diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0934c55..f1e64d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@
## Unreleased
+## Release v2.3.4-1 (2021-06-22) #131
+- Applied v2.3.4 changes [#130](https://github.com/bigbluebutton/docker/pull/130) @alangecker
+- Reintegrate turn with default ports and support for external certificates [#126](https://github.com/bigbluebutton/docker/pull/126) @cjhille
+- Fix freeswitch package names for languages with uppercase characters in the path [#119](https://github.com/bigbluebutton/docker/pull/119) @lexuzieel
+- Exclude CLIENT_TITLE when generating compose file [#118](https://github.com/bigbluebutton/docker/pull/118) @bb
+- Fix for preuploaded presentations not working [#116](https://github.com/bigbluebutton/docker/pull/116) @manfred-w
+- Add POSTGRESQL_SECRET as environement variable [#111](https://github.com/bigbluebutton/docker/pull/111) @caminsha
+
+
## Release v2.3.0
- :tada: **BigBlueButton 2.3** including all its changes
- Template based generation of docker-compose.yml [2.2.x#71](https://github.com/alangecker/bigbluebutton-docker/pull/71) [2.2.x#42](https://github.com/alangecker/bigbluebutton-docker/issues/42) @trickert76 @alangecker
diff --git a/README.md b/README.md
index b5b5e57..06eaf13 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,11 @@
# 📦 BigBlueButton 2.3 Docker
-Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
+Version: 2.3.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
## Features
- Easy installation
- Greenlight included
+- TURN server included
- Fully automated HTTPS certificates
- Full IPv6 support
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
@@ -26,6 +27,7 @@ Version: 2.3.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
```sh
$ git clone -b main --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker
$ cd bbb-docker
+ $ git submodule update --init
```
3. Run setup:
```bash
diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml
index f7149a3..2e86700 100644
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@@ -319,6 +319,28 @@ services:
network_mode: host
{{end}}
+{{ if isTrue .Env.ENABLE_COTURN }}
+ # coturn
+ coturn:
+ image: instrumentisto/coturn:4.5
+ restart: unless-stopped
+ command:
+ - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
+ - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
+ - "--static-auth-secret=${TURN_SECRET}"
+ volumes:
+ {{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
+ - ssl_data:/etc/resty-auto-ssl
+ {{else}}
+ - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem
+ - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem
+ {{end}}
+ - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
+ - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
+ network_mode: host
+{{end}}
+
+
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
@@ -330,7 +352,7 @@ services:
DB_HOST: postgres
DB_NAME: greenlight
DB_USERNAME: postgres
- DB_PASSWORD: password
+ DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
{{ if isTrue .Env.DEV_MODE }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:8080/bigbluebutton/api/
{{else}}
@@ -346,7 +368,7 @@ services:
environment:
POSTGRES_DB: greenlight
POSTGRES_USER: postgres
- POSTGRES_PASSWORD: password
+ POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
diff --git a/docs/development.md b/docs/development.md
index 96b6629..4985548 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -7,6 +7,7 @@ you can run bbb-docker locally without any certificate issues with following `.e
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
+#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
#ENABLE_PROMETHEUS_EXPORTER=true
@@ -16,7 +17,9 @@ DOMAIN=10.7.7.1
EXTERNAL_IPv4=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
+TURN_SERVER=turns:localhost:5349?transport=tcp
+TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret
diff --git a/mod/apps-akka/Dockerfile b/mod/apps-akka/Dockerfile
index c76acb7..1d7c2d6 100644
--- a/mod/apps-akka/Dockerfile
+++ b/mod/apps-akka/Dockerfile
@@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@@ -14,7 +14,7 @@ RUN cd /bbb-common-message \
# ===================================================
-ENV TAG v2.3.0
+ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-apps /source \
&& rm -rf /source/.svn
diff --git a/mod/bbb-web/Dockerfile b/mod/bbb-web/Dockerfile
index 3dbed29..33a22bd 100644
--- a/mod/bbb-web/Dockerfile
+++ b/mod/bbb-web/Dockerfile
@@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@@ -26,7 +26,7 @@ RUN cd /opt \
ENV PATH="/opt/gradle-6.7/bin:${PATH}"
# download bbb-common-web
-ENV TAG_COMMON_WEB v2.3.0
+ENV TAG_COMMON_WEB v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_WEB/bbb-common-web /bbb-common-web \
&& rm -rf /bbb-common-message/.svn
@@ -35,7 +35,7 @@ RUN cd /bbb-common-web \
&& ./deploy.sh
# download bbb-web
-ENV TAG_WEB v2.3.0
+ENV TAG_WEB v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_WEB/bigbluebutton-web /bbb-web \
&& rm -rf /bbb-web/.svn
@@ -77,10 +77,10 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
RUN mkdir -p /usr/share/bigbluebutton/blank \
&& cd /usr/share/bigbluebutton/blank \
&& wget \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-svg.svg \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-thumb.png \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-presentation.pdf \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.0/bigbluebutton-config/slides/blank-png.png \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-svg.svg \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-thumb.png \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-presentation.pdf \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.3.4/bigbluebutton-config/slides/blank-png.png \
&& sed -i 's///g' /etc/ImageMagick-6/policy.xml
# get bbb-web
diff --git a/mod/coturn/entrypoint.sh b/mod/coturn/entrypoint.sh
new file mode 100755
index 0000000..c916cee
--- /dev/null
+++ b/mod/coturn/entrypoint.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+if [ "$ENABLE_HTTPS_PROXY" == true ]; then
+ apk add jq
+
+ while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
+ do
+ echo "ERROR: certificate doesn't exist yet."
+ echo "Certificate gets create on the first request to the HTTPS proxy."
+ echo "We will try again..."
+ sleep 10
+ done
+
+ # extract cert
+ cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.fullchain_pem' > /tmp/cert.pem
+ cat /etc/resty-auto-ssl/storage/file/*%3Alatest | jq -r '.privkey_pem' > /tmp/key.pem
+fi
+
+if [ ! -f /tmp/cert.pem ] || [ ! -f /tmp/key.pem ]; then
+ echo "ERROR: certificate not found, but coturn relies on it."
+ echo "Use either auto HTTPS proxy or"
+ echo "provide path to certificates in .env file"
+ exit 1
+fi
+
+# If command starts with an option, prepend with turnserver binary.
+if [ "${1:0:1}" == '-' ]; then
+ set -- turnserver "$@"
+fi
+
+exec $(eval "echo $@")
\ No newline at end of file
diff --git a/mod/coturn/turnserver.conf b/mod/coturn/turnserver.conf
new file mode 100644
index 0000000..be71ffe
--- /dev/null
+++ b/mod/coturn/turnserver.conf
@@ -0,0 +1,73 @@
+# Example coturn configuration for BigBlueButton
+
+# These are the two network ports used by the TURN server which the client
+# may connect to. We enable the standard unencrypted port 3478 for STUN,
+listening-port=3478
+
+# and since TLS over SMTP port (465) is now blocked by major browser vendors,
+# we reverted to the most common coturn TLS port 5349, which has limitations
+# in restrictive firewall environments. For maximum client support run
+# coturn on a dedicated host on port 443.
+tls-listening-port=5349
+
+# If the server has multiple IP addresses, you may wish to limit which
+# addresses coturn is using. Do that by setting this option (it can be
+# specified multiple times). The default is to listen on all addresses.
+# You do not normally need to set this option.
+#listening-ip=172.17.19.101
+
+# If the server is behind NAT, you need to specify the external IP address.
+# If there is only one external address, specify it like this:
+#external-ip=172.17.19.120
+# If you have multiple external addresses, you have to specify which
+# internal address each corresponds to, like this. The first address is the
+# external ip, and the second address is the corresponding internal IP.
+#external-ip=172.17.19.131/10.0.0.11
+#external-ip=172.17.18.132/10.0.0.12
+
+# Fingerprints in TURN messages are required for WebRTC
+fingerprint
+
+# The long-term credential mechanism is required for WebRTC
+lt-cred-mech
+
+# Configure coturn to use the "TURN REST API" method for validating time-
+# limited credentials. BigBlueButton will generate credentials in this
+# format. Note that the static-auth-secret value specified here must match
+# the configuration in BigBlueButton's turn-stun-servers.xml
+# You can generate a new random value by running the command:
+# openssl rand -hex 16
+use-auth-secret
+# static-auth-secret=
+
+# If the realm value is unspecified, it defaults to the TURN server hostname.
+# You probably want to configure it to a domain name that you control to
+# improve log output. There is no functional impact.
+realm=example.com
+
+# Configure TLS support.
+# Adjust these paths to match the locations of your certificate files
+cert=/tmp/cert.pem
+pkey=/tmp/key.pem
+# Limit the allowed ciphers to improve security
+# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
+
+# Enable longer DH TLS key to improve security
+dh2066
+
+# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
+# older protocols
+no-tlsv1
+no-tlsv1_1
+
+# To enable single filename logs you need to enable the simple-log flag
+syslog
+#verbose
+
+# Allocate Address Family according
+# If enabled then TURN server allocates address family according the TURN
+# Client <=> Server communication address family.
+# (By default Coturn works according RFC 6156.)
+# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
+keep-address-family
diff --git a/mod/freeswitch/Dockerfile b/mod/freeswitch/Dockerfile
index fd7c1a1..2cb4d30 100644
--- a/mod/freeswitch/Dockerfile
+++ b/mod/freeswitch/Dockerfile
@@ -35,7 +35,7 @@ RUN apt-get update && apt-get install -y \
# git sparse-checkout is not yet available with buster and there
# is no other sane way of downloading a single directory via git
-ENV TAG v2.3.0
+ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \
&& rm -rf /etc/freeswitch/.svn
diff --git a/mod/freeswitch/entrypoint.sh b/mod/freeswitch/entrypoint.sh
index 68b07bd..14d2c8a 100755
--- a/mod/freeswitch/entrypoint.sh
+++ b/mod/freeswitch/entrypoint.sh
@@ -36,7 +36,7 @@ if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
fi
else
- SOUNDS_PACKAGE=freeswitch-sounds-${SOUNDS_LANGUAGE}
+ SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]')
if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then
echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
apt-get install $SOUNDS_PACKAGE
diff --git a/mod/fsesl-akka/Dockerfile b/mod/fsesl-akka/Dockerfile
index 8821fe9..726d7ea 100644
--- a/mod/fsesl-akka/Dockerfile
+++ b/mod/fsesl-akka/Dockerfile
@@ -3,7 +3,7 @@ FROM mozilla/sbt:8u181_1.2.7 AS builder
RUN apt-get update && apt-get install -y subversion
# download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.3.0
+ENV TAG_COMMON_MESSAGE v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
&& rm -rf /bbb-common-message/.svn
@@ -13,7 +13,7 @@ RUN cd /bbb-common-message \
# ===================================================
-ENV TAG_FSESL v2.3.0
+ENV TAG_FSESL v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL/bbb-fsesl-client /bbb-fsesl-client \
&& rm -rf /bbb-fsesl-client/.svn
@@ -21,7 +21,7 @@ RUN cd /bbb-fsesl-client \
&& ./deploy.sh
-ENV TAG v2.3.0
+ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-fsesl /source \
&& rm -rf /source/.svn
diff --git a/mod/html5/Dockerfile b/mod/html5/Dockerfile
index 2b9fc5a..9189355 100644
--- a/mod/html5/Dockerfile
+++ b/mod/html5/Dockerfile
@@ -14,7 +14,7 @@ USER meteor
ENV METEOR_VERSION 1.10.2
RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh
-ENV TAG v2.3.0
+ENV TAG v2.3.4
RUN cd ~ \
&& svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
&& mv ~/bigbluebutton-html5 ~/source \
@@ -41,4 +41,4 @@ COPY settings.yml /app/programs/server/assets/app/config/settings.yml.tmpl
ENTRYPOINT ["/entrypoint.sh"]
# lets set the tag again, so that it is include in the image for later version retrieval
-ENV TAG v2.3.0
+ENV TAG v2.3.4
diff --git a/mod/html5/settings.yml b/mod/html5/settings.yml
index 1ffcc62..0831649 100644
--- a/mod/html5/settings.yml
+++ b/mod/html5/settings.yml
@@ -3,10 +3,20 @@ public:
mobileFontSize: 16px
desktopFontSize: 14px
audioChatNotification: false
+ # Shows the audio modal when user joins the room. The audio modal prompts
+ # user to select an option ("Microphone" and/or "Listen only") for joining
+ # audio
autoJoin: true
+ # Disables the listen only option in audio modal.
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
forceListenOnly: false
+ # Skips the echo test when connecting with microphone.
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
+ # Skips the echo test when connecting with microphone right after user
+ # joins the room the first time. Subsequents joins to microphone won't
+ # have echo test skipped, for example if user leave and join mic again
+ # or reloading page and joining mic again.
+ # This setting won't have effect if skipCheck = true
skipCheckOnJoin: false
#
# Allow users to change microphone/speaker dinamically
@@ -20,7 +30,7 @@ public:
appName: BigBlueButton HTML5 Client
bbbServerVersion: 2.3-dev-docker
copyright: '©2021 BigBlueButton Inc.'
- html5ClientBuild: "1669-docker"
+ html5ClientBuild: "1783-docker"
helpLink: https://bigbluebutton.org/html5/
lockOnJoin: true
cdn: ''
@@ -30,6 +40,7 @@ public:
# in some cases we want only custom logoutUrl to be used when provided on meeting create. Default value: true
allowDefaultLogoutUrl: true
allowUserLookup: false
+ dynamicGuestPolicy: true
enableGuestLobbyMessage: true
enableNetworkInformation: false
enableLimitOfViewersInWebcam: false
@@ -41,6 +52,7 @@ public:
allowLogout: true
allowFullscreen: true
preloadNextSlides: 2
+ warnAboutUnsavedContentOnMeetingEnd: false
mutedAlert:
enabled: true
interval: 200
@@ -58,6 +70,15 @@ public:
# https://github.com/bigbluebutton/bigbluebutton/pull/10826
customHeartbeat: false
showAllAvailableLocales: true
+ # Show "Audio Filters for Microphone" option in settings menu.
+ # When set to true, users are able to enable/disable microphone constraints,
+ # otherwise default values for 'microphoneConstraints' option
+ # are used.
+ # For more info, see 'microphoneConstraints' option in this config.
+ # If not set, default value is true.
+ showAudioFilters: true
+ raiseHandActionButton:
+ enabled: true
defaultSettings:
application:
animations: true
@@ -375,6 +396,7 @@ public:
enabled: {{ .Env.CHAT_ENABLED }}
itemsPerPage: 100
timeBetweenFetchs: 1000
+ enableSaveAndCopyPublicChat: true
bufferChatInsertsMs: 0
startClosed: {{ .Env.CHAT_START_CLOSED }}
min_message_length: 1
diff --git a/mod/mongo/mongod.conf b/mod/mongo/mongod.conf
index 7eac8bf..bce6bd9 100644
--- a/mod/mongo/mongod.conf
+++ b/mod/mongo/mongod.conf
@@ -9,7 +9,7 @@ storage:
enabled: true
wiredTiger:
engineConfig:
- cacheSizeGB: 0
+ cacheSizeGB: 1
journalCompressor: none
directoryForIndexes: true
collectionConfig:
diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile
index b7049d1..f0ba87b 100644
--- a/mod/nginx/Dockerfile
+++ b/mod/nginx/Dockerfile
@@ -11,12 +11,12 @@ ENV REACT_APP_BBB_PLAYBACK_BUILD=$TAG_PLAYBACK
# for the latest bbb-playback version shipped with 2.3-alpha-6
# so we use the master branch
# RUN svn checkout https://github.com/bigbluebutton/bbb-playback/tags/$TAG_PLAYBACK /bbb-playback
-RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout a9d3b7b6648fb5e85e012e73d7e7a2684d02f215
+RUN git clone https://github.com/bigbluebutton/bbb-playback.git /bbb-playback && cd /bbb-playback && git checkout 5934114aa434aba9b73b1a4c2ce228d18f276610
RUN cd /bbb-playback && npm install && npm run-script build
# --------------------
-FROM nginx:1.19-alpine
+FROM nginx:1.21-alpine
COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
COPY ./bbb /etc/nginx/bbb
diff --git a/mod/nginx/bbb/greenlight.nginx b/mod/nginx/bbb/greenlight.nginx
index 8ed654b..4ed4626 100644
--- a/mod/nginx/bbb/greenlight.nginx
+++ b/mod/nginx/bbb/greenlight.nginx
@@ -26,4 +26,9 @@ location /b/cable {
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
-}
\ No newline at end of file
+}
+
+# this is necessary for the preupload_presentation feature
+location /rails/active_storage {
+ return 301 /b$request_uri;
+}
diff --git a/mod/recordings/Dockerfile b/mod/recordings/Dockerfile
index 3eb6d6e..992fe79 100644
--- a/mod/recordings/Dockerfile
+++ b/mod/recordings/Dockerfile
@@ -45,7 +45,7 @@ RUN mkdir -p \
/usr/local/bigbluebutton/core \
/etc/bigbluebutton
-ENV TAG v2.3.0
+ENV TAG v2.3.4
# add bbb-record-core (lib, scripts and Gemfile)
RUN cd /usr/local/bigbluebutton/core \
diff --git a/mod/recordings/supervisord.conf b/mod/recordings/supervisord.conf
index 36b3650..aa71b41 100644
--- a/mod/recordings/supervisord.conf
+++ b/mod/recordings/supervisord.conf
@@ -4,7 +4,7 @@ user=root
[program:rasque_workers]
command=rake resque:workers
directory=/usr/local/bigbluebutton/core/scripts
-environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions",COUNT="1",VVERBOSE="1"
+environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
diff --git a/mod/webhooks/Dockerfile b/mod/webhooks/Dockerfile
index 0778b04..2992d07 100644
--- a/mod/webhooks/Dockerfile
+++ b/mod/webhooks/Dockerfile
@@ -13,7 +13,7 @@ RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSI
USER webhooks
-ENV TAG v2.3.0
+ENV TAG v2.3.4
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \
&& rm -rf /app/.svn \
&& cd /app && npm install --production
diff --git a/mod/webrtc-sfu/bbb-webrtc-sfu b/mod/webrtc-sfu/bbb-webrtc-sfu
index 4145f8c..1f82c24 160000
--- a/mod/webrtc-sfu/bbb-webrtc-sfu
+++ b/mod/webrtc-sfu/bbb-webrtc-sfu
@@ -1 +1 @@
-Subproject commit 4145f8c1ad9e111bf0d3fe037e9d3be965fe1232
+Subproject commit 1f82c241a6383c811c73871224e6f4670b5e45c4
diff --git a/sample.env b/sample.env
index 0010ad1..cac5f13 100644
--- a/sample.env
+++ b/sample.env
@@ -7,6 +7,13 @@
# fully automated Lets Encrypt certificates
ENABLE_HTTPS_PROXY=true
+# coturn (a TURN Server)
+# requires either the abhove HTTPS Proxy to be enabled
+# or TLS certificates to be mounted to container
+ENABLE_COTURN=true
+#COTURN_TLS_CERT_PATH=
+#COTURN_TLS_KEY_PATH=
+
# Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
@@ -35,6 +42,7 @@ ENABLE_GREENLIGHT=true
SHARED_SECRET=w6y7nycPafjPhVz3gZdBpQhR4H4MvEQzcZzia5LT
ETHERPAD_API_KEY=NEQKi2eFXSBce4kyGjwAzMn2jeF66peNYQmyFVRr
RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c915c651117e0f14358cd98f5287c431929e0f796f4100b2b1c3eb5baad1b0
+POSTGRESQL_SECRET=4xksXUDsaqAkZFSu8HF7pFppN34yy0a9g2iSqD14
@@ -136,14 +144,14 @@ BREAKOUTROOM_LIMIT=8
# ====================================
# Tuning
# ====================================
-# Default = 1; Min = 1; Max = 4
+# Default = 2; Min = 1; Max = 4
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
-NUMBER_OF_BACKEND_NODEJS_PROCESSES=1
+NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
-# Default = 1; Min = 1; Max = 8
+# Default = 2; Min = 1; Max = 8
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
# stretching the recommended number of users in BigBlueButton
-NUMBER_OF_FRONTEND_NODEJS_PROCESSES=1
+NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
# ====================================
diff --git a/scripts/generate-compose b/scripts/generate-compose
index 0e88a93..37b8353 100755
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@@ -6,8 +6,8 @@ cd $(dirname $0)/..
# load .env
if [ -f .env ]
then
- # exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters
- export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
+ # exclude WELCOME_MESSAGE && WELCOME_FOOTER && CLIENT_TITLE because it may contain invalid characters
+ export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
fi
# check for non-optional environment variables,
@@ -19,6 +19,20 @@ if [ -z "$EXTERNAL_IPv4" ]; then
exit 1
fi
+if [ "$ENABLE_COTURN" == true ]; then
+ if [ -z "$ENABLE_HTTPS_PROXY" ] && [ -z "$COTURN_TLS_CERT_PATH" ]; then
+ echo "ERROR: coturn requires TLS certificates."
+ echo "Either enable the https proxy for certificate retrival"
+ echo "or provide a path to your certificates in .env file."
+ exit 1
+ fi
+ if [ -z "$ENABLE_HTTPS_PROXY" ] && [ "$DEV_MODE" == true ]; then
+ echo "ERROR: the https proxy can't get a certificate if ran locally and therefor coturn will never start"
+ echo "you should disable coturn in .env"
+ exit 1
+ fi
+fi
+
docker run \
--rm \
-v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
@@ -26,9 +40,10 @@ docker run \
-e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
-e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
+ -e ENABLE_COTURN=${ENABLE_COTURN:-false} \
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
-e NUMBER_OF_BACKEND_NODEJS_PROCESSES=${NUMBER_OF_BACKEND_NODEJS_PROCESSES:-1} \
-e NUMBER_OF_FRONTEND_NODEJS_PROCESSES=${NUMBER_OF_FRONTEND_NODEJS_PROCESSES:-1} \
jwilder/dockerize -template /docker-compose.tmpl.yml \
- > docker-compose.yml
\ No newline at end of file
+ > docker-compose.yml
diff --git a/scripts/setup b/scripts/setup
index fa9c7c8..fb32153 100755
--- a/scripts/setup
+++ b/scripts/setup
@@ -32,6 +32,24 @@ while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
done
+coturn=""
+while [[ ! $coturn =~ ^(y|n)$ ]]; do
+ read -p "Should a coturn be included? (y/n): " coturn
+done
+if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
+then
+ echo "Coturn needs TLS to function properly."
+ echo " Since automatic HTTPS Proxy is disabled,"
+ echo " you must provide a relative or absolute path"
+ echo " to your certificates."
+ while [[ -z "$CERTPATH" ]]; do
+ read -p "Please enter path to cert.pem: " CERTPATH
+ done
+ while [[ -z "$KEYPATH" ]]; do
+ read -p "Please enter path to key.pem: " KEYPATH
+ done
+fi
+
prometheus_exporter=""
while [[ ! $prometheus_exporter =~ ^(y|n)$ ]]; do
read -p "Should a Prometheus exporter be included? (y/n): " prometheus_exporter
@@ -106,6 +124,22 @@ then
sed -i "s/#ENABLE_RECORDING.*/ENABLE_RECORDING=true/" .env
fi
+if [ "$coturn" == "y" ]
+then
+ sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:5349?transport=tcp/" .env
+ TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
+ sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
+ sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
+else
+ sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
+fi
+
+if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
+then
+ sed -i "s/#COTURN_TLS_CERT_PATH=.*/COTURN_TLS_CERT_PATH=$CERTPATH/" .env
+ sed -i "s/#COTURN_TLS_KEY_PATH=.*/COTURN_TLS_KEY_PATH=$KEYPATH/" .env
+fi
+
if [ "$prometheus_exporter" == "y" ]
then
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env
@@ -115,9 +149,17 @@ fi
RANDOM_1=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
RANDOM_2=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
RANDOM_3=$(head /dev/urandom | tr -dc a-f0-9 | head -c 128)
+if [ ! "$greenlight" == "y" ]
+then
+ RANDOM_4=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 40)
+fi
sed -i "s/SHARED_SECRET=.*/SHARED_SECRET=$RANDOM_1/" .env
sed -i "s/ETHERPAD_API_KEY=.*/ETHERPAD_API_KEY=$RANDOM_2/" .env
sed -i "s/RAILS_SECRET=.*/RAILS_SECRET=$RANDOM_3/" .env
+if [ ! "$greenlight" == "y" ]
+then
+ sed -i "s/POSTGRESQL_SECRET=.*/POSTGRESQL_SECRET=$RANDOM_4/" .env
+fi
./scripts/generate-compose