holm/docker
1
0
Fork 0
forked from extern/docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP: reduced install script

Browse Source
This commit is contained in:
chandi 2020-04-09 02:11:32 +02:00
parent 6bd54fcb87
commit cb45009e59
19 changed files with 1840 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,4 +0,0 @@
id_rsa.pub
mac-vpn/docker-for-mac.ovpn
mac-vpn/config
certs/

44
Dockerfile
View File

@ -4,10 +4,10 @@ MAINTAINER ffdixon@bigbluebutton.org
ENV DEBIAN_FRONTEND noninteractive
ENV container docker
RUN apt-get update && apt-get install -y netcat
# just to speed up development, TODO: remove
COPY sources.list /etc/apt/sources.list
# -- Test if we have apt cache running on docker host, if yes, use it.
# RUN nc -zv host.docker.internal 3142 &> /dev/null && echo 'Acquire::http::Proxy "http://host.docker.internal:3142";' > /etc/apt/apt.conf.d/01proxy
RUN apt-get update && apt-get install -y netcat
# -- Install utils
RUN apt-get update && apt-get install -y wget apt-transport-https curl
@ -34,8 +34,6 @@ RUN apt-get install -y \
tomcat7
RUN sed -i 's|securerandom.source=file:/dev/random|securerandom.source=file:/dev/urandom|g' /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
ADD mod/tomcat7 /etc/init.d/tomcat7
RUN chmod +x /etc/init.d/tomcat7
# -- Modify systemd to be able to run inside container
RUN apt-get update \
@ -44,6 +42,33 @@ RUN apt-get update \
# -- Install Dependencies
RUN apt-get install -y mlocate strace iputils-ping telnet tcpdump vim htop
RUN apt-get install -y curl apt-transport-https software-properties-common tidy libreoffice openjdk-8-jre perl build-essential ruby redis-server rake unzip tomcat7 xmlstarlet rsync python3
RUN LC_CTYPE=C.UTF-8 add-apt-repository ppa:bigbluebutton/support
# nodejs
RUN sh -c "curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -"
RUN sh -c 'echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections'
# bbb repo & packages
RUN sh -c 'wget https://ubuntu.bigbluebutton.org/repo/bigbluebutton.asc -O- | apt-key add -' \
&& sh -c 'echo "deb https://ubuntu.bigbluebutton.org/xenial-220 bigbluebutton-xenial main" > /etc/apt/sources.list.d/bigbluebutton.list' \
&& apt update \
&& apt install -y bigbluebutton netcat-openbsd bbb-web bbb-client bbb-playback-presentation bbb-freeswitch-core bbb-webrtc-sfu bbb-fsesl-akka bbb-apps-akka bbb-transcode-akka openssl bbb-apps bbb-apps-sip bbb-apps-video bbb-apps-screenshare bbb-apps-video-broadcast
RUN sh -c 'wget -qO - https://www.mongodb.org/static/pgp/server-3.4.asc | sudo apt-key add -' \
&& sh -c 'echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list' \
&& apt-get update \
&& apt-get install -y haveged mongodb-org
RUN apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" install grub-pc update-notifier-common
RUN apt-get install -y bbb-etherpad bbb-html5 bbb-demo
# -- Install nginx (in order to enable it - to avoid the "nginx.service is not active" error)
RUN apt-get install -y nginx
RUN systemctl enable nginx
@ -56,9 +81,6 @@ RUN systemctl disable systemd-update-utmp.service
# Add a number there to force update of files on build
RUN echo "Finishing ... @13"
RUN mkdir /opt/docker-bbb/
RUN wget https://raw.githubusercontent.com/bigbluebutton/bbb-install/master/bbb-install.sh -O- | sed 's|https://\$PACKAGE_REPOSITORY|http://\$PACKAGE_REPOSITORY|g' > /opt/docker-bbb/bbb-install.sh
RUN chmod 755 /opt/docker-bbb/bbb-install.sh
ADD setup.sh /opt/docker-bbb/setup.sh
RUN useradd bbb --uid 1000 -s /bin/bash
RUN mkdir /home/bbb
@ -66,8 +88,10 @@ RUN chown bbb /home/bbb
RUN sh -c 'echo "bbb ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/bbb'
RUN sh -c 'echo "bbb:bbb" | chpasswd'
ADD rc.local /etc/
RUN chmod 755 /etc/rc.local
COPY mod/tomcat7 /etc/init.d/tomcat7
RUN chmod +x /etc/init.d/tomcat7
COPY setup.sh /opt/docker-bbb/setup.sh
ENTRYPOINT ["/bin/systemd", "--system", "--unit=multi-user.target"]
CMD []

55
docker-compose.yml
View File

@ -1,18 +1,13 @@
version: '2'
networks:
backend:
services:
bbb22:
build: .
bbb:
image: bbb
privileged: true
environment:
- "NAME=${NAME}"
- "DOMAIN=${DOMAIN}"
hostname: ${NAME}.${DOMAIN}
hostname: meet.livingutopia.org
cap_add:
- NET_ADMIN
- SYS_NICE # for realtime scheduling
environment:
- container=docker
tmpfs:
@ -20,34 +15,18 @@ services:
- /run/lock
- /tmp:exec,mode=777
volumes:
- ./certs/:/local/certs/
- /var/run/docker.sock:/var/run/docker.sock
- ../src/:/home/bbb/src/
- ./setup.sh:/opt/docker-bbb/setup.sh
- ./mod/freeswitch/vars.xml:/opt/freeswitch/conf/vars.xml
- ./mod/freeswitch/external.xml:/opt/freeswitch/conf/sip_profiles/external.xml
- ./mod/nginx/sip.nginx:/etc/bigbluebutton/nginx/sip.nginx
- ./mod/nginx/bigbluebutton:/etc/nginx/sites-available/bigbluebutton
- ./mod/html5/systemd_start.sh:/usr/share/meteor/bundle/systemd_start.sh
- ./mod/html5/config.yml:/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml
- ./mod/web/override.conf:/etc/systemd/system/bbb-web.service.d/override.conf
- ./mod/web/bigbluebutton.properties:/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
- ./mod/kurento/WebRtcEndpoint.conf.ini:/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini
- ./mod/bbb-webrtc-sfu/config.yml:/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml
- ./rc.local:/etc/rc.local
security_opt:
- seccomp:unconfined
networks:
- backend
# mac_proxy:
# build: mac-vpn/
# ports:
# - "127.0.0.1:13194:13194"
# command: TCP-LISTEN:13194,fork TCP:172.17.0.1:1194
# restart: always
# networks:
# - backend
# mac_openvpn:
# image: kylemanna/openvpn
# volumes:
# - ./mac-vpn:/local
# - ./mac-vpn/config:/etc/openvpn
# network_mode: host
# privileged: true
# cap_add:
# - NET_ADMIN
# environment:
# dest: docker-for-mac.ovpn
# DEBUG: '1'
# command: /local/helpers/run-vpn.sh
# restart: always
network_mode: host

4
mac-vpn/Dockerfile
View File

@ -1,4 +0,0 @@
FROM alpine
RUN apk add --no-cache socat
ENTRYPOINT ["socat"]

22
mac-vpn/helpers/run-vpn.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
dest=${dest:-docker.ovpn}
if [ ! -f "/local/$dest" ]; then
echo "*** REGENERATING ALL CONFIGS ***"
set -ex
#rm -rf /etc/openvpn/*
ovpn_genconfig -u tcp://localhost
sed -i 's|^push|#push|' /etc/openvpn/openvpn.conf
echo localhost | ovpn_initpki nopass
easyrsa build-client-full host nopass
ovpn_getclient host | sed '
s|localhost 1194|localhost 13194|;
s|redirect-gateway.*|route 172.16.0.0 255.240.0.0|;
' > "/local/$dest"
fi
# Workaround for https://github.com/wojas/docker-mac-network/issues/6
/sbin/iptables -I FORWARD 1 -i tun+ -j ACCEPT
exec ovpn_run

218
mod/bbb-webrtc-sfu/config.yml Normal file
View File

@ -0,0 +1,218 @@
kurento:
- ip: 144.76.97.34
url: ws://127.0.0.1:8888/kurento
# mediaType: (main|audio|content)
ipClassMappings:
local:
private:
public:
options:
failAfter: 5
request_timeout: 30000
response_timeout: 30000
# Number of attemps of connecting to the configured kurento instances the first
# time. Infinity means it tries forever until it's able to connect. Default is 10.
kurentoStartupRetries: 10
# balancing-strategy: can be either ROUND_ROBIN or MEDIA_TYPE. The MEDIA_TYPE only
# works properly if you annotated the configured kurento instances in the
# 'kurento' config parameter with a mediaType field (main|audio|content) which
# will specify what will each server handle. Default is ROUND_ROBIN
balancing-strategy: ROUND_ROBIN
video-transposing-ceiling: 50
audio-transposing-ceiling: 100
localIpAddress: 172.17.0.2
acceptSelfSignedCertificate: false
redisHost: 127.0.0.1
redisPort: "6379"
# Uncomment to set a password if Redis requires auth.
# redisPassword: foobared
clientPort: "3008"
minVideoPort: 30000
maxVideoPort: 33000
mediaFlowTimeoutDuration: 15000
mediaStateTimeoutDuration: 30000
from-screenshare: from-screenshare-sfu
to-screenshare: to-screenshare-sfu
from-video: from-video-sfu
to-video: to-video-sfu
from-audio: from-audio-sfu
to-audio: to-audio-sfu
to-akka: to-akka-apps-redis-channel
from-akka: from-akka-apps-redis-channel
to-stream: to-sfu-redis-channel
from-stream: from-stream-sfu
to-html5: to-html5-redis-channel
common-message-version: 2.x
screenshareKeyframeInterval: 0
screenshareEnableFlashRTPBridge: false
screenshareSubscriberSpecSlave: false
videoSubscriberSpecSlave: false
recordScreenSharing: true
recordWebcams: true
recordingBasePath: file:///var/kurento
recordingMediaProfile: WEBM_VIDEO_ONLY
recordingFormat: webm
redisExpireTime: 1209600 # 14 days as per the akka keys
# mcs-core entrypoint configured on nginx
mcs-path: /mcs
mcs-port: 3010
mcs-address: localhost
mcs-ws-timeout: 30000
freeswitch:
ip: 172.17.0.2
sip_ip: 144.76.97.34
port: 5066
esl_ip: 127.0.0.1
esl_port: 8021
handleExternalConnections: false
ipClassMappings:
local:
private:
public:
log:
filename: /var/log/bbb-webrtc-sfu/bbb-webrtc-sfu.log
level: verbose
bbb-stream:
image_name: bbb-stream
container_type: docker
bigbluebutton_url: BBBHOST
bigbluebutton_secret: BBBSECRET
bot_name: BBBBOTNAME
bot_join_options:
userdata-html5autoswaplayout: false
userdata-html5hidepresentation: false
bot: true
joinViaHtml5: true
gop:
rnp: 5
youtube: 12
rtmp: 12
k8s:
namespace: default
template:
apiVersion: batch/v1
kind: Job
metadata:
name: bbb-stream-
spec:
template:
spec:
containers:
- name: bbb-stream-firefox
image: gcr.io/PROJECT-ID/bbb-stream
env:
- name: LINK
value: ""
- name: OUTPUT
value: ""
- name: "RTMP"
value: "rtmp"
- name: "GOP"
value: ""
restartPolicy: OnFailure
backoffLimit: 0
rnp:
oauth2:
client_id: client_id
client_secret: client_secret
redirect_uri: redirect_uri
host_ip: 0.0.0.0
base_url: videornpurl
processes:
- path: ./lib/mcs-core/process.js
- path: ./lib/screenshare/ScreenshareProcess
- path: ./lib/video/VideoProcess.js
- path: ./lib/audio/AudioProcess.js
# media-server-adapters: path could refer to a npm module
media-server-adapters:
- path: kurento/kurento.js
name: Kurento
- path: freeswitch/freeswitch.js
name: Freeswitch
# strategies: path could refer to a npm module
strategies:
#- path: ./voice-switching-handler.js
# name: VOICE_SWITCHING
# Codec values (codec_video_main, codec_video_content, codec_audio):
# it'll force the specified codec.
# Put the 'ANY' value to prevent forcing a specific codec without the _priority options.
# For the 'ANY' option, there's a trio of optional configuration where you are
# able to specify the priority codec to force in a lenient way (codec_*_priority).
# If codec_*_priority is undefined or not found in the media description,
# no specific codec will be forced (base ANY behaviour).
# If the priority codec is found in the media description, any codec
# that doesn't match it will be filtered out (ie it will act as if the priority
# codec was forced).
# If you wanna add other codecs (e.g.: VP9)
# add it to the list with its specifiers. If the codec isn't in the list,
# it'll default to the specifier values in codec_*_priority OR VP8,
# but still force the entered codec option.
# P.S.: _video_main refers to webcam/main video content, _video_content refers to
# screenshare/content:slides streams.
conference-media-specs:
codec_video_main: VP8
codec_video_main_priority: VP8
codec_video_content: VP8
codec_video_content_priority: VP8
codec_audio: ANY
codec_audio_priority: OPUS
H264:
profile_level_id: "42e01f"
packetization_mode: "1"
level_asymmetry_allowed: "1"
tias_main: "300000"
as_main: "300"
tias_content: "1500000"
as_content: "1500"
max_mbps_main: "0"
max_fs_main: "0"
max_br_main: "0"
max_mbps_content: "0"
max_fs_content: "12288"
max_br_content: "0"
VP8:
tias_main: "300000"
as_main: "300"
tias_content: "1500000"
as_content: "1500"
OPUS:
useinbandfec: "1"
maxaveragebitrate: "30000"
maxplaybackrate: "48000"
ptime: "20"
minptime: "10"
maxptime: "40"
kurentoRembParams:
rembOnConnect: 300
upLosses: 12
decrementFactor: 0.5
thresholdFactor: 0.8
# kurentoAllowedCandidateIps: optional configuration. List of VALID IPs to be used
# to define valid outbound ICE candidates.
# This is a short-term optimization to reduce the number of candidates sent to
# the client by filtering out anything that isn't in this list
kurentoAllowedCandidateIps:
#- <ipv4|ipv6>
# mediaThresholds: mandatory configuration. Establishes type-agnostic media thresholds
# that when hit will make the server refuse to negotiate new medias.
# Any attemps to inject medias past the thresholds will return an error with code
# 2002 and message MEDIA_SERVER_NO_RESOURCES.
# The threshold priority order is global -> perRoom -> perUser. Value 0 means unlimited
# (default). An optional API parameter may be sent on pub/sub calls (ignoreThresholds)
# to make the media ignore the configured thresholds. This is used here for recording
# and audio medias.
mediaThresholds:
global: 0
perRoom: 0
perUser: 0
# Whether to append a timestamp to akka-app's message envelopes
addTimestampToAkkaMessages: true
# Whether to allow duplicate externalUserId's on join. If allowed, join requests with
# a externalUserId specified in the optional parameters will associate the new connection
# with a pre-existing user (if it exists), or create a new one.
# This will create a new virtual link between the request
# and the pre-existing user with a unique internal user ID. The user will be
# cleared from the system when a leave call for it is sent OR it has the autoLeave
# optional parameter set to true and all of its medias were cleared
allowDuplicateExtUserId: true

10
mod/freeswitch/event_socket.conf.xml Normal file
View File

@ -0,0 +1,10 @@
<configuration name="event_socket.conf" description="Socket Client">
<settings>
<param name="nat-map" value="false"/>
<param name="listen-ip" value="0.0.0.0"/>
<param name="listen-port" value="8021"/>
<param name="password" value="ClueCon"/>
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>

120
mod/freeswitch/external.xml Normal file
View File

@ -0,0 +1,120 @@
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge browser -->
<param name="apply-candidate-acl" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="auto-nat"/>
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
<param name="ext-sip-ip" value="$${external_sip_ip}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<!-- <param name="ws-binding" value="144.76.97.34:5066"/> -->
<param name="wss-binding" value="$${external_rtp_ip}:7443"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

449
mod/freeswitch/vars.xml Normal file
View File

@ -0,0 +1,449 @@
<include>
<!-- Preprocessor Variables
These are introduced when configuration strings must be consistent across modules.
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
toll fraud in the future. It's your responsibility to secure your own system.
This default config is used to demonstrate the feature set of FreeSWITCH.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-->
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
<!-- Did you change it yet? -->
<!--
The following variables are set dynamically - calculated if possible by freeswitch - and
are available to the config as $${variable}. You can see their calculated value via fs_cli
by entering eval $${variable}
hostname
local_ip_v4
local_mask_v4
local_ip_v6
switch_serial
base_dir
recordings_dir
sound_prefix
sounds_dir
conf_dir
log_dir
run_dir
db_dir
mod_dir
htdocs_dir
script_dir
temp_dir
grammar_dir
certs_dir
storage_dir
cache_dir
core_uuid
zrtp_enabled
nat_public_addr
nat_private_addr
nat_type
-->
<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/>
<!--
This setting is what sets the default domain FreeSWITCH will use if all else fails.
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
-->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=0.0.0.0"/>
<X-PRE-PROCESS cmd="set" data="domain=meet.livingutopia.org"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=external"/>
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
<!--
Enable ZRTP globally you can override this on a per channel basis
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
-->
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
<!--
NOTICE: When using SRTP it's critical that you do not offer or accept
variable bit rate codecs, doing so would leak information and possibly
compromise your SRTP stream. (FS-6404)
Supported SRTP Crypto Suites:
AEAD_AES_256_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
[RFC5116]), except that the tag length, t, is 8, and an
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AEAD_AES_128_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
[RFC5116]), except that the tag length, t, is 8, and an
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
____________________________________________________________________________
AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
and HMAC-SHA1 message authentication with an 80-bit authentication
tag. The master-key length is 128 bits and has a default lifetime of
a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
first.
AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
____________________________________________________________________________
This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
the authentication tag is 32 bits. The length of the base64-decoded key and
salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
the crypto attribute is considered invalid.
AES_CM_128_NULL_AUTH
____________________________________________________________________________
The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
method. This policy is NOT RECOMMENDED unless it is unavoidable; see
Section 7.5 of [RFC3711].
SRTP variables that modify behaviors based on direction/leg:
rtp_secure_media
____________________________________________________________________________
possible values:
mandatory - Accept/Offer SAVP negotiation ONLY
optional - Accept/Offer SAVP/AVP with SAVP preferred
forbidden - More useful for inbound to deny SAVP negotiation
false - implies forbidden
true - implies mandatory
default if not set is accept SAVP inbound if offered.
rtp_secure_media_inbound | rtp_secure_media_outbound
____________________________________________________________________________
This is the same as rtp_secure_media, but would apply to either inbound
or outbound offers specifically.
How to specify crypto suites:
____________________________________________________________________________
By default without specifying any crypto suites FreeSWITCH will offer
crypto suites from strongest to weakest accepting the strongest each
endpoint has in common. If you wish to force specific crypto suites you
can do so by appending the suites in a comma separated list in the order
that you wish to offer them in.
Examples:
rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
Additionally you can narrow this down on either inbound or outbound by
specifying as so:
rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
rtp_secure_media_suites
____________________________________________________________________________
Optionaly you can use rtp_secure_media_suites to dictate the suite list
and only use rtp_secure_media=[optional|mandatory|false|true] without having
to dictate the suite list with the rtp_secure_media* variables.
-->
<!--
Examples of codec options: (module must be compiled and loaded)
codecname[@8000h|16000h|32000h[@XXi]]
XX is the frame size must be multples allowed for the codec
FreeSWITCH can support 10-120ms on some codecs.
We do not support exceeding the MTU of the RTP packet.
iLBC@30i - iLBC using mode=30 which will win in all cases.
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
speex@8000h@20i - Speex 8kHz using 20ms ptime.
speex@16000h@20i - Speex 16kHz using 20ms ptime.
speex@32000h@20i - Speex 32kHz using 20ms ptime.
BV16 - BroadVoice 16kb/s narrowband, 8kHz
BV32 - BroadVoice 32kb/s wideband, 16kHz
G7221@16000h - G722.1 16kHz (aka Siren 7)
G7221@32000h - G722.1C 32kHz (aka Siren 14)
CELT@32000h - CELT 32kHz, only 10ms supported
CELT@48000h - CELT 48kHz, only 10ms supported
GSM@40i - GSM 8kHz using 40ms ptime. (GSM is done in multiples of 20, Default is 20ms)
G722 - G722 16kHz using default 20ms ptime. (multiples of 10)
PCMU - G711 8kHz ulaw using default 20ms ptime. (multiples of 10)
PCMA - G711 8kHz alaw using default 20ms ptime. (multiples of 10)
G726-16 - G726 16kbit adpcm using default 20ms ptime. (multiples of 10)
G726-24 - G726 24kbit adpcm using default 20ms ptime. (multiples of 10)
G726-32 - G726 32kbit adpcm using default 20ms ptime. (multiples of 10)
G726-40 - G726 40kbit adpcm using default 20ms ptime. (multiples of 10)
AAL2-G726-16 - Same as G726-16 but using AAL2 packing. (multiples of 10)
AAL2-G726-24 - Same as G726-24 but using AAL2 packing. (multiples of 10)
AAL2-G726-32 - Same as G726-32 but using AAL2 packing. (multiples of 10)
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
These are the passthru audio codecs:
G729 - G729 in passthru mode. (mod_g729)
G723 - G723.1 in passthru mode. (mod_g723_1)
AMR - AMR in passthru mode. (mod_amr)
These are the passthru video codecs: (mod_h26x)
H261 - H.261 Video
H263 - H.263 Video
H263-1998 - H.263-1998 Video
H263-2000 - H.263-2000 Video
H264 - H.264 Video
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
96 - AMR
97 - iLBC (30)
98 - iLBC (20)
99 - Speex 8kHz, 16kHz, 32kHz
100 -
101 - telephone-event
102 -
103 -
104 -
105 -
106 - BV16
107 - G722.1 (16kHz)
108 -
109 -
110 -
111 -
112 -
113 -
114 - CELT 32kHz, 48kHz
115 - G722.1C (32kHz)
116 -
117 - SILK 8kHz
118 - SILK 12kHz
119 - SILK 16kHz
120 - SILK 24kHz
121 - AAL2-G726-40 && G726-40
122 - AAL2-G726-32 && G726-32
123 - AAL2-G726-24 && G726-24
124 - AAL2-G726-16 && G726-16
125 -
126 -
127 - BV32
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G722,PCMU,PCMA"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,speex@16000h@20i,G722,PCMU,PCMA"/>
<!--
xmpp_client_profile and xmpp_server_profile
xmpp_client_profile can be any string.
xmpp_server_profile is appended to "dingaling_" to form the database name
containing the "subscriptions" table.
used by: dingaling.conf.xml enum.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/>
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
<!--
THIS IS ONLY USED FOR DINGALING
bind_server_ip
Can be an ip address, a dns name, or "auto".
This determines an ip address available on this host to bind.
If you are separating RTP and SIP traffic, you will want to have
use different addresses where this variable appears.
Used by: dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
If you're going to load test FreeSWITCH please input real IP addresses
for external_rtp_ip and external_sip_ip
-->
<!-- external_rtp_ip
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=144.76.97.34"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip=144.76.97.34"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.
-->
<X-PRE-PROCESS cmd="set" data="unroll_loops=true"/>
<!-- outbound_caller_id and outbound_caller_name
The caller ID telephone number we should use when calling out.
Used by: conference.conf.xml and user directory for default
outbound callerid name and number.
-->
<X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
<X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/>
<!-- various debug and defaults -->
<X-PRE-PROCESS cmd="set" data="call_debug=false"/>
<X-PRE-PROCESS cmd="set" data="console_loglevel=info"/>
<X-PRE-PROCESS cmd="set" data="default_areacode=918"/>
<X-PRE-PROCESS cmd="set" data="default_country=US"/>
<!-- if false or undefined, the destination number is included in presence NOTIFY dm:note.
if true, the destination number is not included -->
<X-PRE-PROCESS cmd="set" data="presence_privacy=false"/>
<X-PRE-PROCESS cmd="set" data="au-ring=%(400,200,383,417);%(400,2000,383,417)"/>
<X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/>
<X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/>
<X-PRE-PROCESS cmd="set" data="es-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/>
<X-PRE-PROCESS cmd="set" data="hk-ring=%(400,200,440,480);%(400,3000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/>
<X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/>
<X-PRE-PROCESS cmd="set" data="in-ring=%(400,200,425,375);%(400,2000,425,375)"/>
<X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/>
<X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/>
<X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/>
<X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/>
<X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/>
<X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="uk-ring=%(400,200,400,450);%(400,2000,400,450)"/>
<X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="bong-ring=v=-7;%(100,0,941.0,1477.0);v=-7;>=2;+=.1;%(1400,0,350,440)"/>
<X-PRE-PROCESS cmd="set" data="beep=%(1000,0,640)"/>
<X-PRE-PROCESS cmd="set" data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/>
<!--
Digits Dialed filter: (FS-6940)
The digits stream may contain valid credit card numbers or social security numbers, These digit
filters will allow you to make a valant effort to stamp out sensitive information for
PCI/HIPPA compliance. (see xml_cdr dialed_digits)
df_us_ssn = US Social Security Number pattern
df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB
-->
<X-PRE-PROCESS cmd="set" data="df_us_ssn=(?!219099999|078051120)(?!666|000|9\d{2})\d{3}(?!00)\d{2}(?!0{4})\d{4}"/>
<X-PRE-PROCESS cmd="set" data="df_luhn=?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11}"/>
<!-- change XX to X below to enable -->
<XX-PRE-PROCESS cmd="set" data="digits_dialed_filter=(($${df_luhn})|($${df_us_ssn}))"/>
<!--
Setting up your default sip provider is easy.
Below are some values that should work in most cases.
These are for conf/directory/default/example.com.xml
-->
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
<X-PRE-PROCESS cmd="set" data="default_provider_username=joeuser"/>
<X-PRE-PROCESS cmd="set" data="default_provider_password=password"/>
<X-PRE-PROCESS cmd="set" data="default_provider_from_domain=example.com"/>
<!-- true or false -->
<X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
<X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
<!--
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
default: tlsv1,tlsv1.1,tlsv1.2
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
<!--
TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
The actual ciphers supported will change per platform.
openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
Will show you what is available in your verion of openssl.
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
<!-- Internal SIP Profile -->
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5090"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
<!-- External SIP Profile -->
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<!-- Video Settings -->
<!-- Setting the max bandwdith -->
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=1mb"/>
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=1mb"/>
<!-- WebRTC Video -->
<!-- Suppress CNG for WebRTC Audio -->
<X-PRE-PROCESS cmd="set" data="suppress_cng=true"/>
<!-- Enable liberal DTMF for those that can't get it right -->
<X-PRE-PROCESS cmd="set" data="rtp_liberal_dtmf=true"/>
<!-- Helps with WebRTC Audio -->
<!-- Stock Video Avatars -->
<X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/>
<X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
</include>

369
mod/html5/config.yml Normal file
View File

@ -0,0 +1,369 @@
public:
app:
mobileFontSize: 16px
desktopFontSize: 14px
audioChatNotification: false
autoJoin: true
listenOnlyMode: true
forceListenOnly: false
skipCheck: false
clientTitle: BigBlueButton
appName: BigBlueButton HTML5 Client
bbbServerVersion: 2.2-dev
copyright: "©2019 BigBlueButton Inc."
html5ClientBuild: 870
helpLink: https://bigbluebutton.org/html5/
lockOnJoin: true
cdn: ""
basename: "/html5client"
askForFeedbackOnLogout: false
allowUserLookup: false
enableNetworkInformation: false
enableLimitOfViewersInWebcam: false
enableTalkingIndicator: true
viewersInWebcam: 8
ipv4FallbackDomain: ""
allowLogout: true
allowFullscreen: true
defaultSettings:
application:
animations: true
chatAudioAlerts: false
chatPushAlerts: false
userJoinAudioAlerts: false
userJoinPushAlerts: false
fallbackLocale: en
overrideLocale: null
audio:
inputDeviceId: undefined
outputDeviceId: undefined
dataSaving:
viewParticipantsWebcams: true
viewScreenshare: true
shortcuts:
openOptions:
accesskey: O
descId: openOptions
toggleUserList:
accesskey: U
descId: toggleUserList
toggleMute:
accesskey: M
descId: toggleMute
joinAudio:
accesskey: J
descId: joinAudio
leaveAudio:
accesskey: L
descId: leaveAudio
togglePublicChat:
accesskey: P
descId: togglePublicChat
hidePrivateChat:
accesskey: H
descId: hidePrivateChat
closePrivateChat:
accesskey: G
descId: closePrivateChat
openActions:
accesskey: A
descId: openActions
openStatus:
accesskey: S
descId: openStatus
branding:
displayBrandingArea: false
connectionTimeout: 60000
showHelpButton: true
effectiveConnection:
- critical
- danger
- warning
externalVideoPlayer:
enabled: true
networkMonitoring:
enableNetworkMonitoring: false
packetLostThreshold: 10
kurento:
wsUrl: wss://meet.livingutopia.org/bbb-webrtc-sfu
chromeDefaultExtensionKey: akgoaoikmbmhcopjgakkcepdgdgkjfbc
chromeDefaultExtensionLink: https://chrome.google.com/webstore/detail/bigbluebutton-screenshare/akgoaoikmbmhcopjgakkcepdgdgkjfbc
chromeExtensionKey: KEY
chromeExtensionLink: LINK
chromeScreenshareSources:
- window
- screen
firefoxScreenshareSource: window
cameraProfiles:
- id: low
name: Low quality
default: false
bitrate: 100
- id: medium
name: Medium quality
default: true
bitrate: 200
- id: high
name: High quality
default: false
bitrate: 500
- id: hd
name: High definition
default: false
bitrate: 800
enableScreensharing: true
enableVideo: true
enableVideoStats: false
enableVideoMenu: true
enableListenOnly: true
autoShareWebcam: false
skipVideoPreview: false
pingPong:
clearUsersInSeconds: 180
pongTimeInSeconds: 15
allowOutsideCommands:
toggleRecording: false
toggleSelfVoice: false
poll:
enabled: true
max_custom: 5
captions:
enabled: true
enableDictation: false
backgroundColor: "#000000"
fontColor: "#FFFFFF"
fontFamily: Calibri
fontSize: 24px
takeOwnership: true
lines: 2
time: 5000
chat:
enabled: true
min_message_length: 1
max_message_length: 5000
grouping_messages_window: 10000
type_system: SYSTEM_MESSAGE
type_public: PUBLIC_ACCESS
type_private: PRIVATE_ACCESS
system_userid: SYSTEM_MESSAGE
system_username: SYSTEM_MESSAGE
public_id: public
public_group_id: MAIN-PUBLIC-GROUP-CHAT
public_userid: public_chat_userid
public_username: public_chat_username
storage_key: UNREAD_CHATS
system_messages_keys:
chat_clear: PUBLIC_CHAT_CLEAR
typingIndicator:
enabled: true
note:
enabled: true
url: https://meet.livingutopia.org/pad
config:
showLineNumbers: false
showChat: false
noColors: false
showControls: true
rtl: false
layout:
autoSwapLayout: false
hidePresentation: false
media:
stunTurnServersFetchAddress: "/bigbluebutton/api/stuns"
mediaTag: "#remote-media"
callTransferTimeout: 5000
callHangupTimeout: 2000
callHangupMaximumRetries: 10
echoTestNumber: '9196'
relayOnlyOnReconnect: false
presentation:
defaultPresentationFile: default.pdf
panZoomThrottle: 32
uploadEndpoint: "/bigbluebutton/presentation/upload"
uploadSizeMin: 0
uploadSizeMax: 50000000
uploadValidMimeTypes:
- extension: .pdf
mime: application/pdf
- extension: .doc
mime: application/msword
- extension: .docx
mime: application/vnd.openxmlformats-officedocument.wordprocessingml.document
- extension: .xls
mime: application/vnd.ms-excel
- extension: .xlsx
mime: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
- extension: .ppt
mime: application/vnd.ms-powerpoint
- extension: .pptx
mime: application/vnd.openxmlformats-officedocument.presentationml.presentation
- extension: .txt
mime: text/plain
- extension: .rtf
mime: application/rtf
- extension: .odt
mime: application/vnd.oasis.opendocument.text
- extension: .ods
mime: application/vnd.oasis.opendocument.spreadsheet
- extension: .odp
mime: application/vnd.oasis.opendocument.presentation
- extension: .odg
mime: application/vnd.oasis.opendocument.graphics
- extension: .odc
mime: application/vnd.oasis.opendocument.chart
- extension: .odi
mime: application/vnd.oasis.opendocument.image
- extension: .jpg
mime: image/jpeg
- extension: .png
mime: image/png
user:
role_moderator: MODERATOR
role_viewer: VIEWER
whiteboard:
annotations:
status:
start: DRAW_START
update: DRAW_UPDATE
end: DRAW_END
toolbar:
multiUserPenOnly: false
colors:
- label: black
value: "#000000"
- label: white
value: "#ffffff"
- label: red
value: "#ff0000"
- label: orange
value: "#ff8800"
- label: eletricLime
value: "#ccff00"
- label: Lime
value: "#00ff00"
- label: Cyan
value: "#00ffff"
- label: dodgerBlue
value: "#0088ff"
- label: blue
value: "#0000ff"
- label: violet
value: "#8800ff"
- label: magenta
value: "#ff00ff"
- label: silver
value: "#c0c0c0"
thickness:
- value: 14
- value: 12
- value: 10
- value: 8
- value: 6
- value: 4
- value: 2
- value: 1
font_sizes:
- value: 36
- value: 32
- value: 28
- value: 24
- value: 20
- value: 16
tools:
- icon: text_tool
value: text
- icon: line_tool
value: line
- icon: circle_tool
value: ellipse
- icon: triangle_tool
value: triangle
- icon: rectangle_tool
value: rectangle
- icon: pen_tool
value: pencil
- icon: hand
value: hand
presenterTools:
- text
- line
- ellipse
- triangle
- rectangle
- pencil
- hand
multiUserTools:
- text
- line
- ellipse
- triangle
- rectangle
- pencil
- hand
clientLog:
server: {enabled: true, level: info}
console: {enabled: true, level: debug}
external: {enabled: false, level: info, url: 'https://LOG_HOST/html5Log', method: POST,
throttleInterval: 400, flushOnClose: true, logTag: ""}
private:
app:
host: 127.0.0.1
port: 3000
localesUrl: /locales
pencilChunkLength: 100
loadSlidesFromHttpAlways: false
etherpad:
apikey: 9xLdxQJ8XoTUy3q7W4ZgpvKYqX16yqirdESk9i54FVm6PiJ1paRd8JOI1MT4pywm
version: 1.2.13
host: 127.0.0.1
port: 9001
redis:
host: 127.0.0.1
port: '6379'
timeout: 5000
password: null
debug: false
channels:
toAkkaApps: to-akka-apps-redis-channel
toThirdParty: to-third-party-redis-channel
subscribeTo:
- to-html5-redis-channel
- from-akka-apps-*
- from-third-party-redis-channel
- from-etherpad-redis-channel
async:
- from-akka-apps-wb-redis-channel
ignored:
- CheckAlivePongSysMsg
- DoLatencyTracerMsg
serverLog:
level: info
streamerLog: false
memoryMonitoring:
stat:
enabled: false
leak:
enabled: false
heapdump:
enabled: false
minBrowserVersions:
- browser: chrome
version: 59
- browser: chromeMobileIOS
version: Infinity
- browser: firefox
version: 52
- browser: firefoxMobile
version: 52
- browser: edge
version: 17
- browser: ie
version: Infinity
- browser: safari
version: [11, 1]
- browser: mobileSafari
version: [11, 1]
- browser: opera
version: 46
- browser: electron
version: [0, 36]

58
mod/html5/systemd_start.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash -e
#Allow to run outside of directory
cd `dirname $0`
if [ -w /sys/kernel/mm/transparent_hugepage/enabled ]; then
unameEnabled="$(stat --format '%U' /sys/kernel/mm/transparent_hugepage/enabled)"
if [ "x${unameEnabled}" != "xnobody" ]; then
echo "never" > /sys/kernel/mm/transparent_hugepage/enabled
echo "transparent_hugepage/enabled set to 'never'"
else
echo "transparent_hugepage/enabled could not be set to 'never'"
fi
fi
if [ -w /sys/kernel/mm/transparent_hugepage/defrag ]; then
unameDefrag="$(stat --format '%U' /sys/kernel/mm/transparent_hugepage/defrag)"
if [ "x${unameDefrag}" != "xnobody" ]; then
echo "never" > /sys/kernel/mm/transparent_hugepage/defrag
echo "transparent_hugepage/defrag set to 'never'"
else
echo "transparent_hugepage/defrag could not be set to 'never'"
fi
fi
# change to start meteor in production (https) or development (http) mode
ENVIRONMENT_TYPE=production
echo "Starting mongoDB"
#wait for mongo startup
MONGO_OK=0
while [ "$MONGO_OK" = "0" ]; do
MONGO_OK=`netstat -lan | grep 127.0.1.1 | grep 27017 &> /dev/null && echo 1 || echo 0`
sleep 1;
done;
echo "Mongo started";
echo "Initializing replicaset"
mongo 127.0.1.1 --eval 'rs.initiate({ _id: "rs0", members: [ {_id: 0, host: "127.0.1.1"} ]})'
echo "Waiting to become a master"
IS_MASTER="XX"
while [ "$IS_MASTER" \!= "true" ]; do
IS_MASTER=`mongo mongodb://127.0.1.1:27017/ --eval 'db.isMaster().ismaster' | tail -n 1`
sleep 0.5;
done;
echo "I'm the master!"
cd /usr/share/meteor/bundle
export ROOT_URL=http://127.0.0.1/html5client
export MONGO_OPLOG_URL=mongodb://127.0.1.1/local
export MONGO_URL=mongodb://127.0.1.1/meteor
export NODE_ENV=production
PORT=3000 /usr/bin/node main.js

91
mod/kurento/WebRtcEndpoint.conf.ini Normal file
View File

@ -0,0 +1,91 @@
;; External (public) IP address of the media server.
;;
;; If you know what will be the external or public IP address of the media server
;; (e.g. because your deployment has an static IP), you can specify it here.
;; Doing so has the advantage of not needing to configure STUN/TURN for the media
;; server.
;;
;; STUN/TURN are needed only when the media server sits behind a NAT and needs to
;; find out its own external IP address. However, if you set a static external IP
;; address with this parameter, then there is no need for the STUN/TURN
;; auto-discovery.
;;
;; The effect of this parameter is that ALL local ICE candidates that are
;; gathered (for WebRTC) will contain the provided external IP address instead of
;; the local one.
;;
;; <externalAddress> is an IPv4 or IPv6 address.
;;
;; Examples:
;; externalAddress=10.20.30.40
;; externalAddress=2001:0db8:85a3:0000:0000:8a2e:0370:7334
;;
;externalAddress=10.20.30.40
;; Local network interfaces used for ICE gathering.
;;
;; If you know which network interfaces should be used to perform ICE (for
;; WebRTC connectivity), you can define them here. Doing so has several
;; advantages:
;;
;; * The WebRTC ICE gathering process will be much quicker. Normally, it needs
;; to gather local candidates for all of the network interfaces, but this step
;; can be made faster if you limit it to only the interface that you know will
;; work.
;;
;; * It will ensure that the media server always decides to use the correct
;; network interface. With WebRTC ICE gathering it's possible that, under some
;; circumstances (in systems with virtual network interfaces such as
;; "docker0") the ICE process ends up choosing the wrong local IP.
;;
;; <networkInterfaces> is a comma-separated list of network interface names.
;;
;; Examples:
;; networkInterfaces=eth0
;; networkInterfaces=eth0,enp0s25
;;
;networkInterfaces=eth0
;; STUN server IP address.
;;
;; The ICE process uses STUN to punch holes through NAT firewalls.
;;
;; <stunServerAddress> MUST be an IP address; domain names are NOT supported.
;;
;; You need to use a well-working STUN server. Use this to check if it works:
;; https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
;;
;; From that check, you should get at least one Server-Reflexive Candidate
;; (type "srflx").
;;
stunServerAddress=64.233.177.127 # google stun server
stunServerPort=19302
;; TURN server URL.
;;
;; When STUN is not enough to open connections through some NAT firewalls,
;; using TURN is the remaining alternative.
;;
;; Note that TURN is a superset of STUN, so you don't need to configure STUN
;; if you are using TURN.
;;
;; The provided URL should follow one of these formats:
;;
;; * user:password@ipaddress:port
;; * user:password@ipaddress:port?transport=[udp|tcp|tls]
;;
;; <ipaddress> MUST be an IP address; domain names are NOT supported.
;; <transport> is OPTIONAL. Possible values: udp, tcp, tls. Default: udp.
;;
;; You need to use a well-working TURN server. Use this to check if it works:
;; https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
;;
;; From that check, you should get at least one Server-Reflexive Candidate
;; (type "srflx") AND one Relay Candidate (type "relay").
;;
;turnURL=user:password@127.0.0.1:3478?transport=udp
;pemCertificate is deprecated. Please use pemCertificateRSA instead
;pemCertificate=<path>
;pemCertificateRSA=<path>
;pemCertificateECDSA=<path>

60
mod/nginx/bigbluebutton Normal file
View File

@ -0,0 +1,60 @@
server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/bigbluebutton.access.log;
# Handle RTMPT (RTMP Tunneling). Forwards requests
# to Red5 on port 5080
location ~ (/open/|/close/|/idle/|/send/|/fcs/) {
proxy_pass http://127.0.0.1:5080;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
# Handle desktop sharing tunneling. Forwards
# requests to Red5 on port 5080.
location /deskshare {
proxy_pass http://127.0.0.1:5080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
#error_page 404 /404.html;
# Redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}

12
mod/nginx/sip.nginx Normal file
View File

@ -0,0 +1,12 @@
location /ws {
proxy_pass https://144.76.97.34:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}

349
mod/web/bigbluebutton.properties Normal file
View File

@ -0,0 +1,349 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
#
# These are the default properites for BigBlueButton Web application
# Default loglevel.
appLogLevel=DEBUG
#----------------------------------------------------
# Directory where BigBlueButton stores uploaded slides
presentationDir=/var/bigbluebutton
#----------------------------------------------------
# Directory where SWFTOOLS (pdf2swf, jpeg2swf, png2swf) are located
swfToolsDir=/usr/bin
#----------------------------------------------------
# Directory where ImageMagick's convert executable is located
imageMagickDir=/usr/bin
#----------------------------------------------------
# Fonts directory passed into PDF2SWF to support highlighting of texts
# in the SWF slides.
fontsDir=/usr/share/fonts
#----------------------------------------------------
# Executable for presentation checker
presCheckExec=/usr/share/prescheck/prescheck.sh
#----------------------------------------------------
# Skip Office doc conversion pre-check. Attempt to convert
# Office doc to PDF right away.
skipOfficePrecheck=true
#----------------------------------------------------
# These will be copied in cases where the conversion process
# fails to generate a slide from the uploaded presentation
BLANK_SLIDE=/usr/share/bigbluebutton/blank/blank-slide.swf
BLANK_PRESENTATION=/usr/share/bigbluebutton/blank/blank-presentation.pdf
BLANK_THUMBNAIL=/usr/share/bigbluebutton/blank/blank-thumb.png
BLANK_PNG=/usr/share/bigbluebutton/blank/blank-png.png
BLANK_SVG=/usr/share/bigbluebutton/blank/blank-svg.svg
#----------------------------------------------------
# Number of minutes the conversion should take. If it takes
# more than this time, cancel the conversion process.
maxConversionTime=5
#----------------------------------------------------
# Maximum number of pages allowed for an uploaded presentation (default 100).
maxNumPages=200
#----------------------------------------------------
# Maximum file size for an uploaded presentation (default 30MB).
maxFileSizeUpload=30000000
#----------------------------------------------------
# Maximum swf file size for load to the client (default 500000).
MAX_SWF_FILE_SIZE=500000
#----------------------------------------------------
# Maximum allowed number of place object tags in the converted SWF, if exceeded the conversion will fallback to full BMP (default 800)
placementsThreshold=800
# Maximum allowed number of bitmap images in the converted SWF, if exceeded the conversion will fallback to full BMP (default 800)
imageTagThreshold=800
# Maximum allowed number of define text tags in the converted SWF, if exceeded the conversion will fallback to full BMP (default 200)
defineTextThreshold=2000
#------------------------------------
# Number of threads in the pool to do the presentation conversion.
#------------------------------------
numConversionThreads=5
#------------------------------------
# Number of threads to process file uploads
#------------------------------------
numFileProcessorThreads=2
#----------------------------------------------------
# Conversion of the presentation slides to SWF to be
# used in the Flash client
swfSlidesRequired=false
#----------------------------------------------------
# Additional conversion of the presentation slides to SVG
# to be used in the HTML5 client
svgImagesRequired=true
#----------------------------------------------------
# Additional conversion of the presentation slides to PNG
# to be used in the IOS mobile client
generatePngs=false
pngSlideWidth=1200
# Default number of digits for voice conference users joining through the PSTN.
defaultNumDigitsForTelVoice=5
#----------------------------------------------------
# Configuration for large images, 2 MB by default, if bigger it will down-scaled
maxImageSize=2000000
#----------------------------------------------------
# Configuration for large PDF, 14 MB by default, if bigger it will be analysed during the conversion process
bigPdfSize=14000000
# The maximum allowed page size for PDF files exceeding the 'pdfCheckSize' value, 2 MB by default
maxBigPdfPageSize=2000000
#----------------------------------------------------
# Default dial access number
defaultDialAccessNumber=613-555-1234
# Default Guest Policy
# Valid values are ALWAYS_ACCEPT, ALWAYS_DENY, ASK_MODERATOR
#
defaultGuestPolicy=ALWAYS_ACCEPT
#
#----------------------------------------------------
# Default welcome message to display when the participant joins the web
# conference. This is only used for the old scheduling which will be
# removed in the future. Use the API to create a conference.
#
# If the message contains characters not in ISO-8859-1 character sets
# they must be properly escaped to unicode characters. An easy way to
# do this is running the native2ascii command setting UTF8 encoding and
# passing this file's path as input and output parameters, e.g.:
#
# native2ascii -encoding UTF8 bigbluebutton.properties bigbluebutton.properties
#
defaultWelcomeMessage=Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href="event:http://www.bigbluebutton.org/html5"><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button. Use a headset to avoid causing background noise for others.
defaultWelcomeMessageFooter=This server is running <a href="http://docs.bigbluebutton.org/" target="_blank"><u>BigBlueButton</u></a>.
# Default maximum number of users a meeting can have.
# Current default is 0 (meeting doesn't have a user limit).
defaultMaxUsers=0
# Default duration of the meeting in minutes.
# Current default is 0 (meeting doesn't end).
defaultMeetingDuration=0
# Number of minutes elapse of no activity before
# ending the meeting. Default zero (0) to disable
# check.
maxInactivityTimeoutMinutes=0
# Number of minutes to logout client if user
# isn't responsive
clientLogoutTimerInMinutes=0
# Send warning to moderators to warn that
# meeting would be ended due to inactivity
warnMinutesBeforeMax=5
# End meeting if no user joined within
# a period of time after meeting created.
meetingExpireIfNoUserJoinedInMinutes=5
# Number of minutes to end meeting when
# the last user left.
meetingExpireWhenLastUserLeftInMinutes=1
# User inactivity audit timer interval.
userInactivityInspectTimerInMinutes=0
# Number of minutes to consider a user inactive.
# iSend warning message to client to check if really inactive.
userInactivityThresholdInMinutes=30
# Number of minutes for user to respond to inactivity
# warning before being logged out.
userActivitySignResponseDelayInMinutes=5
# Disable recording by default.
# true - don't record even if record param in the api call is set to record
# false - when record param is passed from api, override this default
disableRecordingDefault=false
# Start recording when first user joins the meeting.
# For backward compatibility with 0.81 where whole meeting
# is recorded.
autoStartRecording=false
# Allow the user to start/stop recording.
allowStartStopRecording=true
# Allow webcams streaming reception only to and from moderators
webcamsOnlyForModerator=false
# Mute the meeting on start
muteOnStart=false
# Unmute users
# Gives moderators permisson to unmute other users
allowModsToUnmuteUsers=false
# Saves meeting events even if the meeting is not recorded
keepEvents=false
#----------------------------------------------------
# This URL is where the BBB client is accessible. When a user sucessfully
# enters a name and password, she is redirected here to load the client.
# Do not commit changes to this field.
bigbluebutton.web.serverURL=https://meet.livingutopia.org
#----------------------------------------------------
# Assign URL where the logged-out participant will be redirected after sign-out.
# If "default", it returns to bigbluebutton.web.serverURL
bigbluebutton.web.logoutURL=default
# The url of the BigBlueButton client. Users will be redirected here when
# successfully joining the meeting.
defaultClientUrl=${bigbluebutton.web.serverURL}/client/BigBlueButton.html
# Allow requests without JSESSIONID to be handled (default = false)
allowRequestsWithoutSession=false
# Force all attendees to join the meeting using the HTML5 client
attendeesJoinViaHTML5Client=true
# Force all moderators to join the meeting using the HTML5 client
moderatorsJoinViaHTML5Client=true
# The url of the BigBlueButton HTML5 client. Users will be redirected here when
# successfully joining the meeting.
html5ClientUrl=${bigbluebutton.web.serverURL}/html5client/join
# The url for where the guest will poll if approved to join or not.
defaultGuestWaitURL=${bigbluebutton.web.serverURL}/client/guest-wait.html
# The default avatar image to display if nothing is passed on the JOIN API (avatarURL)
# call. This avatar is displayed if the user isn't sharing the webcam and
# the option (displayAvatar) is enabled in config.xml
defaultAvatarURL=${bigbluebutton.web.serverURL}/client/avatar.png
# The URL of the default configuration
defaultConfigURL=${bigbluebutton.web.serverURL}/client/conf/config.xml
apiVersion=2.0
# Salt which is used by 3rd-party apps to authenticate api calls
securitySalt=I8x5c5yzaXZktgXK00tEqSi3B17nQySH5ssDWzxwL4
# Directory where we drop the <meeting-id-recorded>.done file
recordStatusDir=/var/bigbluebutton/recording/status/recorded
redisHost=127.0.0.1
redisPort=6379
redisPassword=
redisKeyExpiry=1209600
# The directory where the published/unpublised recordings are located. This is for
# the get recording* api calls
publishedDir=/var/bigbluebutton/published
unpublishedDir=/var/bigbluebutton/unpublished
captionsDir=/var/bigbluebutton/captions
# The directory where the pre-built configs are stored
configDir=/var/bigbluebutton/configs
# If the API is enabled.
serviceEnabled = true
# Test voiceBridge number
testVoiceBridge=99999
testConferenceMock=conference-mock-default
#------------------------------------------------------
# These properties are used to test the conversion process.
# Conference name folder in ${presentationDir} (see above)
beans.presentationService.testConferenceMock=${testConferenceMock}
# Conference room folder in ${presentationDir}/${testConferenceMock}
beans.presentationService.testRoomMock=conference-mock-default
# Uploaded presentation name
beans.presentationService.testPresentationName=appkonference
# Uploaded presentation file
beans.presentationService.testUploadedPresentation=appkonference.txt
# Default Uploaded presentation file
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
presentationBaseURL=${bigbluebutton.web.serverURL}/bigbluebutton/presentation
#----------------------------------------------------
# The URL where the presentations will be loaded from.
#----------------------------------------------------
beans.presentationService.presentationBaseUrl=${presentationBaseURL}
#----------------------------------------------------
# Inject values into grails service beans
beans.presentationService.presentationDir=${presentationDir}
#----------------------------------------------------
# Specify which IPs can do cross domain requests
accessControlAllowOrigin=${bigbluebutton.web.serverURL}
#----------------------------------------------------
# The lapsus of seconds for polling the BBB Server in order to check if it's down.
# After 5 tries if there isn't response, it will be declared down
checkBBBServerEvery=10
# The Red5 server where FS will publish as RTMP stream
screenshareRtmpServer=meet.livingutopia.org
# The Red5 app that receives the published RTMP stream
screenshareRtmpBroadcastApp=video-broadcast
# The suffix of our verto screenshare conference.
# Convention is {voiceConf}-SCREENSHARE
screenshareConfSuffix=-SCREENSHARE
# Default settings for breakout rooms
breakoutRoomsEnabled=true
breakoutRoomsRecord=false
breakoutRoomsPrivateChatEnabled=true
# Default Lock Settings
lockSettingsDisableCam=false
lockSettingsDisableMic=false
lockSettingsDisablePrivateChat=false
lockSettingsDisablePublicChat=false
lockSettingsDisableNote=false
lockSettingsHideUserList=false
lockSettingsLockedLayout=false
lockSettingsLockOnJoin=true
lockSettingsLockOnJoinConfigurable=false
allowDuplicateExtUserid=true
defaultTextTrackUrl=${bigbluebutton.web.serverURL}/bigbluebutton

0
mod/web/override.conf Normal file
View File

13
rc.local
View File

@ -1,13 +0,0 @@
#!/bin/sh
BBB_HOST=`cat /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties | grep 'bigbluebutton.web.serverURL=' | awk -F '://' '{print $2}'`
THIS_HOST=`hostname -f`
if [ "$BBB_HOST" != "$THIS_HOST" ] ; then
sed -i 's/'$BBB_HOST'/'$THIS_HOST'/g' /etc/nginx/sites-available/bigbluebutton
mv /etc/letsencrypt/live/$BBB_HOST /etc/letsencrypt/live/$THIS_HOST
/usr/bin/bbb-conf --setip "$THIS_HOST"
else
/usr/bin/bbb-conf --restart
fi;

76
setup.sh
View File

@ -1,31 +1,55 @@
#!/bin/bash
#!/bin/bash -ex
#
# BlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2018 BigBlueButton Inc.
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
set -x
cd "$(dirname "$0")"
HOST=meet.livingutopia.org
TOMCAT_USER=tomcat7
SERVLET_DIR=/usr/share/bbb-web
./bbb-install.sh -d -s "`hostname -f`" -v xenial-220 -a
sed -i 's/::/0.0.0.0/g' /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml
echo $HOST > /etc/hostname
TURN_XML=$SERVLET_DIR/WEB-INF/classes/spring/turn-stun-servers.xml
while [ ! -f $SERVLET_DIR/WEB-INF/classes/bigbluebutton.properties ]; do sleep 1; echo -n '.'; done
# delete IPv6 sip profiles
rm -rf /opt/freeswitch/conf/sip_profiles/*-ipv6*
if [ -f /var/www/bigbluebutton/client/conf/config.xml ]; then
sed -i 's/offerWebRTC="false"/offerWebRTC="true"/g' /var/www/bigbluebutton/client/conf/config.xml
fi
while [ ! -f /var/lib/$TOMCAT_USER/webapps/demo/bbb_api_conf.jsp ]; do sleep 1; echo -n '.'; done
if [ -f /var/www/bigbluebutton/client/conf/config.xml ]; then
sed -i 's/tryWebRTCFirst="false"/tryWebRTCFirst="true"/g' /var/www/bigbluebutton/client/conf/config.xml
fi
rm -f /etc/nginx/sites-enabled/default
if [ -f /var/www/bigbluebutton/client/conf/config.xml ]; then
sed -i 's|http://|https://|g' /var/www/bigbluebutton/client/conf/config.xml
sed -i 's/jnlpUrl=http/jnlpUrl=https/g' /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties
sed -i 's/jnlpFile=http/jnlpFile=https/g' /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties
fi
yq w -i /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml playback_protocol https
chmod 644 /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
if [ -f /var/lib/$TOMCAT_USER/webapps/demo/bbb_api_conf.jsp ]; then
sed -i 's|String BigBlueButtonURL = ".*|String BigBlueButtonURL = "http://127.0.0.1:8090/bigbluebutton/";|g' /var/lib/$TOMCAT_USER/webapps/demo/bbb_api_conf.jsp
fi
# Update HTML5 client (if installed) to use SSL
if [ -f /usr/share/meteor/bundle/programs/server/assets/app/config/settings.json ]; then
sed -i "s|\"wsUrl.*|\"wsUrl\": \"wss://$HOST/bbb-webrtc-sfu\",|g" \
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.json
fi
bbb-conf --setip $HOST
# Restart
bbb-conf --restart
# Disable auto start
find /etc/systemd/ | grep wants | xargs -r -n 1 basename | grep service | grep -v networking | grep -v tty | xargs -r -n 1 -I __ systemctl disable __
@ -33,7 +57,3 @@ systemctl disable tomcat7
# Update files
updatedb
echo "BBB configuration completed.";
exit 0;

5
sources.list Normal file
View File

@ -0,0 +1,5 @@
# Packages and Updates from the Hetzner Ubuntu Mirror
deb http://mirror.hetzner.de/ubuntu/packages xenial main restricted universe multiverse
deb http://mirror.hetzner.de/ubuntu/packages xenial-updates main restricted universe multiverse
deb http://mirror.hetzner.de/ubuntu/packages xenial-backports main restricted universe multiverse
deb http://mirror.hetzner.de/ubuntu/packages xenial-security main restricted universe multiverse