63 Commits

Author SHA1 Message Date
54bddd967a Merge pull request #349 from bigbluebutton/develop
Release v3.0.4
2025-03-27 00:20:38 +00:00
f6e71fc9e3 Release v3.0.4 2025-03-27 01:19:21 +01:00
bf1820c102 Merge pull request #347 from tibroc/3.0.4
update to 3.0.4
2025-03-26 23:50:26 +00:00
2ad8ccf20c docs: minor additions 2025-03-27 00:33:16 +01:00
7960113f3a update to 3.0.4 2025-03-26 19:16:36 +01:00
608bf78d15 fix not accepting length of dial in / voiceBridge numbers 2025-03-12 00:48:03 +01:00
6e0d7520d3 fix postgres migration 2025-03-12 00:47:16 +01:00
da20874a6e upgrade: migrate postgres & greenlight data 2025-03-12 00:21:55 +01:00
c7ea1f208d Merge pull request #343 from bigbluebutton/develop
Release v3.0.1
2025-03-11 17:45:25 +00:00
2bee0acb10 changelog for release 3.0.1 2025-03-11 18:44:33 +01:00
2f2907d5d6 Merge pull request #313 from bigbluebutton/bbb3.0
BigBlueButton 3.0
2025-03-11 17:35:44 +00:00
70d9b0166d update docs for 3.0 2025-03-11 18:35:12 +01:00
b61e8c8a17 bbb v3.0.1 2025-03-11 16:40:50 +01:00
b4d2b2043c bbb-export-annotations: update to 3.0.0, drop privileges, reduce docker context 2025-03-04 00:49:28 +01:00
133ec8e29d BBB v3.0 changes 2025-03-03 19:04:49 +01:00
f99a1632cd etherpad 2.2.6 2024-12-05 13:20:28 +01:00
7ad3a3356a bbb-export-annotations: fix moved bigbluebutton volume 2024-11-30 01:23:47 +01:00
d654c89450 Merge pull request #322 from ben-ba/v2.7.3
adding bbb-export-annotations configurations ->
2024-11-29 17:49:18 +00:00
ca63812903 recordings: fix missing directories 2024-11-29 18:42:14 +01:00
861902531b ignore missing LETSENCRYPT_EMAIL in dev mode 2024-11-29 18:14:36 +01:00
8704ec2147 haproxy: correctly identify http traffic 2024-11-29 01:06:58 +01:00
340e9fdb30 setup: fix LETSENCRYPT_EMAIL not being set 2024-11-29 00:14:18 +01:00
329b6bfae6 freeswitch: SIP dial in support 2024-11-29 00:13:44 +01:00
4afa12bcf2 lets encrypt: email required, remove staging flag 2024-11-28 13:04:33 +01:00
1a79f73fe3 bbb-graphql-middleware dev mode 2024-11-25 17:50:15 +01:00
56d8f768e4 graphql-actions dev mode 2024-11-25 17:21:23 +01:00
7c0c55a9da html5 dev mode 2024-11-25 17:19:26 +01:00
ed77742a49 split out IGNORE_TLS_CERT_ERRORS from DEV_MODE
this allows running the production version of bbb-docker locally with self signed certificates
2024-11-25 16:22:46 +01:00
1a552e7155 nginx: stay running even when depending container restart 2024-11-25 13:10:19 +01:00
17aa49968d dev mode: use local networks IP instead of docker internal 10.7.7.1
this led to multiple issues with UDP pakets being lost due to IP mismatch
2024-11-25 13:08:38 +01:00
d6c1b0a5ec dev.env: coturn is now a fixed/non-optional component 2024-11-25 00:53:42 +01:00
6623813f9c greenlight: latest version and fix for failing API requests due to self signed certificate 2024-11-25 00:52:49 +01:00
ca0a159cc0 new https proxy based on haproxy, also proxying TURN 2024-11-25 00:35:18 +01:00
325690e0c1 v3.0.0-beta.5: recording via bbb-webrtc-recorder and etherpad export 2024-11-24 21:26:31 +01:00
e6c1b47fb2 .gitignore: conf/bbb-html5.yml 2024-11-24 19:14:56 +01:00
31818062b0 webrtc-sfu: announce correct webrtc IP 2024-11-24 19:14:36 +01:00
c298e051fc office-conversion: switch from jodconverter to collabora 2024-11-24 16:31:25 +01:00
c740f55e5a v3.0.0-beta.5: basic working functionality
quite some features (recording, SIP, transcription, etc.) are not working yet, but a milestone where it should finally take a commit
2024-11-24 16:30:49 +01:00
082e1295df adding bbb-export-annotations configurations -> to build it see necessary for the bigbluebutton source also; https://github.com/bigbluebutton/bigbluebutton/pull/19707 2024-02-29 13:20:50 +01:00
20315c1cf8 add missing bbb-webrtc-recorder submodule 2024-01-07 23:56:34 +01:00
b4918c53d3 dev mode: allow presentation access via http 2024-01-07 23:55:52 +01:00
13f55a1be9 fs_cli: fix for wrong path to functions.sh 2024-01-07 23:55:03 +01:00
cdfe3a87c1 bbb3.0: add webrtc-recorder 2024-01-07 23:54:28 +01:00
a3f346d8a0 all data under ./data instead in docker volumes
- easier backups
- people can access recordings with existing scripts
2024-01-07 23:52:08 +01:00
72bd71c8bf update base images
- debian: bullseye -> bookworm
- ubuntu:  20.04 -> 22.04
- ruby: 2.7 -> 3.0
2024-01-07 23:48:34 +01:00
4216d36eb8 reduce logging verbosity 2024-01-07 23:46:09 +01:00
4b89a5b52f bbb3.0: graphql container, postgres with multiple db, repo updates 2024-01-07 23:44:54 +01:00
426349d0d7 one variable DEV_MODE instead of multiple (would become quite a lot) 2024-01-07 23:36:12 +01:00
4290c1616d avoid duplicated BBB_BUILD_TAG values 2024-01-07 23:33:05 +01:00
1b0c9a9602 script for instant development mode 2023-12-08 12:48:01 +01:00
8c0409fa53 README: remove docker-compose version check, repeat requirements again, more links on top 2023-12-08 12:32:50 +01:00
5ff79af7ca Merge pull request #292 from bigbluebutton/develop
Release v2.7.0
2023-12-08 12:25:41 +01:00
87e73d0edd updating docs for release v2.7.3 2023-12-08 12:24:37 +01:00
dab58ced47 Merge pull request #307 from bigbluebutton/repo-restructure
use local sources instead of pulling inside container
2023-12-08 12:04:30 +01:00
f60b24bb84 prometheus-exporter: on some hosts (different docker versions?) the tmpfs is not mounted writeable for everyone
this leads to #309 being an incomplete fix
https://github.com/bigbluebutton/docker/pull/309
2023-12-08 11:59:32 +01:00
d04a9a5edb Merge pull request #263 from bigbluebutton/develop
Release v2.6.0-2
2023-04-04 11:34:47 +02:00
915292181b Merge pull request #256 from bigbluebutton/develop
Release v2.6.0
2023-04-03 11:51:45 +02:00
ab63e10e92 Merge pull request #241 from bigbluebutton/develop
Release 2.5.8
2022-11-06 14:02:10 +01:00
733e3d19c3 Merge pull request #232 from bigbluebutton/develop
Release v2.5.5
2022-10-03 13:05:09 +02:00
e33b842ba4 Merge pull request #217 from bigbluebutton/develop
Release v2.5.1
2022-06-21 00:51:07 +02:00
a556e5e0c3 Merge pull request #206 from bigbluebutton/develop
Release v2.4.5
2022-03-24 17:14:46 +01:00
1235affefa Merge pull request #198 from bigbluebutton/develop
Release v2.4.4
2022-02-25 00:47:57 +01:00
2e20485fb5 Merge pull request #179 from bigbluebutton/develop
Release v2.4.0-1
2021-12-29 15:01:16 +01:00
115 changed files with 1925 additions and 1232 deletions

0
.cache/go/.gitkeep Normal file
View File

0
.cache/meteor/.gitkeep Normal file
View File

0
.cache/npm/.gitkeep Normal file
View File

10
.gitignore vendored
View File

@ -14,5 +14,13 @@ docker-compose.override.yml
# App generated
.env
.env.bak
postgres-data
greenlight-data
greenlight-data
.cache/*/**
!.cache/*/.gitkeep
data/*
!data/.gitkeep
conf/bbb-html5.yml

3
.gitmodules vendored
View File

@ -22,3 +22,6 @@
[submodule "repos/bbb-pads"]
path = repos/bbb-pads
url = https://github.com/bigbluebutton/bbb-pads.git
[submodule "repos/bbb-webrtc-recorder"]
path = repos/bbb-webrtc-recorder
url = https://github.com/bigbluebutton/bbb-webrtc-recorder.git

View File

@ -1,10 +1,24 @@
# Changelog
## Unreleased
- BigBlueButton 2.7.3 @alangecker
## Release v3.0.4 (2025-03-27)
- update to 3.0.4 @tibroc [#347](https://github.com/bigbluebutton/docker/pull/347
- fix not accepting length of dial in / voiceBridge numbers @alangecker
- upgrade: migrate postgres & greenlight data @alangecker
## Release v3.0.1 (2025-03-11)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- :tada: **BigBlueButton 3.0** [#313](https://github.com/bigbluebutton/docker/pull/313)
## Release v2.7.0 (2023-09)
## Release v2.7.3 (2023-12-08)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- BigBlueButton 2.7.3 @alangecker [#304](https://github.com/bigbluebutton/docker/pull/304)
- use local sources instead of pulling inside container @alangecker [#307](https://github.com/bigbluebutton/docker/pull/307)
- BigBlueButton 2.7.0 @alangecker [#291](https://github.com/bigbluebutton/docker/pull/291)
- Update to ComposeV2 @leonidas-o [#271](https://github.com/bigbluebutton/docker/pull/271)
- recordings: fix for missing `SHARED_SECRET` @ichdasich [#274](https://github.com/bigbluebutton/docker/issues/274) [#268](https://github.com/bigbluebutton/docker/issues/268)

View File

@ -1,9 +1,9 @@
<img width="1012" alt="bbb-docker-banner" src="https://user-images.githubusercontent.com/1273169/141153216-0386cd4e-0aaf-473a-8f42-a048e52ed0d7.png">
# 📦 BigBlueButton 2.7 Docker
# 📦 BigBlueButton 3.0 Docker
Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
## Features
- Easy installation
@ -13,55 +13,70 @@ Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
- Full IPv6 support
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
## currently missing / broken
- NAT support
- bbb-transcription-controller
- livekit
## Requirements
- 4GB of RAM
- Linux (it will not work under WSL)
- Linux (it will not work under Windows/WSL)
- Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
- Public IPv4 (expect issues with a firewall / NAT)
- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
- git installed
## What is not implemented yet
- bbb-lti
## Install
1. Install docker-ce & docker-compose-plugin
## Install production server
1. Ensure the requirements above are fulfilled (it really doesn't work without them)
2. Install docker-ce & docker-compose-plugin
1. follow instructions
* Debian: https://docs.docker.com/engine/install/debian/
* CentOS: https://docs.docker.com/engine/install/centos/
* Fedora: https://docs.docker.com/engine/install/fedora/
* Ubuntu: https://docs.docker.com/engine/install/ubuntu/
2. Ensure docker works with `$ docker run hello-world`
3. Install docker compose V2: https://docs.docker.com/compose/install/
4. Ensure docker compose works and that you use a version ≥ 1.28 : `$ docker compose --version`
2. Clone this repository
3. Ensure you use a docker version ≥ 23.0 : `$ docker --version`
3. Clone this repository
```sh
$ git clone https://github.com/bigbluebutton/docker.git bbb-docker
$ cd bbb-docker
# use the more stable main branch (sometimes older)
# optional: use the more stable main branch (often much older)
$ git checkout main
```
3. Run setup:
4. Run setup:
```bash
$ ./scripts/setup
```
4. (optional) Make additional configuration adjustments
5. (optional) Make additional configuration adjustments
```bash
$ nano .env
# always recreate the docker-compose.yml file after making any changes
$ ./scripts/generate-compose
```
5. Start containers:
6. Start containers:
```bash
$ docker compose up -d --no-build
```
6. If you use greenlight, you can create an admin account with:
7. If you use greenlight, you can create an admin account with:
```bash
$ docker compose exec greenlight bundle exec rake admin:create
```
## Development setup
1. Clone this repository
```sh
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
```
2. Start dev server
```sh
$ cd bbb-dev
$ ./scripts/dev
```
3. Use API Mate with the link presented in the console to create & join a conference
## Further How-To's
- [Upgrading](docs/upgrading.md)
- [Running behind NAT](docs/behind-nat.md)
- [BBB-Docker Development](docs/development.md)
<!-- - [Running behind NAT](docs/behind-nat.md) -->
- [Integration into an existing web server](docs/existing-web-server.md)

View File

@ -1,17 +0,0 @@
<!--
<extension name="from_my_provider">
<condition field="destination_number" expression="^EXTERNALDID">
<action application="answer"/>
<action application="sleep" data="500"/>
<action application="play_and_get_digits" data="5 5 3 7000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
<extension name="check_if_conference_active">
<condition field="${conference ${pin} list}" expression="/sofia/g" />
<condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
<action application="set" data="bbb_authorized=true"/>
<action application="transfer" data="${pin} XML default"/>
</condition>
</extension>
-->

0
data/.gitkeep Normal file
View File

170
dev.env Normal file
View File

@ -0,0 +1,170 @@
# fixed environment for an working dev setup
# enables
# - html5: webpack dev server
# - bbb-grahql-actions: watch & restart
# - bbb-graphql-middleware: building on start
DEV_MODE=true
# accept self signed certificates
IGNORE_TLS_CERT_ERRORS=true
# user and group used for
# this avoid any file permission issues with files
# created inside docker (e.g. node_modules)
BBB_DEV_UID=1000
BBB_DEV_GID=1000
# ====================================
# ADDITIONS to BigBlueButton
# ====================================
# (place a '#' before to disable them)
# HTTPS Proxy
# fully automated Lets Encrypt certificates
ENABLE_HTTPS_PROXY=true
# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers
#RESOLVER_ADDRESS=x.x.x.x
# Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
# Enable Webhooks
# used by some integrations
ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=true
#REMOVE_OLD_RECORDING=false
#RECORDING_MAX_AGE_DAYS=14
# ====================================
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret_SuperRailsSecret
POSTGRESQL_SECRET=SuperPostgresSecret
FSESL_PASSWORD=SuperFreeswitchESLPassword
#TURN_SECRET=
# ====================================
# CONNECTION
# ====================================
DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
EXTERNAL_IPv6=
# STUN SERVER
# stun.freeswitch.org
STUN_IP=147.182.188.245
STUN_PORT=3478
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=0.0.0.0/0
# ====================================
# CUSTOMIZATION
# ====================================
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# language of sound announcements
# options:
# - en-ca-june - EN Canadian June
# - en-us-allison - US English Allison
# - en-us-callie - US English Callie (default)
# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
# - es-ar-mario - Spanish/Argentina Mario
# - fr-ca-june - FR Canadian June
# - pt-br-karina - Brazilian Portuguese Karina
# - ru-RU-elena - RU Russian Elena
# - ru-RU-kirill - RU Russian Kirill
# - ru-RU-vika - RU Russian Viktoriya
# - sv-se-jakob - Swedish (Sweden) Jakob
# - zh-cn-sinmei - Chinese/China Sinmei
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
SOUNDS_LANGUAGE=en-us-callie
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# set to false to disable the learning dashboard
ENABLE_LEARNING_DASHBOARD=true
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
#SMTP_SENDER_EMAIL=
#SMTP_SENDER_NAME=
#SMTP_SERVER=
#SMTP_PORT=
#SMTP_DOMAIN=
#SMTP_USERNAME=
#SMTP_PASSWORD=
#SMTP_AUTH=
#SMTP_STARTTLS_AUTO=true
#SMTP_STARTTLS=false
#SMTP_TLS=false
#SMTP_SSL_VERIFY=true
### EXTERNAL AUTHENTICATION METHODS
#
#OPENID_CONNECT_CLIENT_ID=
#OPENID_CONNECT_CLIENT_SECRET=
#OPENID_CONNECT_ISSUER=
#OPENID_CONNECT_REDIRECT=
# To enable hCaptcha on the user sign up and sign in, define these 2 keys
#HCAPTCHA_SITE_KEY=
#HCAPTCHA_SECRET_KEY=
# Set these if you are using a Simple Storage Service (S3)
# Uncomment S3_ENDPOINT only if you are using a S3 OTHER than Amazon Web Service (AWS) S3.
#S3_ACCESS_KEY_ID=
#S3_SECRET_ACCESS_KEY=
#S3_REGION=
#S3_BUCKET=
#S3_ENDPOINT=
# Define the default locale language code (i.e. 'en' for English) from the fallowing list:
# [en, ar, fr, es]
#DEFAULT_LOCALE=en

View File

@ -3,46 +3,23 @@
# don't edit this directly.
{{/* -------- */}}
version: '3.6'
# html5 templates
x-html5-backend: &html5backend
build:
context: mod/html5
additional_contexts:
- source=./repos/bigbluebutton/bigbluebutton-html5
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- mongodb
- etherpad
environment: &html5backend-env
DOMAIN: ${DOMAIN}
CLIENT_TITLE: ${CLIENT_TITLE}
LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false}
CHAT_ENABLED: ${CHAT_ENABLED:-true}
CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false}
BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8}
DEV_MODE: ${DEV_MODE:-}
BBB_HTML5_ROLE: backend
x-html5-frontend: &html5frontend
<<: *html5backend
volumes:
- html5-static:/html5-static:rw
environment: &html5frontend-env
<<: *html5backend-env
BBB_HTML5_ROLE: frontend
# =========================
{{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}}
services:
{{ if isTrue .Env.DEV_MODE }}
html5-dev:
build:
context: mod/html5-dev
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
restart: unless-stopped
volumes:
- ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
network_mode: host
{{ end }}
bbb-web:
build:
context: mod/bbb-web
@ -51,61 +28,38 @@ services:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-common-web=./repos/bigbluebutton/bbb-common-web
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
- collabora
healthcheck:
test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
start_period: 2m
environment:
DEV_MODE: ${DEV_MODE:-}
IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }}
DOMAIN: ${DOMAIN}
ENABLE_RECORDING: ${ENABLE_RECORDING:-false}
SHARED_SECRET: ${SHARED_SECRET}
WELCOME_MESSAGE: ${WELCOME_MESSAGE:-}
WELCOME_FOOTER: ${WELCOME_FOOTER}
STUN_SERVER: stun:${STUN_IP}:${STUN_PORT}
TURN_SERVER: ${TURN_SERVER:-}
ENABLE_HTTPS_PROXY: ${ENABLE_HTTPS_PROXY:-false}
TURN_SECRET: ${TURN_SECRET:-}
TURN_EXT_SERVER: ${TURN_EXT_SERVER:-}
TURN_EXT_SECRET: ${TURN_EXT_SECRET:-}
ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
NUMBER_OF_BACKEND_NODEJS_PROCESSES: {{ .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES }}
volumes:
- bigbluebutton:/var/bigbluebutton
- vol-freeswitch:/var/freeswitch/meetings
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.2
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_BACKEND_NODEJS_PROCESSES) }}
html5-backend-{{ add $i 1 }}:
<<: *html5backend
environment:
<<: *html5backend-env
INSTANCE_ID: {{ add $i 1 }}
PORT: {{ add 4000 $i }}
networks:
bbb-net:
ipv4_address: 10.7.7.{{ add 100 $i }}
{{end}}
{{ range $i := loop 0 (atoi .Env.NUMBER_OF_FRONTEND_NODEJS_PROCESSES) }}
html5-frontend-{{ add $i 1 }}:
<<: *html5frontend
environment:
<<: *html5frontend-env
INSTANCE_ID: {{ add $i 1 }}
PORT: {{ add 4100 $i }}
networks:
bbb-net:
ipv4_address: 10.7.7.{{ add 200 $i }}
{{end}}
freeswitch:
container_name: bbb-freeswitch
build:
@ -115,7 +69,7 @@ services:
- build-files=./repos/bigbluebutton/build/packages-template/bbb-freeswitch-core/
- fs-config=./repos/bigbluebutton/bbb-voice-conference/config/freeswitch/conf/
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FREESWITCH }}-{{ .Env.TAG_BBB }}
restart: unless-stopped
cap_add:
@ -134,11 +88,16 @@ services:
DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie}
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
{{ if .Env.SIP_IP_ALLOWLIST }}
ports:
- 5060:5060/udp
{{ end }}
volumes:
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
- ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
- vol-freeswitch:/var/freeswitch/meetings
network_mode: host
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external-dialin
- ./data/freeswitch-meetings:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.10
logging:
# reduce logs to a minimum, so `docker compose logs -f` still works
driver: "local"
@ -153,26 +112,31 @@ services:
additional_contexts:
- src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard
- src-playback=./repos/bbb-playback
- src-html5=./repos/bigbluebutton/bigbluebutton-html5
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
image: alangecker/bbb-docker-nginx:1.23-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }}
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25
restart: unless-stopped
depends_on:
- etherpad
- webrtc-sfu
- html5-backend-1
volumes:
- bigbluebutton:/var/bigbluebutton
- html5-static:/html5-static:ro
- ./data/bigbluebutton:/var/bigbluebutton
- ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf
{{ if isTrue .Env.DEV_MODE }}
# overwrite html5 config
- ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro
{{ end }}
tmpfs:
- /tmp
network_mode: host
extra_hosts:
- "host.docker.internal:10.7.7.1"
- "bbb-web:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.1"
- "html5:10.7.7.11"
- "greenlight:10.7.7.21"
- "bbb-graphql-server:10.7.7.31"
- "bbb-graphql-middleware:10.7.7.32"
etherpad:
build:
@ -181,11 +145,12 @@ services:
- plugin=./repos/bbb-etherpad-plugin
- skin=./repos/bbb-etherpad-skin
args:
TAG_ETHERPAD: "1.9.1"
image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
TAG_ETHERPAD: "2.2.7"
image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
restart: unless-stopped
depends_on:
- redis
- collabora
environment:
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
networks:
@ -208,6 +173,29 @@ services:
bbb-net:
ipv4_address: 10.7.7.18
bbb-export-annotations:
build:
context: mod/bbb-export-annotations
additional_contexts:
src: ./repos/bigbluebutton/bbb-export-annotations
image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
networks:
# need connections to:
# https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json
# "bbbWebAPI": "http://127.0.0.1:8090", -> bbb-web
# "bbbPadsAPI": "http://127.0.0.1:9002", -> bbb-pads
bbb-net:
ipv4_address: 10.7.7.19
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
tmpfs:
- /tmp
redis:
image: redis:7.2-alpine
restart: unless-stopped
@ -220,66 +208,34 @@ services:
bbb-net:
ipv4_address: 10.7.7.5
mongodb:
container_name: bbb-mongodb
image: mongo:4.4
restart: unless-stopped
volumes:
- ./mod/mongo/mongod.conf:/etc/mongod.conf
- ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh
tmpfs:
- /data/configdb
- /data/db
command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth
healthcheck:
test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;"
networks:
bbb-net:
ipv4_address: 10.7.7.6
# TODO: remove as soon as not required anymore by webrtc-sfu
kurento:
image: kurento/kurento-media-server:6.18
restart: unless-stopped
network_mode: host
volumes:
- vol-kurento:/var/kurento
webrtc-sfu:
build:
context: mod/webrtc-sfu
additional_contexts:
- source=./repos/bbb-webrtc-sfu
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-webrtc-sfu:{{ .Env.TAG_WEBRTC_SFU }}
restart: unless-stopped
depends_on:
- redis
- freeswitch
- kurento
environment:
CLIENT_HOST: 10.7.7.1
REDIS_HOST: 10.7.7.5
FREESWITCH_IP: 10.7.7.1
FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
MCS_HOST: 0.0.0.0
MCS_ADDRESS: 127.0.0.1
ESL_IP: 10.7.7.1
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
# TODO: add mediasoup IPv6
# TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
{{ if .Env.EXTERNAL_IPv6 }}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{else}}
{{ if .Env.EXTERNAL_IPv6 }}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"${EXTERNAL_IPv6}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{else}}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{end}}
MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
{{end}}
volumes:
- vol-mediasoup:/var/mediasoup
- ./data/mediasoup:/var/mediasoup
tmpfs:
- /var/log/bbb-webrtc-sfu
network_mode: host
security_opt:
- seccomp:unconfined # allow io_uring access for mediasoup
ulimits:
memlock: -1 # allow io_uring_register_buffers to allocate enough ram
fsesl-akka:
build:
@ -289,7 +245,7 @@ services:
- src-fsesl-client=./repos/bigbluebutton/bbb-fsesl-client
- src-fsesl-akka=./repos/bigbluebutton/akka-bbb-fsesl
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
@ -307,47 +263,131 @@ services:
additional_contexts:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-apps-akka=./repos/bigbluebutton/akka-bbb-apps
- src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- postgres
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
volumes:
- vol-freeswitch:/var/freeswitch/meetings
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro
networks:
bbb-net:
ipv4_address: 10.7.7.15
jodconverter:
build: mod/jodconverter
image: alangecker/bbb-docker-jodconverter:latest
security_opt:
- 'no-new-privileges:true'
bbb-graphql-server:
build:
context: mod/bbb-graphql-server
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-server
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
GRAPHQL_ENGINE_TAG: v2.45.0
image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
depends_on:
- postgres
- bbb-web
- apps-akka
- bbb-graphql-actions
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME
networks:
bbb-net:
ipv4_address: 10.7.7.31
bbb-graphql-actions:
build:
context: mod/bbb-graphql-actions
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-actions
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- apps-akka
networks:
bbb-net:
ipv4_address: 10.7.7.30
{{ if isTrue .Env.DEV_MODE }}
volumes:
- ./repos/bigbluebutton/bbb-graphql-actions:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
{{ end }}
bbb-graphql-middleware:
build:
context: mod/bbb-graphql-middleware
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-middleware
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- bbb-graphql-server
- bbb-graphql-actions
- bbb-web
- redis
networks:
bbb-net:
ipv4_address: 10.7.7.32
extra_hosts:
- "nginx:10.7.7.1"
{{ if isTrue .Env.DEV_MODE }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
volumes:
- ./repos/bigbluebutton/bbb-graphql-middleware:/app/:ro
- ./repos/bigbluebutton/bbb-graphql-middleware/config/config.yml:/usr/share/bbb-graphql-middleware/config.yml:ro
- ./mod/bbb-graphql-middleware/config.yml:/etc/bigbluebutton/bbb-graphql-middleware.yml:ro
- ./.cache/go:/gopath:rw
- ./.cache/go-build:/.cache/go-build:rw
{{ end }}
collabora:
image: collabora/code:latest
restart: unless-stopped
tmpfs:
- /tmp
deploy:
resources:
limits:
memory: 512M
networks:
bbb-net:
ipv4_address: 10.7.7.20
# disable logging (way to verbose)
logging:
driver: none
periodic:
build: mod/periodic
image: alangecker/bbb-docker-periodic:v2.7.0
image: alangecker/bbb-docker-periodic:v3.0.0
restart: unless-stopped
depends_on:
- mongodb
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- bigbluebutton:/var/bigbluebutton
- vol-mediasoup:/var/mediasoup
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/mediasoup:/var/mediasoup
tmpfs:
- /var/log/bigbluebutton
environment:
@ -368,8 +408,8 @@ services:
- presentation=./repos/bigbluebutton/record-and-playback/presentation
- bbb-conf=./repos/bigbluebutton/bigbluebutton-config
args:
BBB_BUILD_TAG: bbb27-2023-06-13-java17
TAG_BBB_PRESENTATION_VIDEO: "4.0.3"
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2"
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
@ -379,16 +419,32 @@ services:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
volumes:
- bigbluebutton:/var/bigbluebutton
- vol-freeswitch:/var/freeswitch/meetings
- vol-mediasoup:/var/mediasoup
- vol-kurento:/var/kurento
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./data/mediasoup:/var/mediasoup
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
tmpfs:
- /var/log/bigbluebutton
- /tmp
networks:
bbb-net:
ipv4_address: 10.7.7.16
bbb-webrtc-recorder:
build:
context: mod/bbb-webrtc-recorder
additional_contexts:
- src=./repos/bbb-webrtc-recorder
image: alangecker/bbb-docker-webrtc-recorder:{{ .Env.TAG_WEBRTC_RECORDER }}
depends_on:
- redis
volumes:
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
# WebRTC connection to bbb-webrtc-sfu seem to
# only to work via the external IP
network_mode: host
extra_hosts:
- "redis:10.7.7.5"
{{end}}
{{ if isTrue .Env.ENABLE_WEBHOOKS }}
@ -411,32 +467,21 @@ services:
{{end}}
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
# https
https_proxy:
image: valian/docker-nginx-auto-ssl
restart: unless-stopped
haproxy:
build: mod/haproxy
image: alangecker/bbb-haproxy:2.8.10
volumes:
- ssl_data:/etc/resty-auto-ssl
{{ if .Env.EXTERNAL_IPv6 }}
- ./mod/https/site.conf:/etc/nginx/conf.d/bbb-docker.conf
{{else}}
- ./mod/https/site-ipv4only.conf:/etc/nginx/conf.d/bbb-docker.conf
{{end}}
{{ if isTrue .Env.DEV_MODE }}
# allow bbb api access without https
- ./mod/https/force-https.conf:/usr/local/openresty/nginx/conf/force-https.conf
{{end}}
- ./data/haproxy/letsencrypt:/etc/letsencrypt
- ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
- ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap
environment:
{{ if isTrue .Env.DEV_MODE }}
ALLOWED_DOMAINS: ""
{{else}}
ALLOWED_DOMAINS: ${DOMAIN}
{{end}}
RESOLVER_ADDRESS: ${RESOLVER_ADDRESS:-9.9.9.9}
- IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
- CERT1=${DOMAIN}
- EMAIL=${LETSENCRYPT_EMAIL}
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_COTURN }}
# coturn
coturn:
image: coturn/coturn:4.6-alpine
@ -445,26 +490,18 @@ services:
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}"
- "--allowed-peer-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv6:-::1}"
volumes:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
- ssl_data:/etc/resty-auto-ssl
{{else}}
- ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
- ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
{{end}}
- ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
environment:
ENABLE_HTTPS_PROXY:
user: root
network_mode: host
{{end}}
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
image: bigbluebutton/greenlight:v3.0.6.1
image: bigbluebutton/greenlight:v3.5.0
restart: unless-stopped
env_file: .env
depends_on:
@ -472,10 +509,10 @@ services:
- redis
environment:
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
REDIS_URL: redis://redis:6379
{{ if isTrue .Env.DEV_MODE }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1/bigbluebutton/api
{{ if $ignore_tls_cert_errors }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
{{else}}
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
{{end}}
@ -483,16 +520,17 @@ services:
SECRET_KEY_BASE: ${RAILS_SECRET}
RELATIVE_URL_ROOT: /
volumes:
- ./greenlight-data:/usr/src/app/storage
- ./data/greenlight:/usr/src/app/storage
networks:
bbb-net:
ipv4_address: 10.7.7.21
{{end}}
postgres:
image: postgres:12-alpine
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: greenlight-v3
POSTGRES_MULTIPLE_DATABASES: bbb_graphql,hasura_app,greenlight
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
@ -501,11 +539,11 @@ services:
timeout: 5s
retries: 5
volumes:
- ./postgres-data:/var/lib/postgresql/data
- ./data/postgres:/var/lib/postgresql/data
- ./mod/postgres/initdb.sh:/docker-entrypoint-initdb.d/initdb.sh
networks:
bbb-net:
ipv4_address: 10.7.7.22
{{end}}
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
# prometheus
@ -521,26 +559,15 @@ services:
ipv4_address: 10.7.7.33
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION }}
volumes:
- bigbluebutton:/var/bigbluebutton:ro
- ./data/bigbluebutton:/var/bigbluebutton:ro
{{end}}
# the exporter requires /etc/bigbluebutton/bigbluebutton-release
tmpfs:
- /etc/bigbluebutton
- /etc/bigbluebutton:mode=777
entrypoint: sh -c 'echo "BIGBLUEBUTTON_RELEASE=2.7.3" > /etc/bigbluebutton/bigbluebutton-release && python server.py'
{{end}}
volumes:
bigbluebutton:
vol-freeswitch:
vol-kurento:
vol-mediasoup:
html5-static:
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
ssl_data:
{{end}}
networks:
bbb-net:
ipam:

View File

@ -1,70 +1,38 @@
# bbb-docker Development
## Basics
normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out:
normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out
```sh
$ git submodule update --init
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
$ cd bbb-dev
```
## Running
you can run bbb-docker locally without any certificate issues with following `.env` configurations:
you can now run bbb-docker locally by simply starting
```
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
#ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_RECORDING=true
DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
TURN_SERVER=turns:localhost:5349?transport=tcp
TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret_SuperRailsSecret
# ====================================
# CUSTOMIZATION
# ====================================
[... add rest of sample.env here ...]
```sh
$ ./scripts/dev
```
- regenerate `docker-compose.yml` \
Use the API Mate with the link presented in the console to create & join a conference.
### Hints
- the html5 component will watch and automatically reload on any changes 🚀
- if you change anything in the other components, you need to
* manually rebuilt it \
`$ docker compose build CONTAINERNAME`
* restart it \
`$ docker compose up -d CONTAINERNAME`
- if you change any variable in .env, always run following to rebuild the `docker-compose.yml``
`$ ./scripts/generate-compose`
- build the images \
`$ docker compose build`
- you can than start it with \
`$ docker compose up -d`
- view the logs with \
`$ docker compose logs -f`
- and access the API via \
https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
* At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
## Notes
- Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode
## Changes
- After doing some changes you usually must...
- recreate `docker-compose.yml` \
`$ ./scripts/generate-compose`
* rebuild the image(s): \
`$ docker compose build [containername]`
* restart changes image(s): \
`$ docker compose up -d`
## How to do create a new update for a newer BBB release?
This always consists out of following steps
1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \

View File

@ -24,6 +24,7 @@ Services as configured.
| coturn | network_mode: host | |
| greenlight | | | ports: 10.7.7.1:5000:80
| prometheus | bbb-net | 10.7.7.33 |
| bbb-export-annotations | bbb-net | 10.7.7.19 |
```yml
networks:

View File

@ -1,27 +1,33 @@
# How To Upgrade bbb-docker
### Breaking changes `v2.7.x` -> `v3.0.x`
- **A setup behind NAT does currently not work!**
- `LETSENCRYPT_EMAIL` is now required in `.env` when used with the integrated HAProxy
- the greenlight postgres database is now called `greenlight` instead of `greenlight-v3`
### Upgrading from `v2.5.x`
- *Breaking change:* Greenlight got fully rewritten
### Breaking changes `v2.6.x` -> `v2.7.x`
- We use now Docker Compose V2
* make sure you have docker ≥ 23.0 installed (`$ docker -v`)
* update all usages of `docker-compose` to `docker compose` in your scripts
### Breaking changes `v2.5.x` -> `v2.6.x`
- Greenlight got fully rewritten
* it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
* some greenlight settings under `.env` have changed. compare your version with `sample.env`
* it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
apart from that follow the guide below.
### from `v2.6.x` or within `v2.7.x`
#### Backup
### Backup
if you use greenlight, create a database backup first
```bash
docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
```
#### Upgrading
### Upgrading
```bash
# upgrade!
./scripts/upgrade
# restart updated services
docker compose up -d
docker compose up -d --no-build
```

View File

@ -19,12 +19,25 @@ RUN cd /source \
# ===================================================
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
COPY --from=src-config /settings.yml /settings.yml
ARG TAG_BBB
RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml
RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml
# ===================================================
FROM alangecker/bbb-docker-base-java
COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka
COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl
COPY logback.xml /bbb-apps-akka/conf/logback.xml
COPY entrypoint.sh /entrypoint.sh
COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml
USER bigbluebutton
ENTRYPOINT /entrypoint.sh

View File

@ -8,7 +8,18 @@ redis {
services {
bbbWebAPI="https://DOMAIN/bigbluebutton/api"
sharedSecret="SHARED_SECRET"
graphqlMiddlewareAPI = "http://10.7.7.32:8378"
}
http {
interface = "0.0.0.0"
}
postgres {
properties = {
serverName = "postgres"
portNumber = "5432"
databaseName = "bbb_graphql"
user = "postgres"
password = "POSTGRES_PASSWORD"
}
}

View File

@ -1,9 +1,17 @@
#!/bin/sh -e
# bbb-apps-akka.conf
TARGET=/etc/bigbluebutton/bbb-apps-akka.conf
cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET
sed -i "s/DOMAIN/$DOMAIN/" $TARGET
sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET
sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET
# settings.yml
TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml
yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET
yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET
cd /bbb-apps-akka
/bbb-apps-akka/bin/bbb-apps-akka

View File

@ -9,8 +9,10 @@
<logger name="akka" level="INFO" />
<logger name="org.bigbluebutton" level="DEBUG" />
<logger name="io.lettuce" level="INFO" />
<logger name="slick" level="INFO" />
<root level="DEBUG">
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>

View File

@ -16,7 +16,7 @@ RUN groupadd -g 998 bigbluebutton \
&& chown bigbluebutton:bigbluebutton /etc/bigbluebutton
# add dockerize
ENV DOCKERIZE_VERSION v0.6.1
ENV DOCKERIZE_VERSION v0.7.0
RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz

View File

@ -0,0 +1,23 @@
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-export-annotations
RUN cd /bbb-export-annotations && npm ci && npm install
# --------------------
FROM node:22-bookworm-slim
RUN groupadd -g 998 bigbluebutton \
&& useradd -m -u 998 -g bigbluebutton bigbluebutton
RUN apt update && apt install -y \
nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils
COPY --from=builder /bbb-export-annotations /bbb-export-annotations
COPY ./config/settings.json /bbb-export-annotations/config/settings.json
USER bigbluebutton
WORKDIR /bbb-export-annotations
ENV NODE_ENV=production
ENTRYPOINT npm start

View File

@ -0,0 +1,40 @@
{
"log": {
"level": "info",
"msgName": "PresAnnStatusMsg"
},
"shared": {
"presAnnDropboxDir": "/tmp/pres-ann-dropbox",
"cairosvg": "/usr/bin/cairosvg",
"ghostscript": "/usr/bin/gs"
},
"process": {
"maxImageWidth": 1440,
"maxImageHeight": 1080,
"pointsPerInch": 72,
"pixelsPerInch": 96,
"cairoSVGUnsafeFlag": false
},
"notifier": {
"pod_id": "DEFAULT_PRESENTATION_POD",
"is_downloadable": "false",
"msgName": "NewPresFileAvailableMsg"
},
"bbbWebAPI": "http://bbb-web:8090",
"bbbPadsAPI": "http://bbb-pads:9002",
"redis": {
"host": "redis",
"port": 6379,
"password": null,
"channels": {
"queue": "exportJobs",
"publish": "to-akka-apps-redis-channel"
}
},
"fonts": {
"draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
"sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
"serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
"mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
}
}

View File

@ -0,0 +1,34 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src ./ /src
RUN cd /src && \
npm ci --no-progress && \
npm run build
# delete node_modules (it should create a fresh one inside /src/dist/)
RUN rm -rf /src/node_modules
RUN cd /src/dist && \
mv index.js bbb-graphql-actions.js && \
cp ../package.json ../package-lock.json . && \
npm ci --no-progress --omit=dev
# ------------------------------
FROM node:22-bookworm-slim
RUN groupadd -g 2062 app \
&& useradd -m -u 2063 -g app app
USER app
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
ENV NODE_ENV=production
COPY --from=builder /src/dist /app
CMD [ "node", "/app/bbb-graphql-actions.js" ]

View File

@ -0,0 +1,16 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN apt-get update && apt-get install -y gosu
# allow any user to use node in /root/.nvm
RUN chmod 755 /root
COPY dev-entrypoint.sh /dev-entrypoint.sh
ENTRYPOINT [ "/dev-entrypoint.sh" ]
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
CMD [ "npm install && npm start" ]

View File

@ -0,0 +1,12 @@
#!/bin/bash
# get owner of /app
OWNER="$(stat -c '%u' "/app")"
GROUP="$(stat -c '%g' "/app")"
useradd --home-dir /tmp -u $OWNER user || /bin/true
# run with same user to avoid any issues
# with file permissions
. /root/.nvm/nvm.sh
gosu $OWNER:$GROUP bash -c "$@"

View File

@ -0,0 +1,12 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src / /src/
RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go
# ------------------------------
FROM alpine
COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware
COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml
COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml
CMD [ "/app/bbb-graphql-middleware" ]

View File

@ -0,0 +1,8 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
WORKDIR /app
ENV GOPATH /gopath
CMD ["go", "run", "cmd/bbb-graphql-middleware/main.go", "--signal", "SIGTERM"]

View File

@ -0,0 +1,15 @@
server:
listen_host: 0.0.0.0
listen_port: 8378
redis:
host: redis
port: 6379
password: ""
hasura:
url: ws://nginx:8185/v1/graphql
graphql-actions:
url: http://bbb-graphql-actions:8093
auth_hook:
url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization
session_vars_hook:
url: http://apps-akka:8901/userInfo

View File

@ -0,0 +1,25 @@
ARG BBB_BUILD_TAG
ARG GRAPHQL_ENGINE_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
# ----------------------------
FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG
# install netstat, required for start script
RUN apt-get update && apt-get install -y net-tools gosu
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura
COPY --from=src /bbb_schema.sql /app/
COPY --from=src /metadata /app/metadata
COPY config.yaml /app/config.yaml
COPY entrypoint.sh /entrypoint.sh
COPY start.sh /app/start.sh
ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "/app/start.sh" ]

View File

@ -0,0 +1,7 @@
version: 3
endpoint: http://localhost:8085
admin_secret: bigbluebutton
metadata_directory: metadata
actions:
kind: synchronous
handler_webhook_baseurl: http://localhost:3000

View File

@ -0,0 +1,27 @@
#!/bin/bash
# for psql
export PGHOST=postgres
export PGUSER="${POSTGRES_USER}"
export PGPASSWORD="${POSTGRES_PASSWORD}"
# for hasura
export HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_LOG_LEVEL=warn
export HASURA_GRAPHQL_ENABLE_CONSOLE=false
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_SERVER_PORT=8085
export HASURA_GRAPHQL_ENABLE_TELEMETRY=false
export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10
export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo
export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093
export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql
exec $@

39
mod/bbb-graphql-server/start.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
set -e
cd /app/
# patch database url
# TODO: this should be possible upstream in BBB via an environment variable
yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml
sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml
echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql
echo "Restarting database bbb_graphql"
psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'" > /dev/null
psql -c "drop database if exists bbb_graphql with (force)"
psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
psql -c "alter database bbb_graphql set timezone to 'UTC'"
echo "Creating tables in bbb_graphql"
psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on
echo "Starting hasura-graphql-engine"
gosu nobody graphql-engine serve &
PID=$!
sleep 1
#Check if Hasura is ready before applying metadata
while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do
echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..."
sleep 1
done
echo "Applying new metadata to Hasura"
/usr/local/bin/hasura metadata apply --skip-update-check
wait "$PID"

View File

@ -1,4 +1,4 @@
FROM node:18-bullseye-slim AS builder
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-pads
RUN cd /bbb-pads && rm -r .git && npm install --production
@ -7,7 +7,7 @@ RUN cd /bbb-pads && rm -r .git && npm install --production
RUN chmod 777 /bbb-pads/config
# ------------------------------
FROM node:18-bullseye-slim
FROM node:22-bookworm-slim
RUN apt update && apt install -y jq moreutils \
&& useradd --uid 2003 --create-home --user-group bbb-pads

View File

@ -47,12 +47,10 @@ COPY --from=builder /dist /usr/share/bbb-web
COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib
COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh
COPY mocked-ps /usr/bin/ps
# add entrypoint and templates
COPY entrypoint.sh /entrypoint.sh
COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
COPY turn-stun-servers.xml /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl
COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl
COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml
COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh

View File

@ -13,10 +13,14 @@ securitySalt={{ .Env.SHARED_SECRET }}
redisHost=redis
{{ if isTrue .Env.DEV_MODE }}
beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf
{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }}
beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
# fetch presentations without HTTPS
presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
defaultNumDigitsForTelVoice=9

View File

@ -2,28 +2,30 @@
set -e
# create recording directory structure if it doesn't exist yet
mkdir -p /var/bigbluebutton/recording/status
mkdir -p /var/bigbluebutton/events
mkdir -p /var/bigbluebutton/recording
mkdir -p /var/bigbluebutton/recording/raw
mkdir -p /var/bigbluebutton/recording/process
mkdir -p /var/bigbluebutton/recording/publish
mkdir -p /var/bigbluebutton/recording/status/recorded
mkdir -p /var/bigbluebutton/recording/status/archived
mkdir -p /var/bigbluebutton/recording/status/processed
mkdir -p /var/bigbluebutton/recording/status/sanity
mkdir -p /var/bigbluebutton/recording/status/ended
mkdir -p /var/bigbluebutton/recording/status/sanity
mkdir -p /var/bigbluebutton/recording/status/published
mkdir -p /var/bigbluebutton/captions
mkdir -p /var/bigbluebutton/captions/inbox
mkdir -p /var/bigbluebutton/published
mkdir -p /var/bigbluebutton/published/notes
mkdir -p /var/bigbluebutton/deleted
mkdir -p /var/bigbluebutton/unpublished
mkdir -p /var/bigbluebutton/basic_stats
chown -R bigbluebutton:bigbluebutton /var/bigbluebutton
echo "$NUMBER_OF_BACKEND_NODEJS_PROCESSES" > /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES
cd /usr/share/bbb-web/
dockerize \
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
-template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \
-template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \
gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher

View File

@ -22,7 +22,7 @@
<logger name="org.grails.commons" level="ERROR" />
<logger name="org.springframework" level="ERROR" />
<root level="ERROR">
<root level="WARN">
<appender-ref ref="STDOUT" />
</root>
</configuration>

View File

@ -1,8 +0,0 @@
#!/bin/bash
echo "(mocked-ps for HTML5LoadBalancingService.java)"
# fake random process load to distribute meetings equally
for i in `seq $(cat /tmp/NUMBER_OF_BACKEND_NODEJS_PROCESSES)`; do
randomLoad=$(echo $(( $RANDOM % 100 )))
echo " $randomLoad.1 /usr/share/node-v12.16.1-linux-x64/bin/node main.js NODEJS_BACKEND_INSTANCE_ID=$i"
done

View File

@ -7,6 +7,8 @@ PATH="/bin/:/usr/bin/"
# Param 1: Input office file path (e.g. "/tmp/test.odt")
# Param 2: Output pdf file path (e.g. "/tmp/test.pdf")
# Param 3: Destination Format (pdf default)
# Param 4: Timeout (secs) (optional)
if (( $# == 0 )); then
echo "Missing parameter 1 (Input office file path)";
exit 1
@ -16,15 +18,19 @@ elif (( $# == 1 )); then
fi;
source="${1}"
dest="${2}"
source="$1"
dest="$2"
#If output format is missing, define PDF
# If output format is missing, define PDF
convertTo="${3:-pdf}"
curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \
-H "accept: application/octet-stream" \
-H "Content-Type: multipart/form-data" \
-F "data=@${source}" > "${dest}"
# If timeout is missing, define 60
timeoutSecs="${4:-60}"
# Truncate timeout to max 3 digits (as expected by sudoers)
timeoutSecs="${timeoutSecs:0:3}"
exit 0
# The timeout is important.
timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
exit 0

View File

@ -8,10 +8,26 @@
<constructor-arg index="0" value="{{ .Env.STUN_SERVER }}"/>
</bean>
{{if .Env.TURN_SERVER }}
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="{{ .Env.TURN_SERVER }}"/>
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turn:{{ .Env.DOMAIN }}:3478"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
{{/* ignore when using a self signed certificate in dev mode */}}
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turns:{{ .Env.DOMAIN }}:443?transport=tcp"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<bean id="turn2" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_EXT_SECRET }}"/>
<constructor-arg index="1" value="{{ .Env.TURN_EXT_SERVER }}"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
@ -24,8 +40,14 @@
</property>
<property name="turnServers">
<set>
{{if .Env.TURN_SERVER }}
<ref bean="turn0" />
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
<ref bean="turn1" />
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<ref bean="turn2" />
{{end}}
</set>
</property>

View File

@ -0,0 +1,40 @@
# Build stage
FROM golang:1.23 as builder
ARG APP_VERSION=devel
ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder
WORKDIR /app
COPY --from=src go.* ./
RUN go mod tidy
COPY --from=src . ./
RUN APP_VERSION=$(cat ./VERSION | sed 's/ /-/g') \
go build -o ./build/bbb-webrtc-recorder \
-ldflags="-X '$GOMOD/internal.AppVersion=v${APP_VERSION1}'" \
./cmd/bbb-webrtc-recorder
RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
# Running stage
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y gosu
# use same UID as in the recordings container
RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
# config
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_ADDRESS=redis:6379
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_NETWORK=tcp
ENV BBBRECORDER_DEBUG=true
# Copy the binary to the production image from the builder stage.
COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
COPY --from=builder /app/config/bbb-webrtc-recorder.yml /etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml
CMD ["/bin/sh", "-c", "chown -R bigbluebutton:bigbluebutton /var/lib/bbb-webrtc-recorder && gosu bigbluebutton /usr/bin/bbb-webrtc-recorder"]

View File

@ -1,31 +0,0 @@
#!/bin/sh
set -e
apk add jq su-exec
if [ "$ENABLE_HTTPS_PROXY" == true ]; then
while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
do
echo "ERROR: certificate doesn't exist yet."
echo "Certificate gets create on the first request to the HTTPS proxy."
echo "We will try again..."
sleep 10
done
# extract cert
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
fi
if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
echo "ERROR: certificate not found, but coturn relies on it."
echo "Use either auto HTTPS proxy or"
echo "provide path to certificates in .env file"
exit 1
fi
# If command starts with an option, prepend with turnserver binary.
if [ "${1:0:1}" == '-' ]; then
set -- turnserver "$@"
fi
su-exec nobody $(eval "echo $@")

View File

@ -1,73 +1,28 @@
# Example coturn configuration for BigBlueButton
# These are the two network ports used by the TURN server which the client
# may connect to. We enable the standard unencrypted port 3478 for STUN,
listening-port=3478
# and since TLS over SMTP port (465) is now blocked by major browser vendors,
# we reverted to the most common coturn TLS port 5349, which has limitations
# in restrictive firewall environments. For maximum client support run
# coturn on a dedicated host on port 443.
tls-listening-port=5349
# listening-ip=${INTERNAL_IP:-$IP}
# relay-ip=${INTERNAL_IP:-$IP}
# If the server has multiple IP addresses, you may wish to limit which
# addresses coturn is using. Do that by setting this option (it can be
# specified multiple times). The default is to listen on all addresses.
# You do not normally need to set this option.
#listening-ip=172.17.19.101
min-port=32769
max-port=65535
# verbose
# If the server is behind NAT, you need to specify the external IP address.
# If there is only one external address, specify it like this:
#external-ip=172.17.19.120
# If you have multiple external addresses, you have to specify which
# internal address each corresponds to, like this. The first address is the
# external ip, and the second address is the corresponding internal IP.
#external-ip=172.17.19.131/10.0.0.11
#external-ip=172.17.18.132/10.0.0.12
# Fingerprints in TURN messages are required for WebRTC
fingerprint
# The long-term credential mechanism is required for WebRTC
lt-cred-mech
# Configure coturn to use the "TURN REST API" method for validating time-
# limited credentials. BigBlueButton will generate credentials in this
# format. Note that the static-auth-secret value specified here must match
# the configuration in BigBlueButton's turn-stun-servers.xml
# You can generate a new random value by running the command:
# openssl rand -hex 16
use-auth-secret
# static-auth-secret=<random value>
realm=bbb-docker
# If the realm value is unspecified, it defaults to the TURN server hostname.
# You probably want to configure it to a domain name that you control to
# improve log output. There is no functional impact.
realm=example.com
keep-address-family
# Configure TLS support.
# Adjust these paths to match the locations of your certificate files
cert=/tmp/cert.pem
pkey=/tmp/key.pem
# Limit the allowed ciphers to improve security
# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
# Enable longer DH TLS key to improve security
dh2066
# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
# older protocols
no-cli
no-tlsv1
no-tlsv1_1
# To enable single filename logs you need to enable the simple-log flag
syslog
#verbose
# Block connections to IP ranges which shouldn't be reachable
no-loopback-peers
no-multicast-peers
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
keep-address-family
# we only need to allow peer connections from the machine itself (from mediasoup or freeswitch).
denied-peer-ip=0.0.0.0-255.255.255.255
denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

View File

@ -7,20 +7,21 @@ RUN apk add git curl
USER etherpad
RUN npm install \
ep_cursortrace@3.1.16 \
git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
git+https://github.com/mconf/ep_redis_publisher.git#2b6e47c1c59362916a0b2961a29b259f2977b694 \
ep_disable_chat@0.0.8 \
RUN pnpm run plugins i \
ep_disable_chat@0.0.10 \
ep_auth_session@1.1.1 \
# remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches
&& rm package-lock.json package.json
--github \
mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \
mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694
# add skin from git submodule
COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
# add plugin from git submodule
COPY --chown=etherpad:0 --from=plugin / /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches
RUN pnpm run plugins i --path /ep_bigbluebutton_patches
COPY settings.json /opt/etherpad-lite/settings.json
COPY etherpad-export.sh /etherpad-export.sh

View File

@ -1,5 +1,3 @@
#!/bin/sh
echo $ETHERPAD_API_KEY > /tmp/apikey
export NODE_ENV=production
node /opt/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js --apikey /tmp/apikey
pnpm run prod --apikey /tmp/apikey

View File

@ -4,9 +4,6 @@ dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')"
convertTo="$7"
curl -v -X POST "http://jodconverter:8080/lool/convert-to/$convertTo" \
-H "accept: application/octet-stream" \
-H "Content-Type: multipart/form-data" \
-F "data=@$src" > $dest
curl -v -F "data=@${src}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
exit 0

View File

@ -140,7 +140,7 @@
* "full-width-editor" variant (by default editor is rendered as a page, with
* a max-width of 900px).
*/
"skinVariants": "super-light-toolbar super-light-editor light-background",
"skinVariants": "",
/*
* IP and port which Etherpad should bind at.
@ -162,6 +162,14 @@
*/
"showSettingsInAdminPage": true,
/*
* Settings for cleanup of pads
*/
"cleanup": {
"enabled": false,
"keepRevisions": 5
},
/*
* Node native SSL support
*
@ -271,6 +279,14 @@
"pageDown": true
},
/*
* Enables the use of a different server. We have a different one that syncs changes from the original server.
* It is hosted on GitHub and should not be blocked by many firewalls.
* https://etherpad.org/ep_infos
*/
"updateServer": "https://etherpad.org/ep_infos",
/*
* Should we suppress errors from being visible in the default Pad Text?
*/
@ -323,14 +339,6 @@
*/
"soffice": "/etherpad-export.sh",
/*
* Path to the Tidy executable.
*
* Tidy is used to improve the quality of exported pads.
* Setting it to null disables Tidy.
*/
"tidyHtml": null,
/*
* Allow import of file types other than the supported ones:
* txt, doc, docx, rtf, odt, html & htm
@ -364,6 +372,22 @@
* Settings controlling the session cookie issued by Etherpad.
*/
"cookie": {
/*
* How often (in milliseconds) the key used to sign the express_sid cookie
* should be rotated. Long rotation intervals reduce signature verification
* overhead (because there are fewer historical keys to check) and database
* load (fewer historical keys to store, and less frequent queries to
* get/update the keys). Short rotation intervals are slightly more secure.
*
* Multiple Etherpad processes sharing the same database (table) is
* supported as long as the clock sync error is significantly less than this
* value.
*
* Key rotation can be disabled (not recommended) by setting this to 0 or
* null, or by disabling session expiration (see sessionLifetime).
*/
"keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* Value of the SameSite cookie property. "Lax" is recommended unless
* Etherpad will be embedded in an iframe from another site, in which case
@ -375,7 +399,51 @@
* significant usability drawbacks vs. "Lax". See
* https://stackoverflow.com/q/41841880 for discussion.
*/
"sameSite": "None"
"sameSite": "None",
/*
* How long (in milliseconds) after navigating away from Etherpad before the
* user is required to log in again. (The express_sid cookie is set to
* expire at time now + sessionLifetime when first created, and its
* expiration time is periodically refreshed to a new now + sessionLifetime
* value.) If requireAuthentication is false then this value does not really
* matter.
*
* The "best" value depends on your users' usage patterns and the amount of
* convenience you desire. A long lifetime is more convenient (users won't
* have to log back in as often) but has some drawbacks:
* - It increases the amount of state kept in the database.
* - It might weaken security somewhat: The cookie expiration is refreshed
* indefinitely without consulting authentication or authorization
* hooks, so once a user has accessed a pad, the user can continue to
* use the pad until the user leaves for longer than sessionLifetime.
* - More historical keys (sessionLifetime / keyRotationInterval) must be
* checked when verifying signatures.
*
* Session lifetime can be set to infinity (not recommended) by setting this
* to null or 0. Note that if the session does not expire, most browsers
* will delete the cookie when the browser exits, but a session record is
* kept in the database forever.
*/
"sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* How long (in milliseconds) before the expiration time of an active user's
* session is refreshed (to now + sessionLifetime). This setting affects the
* following:
* - How often a new session expiration time will be written to the
* database.
* - How often each user's browser will ping the Etherpad server to
* refresh the expiration time of the session cookie.
*
* High values reduce the load on the database and the load from browsers,
* but can shorten the effective session lifetime if Etherpad is restarted
* or the user navigates away.
*
* Automatic session refreshes can be disabled (not recommended) by setting
* this to null.
*/
"sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
},
/*
@ -475,7 +543,7 @@
/*
* Restrict socket.io transport methods
*/
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
"socketTransportProtocols" : ["websocket", "polling"],
"socketIo": {
/*
@ -485,7 +553,7 @@
* value to work properly, but increasing the value increases susceptibility
* to denial of service attacks (malicious clients can exhaust memory).
*/
"maxHttpBufferSize": 10000
"maxHttpBufferSize": 50000
},
/*
@ -539,7 +607,7 @@
"windowMs": 90000,
// maximum number of requests per IP to allow during the rate limit window
"max": 16
"max": 32
},
/*
@ -550,6 +618,13 @@
*/
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
/*
The authentication method used by the server.
The default value is sso
If you want to use the old authentication system, change this to apikey
*/
"authenticationMethod": "apikey",
/*
* From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
*
@ -566,7 +641,6 @@
"points": 100
},
/*
* Toolbar buttons configuration.
*
@ -596,6 +670,13 @@
*/
"loglevel": "INFO",
/*
* The log layout type to use.
*
* Valid values: basic, colored
*/
"logLayoutType": "colored",
/* Override any strings found in locale directories */
"customLocaleStrings": {
"de": {
@ -633,8 +714,10 @@
},
/* Disable Admin UI tests */
"enableAdminUITests": false
}
"enableAdminUITests": false,
/*
* Enable/Disable case-insensitive pad names.
*/
"lowerCasePadIds": false
}

View File

@ -28,7 +28,7 @@ RUN cd /build && ./build.sh
# add english sounds
RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \
wget http://bigbluebutton.org/downloads/sounds.tar.gz -O sounds.tar.gz && \
wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \
tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \
wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
unzip mute-and-unmute-sounds-master.zip && \
@ -42,11 +42,11 @@ COPY --from=fs-config / /build/staging/opt/freeswitch/etc/freeswitch/
# ===============================================
# we are using ubuntu here, because libjpeg8 is required, but not available in debian
FROM ubuntu:20.04
FROM ubuntu:22.04
RUN apt-get update && \
apt-get install -y \
xmlstarlet wget iptables curl \
libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns2 libedit2 libtiff5 libpng16-16 \
libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns3 libedit2 libtiff5 libpng16-16 libsqlite3-0 \
&& \
# install libopusenc0
wget -O /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb2_amd64.deb \

View File

@ -1,49 +0,0 @@
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<!--
These ACL's are automatically created on startup.
rfc1918.auto - RFC1918 Space
nat.auto - RFC1918 Excluding your local lan.
localnet.auto - ACL for your local lan.
loopback.auto - ACL for your local lan.
-->
<list name="lan" default="allow">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.130.218.147/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
</list>
<!--
custom "loopback" so that traffic from docker
containers is also considered as local
-->
<list name="loopback.custom" default="deny">
<node type="allow" cidr="127.0.0.1/32"/>
<node type="allow" cidr="10.0.0.0/8"/>
<node type="allow" cidr="192.168.0.0/16"/>
<node type="allow" cidr="172.16.0.0/12" />
<node type="allow" cidr="$${external_ip_v4}/32"/>
</list>
<list name="deny_private_v6" default="allow">
<node type="deny" cidr="0.0.0.0/0"/>
<node type="deny" cidr="fe80::/10"/>
<node type="deny" cidr="fc00::/7"/>
</list>
<!--
This will traverse the directory adding all users
with the cidr= tag to this ACL, when this ACL matches
the users variables and params apply as if they
digest authenticated.
-->
<list name="domains" default="allow">
<!-- domain= is special it scans the domain from the directory to build the ACL -->
<node type="allow" domain="$${domain}"/>
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
</list>
</network-lists>
</configuration>

View File

@ -4,7 +4,7 @@
<param name="listen-ip" value="$${local_ip_v4}"/>
<param name="listen-port" value="8021"/>
<param name="password" value="$${esl_password}"/>
<param name="apply-inbound-acl" value="loopback.custom"/>
<param name="apply-inbound-acl" value="rfc1918.auto"/>
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>
</configuration>

View File

@ -2,6 +2,7 @@
<modules>
<!-- Loggers (I'd load these first) -->
<load module="mod_console"/>
<!-- <load module="mod_logfile"/> -->
<!-- Event Handlers -->
<load module="mod_event_socket"/>

View File

@ -1,43 +0,0 @@
<!--
NOTICE:
This context is usually accessed via the external sip profile listening on port 5080.
It is recommended to have separate inbound and outbound contexts. Not only for security
but clearing up why you would need to do such a thing. You don't want outside un-authenticated
callers hitting your default context which allows dialing calls thru your providers and results
in Toll Fraud.
-->
<!-- http://wiki.freeswitch.org/wiki/Dialplan_XML -->
<include>
<context name="public">
<extension name="unloop">
<condition field="${unroll_loops}" expression="^true$"/>
<condition field="${sip_looped_call}" expression="^true$">
<action application="deflect" data="${destination_number}"/>
</condition>
</extension>
<!--
Tag anything pass thru here as an outside_call so you can make sure not
to create any routing loops based on the conditions that it came from
the outside of the switch.
-->
<extension name="outside_call" continue="true">
<condition>
<action application="set" data="outside_call=true"/>
<action application="export" data="RFC2822_DATE=${strftime(%a, %d %b %Y %T %z)}"/>
</condition>
</extension>
<!--
You can place files in the public directory to get included.
-->
<X-PRE-PROCESS cmd="include" data="public_docker/*.xml"/>
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
</context>
</include>

View File

@ -0,0 +1,31 @@
<include>
<extension name="from_my_provider">
<!-- match only calls from dial-in which haven't got transfered yet -->
<condition field="destination_number" expression="^(?!SEND_TO_CONFERENCE).*$"/>
<condition field="${sofia_profile_name}" expression="^external-dialin$">
<action application="start_dtmf" />
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="set_profile_var" data="caller_id_name=${regex(${caller_id_name}|^.*(.{4})$|xxx-xxx-%1)}"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
<extension name="check_if_conference_active">
<condition field="${conference ${pin} list}" expression="/sofia/g" />
<condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
<action application="set" data="bbb_authorized=true"/>
<action application="transfer" data="${pin} XML default"/>
</condition>
</extension>
<extension name="conf_bad_pin">
<condition field="${pin}" expression="^\d{5}$">
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-bad-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
</include>

View File

@ -0,0 +1,86 @@
<profile name="external-dialin">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-dialin/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="1"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge browser -->
<param name="apply-candidate-acl" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external_dialin?mode=memory&amp;cache=shared"/>
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_ip_v4}"/>
<param name="ext-sip-ip" value="$${external_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

View File

@ -1,113 +0,0 @@
<profile name="external-ipv6">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-ipv6/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<!--<domain name="all" alias="false" parse="true"/>-->
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="none"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge support
<param name="apply-candidate-acl" value="wan_v6.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v6.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
-->
<param name="apply-candidate-acl" value="deny_private_v6"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external-ipv6?mode=memory&amp;cache=shared"/>
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="rtp-ip" value="$${external_ip_v6}"/>
<param name="sip-ip" value="$${local_ip_v6}"/>
<!-- Shouldn't set these on IPv6 -->
<!--<param name="ext-rtp-ip" value="auto-nat"/>-->
<!--<param name="ext-sip-ip" value="auto-nat"/>-->
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

View File

@ -1,16 +1,6 @@
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
@ -25,7 +15,13 @@
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<!--
SIP port is not rquired, since we are using WS for the
internal connection and a seperate profile (external-dialin-xml)
for SIP dial in
-->
<param name="sip-port" value="15060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
@ -36,7 +32,7 @@
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="none"/>
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
@ -73,20 +69,12 @@
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${external_ip_v4}"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
<!--
Listen only clients somehow run into this timeout
causing
Hangup sofia/external/GLOBAL_AUDIO_76116@10.7.7.1 [CS_EXECUTE] [MEDIA_TIMEOUT]
[mcs-freeswitch] Dispatching conference new video floor event released
[mcs-freeswitch] Received CHANNEL_HANGUP for
-->
<param name="rtp-timeout-sec" value="86400"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
@ -113,9 +101,8 @@
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value="0.0.0.0:5066"/>
<param name="wss-binding" value="$${local_ip_v4}:7443"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>

View File

@ -1,12 +1,15 @@
<include>
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
<!-- Preprocessor Variables
These are introduced when configuration strings must be consistent across modules.
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
toll fraud in the future. It's your responsibility to secure your own system.
This default config is used to demonstrate the feature set of FreeSWITCH.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-->
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
@ -15,6 +18,7 @@
The following variables are set dynamically - calculated if possible by freeswitch - and
are available to the config as $${variable}. You can see their calculated value via fs_cli
by entering eval $${variable}
hostname
local_ip_v4
local_mask_v4
@ -41,21 +45,24 @@
nat_public_addr
nat_private_addr
nat_type
-->
<X-PRE-PROCESS cmd="set" data="sound_prefix={{ .Env.SOUNDS_PATH }}"/>
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
<!--
This setting is what sets the default domain FreeSWITCH will use if all else fails.
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
-->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.10"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v6={{ .Env.EXTERNAL_IPv6 }}"/>
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
@ -63,6 +70,7 @@
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
<!--
Enable ZRTP globally you can override this on a per channel basis
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
-->
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
@ -70,7 +78,9 @@
NOTICE: When using SRTP it's critical that you do not offer or accept
variable bit rate codecs, doing so would leak information and possibly
compromise your SRTP stream. (FS-6404)
Supported SRTP Crypto Suites:
AEAD_AES_256_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
@ -78,6 +88,8 @@
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AEAD_AES_128_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
@ -85,6 +97,8 @@
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
____________________________________________________________________________
AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
@ -92,18 +106,25 @@
tag. The master-key length is 128 bits and has a default lifetime of
a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
first.
AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
____________________________________________________________________________
This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
the authentication tag is 32 bits. The length of the base64-decoded key and
salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
the crypto attribute is considered invalid.
AES_CM_128_NULL_AUTH
____________________________________________________________________________
The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
method. This policy is NOT RECOMMENDED unless it is unavoidable; see
Section 7.5 of [RFC3711].
SRTP variables that modify behaviors based on direction/leg:
rtp_secure_media
____________________________________________________________________________
possible values:
@ -112,11 +133,16 @@
forbidden - More useful for inbound to deny SAVP negotiation
false - implies forbidden
true - implies mandatory
default if not set is accept SAVP inbound if offered.
rtp_secure_media_inbound | rtp_secure_media_outbound
____________________________________________________________________________
This is the same as rtp_secure_media, but would apply to either inbound
or outbound offers specifically.
How to specify crypto suites:
____________________________________________________________________________
By default without specifying any crypto suites FreeSWITCH will offer
@ -124,29 +150,39 @@
endpoint has in common. If you wish to force specific crypto suites you
can do so by appending the suites in a comma separated list in the order
that you wish to offer them in.
Examples:
rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
Additionally you can narrow this down on either inbound or outbound by
specifying as so:
rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
rtp_secure_media_suites
____________________________________________________________________________
Optionaly you can use rtp_secure_media_suites to dictate the suite list
Optionally you can use rtp_secure_media_suites to dictate the suite list
and only use rtp_secure_media=[optional|mandatory|false|true] without having
to dictate the suite list with the rtp_secure_media* variables.
-->
<!--
Examples of codec options: (module must be compiled and loaded)
codecname[@8000h|16000h|32000h[@XXi]]
XX is the frame size must be multples allowed for the codec
XX is the frame size must be multiples allowed for the codec
FreeSWITCH can support 10-120ms on some codecs.
We do not support exceeding the MTU of the RTP packet.
iLBC@30i - iLBC using mode=30 which will win in all cases.
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
@ -173,17 +209,23 @@
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
These are the passthru audio codecs:
G729 - G729 in passthru mode. (mod_g729)
G723 - G723.1 in passthru mode. (mod_g723_1)
AMR - AMR in passthru mode. (mod_amr)
These are the passthru video codecs: (mod_h26x)
H261 - H.261 Video
H263 - H.263 Video
H263-1998 - H.263-1998 Video
H263-2000 - H.263-2000 Video
H264 - H.264 Video
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
96 - AMR
97 - iLBC (30)
98 - iLBC (20)
@ -216,6 +258,7 @@
125 -
126 -
127 - BV32
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G722,PCMU,PCMA"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,speex@16000h@20i,G722,PCMU,PCMA"/>
@ -232,7 +275,9 @@
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
<!--
THIS IS ONLY USED FOR DINGALING
bind_server_ip
Can be an ip address, a dns name, or "auto".
This determines an ip address available on this host to bind.
If you are separating RTP and SIP traffic, you will want to have
@ -242,6 +287,7 @@
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
If you're going to load test FreeSWITCH please input real IP addresses
for external_rtp_ip and external_sip_ip
-->
@ -256,7 +302,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.l.google.com:19302"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
@ -269,7 +315,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.l.google.com:19302"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.
@ -328,9 +374,11 @@
<!--
Digits Dialed filter: (FS-6940)
The digits stream may contain valid credit card numbers or social security numbers, These digit
filters will allow you to make a valant effort to stamp out sensitive information for
PCI/HIPPA compliance. (see xml_cdr dialed_digits)
df_us_ssn = US Social Security Number pattern
df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB
-->
@ -342,6 +390,7 @@
<!--
Setting up your default sip provider is easy.
Below are some values that should work in most cases.
These are for conf/directory/default/example.com.xml
-->
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
@ -354,16 +403,21 @@
<!--
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
default: tlsv1,tlsv1.1,tlsv1.2
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
<!--
TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
The actual ciphers supported will change per platform.
openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
Will show you what is available in your verion of openssl.
Will show you what is available in your version of openssl.
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
@ -380,7 +434,7 @@
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<!-- Video Settings -->
<!-- Setting the max bandwdith -->
<!-- Setting the max bandwidth -->
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=1mb"/>
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=1mb"/>
@ -395,4 +449,5 @@
<X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/>
<X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
</include>
</include>

View File

@ -4,13 +4,13 @@ include "/bbb-fsesl-akka/conf/application.conf"
freeswitch {
esl {
host="10.7.7.1"
host="freeswitch"
password="FSESL_PASSWORD"
}
}
redis {
host="10.7.7.5"
host="redis"
}
http {

View File

@ -11,8 +11,7 @@
<logger name="org.freeswitch.esl" level="WARN" />
<logger name="io.lettuce" level="INFO" />
<root level="DEBUG">
<root level="INFO">
<appender-ref ref="STDOUT"/>
<appender-ref ref="FILE" />
</root>
</configuration>

4
mod/haproxy/Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM ghcr.io/tomdess/docker-haproxy-certbot:2.8.10
# overwrite bootstrap.sh
COPY bootstrap.sh /bootstrap.sh

30
mod/haproxy/bootstrap.sh Executable file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e
# save container environment variables to use it
# in cron scripts
declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
# when used with an IP, we'll also disable certbot
if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
IGNORE_TLS_CERT_ERRORS=true
fi
if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
# use self signed certificate
if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
mkdir -p /etc/haproxy/certs
# generate self signed certificate
openssl req -x509 -nodes -days 700 -newkey rsa:2048 \
-keyout /tmp/domain.key -out /tmp/domain.crt \
-subj "/C=CA/ST=Quebec/L=Montreal/O=BigBlueButton Development/OU=bbb-docker/CN=10.7.7.1"
cat /tmp/domain.key /tmp/domain.crt | tee /etc/haproxy/certs/haproxy-10.7.7.1.pem >/dev/null
fi
else
# obtain certificates from lets encrypt
/certs.sh
fi
supervisord -c /etc/supervisord.conf -n

80
mod/haproxy/haproxy.cfg Normal file
View File

@ -0,0 +1,80 @@
global
log stdout format raw local0 debug
maxconn 20480
############# IMPORTANT #################################
## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ##
## acme-http01-webroot.lua file ##
# chroot /jail ##
#########################################################
lua-load /etc/haproxy/acme-http01-webroot.lua
#
# SSL options
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 4096
# workaround for bug #14 (Cert renewal blocks HAProxy indefinitely with Websocket connections)
hard-stop-after 3s
# DNS runt-time resolution on backend hosts
resolvers docker
nameserver dns "127.0.0.11:53"
defaults
log global
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# option forwardfor
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# never fail on address resolution
default-server init-addr last,libc,none
frontend http
bind *:80,[::]:80
mode http
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
redirect scheme https code 301 if !{ ssl_fc }
frontend nginx_or_turn
bind *:443,:::443 ssl crt /etc/haproxy/certs/ ssl-min-ver TLSv1.2 alpn h2,http/1.1,stun.turn
mode tcp
option tcplog
tcp-request content capture req.payload(0,1) len 1
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+X}[capture.req.hdr(0)]"
tcp-request inspect-delay 30s
# We terminate SSL on haproxy. HTTP2 is a binary protocol. haproxy has to
# decide which protocol is spoken. This is negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
# If no ALPN value is set, the first byte is inspected and depending on the
# value traffic is sent to either port 81 or coturn.
use_backend nginx-http2 if { ssl_fc_alpn h2 }
use_backend nginx if { ssl_fc_alpn http/1.1 }
use_backend turn if { ssl_fc_alpn stun.turn }
use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
default_backend turn
backend turn
mode tcp
server localhost 10.7.7.1:3478 check
backend nginx
mode tcp
server localhost 10.7.7.1:48081 send-proxy check
backend nginx-http2
mode tcp
server localhost 10.7.7.1:48082 send-proxy check

52
mod/haproxy/protocolmap Normal file
View File

@ -0,0 +1,52 @@
a nginx
b nginx
c nginx
d nginx
e nginx
f nginx
g nginx
h nginx
i nginx
j nginx
k nginx
l nginx
m nginx
n nginx
o nginx
p nginx
q nginx
r nginx
s nginx
t nginx
u nginx
v nginx
w nginx
x nginx
y nginx
z nginx
A nginx
B nginx
C nginx
D nginx
E nginx
F nginx
G nginx
H nginx
I nginx
J nginx
K nginx
L nginx
M nginx
N nginx
O nginx
P nginx
Q nginx
R nginx
S nginx
T nginx
U nginx
V nginx
W nginx
X nginx
Y nginx
Z nginx

13
mod/html5-dev/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG
# use /tmp as home dir as writeable directory for whatever UID we get
ENV HOME /tmp
# allow all user to access .nvm in root
RUN chmod 755 /root
WORKDIR /app
COPY /entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

11
mod/html5-dev/entrypoint.sh Executable file
View File

@ -0,0 +1,11 @@
set -e
# enable nvm
. /root/.nvm/nvm.sh
if [ -n "$1" ]; then
exec "$@"
else
npm install
npm start -- --host 0.0.0.0
fi

View File

@ -1,44 +0,0 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor
# USER meteor
ARG TAG_HTML5
COPY --from=source ./ /source
RUN cd /source && meteor npm ci --production \
&& METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser --directory /app \
&& rm -rf /source
RUN cd /app/bundle/programs/server \
&& npm install --production
RUN mkdir -p /app/bundle/programs/web.browser/app/files && \
cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/
RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \
&& find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \;
# ------------------------------
FROM node:14.21-bullseye-slim
RUN apt-get update && apt-get install -y gosu
# add user & group
RUN groupadd -g 2000 meteor \
&& useradd -m -u 2001 -g meteor meteor
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
COPY --from=builder --chown=meteor:meteor /app/bundle /app
COPY entrypoint.sh /entrypoint.sh
COPY bbb-html5.yml /app/bbb-html5.yml.tmpl
# expose TAG_BBB in container for the version display
ARG TAG_BBB
ENV TAG_BBB $TAG_BBB
ENTRYPOINT ["/entrypoint.sh"]

View File

@ -1,25 +0,0 @@
public:
app:
html5ClientBuild: {{ .Env.TAG_HTML5 }}
bbbServerVersion: {{ .Env.TAG_HTML5 }}-docker
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
clientTitle: {{ .Env.CLIENT_TITLE }}
appName: BigBlueButton HTML5 Client (docker)
breakouts:
breakoutRoomLimit: {{ .Env.BREAKOUTROOM_LIMIT }}
kurento:
wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu
autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }}
skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }}
chat:
enabled: {{ .Env.CHAT_ENABLED }}
startClosed: {{ .Env.CHAT_START_CLOSED }}
pads:
url: https://{{ .Env.DOMAIN }}/pad
private:
app:
host: 0.0.0.0
redis:
host: redis
port: '6379'

View File

@ -1,43 +0,0 @@
#!/bin/bash
set -e
cd /app
export MONGO_OPLOG_URL=mongodb://10.7.7.6/local
export MONGO_URL=mongodb://10.7.7.6/meteor
export ROOT_URL=http://127.0.0.1/html5client
export NODE_ENV=production
export SERVER_WEBSOCKET_COMPRESSION='{"level":5, "maxWindowBits":13, "memLevel":7, "requestMaxWindowBits":13}'
export BIND_IP=0.0.0.0
export LANG=en_US.UTF-8
export INSTANCE_MAX=1
export ENVIRONMENT_TYPE=production
export NODE_VERSION=node-v14.21.1-linux-x64
export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml
if [ "$DEV_MODE" == true ]; then
echo "DEV_MODE=true, disable TLS certificate rejecting"
export NODE_TLS_REJECT_UNAUTHORIZED=0
fi
if [ "$BBB_HTML5_ROLE" == "backend" ]; then
PARAM=NODEJS_BACKEND_INSTANCE_ID=$INSTANCE_ID
fi
# if container is the first frontend, do some additional tasks
if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then
# copy static files into volume for direct access by nginx
# https://github.com/bigbluebutton/bigbluebutton/issues/10739
if [ -d "/html5-static" ]; then
rm -rf /html5-static/*
cp -r /app/programs/web.browser/* /html5-static
fi
fi
dockerize \
-template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \
gosu meteor \
node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM

View File

@ -1,15 +0,0 @@
# overwriting force-https.conf from valian/docker-nginx-auto-ssl
location /bigbluebutton/api/join {
return 301 https://$host$request_uri;
}
# allow /api calls without redirecting to https
location /bigbluebutton/api {
proxy_pass https://127.0.0.1:443;
proxy_ssl_verify off;
}
location / {
return 301 https://$host$request_uri;
}

View File

@ -1,33 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2 default_server;
# we at still serve https via IPv6 for the
# case that an AAAA record is set.
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}

View File

@ -1,33 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}

View File

@ -1,17 +0,0 @@
FROM ghcr.io/jodconverter/jodconverter-examples:rest
RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections
RUN sed -i 's/main/main contrib/' /etc/apt/sources.list.d/debian.sources && apt-get update
RUN apt-get update && apt -y install --no-install-recommends \
fonts-arkpandora \
fonts-crosextra-carlito \
fonts-crosextra-caladea \
fonts-noto \
fonts-noto-cjk \
fonts-liberation \
fontconfig \
ttf-mscorefonts-installer
# avoid "APPLICATION FAILED TO START. Config data location '/etc/app/' does not exist"
# https://github.com/bigbluebutton/docker/issues/178
CMD ["--spring.config.additional-location=optional:/etc/app/"]

15
mod/livekit/livekit.yaml Normal file
View File

@ -0,0 +1,15 @@
port: 7880
log_level: debug
# when enabled, LiveKit will expose prometheus metrics on :6789/metrics
#prometheus_port: 6789
rtc:
port_range_start: 16384
port_range_end: 32768
use_external_ip: false
redis:
# redis is recommended for production deploys
address: redis:6379
keys:
# TODO: change keys
TEST: TEST

View File

@ -1,26 +0,0 @@
#!/bin/sh
set -e
host=${HOSTNAME:-$(hostname -f)}
# shut down again
mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown
# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6
mongod --oplogSize 8 --replSet rs0 --noauth \
--config /tmp/docker-entrypoint-temp-config.json \
--bind_ip 0.0.0.0 --port 27017 \
--tlsMode disabled \
--logpath /proc/1/fd/1 --logappend \
--pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork
# init replset with defaults
mongo 10.7.7.6 --eval "rs.initiate({
_id: 'rs0',
members: [ { _id: 0, host: '10.7.7.6:27017' } ]
})"
echo "Waiting to become a master"
echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongo
echo "I'm the master!"

View File

@ -1,33 +0,0 @@
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
storage:
dbPath: /data/db
journal:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 1
journalCompressor: none
directoryForIndexes: true
collectionConfig:
blockCompressor: none
indexConfig:
prefixCompression: false
net:
port: 27017
bindIp: 0.0.0.0
replication:
replSetName: rs0
setParameter:
diagnosticDataCollectionEnabled: false
security:
javascriptEnabled: false

View File

@ -1,20 +1,32 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
# --------------------
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard
COPY --from=src-learning-dashboard / /bbb-learning-dashboard
RUN cd /bbb-learning-dashboard && npm ci && npm run build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback
COPY --from=src-playback / /bbb-playback
RUN cd /bbb-playback && npm install && npm run-script build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5
COPY --from=src-html5 / /source
RUN cd /source && CI=true npm ci
RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build
RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css
# --------------------
FROM nginx:1.25-alpine
FROM nginx:1.27-alpine
COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/
COPY ./bbb /etc/nginx/bbb
COPY ./bigbluebutton /etc/nginx/conf.d/default.conf
COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf
COPY ./nginx.conf /etc/nginx/nginx.conf

View File

@ -0,0 +1 @@
proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off;

View File

@ -0,0 +1,23 @@
# serve locale index from prebuilt static files
location = /html5client/locales/ {
alias /usr/share/bigbluebutton/html5-client/locales/;
autoindex on;
autoindex_format json;
# Prevent browsers from caching
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires 0;
}
# running from source (npm start)
location /html5client/ {
rewrite /html5client/(.*) /$1 break;
gzip_static on;
proxy_pass http://10.7.7.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}

View File

@ -1,49 +1,13 @@
location @html5client {
proxy_pass http://poolhtml5servers; # use for production
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# running in production (static assets)
location /html5client {
gzip_static on;
alias /usr/share/bigbluebutton/html5-client/;
index index.html;
try_files $uri $uri/ =404;
}
location /html5client/locales {
alias /html5-static/app/locales;
alias /usr/share/bigbluebutton/html5-client/locales;
autoindex on;
autoindex_format json;
}
location /html5client/compatibility {
gzip_static on;
alias /html5-static/app/compatibility;
}
location /html5client/resources {
alias /html5-static/app/resources;
}
location /html5client/svgs {
alias /html5-static/app/svgs;
}
location /html5client/fonts {
alias /html5-static/app/fonts;
}
location /html5client/files {
alias /html5-static/app/files;
}
location /html5client/wasm {
types {
application/wasm wasm;
}
gzip_static on;
alias /html5-static/app/wasm;
}
location /html5client {
gzip_static on;
alias /html5-static;
try_files $uri @html5client;
}
location /html5client/sockjs {
try_files $uri @html5client;
}

View File

@ -0,0 +1,39 @@
# Websocket connection
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
#proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql)
proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware
}
#Set cache system for client settings
location /api/rest/clientSettings {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_cache client_settings_cache;
proxy_cache_key "$uri|$meeting_id";
proxy_cache_use_stale updating;
proxy_cache_valid 24h;
proxy_cache_lock on;
add_header X-Cached $upstream_cache_status;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}
location /api/rest/userMetadata {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}

View File

@ -1,8 +1,3 @@
location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) {
alias /var/bigbluebutton/learning-dashboard/$1/$2;
autoindex off;
}
location /learning-analytics-dashboard/ {
alias /www/learning-analytics-dashboard/;
autoindex off;

View File

@ -0,0 +1,11 @@
location /livekit/ {
proxy_pass http://127.0.0.1:7880/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
}

View File

@ -15,7 +15,7 @@ location /pad/p/ {
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1;
auth_request /bigbluebutton/connection/checkAuthorization;
@ -57,7 +57,7 @@ location /pad/socket.io {
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_set_header Host $host; # pass the host header
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html

View File

@ -20,34 +20,27 @@
# causes tomcat to OOM. (ralam sept 20, 2018)
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/svg\/(?<page_num>\d+)$ {
default_type image/svg+xml;
default_type image/svg+xml;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/slide\/(?<page_num>\d+)$ {
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/pdf\/(?<job_id>[A-Za-z0-9]+)\/annotated_slides.pdf$ {
default_type application/pdf;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf;
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/thumbnail\/(?<page_num>\d+)$ {
default_type image/png;
default_type image/png;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/textfiles\/(?<page_num>\d+)$ {
default_type text/plain;
default_type text/plain;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt;
if ($bbb_loadbalancer_node) {
add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
}
add_header 'Access-Control-Allow-Origin' '*' always;
}

View File

@ -1,15 +0,0 @@
location /ws {
proxy_pass https://$freeswitch_addr:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}

View File

@ -92,6 +92,16 @@
proxy_set_header X-Original-URI $request_uri;
}
location = /bigbluebutton/connection/checkGraphqlAuthorization {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
# this is required for CORS preflight checks in cluster setup
proxy_set_header X-Original-Method $request_method;
}
location = /bigbluebutton/connection/legacyCheckAuthorization {
internal;
proxy_pass http://bbb-web:8090;
@ -149,6 +159,18 @@
proxy_set_header X-Original-URI $request_uri;
}
location /bigbluebutton/rtt-check {
default_type text/plain;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "0";
# this Header is required for cluster setups as the ping check is a
# CORS request. No cookies are required so we can just allow anyone
# to use this endpoint.
add_header 'Access-Control-Allow-Origin' '*';
return 200 "";
}
}
location @error403 {

View File

@ -1,30 +1,21 @@
map $remote_addr $freeswitch_addr {
"~:" [::1];
default 10.7.7.1;
}
upstream poolhtml5servers {
zone poolhtml5servers 32k;
least_conn;
server 10.7.7.200:4100 fail_timeout=10s max_fails=4 backup;
server 10.7.7.201:4101 fail_timeout=120s max_fails=1;
server 10.7.7.202:4102 fail_timeout=120s max_fails=1;
server 10.7.7.203:4103 fail_timeout=120s max_fails=1;
# TODO: set server list based on NUMBER_OF_FRONTEND_NODEJS_PROCESSES
# server 10.7.7.204:4104 fail_timeout=120s max_fails=1;
# server 10.7.7.205:4105 fail_timeout=120s max_fails=1;
# server 10.7.7.206:4106 fail_timeout=120s max_fails=1;
# server 10.7.7.207:4107 fail_timeout=120s max_fails=1;
}
server {
# proxied from HAProxy
listen 48082 http2 proxy_protocol;
listen 48081 proxy_protocol;
# optional ports for other reverse proxies
listen 48087 default_server;
listen [::]:48087 default_server;
server_name _;
access_log /dev/stdout;
absolute_redirect off;
root /www/;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme $scheme;
# opt-out of google's floc tracking
# https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
add_header Permissions-Policy "interest-cohort=()";
@ -68,3 +59,28 @@ server {
send_timeout 6h;
}
}
upstream hasura {
least_conn;
server bbb-graphql-server:8085;
# you might want to add more bbb-graphql-server@ instances to balance the
# load to multiple bbb-graphql-server instances. Execute
# `systemctl enable --now bbb-graphql-server@8086` and uncomment the
# following line:
# server 127.0.0.1:8086;
}
server {
listen 10.7.7.1:8185;
listen 127.0.0.1:8185;
root /var/www/html;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://hasura;
}
}

View File

@ -29,4 +29,25 @@ http {
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
# additional server only used for greenlight in dev mode
# allows it to use the BBB API without failing
# due to the self signed certificates
#
# all other requests (e.g. /join) is then redirected
listen 48083 http2;
location /bigbluebutton/api/join {
return 301 https://10.7.7.1$request_uri;
}
location /bigbluebutton/api {
proxy_pass http://127.0.0.1:48087;
}
location / {
return 301 https://10.7.7.1$request_uri;
}
}
}

View File

@ -1,4 +1,4 @@
FROM debian:bullseye-slim
FROM debian:bookworm-slim
# -- install docker cli
COPY --from=library/docker:latest /usr/local/bin/docker /usr/bin/docker

21
mod/postgres/initdb.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
set -u
function create_user_and_database() {
local database=$1
echo " Creating user and database '$database'"
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE DATABASE $database;
GRANT ALL PRIVILEGES ON DATABASE $database TO $POSTGRES_USER;
EOSQL
}
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
create_user_and_database $db
done
echo "Multiple databases created"
fi

View File

@ -1,5 +1,5 @@
FROM ruby:2.7-slim-bullseye
FROM ruby:3.0-slim-bullseye
# install apt dependencies
RUN apt-get update && apt-get install -y \
@ -38,7 +38,7 @@ ENV LANGUAGE en_US.UTF-8
# compile and install mkclean
RUN cd /tmp \
&& wget https://netcologne.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
&& wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
&& tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
&& cd /tmp/mkclean-0.8.10 \
&& sed -i 's/\r//g' ./mkclean/configure.compiled \
@ -54,7 +54,7 @@ RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VE
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
# add yq for bbb-record
RUN wget -q https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq \
RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq \
&& chmod +x /usr/bin/yq
RUN mkdir -p \

View File

@ -4,7 +4,7 @@ user=root
[program:rasque_workers]
command=bundle exec rake -f Rakefile resque:workers
directory=/usr/local/bigbluebutton/core/scripts
environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1",HOME="/home/bigbluebutton"
environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",HOME="/home/bigbluebutton"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0

View File

@ -1,4 +1,4 @@
FROM node:18-bullseye-slim AS builder
FROM node:22-bookworm-slim AS builder
RUN apt-get update && apt-get install -y git wget
@ -7,12 +7,12 @@ RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_
&& chmod +x /usr/bin/yq
COPY --from=src / /bbb-webhooks
RUN cd /bbb-webhooks && npm install --production
RUN cd /bbb-webhooks && npm ci --omit=dev && rm -rf /bbb-webhooks./.git
RUN chmod 777 /bbb-webhooks/config
# ------------------------------
FROM node:18-bullseye-slim
FROM node:22-bookworm-slim
RUN useradd --uid 2004 --user-group bbb-webhooks
COPY --from=builder /usr/bin/yq /usr/bin/yq

View File

@ -3,14 +3,14 @@ set -e
TARGET=/bbb-webhooks/config/production.yml
cp /bbb-webhooks/config/default.example.yml $TARGET
yq e -i ".bbb.sharedSecret = \"$SHARED_SECRET\"" $TARGET
yq e -i ".bbb.serverDomain = \"$DOMAIN\"" $TARGET
yq e -i ".bbb.auth2_0 = true" $TARGET
yq e -i ".server.bind = \"0.0.0.0\"" $TARGET
yq e -i ".hooks.getRaw = false" $TARGET
yq e -i ".redis.host = \"redis\"" $TARGET
yq e -i '.modules."../out/webhooks/index.js".config.getRaw = false' $TARGET
export NODE_ENV=production
export REDIS_HOST=redis
export SERVER_DOMAIN=$DOMAIN
export BEARER_AUTH=true
export SERVER_BIND_IP=0.0.0.0
cd /bbb-webhooks
node app.js

View File

@ -4,11 +4,17 @@ FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN useradd --uid 2004 --user-group webrtc-sfu
# cache packages
COPY --from=source /package.json /cache/package.json
RUN cd /cache && npm install --unsafe-perm
COPY --from=source / /app
ENV NODE_ENV production
RUN cd /app \
&& rm -rf /app/node_modules && cp -a /cache/node_modules /app/node_modules \
&& cp config/default.example.yml config/production.yml \
&& npm install --unsafe-perm \
&& npm cache clear --force \
@ -18,7 +24,7 @@ RUN cd /app \
# =============================
FROM node:18-bullseye-slim
FROM node:22-bookworm-slim
RUN useradd --uid 2004 --user-group webrtc-sfu
ENV NODE_ENV production
@ -27,4 +33,10 @@ RUN mkdir /home/webrtc-sfu && chown -R webrtc-sfu:webrtc-sfu /app/config /home/w
USER webrtc-sfu
WORKDIR /app
COPY config.yaml /etc/bigbluebutton/bbb-webrtc-sfu/production.yml
ENV NODE_ENV=production
ENV NODE_CONFIG_DIR=/app/config/:/etc/bigbluebutton/bbb-webrtc-sfu/
ENV ALLOW_CONFIG_MUTATIONS=true
CMD [ "npm", "start" ]

View File

@ -0,0 +1,32 @@
kurento: []
redisHost: 10.7.7.5
clientHost: 10.7.7.1
recordingAdapter: bbb-webrtc-recorder
mcs-host: 10.7.7.1
mcs-address: 10.7.7.1
freeswitch:
ip: 10.7.7.10
sip_ip: 10.7.7.10
port: 5066
esl_ip: 10.7.7.10
esl_port: 8021
log:
# trace|debug|info|warn|error
level: debug
# Whether to log to stdout
stdout: true
# Whether to log to a file
file: false
mediasoup:
dedicatedMediaTypeWorkers:
audio: auto
workerBalancing:
strategy: least-loaded
plainRtp:
listenIp:
ip: "0.0.0.0"
announcedIp: "10.7.7.1"

Some files were not shown because too many files have changed in this diff Show More