freeswitch: SIP dial in support

2025-08-14 23:02:29 +02:00 · 2024-11-28 14:33:30 +01:00
42 changed files with 91 additions and 473 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,17 +2,6 @@
 ## Unreleased
 ## Release v3.0.4 (2025-03-27)
 - update to 3.0.4 @tibroc [#347](https://github.com/bigbluebutton/docker/pull/347
 - fix not accepting length of dial in / voiceBridge numbers @alangecker
 - upgrade: migrate postgres & greenlight data @alangecker
 ## Release v3.0.1 (2025-03-11)
 **Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
 - :tada: **BigBlueButton 3.0** [#313](https://github.com/bigbluebutton/docker/pull/313)
 ## Release v2.7.3 (2023-12-08)
 **Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@
 # 📦 BigBlueButton 3.0 Docker
-Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
+Version: 3.0.0-beta.5 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
 ## Features
 - Easy installation
@ -13,20 +13,14 @@ Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
 - Full IPv6 support
 - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
 ## currently missing / broken
 - NAT support
 - bbb-transcription-controller
 - livekit
 ## Requirements
 - 4GB of RAM
 - Linux (it will not work under Windows/WSL)
 - Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
 - Public IPv4 (expect issues with a firewall / NAT)
 - firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
 - git installed
-## Install production server
+## Install
 1. Ensure the requirements above are fulfilled (it really doesn't work without them)
 2. Install docker-ce & docker-compose-plugin
    1. follow instructions
@ -41,7 +35,7 @@ Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
   $ git clone https://github.com/bigbluebutton/docker.git bbb-docker
   $ cd bbb-docker
-   # optional: use the more stable main branch (often much older)
+   # use the more stable main branch (sometimes older)
   $ git checkout main 
   ```
 4. Run setup:
@ -63,20 +57,7 @@ Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
    $ docker compose exec greenlight bundle exec rake admin:create
    ```
 ## Development setup
 1. Clone this repository
   ```sh
   $  git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
   ```
 2. Start dev server
   ```sh
   $ cd bbb-dev
   $ ./scripts/dev
   ```
 3. Use API Mate with the link presented in the console to create & join a conference
 ## Further How-To's
-<!-- - [Running behind NAT](docs/behind-nat.md) -->
+- [Running behind NAT](docs/behind-nat.md)
 - [Integration into an existing web server](docs/existing-web-server.md)
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@ -145,8 +145,8 @@ services:
        - plugin=./repos/bbb-etherpad-plugin
        - skin=./repos/bbb-etherpad-skin
      args:
-        TAG_ETHERPAD: "2.2.7"
+        TAG_ETHERPAD: "1.9.4"
-    image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
+    image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
    restart: unless-stopped
    depends_on:
      - redis
@ -173,29 +173,6 @@ services:
      bbb-net:
        ipv4_address: 10.7.7.18
  bbb-export-annotations:
    build:
      context: mod/bbb-export-annotations
      additional_contexts:
        src: ./repos/bigbluebutton/bbb-export-annotations
    image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }}
    restart: unless-stopped
    depends_on:
      - redis
      - etherpad
      - bbb-pads
    networks:
    # need connections to:
    # https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json
    # "bbbWebAPI": "http://127.0.0.1:8090",    -> bbb-web
    # "bbbPadsAPI": "http://127.0.0.1:9002",   -> bbb-pads
      bbb-net:
        ipv4_address: 10.7.7.19
    volumes:
      - ./data/bigbluebutton:/var/bigbluebutton
    tmpfs:
      - /tmp
  redis:
    image: redis:7.2-alpine
    restart: unless-stopped
@ -290,8 +267,7 @@ services:
        - src=./repos/bigbluebutton/bbb-graphql-server
      args:
        BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
-        GRAPHQL_ENGINE_TAG: v2.45.0
+        GRAPHQL_ENGINE_TAG: v2.44.0
    image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
    depends_on:
      - postgres
      - bbb-web
@ -318,7 +294,6 @@ services:
      {{ end }}
      args:
        BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
    image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }}
    restart: unless-stopped
    depends_on:
      - redis
@ -343,7 +318,6 @@ services:
      {{ end }}
      args:
        BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
    image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }}
    restart: unless-stopped
    depends_on:
      - bbb-graphql-server
@ -353,8 +327,6 @@ services:
    networks:
      bbb-net:
        ipv4_address: 10.7.7.32
    extra_hosts:
      - "nginx:10.7.7.1"
    {{ if isTrue .Env.DEV_MODE }}
    user: ${BBB_DEV_UID}:${BBB_DEV_GID}
@ -381,7 +353,7 @@ services:
  periodic:
    build: mod/periodic
-    image: alangecker/bbb-docker-periodic:v3.0.0
+    image: alangecker/bbb-docker-periodic:v2.7.0
    restart: unless-stopped
    volumes:
@ -474,7 +446,6 @@ services:
    volumes:
      - ./data/haproxy/letsencrypt:/etc/letsencrypt
      - ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
      - ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap
    environment:
      - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
      - CERT1=${DOMAIN}
@ -501,7 +472,7 @@ services:
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
  # greenlight
  greenlight:
-    image: bigbluebutton/greenlight:v3.5.0
+    image: bigbluebutton/greenlight:v3.4.1
    restart: unless-stopped
    env_file: .env
    depends_on:
@ -509,7 +480,7 @@ services:
      - redis
    environment:
-      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
+      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
      REDIS_URL: redis://redis:6379
      {{ if $ignore_tls_cert_errors }}
      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
--- a/docs/development.md
+++ b/docs/development.md
@ -15,8 +15,6 @@ you can now run bbb-docker locally by simply starting
 $ ./scripts/dev
 ```
 Use the API Mate with the link presented in the console to create & join a conference.
 ### Hints
 - the html5 component will watch and automatically reload on any changes 🚀
 - if you change anything in the other components, you need to
@ -28,7 +26,10 @@ Use the API Mate with the link presented in the console to create & join a confe
  `$ ./scripts/generate-compose`
 - view the logs with \
  `$ docker compose logs -f`
- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
+- and access the API via \
  https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
    * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
 ## Notes
 - Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode
--- a/docs/network-config.md
+++ b/docs/network-config.md
@ -24,7 +24,6 @@ Services as configured.
 | coturn | network_mode: host | |
 | greenlight | | | ports: 10.7.7.1:5000:80
 | prometheus | bbb-net | 10.7.7.33 |
 | bbb-export-annotations | bbb-net | 10.7.7.19 |
 ```yml
 networks:  
--- a/docs/upgrading.md
+++ b/docs/upgrading.md
@ -1,29 +1,29 @@
 # How To Upgrade bbb-docker
-### Breaking changes `v2.7.x` -> `v3.0.x`
+### Upgrading from `v2.6.x`
- **A setup behind NAT does currently not work!**
+- **Breaking change:** We use now Docker Compose V2
 - `LETSENCRYPT_EMAIL` is now required in `.env` when used with the integrated HAProxy
 - the greenlight postgres database is now called `greenlight` instead of `greenlight-v3`
 ### Breaking changes `v2.6.x` -> `v2.7.x`
 - We use now Docker Compose V2
    * make sure you have docker ≥ 23.0 installed (`$ docker -v`)
    * update all usages of `docker-compose` to `docker compose` in your scripts
-### Breaking changes `v2.5.x` -> `v2.6.x`
+apart from that follow the guide (_within v2.7.x_) below.
- Greenlight got fully rewritten
+
 ### Upgrading from `v2.5.x`
 - **Breaking change:** Greenlight got fully rewritten
    * it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
    * some greenlight settings under `.env` have changed. compare your version with `sample.env`
    * it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
-### Backup
+apart from that follow the guide below.
 ### within `v2.7.x`
 #### Backup
 if you use greenlight, create a database backup first
 ```bash
 docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
 ```
-### Upgrading
+#### Upgrading
 ```bash
 # upgrade!
 ./scripts/upgrade
--- a/mod/apps-akka/bbb-apps-akka.conf
+++ b/mod/apps-akka/bbb-apps-akka.conf
@ -8,7 +8,6 @@ redis {
 services {
  bbbWebAPI="https://DOMAIN/bigbluebutton/api"
  sharedSecret="SHARED_SECRET"
  graphqlMiddlewareAPI = "http://10.7.7.32:8378"
 }
 http {
  interface = "0.0.0.0"
--- a/mod/bbb-export-annotations/Dockerfile
+++ b/mod/bbb-export-annotations/Dockerfile
@ -1,23 +0,0 @@
 FROM node:22-bookworm-slim AS builder
 COPY --from=src / /bbb-export-annotations
 RUN cd /bbb-export-annotations && npm ci && npm install
 # --------------------
 FROM node:22-bookworm-slim
 RUN groupadd -g 998 bigbluebutton \
    && useradd -m -u 998 -g bigbluebutton bigbluebutton
 RUN apt update && apt install -y \
    nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils
 COPY --from=builder /bbb-export-annotations /bbb-export-annotations
 COPY ./config/settings.json /bbb-export-annotations/config/settings.json
 USER bigbluebutton
 WORKDIR /bbb-export-annotations
 ENV NODE_ENV=production
 ENTRYPOINT npm start
--- a/mod/bbb-export-annotations/config/settings.json
+++ b/mod/bbb-export-annotations/config/settings.json
@ -1,40 +0,0 @@
 {
    "log": {
      "level": "info",
      "msgName": "PresAnnStatusMsg"
    },
    "shared": {
      "presAnnDropboxDir": "/tmp/pres-ann-dropbox",
      "cairosvg": "/usr/bin/cairosvg",
      "ghostscript": "/usr/bin/gs"
    },
    "process": {
      "maxImageWidth": 1440,
      "maxImageHeight": 1080,
      "pointsPerInch": 72,
      "pixelsPerInch": 96,
      "cairoSVGUnsafeFlag": false
    },
    "notifier": {
      "pod_id": "DEFAULT_PRESENTATION_POD",
      "is_downloadable": "false",
      "msgName": "NewPresFileAvailableMsg"
    },
    "bbbWebAPI": "http://bbb-web:8090",
    "bbbPadsAPI": "http://bbb-pads:9002",
    "redis": {
      "host": "redis",
      "port": 6379,
      "password": null,
      "channels": {
        "queue": "exportJobs",
        "publish": "to-akka-apps-redis-channel"
      }
    },
    "fonts": {
      "draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
      "sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
      "serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
      "mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
  }
 }
--- a/mod/bbb-graphql-middleware/config.yml
+++ b/mod/bbb-graphql-middleware/config.yml
@ -6,7 +6,7 @@ redis:
  port: 6379
  password: ""
 hasura:
-  url: ws://nginx:8185/v1/graphql
+  url: ws://bbb-graphql-server:8085/v1/graphql
 graphql-actions:
  url: http://bbb-graphql-actions:8093
 auth_hook:
--- a/mod/bbb-pads/Dockerfile
+++ b/mod/bbb-pads/Dockerfile
@ -1,4 +1,4 @@
-FROM node:22-bookworm-slim AS builder
+FROM node:18-bookworm-slim AS builder
 COPY --from=src / /bbb-pads
 RUN cd /bbb-pads && rm -r .git && npm install --production
@ -7,7 +7,7 @@ RUN cd /bbb-pads && rm -r .git && npm install --production
 RUN chmod 777 /bbb-pads/config
 # ------------------------------
-FROM node:22-bookworm-slim
+FROM node:18-bookworm-slim
 RUN apt update && apt install -y jq moreutils \
    && useradd --uid 2003 --create-home --user-group bbb-pads
--- a/mod/bbb-web/bbb-web.properties
+++ b/mod/bbb-web/bbb-web.properties
@ -21,6 +21,4 @@ presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
 beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
 {{end}}
-learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
+learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
 defaultNumDigitsForTelVoice=9
--- a/mod/bbb-web/entrypoint.sh
+++ b/mod/bbb-web/entrypoint.sh
@ -11,11 +11,9 @@ mkdir -p /var/bigbluebutton/recording/publish
 mkdir -p /var/bigbluebutton/recording/status/recorded
 mkdir -p /var/bigbluebutton/recording/status/archived
 mkdir -p /var/bigbluebutton/recording/status/processed
 mkdir -p /var/bigbluebutton/recording/status/ended
 mkdir -p /var/bigbluebutton/recording/status/sanity
 mkdir -p /var/bigbluebutton/recording/status/published
 mkdir -p /var/bigbluebutton/captions
 mkdir -p /var/bigbluebutton/captions/inbox
 mkdir -p /var/bigbluebutton/published
 mkdir -p /var/bigbluebutton/deleted
 mkdir -p /var/bigbluebutton/unpublished
--- a/mod/bbb-webrtc-recorder/Dockerfile
+++ b/mod/bbb-webrtc-recorder/Dockerfile
@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.23 as builder
+FROM golang:1.21 as builder
 ARG APP_VERSION=devel
 ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder
--- a/mod/etherpad/Dockerfile
+++ b/mod/etherpad/Dockerfile
@ -7,21 +7,20 @@ RUN apk add git curl
 USER etherpad
-RUN pnpm run plugins i \
+RUN npm install \
-    ep_disable_chat@0.0.10 \
+    ep_cursortrace@3.1.16 \
    git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
    git+https://github.com/mconf/ep_redis_publisher.git#2b6e47c1c59362916a0b2961a29b259f2977b694 \
    ep_disable_chat@0.0.8 \
    ep_auth_session@1.1.1 \
-    --github \
+# remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches
-        mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
+    && rm package-lock.json package.json
        mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \
        mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694
 # add skin from git submodule
 COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
 # add plugin from git submodule
-COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches
+COPY --chown=etherpad:0 --from=plugin / /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
 RUN pnpm run plugins i --path /ep_bigbluebutton_patches
 COPY settings.json /opt/etherpad-lite/settings.json
 COPY etherpad-export.sh /etherpad-export.sh
--- a/mod/etherpad/entrypoint.sh
+++ b/mod/etherpad/entrypoint.sh
@ -1,3 +1,5 @@
 #!/bin/sh
 echo $ETHERPAD_API_KEY > /tmp/apikey
-pnpm run prod --apikey /tmp/apikey
+export NODE_ENV=production
 node /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js --apikey /tmp/apikey
--- a/mod/etherpad/settings.json
+++ b/mod/etherpad/settings.json
@ -140,7 +140,7 @@
   * "full-width-editor" variant (by default editor is rendered as a page, with
   * a max-width of 900px).
   */
-  "skinVariants": "",
+  "skinVariants": "super-light-toolbar super-light-editor light-background",
  /*
   * IP and port which Etherpad should bind at.
@ -162,14 +162,6 @@
   */
  "showSettingsInAdminPage": true,
  /*
   * Settings for cleanup of pads
   */
  "cleanup": {
    "enabled": false,
    "keepRevisions": 5
  },
  /*
   * Node native SSL support
   *
@ -279,14 +271,6 @@
    "pageDown":  true
  },
  /*
   * Enables the use of a different server. We have a different one that syncs changes from the original server.
   * It is hosted on GitHub and should not be blocked by many firewalls.
   *  https://etherpad.org/ep_infos
   */
  "updateServer": "https://etherpad.org/ep_infos",
  /*
   * Should we suppress errors from being visible in the default Pad Text?
   */
@ -339,6 +323,14 @@
   */
  "soffice": "/etherpad-export.sh",
  /*
   * Path to the Tidy executable.
   *
   * Tidy is used to improve the quality of exported pads.
   * Setting it to null disables Tidy.
   */
  "tidyHtml": null,
  /*
   * Allow import of file types other than the supported ones:
   * txt, doc, docx, rtf, odt, html & htm
@ -372,22 +364,6 @@
   * Settings controlling the session cookie issued by Etherpad.
   */
  "cookie": {
    /*
     * How often (in milliseconds) the key used to sign the express_sid cookie
     * should be rotated. Long rotation intervals reduce signature verification
     * overhead (because there are fewer historical keys to check) and database
     * load (fewer historical keys to store, and less frequent queries to
     * get/update the keys). Short rotation intervals are slightly more secure.
     *
     * Multiple Etherpad processes sharing the same database (table) is
     * supported as long as the clock sync error is significantly less than this
     * value.
     *
     * Key rotation can be disabled (not recommended) by setting this to 0 or
     * null, or by disabling session expiration (see sessionLifetime).
     */
    "keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
    /*
     * Value of the SameSite cookie property. "Lax" is recommended unless
     * Etherpad will be embedded in an iframe from another site, in which case
@ -399,51 +375,7 @@
     * significant usability drawbacks vs. "Lax". See
     * https://stackoverflow.com/q/41841880 for discussion.
     */
-    "sameSite": "None",
+    "sameSite": "None"
    /*
     * How long (in milliseconds) after navigating away from Etherpad before the
     * user is required to log in again. (The express_sid cookie is set to
     * expire at time now + sessionLifetime when first created, and its
     * expiration time is periodically refreshed to a new now + sessionLifetime
     * value.) If requireAuthentication is false then this value does not really
     * matter.
     *
     * The "best" value depends on your users' usage patterns and the amount of
     * convenience you desire. A long lifetime is more convenient (users won't
     * have to log back in as often) but has some drawbacks:
     *   - It increases the amount of state kept in the database.
     *   - It might weaken security somewhat: The cookie expiration is refreshed
     *     indefinitely without consulting authentication or authorization
     *     hooks, so once a user has accessed a pad, the user can continue to
     *     use the pad until the user leaves for longer than sessionLifetime.
     *   - More historical keys (sessionLifetime / keyRotationInterval) must be
     *     checked when verifying signatures.
     *
     * Session lifetime can be set to infinity (not recommended) by setting this
     * to null or 0. Note that if the session does not expire, most browsers
     * will delete the cookie when the browser exits, but a session record is
     * kept in the database forever.
     */
    "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
    /*
     * How long (in milliseconds) before the expiration time of an active user's
     * session is refreshed (to now + sessionLifetime). This setting affects the
     * following:
     *   - How often a new session expiration time will be written to the
     *     database.
     *   - How often each user's browser will ping the Etherpad server to
     *     refresh the expiration time of the session cookie.
     *
     * High values reduce the load on the database and the load from browsers,
     * but can shorten the effective session lifetime if Etherpad is restarted
     * or the user navigates away.
     *
     * Automatic session refreshes can be disabled (not recommended) by setting
     * this to null.
     */
    "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
  },
  /*
@ -543,7 +475,7 @@
  /*
   * Restrict socket.io transport methods
   */
-  "socketTransportProtocols" : ["websocket", "polling"],
+  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
  "socketIo": {
    /*
@ -553,7 +485,7 @@
     * value to work properly, but increasing the value increases susceptibility
     * to denial of service attacks (malicious clients can exhaust memory).
     */
-    "maxHttpBufferSize": 50000
+    "maxHttpBufferSize": 10000
  },
  /*
@ -618,13 +550,6 @@
   */
  "importMaxFileSize": 52428800, // 50 * 1024 * 1024
  /*
    The authentication method used by the server.
    The default value is sso
    If you want to use the old authentication system, change this to apikey
   */
  "authenticationMethod": "apikey",
  /*
   * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
   *
@ -641,6 +566,7 @@
    "points": 100
  },
  /*
   * Toolbar buttons configuration.
   *
@ -670,13 +596,6 @@
   */
  "loglevel": "INFO",
    /*
   * The log layout type to use.
   *
   * Valid values: basic, colored
   */
   "logLayoutType": "colored",
  /* Override any strings found in locale directories */
  "customLocaleStrings": {
    "de": {
@ -714,10 +633,8 @@
  },
  /* Disable Admin UI tests */
-  "enableAdminUITests": false,
+  "enableAdminUITests": false
 }
  /*
   * Enable/Disable case-insensitive pad names.
   */
  "lowerCasePadIds": false
 }
--- a/mod/freeswitch/conf/dialplan/public/dialin.xml
+++ b/mod/freeswitch/conf/dialplan/public/dialin.xml
@ -1,8 +1,6 @@
 <include>
  <extension name="from_my_provider">
-    <!-- match only calls from dial-in which haven't got transfered yet   -->
+    <condition field="destination_number" expression="^DIALIN">
    <condition field="destination_number" expression="^(?!SEND_TO_CONFERENCE).*$"/>
    <condition field="${sofia_profile_name}" expression="^external-dialin$">
      <action application="start_dtmf" />
      <action application="answer"/>
      <action application="sleep" data="1000"/>
--- a/mod/haproxy/bootstrap.sh
+++ b/mod/haproxy/bootstrap.sh
@ -7,11 +7,6 @@ set -e
 declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
 # when used with an IP, we'll also disable certbot
 if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
  IGNORE_TLS_CERT_ERRORS=true
 fi
 if [ "$IGNORE_TLS_CERT_ERRORS"  ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
    # use self signed certificate
    if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
--- a/mod/haproxy/haproxy.cfg
+++ b/mod/haproxy/haproxy.cfg
@ -64,7 +64,7 @@ frontend nginx_or_turn
  use_backend nginx-http2 if { ssl_fc_alpn h2 }
  use_backend nginx if { ssl_fc_alpn http/1.1 }
  use_backend turn if { ssl_fc_alpn stun.turn }
-  use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
+  # use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
  default_backend turn
 backend turn
--- a/mod/haproxy/protocolmap
+++ b/mod/haproxy/protocolmap
@ -1,52 +0,0 @@
 a nginx
 b nginx
 c nginx
 d nginx
 e nginx
 f nginx
 g nginx
 h nginx
 i nginx
 j nginx
 k nginx
 l nginx
 m nginx
 n nginx
 o nginx
 p nginx
 q nginx
 r nginx
 s nginx
 t nginx
 u nginx
 v nginx
 w nginx
 x nginx
 y nginx
 z nginx
 A nginx
 B nginx
 C nginx
 D nginx
 E nginx
 F nginx
 G nginx
 H nginx
 I nginx
 J nginx
 K nginx
 L nginx
 M nginx
 N nginx
 O nginx
 P nginx
 Q nginx
 R nginx
 S nginx
 T nginx
 U nginx
 V nginx
 W nginx
 X nginx
 Y nginx
 Z nginx
--- a/mod/nginx/Dockerfile
+++ b/mod/nginx/Dockerfile
@ -16,12 +16,9 @@ RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
    && find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
    && find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
 RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
    sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css
 # --------------------
-FROM nginx:1.27-alpine
+FROM nginx:1.25-alpine
 COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
 COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
--- a/mod/nginx/bbb-html5.dev.nginx
+++ b/mod/nginx/bbb-html5.dev.nginx
@ -3,11 +3,6 @@ location = /html5client/locales/ {
  alias /usr/share/bigbluebutton/html5-client/locales/;
  autoindex on;
  autoindex_format json;
  # Prevent browsers from caching
  add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
  add_header Pragma "no-cache";
  add_header Expires 0;
 }
 # running from source (npm start)
--- a/mod/nginx/bbb/graphql.nginx
+++ b/mod/nginx/bbb/graphql.nginx
@ -24,7 +24,7 @@ location /api/rest/clientSettings {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:8185; #Hasura
+    proxy_pass http://bbb-graphql-server:8085; #Hasura
 }
 location /api/rest/userMetadata {
@ -35,5 +35,5 @@ location /api/rest/userMetadata {
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:8185; #Hasura
+    proxy_pass http://bbb-graphql-server:8085; #Hasura
 }
--- a/mod/nginx/bbb/web.nginx
+++ b/mod/nginx/bbb/web.nginx
@ -159,7 +159,7 @@
            proxy_set_header        X-Original-URI $request_uri;
        }
-        location /bigbluebutton/rtt-check {
+        location /bigbluebutton/ping {
            default_type text/plain;
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
            add_header Pragma "no-cache";
--- a/mod/nginx/bigbluebutton
+++ b/mod/nginx/bigbluebutton
@ -59,28 +59,3 @@ server {
    send_timeout        6h;
  }
 }
 upstream hasura {
    least_conn;
    server bbb-graphql-server:8085;
    # you might want to add more bbb-graphql-server@ instances to balance the
    # load to multiple bbb-graphql-server instances. Execute 
    # `systemctl enable --now bbb-graphql-server@8086` and uncomment the
    # following line:
    # server 127.0.0.1:8086;
 }
 server {
    listen 10.7.7.1:8185;
    listen 127.0.0.1:8185;
    root /var/www/html;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
 	    proxy_pass http://hasura;
    }
 }
--- a/mod/recordings/Dockerfile
+++ b/mod/recordings/Dockerfile
@ -38,7 +38,7 @@ ENV LANGUAGE en_US.UTF-8
 # compile and install mkclean
 RUN cd /tmp \
-    && wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
+    && wget https://netcologne.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
    && tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
    && cd /tmp/mkclean-0.8.10 \
    && sed -i 's/\r//g' ./mkclean/configure.compiled \
@ -54,7 +54,7 @@ RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VE
    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 # add yq for bbb-record
-RUN  wget -q https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq \
+RUN  wget -q https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq \
    && chmod +x /usr/bin/yq
 RUN mkdir -p \
--- a/mod/webhooks/Dockerfile
+++ b/mod/webhooks/Dockerfile
@ -1,4 +1,4 @@
-FROM node:22-bookworm-slim AS builder
+FROM node:18-bookworm-slim AS builder
 RUN apt-get update && apt-get install -y git wget
@ -12,7 +12,7 @@ RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git
 RUN chmod 777 /bbb-webhooks/config
 # ------------------------------
-FROM node:22-bookworm-slim
+FROM node:18-bookworm-slim
 RUN useradd --uid 2004 --user-group bbb-webhooks
 COPY --from=builder /usr/bin/yq /usr/bin/yq
--- a/mod/webrtc-sfu/Dockerfile
+++ b/mod/webrtc-sfu/Dockerfile
@ -4,17 +4,11 @@ FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 RUN useradd --uid 2004 --user-group webrtc-sfu 
 # cache packages
 COPY --from=source /package.json /cache/package.json
 RUN cd /cache && npm install --unsafe-perm
 COPY --from=source / /app
 ENV NODE_ENV production
 RUN cd /app \
  && rm -rf /app/node_modules && cp -a /cache/node_modules /app/node_modules \
 && cp config/default.example.yml config/production.yml \
 && npm install --unsafe-perm \
 && npm cache clear --force \
@ -24,7 +18,7 @@ RUN cd /app \
 # =============================
-FROM node:22-bookworm-slim
+FROM node:18-bookworm-slim
 RUN useradd --uid 2004 --user-group webrtc-sfu 
 ENV NODE_ENV production
--- a/repos/bbb-etherpad-plugin
+++ b/repos/bbb-etherpad-plugin
--- a/repos/bbb-playback
+++ b/repos/bbb-playback
--- a/repos/bbb-webhooks
+++ b/repos/bbb-webhooks
--- a/repos/bbb-webrtc-recorder
+++ b/repos/bbb-webrtc-recorder
--- a/repos/bbb-webrtc-sfu
+++ b/repos/bbb-webrtc-sfu
--- a/repos/bigbluebutton
+++ b/repos/bigbluebutton
--- a/repos/tags
+++ b/repos/tags
@ -3,12 +3,11 @@
 # used to determine submodule tags without the need for
 # checking out the whole submodule
-repos/bbb-etherpad-plugin 88f3f6b
+repos/bbb-etherpad-plugin 068ded5
 repos/bbb-etherpad-skin 8328b77
 repos/bbb-pads v1.5.3
-repos/bbb-playback v5.3.1
+repos/bbb-playback v5.1.3
-repos/bbb-webhooks v3.3.1
+repos/bbb-webhooks v3.3.0
-repos/bbb-webrtc-recorder v0.8.0
+repos/bbb-webrtc-sfu v2.17.0-alpha.1
-repos/bbb-webrtc-sfu v2.17.0-beta.6
+repos/bigbluebutton v3.0.0-beta.5
 repos/bigbluebutton v3.0.4
 repos/freeswitch v1.10.12
--- a/scripts/bbb-record
+++ b/scripts/bbb-record
@ -4,7 +4,7 @@ set -e
 cd $(dirname $0)/..
 # load .env
-. scripts/functions.sh
+. functions.sh
 load_env
 if [ ! "$ENABLE_RECORDING" == true ]; then
--- a/scripts/functions.sh
+++ b/scripts/functions.sh
@ -16,8 +16,6 @@ function ensure_submodules {
 }
 # this file should exist, otherwise it is created by docker
 # with the wrong permissions
 function ensure_bbbhtml5yml {
    if [ ! -f conf/bbb-html5.yml ]; then
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@ -18,7 +18,7 @@ if [ -z "$EXTERNAL_IPv4" ]; then
    exit 1
 fi
-if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ] && [ -z "$DEV_MODE" ]; then
+if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then
    echo "ERROR: LETSENCRYPT_EMAIL is not set in .env"
    echo "you need to specify an email adress, otherwise the certificate"
    echo "retrieval will fail"
@ -36,7 +36,7 @@ function get_tag {
 }
 # https://hub.docker.com/r/bigbluebutton/bbb-build
-BBB_BUILD_TAG=v3.0.x-release--2025-02-06-143818
+BBB_BUILD_TAG=v3.0.x-release--2024-08-30-014114
 docker run  \
    --rm  \
--- a/scripts/postgres-migrate
+++ b/scripts/postgres-migrate
@ -1,57 +0,0 @@
 #!/bin/bash -e
 OLD_DATA_DIR=$(realpath "$1")
 NEW_DATA_DIR=$(realpath "$2")
 NEW_POSTGRES_VERSION=$3
 if [ -d "$NEW_DATA_DIR" ]; then
    echo "new postgres data directory $2 already exists. this is not expected"
    exit 1
 fi
 OLD_PG_VERSION=$(cat "$OLD_DATA_DIR/PG_VERSION")
 echo spin up a temporary postgres instance on $OLD_DATA_DIR
 TEMP_CONTAINER_ID=$(docker run --detach --rm "-v=$OLD_DATA_DIR:/var/lib/postgresql/data"  -e POSTGRES_HOST_AUTH_METHOD=trust postgres:$OLD_PG_VERSION-alpine)
 until docker exec $TEMP_CONTAINER_ID psql -U postgres -c "select 1" > /dev/null 2>&1; do
  echo "Waiting for postgres server..."
  sleep 1
 done
 echo "find old greenlight database..."
 if docker exec $TEMP_CONTAINER_ID psql -U postgres -lqt | cut -d \| -f 1  | grep greenlight-v3; then
    OLD_DATABASE=greenlight-v3
 elif docker exec $TEMP_CONTAINER_ID psql -U postgres -lqt | cut -d \| -f 1  | grep greenlight; then
    OLD_DATABASE=greenlight
 fi
 echo "old database is called $OLD_DATABASE"
 echo ""
 echo "dumping data from old databse..."
 GREENLIGHT_DUMP=$(mktemp)
 docker exec $TEMP_CONTAINER_ID pg_dump -U postgres $OLD_DATABASE > $GREENLIGHT_DUMP
 docker stop $TEMP_CONTAINER_ID
 echo spin up a temporary postgres instance on $NEW_DATA_DIR
 TEMP_CONTAINER_ID=$(docker run --detach --rm "-v=$NEW_DATA_DIR:/var/lib/postgresql/data"  -e POSTGRES_HOST_AUTH_METHOD=trust postgres:$NEW_POSTGRES_VERSION-alpine)
 until docker exec $TEMP_CONTAINER_ID psql -U postgres -c "select 1" > /dev/null 2>&1; do
  echo "Waiting for postgres server..."
  sleep 1
 done
 echo "create all databases..."
 for database in "bbb_graphql" "hasura_app" "greenlight"; do
    echo "creating $database"
    docker exec $TEMP_CONTAINER_ID psql -U postgres -c "CREATE DATABASE $database;" -c "GRANT ALL PRIVILEGES ON DATABASE $database TO postgres;"
 done
 echo "restoring greenlight from dump..."
 cat $GREENLIGHT_DUMP | docker exec -i $TEMP_CONTAINER_ID psql -U postgres greenlight
 docker stop $TEMP_CONTAINER_ID
--- a/scripts/setup
+++ b/scripts/setup
@ -137,11 +137,9 @@ fi
 if [ ! "$https_proxy" == "y" ]
 then
    sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env
    sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
 fi
 sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
 if [ "$recording" == "y" ]
 then
    sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -24,7 +24,7 @@ else
    echo "# checking for old volumes & migrate them"
    COMPOSE_PREFIX=$(docker compose config | grep '^name:' | awk '{print $2}')
-    function migrate_vol {
+    function migrate {
        VOLUME=${COMPOSE_PREFIX}_${1}
        EXISTING=$(docker volume ls | grep $VOLUME | tail -n1 | awk '{print $2}')
        if [ -n "$EXISTING" ]; then
@ -36,25 +36,12 @@ else
            docker volume rm $EXISTING
        fi  
    }
-    migrate_vol bigbluebutton ./data/bigbluebutton
+    migrate bigbluebutton ./data/bigbluebutton
-    migrate_vol vol-freeswitch ./data/freeswitch-meetings
+    migrate vol-freeswitch ./data/freeswitch-meetings
-    migrate_vol vol-mediasoup ./data/mediasoup
+    migrate vol-mediasoup ./data/mediasoup
-    if [ -d "./postgres-data" ]; then
+    # TODO: migrate postgres database
-        echo "folder ./postgres-data still exists and probably uses postgres 12. migrating to a fresh postgres 16 data directory..."
+    # TODO: migrate greenlight-data
        docker compose down --remove-orphans
        ./scripts/postgres-migrate ./postgres-data ./data/postgres 16
        mv postgres-data postgres-data.automigrate-bak
    fi
    if [ -d "./greenlight-data" ]; then
        if [ -d "./data/greenlight" ]; then
            mv ./data/greenlight ./data/greenlight.automigrate-bak
        fi
        mv ./greenlight-data ./data/greenlight
    fi
    # TODO: ask for LETSENCRYPT_EMAIL
    echo ""
    echo "# pull newest images"