extern/docker
1
0
Fork 1
mirror of https://github.com/bigbluebutton/docker.git synced 2025-08-13 14:37:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: extern:develop
Branches Tags
extern:develop extern:main extern:bbb3.0 extern:bbb3.0-sip-dialin extern:dev-mode extern:repo-restructure extern:fix-bbb-exporter extern:v2.7.3 extern:v2.6.1 extern:v2.6 extern:antobinary-patch-1 extern:v2.5.10 extern:fix-recordings-ffmpeg extern:v2.5.8 extern:v2.5.5 extern:bbb-2.5.3 extern:v2.5.x extern:v2.4.x
..
compare: extern:bbb-2.5.3
Branches Tags
extern:develop extern:main extern:bbb3.0 extern:bbb3.0-sip-dialin extern:dev-mode extern:repo-restructure extern:fix-bbb-exporter extern:v2.7.3 extern:v2.6.1 extern:v2.6 extern:antobinary-patch-1 extern:v2.5.10 extern:fix-recordings-ffmpeg extern:v2.5.8 extern:v2.5.5 extern:bbb-2.5.3 extern:v2.5.x extern:v2.4.x

1 Commits
develop ... bbb-2.5.3

Author SHA1 Message Date
chandi
c9079a8c68 BBB 2.5.3 2022-07-15 12:51:30 +02:00
138 changed files with 1763 additions and 2554 deletions
Expand all files Collapse all files

0
.cache/go/.gitkeep
View File

0
.cache/meteor/.gitkeep
View File

0
.cache/npm/.gitkeep
View File

9
.gitignore vendored
View File

@ -14,13 +14,4 @@ docker-compose.override.yml
# App generated
.env
.env.bak
postgres-data
greenlight-data
.cache/*/**
!.cache/*/.gitkeep
data/*
!data/.gitkeep
conf/bbb-html5.yml

43
.gitmodules vendored
View File

@ -1,27 +1,18 @@
[submodule "repos/bbb-etherpad-skin"]
path = repos/bbb-etherpad-skin
url = https://github.com/alangecker/bbb-etherpad-skin
[submodule "repos/bbb-etherpad-plugin"]
path = repos/bbb-etherpad-plugin
url = https://github.com/alangecker/bbb-etherpad-plugin
[submodule "repos/bbb-webhooks"]
path = repos/bbb-webhooks
url = https://github.com/bigbluebutton/bbb-webhooks
[submodule "repos/bbb-playback"]
path = repos/bbb-playback
url = https://github.com/bigbluebutton/bbb-playback
[submodule "repos/freeswitch"]
path = repos/freeswitch
url = https://github.com/signalwire/freeswitch.git
[submodule "repos/bigbluebutton"]
path = repos/bigbluebutton
url = https://github.com/bigbluebutton/bigbluebutton.git
[submodule "repos/bbb-webrtc-sfu"]
path = repos/bbb-webrtc-sfu
[submodule "bbb-webrtc-sfu"]
path = mod/webrtc-sfu/bbb-webrtc-sfu
url = https://github.com/bigbluebutton/bbb-webrtc-sfu.git
[submodule "repos/bbb-pads"]
path = repos/bbb-pads
url = https://github.com/bigbluebutton/bbb-pads.git
[submodule "repos/bbb-webrtc-recorder"]
path = repos/bbb-webrtc-recorder
url = https://github.com/bigbluebutton/bbb-webrtc-recorder.git
[submodule "mod/etherpad/bbb-etherpad-skin"]
path = mod/etherpad/bbb-etherpad-skin
url = https://github.com/alangecker/bbb-etherpad-skin
[submodule "mod/etherpad/bbb-etherpad-plugin"]
path = mod/etherpad/bbb-etherpad-plugin
url = https://github.com/alangecker/bbb-etherpad-plugin
[submodule "mod/bbb-pads/bbb-pads"]
path = mod/bbb-pads/bbb-pads
url = https://github.com/bigbluebutton/bbb-pads
[submodule "mod/webhooks/bbb-webhooks"]
path = mod/webhooks/bbb-webhooks
url = https://github.com/bigbluebutton/bbb-webhooks
[submodule "mod/nginx/bbb-playback"]
path = mod/nginx/bbb-playback
url = https://github.com/bigbluebutton/bbb-playback

38
CHANGELOG.md
View File

@ -1,43 +1,7 @@
# Changelog
## Unreleased
## Release v3.0.4 (2025-03-27)
- update to 3.0.4 @tibroc [#347](https://github.com/bigbluebutton/docker/pull/347
- fix not accepting length of dial in / voiceBridge numbers @alangecker
- upgrade: migrate postgres & greenlight data @alangecker
## Release v3.0.1 (2025-03-11)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- :tada: **BigBlueButton 3.0** [#313](https://github.com/bigbluebutton/docker/pull/313)
## Release v2.7.3 (2023-12-08)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- BigBlueButton 2.7.3 @alangecker [#304](https://github.com/bigbluebutton/docker/pull/304)
- use local sources instead of pulling inside container @alangecker [#307](https://github.com/bigbluebutton/docker/pull/307)
- BigBlueButton 2.7.0 @alangecker [#291](https://github.com/bigbluebutton/docker/pull/291)
- Update to ComposeV2 @leonidas-o [#271](https://github.com/bigbluebutton/docker/pull/271)
- recordings: fix for missing `SHARED_SECRET` @ichdasich [#274](https://github.com/bigbluebutton/docker/issues/274) [#268](https://github.com/bigbluebutton/docker/issues/268)
- Add RESOLVER_ADDRESS to env for docker-nginx-auto-ssl @pkolmann [#277](https://github.com/bigbluebutton/docker/pull/277)
- Fix learning-dashboard @yanus [#262](https://github.com/bigbluebutton/docker/pull/262)
## Release v2.6.0-2 (2023-04-04)
- hotfix for broken freeswitch container due to enabled compresion with max file count == 1 [#260](https://github.com/bigbluebutton/docker/issues/260)
## Release v2.6.0 (2023-04-03)
- **Breaking change:** Greenlight v3 (see [upgrade note](docs/upgrading.md) @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255)
- BigBlueButton v2.6 @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255)
- Set client_max_body_size for greenlight @nr23730 [#252](https://github.com/bigbluebutton/docker/pull/252)
- self building freeswitch (applying patches and independent from external apt repos) @alangecker
- reduce amount of logs with senstivie data @alangecker
## Release v2.5.8 (2022-11-06)
- BBB 2.5.8 @alangecker [#238](https://github.com/bigbluebutton/docker/pull/238)
- recordings: fix for missing ffmpeg filter @alangecker [#235](https://github.com/bigbluebutton/docker/issues/235) [#230](https://github.com/bigbluebutton/docker/pull/230)
- BBB 2.5.3 @alangecker
## Release v2.5.0 (2022-06-10)
- BigBlueButton v2.5 @alangecker [#207](https://github.com/bigbluebutton/docker/pull/207)

61
README.md
View File

@ -1,9 +1,9 @@
<img width="1012" alt="bbb-docker-banner" src="https://user-images.githubusercontent.com/1273169/141153216-0386cd4e-0aaf-473a-8f42-a048e52ed0d7.png">
# 📦 BigBlueButton 3.0 Docker
# 📦 BigBlueButton 2.5 Docker
Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
Version: 2.5.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
## Features
- Easy installation
@ -13,70 +13,49 @@ Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
- Full IPv6 support
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
## currently missing / broken
- NAT support
- bbb-transcription-controller
- livekit
## What is not implemented yet
- bbb-lti
## Requirements
- 4GB of RAM
- Linux (it will not work under Windows/WSL)
- Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
- Public IPv4 (expect issues with a firewall / NAT)
- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
- git installed
## Install production server
1. Ensure the requirements above are fulfilled (it really doesn't work without them)
2. Install docker-ce & docker-compose-plugin
## Install
1. Install docker-ce & docker-compose
1. follow instructions
* Debian: https://docs.docker.com/engine/install/debian/
* CentOS: https://docs.docker.com/engine/install/centos/
* Fedora: https://docs.docker.com/engine/install/fedora/
* Ubuntu: https://docs.docker.com/engine/install/ubuntu/
2. Ensure docker works with `$ docker run hello-world`
3. Ensure you use a docker version ≥ 23.0 : `$ docker --version`
3. Clone this repository
3. Install docker-compose: https://docs.docker.com/compose/install/
4. Ensure docker-compose works and that you use a version ≥ 1.28 : `$ docker-compose --version`
2. Clone this repository
```sh
$ git clone https://github.com/bigbluebutton/docker.git bbb-docker
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker
$ cd bbb-docker
# optional: use the more stable main branch (often much older)
# use the more stable main branch (sometimes older)
$ git checkout main
```
4. Run setup:
3. Run setup:
```bash
$ ./scripts/setup
```
5. (optional) Make additional configuration adjustments
4. (optional) Make additional configuration adjustments
```bash
$ nano .env
# always recreate the docker-compose.yml file after making any changes
$ ./scripts/generate-compose
```
6. Start containers:
5. Start containers:
```bash
$ docker compose up -d --no-build
$ docker-compose up -d
```
7. If you use greenlight, you can create an admin account with:
6. If you use greenlight, you can create an admin account with:
```bash
$ docker compose exec greenlight bundle exec rake admin:create
$ docker-compose exec greenlight bundle exec rake admin:create
```
## Development setup
1. Clone this repository
```sh
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
```
2. Start dev server
```sh
$ cd bbb-dev
$ ./scripts/dev
```
3. Use API Mate with the link presented in the console to create & join a conference
## Further How-To's
<!-- - [Running behind NAT](docs/behind-nat.md) -->
- [Upgrading](docs/upgrading.md)
- [Running behind NAT](docs/behind-nat.md)
- [BBB-Docker Development](docs/development.md)
- [Integration into an existing web server](docs/existing-web-server.md)

0
.cache/go-build/.gitkeep → conf/dialplan_public/.gitkeep
View File

17
conf/dialplan_public/example.xml Normal file
View File

@ -0,0 +1,17 @@
<!--
<extension name="from_my_provider">
<condition field="destination_number" expression="^EXTERNALDID">
<action application="answer"/>
<action application="sleep" data="500"/>
<action application="play_and_get_digits" data="5 5 3 7000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
<extension name="check_if_conference_active">
<condition field="${conference ${pin} list}" expression="/sofia/g" />
<condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
<action application="set" data="bbb_authorized=true"/>
<action application="transfer" data="${pin} XML default"/>
</condition>
</extension>
-->

0
data/.gitkeep
View File

170
dev.env
View File

@ -1,170 +0,0 @@
# fixed environment for an working dev setup
# enables
# - html5: webpack dev server
# - bbb-grahql-actions: watch & restart
# - bbb-graphql-middleware: building on start
DEV_MODE=true
# accept self signed certificates
IGNORE_TLS_CERT_ERRORS=true
# user and group used for
# this avoid any file permission issues with files
# created inside docker (e.g. node_modules)
BBB_DEV_UID=1000
BBB_DEV_GID=1000
# ====================================
# ADDITIONS to BigBlueButton
# ====================================
# (place a '#' before to disable them)
# HTTPS Proxy
# fully automated Lets Encrypt certificates
ENABLE_HTTPS_PROXY=true
# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers
#RESOLVER_ADDRESS=x.x.x.x
# Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
# Enable Webhooks
# used by some integrations
ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=true
#REMOVE_OLD_RECORDING=false
#RECORDING_MAX_AGE_DAYS=14
# ====================================
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret_SuperRailsSecret
POSTGRESQL_SECRET=SuperPostgresSecret
FSESL_PASSWORD=SuperFreeswitchESLPassword
#TURN_SECRET=
# ====================================
# CONNECTION
# ====================================
DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
EXTERNAL_IPv6=
# STUN SERVER
# stun.freeswitch.org
STUN_IP=147.182.188.245
STUN_PORT=3478
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=0.0.0.0/0
# ====================================
# CUSTOMIZATION
# ====================================
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# language of sound announcements
# options:
# - en-ca-june - EN Canadian June
# - en-us-allison - US English Allison
# - en-us-callie - US English Callie (default)
# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
# - es-ar-mario - Spanish/Argentina Mario
# - fr-ca-june - FR Canadian June
# - pt-br-karina - Brazilian Portuguese Karina
# - ru-RU-elena - RU Russian Elena
# - ru-RU-kirill - RU Russian Kirill
# - ru-RU-vika - RU Russian Viktoriya
# - sv-se-jakob - Swedish (Sweden) Jakob
# - zh-cn-sinmei - Chinese/China Sinmei
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
SOUNDS_LANGUAGE=en-us-callie
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# set to false to disable the learning dashboard
ENABLE_LEARNING_DASHBOARD=true
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
#SMTP_SENDER_EMAIL=
#SMTP_SENDER_NAME=
#SMTP_SERVER=
#SMTP_PORT=
#SMTP_DOMAIN=
#SMTP_USERNAME=
#SMTP_PASSWORD=
#SMTP_AUTH=
#SMTP_STARTTLS_AUTO=true
#SMTP_STARTTLS=false
#SMTP_TLS=false
#SMTP_SSL_VERIFY=true
### EXTERNAL AUTHENTICATION METHODS
#
#OPENID_CONNECT_CLIENT_ID=
#OPENID_CONNECT_CLIENT_SECRET=
#OPENID_CONNECT_ISSUER=
#OPENID_CONNECT_REDIRECT=
# To enable hCaptcha on the user sign up and sign in, define these 2 keys
#HCAPTCHA_SITE_KEY=
#HCAPTCHA_SECRET_KEY=
# Set these if you are using a Simple Storage Service (S3)
# Uncomment S3_ENDPOINT only if you are using a S3 OTHER than Amazon Web Service (AWS) S3.
#S3_ACCESS_KEY_ID=
#S3_SECRET_ACCESS_KEY=
#S3_REGION=
#S3_BUCKET=
#S3_ENDPOINT=
# Define the default locale language code (i.e. 'en' for English) from the fallowing list:
# [en, ar, fr, es]
#DEFAULT_LOCALE=en

507
docker-compose.tmpl.yml
View File

@ -1,76 +1,113 @@
{{/* if you read this, you can ignore the following lines */}}
# auto generated by ./scripts/generate-compose
# auto generated by ./scripts/generate
# don't edit this directly.
{{/* -------- */}}
{{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}}
version: '3.6'
# html5 templates
x-html5-backend: &html5backend
build:
context: mod/html5
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_HTML5: {{ .Env.TAG_HTML5 }}
image: alangecker/bbb-docker-html5:{{ .Env.TAG_HTML5 }}
restart: unless-stopped
depends_on:
- redis
- mongodb
- etherpad
environment: &html5backend-env
DOMAIN: ${DOMAIN}
CLIENT_TITLE: ${CLIENT_TITLE}
LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false}
CHAT_ENABLED: ${CHAT_ENABLED:-true}
CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false}
BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8}
DEV_MODE: ${DEV_MODE:-}
BBB_HTML5_ROLE: backend
x-html5-frontend: &html5frontend
<<: *html5backend
volumes:
- html5-static:/html5-static:rw
environment: &html5frontend-env
<<: *html5backend-env
BBB_HTML5_ROLE: frontend
# =========================
services:
{{ if isTrue .Env.DEV_MODE }}
html5-dev:
build:
context: mod/html5-dev
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
restart: unless-stopped
volumes:
- ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
network_mode: host
{{ end }}
bbb-web:
build:
context: mod/bbb-web
additional_contexts:
- src-web=./repos/bigbluebutton/bigbluebutton-web
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-common-web=./repos/bigbluebutton/bbb-common-web
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB }}
TAG_COMMON_MESSAGE: {{ .Env.TAG_COMMON_MESSAGE }}
TAG_BBB_WEB: {{ .Env.TAG_BBB_WEB }}
image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB_WEB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
- collabora
healthcheck:
test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
start_period: 2m
environment:
IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }}
DEV_MODE: ${DEV_MODE:-}
DOMAIN: ${DOMAIN}
ENABLE_RECORDING: ${ENABLE_RECORDING:-false}
SHARED_SECRET: ${SHARED_SECRET}
WELCOME_MESSAGE: ${WELCOME_MESSAGE:-}
WELCOME_FOOTER: ${WELCOME_FOOTER}
STUN_SERVER: stun:${STUN_IP}:${STUN_PORT}
ENABLE_HTTPS_PROXY: ${ENABLE_HTTPS_PROXY:-false}
TURN_SERVER: ${TURN_SERVER:-}
TURN_SECRET: ${TURN_SECRET:-}
TURN_EXT_SERVER: ${TURN_EXT_SERVER:-}
TURN_EXT_SECRET: ${TURN_EXT_SECRET:-}
ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- bigbluebutton:/var/bigbluebutton
- vol-freeswitch:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.2
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }}
html5-backend-{{ add $i 1 }}:
<<: *html5backend
environment:
<<: *html5backend-env
INSTANCE_ID: {{ add $i 1 }}
PORT: {{ add 4000 $i }}
networks:
bbb-net:
ipv4_address: 10.7.7.{{ add 100 $i }}
{{end}}
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_FRONTEND_NODEJS_PROCESSES) }}
html5-frontend-{{ add $i 1 }}:
<<: *html5frontend
environment:
<<: *html5frontend-env
INSTANCE_ID: {{ add $i 1 }}
PORT: {{ add 4100 $i }}
networks:
bbb-net:
ipv4_address: 10.7.7.{{ add 200 $i }}
{{end}}
freeswitch:
container_name: bbb-freeswitch
build:
context: mod/freeswitch
additional_contexts:
- freeswitch=./repos/freeswitch/
- build-files=./repos/bigbluebutton/build/packages-template/bbb-freeswitch-core/
- fs-config=./repos/bigbluebutton/bbb-voice-conference/config/freeswitch/conf/
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FREESWITCH }}-{{ .Env.TAG_BBB }}
TAG_FS_CONFIG: {{ .Env.TAG_FS_CONFIG }}
image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FS_CONFIG }}
restart: unless-stopped
cap_add:
- IPC_LOCK
@ -88,69 +125,41 @@ services:
DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie}
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
{{ if .Env.SIP_IP_ALLOWLIST }}
ports:
- 5060:5060/udp
{{ end }}
volumes:
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external-dialin
- ./data/freeswitch-meetings:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.10
logging:
# reduce logs to a minimum, so `docker compose logs -f` still works
driver: "local"
options:
max-size: "10k"
max-file: "1"
compress: "false"
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
- ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
- vol-freeswitch:/var/freeswitch/meetings
network_mode: host
nginx:
build:
context: mod/nginx
additional_contexts:
- src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard
- src-playback=./repos/bbb-playback
- src-html5=./repos/bigbluebutton/bigbluebutton-html5
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25
TAG_LEARNING_DASHBOARD: {{ .Env.TAG_LEARNING_DASHBOARD }}
image: alangecker/bbb-docker-nginx:1.23-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_LEARNING_DASHBOARD }}
restart: unless-stopped
depends_on:
- etherpad
- webrtc-sfu
- html5-backend-1
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- bigbluebutton:/var/bigbluebutton
- html5-static:/html5-static:ro
- ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf
{{ if isTrue .Env.DEV_MODE }}
# overwrite html5 config
- ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro
{{ end }}
tmpfs:
- /tmp
network_mode: host
extra_hosts:
- "host.docker.internal:10.7.7.1"
- "bbb-web:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.1"
- "greenlight:10.7.7.21"
- "bbb-graphql-server:10.7.7.31"
- "bbb-graphql-middleware:10.7.7.32"
- "html5:10.7.7.11"
etherpad:
build:
context: mod/etherpad
additional_contexts:
- plugin=./repos/bbb-etherpad-plugin
- skin=./repos/bbb-etherpad-skin
args:
TAG_ETHERPAD: "2.2.7"
image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
build: mod/etherpad
image: alangecker/bbb-docker-etherpad:1.8.18-2
restart: unless-stopped
depends_on:
- redis
- collabora
environment:
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
networks:
@ -158,10 +167,7 @@ services:
ipv4_address: 10.7.7.4
bbb-pads:
build:
context: mod/bbb-pads
additional_contexts:
- src=./repos/bbb-pads
build: mod/bbb-pads
image: alangecker/bbb-docker-pads:{{ .Env.TAG_PADS }}
restart: unless-stopped
depends_on:
@ -173,31 +179,8 @@ services:
bbb-net:
ipv4_address: 10.7.7.18
bbb-export-annotations:
build:
context: mod/bbb-export-annotations
additional_contexts:
src: ./repos/bigbluebutton/bbb-export-annotations
image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
networks:
# need connections to:
# https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json
# "bbbWebAPI": "http://127.0.0.1:8090", -> bbb-web
# "bbbPadsAPI": "http://127.0.0.1:9002", -> bbb-pads
bbb-net:
ipv4_address: 10.7.7.19
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
tmpfs:
- /tmp
redis:
image: redis:7.2-alpine
image: redis:7.0-alpine
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
@ -208,11 +191,34 @@ services:
bbb-net:
ipv4_address: 10.7.7.5
mongodb:
container_name: bbb-mongodb
image: mongo:5.0
restart: unless-stopped
volumes:
- ./mod/mongo/mongod.conf:/etc/mongod.conf
- ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh
tmpfs:
- /data/configdb
- /data/db
command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth
healthcheck:
test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;"
networks:
bbb-net:
ipv4_address: 10.7.7.6
# TODO: remove as soon as not required anymore by webrtc-sfu
kurento:
image: kurento/kurento-media-server:6.17
restart: unless-stopped
network_mode: host
volumes:
- vol-kurento:/var/kurento
webrtc-sfu:
build:
context: mod/webrtc-sfu
additional_contexts:
- source=./repos/bbb-webrtc-sfu
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-webrtc-sfu:{{ .Env.TAG_WEBRTC_SFU }}
@ -221,32 +227,34 @@ services:
- redis
- freeswitch
environment:
CLIENT_HOST: 10.7.7.1
REDIS_HOST: 10.7.7.5
FREESWITCH_IP: 10.7.7.1
FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
ESL_IP: 10.7.7.1
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
{{ if .Env.EXTERNAL_IPv6 }}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"${EXTERNAL_IPv6}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{else}}
# TODO: add mediasoup IPv6
# TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
{{ if .Env.EXTERNAL_IPv6 }}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{else}}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{end}}
{{end}}
MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
volumes:
- ./data/mediasoup:/var/mediasoup
- vol-mediasoup:/var/mediasoup
tmpfs:
- /var/log/bbb-webrtc-sfu
network_mode: host
security_opt:
- seccomp:unconfined # allow io_uring access for mediasoup
ulimits:
memlock: -1 # allow io_uring_register_buffers to allocate enough ram
fsesl-akka:
build:
context: mod/fsesl-akka
additional_contexts:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-fsesl-client=./repos/bigbluebutton/bbb-fsesl-client
- src-fsesl-akka=./repos/bigbluebutton/akka-bbb-fsesl
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_BBB }}
TAG_COMMON_MESSAGE: {{ .Env.TAG_COMMON_MESSAGE }}
TAG_FSESL_AKKA: {{ .Env.TAG_FSESL_AKKA }}
image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_FSESL_AKKA }}
restart: unless-stopped
depends_on:
- redis
@ -260,134 +268,47 @@ services:
apps-akka:
build:
context: mod/apps-akka
additional_contexts:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-apps-akka=./repos/bigbluebutton/akka-bbb-apps
- src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }}
TAG_COMMON_MESSAGE: {{ .Env.TAG_COMMON_MESSAGE }}
TAG_APPS_AKKA: {{ .Env.TAG_APPS_AKKA }}
image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_APPS_AKKA }}
restart: unless-stopped
depends_on:
- redis
- postgres
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
volumes:
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro
- vol-freeswitch:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.15
bbb-graphql-server:
build:
context: mod/bbb-graphql-server
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-server
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
GRAPHQL_ENGINE_TAG: v2.45.0
image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
depends_on:
- postgres
- bbb-web
- apps-akka
- bbb-graphql-actions
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME
networks:
bbb-net:
ipv4_address: 10.7.7.31
bbb-graphql-actions:
build:
context: mod/bbb-graphql-actions
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-actions
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- apps-akka
networks:
bbb-net:
ipv4_address: 10.7.7.30
{{ if isTrue .Env.DEV_MODE }}
volumes:
- ./repos/bigbluebutton/bbb-graphql-actions:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
{{ end }}
bbb-graphql-middleware:
build:
context: mod/bbb-graphql-middleware
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-middleware
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- bbb-graphql-server
- bbb-graphql-actions
- bbb-web
- redis
networks:
bbb-net:
ipv4_address: 10.7.7.32
extra_hosts:
- "nginx:10.7.7.1"
{{ if isTrue .Env.DEV_MODE }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
volumes:
- ./repos/bigbluebutton/bbb-graphql-middleware:/app/:ro
- ./repos/bigbluebutton/bbb-graphql-middleware/config/config.yml:/usr/share/bbb-graphql-middleware/config.yml:ro
- ./mod/bbb-graphql-middleware/config.yml:/etc/bigbluebutton/bbb-graphql-middleware.yml:ro
- ./.cache/go:/gopath:rw
- ./.cache/go-build:/.cache/go-build:rw
{{ end }}
collabora:
image: collabora/code:latest
jodconverter:
build: mod/jodconverter
image: alangecker/bbb-docker-jodconverter:latest
restart: unless-stopped
tmpfs:
- /tmp
deploy:
resources:
limits:
memory: 512M
networks:
bbb-net:
ipv4_address: 10.7.7.20
# disable logging (way to verbose)
logging:
driver: none
periodic:
build: mod/periodic
image: alangecker/bbb-docker-periodic:v3.0.0
image: alangecker/bbb-docker-periodic:v2.5.0
restart: unless-stopped
depends_on:
- mongodb
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/mediasoup:/var/mediasoup
- bigbluebutton:/var/bigbluebutton
- vol-mediasoup:/var/mediasoup
tmpfs:
- /var/log/bigbluebutton
environment:
@ -403,57 +324,33 @@ services:
recordings:
build:
context: mod/recordings
additional_contexts:
- record-core=./repos/bigbluebutton/record-and-playback/core
- presentation=./repos/bigbluebutton/record-and-playback/presentation
- bbb-conf=./repos/bigbluebutton/bigbluebutton-config
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2"
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
TAG_RECORDINGS: {{ .Env.TAG_RECORDINGS }}
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_RECORDINGS }}
restart: unless-stopped
depends_on:
- redis
- bbb-pads
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./data/mediasoup:/var/mediasoup
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
- bigbluebutton:/var/bigbluebutton
- vol-freeswitch:/var/freeswitch/meetings
- vol-mediasoup:/var/mediasoup
- vol-kurento:/var/kurento
tmpfs:
- /var/log/bigbluebutton
- /tmp
networks:
bbb-net:
ipv4_address: 10.7.7.16
bbb-webrtc-recorder:
build:
context: mod/bbb-webrtc-recorder
additional_contexts:
- src=./repos/bbb-webrtc-recorder
image: alangecker/bbb-docker-webrtc-recorder:{{ .Env.TAG_WEBRTC_RECORDER }}
depends_on:
- redis
volumes:
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
# WebRTC connection to bbb-webrtc-sfu seem to
# only to work via the external IP
network_mode: host
extra_hosts:
- "redis:10.7.7.5"
{{end}}
{{ if isTrue .Env.ENABLE_WEBHOOKS }}
# webhooks
webhooks:
build:
context: mod/webhooks
additional_contexts:
- src=./repos/bbb-webhooks
build: mod/webhooks
image: alangecker/bbb-docker-webhooks:{{ .Env.TAG_WEBHOOKS }}
restart: unless-stopped
environment:
@ -467,70 +364,77 @@ services:
{{end}}
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
haproxy:
build: mod/haproxy
image: alangecker/bbb-haproxy:2.8.10
# https
https_proxy:
image: valian/docker-nginx-auto-ssl
restart: unless-stopped
volumes:
- ./data/haproxy/letsencrypt:/etc/letsencrypt
- ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
- ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap
- ssl_data:/etc/resty-auto-ssl
{{ if .Env.EXTERNAL_IPv6 }}
- ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf
{{else}}
- ./mod/https/site-ipv4only.conf:/etc/nginx/conf.d/bbb-docker.conf
{{end}}
environment:
- IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
- CERT1=${DOMAIN}
- EMAIL=${LETSENCRYPT_EMAIL}
{{ if isTrue .Env.DEV_MODE }}
ALLOWED_DOMAINS: ""
{{else}}
ALLOWED_DOMAINS: ${DOMAIN}
{{end}}
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_COTURN }}
# coturn
coturn:
image: coturn/coturn:4.6-alpine
image: coturn/coturn:4.5-alpine
restart: unless-stopped
command:
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}"
- "--allowed-peer-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv6:-::1}"
volumes:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
- ssl_data:/etc/resty-auto-ssl
{{else}}
- ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
- ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
{{end}}
- ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
environment:
ENABLE_HTTPS_PROXY:
user: root
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
image: bigbluebutton/greenlight:v3.5.0
image: bigbluebutton/greenlight:v2
restart: unless-stopped
env_file: .env
depends_on:
- postgres
- redis
environment:
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
REDIS_URL: redis://redis:6379
{{ if $ignore_tls_cert_errors }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
DB_ADAPTER: postgresql
DB_HOST: postgres
DB_NAME: greenlight
DB_USERNAME: postgres
DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
{{ if isTrue .Env.DEV_MODE }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48087/bigbluebutton/api/
{{else}}
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/
{{end}}
BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
SECRET_KEY_BASE: ${RAILS_SECRET}
RELATIVE_URL_ROOT: /
volumes:
- ./data/greenlight:/usr/src/app/storage
networks:
bbb-net:
ipv4_address: 10.7.7.21
{{end}}
ports:
- 10.7.7.1:5000:80
postgres:
image: postgres:16-alpine
image: postgres:12-alpine
restart: unless-stopped
environment:
POSTGRES_MULTIPLE_DATABASES: bbb_graphql,hasura_app,greenlight
POSTGRES_DB: greenlight
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
@ -539,11 +443,8 @@ services:
timeout: 5s
retries: 5
volumes:
- ./data/postgres:/var/lib/postgresql/data
- ./mod/postgres/initdb.sh:/docker-entrypoint-initdb.d/initdb.sh
networks:
bbb-net:
ipv4_address: 10.7.7.22
- ./postgres-data:/var/lib/postgresql/data
{{end}}
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
# prometheus
@ -559,13 +460,19 @@ services:
ipv4_address: 10.7.7.33
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION }}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton:ro
- bigbluebutton:/var/bigbluebutton:ro
{{end}}
{{end}}
# the exporter requires /etc/bigbluebutton/bigbluebutton-release
tmpfs:
- /etc/bigbluebutton:mode=777
entrypoint: sh -c 'echo "BIGBLUEBUTTON_RELEASE=2.7.3" > /etc/bigbluebutton/bigbluebutton-release && python server.py'
volumes:
bigbluebutton:
vol-freeswitch:
vol-kurento:
vol-mediasoup:
html5-static:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
ssl_data:
{{end}}
networks:

78
docs/development.md
View File

@ -1,45 +1,81 @@
# bbb-docker Development
## Basics
normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out
normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out:
```sh
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
$ cd bbb-dev
$ git submodule update --init
```
## Running
you can now run bbb-docker locally by simply starting
you can run bbb-docker locally without any certificate issues with following `.env` configurations:
```sh
$ ./scripts/dev
```
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
#ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_RECORDING=true
DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
TURN_SERVER=turns:localhost:5349?transport=tcp
TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret
# ====================================
# CUSTOMIZATION
# ====================================
[... add rest of sample.env here ...]
```
Use the API Mate with the link presented in the console to create & join a conference.
### Hints
- the html5 component will watch and automatically reload on any changes 🚀
- if you change anything in the other components, you need to
* manually rebuilt it \
`$ docker compose build CONTAINERNAME`
* restart it \
`$ docker compose up -d CONTAINERNAME`
- if you change any variable in .env, always run following to rebuild the `docker-compose.yml``
- regenerate `docker-compose.yml` \
`$ ./scripts/generate-compose`
- build the images \
`$ docker-compose build`
- you can than start it with \
`$ docker-compose up -d`
- view the logs with \
`$ docker compose logs -f`
- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
`$ docker-compose logs -f`
- and access the API via \
https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
* At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
## Notes
- Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode
- Joining a room via Greenlight currently leads to a "401 session not found" error (see https://github.com/alangecker/bigbluebutton-docker/issues/66). Use the API Mate instead
## Changes
- After doing some changes you usually must...
- recreate `docker-compose.yml` \
`$ ./scripts/generate-compose`
* rebuild the image(s): \
`$ docker-compose build [containername]`
* restart changes image(s): \
`$ docker-compose up -d`
## How to do create a new update for a newer BBB release?
This always consists out of following steps
1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \
* main source for that are the release notes in https://github.com/bigbluebutton/bigbluebutton/releases
2. **Apply these changes to this project.**
* Often you only need to checkout the git submodules to the specific release tag
* List of all submodules: `git submodule`
* Often you only need to update the TAGS in `tags.env`
* make sure only to switch to a newer tag if there were changes made avoid creating new (partialy big) images unnecessarily
* Also update submodules to the new state.
* List of all submodules `git submodule`
* for the main submodules you can use `./scripts/checkout-submodules` to checkout the tags specified in `tags.env`
3. Test everything (with firefox **and** chromium/chrome)
* Audio
* Video

1
docs/network-config.md
View File

@ -24,7 +24,6 @@ Services as configured.
| coturn | network_mode: host | |
| greenlight | | | ports: 10.7.7.1:5000:80
| prometheus | bbb-net | 10.7.7.33 |
| bbb-export-annotations | bbb-net | 10.7.7.19 |
```yml
networks:

25
docs/upgrading.md
View File

@ -1,33 +1,22 @@
# How To Upgrade bbb-docker
### Breaking changes `v2.7.x` -> `v3.0.x`
- **A setup behind NAT does currently not work!**
- `LETSENCRYPT_EMAIL` is now required in `.env` when used with the integrated HAProxy
- the greenlight postgres database is now called `greenlight` instead of `greenlight-v3`
### Upgrading `v2.3.x` -> `v2.4.x`
*Breaking change:* The nginx port changes from `8080` to the less common port `48087`, to avoid port conflicts (see [#133](https://github.com/bigbluebutton/docker/issues/133)). If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
apart from that follow the guide below.
### Breaking changes `v2.6.x` -> `v2.7.x`
- We use now Docker Compose V2
* make sure you have docker ≥ 23.0 installed (`$ docker -v`)
* update all usages of `docker-compose` to `docker compose` in your scripts
### Breaking changes `v2.5.x` -> `v2.6.x`
- Greenlight got fully rewritten
* it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
* some greenlight settings under `.env` have changed. compare your version with `sample.env`
* it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
### Backup
### within `v2.4.x` or `v2.3.x`
#### Backup
if you use greenlight, create a database backup first
```bash
docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
```
### Upgrading
#### Upgrading
```bash
# upgrade!
./scripts/upgrade
# restart updated services
docker compose up -d --no-build
docker-compose up -d
```

27
mod/apps-akka/Dockerfile
View File

@ -1,16 +1,20 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
FROM gitlab.senfcall.de:5050/senfcall-public/docker-bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
ARG TAG_COMMON_MESSAGE
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# download bbb-common-message
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& cd /bbb-common-message \
&& ./deploy.sh \
&& rm -rf /bbb-common-message
# ===================================================
ARG TAG_APPS_AKKA
COPY --from=src-apps-akka / /source
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_APPS_AKKA/akka-bbb-apps /source \
&& rm -rf /source/.svn
# compile and unzip bin
RUN cd /source \
@ -19,25 +23,12 @@ RUN cd /source \
# ===================================================
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
COPY --from=src-config /settings.yml /settings.yml
ARG TAG_BBB
RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml
RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml
# ===================================================
FROM alangecker/bbb-docker-base-java
COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka
COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl
COPY logback.xml /bbb-apps-akka/conf/logback.xml
COPY entrypoint.sh /entrypoint.sh
COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml
USER bigbluebutton
ENTRYPOINT /entrypoint.sh

11
mod/apps-akka/bbb-apps-akka.conf
View File

@ -8,18 +8,7 @@ redis {
services {
bbbWebAPI="https://DOMAIN/bigbluebutton/api"
sharedSecret="SHARED_SECRET"
graphqlMiddlewareAPI = "http://10.7.7.32:8378"
}
http {
interface = "0.0.0.0"
}
postgres {
properties = {
serverName = "postgres"
portNumber = "5432"
databaseName = "bbb_graphql"
user = "postgres"
password = "POSTGRES_PASSWORD"
}
}

8
mod/apps-akka/entrypoint.sh
View File

@ -1,17 +1,9 @@
#!/bin/sh -e
# bbb-apps-akka.conf
TARGET=/etc/bigbluebutton/bbb-apps-akka.conf
cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET
sed -i "s/DOMAIN/$DOMAIN/" $TARGET
sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET
sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET
# settings.yml
TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml
yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET
yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET
cd /bbb-apps-akka
/bbb-apps-akka/bin/bbb-apps-akka

4
mod/apps-akka/logback.xml
View File

@ -9,10 +9,8 @@
<logger name="akka" level="INFO" />
<logger name="org.bigbluebutton" level="DEBUG" />
<logger name="io.lettuce" level="INFO" />
<logger name="slick" level="INFO" />
<root level="INFO">
<root level="DEBUG">
<appender-ref ref="STDOUT"/>
</root>
</configuration>

4
mod/base-java/Dockerfile
View File

@ -1,4 +1,4 @@
FROM eclipse-temurin:17-jre-jammy
FROM openjdk:11-jre-slim-bullseye
RUN apt-get update && apt-get install -y \
wget unzip gosu locales \
@ -16,7 +16,7 @@ RUN groupadd -g 998 bigbluebutton \
&& chown bigbluebutton:bigbluebutton /etc/bigbluebutton
# add dockerize
ENV DOCKERIZE_VERSION v0.7.0
ENV DOCKERIZE_VERSION v0.6.1
RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz

23
mod/bbb-export-annotations/Dockerfile
View File

@ -1,23 +0,0 @@
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-export-annotations
RUN cd /bbb-export-annotations && npm ci && npm install
# --------------------
FROM node:22-bookworm-slim
RUN groupadd -g 998 bigbluebutton \
&& useradd -m -u 998 -g bigbluebutton bigbluebutton
RUN apt update && apt install -y \
nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils
COPY --from=builder /bbb-export-annotations /bbb-export-annotations
COPY ./config/settings.json /bbb-export-annotations/config/settings.json
USER bigbluebutton
WORKDIR /bbb-export-annotations
ENV NODE_ENV=production
ENTRYPOINT npm start

40
mod/bbb-export-annotations/config/settings.json
View File

@ -1,40 +0,0 @@
{
"log": {
"level": "info",
"msgName": "PresAnnStatusMsg"
},
"shared": {
"presAnnDropboxDir": "/tmp/pres-ann-dropbox",
"cairosvg": "/usr/bin/cairosvg",
"ghostscript": "/usr/bin/gs"
},
"process": {
"maxImageWidth": 1440,
"maxImageHeight": 1080,
"pointsPerInch": 72,
"pixelsPerInch": 96,
"cairoSVGUnsafeFlag": false
},
"notifier": {
"pod_id": "DEFAULT_PRESENTATION_POD",
"is_downloadable": "false",
"msgName": "NewPresFileAvailableMsg"
},
"bbbWebAPI": "http://bbb-web:8090",
"bbbPadsAPI": "http://bbb-pads:9002",
"redis": {
"host": "redis",
"port": 6379,
"password": null,
"channels": {
"queue": "exportJobs",
"publish": "to-akka-apps-redis-channel"
}
},
"fonts": {
"draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
"sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
"serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
"mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
}
}

34
mod/bbb-graphql-actions/Dockerfile
View File

@ -1,34 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src ./ /src
RUN cd /src && \
npm ci --no-progress && \
npm run build
# delete node_modules (it should create a fresh one inside /src/dist/)
RUN rm -rf /src/node_modules
RUN cd /src/dist && \
mv index.js bbb-graphql-actions.js && \
cp ../package.json ../package-lock.json . && \
npm ci --no-progress --omit=dev
# ------------------------------
FROM node:22-bookworm-slim
RUN groupadd -g 2062 app \
&& useradd -m -u 2063 -g app app
USER app
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
ENV NODE_ENV=production
COPY --from=builder /src/dist /app
CMD [ "node", "/app/bbb-graphql-actions.js" ]

16
mod/bbb-graphql-actions/Dockerfile.dev
View File

@ -1,16 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN apt-get update && apt-get install -y gosu
# allow any user to use node in /root/.nvm
RUN chmod 755 /root
COPY dev-entrypoint.sh /dev-entrypoint.sh
ENTRYPOINT [ "/dev-entrypoint.sh" ]
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
CMD [ "npm install && npm start" ]

12
mod/bbb-graphql-actions/dev-entrypoint.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# get owner of /app
OWNER="$(stat -c '%u' "/app")"
GROUP="$(stat -c '%g' "/app")"
useradd --home-dir /tmp -u $OWNER user || /bin/true
# run with same user to avoid any issues
# with file permissions
. /root/.nvm/nvm.sh
gosu $OWNER:$GROUP bash -c "$@"

12
mod/bbb-graphql-middleware/Dockerfile
View File

@ -1,12 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src / /src/
RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go
# ------------------------------
FROM alpine
COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware
COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml
COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml
CMD [ "/app/bbb-graphql-middleware" ]

8
mod/bbb-graphql-middleware/Dockerfile.dev
View File

@ -1,8 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
WORKDIR /app
ENV GOPATH /gopath
CMD ["go", "run", "cmd/bbb-graphql-middleware/main.go", "--signal", "SIGTERM"]

15
mod/bbb-graphql-middleware/config.yml
View File

@ -1,15 +0,0 @@
server:
listen_host: 0.0.0.0
listen_port: 8378
redis:
host: redis
port: 6379
password: ""
hasura:
url: ws://nginx:8185/v1/graphql
graphql-actions:
url: http://bbb-graphql-actions:8093
auth_hook:
url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization
session_vars_hook:
url: http://apps-akka:8901/userInfo

25
mod/bbb-graphql-server/Dockerfile
View File

@ -1,25 +0,0 @@
ARG BBB_BUILD_TAG
ARG GRAPHQL_ENGINE_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
# ----------------------------
FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG
# install netstat, required for start script
RUN apt-get update && apt-get install -y net-tools gosu
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura
COPY --from=src /bbb_schema.sql /app/
COPY --from=src /metadata /app/metadata
COPY config.yaml /app/config.yaml
COPY entrypoint.sh /entrypoint.sh
COPY start.sh /app/start.sh
ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "/app/start.sh" ]

7
mod/bbb-graphql-server/config.yaml
View File

@ -1,7 +0,0 @@
version: 3
endpoint: http://localhost:8085
admin_secret: bigbluebutton
metadata_directory: metadata
actions:
kind: synchronous
handler_webhook_baseurl: http://localhost:3000

27
mod/bbb-graphql-server/entrypoint.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
# for psql
export PGHOST=postgres
export PGUSER="${POSTGRES_USER}"
export PGPASSWORD="${POSTGRES_PASSWORD}"
# for hasura
export HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_LOG_LEVEL=warn
export HASURA_GRAPHQL_ENABLE_CONSOLE=false
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_SERVER_PORT=8085
export HASURA_GRAPHQL_ENABLE_TELEMETRY=false
export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10
export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo
export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093
export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql
exec $@

39
mod/bbb-graphql-server/start.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
set -e
cd /app/
# patch database url
# TODO: this should be possible upstream in BBB via an environment variable
yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml
sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml
echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql
echo "Restarting database bbb_graphql"
psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'" > /dev/null
psql -c "drop database if exists bbb_graphql with (force)"
psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
psql -c "alter database bbb_graphql set timezone to 'UTC'"
echo "Creating tables in bbb_graphql"
psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on
echo "Starting hasura-graphql-engine"
gosu nobody graphql-engine serve &
PID=$!
sleep 1
#Check if Hasura is ready before applying metadata
while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do
echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..."
sleep 1
done
echo "Applying new metadata to Hasura"
/usr/local/bin/hasura metadata apply --skip-update-check
wait "$PID"

8
mod/bbb-pads/Dockerfile
View File

@ -1,16 +1,16 @@
FROM node:22-bookworm-slim AS builder
FROM node:14.19.1-bullseye-slim AS builder
COPY --from=src / /bbb-pads
COPY ./bbb-pads /bbb-pads
RUN cd /bbb-pads && rm -r .git && npm install --production
RUN chmod 777 /bbb-pads/config
# ------------------------------
FROM node:22-bookworm-slim
FROM node:14.19.1-bullseye-slim
RUN apt update && apt install -y jq moreutils \
&& useradd --uid 2003 --create-home --user-group bbb-pads
&& useradd --uid 2003 --user-group bbb-pads
COPY --from=builder /bbb-pads /bbb-pads
USER bbb-pads

1
mod/bbb-pads/bbb-pads Submodule

Submodule mod/bbb-pads/bbb-pads added at 64b993ce8e

32
mod/bbb-web/Dockerfile
View File

@ -1,19 +1,29 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
FROM gitlab.senfcall.de:5050/senfcall-public/docker-bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
ARG TAG_COMMON_MESSAGE
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# download bbb-common-message
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& cd /bbb-common-message \
&& ./deploy.sh \
&& rm -rf /bbb-common-message
# ===================================================
ARG TAG_BBB_WEB
COPY --from=src-common-web / /bbb-common-web
# build bbb-common-web
RUN cd /bbb-common-web && ./deploy.sh
# download bbb-common-web
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_BBB_WEB/bbb-common-web /bbb-common-web \
&& rm -rf /bbb-common-message/.svn
COPY --from=src-web / /bbb-web
# compile bbb-common-web
RUN cd /bbb-common-web \
&& ./deploy.sh
# download bbb-web
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_BBB_WEB/bigbluebutton-web /bbb-web \
&& rm -rf /bbb-web/.svn
# compile bbb-web
RUN cd /bbb-web && grails assemble
@ -28,7 +38,7 @@ RUN unzip -q /bbb-web/build/libs/bigbluebutton-0.10.0.war -d /dist
# ===================================================
FROM alangecker/bbb-docker-base-java
# add blank presentation files and allow conversion to pdf/svg
# add blank presentation files and allow conversation to pdf/svg
RUN mkdir -p /usr/share/bigbluebutton/blank \
&& cd /usr/share/bigbluebutton/blank \
&& wget \
@ -47,10 +57,12 @@ COPY --from=builder /dist /usr/share/bbb-web
COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib
COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh
COPY mocked-ps /usr/bin/ps
# add entrypoint and templates
COPY entrypoint.sh /entrypoint.sh
COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl
COPY turn-stun-servers.xml /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl
COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml
COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh

10
mod/bbb-web/bbb-web.properties
View File

@ -13,14 +13,10 @@ securitySalt={{ .Env.SHARED_SECRET }}
redisHost=redis
{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }}
beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
# fetch presentations without HTTPS
presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
{{ if isTrue .Env.DEV_MODE }}
beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
defaultNumDigitsForTelVoice=9
learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}

14
mod/bbb-web/entrypoint.sh
View File

@ -2,30 +2,28 @@
set -e
# create recording directory structure if it doesn't exist yet
mkdir -p /var/bigbluebutton/recording/status
mkdir -p /var/bigbluebutton/events
mkdir -p /var/bigbluebutton/recording
mkdir -p /var/bigbluebutton/recording/raw
mkdir -p /var/bigbluebutton/recording/process
mkdir -p /var/bigbluebutton/recording/publish
mkdir -p /var/bigbluebutton/recording/status/recorded
mkdir -p /var/bigbluebutton/recording/status/archived
mkdir -p /var/bigbluebutton/recording/status/processed
mkdir -p /var/bigbluebutton/recording/status/ended
mkdir -p /var/bigbluebutton/recording/status/sanity
mkdir -p /var/bigbluebutton/recording/status/ended
mkdir -p /var/bigbluebutton/recording/status/published
mkdir -p /var/bigbluebutton/captions
mkdir -p /var/bigbluebutton/captions/inbox
mkdir -p /var/bigbluebutton/published
mkdir -p /var/bigbluebutton/published/notes
mkdir -p /var/bigbluebutton/deleted
mkdir -p /var/bigbluebutton/unpublished
mkdir -p /var/bigbluebutton/basic_stats
chown -R bigbluebutton:bigbluebutton /var/bigbluebutton
echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES
cd /usr/share/bbb-web/
dockerize \
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
-template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \
gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher
-template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \
gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher

2
mod/bbb-web/logback.xml
View File

@ -22,7 +22,7 @@
<logger name="org.grails.commons" level="ERROR" />
<logger name="org.springframework" level="ERROR" />
<root level="WARN">
<root level="ERROR">
<appender-ref ref="STDOUT" />
</root>
</configuration>

8
mod/bbb-web/mocked-ps Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
echo "(mocked-ps for HTML5LoadBalancingService.java)"
# fake random process load to distribute meetings equally
for i in `seq $(cat /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES)`; do
randomLoad=$(echo $(( $RANDOM % 100 )))
echo " $randomLoad.1 /usr/share/node-v12.16.1-linux-x64/bin/node main.js NODEJS_BACKEND_INSTANCE_ID=$i"
done

22
mod/bbb-web/office-convert.sh
View File

@ -7,8 +7,6 @@ PATH="/bin/:/usr/bin/"
# Param 1: Input office file path (e.g. "/tmp/test.odt")
# Param 2: Output pdf file path (e.g. "/tmp/test.pdf")
# Param 3: Destination Format (pdf default)
# Param 4: Timeout (secs) (optional)
if (( $# == 0 )); then
echo "Missing parameter 1 (Input office file path)";
exit 1
@ -18,19 +16,15 @@ elif (( $# == 1 )); then
fi;
source="$1"
dest="$2"
source="${1}"
dest="${2}"
# If output format is missing, define PDF
#If output format is missing, define PDF
convertTo="${3:-pdf}"
# If timeout is missing, define 60
timeoutSecs="${4:-60}"
# Truncate timeout to max 3 digits (as expected by sudoers)
timeoutSecs="${timeoutSecs:0:3}"
curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \
-H "accept: application/octet-stream" \
-H "Content-Type: multipart/form-data" \
-F "data=@${source}" > "${dest}"
# The timeout is important.
timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
exit 0
exit 0

32
mod/bbb-web/turn-stun-servers.xml
View File

@ -8,26 +8,10 @@
<constructor-arg index="0" value="{{ .Env.STUN_SERVER }}"/>
</bean>
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turn:{{ .Env.DOMAIN }}:3478"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
{{/* ignore when using a self signed certificate in dev mode */}}
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turns:{{ .Env.DOMAIN }}:443?transport=tcp"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<bean id="turn2" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_EXT_SECRET }}"/>
<constructor-arg index="1" value="{{ .Env.TURN_EXT_SERVER }}"/>
{{if .Env.TURN_SERVER }}
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="{{ .Env.TURN_SERVER }}"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
@ -40,14 +24,8 @@
</property>
<property name="turnServers">
<set>
{{if .Env.TURN_SERVER }}
<ref bean="turn0" />
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
<ref bean="turn1" />
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<ref bean="turn2" />
{{end}}
</set>
</property>

40
mod/bbb-webrtc-recorder/Dockerfile
View File

@ -1,40 +0,0 @@
# Build stage
FROM golang:1.23 as builder
ARG APP_VERSION=devel
ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder
WORKDIR /app
COPY --from=src go.* ./
RUN go mod tidy
COPY --from=src . ./
RUN APP_VERSION=$(cat ./VERSION | sed 's/ /-/g') \
go build -o ./build/bbb-webrtc-recorder \
-ldflags="-X '$GOMOD/internal.AppVersion=v${APP_VERSION1}'" \
./cmd/bbb-webrtc-recorder
RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
# Running stage
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y gosu
# use same UID as in the recordings container
RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
# config
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_ADDRESS=redis:6379
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_NETWORK=tcp
ENV BBBRECORDER_DEBUG=true
# Copy the binary to the production image from the builder stage.
COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
COPY --from=builder /app/config/bbb-webrtc-recorder.yml /etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml
CMD ["/bin/sh", "-c", "chown -R bigbluebutton:bigbluebutton /var/lib/bbb-webrtc-recorder && gosu bigbluebutton /usr/bin/bbb-webrtc-recorder"]

31
mod/coturn/entrypoint.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
set -e
apk add jq su-exec
if [ "$ENABLE_HTTPS_PROXY" == true ]; then
while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
do
echo "ERROR: certificate doesn't exist yet."
echo "Certificate gets create on the first request to the HTTPS proxy."
echo "We will try again..."
sleep 10
done
# extract cert
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
fi
if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
echo "ERROR: certificate not found, but coturn relies on it."
echo "Use either auto HTTPS proxy or"
echo "provide path to certificates in .env file"
exit 1
fi
# If command starts with an option, prepend with turnserver binary.
if [ "${1:0:1}" == '-' ]; then
set -- turnserver "$@"
fi
su-exec nobody $(eval "echo $@")

75
mod/coturn/turnserver.conf
View File

@ -1,28 +1,73 @@
# Example coturn configuration for BigBlueButton
# These are the two network ports used by the TURN server which the client
# may connect to. We enable the standard unencrypted port 3478 for STUN,
listening-port=3478
# listening-ip=${INTERNAL_IP:-$IP}
# relay-ip=${INTERNAL_IP:-$IP}
# and since TLS over SMTP port (465) is now blocked by major browser vendors,
# we reverted to the most common coturn TLS port 5349, which has limitations
# in restrictive firewall environments. For maximum client support run
# coturn on a dedicated host on port 443.
tls-listening-port=5349
min-port=32769
max-port=65535
# verbose
# If the server has multiple IP addresses, you may wish to limit which
# addresses coturn is using. Do that by setting this option (it can be
# specified multiple times). The default is to listen on all addresses.
# You do not normally need to set this option.
#listening-ip=172.17.19.101
# If the server is behind NAT, you need to specify the external IP address.
# If there is only one external address, specify it like this:
#external-ip=172.17.19.120
# If you have multiple external addresses, you have to specify which
# internal address each corresponds to, like this. The first address is the
# external ip, and the second address is the corresponding internal IP.
#external-ip=172.17.19.131/10.0.0.11
#external-ip=172.17.18.132/10.0.0.12
# Fingerprints in TURN messages are required for WebRTC
fingerprint
# The long-term credential mechanism is required for WebRTC
lt-cred-mech
# Configure coturn to use the "TURN REST API" method for validating time-
# limited credentials. BigBlueButton will generate credentials in this
# format. Note that the static-auth-secret value specified here must match
# the configuration in BigBlueButton's turn-stun-servers.xml
# You can generate a new random value by running the command:
# openssl rand -hex 16
use-auth-secret
realm=bbb-docker
# static-auth-secret=<random value>
keep-address-family
# If the realm value is unspecified, it defaults to the TURN server hostname.
# You probably want to configure it to a domain name that you control to
# improve log output. There is no functional impact.
realm=example.com
no-cli
# Configure TLS support.
# Adjust these paths to match the locations of your certificate files
cert=/tmp/cert.pem
pkey=/tmp/key.pem
# Limit the allowed ciphers to improve security
# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
# Enable longer DH TLS key to improve security
dh2066
# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
# older protocols
no-tlsv1
no-tlsv1_1
# Block connections to IP ranges which shouldn't be reachable
no-loopback-peers
no-multicast-peers
# To enable single filename logs you need to enable the simple-log flag
syslog
#verbose
# we only need to allow peer connections from the machine itself (from mediasoup or freeswitch).
denied-peer-ip=0.0.0.0-255.255.255.255
denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
keep-address-family

25
mod/etherpad/Dockerfile
View File

@ -1,27 +1,26 @@
ARG TAG_ETHERPAD
FROM etherpad/etherpad:$TAG_ETHERPAD
FROM etherpad/etherpad:1.8.18
USER root
RUN apk add git curl
RUN apt-get update \
&& apt-get install -y git curl
USER etherpad
RUN pnpm run plugins i \
ep_disable_chat@0.0.10 \
RUN npm install \
ep_cursortrace@3.1.16 \
git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
git+https://github.com/mconf/ep_redis_publisher.git#a30a48e4bc1e501b5b102884b9a0b26c30798484 \
ep_disable_chat@0.0.8 \
ep_auth_session@1.1.1 \
--github \
mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \
mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694
# remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches
&& rm package-lock.json
# add skin from git submodule
COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
COPY --chown=etherpad:0 ./bbb-etherpad-skin /opt/etherpad-lite/src/static/skins/bigbluebutton
# add plugin from git submodule
COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches
RUN pnpm run plugins i --path /ep_bigbluebutton_patches
COPY --chown=etherpad:0 ./bbb-etherpad-plugin /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
COPY settings.json /opt/etherpad-lite/settings.json
COPY etherpad-export.sh /etherpad-export.sh

1
mod/etherpad/bbb-etherpad-plugin Submodule

Submodule mod/etherpad/bbb-etherpad-plugin added at 068ded5733

0
repos/bbb-etherpad-skin → mod/etherpad/bbb-etherpad-skin
View File

6
mod/etherpad/entrypoint.sh
View File

@ -1,3 +1,5 @@
#!/bin/sh
#!/bin/bash
echo $ETHERPAD_API_KEY > /tmp/apikey
pnpm run prod --apikey /tmp/apikey
export NODE_ENV=production
node /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js --apikey /tmp/apikey

7
mod/etherpad/etherpad-export.sh
View File

@ -1,9 +1,12 @@
#!/bin/sh
#!/bin/bash
src="$8"
dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')"
convertTo="$7"
curl -v -F "data=@${src}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \
-H "accept: application/octet-stream" \
-H "Content-Type: multipart/form-data" \
-F "data=@$src" > $dest
exit 0

166
mod/etherpad/settings.json
View File

@ -89,7 +89,7 @@
*
* "defaultPadText" : "${DEFAULT_PAD_TEXT}Line 1\nLine 2"
*/
{
{
/*
* Name your instance!
*/
@ -140,7 +140,7 @@
* "full-width-editor" variant (by default editor is rendered as a page, with
* a max-width of 900px).
*/
"skinVariants": "",
"skinVariants": "super-light-toolbar super-light-editor light-background",
/*
* IP and port which Etherpad should bind at.
@ -162,14 +162,6 @@
*/
"showSettingsInAdminPage": true,
/*
* Settings for cleanup of pads
*/
"cleanup": {
"enabled": false,
"keepRevisions": 5
},
/*
* Node native SSL support
*
@ -206,7 +198,8 @@
"dbType": "redis",
"dbSettings": {
"url": "redis://redis:6379"
"host": "redis",
"port": 6379
},
/*
@ -227,10 +220,9 @@
*/
/*
* The default text of a pad: A zero-width-space is used to work around an issue with Etherpad 1.9.1 where empty pads are not being created.
* See: https://github.com/ether/etherpad-lite/issues/5787
*/
"defaultPadText" : "\u200b",
* The default text of a pad
*/
"defaultPadText" : "",
/*
* Default Pad behavior.
@ -279,14 +271,6 @@
"pageDown": true
},
/*
* Enables the use of a different server. We have a different one that syncs changes from the original server.
* It is hosted on GitHub and should not be blocked by many firewalls.
* https://etherpad.org/ep_infos
*/
"updateServer": "https://etherpad.org/ep_infos",
/*
* Should we suppress errors from being visible in the default Pad Text?
*/
@ -339,6 +323,14 @@
*/
"soffice": "/etherpad-export.sh",
/*
* Path to the Tidy executable.
*
* Tidy is used to improve the quality of exported pads.
* Setting it to null disables Tidy.
*/
"tidyHtml": null,
/*
* Allow import of file types other than the supported ones:
* txt, doc, docx, rtf, odt, html & htm
@ -372,22 +364,6 @@
* Settings controlling the session cookie issued by Etherpad.
*/
"cookie": {
/*
* How often (in milliseconds) the key used to sign the express_sid cookie
* should be rotated. Long rotation intervals reduce signature verification
* overhead (because there are fewer historical keys to check) and database
* load (fewer historical keys to store, and less frequent queries to
* get/update the keys). Short rotation intervals are slightly more secure.
*
* Multiple Etherpad processes sharing the same database (table) is
* supported as long as the clock sync error is significantly less than this
* value.
*
* Key rotation can be disabled (not recommended) by setting this to 0 or
* null, or by disabling session expiration (see sessionLifetime).
*/
"keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* Value of the SameSite cookie property. "Lax" is recommended unless
* Etherpad will be embedded in an iframe from another site, in which case
@ -399,51 +375,7 @@
* significant usability drawbacks vs. "Lax". See
* https://stackoverflow.com/q/41841880 for discussion.
*/
"sameSite": "None",
/*
* How long (in milliseconds) after navigating away from Etherpad before the
* user is required to log in again. (The express_sid cookie is set to
* expire at time now + sessionLifetime when first created, and its
* expiration time is periodically refreshed to a new now + sessionLifetime
* value.) If requireAuthentication is false then this value does not really
* matter.
*
* The "best" value depends on your users' usage patterns and the amount of
* convenience you desire. A long lifetime is more convenient (users won't
* have to log back in as often) but has some drawbacks:
* - It increases the amount of state kept in the database.
* - It might weaken security somewhat: The cookie expiration is refreshed
* indefinitely without consulting authentication or authorization
* hooks, so once a user has accessed a pad, the user can continue to
* use the pad until the user leaves for longer than sessionLifetime.
* - More historical keys (sessionLifetime / keyRotationInterval) must be
* checked when verifying signatures.
*
* Session lifetime can be set to infinity (not recommended) by setting this
* to null or 0. Note that if the session does not expire, most browsers
* will delete the cookie when the browser exits, but a session record is
* kept in the database forever.
*/
"sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* How long (in milliseconds) before the expiration time of an active user's
* session is refreshed (to now + sessionLifetime). This setting affects the
* following:
* - How often a new session expiration time will be written to the
* database.
* - How often each user's browser will ping the Etherpad server to
* refresh the expiration time of the session cookie.
*
* High values reduce the load on the database and the load from browsers,
* but can shorten the effective session lifetime if Etherpad is restarted
* or the user navigates away.
*
* Automatic session refreshes can be disabled (not recommended) by setting
* this to null.
*/
"sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
"sameSite": "None"
},
/*
@ -543,7 +475,7 @@
/*
* Restrict socket.io transport methods
*/
"socketTransportProtocols" : ["websocket", "polling"],
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
"socketIo": {
/*
@ -553,7 +485,7 @@
* value to work properly, but increasing the value increases susceptibility
* to denial of service attacks (malicious clients can exhaust memory).
*/
"maxHttpBufferSize": 50000
"maxHttpBufferSize": 10000
},
/*
@ -607,7 +539,7 @@
"windowMs": 90000,
// maximum number of requests per IP to allow during the rate limit window
"max": 32
"max": 10
},
/*
@ -618,13 +550,6 @@
*/
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
/*
The authentication method used by the server.
The default value is sso
If you want to use the old authentication system, change this to apikey
*/
"authenticationMethod": "apikey",
/*
* From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
*
@ -641,6 +566,7 @@
"points": 100
},
/*
* Toolbar buttons configuration.
*
@ -670,54 +596,12 @@
*/
"loglevel": "INFO",
/*
* The log layout type to use.
*
* Valid values: basic, colored
*/
"logLayoutType": "colored",
/* Override any strings found in locale directories */
"customLocaleStrings": {
"de": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export zu verschiedenen Dateiformaten"
},
"en-gb": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export to different file formats"
},
"en": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export to different file formats"
},
"es": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar a diferentes formatos de archivos"
},
"fr": {
"pad.importExport.import_export": "Exporter",
"pad.toolbar.import_export.title": "Exporter vers un format de fichier différent"
},
"it": {
"pad.importExport.import_export": "Esportazione",
"pad.toolbar.import_export.title": "Esporta a diversi formati di file"
},
"pt-br": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar para diferentes formatos de arquivo"
},
"pt": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar para diferentes formatos de ficheiro"
}
},
"customLocaleStrings": {},
/* Disable Admin UI tests */
"enableAdminUITests": false,
"enableAdminUITests": false
}
/*
* Enable/Disable case-insensitive pad names.
*/
"lowerCasePadIds": false
}

117
mod/freeswitch/Dockerfile
View File

@ -1,71 +1,66 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
FROM debian:bullseye-slim
COPY --from=freeswitch / /build/freeswitch
# install most recent git version for proper sparse-checkout support
# https://stackoverflow.com/questions/72223738/failed-to-initialize-sparse-checkout
RUN echo 'deb https://ppa.launchpadcontent.net/git-core/ppa/ubuntu focal main' > /etc/apt/sources.list.d/git-core-ppa.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A1715D88E1DF1F24 && \
apt-get update && \
apt-get install -y git
# get build files for bbb-freeswitch (build/packages-template/bbb-freeswitch-core/)
COPY --from=build-files / /build/
# mock files expected by build.sh
RUN mkdir -p /build/bbb-voice-conference/config/freeswitch/conf/ && \
touch \
/build/opts-build.sh \
/build/freeswitch.service.build \
/build/bbb-voice-conference/config/freeswitch/conf/a \
&& \
echo "" > /usr/local/bin/fpm
# build freeswitch
RUN cd /build && ./build.sh
# add english sounds
RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \
wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \
tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \
wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
unzip mute-and-unmute-sounds-master.zip && \
cd mute-and-unmute-sounds-master/sounds && \
find . -name "*.wav" -exec /bin/bash -c "sox -v 0.3 {} /tmp/tmp.wav; cp /tmp/tmp.wav /build/staging/opt/freeswitch/share/freeswitch/sounds/en/us/callie/conference/{}" \;
# add bigblugbutton config
ARG TAG_FS_CONFIG
COPY --from=fs-config / /build/staging/opt/freeswitch/etc/freeswitch/
# ===============================================
# we are using ubuntu here, because libjpeg8 is required, but not available in debian
FROM ubuntu:22.04
# install dependencies
RUN apt-get update && \
apt-get install -y \
xmlstarlet wget iptables curl \
libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns3 libedit2 libtiff5 libpng16-16 libsqlite3-0 \
&& \
# install libopusenc0
wget -O /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb2_amd64.deb \
&& dpkg -i /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb \
&& rm /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb
apt-get install -y --no-install-recommends \
subversion curl wget ca-certificates gnupg gnupg2 lsb-release unzip
# add dockerize
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
# copy over built freeswitch & config
COPY --from=builder /build/staging/opt /opt
COPY --from=builder /build/staging/etc /etc
RUN ldconfig && \
ln -s /opt/freeswitch/conf /etc/freeswitch && \
groupadd freeswitch && \
useradd --home-dir /opt/freeswitch --shell /usr/sbin/nologin -g freeswitch freeswitch
# install freeswitch
RUN wget -q -O /usr/share/keyrings/freeswitch-archive-keyring.gpg https://freeswitch-mirror.chandi.it/repo/deb/debian-release/signalwire-freeswitch-repo.gpg && \
echo 'deb [signed-by=/usr/share/keyrings/freeswitch-archive-keyring.gpg] http://freeswitch-mirror.chandi.it/repo/deb/debian-release/ bullseye main' > /etc/apt/sources.list.d/freeswitch.list && \
apt-get update && \
apt-get install -y \
freeswitch \
freeswitch-mod-commands \
freeswitch-mod-conference \
freeswitch-mod-console \
freeswitch-mod-dialplan-xml \
freeswitch-mod-dptools \
freeswitch-mod-event-socket \
freeswitch-mod-native-file \
freeswitch-mod-opusfile \
freeswitch-mod-opus \
freeswitch-mod-sndfile \
freeswitch-mod-spandsp \
freeswitch-mod-sofia \
freeswitch-sounds-en-us-callie \
iptables
COPY ./entrypoint.sh /entrypoint.sh
# replace mute & unmute sounds
RUN wget -q https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
unzip mute-and-unmute-sounds-master.zip && \
cd mute-and-unmute-sounds-master/sounds/ && \
find . -name "*.wav" -exec /bin/bash -c "echo {};sox -v 0.3 {} /tmp/tmp.wav; mv /tmp/tmp.wav /usr/share/freeswitch/sounds/en/us/callie/conference/{}" \; && \
cd ../.. && \
rm -r mute-and-unmute-sounds-master mute-and-unmute-sounds-master.zip
# -- get official bbb freeswitch config
# we use svn for retrieving the files since the repo is quite large,
# git sparse-checkout is not yet available with buster and there
# is no other sane way of downloading a single directory via git
ARG TAG_FS_CONFIG
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FS_CONFIG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \
&& rm -rf /etc/freeswitch/.svn
# the current available freeswitch-mod-opusfile is broken,
# it can't write any .opus files. The fix provided in
# https://github.com/signalwire/freeswitch/pull/719/files
# is not sufficient as the module still comes without opus
# write support, so we rather switch to the binary built
# by bigbluebutton and add its dependencies
RUN wget -O /usr/lib/freeswitch/mod/mod_opusfile.so https://github.com/bbb-pkg/bbb-freeswitch-core/raw/43f3a47af1fcf5ea559e16bb28b900c925a7f2c3/opt/freeswitch/lib/freeswitch/mod/mod_opusfile.so \
&& wget -O /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb1_amd64.deb \
&& dpkg -i /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb \
&& rm /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb
# add modifications
COPY ./conf /etc/freeswitch/
COPY ./entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

49
mod/freeswitch/conf/autoload_configs/acl.conf.xml Normal file
View File

@ -0,0 +1,49 @@
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<!--
These ACL's are automatically created on startup.
rfc1918.auto - RFC1918 Space
nat.auto - RFC1918 Excluding your local lan.
localnet.auto - ACL for your local lan.
loopback.auto - ACL for your local lan.
-->
<list name="lan" default="allow">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.130.218.147/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
</list>
<!--
custom "loopback" so that traffic from docker
containers is also considered as local
-->
<list name="loopback.custom" default="deny">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
<node type="allow" cidr="172.16.0.0/12" />
<node type="allow" cidr="$${external_ip_v4}/32"/>
</list>
<list name="deny_private_v6" default="allow">
<node type="deny" cidr="0.0.0.0/0"/>
<node type="deny" cidr="fe80::/10"/>
<node type="deny" cidr="fc00::/7"/>
</list>
<!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
-->
<list name="domains" default="allow">
<!-- domain= is special it scans the domain from the directory to build the ACL -->
<node type="allow" domain="$${domain}"/>
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
</list>
</network-lists>
</configuration>

2
mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl
View File

@ -39,7 +39,7 @@
<!-- Domain (for presence) -->
<param name="domain" value="$${domain}"/>
<!-- Sample Rate-->
<param name="rate" value="48000"/>
<param name="rate" value="8000"/>
<!-- Number of milliseconds per frame -->
<param name="interval" value="20"/>
<!-- Energy level required for audio to be sent to the other users -->

4
mod/freeswitch/conf/autoload_configs/event_socket.conf.xml
View File

@ -4,7 +4,7 @@
<param name="listen-ip" value="$${local_ip_v4}"/>
<param name="listen-port" value="8021"/>
<param name="password" value="$${esl_password}"/>
<param name="apply-inbound-acl" value="rfc1918.auto"/>
<param name="apply-inbound-acl" value="loopback.custom"/>
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>
</configuration>

3
mod/freeswitch/conf/autoload_configs/modules.conf.xml
View File

@ -2,7 +2,7 @@
<modules>
<!-- Loggers (I'd load these first) -->
<load module="mod_console"/>
<!-- <load module="mod_logfile"/> -->
<load module="mod_logfile"/>
<!-- Event Handlers -->
<load module="mod_event_socket"/>
@ -14,7 +14,6 @@
<load module="mod_commands"/>
<load module="mod_conference"/>
<load module="mod_dptools"/>
<load module="mod_audio_fork"/>
<!-- Dialplan Interfaces -->
<load module="mod_dialplan_xml"/>

43
mod/freeswitch/conf/dialplan/public.xml Normal file
View File

@ -0,0 +1,43 @@
<!--
NOTICE:
This context is usually accessed via the external sip profile listening on port 5080.
It is recommended to have separate inbound and outbound contexts. Not only for security
but clearing up why you would need to do such a thing. You don't want outside un-authenticated
callers hitting your default context which allows dialing calls thru your providers and results
in Toll Fraud.
-->
<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML -->
<include>
<context name="public">
<extension name="unloop">
<condition field="${unroll_loops}" expression="^true$"/>
<condition field="${sip_looped_call}" expression="^true$">
<action application="deflect" data="${destination_number}"/>
</condition>
</extension>
<!--
Tag anything pass thru here as an outside_call so you can make sure not
to create any routing loops based on the conditions that it came from
the outside of the switch.
-->
<extension name="outside_call" continue="true">
<condition>
<action application="set" data="outside_call=true"/>
<action application="export" data="RFC2822_DATE=${strftime(%a, %d %b %Y %T %z)}"/>
</condition>
</extension>
<!--
You can place files in the public directory to get included.
-->
<X-PRE-PROCESS cmd="include" data="public_docker/*.xml"/>
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
</context>
</include>

31
mod/freeswitch/conf/dialplan/public/dialin.xml
View File

@ -1,31 +0,0 @@
<include>
<extension name="from_my_provider">
<!-- match only calls from dial-in which haven't got transfered yet -->
<condition field="destination_number" expression="^(?!SEND_TO_CONFERENCE).*$"/>
<condition field="${sofia_profile_name}" expression="^external-dialin$">
<action application="start_dtmf" />
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="set_profile_var" data="caller_id_name=${regex(${caller_id_name}|^.*(.{4})$|xxx-xxx-%1)}"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
<extension name="check_if_conference_active">
<condition field="${conference ${pin} list}" expression="/sofia/g" />
<condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
<action application="set" data="bbb_authorized=true"/>
<action application="transfer" data="${pin} XML default"/>
</condition>
</extension>
<extension name="conf_bad_pin">
<condition field="${pin}" expression="^\d{5}$">
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-bad-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
</include>

86
mod/freeswitch/conf/sip_profiles/external-dialin.xml
View File

@ -1,86 +0,0 @@
<profile name="external-dialin">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-dialin/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="1"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge browser -->
<param name="apply-candidate-acl" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external_dialin?mode=memory&amp;cache=shared"/>
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_ip_v4}"/>
<param name="ext-sip-ip" value="$${external_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

113
mod/freeswitch/conf/sip_profiles/external-ipv6.xml Normal file
View File

@ -0,0 +1,113 @@
<profile name="external-ipv6">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-ipv6/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<!--<domain name="all" alias="false" parse="true"/>-->
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="none"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge support
<param name="apply-candidate-acl" value="wan_v6.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v6.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
-->
<param name="apply-candidate-acl" value="deny_private_v6"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="rtp-ip" value="$${external_ip_v6}"/>
<param name="sip-ip" value="$${local_ip_v6}"/>
<!-- Shouldn't set these on IPv6 -->
<!--<param name="ext-rtp-ip" value="auto-nat"/>-->
<!--<param name="ext-sip-ip" value="auto-nat"/>-->
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

43
mod/freeswitch/conf/sip_profiles/external.xml
View File

@ -1,6 +1,16 @@
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
@ -15,13 +25,7 @@
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<!--
SIP port is not rquired, since we are using WS for the
internal connection and a seperate profile (external-dialin-xml)
for SIP dial in
-->
<param name="sip-port" value="15060"/>
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
@ -32,7 +36,7 @@
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="local-network-acl" value="none"/>
<param name="manage-presence" value="false"/>
@ -48,7 +52,7 @@
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external?mode=memory&amp;cache=shared"/>
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
@ -69,12 +73,20 @@
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="rtp-ip" value="$${external_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
<!--
Listen only clients somehow run into this timeout
causing
Hangup sofia/external/GLOBAL_AUDIO_76116@10.7.7.1 [CS_EXECUTE] [MEDIA_TIMEOUT]
[mcs-freeswitch] Dispatching conference new video floor event released
[mcs-freeswitch] Received CHANNEL_HANGUP for
-->
<param name="rtp-timeout-sec" value="86400"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
@ -101,8 +113,9 @@
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<param name="ws-binding" value="0.0.0.0:5066"/>
<param name="wss-binding" value="$${local_ip_v4}:7443"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>

77
mod/freeswitch/conf/vars.xml.tmpl
View File

@ -1,15 +1,12 @@
<include>
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
<!-- Preprocessor Variables
These are introduced when configuration strings must be consistent across modules.
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
toll fraud in the future. It's your responsibility to secure your own system.
This default config is used to demonstrate the feature set of FreeSWITCH.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-->
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
@ -18,7 +15,6 @@
The following variables are set dynamically - calculated if possible by freeswitch - and
are available to the config as $${variable}. You can see their calculated value via fs_cli
by entering eval $${variable}
hostname
local_ip_v4
local_mask_v4
@ -45,24 +41,21 @@
nat_public_addr
nat_private_addr
nat_type
-->
<X-PRE-PROCESS cmd="set" data="sound_prefix={{ .Env.SOUNDS_PATH }}"/>
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
<!--
This setting is what sets the default domain FreeSWITCH will use if all else fails.
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
-->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.10"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v6={{ .Env.EXTERNAL_IPv6 }}"/>
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
@ -70,7 +63,6 @@
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
<!--
Enable ZRTP globally you can override this on a per channel basis
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
-->
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
@ -78,9 +70,7 @@
NOTICE: When using SRTP it's critical that you do not offer or accept
variable bit rate codecs, doing so would leak information and possibly
compromise your SRTP stream. (FS-6404)
Supported SRTP Crypto Suites:
AEAD_AES_256_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
@ -88,8 +78,6 @@
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AEAD_AES_128_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
@ -97,8 +85,6 @@
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
____________________________________________________________________________
AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
@ -106,25 +92,18 @@
tag. The master-key length is 128 bits and has a default lifetime of
a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
first.
AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
____________________________________________________________________________
This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
the authentication tag is 32 bits. The length of the base64-decoded key and
salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
the crypto attribute is considered invalid.
AES_CM_128_NULL_AUTH
____________________________________________________________________________
The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
method. This policy is NOT RECOMMENDED unless it is unavoidable; see
Section 7.5 of [RFC3711].
SRTP variables that modify behaviors based on direction/leg:
rtp_secure_media
____________________________________________________________________________
possible values:
@ -133,16 +112,11 @@
forbidden - More useful for inbound to deny SAVP negotiation
false - implies forbidden
true - implies mandatory
default if not set is accept SAVP inbound if offered.
rtp_secure_media_inbound | rtp_secure_media_outbound
____________________________________________________________________________
This is the same as rtp_secure_media, but would apply to either inbound
or outbound offers specifically.
How to specify crypto suites:
____________________________________________________________________________
By default without specifying any crypto suites FreeSWITCH will offer
@ -150,39 +124,29 @@
endpoint has in common. If you wish to force specific crypto suites you
can do so by appending the suites in a comma separated list in the order
that you wish to offer them in.
Examples:
rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
Additionally you can narrow this down on either inbound or outbound by
specifying as so:
rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
rtp_secure_media_suites
____________________________________________________________________________
Optionally you can use rtp_secure_media_suites to dictate the suite list
Optionaly you can use rtp_secure_media_suites to dictate the suite list
and only use rtp_secure_media=[optional|mandatory|false|true] without having
to dictate the suite list with the rtp_secure_media* variables.
-->
<!--
Examples of codec options: (module must be compiled and loaded)
codecname[@8000h|16000h|32000h[@XXi]]
XX is the frame size must be multiples allowed for the codec
XX is the frame size must be multples allowed for the codec
FreeSWITCH can support 10-120ms on some codecs.
We do not support exceeding the MTU of the RTP packet.
iLBC@30i - iLBC using mode=30 which will win in all cases.
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
@ -209,23 +173,17 @@
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
These are the passthru audio codecs:
G729 - G729 in passthru mode. (mod_g729)
G723 - G723.1 in passthru mode. (mod_g723_1)
AMR - AMR in passthru mode. (mod_amr)
These are the passthru video codecs: (mod_h26x)
H261 - H.261 Video
H263 - H.263 Video
H263-1998 - H.263-1998 Video
H263-2000 - H.263-2000 Video
H264 - H.264 Video
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
96 - AMR
97 - iLBC (30)
98 - iLBC (20)
@ -258,7 +216,6 @@
125 -
126 -
127 - BV32
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G722,PCMU,PCMA"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,speex@16000h@20i,G722,PCMU,PCMA"/>
@ -275,9 +232,7 @@
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
<!--
THIS IS ONLY USED FOR DINGALING
bind_server_ip
Can be an ip address, a dns name, or "auto".
This determines an ip address available on this host to bind.
If you are separating RTP and SIP traffic, you will want to have
@ -287,7 +242,6 @@
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
If you're going to load test FreeSWITCH please input real IP addresses
for external_rtp_ip and external_sip_ip
-->
@ -302,7 +256,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.l.google.com:19302"/>
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
@ -315,7 +269,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.l.google.com:19302"/>
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.
@ -374,11 +328,9 @@
<!--
Digits Dialed filter: (FS-6940)
The digits stream may contain valid credit card numbers or social security numbers, These digit
filters will allow you to make a valant effort to stamp out sensitive information for
PCI/HIPPA compliance. (see xml_cdr dialed_digits)
df_us_ssn = US Social Security Number pattern
df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB
-->
@ -390,7 +342,6 @@
<!--
Setting up your default sip provider is easy.
Below are some values that should work in most cases.
These are for conf/directory/default/example.com.xml
-->
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
@ -403,21 +354,16 @@
<!--
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
default: tlsv1,tlsv1.1,tlsv1.2
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
<!--
TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
The actual ciphers supported will change per platform.
openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
Will show you what is available in your version of openssl.
Will show you what is available in your verion of openssl.
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
@ -434,7 +380,7 @@
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<!-- Video Settings -->
<!-- Setting the max bandwidth -->
<!-- Setting the max bandwdith -->
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=1mb"/>
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=1mb"/>
@ -449,5 +395,4 @@
<X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/>
<X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
</include>
</include>

36
mod/freeswitch/entrypoint.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash -e
#!/bin/bash
# remove all SIP (port 5060) iptable rules
iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D
@ -15,19 +15,13 @@ for IP in "${ADDR[@]}"; do
iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT
done
mkdir -p /var/freeswitch/meetings
chown -R freeswitch:daemon /var/freeswitch/meetings
chmod 777 /var/freeswitch/meetings
chown -R freeswitch:daemon /opt/freeswitch/var
chown -R freeswitch:daemon /opt/freeswitch/etc
chmod -R g-rwx,o-rwx /opt/freeswitch/etc
# install freeswitch sounds if missing
SOUNDS_DIR=/opt/freeswitch/share/freeswitch/sounds
if [ "$SOUNDS_LANGUAGE" == "en-us-callie" ]; then
# default, is already installed
echo ""
elif [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
SOUNDS_DIR=/usr/share/freeswitch/sounds
if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
if [ ! -d "$SOUNDS_DIR/de/de/daedalus3" ]; then
echo "sounds package for de-de-daedalus3 not installed yet"
wget -O /tmp/freeswitch-german-soundfiles.zip https://github.com/Daedalus3/freeswitch-german-soundfiles/archive/master.zip
@ -42,24 +36,10 @@ elif [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
fi
else
if [ ! -f $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed ]; then
SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]')
if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then
echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
# get filename of latest release for this sound package
FILENAME=$(curl -s https://files.freeswitch.org/releases/sounds/ | grep -i $SOUNDS_LANGUAGE 2> /dev/null | awk -F'\"' '{print $8}' | grep -E '\-48000-.*\.gz$' | sort -V | tail -n 1)
if [ "$FILENAME" = "" ]; then
echo "Error: could not find sounds for language '$SOUNDS_LANGUAGE'"
echo "make sure to specify a value for SOUNDS_LANGUAGE which exists on https://files.freeswitch.org/releases/sounds/"
exit 1
fi
for bitrate in 8000 16000 32000 48000; do
URL=https://files.freeswitch.org/releases/sounds/$(echo $FILENAME | sed "s/48000/$bitrate/")
wget -O /tmp/sounds.tar.gz $URL
tar xvfz /tmp/sounds.tar.gz -C $SOUNDS_DIR
done
touch $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed
apt-get install $SOUNDS_PACKAGE
fi
fi
@ -69,4 +49,4 @@ export SOUNDS_PATH=$SOUNDS_DIR/$(echo "$SOUNDS_LANGUAGE" | sed 's|-|/|g')
dockerize \
-template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \
-template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \
/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -nonat -nf
/usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf

22
mod/fsesl-akka/Dockerfile
View File

@ -1,16 +1,24 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
FROM gitlab.senfcall.de:5050/senfcall-public/docker-bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
ARG TAG_COMMON_MESSAGE
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# download bbb-common-message
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& cd /bbb-common-message \
&& ./deploy.sh \
&& rm -rf /bbb-common-message
# ===================================================
COPY --from=src-fsesl-client / /bbb-fsesl-client
RUN cd /bbb-fsesl-client && ./deploy.sh
ARG TAG_FSESL_AKKA
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL_AKKA/bbb-fsesl-client /bbb-fsesl-client \
&& rm -rf /bbb-fsesl-client/.svn
COPY --from=src-fsesl-akka / /source
RUN cd /bbb-fsesl-client \
&& ./deploy.sh
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL_AKKA/akka-bbb-fsesl /source \
&& rm -rf /source/.svn
# compile and unzip bin
RUN cd /source \

4
mod/fsesl-akka/bbb-fsesl-akka.conf
View File

@ -4,13 +4,13 @@ include "/bbb-fsesl-akka/conf/application.conf"
freeswitch {
esl {
host="freeswitch"
host="10.7.7.1"
password="FSESL_PASSWORD"
}
}
redis {
host="redis"
host="10.7.7.5"
}
http {

3
mod/fsesl-akka/logback.xml
View File

@ -11,7 +11,8 @@
<logger name="org.freeswitch.esl" level="WARN" />
<logger name="io.lettuce" level="INFO" />
<root level="INFO">
<root level="DEBUG">
<appender-ref ref="STDOUT"/>
<appender-ref ref="FILE" />
</root>
</configuration>

4
mod/haproxy/Dockerfile
View File

@ -1,4 +0,0 @@
FROM ghcr.io/tomdess/docker-haproxy-certbot:2.8.10
# overwrite bootstrap.sh
COPY bootstrap.sh /bootstrap.sh

30
mod/haproxy/bootstrap.sh
View File

@ -1,30 +0,0 @@
#!/usr/bin/env bash
set -e
# save container environment variables to use it
# in cron scripts
declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
# when used with an IP, we'll also disable certbot
if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
IGNORE_TLS_CERT_ERRORS=true
fi
if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
# use self signed certificate
if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
mkdir -p /etc/haproxy/certs
# generate self signed certificate
openssl req -x509 -nodes -days 700 -newkey rsa:2048 \
-keyout /tmp/domain.key -out /tmp/domain.crt \
-subj "/C=CA/ST=Quebec/L=Montreal/O=BigBlueButton Development/OU=bbb-docker/CN=10.7.7.1"
cat /tmp/domain.key /tmp/domain.crt | tee /etc/haproxy/certs/haproxy-10.7.7.1.pem >/dev/null
fi
else
# obtain certificates from lets encrypt
/certs.sh
fi
supervisord -c /etc/supervisord.conf -n

80
mod/haproxy/haproxy.cfg
View File

@ -1,80 +0,0 @@
global
log stdout format raw local0 debug
maxconn 20480
############# IMPORTANT #################################
## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ##
## acme-http01-webroot.lua file ##
# chroot /jail ##
#########################################################
lua-load /etc/haproxy/acme-http01-webroot.lua
#
# SSL options
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 4096
# workaround for bug #14 (Cert renewal blocks HAProxy indefinitely with Websocket connections)
hard-stop-after 3s
# DNS runt-time resolution on backend hosts
resolvers docker
nameserver dns "127.0.0.11:53"
defaults
log global
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# option forwardfor
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# never fail on address resolution
default-server init-addr last,libc,none
frontend http
bind *:80,[::]:80
mode http
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
redirect scheme https code 301 if !{ ssl_fc }
frontend nginx_or_turn
bind *:443,:::443 ssl crt /etc/haproxy/certs/ ssl-min-ver TLSv1.2 alpn h2,http/1.1,stun.turn
mode tcp
option tcplog
tcp-request content capture req.payload(0,1) len 1
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+X}[capture.req.hdr(0)]"
tcp-request inspect-delay 30s
# We terminate SSL on haproxy. HTTP2 is a binary protocol. haproxy has to
# decide which protocol is spoken. This is negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
# If no ALPN value is set, the first byte is inspected and depending on the
# value traffic is sent to either port 81 or coturn.
use_backend nginx-http2 if { ssl_fc_alpn h2 }
use_backend nginx if { ssl_fc_alpn http/1.1 }
use_backend turn if { ssl_fc_alpn stun.turn }
use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
default_backend turn
backend turn
mode tcp
server localhost 10.7.7.1:3478 check
backend nginx
mode tcp
server localhost 10.7.7.1:48081 send-proxy check
backend nginx-http2
mode tcp
server localhost 10.7.7.1:48082 send-proxy check

52
mod/haproxy/protocolmap
View File

@ -1,52 +0,0 @@
a nginx
b nginx
c nginx
d nginx
e nginx
f nginx
g nginx
h nginx
i nginx
j nginx
k nginx
l nginx
m nginx
n nginx
o nginx
p nginx
q nginx
r nginx
s nginx
t nginx
u nginx
v nginx
w nginx
x nginx
y nginx
z nginx
A nginx
B nginx
C nginx
D nginx
E nginx
F nginx
G nginx
H nginx
I nginx
J nginx
K nginx
L nginx
M nginx
N nginx
O nginx
P nginx
Q nginx
R nginx
S nginx
T nginx
U nginx
V nginx
W nginx
X nginx
Y nginx
Z nginx

13
mod/html5-dev/Dockerfile
View File

@ -1,13 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG
# use /tmp as home dir as writeable directory for whatever UID we get
ENV HOME /tmp
# allow all user to access .nvm in root
RUN chmod 755 /root
WORKDIR /app
COPY /entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

11
mod/html5-dev/entrypoint.sh
View File

@ -1,11 +0,0 @@
set -e
# enable nvm
. /root/.nvm/nvm.sh
if [ -n "$1" ]; then
exec "$@"
else
npm install
npm start -- --host 0.0.0.0
fi

34
mod/html5/Dockerfile Normal file
View File

@ -0,0 +1,34 @@
ARG BBB_BUILD_TAG
FROM gitlab.senfcall.de:5050/senfcall-public/docker-bbb-build:$BBB_BUILD_TAG AS builder
# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor
# USER meteor
ARG TAG_HTML5
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_HTML5/bigbluebutton-html5 /source \
&& cd /source \
&& meteor npm ci --production \
&& METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \
&& rm -rf /source
RUN cd /app/bundle/programs/server \
&& npm install --production
RUN sed -i "s/VERSION/$TAG_HTML5/" /app/bundle/programs/web.browser/head.html \
&& find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \;
# ------------------------------
FROM node:14.19.1-alpine
RUN addgroup -g 2000 meteor && \
adduser -D -u 2001 -G meteor meteor && \
apk add su-exec
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
COPY --from=builder --chown=meteor:meteor /app/bundle /app
COPY entrypoint.sh /entrypoint.sh
COPY bbb-html5.yml /app/bbb-html5.yml.tmpl
ENTRYPOINT ["/entrypoint.sh"]

24
mod/html5/bbb-html5.yml Normal file
View File

@ -0,0 +1,24 @@
public:
app:
bbbServerVersion: {{ .Env.TAG_HTML5 }}-docker
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
clientTitle: {{ .Env.CLIENT_TITLE }}
appName: BigBlueButton HTML5 Client (docker)
breakouts:
breakoutRoomLimit: {{ .Env.BREAKOUTROOM_LIMIT }}
kurento:
wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu
autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }}
skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }}
chat:
enabled: {{ .Env.CHAT_ENABLED }}
startClosed: {{ .Env.CHAT_START_CLOSED }}
pads:
url: https://{{ .Env.DOMAIN }}/pad
private:
app:
host: 0.0.0.0
redis:
host: redis
port: '6379'

43
mod/html5/entrypoint.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/sh
set -e
cd /app
export MONGO_OPLOG_URL=mongodb://10.7.7.6/local
export MONGO_URL=mongodb://10.7.7.6/meteor
export ROOT_URL=http://127.0.0.1/html5client
export NODE_ENV=production
export SERVER_WEBSOCKET_COMPRESSION=0
export BIND_IP=0.0.0.0
export LANG=en_US.UTF-8
export INSTANCE_MAX=1
export ENVIRONMENT_TYPE=production
export NODE_VERSION=node-v14.19.1-linux-x64
export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml
if [ "$DEV_MODE" == true ]; then
echo "DEV_MODE=true, disable TLS certificate rejecting"
export NODE_TLS_REJECT_UNAUTHORIZED=0
fi
if [ "$BBB_HTML5_ROLE" == "backend" ]; then
PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID
fi
# if container is the first frontend, do some additional tasks
if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then
# copy static files into volume for direct access by nginx
# https://github.com/bigbluebutton/bigbluebutton/issues/10739
if [ -d "/html5-static" ]; then
rm -rf /html5-static/*
cp -r /app/programs/web.browser/* /html5-static
fi
fi
dockerize \
-template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \
su-exec meteor \
node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM

33
mod/https/site-ipv4only.conf Normal file
View File

@ -0,0 +1,33 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2 default_server;
# we at still serve https via IPv6 for the
# case that an AAAA record is set.
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}

33
mod/https/site.conf Normal file
View File

@ -0,0 +1,33 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}

17
mod/jodconverter/Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM eugenmayer/jodconverter:rest
RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections
RUN sed -i 's/main/main contrib/' /etc/apt/sources.list && apt-get update
RUN apt-get update && apt -y install --no-install-recommends \
fonts-arkpandora \
fonts-crosextra-carlito \
fonts-crosextra-caladea \
fonts-noto \
fonts-noto-cjk \
fonts-liberation \
fontconfig \
ttf-mscorefonts-installer
# avoid "APPLICATION FAILED TO START. Config data location '/etc/app/' does not exist"
# https://github.com/bigbluebutton/docker/issues/178
CMD ["--spring.config.additional-location=optional:/etc/app/"]

15
mod/livekit/livekit.yaml
View File

@ -1,15 +0,0 @@
port: 7880
log_level: debug
# when enabled, LiveKit will expose prometheus metrics on :6789/metrics
#prometheus_port: 6789
rtc:
port_range_start: 16384
port_range_end: 32768
use_external_ip: false
redis:
# redis is recommended for production deploys
address: redis:6379
keys:
# TODO: change keys
TEST: TEST

26
mod/mongo/init-replica.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
set -e
host=${HOSTNAME:-$(hostname -f)}
# shut down again
mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown
# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6
mongod --oplogSize 8 --replSet rs0 --noauth \
--config /tmp/docker-entrypoint-temp-config.json \
--bind_ip 0.0.0.0 --port 27017 \
--tlsMode disabled \
--logpath /proc/1/fd/1 --logappend \
--pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork
# init replset with defaults
mongo 10.7.7.6 --eval "rs.initiate({
_id: 'rs0',
members: [ { _id: 0, host: '10.7.7.6:27017' } ]
})"
echo "Waiting to become a master"
echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongo
echo "I'm the master!"

33
mod/mongo/mongod.conf Normal file
View File

@ -0,0 +1,33 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
storage:
dbPath: /data/db
journal:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 1
journalCompressor: none
directoryForIndexes: true
collectionConfig:
blockCompressor: none
indexConfig:
prefixCompression: false
net:
port: 27017
bindIp: 0.0.0.0
replication:
replSetName: rs0
setParameter:
diagnosticDataCollectionEnabled: false
security:
javascriptEnabled: false

55
mod/nginx/Dockerfile
View File

@ -1,49 +1,22 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard
COPY --from=src-learning-dashboard / /bbb-learning-dashboard
RUN cd /bbb-learning-dashboard && npm ci && npm run build
FROM node:14-alpine AS builder
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback
COPY --from=src-playback / /bbb-playback
RUN cd /bbb-playback && npm install && npm run-script build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5
COPY --from=src-html5 / /source
RUN cd /source && CI=true npm ci
RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build-safari && npm run build
RUN cd /source/dist && \
HASH=$(ls | grep -Eo 'bundle\.[a-f0-9]{20}\.js' | head -n 1 | grep -Eo '[a-f0-9]{20}') && \
if [ -z "$HASH" ]; then \
echo "Bundle hash not found."; \
else \
for FILE in *.safari.js *.safari.js.map; do \
if [[ "$FILE" == *"$HASH"* ]]; then \
continue; \
fi; \
PREFIX="${FILE%%.safari.js*}"; \
SUFFIX="${FILE#*.safari.js}"; \
NEW_NAME="${PREFIX}.${HASH}.safari.js${SUFFIX}"; \
echo "Renaming $FILE$NEW_NAME"; \
mv "$FILE" "$NEW_NAME"; \
done; \
fi
RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css
RUN apk add subversion git
# --------------------
FROM nginx:1.27-alpine
ARG TAG_LEARNING_DASHBOARD
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_LEARNING_DASHBOARD/bbb-learning-dashboard /bbb-learning-dashboard && rm -r /bbb-learning-dashboard/.svn
RUN cd /bbb-learning-dashboard && npm ci && npm run build
COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/
COPY ./bbb-playback /bbb-playback
RUN cd /bbb-playback && npm ci && npm run build
# --------------------
FROM nginx:1.23-alpine
COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
COPY ./bbb /etc/nginx/bbb
COPY ./bigbluebutton /etc/nginx/conf.d/default.conf
COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf
COPY ./nginx.conf /etc/nginx/nginx.conf

1
mod/nginx/bbb-graphql-client-settings-cache.conf
View File

@ -1 +0,0 @@
proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off;

23
mod/nginx/bbb-html5.dev.nginx
View File

@ -1,23 +0,0 @@
# serve locale index from prebuilt static files
location = /html5client/locales/ {
alias /usr/share/bigbluebutton/html5-client/locales/;
autoindex on;
autoindex_format json;
# Prevent browsers from caching
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires 0;
}
# running from source (npm start)
location /html5client/ {
rewrite /html5client/(.*) /$1 break;
gzip_static on;
proxy_pass http://10.7.7.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}

1
mod/nginx/bbb-playback Submodule

Submodule mod/nginx/bbb-playback added at 4031c8e5ff

45
mod/nginx/bbb/bbb-html5.nginx
View File

@ -1,13 +1,40 @@
# running in production (static assets)
location /html5client {
gzip_static on;
alias /usr/share/bigbluebutton/html5-client/;
index index.html;
try_files $uri $uri/ =404;
location @html5client {
proxy_pass http://poolhtml5servers; # use for production
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /html5client/locales {
alias /usr/share/bigbluebutton/html5-client/locales;
autoindex on;
autoindex_format json;
alias /html5-static/app/locales;
}
location /html5client/compatibility {
alias /html5-static/app/compatibility;
}
location /html5client/resources {
alias /html5-static/app/resources;
}
location /html5client/svgs {
alias /html5-static/app/svgs;
}
location /html5client/fonts {
alias /html5-static/app/fonts;
}
location /html5client/wasm {
types {
application/wasm wasm;
}
gzip_static on;
alias /html5-static/app/wasm;
}
location /html5client/ {
alias /html5-static;
try_files $uri @html5client;
}

39
mod/nginx/bbb/graphql.nginx
View File

@ -1,39 +0,0 @@
# Websocket connection
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
#proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql)
proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware
}
#Set cache system for client settings
location /api/rest/clientSettings {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_cache client_settings_cache;
proxy_cache_key "$uri|$meeting_id";
proxy_cache_use_stale updating;
proxy_cache_valid 24h;
proxy_cache_lock on;
add_header X-Cached $upstream_cache_status;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}
location /api/rest/userMetadata {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}

34
mod/nginx/bbb/greenlight.nginx Normal file
View File

@ -0,0 +1,34 @@
# Routes requests to Greenlight based on the '/b' prefix.
# Use this file to route '/b' paths on your BigBlueButton server
# to the Greenlight application. If you are using a different
# subpath, you should change it here.
location /b {
proxy_pass http://host.docker.internal:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_http_version 1.1;
}
location /b/cable {
proxy_pass http://host.docker.internal:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
# this is necessary for the preupload_presentation feature
location /rails/active_storage {
return 301 /b$request_uri;
}

5
mod/nginx/bbb/learning-dashboard.nginx
View File

@ -1,3 +1,8 @@
location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) {
root /var/bigbluebutton/learning-analytics-dashboard/;
autoindex off;
}
location /learning-analytics-dashboard/ {
alias /www/learning-analytics-dashboard/;
autoindex off;

11
mod/nginx/bbb/livekit.nginx
View File

@ -1,11 +0,0 @@
location /livekit/ {
proxy_pass http://127.0.0.1:7880/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
}

4
mod/nginx/bbb/notes.nginx
View File

@ -15,7 +15,7 @@ location /pad/p/ {
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1;
auth_request /bigbluebutton/connection/checkAuthorization;
@ -57,7 +57,7 @@ location /pad/socket.io {
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_set_header Host $host; # pass the host header
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html

21
mod/nginx/bbb/playback-video.nginx
View File

@ -1,21 +0,0 @@
# This file is part of BigBlueButton.
#
# Copyright © BigBlueButton Inc. and by respective authors.
#
# BigBlueButton is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by the
# Free Software Foundation, either version 3.0 of the License, or (at your
# option) any later version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with BigBlueButton. If not, see <https://www.gnu.org/licenses>.
location /playback/video/ {
alias /var/bigbluebutton/published/video/;
index index.html index.htm;
}

27
mod/nginx/bbb/presentation-slides.nginx
View File

@ -20,27 +20,34 @@
# causes tomcat to OOM. (ralam sept 20, 2018)
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/svg\/(?<page_num>\d+)$ {
default_type image/svg+xml;
default_type image/svg+xml;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg;
add_header 'Access-Control-Allow-Origin' '*' always;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/pdf\/(?<job_id>[A-Za-z0-9]+)\/annotated_slides.pdf$ {
default_type application/pdf;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf;
add_header 'Access-Control-Allow-Origin' '*' always;
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/slide\/(?<page_num>\d+)$ {
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/thumbnail\/(?<page_num>\d+)$ {
default_type image/png;
default_type image/png;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png;
add_header 'Access-Control-Allow-Origin' '*' always;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/textfiles\/(?<page_num>\d+)$ {
default_type text/plain;
default_type text/plain;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt;
add_header 'Access-Control-Allow-Origin' '*' always;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
}

22
mod/nginx/bbb/recording-screenshare.nginx
View File

@ -1,22 +0,0 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /recording/screenshare {
alias /var/bigbluebutton/published/screenshare;
index index.html index.htm;
}

15
mod/nginx/bbb/sip.nginx Normal file
View File

@ -0,0 +1,15 @@
location /ws {
proxy_pass https://$freeswitch_addr:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}

28
mod/nginx/bbb/slides.nginx
View File

@ -1,28 +0,0 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /playback/slides {
root /var/bigbluebutton;
index index.html index.htm;
}
location /slides {
root /var/bigbluebutton/published;
index index.html index.htm;
}

10
mod/nginx/bbb/verto.nginx Normal file
View File

@ -0,0 +1,10 @@
location /verto {
proxy_pass https://host.docker.internal:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}

48
mod/nginx/bbb/web.nginx
View File

@ -9,16 +9,32 @@
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
}
}
location ~ "^\/bigbluebutton\/presentation\/(?<prestoken>[a-zA-Z0-9_-]+)/upload$" {
# Grails can't handle CORS OPTION preflight requests correctly -> lets do this in nginx
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
proxy_pass http://bbb-web:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
}
# high limit for presentation as bbb-web will reject upload if larger than configured
client_max_body_size 1000m;
@ -57,6 +73,9 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
}
location = /bigbluebutton/presentation/checkPresentation {
@ -68,7 +87,6 @@
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length "";
proxy_set_header X-Original-Content-Length $http_content_length;
proxy_set_header X-Original-Method $request_method;
# high limit for presentation as bbb-web will reject upload if larger than configured
client_max_body_size 1000m;
@ -91,17 +109,6 @@
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location = /bigbluebutton/connection/checkGraphqlAuthorization {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
# this is required for CORS preflight checks in cluster setup
proxy_set_header X-Original-Method $request_method;
}
location = /bigbluebutton/connection/legacyCheckAuthorization {
internal;
proxy_pass http://bbb-web:8090;
@ -121,6 +128,9 @@
location ~ "^/bigbluebutton\/textTrack\/(?<textTrackToken>[a-zA-Z0-9]+)\/(?<recordId>[a-zA-Z0-9_-]+)\/(?<textTrack>.+)$" {
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
@ -159,18 +169,6 @@
proxy_set_header X-Original-URI $request_uri;
}
location /bigbluebutton/rtt-check {
default_type text/plain;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "0";
# this Header is required for cluster setups as the ping check is a
# CORS request. No cookies are required so we can just allow anyone
# to use this endpoint.
add_header 'Access-Control-Allow-Origin' '*';
return 200 "";
}
}
location @error403 {
@ -179,4 +177,4 @@
}
return 403;
}
}

11
mod/nginx/bbb/webrtc-sfu.nginx
View File

@ -5,7 +5,6 @@ location /bbb-webrtc-sfu {
auth_request_set $user_id $sent_http_user_id;
auth_request_set $meeting_id $sent_http_meeting_id;
auth_request_set $voice_bridge $sent_http_voice_bridge;
auth_request_set $user_name $sent_http_user_name;
proxy_pass http://10.7.7.1:3008;
proxy_http_version 1.1;
@ -15,11 +14,9 @@ location /bbb-webrtc-sfu {
proxy_set_header User-Id $user_id;
proxy_set_header Meeting-Id $meeting_id;
proxy_set_header Voice-Bridge $voice_bridge;
proxy_set_header User-Name $user_name;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}

92
mod/nginx/bigbluebutton
View File

@ -1,86 +1,40 @@
server {
# proxied from HAProxy
listen 48082 http2 proxy_protocol;
listen 48081 proxy_protocol;
map $remote_addr $freeswitch_addr {
"~:" [::1];
default 10.7.7.1;
}
# optional ports for other reverse proxies
upstream poolhtml5servers {
zone poolhtml5servers 32k;
least_conn;
server 10.7.7.200:4100 fail_timeout=10s max_fails=4 backup;
server 10.7.7.201:4101 fail_timeout=120s max_fails=1;
server 10.7.7.202:4102 fail_timeout=120s max_fails=1;
server 10.7.7.203:4103 fail_timeout=120s max_fails=1;
# TODO: set server list based on NUMBER_OF_FRONTEND_NODEJS_PROCESSES
# server 10.7.7.204:4104 fail_timeout=120s max_fails=1;
# server 10.7.7.205:4105 fail_timeout=120s max_fails=1;
# server 10.7.7.206:4106 fail_timeout=120s max_fails=1;
# server 10.7.7.207:4107 fail_timeout=120s max_fails=1;
}
server {
listen 48087 default_server;
listen [::]:48087 default_server;
server_name _;
access_log /dev/stdout;
absolute_redirect off;
root /www/;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme $scheme;
# opt-out of google's floc tracking
# https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
add_header Permissions-Policy "interest-cohort=()";
# redirect to greenlight
location = / {
return 302 /b;
}
# Include specific rules for record and playback
include /etc/nginx/bbb/*.nginx;
# redirect old greenlight v2 room links
location ~ "/b/([a-z0-9\-]+)" {
return 302 /rooms/$1;
}
# serve default.pdf from /www/
location = /default.pdf {
try_files $uri =404;
}
location / {
proxy_pass http://greenlight:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For "127.0.0.1";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_http_version 1.1;
client_max_body_size 1000m;
}
location /cable {
proxy_pass http://greenlight:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For "127.0.0.1";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}
upstream hasura {
least_conn;
server bbb-graphql-server:8085;
# you might want to add more bbb-graphql-server@ instances to balance the
# load to multiple bbb-graphql-server instances. Execute
# `systemctl enable --now bbb-graphql-server@8086` and uncomment the
# following line:
# server 127.0.0.1:8086;
}
server {
listen 10.7.7.1:8185;
listen 127.0.0.1:8185;
root /var/www/html;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://hasura;
}
}

21
mod/nginx/nginx.conf
View File

@ -29,25 +29,4 @@ http {
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
# additional server only used for greenlight in dev mode
# allows it to use the BBB API without failing
# due to the self signed certificates
#
# all other requests (e.g. /join) is then redirected
listen 48083 http2;
location /bigbluebutton/api/join {
return 301 https://10.7.7.1$request_uri;
}
location /bigbluebutton/api {
proxy_pass http://127.0.0.1:48087;
}
location / {
return 301 https://10.7.7.1$request_uri;
}
}
}

Some files were not shown because too many files have changed in this diff Show More