holm/docker
1
0
Fork 0
forked from extern/docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.2.x' of https://github.com/alangecker/bigbluebutton-docker into v2.2.x

Browse Source
This commit is contained in:
Sofyan Sugianto 2020-08-15 05:25:59 +07:00
commit bae3b78899
39 changed files with 1275 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
README.md
View File

@ -1,5 +1,13 @@
# BigBlueButton Docker
## Features
- Easy installation
- Greenlight included
- TURN server included
- Fully automated HTTPS certificates
- Runs on almost any major linux distributon (Debian, Ubuntu, CentOS,...)
- Full IPv6 support
## Install
1. Install docker-ce & docker-compose
1. follow instructions
@ -28,53 +36,11 @@
$ ./scripts/compose exec greenlight bundle exec rake admin:create
```
## Note if you use a Firewall / NAT
Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface.
##### Temporary way (until next reboot)
```
$ ip addr add 144.76.97.34/32 dev ens3
```
##### Permanent way
Specific to your linux distribution. Use a search engine of your choice. ;)
### Ports
Also don't forget to forward all necassary ports listed in http://docs.bigbluebutton.org/2.2/configure-firewall.html
## Upgrading
```bash
cd bbb-docker
# if you use greenlight:
# create a database backup
docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
# upgrade!
./scripts/upgrade
# restart updated services
./scripts/compose up -d
```
If you're on an old version, you might get following error: \
`no such file or directory: ./scripts/upgrade` \
A simple `$ git pull` resolves that, by fetching a newer version which includes the upgrade script.
## How-To's
- [Upgrade](docs/upgrading.md)
- [Behind NAT](docs/behind-nat.md)
- [BBB-Docker Development](docs/development.md)
- [Integration into an existing web server](docs/existing-web-server.md)
## Special thanks to
- @dkrenn, whos dockerized version (bigbluebutton#8858)(https://github.com/bigbluebutton/bigbluebutton/pull/8858) helped me a lot in understand and some configs.
## Open Tasks
- add support for recording
- add coturn
- add prometheus exporter
- further separate `bbb-core` into individual container
- enable IPv6 support
- switch `html5` to node v12
- drop root privileges in `webrtc-sfu`

3
docker-compose.coturn.yml
View File

@ -4,7 +4,8 @@ services:
image: instrumentisto/coturn:4.5
restart: unless-stopped
command:
- "--external-ip=${EXTERNAL_IP}"
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}"
volumes:
- ssl_data:/etc/resty-auto-ssl

2
docker-compose.greenlight.yml
View File

@ -12,7 +12,7 @@ services:
DB_NAME: greenlight
DB_USERNAME: postgres
DB_PASSWORD: password
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/
BIGBLUEBUTTON_ENDPOINT: ${GREENLIGHT_ENDPOINT}
BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
SECRET_KEY_BASE: ${RAILS_SECRET}
ports:

8
docker-compose.https.yml
View File

@ -3,14 +3,12 @@ services:
https_proxy:
image: valian/docker-nginx-auto-ssl
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ssl_data:/etc/resty-auto-ssl
- ./mod/https/${HTTPS_SITE_FILE}:/etc/nginx/conf.d/bbb-docker.conf
environment:
ALLOWED_DOMAINS: ${DOMAIN}
SITES: ${DOMAIN}=10.7.7.1:8080
ALLOWED_DOMAINS: ${CERTIFICATE_DOMAINS}
network_mode: host
volumes:
ssl_data:

15
docker-compose.prometheus.yml Normal file
View File

@ -0,0 +1,15 @@
version: '3.6'
services:
prometheus-exporter:
image: greenstatic/bigbluebutton-exporter:v0.5.1
restart: unless-stopped
environment:
API_BASE_URL: http://10.7.7.1:8080/bigbluebutton/api/
API_SECRET: ${SHARED_SECRET}
RECORDINGS_METRICS_READ_FROM_DISK: "false"
networks:
bbb-net:
ipv4_address: 10.7.7.33
# volumes:
# - bigbluebutton:/var/bigbluebutton

13
docker-compose.webhooks.yml Normal file
View File

@ -0,0 +1,13 @@
version: '3.6'
services:
webhooks:
build: mod/webhooks
restart: unless-stopped
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
extra_hosts:
- "redis:10.7.7.5"
networks:
bbb-net:
ipv4_address: 10.7.7.15

32
docker-compose.yml
View File

@ -7,8 +7,10 @@ services:
depends_on:
- redis
environment:
DEV_MODE: ${DEV_MODE:-}
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
WELCOME_MESSAGE: ${WELCOME_MESSAGE:-}
WELCOME_FOOTER: ${WELCOME_FOOTER}
STUN_SERVER: stun:${STUN_IP}:${STUN_PORT}
TURN_SERVER: ${TURN_SERVER:-}
@ -31,14 +33,18 @@ services:
- SYS_RESOURCE
environment:
DOMAIN: ${DOMAIN}
EXTERNAL_IP: ${EXTERNAL_IP}
EXTERNAL_IPv4: ${EXTERNAL_IPv4}
EXTERNAL_IPv6: ${EXTERNAL_IPv6:-::1}
SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST:-}
DISABLE_SOUND_MUTED: ${DISABLE_SOUND_MUTED:-false}
DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
volumes:
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external
- ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
network_mode: host
nginx:
image: nginx:1.18-alpine
image: nginx:1.19-alpine
restart: unless-stopped
depends_on:
- etherpad
@ -51,11 +57,13 @@ services:
- ./mod/nginx/bbb:/etc/nginx/bbb
- ./mod/nginx/bigbluebutton:/etc/nginx/conf.d/default.conf
- ${DEFAULT_PRESENTATION:-/dev/null}:/etc/nginx/html/default.pdf
networks:
bbb-net:
ipv4_address: 10.7.7.13
network_mode: host
extra_hosts:
- "host.docker.internal:10.7.7.1"
- "core:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.10"
- "html5:10.7.7.11"
etherpad:
build: mod/etherpad
@ -85,14 +93,13 @@ services:
ipv4_address: 10.7.7.6
kurento:
image: kurento/kurento-media-server:6.13.2
image: kurento/kurento-media-server:6.14
restart: unless-stopped
environment:
KMS_STUN_IP: ${STUN_IP}
KMS_STUN_PORT: ${STUN_PORT}
KMS_MIN_PORT: 24577
KMS_MAX_PORT: 32768
KMS_EXTERNAL_ADDRESS: ${EXTERNAL_IP}
KMS_TURN_URL:
KMS_NETWORK_INTERFACES: ${NETWORK_INTERFACE:-}
network_mode: host
@ -111,10 +118,10 @@ services:
KURENTO_NAME: kurento
REDIS_HOST: redis
FREESWITCH_IP: host.docker.internal
FREESWITCH_SIP_IP: ${EXTERNAL_IP}
FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
ESL_IP: host.docker.internal
LOG_LEVEL: info
NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IP}","url":"ws://kurento:8888/kurento"}]}'
NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IPv4}","url":"ws://kurento:8888/kurento"}]}'
ports:
- "127.0.0.1:3008:3008"
extra_hosts:
@ -135,6 +142,13 @@ services:
DOMAIN: ${DOMAIN}
CLIENT_TITLE: ${CLIENT_TITLE}
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false}
CHAT_ENABLED: ${CHAT_ENABLED:-true}
CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false}
DEV_MODE: ${DEV_MODE:-}
networks:
bbb-net:
ipv4_address: 10.7.7.11

14
docs/behind-nat.md Normal file
View File

@ -0,0 +1,14 @@
# Note if you use a Firewall / NAT
Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface.
#### Temporary way (until next reboot)
```
$ ip addr add 144.76.97.34/32 dev ens3
```
#### Permanent way
Specific to your linux distribution. Use a search engine of your choice. ;)
## Ports
Also don't forget to forward all necassary ports listed in http://docs.bigbluebutton.org/2.2/configure-firewall.html

45
docs/development.md Normal file
View File

@ -0,0 +1,45 @@
# bbb-docker Development
## Running
you can run bbb-docker locally without any certificate issues with following `.env` configurations:
```
DEV_MODE=true
ENABLE_HTTPS_PROXY=true
#ENABLE_COTURN=true
#ENABLE_GREENLIGHT=true
#ENABLE_WEBHOOKS=true
DOMAIN=10.7.7.1
EXTERNAL_IP=10.7.7.1
STUN_IP=216.93.246.18
STUN_PORT=3478
TURN_SERVER=turns:localhost:465?transport=tcp
TURN_SECRET=SuperTurnSecret
SHARED_SECRET=SuperSecret
ETHERPAD_API_KEY=SuperEtherpadKey
RAILS_SECRET=SuperRailsSecret
# ====================================
# CUSTOMIZATION
# ====================================
[... add rest of sample.env here ...]
```
- you can than start it with \
`$ ./scripts/compose up -d`
- view the logs with \
`$ ./scripts/compose logs -f`
- and access the API via \
https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
* At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
## Changes
- After doing some changes you usually must...
* rebuild the image(s): \
`$ ./scripts/compose build [containername]`
* restart changes image(s): \
`$ ./scripts/compose up -d`

43
docs/existing-web-server.md Normal file
View File

@ -0,0 +1,43 @@
# How to integrate into an existing Web server setup
Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web server may be already in use.
You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy.
> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using your Web server features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script.
## Installation
1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`.
2. Now all the required Docker containers should be running. BigBlueButton listens to port 8080. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one.
At this point, choose one of the following sections according to which Web server you're running ([Apache](#integration-with-apache)).
Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`.
## Integration with nginx
> *Not written yet. can you imagine writing down some instructions?*
## Integration with Apache
1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled:
```
sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
```
2. Add the following directives to the _https_ virtual host `bbb.example.com`:
```
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8080%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:8080/
ProxyPassReverse http://127.0.0.1:8080/
</Location>
```
3. Restart Apache:
```
service apache2 restart
```

21
docs/upgrading.md Normal file
View File

@ -0,0 +1,21 @@
# How To Upgrade bbb-docker
## Backup
if you use greenlight, create a database backup first
```bash
docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
```
## Upgrading
```bash
# upgrade!
./scripts/upgrade
# restart updated services
./scripts/compose up -d
```
## "no such file or directory: ./scripts/upgrade"
If you're on an old version, you might get this error.
A simple `$ git pull` resolves that, by fetching a newer version which includes the upgrade script.

6
mod/core/Dockerfile
View File

@ -28,7 +28,7 @@ RUN apt-get install -y supervisor apt-transport-https equivs libreoffice haveged
# bbb repo & packages
RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:bigbluebutton/support
RUN sh -c 'wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -' \
&& sh -c 'echo "deb https://packages-eu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list'
&& sh -c 'echo "deb https://ubuntu.bigbluebutton.org/xenial-22 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list'
# create dummy packages to satisfy dependencies
RUN equivs-control redis-server.control \
@ -37,6 +37,10 @@ RUN equivs-control redis-server.control \
&& dpkg -i /*.deb \
&& rm /*.deb
# this variable is not used, but it triggers
# rebuilding from here on if changed
ENV VERSION v2.2.22
RUN apt-get update && apt-get install -y bbb-web \
bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka bbb-apps \
bbb-apps-video bbb-apps-screenshare bbb-apps-video-broadcast \

6
mod/core/web/bigbluebutton.properties
View File

@ -146,7 +146,7 @@ defaultGuestPolicy=ALWAYS_ACCEPT
#
# native2ascii -encoding UTF8 bigbluebutton.properties bigbluebutton.properties
#
defaultWelcomeMessage=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="event:http://www.bigbluebutton.org/html5"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others.
defaultWelcomeMessage={{ .Env.WELCOME_MESSAGE }}
defaultWelcomeMessageFooter={{ .Env.WELCOME_FOOTER }}
# Default maximum number of users a meeting can have.
@ -297,7 +297,11 @@ beans.presentationService.testPresentationName=appkonference
# Uploaded presentation file
beans.presentationService.testUploadedPresentation=appkonference.txt
# Default Uploaded presentation file
{{ if isTrue .Env.DEV_MODE }}
beans.presentationService.defaultUploadedPresentation=https://test.bigbluebutton.org/default.pdf
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation

10
mod/coturn/turnserver.conf
View File

@ -60,4 +60,12 @@ no-tlsv1
no-tlsv1_1
# To enable single filename logs you need to enable the simple-log flag
syslog
syslog
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
keep-address-family

4
mod/freeswitch/Dockerfile
View File

@ -35,7 +35,6 @@ RUN apt-get update && apt-get install -y \
freeswitch-mod-hash \
freeswitch-mod-httapi \
freeswitch-mod-local-stream \
freeswitch-mod-logfile \
freeswitch-mod-loopback \
freeswitch-mod-lua \
freeswitch-mod-native-file \
@ -49,7 +48,8 @@ RUN apt-get update && apt-get install -y \
freeswitch-mod-spandsp \
freeswitch-mod-tone-stream \
freeswitch-mod-verto \
freeswitch-sounds-en-us-callie
freeswitch-sounds-en-us-callie \
iptables
# Potentially missing
# (included in bbb-freeswitch-core but not referenced in https://github.com/bigbluebutton/bigbluebutton/issues/9064)

284
mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl Normal file
View File

@ -0,0 +1,284 @@
<!-- http://wiki.freeswitch.org/wiki/Mod_conference -->
<!-- None of these paths are real if you want any of these options you need to really set them up -->
<configuration name="conference.conf" description="Audio Conference">
<!-- Advertise certain presence on startup . -->
<advertise>
<room name="3001@$${domain}" status="FreeSWITCH"/>
</advertise>
<!-- These are the default keys that map when you do not specify a caller control group -->
<!-- Note: none and default are reserved names for group names. Disabled if dist-dtmf member flag is set. -->
<caller-controls>
<group name="default">
<control action="mute" digits="0"/>
<control action="deaf mute" digits="*"/>
<control action="energy up" digits="9"/>
<control action="energy equ" digits="8"/>
<control action="energy dn" digits="7"/>
<control action="vol talk up" digits="3"/>
<control action="vol talk zero" digits="2"/>
<control action="vol talk dn" digits="1"/>
<control action="vol listen up" digits="6"/>
<control action="vol listen zero" digits="5"/>
<control action="vol listen dn" digits="4"/>
<!--control action="hangup" digits="#"/ -->
</group>
</caller-controls>
<!-- Profiles are collections of settings you can reference by name. -->
<profiles>
<!--If no profile is specified it will default to "default"-->
<profile name="default">
<!-- Directory to drop CDR's
'auto' means $PREFIX/logs/conference_cdr/<confernece_uuid>.cdr.xml
a non-absolute path means $PREFIX/logs/<value>/<confernece_uuid>.cdr.xml
absolute path means <value>/<confernece_uuid>.cdr.xml
-->
<!-- <param name="cdr-log-dir" value="auto"/> -->
<!-- Domain (for presence) -->
<param name="domain" value="$${domain}"/>
<!-- Sample Rate-->
<param name="rate" value="8000"/>
<!-- Number of milliseconds per frame -->
<param name="interval" value="20"/>
<!-- Energy level required for audio to be sent to the other users -->
<param name="energy-level" value="100"/>
<!--Can be | delim of waste|mute|deaf|dist-dtmf waste will always transmit data to each channel
even during silence. dist-dtmf propagates dtmfs to all other members, but channel controls
via dtmf will be disabled. -->
<!-- <param name="member-flags" value="waste"/> -->
<!-- Name of the caller control group to use for this profile -->
<!-- <param name="caller-controls" value="some name"/> -->
<!-- Name of the caller control group to use for the moderator in this profile -->
<!-- <param name="moderator-controls" value="some name"/> -->
<!-- TTS Engine to use -->
<!-- <param name="tts-engine" value="cepstral"/> -->
<!-- TTS Voice to use -->
<!-- <param name="tts-voice" value="david"/> -->
<!-- If TTS is enabled all audio-file params beginning with -->
<!-- 'say:' will be considered text to say with TTS -->
<!-- Override the default path here, after which you use relative paths in the other sound params -->
<!-- Note: The default path is the conference's first caller's sound_prefix -->
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<!-- File to play to acknowledge succees -->
<!-- <param name="ack-sound" value="beep.wav"/> -->
<!-- File to play to acknowledge failure -->
<!-- <param name="nack-sound" value="beeperr.wav"/> -->
<!-- File to play to acknowledge muted -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<!-- File to play to acknowledge unmuted -->
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<!-- File to play if you are alone in the conference -->
<param name="alone-sound" value="conference/conf-alone.wav"/>
<!-- File to play endlessly (nobody will ever be able to talk) -->
<!-- <param name="perpetual-sound" value="perpetual.wav"/> -->
<!-- File to play when you're alone (music on hold)-->
<param name="moh-sound" value="$${hold_music}"/>
<!-- File to play when you join the conference -->
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<!-- File to play when you leave the conference -->
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<!-- File to play when you are ejected from the conference -->
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<!-- File to play when the conference is locked -->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<!-- File to play when the conference is locked during the call-->
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<!-- File to play when the conference is unlocked during the call-->
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<!-- File to play to prompt for a pin -->
<param name="pin-sound" value="conference/conf-pin.wav"/>
<!-- File to play to when the pin is invalid -->
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<!-- Conference pin -->
<!-- <param name="pin" value="12345"/> -->
<!-- <param name="moderator-pin" value="54321"/> -->
<!-- Max number of times the user can be prompted for PIN -->
<!-- <param name="pin-retries" value="3"/> -->
<!-- Default Caller ID Name for outbound calls -->
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<!-- Default Caller ID Number for outbound calls -->
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- Suppress start and stop talking events -->
<!-- <param name="suppress-events" value="start-talking,stop-talking"/> -->
<!-- enable comfort noise generation -->
<param name="comfort-noise" value="true"/>
<!-- Uncomment auto-record to toggle recording every conference call. -->
<!-- Another valid value is shout://user:pass@server.com/live.mp3 -->
<!--
<param name="auto-record" value="$${recordings_dir}/${conference_name}_${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
-->
<!-- IVR digit machine timeouts -->
<!-- How much to wait between DTMF digits to match caller-controls -->
<!-- <param name="ivr-dtmf-timeout" value="500"/> -->
<!-- How much to wait for the first DTMF, 0 forever -->
<!-- <param name="ivr-input-timeout" value="0" /> -->
<!-- Delay before a conference is asked to be terminated -->
<!-- <param name="endconf-grace-time" value="120" /> -->
<!-- Can be | delim of wait-mod|audio-always|video-bridge|video-floor-only
wait_mod will wait until the moderator in,
audio-always will always mix audio from all members regardless they are talking or not -->
<!-- <param name="conference-flags" value="audio-always"/> -->
<!-- Allow live array sync for Verto -->
<!-- <param name="conference-flags" value="livearray-sync"/> -->
</profile>
<profile name="wideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="ultrawideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="32000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|transcode-video|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1280x720"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
<!-- <param name="video-auto-floor-msec" value="100"/> -->
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="cdquality">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
{{if not (isTrue .Env.DISABLE_SOUND_MUTED) }}
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
{{end}}
{{if not (isTrue .Env.DISABLE_SOUND_ALONE) }}
<param name="alone-sound" value="conference/conf-alone.wav"/>
{{end}}
<!--
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
-->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- param name="comfort-noise" value="true"/ -->
<param name="comfort-noise" value="1400"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1920x1080"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
</profile>
<profile name="video-mcu-stereo">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="channels" value="2"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="local_stream://stereo"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="false"/>
<param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|minimize-video-encoding"/>
<param name="video-mode" value="mux"/>
<param name="video-layout-name" value="3x3"/>
<param name="video-layout-name" value="group:grid"/>
<param name="video-canvas-size" value="1920x1080"/>
<param name="video-canvas-bgcolor" value="#333333"/>
<param name="video-layout-bgcolor" value="#000000"/>
<param name="video-codec-bandwidth" value="1mb"/>
<param name="video-fps" value="15"/>
</profile>
<profile name="sla">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="caller-controls" value="none"/>
<param name="energy-level" value="200"/>
<param name="moh-sound" value="silence"/>
<param name="comfort-noise" value="true"/>
</profile>
</profiles>
</configuration>

144
mod/freeswitch/conf/autoload_configs/modules.conf.xml Normal file
View File

@ -0,0 +1,144 @@
<configuration name="modules.conf" description="Modules">
<modules>
<!-- Loggers (I'd load these first) -->
<load module="mod_console"/>
<!-- <load module="mod_graylog2"/> -->
<!-- <load module="mod_logfile"/> -->
<!-- <load module="mod_syslog"/> -->
<!--<load module="mod_yaml"/>-->
<!-- Multi-Faceted -->
<!-- mod_enum is a dialplan interface, an application interface and an api command interface -->
<load module="mod_enum"/>
<!-- XML Interfaces -->
<!-- <load module="mod_xml_rpc"/> -->
<!-- <load module="mod_xml_curl"/> -->
<!-- <load module="mod_xml_cdr"/> -->
<!-- <load module="mod_xml_radius"/> -->
<!-- <load module="mod_xml_scgi"/> -->
<!-- Event Handlers -->
<!-- <load module="mod_amqp"/> -->
<!-- <load module="mod_cdr_csv"/> -->
<!-- <load module="mod_cdr_sqlite"/> -->
<!-- <load module="mod_event_multicast"/> -->
<load module="mod_event_socket"/>
<!-- <load module="mod_event_zmq"/> -->
<!-- <load module="mod_zeroconf"/> -->
<!-- <load module="mod_erlang_event"/> -->
<!-- <load module="mod_smpp"/> -->
<!-- <load module="mod_snmp"/> -->
<!-- Directory Interfaces -->
<!-- <load module="mod_ldap"/> -->
<!-- Endpoints -->
<!-- <load module="mod_dingaling"/> -->
<!-- <load module="mod_portaudio"/> -->
<!-- <load module="mod_alsa"/> -->
<load module="mod_sofia"/>
<load module="mod_loopback"/>
<!-- <load module="mod_woomera"/> -->
<!-- <load module="mod_freetdm"/> -->
<!-- <load module="mod_unicall"/> -->
<!-- <load module="mod_skinny"/> -->
<!-- <load module="mod_khomp"/> -->
<load module="mod_rtc"/>
<!-- <load module="mod_rtmp"/> -->
<load module="mod_verto"/>
<!-- Applications -->
<load module="mod_commands"/>
<load module="mod_conference"/>
<!-- <load module="mod_curl"/> -->
<load module="mod_db"/>
<load module="mod_dptools"/>
<load module="mod_expr"/>
<load module="mod_fifo"/>
<load module="mod_hash"/>
<!--<load module="mod_mongo"/> -->
<!--load module="mod_voicemail"/>-->
<!--<load module="mod_directory"/>-->
<!--<load module="mod_distributor"/>-->
<!--<load module="mod_lcr"/>-->
<!--<load module="mod_easyroute"/>-->
<load module="mod_esf"/>
<load module="mod_fsv"/>
<!--<load module="mod_cluechoo"/>-->
<!--load module="mod_valet_parking"/>-->
<!--<load module="mod_fsk"/>-->
<!--<load module="mod_spy"/>-->
<!--<load module="mod_sms"/>-->
<!--<load module="mod_smpp"/>-->
<!--<load module="mod_random"/>-->
<load module="mod_httapi"/>
<!--<load module="mod_translate"/>-->
<!-- SNOM Module -->
<!--<load module="mod_snom"/>-->
<!-- This one only works on Linux for now -->
<!--<load module="mod_ladspa"/>-->
<!-- Dialplan Interfaces -->
<!-- <load module="mod_dialplan_directory"/> -->
<load module="mod_dialplan_xml"/>
<load module="mod_dialplan_asterisk"/>
<!-- Codec Interfaces -->
<load module="mod_spandsp"/>
<load module="mod_g723_1"/>
<load module="mod_g729"/>
<load module="mod_amr"/>
<!--<load module="mod_ilbc"/>-->
<!--<load module="mod_h26x"/>-->
<load module="mod_b64"/>
<!--<load module="mod_siren"/>-->
<!--<load module="mod_isac"/>-->
<load module="mod_opus"/>
<load module="mod_opusfile"/>
<!-- File Format Interfaces -->
<load module="mod_sndfile"/>
<load module="mod_native_file"/>
<load module="mod_png"/>
<!-- <load module="mod_shell_stream"/> -->
<!--For icecast/mp3 streams/files-->
<!--<load module="mod_shout"/>-->
<!--For local streams (play all the files in a directory)-->
<load module="mod_local_stream"/>
<load module="mod_tone_stream"/>
<!-- Timers -->
<!-- <load module="mod_timerfd"/> -->
<!-- <load module="mod_posix_timer"/> -->
<!-- Languages -->
<!-- <load module="mod_v8"/> -->
<!-- <load module="mod_perl"/> -->
<!-- <load module="mod_python"/> -->
<!-- <load module="mod_java"/> -->
<load module="mod_lua"/>
<!-- ASR /TTS -->
<!-- <load module="mod_flite"/> -->
<!-- <load module="mod_pocketsphinx"/> -->
<!-- <load module="mod_cepstral"/> -->
<!-- <load module="mod_tts_commandline"/> -->
<!-- <load module="mod_rss"/> -->
<!-- Say -->
<load module="mod_say_en"/>
<!-- <load module="mod_say_ru"/> -->
<!-- <load module="mod_say_zh"/> -->
<!-- <load module="mod_say_sv"/> -->
<!-- Third party modules -->
<!--<load module="mod_nibblebill"/>-->
<!--<load module="mod_callcenter"/>-->
<!--<load module="mod_av"/-->
</modules>
</configuration>

117
mod/freeswitch/conf/sip_profiles/external-ipv6.xml
View File

@ -1,4 +1,113 @@
<!--
IPv6 is disabled for now since there a some more configurations needed
to make it work beautifully
-->
<profile name="external-ipv6">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-ipv6/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<!--<domain name="all" alias="false" parse="true"/>-->
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge support
<param name="apply-candidate-acl" value="wan_v6.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v6.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
-->
<param name="apply-candidate-acl" value="deny_private_v6"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="rtp-ip" value="$${external_ip_v6}"/>
<param name="sip-ip" value="$${local_ip_v6}"/>
<!-- Shouldn't set these on IPv6 -->
<!--<param name="ext-rtp-ip" value="auto-nat"/>-->
<!--<param name="ext-sip-ip" value="auto-nat"/>-->
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

7
mod/freeswitch/conf/vars.xml.tmpl
View File

@ -60,7 +60,8 @@
-->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.1"/>
<X-PRE-PROCESS cmd="set" data="local_ip_v6=::1"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IP }}"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v6={{ .Env.EXTERNAL_IPv6 }}"/>
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
@ -300,7 +301,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IP }}"/>
<X-PRE-PROCESS cmd="set" data="external_rtp_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
@ -313,7 +314,7 @@
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IP }}"/>
<X-PRE-PROCESS cmd="set" data="external_sip_ip={{ .Env.EXTERNAL_IPv4 }}"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.

16
mod/freeswitch/entrypoint.sh
View File

@ -1,5 +1,21 @@
#!/bin/bash
# remove all SIP (port 5060) iptable rules
iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D
# block requests to 5060 (tcp/udp)
iptables -A INPUT -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT
iptables -A INPUT -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT
# allow some IPs
IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST"
for IP in "${ADDR[@]}"; do
# process "$i"
echo "allow port 5060/udp for $IP"
iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT
done
dockerize \
-template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \
-template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \
/usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf

4
mod/html5/Dockerfile
View File

@ -14,7 +14,7 @@ USER meteor
ENV METEOR_VERSION 1.8.1
RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh
ENV TAG v2.2.16
ENV TAG v2.2.22
RUN cd ~ \
&& svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
&& mv ~/bigbluebutton-html5 ~/source \
@ -51,4 +51,4 @@ USER meteor
ENTRYPOINT ["/entrypoint.sh"]
# lets set the tag again, so that it is include in the image for later version retrieval
ENV TAG v2.2.14
ENV TAG v2.2.22

5
mod/html5/entrypoint.sh
View File

@ -8,6 +8,11 @@ export ENVIRONMENT_TYPE=production
export PORT=3000
export LANG=en_US.UTF-8
if [ "$DEV_MODE" == true ]; then
echo "DEV_MODE=true, disable TLS certificate rejecting"
export NODE_TLS_REJECT_UNAUTHORIZED=0
fi
rm -f /app/programs/server/assets/app/config/settings.yml
dockerize \
-template /app/programs/server/assets/app/config/settings.yml.tmpl:/app/programs/server/assets/app/config/settings.yml \

95
mod/html5/settings.yml
View File

@ -4,14 +4,14 @@ public:
desktopFontSize: 14px
audioChatNotification: false
autoJoin: true
listenOnlyMode: true
listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
forceListenOnly: false
skipCheck: false
skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
clientTitle: {{ .Env.CLIENT_TITLE }}
appName: BigBlueButton HTML5 Client
bbbServerVersion: 2.2
copyright: "©2019 BigBlueButton Inc."
html5ClientBuild: 933
copyright: "©2020 BigBlueButton Inc."
html5ClientBuild: 992
helpLink: https://bigbluebutton.org/html5/
lockOnJoin: true
cdn: ""
@ -20,11 +20,15 @@ public:
allowUserLookup: false
enableNetworkInformation: false
enableLimitOfViewersInWebcam: false
enableMultipleCameras: false
enableTalkingIndicator: true
mirrorOwnWebcam: false
viewersInWebcam: 8
ipv4FallbackDomain: ""
allowLogout: true
allowFullscreen: true
remainingTimeThreshold: 30
remainingTimeAlertThreshold: 1
defaultSettings:
application:
animations: true
@ -83,6 +87,16 @@ public:
packetLostThreshold: 10
kurento:
wsUrl: wss://{{ .Env.DOMAIN }}/bbb-webrtc-sfu
# Valid for video-provider. Time (ms) before its WS connection times out
# and tries to reconnect.
wsConnectionTimeout: 4000
cameraTimeouts:
# Base camera timeout: used as the camera *sharing* timeout and
# as the minimum camera subscribe reconnection timeout
baseTimeout: 15000
# Max timeout: used as the max camera subscribe reconnection timeout. Each
# subscribe reattempt increases the reconnection timer up to this
maxTimeout: 60000
chromeDefaultExtensionKey: akgoaoikmbmhcopjgakkcepdgdgkjfbc
chromeDefaultExtensionLink: https://chrome.google.com/webstore/detail/bigbluebutton-screenshare/akgoaoikmbmhcopjgakkcepdgdgkjfbc
chromeExtensionKey: KEY
@ -102,7 +116,49 @@ public:
- window
- screen
firefoxScreenshareSource: window
# cameraProfiles is an array of:
# - id: profile identifier
# name: human-readable profile name
# bitrate
# hidden: whether this profile will be hidden in the video preview dropdown
# constraints: a video media constraints dictionary (without the video key)
cameraProfiles:
- id: low-u30
name: low-u30
bitrate: 30
hidden: true
constraints:
frameRate: 3
- id: low-u25
name: low-u25
bitrate: 40
hidden: true
constraints:
frameRate: 3
- id: low-u20
name: low-u20
bitrate: 50
hidden: true
constraints:
frameRate: 5
- id: low-u15
name: low-u15
bitrate: 70
hidden: true
constraints:
frameRate: 8
- id: low-u12
name: low-u12
bitrate: 90
hidden: true
constraints:
frameRate: 10
- id: low-u8
name: low-u8
bitrate: 100
hidden: true
constraints:
frameRate: 10
- id: low
name: Low quality
default: true
@ -121,11 +177,29 @@ public:
bitrate: 800
enableScreensharing: true
enableVideo: true
enableVideoStats: false
enableVideoMenu: true
enableListenOnly: true
autoShareWebcam: false
skipVideoPreview: false
autoShareWebcam: {{ .Env.AUTO_SHARE_WEBCAM }}
skipVideoPreview: {{ .Env.DISABLE_VIDEO_PREVIEW }}
# Entry `thresholds` is an array of:
# - threshold: minimum number of cameras being shared for profile to applied
# profile: a camera profile id from the cameraProfiles configuration array
# that will be applied to all cameras when threshold is hit
cameraQualityThresholds:
enabled: false
thresholds:
- threshold: 8
profile: low-u8
- threshold: 12
profile: low-u12
- threshold: 15
profile: low-u15
- threshold: 20
profile: low-u20
- threshold: 25
profile: low-u25
- threshold: 30
profile: low-u30
pingPong:
clearUsersInSeconds: 180
pongTimeInSeconds: 15
@ -146,8 +220,8 @@ public:
lines: 2
time: 5000
chat:
enabled: true
startClosed: false
enabled: {{ .Env.CHAT_ENABLED }}
startClosed: {{ .Env.CHAT_START_CLOSED }}
min_message_length: 1
max_message_length: 5000
grouping_messages_window: 10000
@ -171,7 +245,7 @@ public:
config:
showLineNumbers: false
showChat: false
noColors: false
noColors: true
showControls: true
rtl: false
layout:
@ -187,6 +261,7 @@ public:
callHangupMaximumRetries: 10
echoTestNumber: 'echo'
relayOnlyOnReconnect: false
listenOnlyCallTimeout: 15000
presentation:
defaultPresentationFile: default.pdf
panZoomThrottle: 32

28
mod/https/site-ipv4only.conf Normal file
View File

@ -0,0 +1,28 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2 default_server;
# we at still serve https via IPv6 for the
# case that an AAAA record is set.
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}

28
mod/https/site.conf Normal file
View File

@ -0,0 +1,28 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
include resty-server-https.conf;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}

4
mod/nginx/bbb/bbb-exporter.nginx Normal file
View File

@ -0,0 +1,4 @@
location /bbb-exporter {
proxy_pass http://10.7.7.33:9688;
proxy_http_version 1.1;
}

4
mod/nginx/bbb/client.nginx Normal file
View File

@ -0,0 +1,4 @@
location = /client/guest-wait.html {
alias /etc/nginx/bbb/guest-wait.html;
}

81
mod/nginx/bbb/guest-wait.html Normal file
View File

@ -0,0 +1,81 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Guest Lobby</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style></style>
<script type="text/javascript">
function updateMessage(message) {
document.querySelector('#content > p').innerHTML = message;
}
function findSessionToken() {
return location.search
.substr(1)
.split('&')
.find(function(item) {
return item.split('=')[0] === 'sessionToken'
});
};
function fetchGuestWait(sessionToken) {
const GUEST_WAIT_ENDPOINT = '/bigbluebutton/api/guestWait';
return window.fetch(GUEST_WAIT_ENDPOINT+'?'+sessionToken+'&redirect=false')
.then(res => res.json())
};
function pollGuestStatus(token, attempt, limit, everyMs) {
setTimeout(function() {
var REDIRECT_STATUSES = ['ALLOW', 'DENY'];
if (attempt >= limit) {
updateMessage('TIMEOUT_MESSAGE_HERE');
return;
}
fetchGuestWait(token).then(function(data) {
console.log("data=" + JSON.stringify(data));
var status = data.response.guestStatus;
if (REDIRECT_STATUSES.includes(status)) {
window.location = data.response.url;
return;
}
return pollGuestStatus(token, attempt + 1, limit, everyMs);
})
}, everyMs);
};
window.onload = function() {
try {
var ATTEMPT_EVERY_MS = 5000;
var ATTEMPT_LIMIT = 100;
var sessionToken = findSessionToken();
if(!sessionToken) {
updateMessage('NO_SESSION_TOKEN_MESSAGE');
return;
}
pollGuestStatus(sessionToken, 0, ATTEMPT_LIMIT, ATTEMPT_EVERY_MS);
} catch (e) {
console.error(e);
updateMessage('GENERIC_ERROR_MESSAGE');
}
};
</script>
</head>
<body>
<div id="banner"></div>
<div id="content">
<p>Please wait for a moderator to approve you joining the meeting.</p>
</div>
</body>
</html>

29
mod/nginx/bbb/notes.nginx
View File

@ -1,15 +1,24 @@
# https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
location ~ "^\/pad\/p\/(\w+)$" {
rewrite /pad/(.*) /$1 break;
rewrite ^/pad$ /pad/ permanent;
location /pad/p/ {
rewrite /pad/p/(.*) /p/$1 break;
rewrite ^/pad/p$ /pad/p/ permanent;
proxy_pass http://etherpad:9001;
proxy_pass_header Server;
proxy_redirect / /pad;
proxy_set_header Host $host;
proxy_buffering off;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
proxy_set_header X-Forwarded-Proto https; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1;
# there is currently no viable source for building the
# bbb-etherpad including sesstiontokens which got introduced in v2.2.21
# https://github.com/bigbluebutton/bigbluebutton/issues/10159
#
# We disable the authentication for now.
# auth_request /bigbluebutton/connection/checkAuthorization;
# auth_request_set $auth_status $upstream_status;
}
location /pad {
@ -22,6 +31,13 @@ location /pad {
proxy_buffering off;
}
location /pad/socket.io/socket.io.js {
rewrite /pad/socket.io/socket.io.js /socket.io/socket.io.js break;
proxy_pass http://etherpad:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
location /pad/socket.io {
rewrite /pad/socket.io/(.*) /socket.io/$1 break;
proxy_pass http://etherpad:9001/;
@ -36,6 +52,9 @@ location /pad/socket.io {
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# auth_request /bigbluebutton/connection/checkAuthorization;
# auth_request_set $auth_status $upstream_status;
}
location /static {

5
mod/nginx/bbb/sip.nginx
View File

@ -1,5 +1,5 @@
location /ws {
proxy_pass https://host.docker.internal:7443;
proxy_pass https://$freeswitch_addr:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
@ -9,4 +9,7 @@ location /ws {
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}

9
mod/nginx/bbb/webhooks.nginx Normal file
View File

@ -0,0 +1,9 @@
# Pass to the webhooks app all requests made to the webhooks API.
location /bigbluebutton/api/hooks {
proxy_pass http://10.7.7.15:3005;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}

15
mod/nginx/bigbluebutton
View File

@ -1,8 +1,15 @@
server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/bigbluebutton.access.log;
map $remote_addr $freeswitch_addr {
"~:" [::1];
default 10.7.7.1;
}
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
access_log /dev/stdout;
absolute_redirect off;
# redirect to greenlight
location = / {
return 302 /b;

26
mod/webhooks/Dockerfile Normal file
View File

@ -0,0 +1,26 @@
FROM node:12-alpine
# download dockerize
ENV DOCKERIZE_VERSION v0.6.1
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& apk add subversion \
&& mkdir /app \
&& adduser -D -u 2002 -g webhooks webhooks \
&& chown webhooks:webhooks /app
USER webhooks
ENV TAG v2.2.20
RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \
&& rm -rf /app/.svn \
&& cd /app && npm install --production
COPY entrypoint.sh /entrypoint.sh
COPY config.yml /app/config/default.yml.tmpl
ENTRYPOINT /entrypoint.sh

69
mod/webhooks/config.yml Normal file
View File

@ -0,0 +1,69 @@
# Shared secret of your BigBlueButton server.
bbb:
serverDomain: {{ .Env.DOMAIN }}
sharedSecret: {{ .Env.SHARED_SECRET }}
# Whether to use Auth2.0 or not, Auth2.0 sends the sharedSecret whithin an Authorization header as a bearer
auth2_0: true
apiPath: /bigbluebutton/api
# The port in which the API server will run.
server:
port: 3005
# Web hooks configs
hooks:
channels:
- from-akka-apps-redis-channel
- from-bbb-web-redis-channel
- from-akka-apps-chat-redis-channel
- bigbluebutton:from-bbb-apps:meeting
- bigbluebutton:from-bbb-apps:users
- bigbluebutton:from-bbb-apps:chat
- bigbluebutton:from-rap
# IP where permanent hook will post data (more than 1 URL means more than 1 permanent hook)
permanentURLs: []
# How many messages will be enqueued to be processed at the same time
queueSize: 10000
# Allow permanent hooks to receive raw message, which is the message straight from BBB
getRaw: false
# If set to higher than 1, will send events on the format:
# "event=[{event1},{event2}],timestamp=000" or "[{event1},{event2}]" (based on using auth2_0 or not)
# when there are more than 1 event on the queue at the moment of processing the queue.
multiEvent: 1
# Retry intervals for failed attempts for perform callback calls.
# In ms. Totals to around 5min.
retryIntervals:
- 100
- 500
- 1000
- 2000
- 4000
- 8000
- 10000
- 30000
- 60000
- 60000
- 60000
- 60000
# Reset permanent interval when exceeding maximum attemps
permanentIntervalReset: 8
# Hook's request module timeout for socket conn establishment and/or responses (ms)
requestTimeout: 5000
# Mappings of internal to external meeting IDs
mappings:
cleanupInterval: 10000 # 10 secs, in ms
timeout: 86400000 # 24 hours, in ms
# Redis
redis:
host: redis
port: 6379
keys:
hookPrefix: bigbluebutton:webhooks:hook
hooks: bigbluebutton:webhooks:hooks
mappings: bigbluebutton:webhooks:mappings
mappingPrefix: bigbluebutton:webhooks:mapping
eventsPrefix: bigbluebutton:webhooks:events
userMaps: bigbluebutton:webhooks:userMaps
userMapPrefix: bigbluebutton:webhooks:userMap

9
mod/webhooks/entrypoint.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
export NODE_ENV=production
cd /app
dockerize \
-wait tcp://redis:6379 \
-template /app/config/default.yml.tmpl:/app/config/default.yml \
node app.js

50
sample.env
View File

@ -15,6 +15,14 @@ ENABLE_COTURN=true
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
# Enable Webhooks
# used by some integrations
#ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
#ENABLE_PROMETHEUS_EXPORTER=true
# ====================================
# SECRETS
@ -32,9 +40,12 @@ RAILS_SECRET=cdfbae48b197805a435ab7881da31c642ac1a7d4d5c006441efa8125ae63865ce7c
DOMAIN=bbb.example.com
EXTERNAL_IP=144.76.97.10
EXTERNAL_IPv4=144.76.97.10
EXTERNAL_IPv6=
# setting the network interface speeds up kurentos WebRTC connection time
# setting the network interface speeds up kurentos WebRTC connection time,
# but currently also disables IPv6 for Kurento
# (https://github.com/Kurento/bugtracker/issues/500)
#NETWORK_INTERFACE=ens3
# STUN SERVER
@ -47,6 +58,12 @@ STUN_PORT=3478
#TURN_SERVER=turns:turn.example.com:443?transport=tcp
#TURN_SECRET=
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=
# ====================================
# CUSTOMIZATION
@ -54,15 +71,40 @@ STUN_PORT=3478
CLIENT_TITLE=BigBlueButton
WELCOME_FOOTER=This server is running <a href="http://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>.
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="https://www.bigbluebutton.org/html5" target="_blank"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others.
WELCOME_FOOTER=This server is running <a href="https://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>.
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER=This server is running <a href="http://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number.
#WELCOME_FOOTER=This server is running <a href="https://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number.
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# set to false to disable listenOnlyMode
LISTEN_ONLY_MODE=true
# set to true to disable echo test
DISABLE_ECHO_TEST=false
# set to true to automatically share webcam
AUTO_SHARE_WEBCAM=false
# set to true to disable video preview for webcam sharing
DISABLE_VIDEO_PREVIEW=false
# set to false to disable chat
CHAT_ENABLED=true
# set to true to start chat closed
CHAT_START_CLOSED=false
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# ====================================
# GREENLIGHT CONFIGURATION

37
scripts/compose
View File

@ -6,8 +6,33 @@ cd $(dirname $0)/..
# load .env
if [ -f .env ]
then
# exclude WELCOME_FOOTER because it may contain invalid characters
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | xargs)
# exclude WELCOME_MESSAGE && WELCOME_FOOTER because it may contain invalid characters
export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
fi
# check for non-optional environment variables,
# which got introduced later and may miss in existing
# .env files during upgrades
if [ -z "$EXTERNAL_IPv4" ]; then
echo "ERROR: EXTERNAL_IPv4 is not set in .env"
echo "BBB won't work without it."
echo "this can happen if you did an manual upgrade without executing"
echo " ./scripts/upgrade"
echo "try to run it again"
exit 1
fi
# set conditional variables
export CERTIFICATE_DOMAINS=$DOMAIN
export GREENLIGHT_ENDPOINT=https://$DOMAIN/bigbluebutton/api/
if [ "$DEV_MODE" == true ]; then
export CERTIFICATE_DOMAINS="invalid"
export GREENLIGHT_ENDPOINT=http://10.7.7.1:8080/bigbluebutton/api/
fi
if [ ! -z "$EXTERNAL_IPv6" ]; then
export HTTPS_SITE_FILE="site.conf"
else
export HTTPS_SITE_FILE="site-ipv4only.conf"
fi
# concatenate docker-compose file
@ -24,4 +49,12 @@ if [ "$ENABLE_GREENLIGHT" == true ]; then
COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.greenlight.yml"
fi
if [ "$ENABLE_WEBHOOKS" == true ]; then
COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.webhooks.yml"
fi
if [ "$ENABLE_PROMETHEUS_EXPORTER" == true ]; then
COMPOSE_FILES="$COMPOSE_FILES -f docker-compose.prometheus.yml"
fi
docker-compose $COMPOSE_FILES $@

32
scripts/setup
View File

@ -19,7 +19,8 @@ then
fi
EXTERNAL_IP=$(curl -s http://whatismyip.akamai.com)
EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com)
EXTERNAL_IPv6=$(curl -6 -s https://icanhazip.com || true)
greenlight=""
while [[ ! $greenlight =~ ^(y|n)$ ]]; do
@ -46,22 +47,39 @@ done
ip_correct=""
while [[ ! $ip_correct =~ ^(y|n)$ ]]; do
read -p "Is $EXTERNAL_IP your external IPv4 address? (y/n): " ip_correct
read -p "Is $EXTERNAL_IPv4 your external IPv4 address? (y/n): " ip_correct
done
if [ ! "$ip_correct" == "y" ]
then
EXTERNAL_IP=""
while [[ ! $EXTERNAL_IP =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]]; do
read -p "Please enter correct IPv4 address: " EXTERNAL_IP
EXTERNAL_IPv4=""
while [[ ! $EXTERNAL_IPv4 =~ ^[1-9][0-9]{0,2}\.[0-9]{0,3}\.[0-9]{0,3}\.[1-9][0-9]{0,2}$ ]]; do
read -p "Please enter correct IPv4 address: " EXTERNAL_IPv4
done
fi
if [ -n "$EXTERNAL_IPv6" ]
then
ip_correct=""
while [[ ! $ip_correct =~ ^(y|n)$ ]]; do
read -p "Is $EXTERNAL_IPv6 your external IPv6 address? (y/n): " ip_correct
done
if [ ! "$ip_correct" == "y" ]
then
EXTERNAL_IPv6=""
while [[ ! $EXTERNAL_IPv6 =~ ^[0-9a-z:]{3,39}$ ]]; do
read -p "Please enter correct IPv6 address: " EXTERNAL_IPv6
done
fi
fi
# write settings
cp sample.env .env
sed -i "s/EXTERNAL_IP=.*/EXTERNAL_IP=$EXTERNAL_IP/" .env
sed -i "s/EXTERNAL_IPv4=.*/EXTERNAL_IPv4=$EXTERNAL_IPv4/" .env
sed -i "s/EXTERNAL_IPv6=.*/EXTERNAL_IPv6=$EXTERNAL_IPv6/" .env
sed -i "s/DOMAIN=.*/DOMAIN=$DOMAIN/" .env
if [ ! "$greenlight" == "y" ]
@ -79,7 +97,7 @@ then
sed -i "s/.*TURN_SERVER=.*/TURN_SERVER=turns:$DOMAIN:465?transport=tcp/" .env
TURN_SECRET=$(head /dev/urandom | tr -dc A-Za-f0-9 | head -c 32)
sed -i "s/.*TURN_SECRET=.*/TURN_SECRET=$TURN_SECRET/" .env
sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IP/" .env
sed -i "s/.*STUN_IP=.*/STUN_IP=$EXTERNAL_IPv4/" .env
else
sed -i "s/ENABLE_COTURN.*/#ENABLE_COTURN=true/" .env
fi

11
scripts/upgrade
View File

@ -13,6 +13,9 @@ then
RESTARTED=1 ./scripts/upgrade
else
# update changed environment variable
sed -i 's/EXTERNAL_IP=/EXTERNAL_IPv4=/' .env
echo ""
echo "# pull newest bbb-webrtc-sfu"
git submodule update --remote
@ -25,12 +28,8 @@ else
echo ""
echo "# rebuild images"
# rebuild core without caching, since the deb-packages might have changed
./scripts/compose build --pull --no-cache core
# rebuild everything else only when modified
./scripts/compose build --pull
# rebuild everything which got modified
./scripts/compose build --pull
COMMIT_HASH=$(git rev-parse --short HEAD)
BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)