.7.32:8378"
 }
 http {
   interface = "0.0.0.0"

mod/bbb-export-annotations/Dockerfile

@@ -0,0 +1,23 @@
+FROM node:22-bookworm-slim AS builder
+
+COPY --from=src / /bbb-export-annotations
+RUN cd /bbb-export-annotations && npm ci && npm install
+
+# --------------------
+
+FROM node:22-bookworm-slim
+
+RUN groupadd -g 998 bigbluebutton \
+    && useradd -m -u 998 -g bigbluebutton bigbluebutton
+
+RUN apt update && apt install -y \
+    nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils
+
+COPY --from=builder /bbb-export-annotations /bbb-export-annotations
+COPY ./config/settings.json /bbb-export-annotations/config/settings.json
+
+USER bigbluebutton
+WORKDIR /bbb-export-annotations
+ENV NODE_ENV=production
+
+ENTRYPOINT npm start

mod/bbb-export-annotations/config/settings.json

@@ -0,0 +1,40 @@
+{
+    "log": {
+      "level": "info",
+      "msgName": "PresAnnStatusMsg"
+    },
+    "shared": {
+      "presAnnDropboxDir": "/tmp/pres-ann-dropbox",
+      "cairosvg": "/usr/bin/cairosvg",
+      "ghostscript": "/usr/bin/gs"
+    },
+    "process": {
+      "maxImageWidth": 1440,
+      "maxImageHeight": 1080,
+      "pointsPerInch": 72,
+      "pixelsPerInch": 96,
+      "cairoSVGUnsafeFlag": false
+    },
+    "notifier": {
+      "pod_id": "DEFAULT_PRESENTATION_POD",
+      "is_downloadable": "false",
+      "msgName": "NewPresFileAvailableMsg"
+    },
+    "bbbWebAPI": "http://bbb-web:8090",
+    "bbbPadsAPI": "http://bbb-pads:9002",
+    "redis": {
+      "host": "redis",
+      "port": 6379,
+      "password": null,
+      "channels": {
+        "queue": "exportJobs",
+        "publish": "to-akka-apps-redis-channel"
+      }
+    },
+    "fonts": {
+      "draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
+      "sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
+      "serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
+      "mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
+  }
+}

mod/bbb-graphql-middleware/config.yml

@@ -6,7 +6,7 @@ redis:
   port: 6379
   password: ""
 hasura:
-  url: ws://bbb-graphql-server:8085/v1/graphql
+  url: ws://nginx:8185/v1/graphql
 graphql-actions:
   url: http://bbb-graphql-actions:8093
 auth_hook:

mod/bbb-pads/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18-bookworm-slim AS builder
+FROM node:22-bookworm-slim AS builder
 
 COPY --from=src / /bbb-pads
 RUN cd /bbb-pads && rm -r .git && npm install --production
@@ -7,7 +7,7 @@ RUN cd /bbb-pads && rm -r .git && npm install --production
 RUN chmod 777 /bbb-pads/config
 # ------------------------------
 
-FROM node:18-bookworm-slim
+FROM node:22-bookworm-slim
 
 RUN apt update && apt install -y jq moreutils \
     && useradd --uid 2003 --create-home --user-group bbb-pads

mod/bbb-web/entrypoint.sh

@@ -11,9 +11,11 @@ mkdir -p /var/bigbluebutton/recording/publish
 mkdir -p /var/bigbluebutton/recording/status/recorded
 mkdir -p /var/bigbluebutton/recording/status/archived
 mkdir -p /var/bigbluebutton/recording/status/processed
+mkdir -p /var/bigbluebutton/recording/status/ended
 mkdir -p /var/bigbluebutton/recording/status/sanity
 mkdir -p /var/bigbluebutton/recording/status/published
 mkdir -p /var/bigbluebutton/captions
+mkdir -p /var/bigbluebutton/captions/inbox
 mkdir -p /var/bigbluebutton/published
 mkdir -p /var/bigbluebutton/deleted
 mkdir -p /var/bigbluebutton/unpublished

mod/bbb-webrtc-recorder/Dockerfile

@@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.21 as builder
+FROM golang:1.23 as builder
 
 ARG APP_VERSION=devel
 ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder

mod/etherpad/Dockerfile

@@ -7,20 +7,21 @@ RUN apk add git curl
 
 USER etherpad
 
-RUN npm install \
+RUN pnpm run plugins i \
-    ep_cursortrace@3.1.16 \
+    ep_disable_chat@0.0.10 \
-    git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
-    git+https://github.com/mconf/ep_redis_publisher.git#2b6e47c1c59362916a0b2961a29b259f2977b694 \
-    ep_disable_chat@0.0.8 \
     ep_auth_session@1.1.1 \
-# remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches
+    --github \
-    && rm package-lock.json package.json
+        mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
+        mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \
+        mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694
+
 
 # add skin from git submodule
 COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
 
 # add plugin from git submodule
-COPY --chown=etherpad:0 --from=plugin / /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
+COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches
+RUN pnpm run plugins i --path /ep_bigbluebutton_patches
 
 COPY settings.json /opt/etherpad-lite/settings.json
 COPY etherpad-export.sh /etherpad-export.sh

mod/etherpad/entrypoint.sh

@@ -1,5 +1,3 @@
 #!/bin/sh
 echo $ETHERPAD_API_KEY > /tmp/apikey
-export NODE_ENV=production
+pnpm run prod --apikey /tmp/apikey
-
-node /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js --apikey /tmp/apikey

mod/etherpad/settings.json

@@ -140,7 +140,7 @@
    * "full-width-editor" variant (by default editor is rendered as a page, with
    * a max-width of 900px).
    */
-  "skinVariants": "super-light-toolbar super-light-editor light-background",
+  "skinVariants": "",
 
   /*
    * IP and port which Etherpad should bind at.
@@ -162,6 +162,14 @@
    */
   "showSettingsInAdminPage": true,
 
+  /*
+   * Settings for cleanup of pads
+   */
+  "cleanup": {
+    "enabled": false,
+    "keepRevisions": 5
+  },
+
   /*
    * Node native SSL support
    *
@@ -271,6 +279,14 @@
     "pageDown":  true
   },
 
+  /*
+   * Enables the use of a different server. We have a different one that syncs changes from the original server.
+   * It is hosted on GitHub and should not be blocked by many firewalls.
+   *  https://etherpad.org/ep_infos
+   */
+
+  "updateServer": "https://etherpad.org/ep_infos",
+
   /*
    * Should we suppress errors from being visible in the default Pad Text?
    */
@@ -323,14 +339,6 @@
    */
   "soffice": "/etherpad-export.sh",
 
-  /*
-   * Path to the Tidy executable.
-   *
-   * Tidy is used to improve the quality of exported pads.
-   * Setting it to null disables Tidy.
-   */
-  "tidyHtml": null,
-
   /*
    * Allow import of file types other than the supported ones:
    * txt, doc, docx, rtf, odt, html & htm
@@ -364,6 +372,22 @@
    * Settings controlling the session cookie issued by Etherpad.
    */
   "cookie": {
+    /*
+     * How often (in milliseconds) the key used to sign the express_sid cookie
+     * should be rotated. Long rotation intervals reduce signature verification
+     * overhead (because there are fewer historical keys to check) and database
+     * load (fewer historical keys to store, and less frequent queries to
+     * get/update the keys). Short rotation intervals are slightly more secure.
+     *
+     * Multiple Etherpad processes sharing the same database (table) is
+     * supported as long as the clock sync error is significantly less than this
+     * value.
+     *
+     * Key rotation can be disabled (not recommended) by setting this to 0 or
+     * null, or by disabling session expiration (see sessionLifetime).
+     */
+    "keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
+
     /*
      * Value of the SameSite cookie property. "Lax" is recommended unless
      * Etherpad will be embedded in an iframe from another site, in which case
@@ -375,7 +399,51 @@
      * significant usability drawbacks vs. "Lax". See
      * https://stackoverflow.com/q/41841880 for discussion.
      */
-    "sameSite": "None"
+    "sameSite": "None",
+
+    /*
+     * How long (in milliseconds) after navigating away from Etherpad before the
+     * user is required to log in again. (The express_sid cookie is set to
+     * expire at time now + sessionLifetime when first created, and its
+     * expiration time is periodically refreshed to a new now + sessionLifetime
+     * value.) If requireAuthentication is false then this value does not really
+     * matter.
+     *
+     * The "best" value depends on your users' usage patterns and the amount of
+     * convenience you desire. A long lifetime is more convenient (users won't
+     * have to log back in as often) but has some drawbacks:
+     *   - It increases the amount of state kept in the database.
+     *   - It might weaken security somewhat: The cookie expiration is refreshed
+     *     indefinitely without consulting authentication or authorization
+     *     hooks, so once a user has accessed a pad, the user can continue to
+     *     use the pad until the user leaves for longer than sessionLifetime.
+     *   - More historical keys (sessionLifetime / keyRotationInterval) must be
+     *     checked when verifying signatures.
+     *
+     * Session lifetime can be set to infinity (not recommended) by setting this
+     * to null or 0. Note that if the session does not expire, most browsers
+     * will delete the cookie when the browser exits, but a session record is
+     * kept in the database forever.
+     */
+    "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
+
+    /*
+     * How long (in milliseconds) before the expiration time of an active user's
+     * session is refreshed (to now + sessionLifetime). This setting affects the
+     * following:
+     *   - How often a new session expiration time will be written to the
+     *     database.
+     *   - How often each user's browser will ping the Etherpad server to
+     *     refresh the expiration time of the session cookie.
+     *
+     * High values reduce the load on the database and the load from browsers,
+     * but can shorten the effective session lifetime if Etherpad is restarted
+     * or the user navigates away.
+     *
+     * Automatic session refreshes can be disabled (not recommended) by setting
+     * this to null.
+     */
+    "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
   },
 
   /*
@@ -475,7 +543,7 @@
   /*
    * Restrict socket.io transport methods
    */
-  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+  "socketTransportProtocols" : ["websocket", "polling"],
 
   "socketIo": {
     /*
@@ -485,7 +553,7 @@
      * value to work properly, but increasing the value increases susceptibility
      * to denial of service attacks (malicious clients can exhaust memory).
      */
-    "maxHttpBufferSize": 10000
+    "maxHttpBufferSize": 50000
   },
 
   /*
@@ -550,6 +618,13 @@
    */
   "importMaxFileSize": 52428800, // 50 * 1024 * 1024
 
+  /*
+    The authentication method used by the server.
+    The default value is sso
+    If you want to use the old authentication system, change this to apikey
+   */
+  "authenticationMethod": "apikey",
+
   /*
    * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
    *
@@ -566,7 +641,6 @@
     "points": 100
   },
 
-
   /*
    * Toolbar buttons configuration.
    *
@@ -596,6 +670,13 @@
    */
   "loglevel": "INFO",
 
+    /*
+   * The log layout type to use.
+   *
+   * Valid values: basic, colored
+   */
+   "logLayoutType": "colored",
+
   /* Override any strings found in locale directories */
   "customLocaleStrings": {
     "de": {
@@ -633,8 +714,10 @@
   },
 
   /* Disable Admin UI tests */
-  "enableAdminUITests": false
+  "enableAdminUITests": false,
+
+  /*
+   * Enable/Disable case-insensitive pad names.
+   */
+  "lowerCasePadIds": false
 }
-
-
-

mod/freeswitch/conf/dialplan/public/dialin.xml

@@ -0,0 +1,31 @@
+<include>
+  <extension name="from_my_provider">
+    <!-- match only calls from dial-in which haven't got transfered yet   -->
+    <condition field="destination_number" expression="^(?!SEND_TO_CONFERENCE).*$"/>
+    <condition field="${sofia_profile_name}" expression="^external-dialin$">
+      <action application="start_dtmf" />
+      <action application="answer"/>
+      <action application="sleep" data="1000"/>
+      <action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
+      <action application="set_profile_var" data="caller_id_name=${regex(${caller_id_name}|^.*(.{4})$|xxx-xxx-%1)}"/>
+      <action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
+    </condition>
+  </extension>
+
+  <extension name="check_if_conference_active">
+    <condition field="${conference ${pin} list}" expression="/sofia/g" />
+    <condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
+      <action application="set" data="bbb_authorized=true"/>
+      <action application="transfer" data="${pin} XML default"/>
+    </condition>
+  </extension>
+
+  <extension name="conf_bad_pin">
+    <condition field="${pin}" expression="^\d{5}$">
+      <action application="answer"/>
+      <action application="sleep" data="1000"/>
+      <action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-bad-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
+      <action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
+    </condition>
+  </extension>
+</include>

mod/freeswitch/conf/sip_profiles/external-dialin.xml

@@ -0,0 +1,86 @@
+<profile name="external-dialin">
+  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
+  <!-- This profile is only for outbound registrations to providers -->
+  <gateways>
+    <X-PRE-PROCESS cmd="include" data="external-dialin/*.xml"/>
+  </gateways>
+
+  <aliases>
+    <!--
+        <alias name="outbound"/>
+        <alias name="nat"/>
+    -->
+  </aliases>
+
+  <domains>
+    <domain name="all" alias="false" parse="true"/>
+  </domains>
+
+  <settings>
+    <param name="debug" value="1"/>
+    <!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
+    <!-- <param name="shutdown-on-fail" value="true"/> -->
+    <param name="sip-trace" value="no"/>
+    <param name="sip-capture" value="no"/>
+    <param name="rfc2833-pt" value="101"/>
+    <!-- RFC 5626 : Send reg-id and sip.instance -->
+    <!--<param name="enable-rfc-5626" value="true"/> -->
+    <param name="sip-port" value="5060"/>
+    <param name="dialplan" value="XML"/>
+    <param name="context" value="public"/>
+    <param name="dtmf-duration" value="2000"/>
+    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
+    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
+    <param name="hold-music" value="$${hold_music}"/>
+    <param name="rtp-timer-name" value="soft"/>
+    <!--<param name="enable-100rel" value="true"/>-->
+    <!--<param name="disable-srv503" value="true"/>-->
+    <!-- This could be set to "passive" -->
+    <param name="local-network-acl" value="localnet.auto"/>
+    <param name="manage-presence" value="false"/>
+
+
+    <!-- Added for Microsoft Edge browser -->
+    <param name="apply-candidate-acl" value="localnet.auto"/>
+    <param name="apply-candidate-acl" value="wan_v4.auto"/>
+    <param name="apply-candidate-acl" value="rfc1918.auto"/>
+    <param name="apply-candidate-acl" value="any_v4.auto"/>
+
+    <!-- used to share presence info across sofia profiles
+         manage-presence needs to be set to passive on this profile
+         if you want it to behave as if it were the internal profile
+         for presence.
+    -->
+    <!-- Name of the db to use for this profile -->
+    <param name="dbname" value="sqlite://memory://file:external_dialin?mode=memory&amp;cache=shared"/>
+    <!--<param name="presence-hosts" value="$${domain}"/>-->
+    <!--<param name="force-register-domain" value="$${domain}"/>-->
+    <!--all inbound reg will stored in the db using this domain -->
+    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
+    <!-- ************************************************* -->
+
+    <!--<param name="aggressive-nat-detection" value="true"/>-->
+    <param name="inbound-codec-negotiation" value="generous"/>
+    <param name="nonce-ttl" value="60"/>
+    <param name="auth-calls" value="false"/>
+    <param name="inbound-late-negotiation" value="true"/>
+    <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
+
+    <param name="rtp-ip" value="$${local_ip_v4}"/>
+    <param name="sip-ip" value="$${local_ip_v4}"/>
+    <param name="ext-rtp-ip" value="$${external_ip_v4}"/>
+    <param name="ext-sip-ip" value="$${external_ip_v4}"/>
+
+    <param name="rtp-timeout-sec" value="300"/>
+    <param name="rtp-hold-timeout-sec" value="1800"/>
+    <param name="enable-3pcc" value="proxy"/>
+
+    <!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
+    <param name="rtcp-audio-interval-msec" value="5000"/>
+    <param name="rtcp-video-interval-msec" value="5000"/>
+
+    <!-- Cut down in the join time -->
+    <param name="dtmf-type" value="info"/>
+    <param name="liberal-dtmf" value="true"/>
+  </settings>
+</profile>

mod/freeswitch/conf/sip_profiles/external.xml

@@ -0,0 +1,115 @@
+<profile name="external">
+  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
+  <!-- This profile is only for outbound registrations to providers -->
+
+  <domains>
+    <domain name="all" alias="false" parse="true"/>
+  </domains>
+
+  <settings>
+    <param name="debug" value="0"/>
+    <!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
+    <!-- <param name="shutdown-on-fail" value="true"/> -->
+    <param name="sip-trace" value="no"/>
+    <param name="sip-capture" value="no"/>
+    <param name="rfc2833-pt" value="101"/>
+    <!-- RFC 5626 : Send reg-id and sip.instance -->
+    <!--<param name="enable-rfc-5626" value="true"/> -->
+
+    <!--
+        SIP port is not rquired, since we are using WS for the
+        internal connection and a seperate profile (external-dialin-xml)
+        for SIP dial in 
+    -->
+    <param name="sip-port" value="15060"/>
+    <param name="dialplan" value="XML"/>
+    <param name="context" value="public"/>
+    <param name="dtmf-duration" value="2000"/>
+    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
+    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
+    <param name="hold-music" value="$${hold_music}"/>
+    <param name="rtp-timer-name" value="soft"/>
+    <!--<param name="enable-100rel" value="true"/>-->
+    <!--<param name="disable-srv503" value="true"/>-->
+    <!-- This could be set to "passive" -->
+    <param name="local-network-acl" value="localnet.auto"/>
+    <param name="manage-presence" value="false"/>
+
+
+    <!-- Added for Microsoft Edge browser -->
+    <param name="apply-candidate-acl" value="localnet.auto"/>
+    <param name="apply-candidate-acl" value="wan_v4.auto"/>
+    <param name="apply-candidate-acl" value="rfc1918.auto"/>
+    <param name="apply-candidate-acl" value="any_v4.auto"/>
+
+    <!-- used to share presence info across sofia profiles
+         manage-presence needs to be set to passive on this profile
+         if you want it to behave as if it were the internal profile
+         for presence.
+    -->
+    <!-- Name of the db to use for this profile -->
+    <param name="dbname" value="sqlite://memory://file:external?mode=memory&amp;cache=shared"/>
+    <!--<param name="presence-hosts" value="$${domain}"/>-->
+    <!--<param name="force-register-domain" value="$${domain}"/>-->
+    <!--all inbound reg will stored in the db using this domain -->
+    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
+    <!-- ************************************************* -->
+
+    <!--<param name="aggressive-nat-detection" value="true"/>-->
+    <param name="inbound-codec-negotiation" value="generous"/>
+    <param name="nonce-ttl" value="60"/>
+    <param name="auth-calls" value="false"/>
+    <param name="inbound-late-negotiation" value="true"/>
+    <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
+    <!--
+        DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
+    <param name="rtp-ip" value="$${local_ip_v4}"/>
+    <param name="sip-ip" value="$${local_ip_v4}"/>
+    <param name="ext-rtp-ip" value="auto-nat"/>
+    <param name="ext-sip-ip" value="auto-nat"/>
+    -->
+
+    <param name="rtp-ip" value="$${local_ip_v4}"/>
+    <param name="sip-ip" value="$${local_ip_v4}"/>
+    <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
+    <param name="ext-sip-ip" value="$${local_ip_v4}"/>
+
+    <param name="rtp-timeout-sec" value="300"/>
+    <param name="rtp-hold-timeout-sec" value="1800"/>
+    <param name="enable-3pcc" value="proxy"/>
+
+    <!-- TLS: disabled by default, set to "true" to enable -->
+    <param name="tls" value="$${external_ssl_enable}"/>
+    <!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
+    <param name="tls-only" value="false"/>
+    <!-- additional bind parameters for TLS -->
+    <param name="tls-bind-params" value="transport=tls"/>
+    <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
+    <param name="tls-sip-port" value="$${external_tls_port}"/>
+    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
+    <!--<param name="tls-cert-dir" value=""/>-->
+    <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
+    <param name="tls-passphrase" value=""/>
+    <!-- Verify the date on TLS certificates -->
+    <param name="tls-verify-date" value="true"/>
+    <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
+    <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
+    <param name="tls-verify-policy" value="none"/>
+    <!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
+    <param name="tls-verify-depth" value="2"/>
+    <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
+    <param name="tls-verify-in-subjects" value=""/>
+    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
+    <param name="tls-version" value="$${sip_tls_version}"/>
+    <param name="ws-binding"  value=":5066"/>
+    <param name="wss-binding"  value=":7443"/>
+
+    <!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
+    <param name="rtcp-audio-interval-msec" value="5000"/>
+    <param name="rtcp-video-interval-msec" value="5000"/>
+
+    <!-- Cut down in the join time -->
+    <param name="dtmf-type" value="info"/>
+    <param name="liberal-dtmf" value="true"/>
+  </settings>
+</profile>

mod/freeswitch/conf/vars.xml.tmpl

@@ -61,6 +61,7 @@
       information on this topic.
   -->
   <X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.10"/>
+  <X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
 
   <X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
   <X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>

mod/haproxy/bootstrap.sh

@@ -7,6 +7,11 @@ set -e
 
 declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
 
+# when used with an IP, we'll also disable certbot
+if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  IGNORE_TLS_CERT_ERRORS=true
+fi
+
 if [ "$IGNORE_TLS_CERT_ERRORS"  ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
     # use self signed certificate
     if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then

mod/haproxy/haproxy.cfg

@@ -64,7 +64,7 @@ frontend nginx_or_turn
   use_backend nginx-http2 if { ssl_fc_alpn h2 }
   use_backend nginx if { ssl_fc_alpn http/1.1 }
   use_backend turn if { ssl_fc_alpn stun.turn }
-  # use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
+  use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
   default_backend turn
 
 backend turn

mod/haproxy/protocolmap

@@ -0,0 +1,52 @@
+a nginx
+b nginx
+c nginx
+d nginx
+e nginx
+f nginx
+g nginx
+h nginx
+i nginx
+j nginx
+k nginx
+l nginx
+m nginx
+n nginx
+o nginx
+p nginx
+q nginx
+r nginx
+s nginx
+t nginx
+u nginx
+v nginx
+w nginx
+x nginx
+y nginx
+z nginx
+A nginx
+B nginx
+C nginx
+D nginx
+E nginx
+F nginx
+G nginx
+H nginx
+I nginx
+J nginx
+K nginx
+L nginx
+M nginx
+N nginx
+O nginx
+P nginx
+Q nginx
+R nginx
+S nginx
+T nginx
+U nginx
+V nginx
+W nginx
+X nginx
+Y nginx
+Z nginx

mod/nginx/Dockerfile

@@ -16,9 +16,12 @@ RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
     && find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
     && find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
 
+RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
+    sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css
+
 # --------------------
 
-FROM nginx:1.25-alpine
+FROM nginx:1.27-alpine
 
 COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
 COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3

mod/nginx/bbb-html5.dev.nginx

@@ -3,6 +3,11 @@ location = /html5client/locales/ {
   alias /usr/share/bigbluebutton/html5-client/locales/;
   autoindex on;
   autoindex_format json;
+
+  # Prevent browsers from caching
+  add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
+  add_header Pragma "no-cache";
+  add_header Expires 0;
 }
 
 # running from source (npm start)

mod/nginx/bbb/graphql.nginx

@@ -24,7 +24,7 @@ location /api/rest/clientSettings {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
     proxy_set_header Host $host;
-    proxy_pass http://bbb-graphql-server:8085; #Hasura
+    proxy_pass http://127.0.0.1:8185; #Hasura
 }
 
 location /api/rest/userMetadata {
@@ -35,5 +35,5 @@ location /api/rest/userMetadata {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
     proxy_set_header Host $host;
-    proxy_pass http://bbb-graphql-server:8085; #Hasura
+    proxy_pass http://127.0.0.1:8185; #Hasura
 }

mod/nginx/bbb/web.nginx

@@ -159,7 +159,7 @@
             proxy_set_header        X-Original-URI $request_uri;
         }
 
-        location /bigbluebutton/ping {
+        location /bigbluebutton/rtt-check {
             default_type text/plain;
             add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
             add_header Pragma "no-cache";

mod/nginx/bigbluebutton

@@ -59,3 +59,28 @@ server {
     send_timeout        6h;
   }
 }
+
+upstream hasura {
+    least_conn;
+    server bbb-graphql-server:8085;
+    # you might want to add more bbb-graphql-server@ instances to balance the
+    # load to multiple bbb-graphql-server instances. Execute 
+    # `systemctl enable --now bbb-graphql-server@8086` and uncomment the
+    # following line:
+    # server 127.0.0.1:8086;
+}
+server {
+    listen 10.7.7.1:8185;
+    listen 127.0.0.1:8185;
+
+    root /var/www/html;
+
+    location / {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+
+	    proxy_pass http://hasura;
+    }
+}

mod/recordings/Dockerfile

@@ -38,7 +38,7 @@ ENV LANGUAGE en_US.UTF-8
 
 # compile and install mkclean
 RUN cd /tmp \
-    && wget https://netcologne.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
+    && wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
     && tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
     && cd /tmp/mkclean-0.8.10 \
     && sed -i 's/\r//g' ./mkclean/configure.compiled \
@@ -54,7 +54,7 @@ RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VE
     && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
 # add yq for bbb-record
-RUN  wget -q https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq \
+RUN  wget -q https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq \
     && chmod +x /usr/bin/yq
 
 RUN mkdir -p \

mod/webhooks/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18-bookworm-slim AS builder
+FROM node:22-bookworm-slim AS builder
 
 
 RUN apt-get update && apt-get install -y git wget
@@ -12,7 +12,7 @@ RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git
 RUN chmod 777 /bbb-webhooks/config
 # ------------------------------
 
-FROM node:18-bookworm-slim
+FROM node:22-bookworm-slim
 RUN useradd --uid 2004 --user-group bbb-webhooks
 
 COPY --from=builder /usr/bin/yq /usr/bin/yq

mod/webrtc-sfu/Dockerfile

@@ -4,11 +4,17 @@ FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
 RUN useradd --uid 2004 --user-group webrtc-sfu 
 
+# cache packages
+COPY --from=source /package.json /cache/package.json
+RUN cd /cache && npm install --unsafe-perm
+
 COPY --from=source / /app
 
 ENV NODE_ENV production
 
+
 RUN cd /app \
+  && rm -rf /app/node_modules && cp -a /cache/node_modules /app/node_modules \
  && cp config/default.example.yml config/production.yml \
  && npm install --unsafe-perm \
  && npm cache clear --force \
@@ -18,7 +24,7 @@ RUN cd /app \
 
 
 # =============================
-FROM node:18-bookworm-slim
+FROM node:22-bookworm-slim
 RUN useradd --uid 2004 --user-group webrtc-sfu 
 ENV NODE_ENV production
 

repos/tags

@@ -3,11 +3,12 @@
 # used to determine submodule tags without the need for
 # checking out the whole submodule
 
-repos/bbb-etherpad-plugin 068ded5
+repos/bbb-etherpad-plugin 88f3f6b
 repos/bbb-etherpad-skin 8328b77
 repos/bbb-pads v1.5.3
-repos/bbb-playback v5.1.3
+repos/bbb-playback v5.2.1
 repos/bbb-webhooks v3.3.0
-repos/bbb-webrtc-sfu v2.17.0-alpha.1
+repos/bbb-webrtc-recorder v0.7.0
-repos/bigbluebutton v3.0.0-beta.5
+repos/bbb-webrtc-sfu v2.17.0-beta.4
+repos/bigbluebutton v3.0.1
 repos/freeswitch v1.10.12

scripts/bbb-record

@@ -4,7 +4,7 @@ set -e
 cd $(dirname $0)/..
 
 # load .env
-. functions.sh
+. scripts/functions.sh
 load_env
 
 if [ ! "$ENABLE_RECORDING" == true ]; then

scripts/functions.sh

@@ -16,6 +16,8 @@ function ensure_submodules {
     
 }
 
+# this file should exist, otherwise it is created by docker
+# with the wrong permissions
 function ensure_bbbhtml5yml {
     if [ ! -f conf/bbb-html5.yml ]; then
 

scripts/generate-compose

@@ -18,7 +18,7 @@ if [ -z "$EXTERNAL_IPv4" ]; then
     exit 1
 fi
 
-if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then
+if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ] && [ -z "$DEV_MODE" ]; then
     echo "ERROR: LETSENCRYPT_EMAIL is not set in .env"
     echo "you need to specify an email adress, otherwise the certificate"
     echo "retrieval will fail"
@@ -36,7 +36,7 @@ function get_tag {
 }
 
 # https://hub.docker.com/r/bigbluebutton/bbb-build
-BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114
+BBB_BUILD_TAG=v3.0.x-release--2025-02-06-143818
 
 docker run  \
     --rm  \
@@ -54,6 +54,7 @@ docker run  \
     -e DEV_MODE=${DEV_MODE:-false} \
     -e IGNORE_TLS_CERT_ERRORS=${IGNORE_TLS_CERT_ERRORS:-} \
     -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \
+    -e SIP_IP_ALLOWLIST=${SIP_IP_ALLOWLIST:-} \
     -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
     -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
     -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \

scripts/setup

@@ -137,9 +137,11 @@ fi
 if [ ! "$https_proxy" == "y" ]
 then
     sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env
-    sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
 fi
 
+sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
+
+
 if [ "$recording" == "y" ]
 then
     sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env