holm/docker
1
0
Fork 0
forked from extern/docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add docker for 2.2.x

Browse Source
This commit is contained in:
Tiago Daniel Jacobs 2019-12-09 00:34:03 -03:00
parent 7bfb751534
commit 14a49e83f3
11 changed files with 170 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,4 @@
id_rsa.pub
mac-vpn/docker-for-mac.ovpn
mac-vpn/config
certs/

23
.travis.yml
View File

@ -1,23 +0,0 @@
sudo: required
services:
- docker
script:
- docker build -t bigbluebutton/bigbluebutton:master .
after_script:
- docker images
before_deploy:
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
deploy:
provider: script
script: docker push bigbluebutton/bigbluebutton:master
on:
branch: master
notifications:
slack:
secure: 45+AWSHhNUFPUpDQY88tW5cquLhP7epb5hE1GXcWX0+5rAomY0W8cw1B9L57iCgzU0rFV9ztm3pKqijYuG7BWxts7nLpAvNQWzLy5IqqBoy1sclKAT1upIUCu72iqJog32Vx+XJUyZDVpsqMyp/VR2zCAqtgh8ThdgNhuLCkVTB7ZGLGaU7yCQYdP4tfYape/ISYbRr2qKDi5qWQ61kUAChkEGeYN7gbQkvR8szuaDR4tj/zOmE/2R1xR/PAZz0We6SpzQjCebf4vfp6adF2na9Ev/bKlMEIKyA2KYp5YOkZQcdrj9/FeR2muUD4IgBAOdUiinVhvYs6Ig7o1xeBQ6YLA9FWOSj8XTuGC+C9K4VJGXqDjefRSf11pmFSbMlXA66r/CQZslcnQrZu06ns5jMR46jiUYqXvU5vzg+4oPFyNso+SuQ9R7RtTHYDxCrTFEr4DlYVZ25D6FNX4ZD2Uu5FQDxKxJaDk9xMxMAEXrUMABe3tZyeNabyiKIt7RkHVJiadpF7oEuwD7luQmfPd9blbRE7ZcqArT10RIQGMAEHQ+8XnSfWfb+4v6l1xYiL6ifT+/6P+xfXWNH5JNCDptER28Hf1R4bUF8joi/sn037F3/1bOXiE6TlLqaerZe6qK/FfM5SPgLv0LmMtxEKkG4ta8GzDMwSC43jzB0OSr8=

78
Dockerfile
View File

@ -2,20 +2,28 @@ FROM ubuntu:16.04
MAINTAINER ffdixon@bigbluebutton.org
ENV DEBIAN_FRONTEND noninteractive
# RUN echo 'Acquire::http::Proxy "http://192.168.2.69:3142";' > /etc/apt/apt.conf.d/01proxy
RUN apt-get update && apt-get install -y wget apt-transport-https
ENV container docker
RUN echo "deb http://ubuntu.bigbluebutton.org/xenial-200 bigbluebutton-xenial main " | tee /etc/apt/sources.list.d/bigbluebutton.list
RUN wget http://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -
RUN apt-get update && apt-get install -y netcat
# -- Test if we have apt cache running on docker host, if yes, use it.
RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";' > /etc/apt/apt.conf.d/01proxy
# -- Install utils
RUN apt-get update && apt-get install -y wget apt-transport-https
RUN apt-get install -y language-pack-en
RUN update-locale LANG=en_US.UTF-8
RUN apt-get update && apt-get install -y wget software-properties-common
# -- Install system utils
RUN apt-get update
RUN apt-get install -y --no-install-recommends apt-utils
RUN apt-get install -y wget software-properties-common
RUN add-apt-repository ppa:jonathonf/ffmpeg-4 -y
RUN LC_CTYPE=en_US.UTF-8 add-apt-repository ppa:rmescandon/yq -y
RUN apt-get update && apt-get -y dist-upgrade
# -- Install yq
RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:rmescandon/yq
RUN apt update
RUN LC_CTYPE=C.UTF-8 apt install yq -y
# -- Setup tomcat7 to run under docker
RUN apt-get install -y \
@ -29,41 +37,31 @@ RUN sed -i 's|securerandom.source=file:/dev/random|securerandom.source=file:/dev
ADD mod/tomcat7 /etc/init.d/tomcat7
RUN chmod +x /etc/init.d/tomcat7
# -- Install BigBlueButton
RUN echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections
RUN apt-get install -y bigbluebutton
RUN apt-get install -y bbb-demo
# -- Modify systemd to be able to run inside container
RUN apt-get update \
&& apt-get install -y systemd
# -- Install mongodb (for HTML5 client)
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
RUN echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
RUN sudo apt-get update && sudo apt-get install -y mongodb-org curl
# -- Install Dependencies
RUN apt-get install -y mlocate strace iputils-ping telnet tcpdump vim htop
# -- Install nodejs (for HTML5 client)
RUN apt-get install -y apt-transport-https
RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
RUN echo 'deb http://deb.nodesource.com/node_8.x xenial main' > /etc/apt/sources.list.d/nodesource.list
RUN echo 'deb-src http://deb.nodesource.com/node_8.x xenial main' >> /etc/apt/sources.list.d/nodesource.list
RUN apt-get update && apt-get install -y nodejs
# -- Install nginx (in order to enable it - to avoid the "nginx.service is not active" error)
RUN apt-get install -y nginx
RUN systemctl enable nginx
# -- Install HTML5 client
RUN apt-get install -y bbb-html5
# -- Disable unneeded services
RUN systemctl disable systemd-journal-flush
RUN systemctl disable systemd-update-utmp.service
RUN apt-get update
RUN apt-get install -y coturn xmlstarlet vim mlocate
# -- Finish startup
# Add a number there to force update of files on build
RUN echo "Finishing ... @12"
RUN mkdir /opt/docker-bbb/
RUN wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh -O- | sed 's|https://\$PACKAGE_REPOSITORY|http://\$PACKAGE_REPOSITORY|g' > /opt/docker-bbb/bbb-install.sh
RUN chmod 755 /opt/docker-bbb/bbb-install.sh
ADD setup.sh /opt/docker-bbb/setup.sh
ADD rc.local /etc/
RUN chmod 755 /etc/rc.local
# -- Install supervisor to run all the BigBlueButton processes (replaces systemd)
RUN apt-get install -y supervisor
RUN mkdir -p /var/log/supervisor
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
# -- Modify FreeSWITCH event_socket.conf.xml to listen to IPV4
ADD mod/event_socket.conf.xml /opt/freeswitch/etc/freeswitch/autoload_configs
ADD mod/external.xml /opt/freeswitch/conf/sip_profiles/external.xml
# RUN apt-get install -y bbb-etherpad
# -- Finish startup
ADD setup.sh /root/setup.sh
ENTRYPOINT ["/root/setup.sh"]
ENTRYPOINT ["/bin/systemd", "--system", "--unit=multi-user.target"]
CMD []

45
README.md
View File

@ -1,26 +1,39 @@
# BigBlueButton Docker
![Travis CI](https://travis-ci.org/bigbluebutton/docker.svg?branch=master)
![Docker Pulls](https://img.shields.io/docker/pulls/bigbluebutton/bigbluebutton.svg)
## Setting up the SSL
Generate a certificate to your container using letsencrypt and then copy your certificate to certs/ folder with the commands:
```
mkdir certs/
cp fullchain.pem certs/
cp privkey.pem certs/
```
These are scripts to build a Docker that runs BigBlueButton with both the Flash and HTML5 client. To build the Docker container, run the command
## Creating container
```
docker-compose build bbb
NAME=bbb001 DOMAIN=bbbvm.imdt.com.br sh -c 'docker-compose run --name $NAME bbb'
```
~~~
docker build -t bigbluebutton .
~~~
## Defining an entry in your `/etc/hosts` file
```
docker exec -it bbb001 ifconfig eth0
```
Here we called the BigBlueButton container `bigbluebutton`. To run BigBlueButton in Docker, run the command
## MAC users
Docker for Mac OS doesn't allow direct access to container IP's.
~~~
docker run --rm -p 80:80/tcp -p 1935:1935 -p 3478:3478 -p 3478:3478/udp bigbluebutton -h <HOST_IP>
~~~
In order to access the BBB container from your MAC os host, you can use openvpn:
Make sure you provide the host IP of the server on which you run the docker command. Once running, you can navigate to `http://<HOST_IP>` to access your BigBlueButton server.
1. Build containers:
```
docker-compose build mac_proxy mac_openvpn
```
For details see the [setup instructions](http://docs.bigbluebutton.org/install/docker.html).
2. Add `comp-lzo no` at bottom of `mac-vpn/docker-for-mac.ovpn`
## Future Plans
3. Install openvpn configuration generated on `mac-vpn/docker-for-mac.ovpn` (double click and open on Tunnelblick)
Our goal was to allow developers to run BigBlueButton server with a single command. This Docker image is not meant for production use, but rather for testing and trying out BigBlueButton.
Still, it good step towards separating BigBlueButton into individual components for running under docker-compose or kubernetes.
4. Start containers
```
docker-compose start mac_proxy mac_openvpn
```

52
docker-compose.yml Normal file
View File

@ -0,0 +1,52 @@
version: '2'
networks:
backend:
services:
bbb:
build: .
privileged: true
environment:
- "NAME=${NAME}"
- "DOMAIN=${DOMAIN}"
hostname: ${NAME}.${DOMAIN}
cap_add:
- NET_ADMIN
environment:
- container=docker
tmpfs:
- /run
- /run/lock
- /tmp
volumes:
- ./certs/:/local/certs/
- /var/run/docker.sock:/var/run/docker.sock
security_opt:
- seccomp:unconfined
networks:
- backend
mac_proxy:
build: mac-vpn/
ports:
- "127.0.0.1:13194:13194"
command: TCP-LISTEN:13194,fork TCP:172.17.0.1:1194
restart: always
networks:
- backend
mac_openvpn:
image: kylemanna/openvpn
volumes:
- ./mac-vpn:/local
- ./mac-vpn/config:/etc/openvpn
network_mode: host
privileged: true
cap_add:
- NET_ADMIN
environment:
dest: docker-for-mac.ovpn
DEBUG: '1'
command: /local/helpers/run-vpn.sh
restart: always

4
mac-vpn/Dockerfile Normal file
View File

@ -0,0 +1,4 @@
FROM alpine
RUN apk add --no-cache socat
ENTRYPOINT ["socat"]

22
mac-vpn/helpers/run-vpn.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/sh
dest=${dest:-docker.ovpn}
if [ ! -f "/local/$dest" ]; then
echo "*** REGENERATING ALL CONFIGS ***"
set -ex
#rm -rf /etc/openvpn/*
ovpn_genconfig -u tcp://localhost
sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf
echo localhost | ovpn_initpki nopass
easyrsa build-client-full host nopass
ovpn_getclient host | sed '
s|localhost 1194|localhost 13194|;
s|redirect-gateway.*|route 172.16.0.0 255.240.0.0|;
' > "/local/$dest"
fi
# Workaround for https://github.com/wojas/docker-mac-network/issues/6
/sbin/iptables -I FORWARD 1 -i tun+ -j ACCEPT
exec ovpn_run

11
mod/event_socket.conf.xml
View File

@ -1,11 +0,0 @@
<configuration name="event_socket.conf" description="Socket Client">
<settings>
<param name="nat-map" value="false"/>
<param name="listen-ip" value="127.0.0.1"/>
<param name="listen-port" value="8021"/>
<param name="password" value="ClueCon"/>
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>

113
mod/external.xml
View File

@ -1,113 +0,0 @@
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="auto-nat"/>
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="true"/>
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="apply-candidate-acl" value="webrtc-turn"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

2
rc.local Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
[ ! -f /opt/docker-bbb/setup-executed ] && /opt/docker-bbb/setup.sh

257
setup.sh
View File

@ -19,249 +19,32 @@
#
set -x
change_var_value () {
sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
}
cd "$(dirname "$0")"
change_yml_value () {
sed -i "s<^\([[:blank:]#]*\)\(${2}\): .*<\1\2: ${3}<" $1
}
useradd bbb
mkdir /home/bbb
chown bbb /home/bbb
echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb
./bbb-install.sh -d -s "`hostname -f`" -v xenial-220-dev22a -a
sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935 -p 5066:5066 -p 3478:3478 -p 3478:3478/udp b2 -h 192.168.0.130
# Repository is broken (remove it later)
cd /usr/local/bigbluebutton/bbb-webrtc-sfu/
npm install --unsafe-perm
while getopts ":eh:s:" opt; do
case $opt in
e)
env
exit
;;
h)
HOST=$OPTARG
;;
s)
SECRET=$OPTARG
;;
:)
echo "Missing option argument for -$OPTARG" >&2;
exit 1
;;
\?)
echo "Invalid option: -$OPTARG" >&2
cat<<HERE
Docker startup script for BigBlueButton.
# Allow to have executable files in /tmp/ folder (tomcat JNA)
mount /tmp -o remount,exec
-h Hostname for BigBlueButton server
-s Shared secret
HERE
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
apt-get install -y bbb-demo && /etc/init.d/tomcat7 start
while [ ! -f /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp ]; do sleep 1; done
sudo /etc/init.d/tomcat7 stop
# In a standard BigBlueButton server you would use `bbb-conf --setip IP` to configure it listen to a given IP, but
# we are using supervisorctl (not systemd) in, so we apply all the configuration changes before running supervisorctl at
# the end of this script
# Setup the BigBlueButton configuration files
#
PROTOCOL_HTTP=http
PROTOCOL_RTMP=rtmp
IP=$(echo "$(LANG=c ifconfig | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^et.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')$(LANG=c ifconfig | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^en.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')" | head -n1)
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]/@data' --value "external_rtp_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]/@data' --value "external_sip_ip=stun:coturn" /opt/freeswitch/conf/vars.xml
xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]/@data' --value "local_ip_v4=${IP}" /opt/freeswitch/conf/vars.xml
if [ -f /opt/freeswitch/conf/sip_profiles/external-ipv6.xml ]; then
mv /opt/freeswitch/conf/sip_profiles/external-ipv6.xml /opt/freeswitch/conf/sip_profiles/external-ipv6.xml_
fi
if [ -f /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml ]; then
mv /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml /opt/freeswitch/conf/sip_profiles/internal-ipv6.xml_
fi
sed -i "s/proxy_pass .*/proxy_pass $PROTOCOL_HTTP:\/\/$IP:5066;/g" /etc/bigbluebutton/nginx/sip.nginx
sed -i "s/http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_HTTP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
sed -i "s/rtmp[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_RTMP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
sed -i "s/server_name .*/server_name $HOST;/g" /etc/nginx/sites-available/bigbluebutton
sed -i "s/bigbluebutton.web.serverURL=http[s]*:\/\/.*/bigbluebutton.web.serverURL=$PROTOCOL_HTTP:\/\/$HOST/g" \
/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
# Update Java screen share configuration
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties streamBaseUrl rtmp://$HOST/screenshare
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpUrl $PROTOCOL_HTTP://$HOST/screenshare
change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpFile $PROTOCOL_HTTP://$HOST/screenshare/screenshare.jnlp
change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties bbb.sip.app.ip $IP
change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties freeswitch.ip $IP
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoUrl "ws://$IP:8888/kurento"
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml kurentoIp "$IP"
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml localIpAddress "$IP"
change_yml_value /usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml ip "$IP"
sed -i "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL_HTTP}:\/\/$HOST\/bigbluebutton\/api\"/g" \
/usr/share/bbb-apps-akka/conf/application.conf
sed -i "s/bbbWebHost[ ]*=[ ]*\"[^\"]*\"/bbbWebHost=\"$HOST\"/g" \
/usr/share/bbb-apps-akka/conf/application.conf
sed -i "s/deskshareip[ ]*=[ ]*\"[^\"]*\"/deskshareip=\"$HOST\"/g" \
/usr/share/bbb-apps-akka/conf/application.conf
sed -i "s/defaultPresentationURL[ ]*=[ ]*\"[^\"]*\"/defaultPresentationURL=\"${PROTOCOL_HTTP}:\/\/$HOST\/default.pdf\"/g" \
/usr/share/bbb-apps-akka/conf/application.conf
cat > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini << HERE
; Only IP address are supported, not domain names for addresses
; You have to find a valid stun server. You can check if it works
; using this tool:
; http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
;stunServerAddress=64.233.177.127
;stunServerPort=19302
turnURL=kurento:kurento@${HOST}:3478
;pemCertificate is deprecated. Please use pemCertificateRSA instead
;pemCertificate=<path>
;pemCertificateRSA=<path>
;pemCertificateECDSA=<path>
HERE
TURN_SECRET=`openssl rand -hex 16`
# Configure coturn to handle incoming UDP connections
cat > /etc/turnserver.conf << HERE
denied-peer-ip=0.0.0.0-255.255.255.255
allowed-peer-ip=$IP
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=$TURN_SECRET
user=user:password
log-file=/var/log/turn.log
HERE
# Setup tomcat7 to share the TURN server information with clients (with matching secret)
cat > /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/spring/turn-stun-servers.xml << HERE
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="$TURN_SECRET" />
<constructor-arg index="1" value="turn:$HOST:3478" />
<constructor-arg index="2" value="86400" />
</bean>
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="$TURN_SECRET" />
<constructor-arg index="1" value="turn:$HOST:3478?transport=tcp" />
<constructor-arg index="2" value="86400" />
</bean>
<bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
<property name="stunServers">
<set />
</property>
<property name="turnServers">
<set>
<ref bean="turn0" />
<ref bean="turn1" />
</set>
</property>
<property name="remoteIceCandidates">
<set />
</property>
</bean>
</beans>
HERE
cat > /opt/freeswitch/conf/autoload_configs/acl.conf.xml << HERE
<configuration name="acl.conf" description="Network Lists">
<network-lists>
<list name="domains" default="allow">
<!-- domain= is special it scans the domain from the directory to build the ACL -->
<node type="allow" domain="\$\${domain}"/>
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
</list>
<list name="webrtc-turn" default="deny">
<node type="allow" cidr="$IP/32"/>
</list>
</network-lists>
</configuration>
HERE
# Ensure bbb-apps-akka has the latest shared secret from bbb-web
if [ -z "$SECRET" ]; then
SECRET=$(cat /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | grep securitySalt | cut -d= -f2);
else
change_var_value /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties securitySalt $SECRET
sed -i "s/String salt = .*/String salt = \"$SECRET\";/g" /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
fi
sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
/usr/share/bbb-apps-akka/conf/application.conf
sed -i "s/BigBlueButtonURL = \"http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/BigBlueButtonURL = \"$PROTOCOL_HTTP:\/\/$HOST\2/g" \
/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
sed -i "s/playback_host: .*/playback_host: $HOST/g" /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
sed -i 's/daemonize no/daemonize yes/g' /etc/redis/redis.conf
sed -i "s|\"wsUrl.*|\"wsUrl\": \"ws://$HOST/bbb-webrtc-sfu\",|g" \
/usr/share/meteor/bundle/programs/server/assets/app/config/settings-production.json
rm /usr/share/red5/log/sip.log
# Add a sleep to each recording process so we can restart with supervisord
# (This works around the limitation that supervisord can't restart after intervals)
sed -i 's/BigBlueButton.logger.debug("rap-archive-worker done")/sleep 20; BigBlueButton.logger.debug("rap-archive-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-archive-worker.rb
sed -i 's/BigBlueButton.logger.debug("rap-process-worker done")/sleep 20; BigBlueButton.logger.debug("rap-process-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-process-worker.rb
sed -i 's/BigBlueButton.logger.debug("rap-sanity-worker done")/sleep 20 ; BigBlueButton.logger.debug("rap-sanity-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-sanity-worker.rb
sed -i 's/BigBlueButton.logger.debug("rap-publish-worker done")/sleep 20; BigBlueButton.logger.debug("rap-publish-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-publish-worker.rb
# Start BigBlueButton!
#
export NODE_ENV=production
export DAEMON_LOG=/var/log/kurento-media-server
export GST_DEBUG="3,Kurento*:4,kms*:4"
export KURENTO_LOGS_PATH=$DAEMON_LOG
cat << HERE
BigBlueButton is now starting up. You can access the API demos here (use FireFox for WebRTC audio/video)
http://$HOST/demo/demo1.jsp
For API calls, use the following credentials
host: $HOST
secret: $SECRET
To interactively create API calls, here's a link to configure APIMate
http://mconf.github.io/api-mate/#server=http://$HOST/bigbluebutton/&sharedSecret=$SECRET
HERE
# Restart
bbb-conf --restart
# Update files
updatedb
exec /usr/bin/supervisord > /var/log/supervisord.log
# Tell system to not run this script again
touch /opt/docker-bbb/setup-executed
echo "BBB configuration completed.";
exit 0;