diff --git a/README.md b/README.md
index 6df2fae..c5b6f85 100644
--- a/README.md
+++ b/README.md
@@ -1,21 +1,21 @@
 # Overview
 
-These are scripts to run BigBlueButton within Docker.  
+Note: This branch contains work in progress for incorporating the HTML5 client into the Docker image.
 
-For detailed instructions on how to setup BigBlueButton in Docker, see the [setup instructions](http://docs.bigbluebutton.org/labs/docker.html).
-
-To run BigBlueButton in Docker with a single command, run:
+To run BigBlueButton in Docker, run the command
 
 ~~~
-docker run -p 80:80/tcp -p 1935:1935/tcp -p 5066:5066/tcp -p 32730-32768:32730-32768/udp -p 2202:2202 --cap-add=NET_ADMIN --name bigbluebutton bigbluebutton/bigbluebutton -h <YOUR_HOST_IP>
+docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935 -p 5066:5066 -p 3478:3478 -p 3478:3478/udp b2 -h <HOST_IP>
 ~~~
 
 Make sure you provide the host IP at the end of the command. This will take some time to pull the image from Docker hub.
 
+For details see the [setup instructions](http://docs.bigbluebutton.org/labs/docker.html).
+
 Once running, you can navigate to `http://<YOUR_HOST_IP>` to access your BigBlueButton server.
 
-## Keep in mind...
+## Future Plans
 
-Our goal was to allow people to try a BigBlueButton server with a single command. This is not meant for production use, but rather for testing and trying out BigBlueButton.
+Our goal was to allow developers to run BigBlueButton server with a single command.  This Docker image is not meant for production use, but rather for testing and trying out BigBlueButton.
 
-We may work on a production-ready version that seperates the BigBlueButton components into containers using [docker-compose](https://github.com/docker/compose) in the future.
+Still, it good step towards separating BigBlueButton into individual components for running under docker-compose or kubernetes.
diff --git a/mod/external.xml b/mod/external.xml
new file mode 100644
index 0000000..9d813c9
--- /dev/null
+++ b/mod/external.xml
@@ -0,0 +1,113 @@
+<profile name="external">
+  <!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
+  <!-- This profile is only for outbound registrations to providers -->
+  <gateways>
+    <X-PRE-PROCESS cmd="include" data="external/*.xml"/>
+  </gateways>
+
+  <aliases>
+    <!--
+        <alias name="outbound"/>
+        <alias name="nat"/>
+    -->
+  </aliases>
+
+  <domains>
+    <domain name="all" alias="false" parse="true"/>
+  </domains>
+
+  <settings>
+    <param name="debug" value="0"/>
+    <!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
+    <!-- <param name="shutdown-on-fail" value="true"/> -->
+    <param name="sip-trace" value="no"/>
+    <param name="sip-capture" value="no"/>
+    <param name="rfc2833-pt" value="101"/>
+    <!-- RFC 5626 : Send reg-id and sip.instance -->
+    <!--<param name="enable-rfc-5626" value="true"/> -->
+    <param name="sip-port" value="$${external_sip_port}"/>
+    <param name="dialplan" value="XML"/>
+    <param name="context" value="public"/>
+    <param name="dtmf-duration" value="2000"/>
+    <param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
+    <param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
+    <param name="hold-music" value="$${hold_music}"/>
+    <param name="rtp-timer-name" value="soft"/>
+    <!--<param name="enable-100rel" value="true"/>-->
+    <!--<param name="disable-srv503" value="true"/>-->
+    <!-- This could be set to "passive" -->
+    <param name="local-network-acl" value="localnet.auto"/>
+    <param name="manage-presence" value="false"/>
+
+    <!-- used to share presence info across sofia profiles
+         manage-presence needs to be set to passive on this profile
+         if you want it to behave as if it were the internal profile
+         for presence.
+    -->
+    <!-- Name of the db to use for this profile -->
+    <!--<param name="dbname" value="share_presence"/>-->
+    <!--<param name="presence-hosts" value="$${domain}"/>-->
+    <!--<param name="force-register-domain" value="$${domain}"/>-->
+    <!--all inbound reg will stored in the db using this domain -->
+    <!--<param name="force-register-db-domain" value="$${domain}"/>-->
+    <!-- ************************************************* -->
+
+    <!--<param name="aggressive-nat-detection" value="true"/>-->
+    <param name="inbound-codec-negotiation" value="generous"/>
+    <param name="nonce-ttl" value="60"/>
+    <param name="auth-calls" value="false"/>
+    <param name="inbound-late-negotiation" value="true"/>
+    <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
+    <!--
+        DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
+    <param name="rtp-ip" value="$${local_ip_v4}"/>
+    <param name="sip-ip" value="$${local_ip_v4}"/>
+    <param name="ext-rtp-ip" value="auto-nat"/>
+    <param name="ext-sip-ip" value="auto-nat"/>
+    -->
+
+    <param name="rtp-ip" value="$${local_ip_v4}"/>
+    <param name="sip-ip" value="$${local_ip_v4}"/>
+    <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
+    <param name="ext-sip-ip" value="$${local_ip_v4}"/>
+
+    <param name="rtp-timeout-sec" value="300"/>
+    <param name="rtp-hold-timeout-sec" value="1800"/>
+    <param name="enable-3pcc" value="true"/>
+
+    <!-- TLS: disabled by default, set to "true" to enable -->
+    <param name="tls" value="$${external_ssl_enable}"/>
+    <!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
+    <param name="tls-only" value="false"/>
+    <!-- additional bind parameters for TLS -->
+    <param name="tls-bind-params" value="transport=tls"/>
+    <!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
+    <param name="tls-sip-port" value="$${external_tls_port}"/>
+    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
+    <!--<param name="tls-cert-dir" value=""/>-->
+    <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
+    <param name="tls-passphrase" value=""/>
+    <!-- Verify the date on TLS certificates -->
+    <param name="tls-verify-date" value="true"/>
+    <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
+    <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
+    <param name="tls-verify-policy" value="none"/>
+    <!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
+    <param name="tls-verify-depth" value="2"/>
+    <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
+    <param name="tls-verify-in-subjects" value=""/>
+    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
+    <param name="tls-version" value="$${sip_tls_version}"/>
+    <param name="ws-binding"  value=":5066"/>
+    <param name="apply-candidate-acl" value="webrtc-turn"/>
+
+    <!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
+    <param name="rtcp-audio-interval-msec" value="5000"/>
+    <param name="rtcp-video-interval-msec" value="5000"/>
+
+    <!-- Cut down in the join time -->
+    <param name="dtmf-type" value="info"/>
+    <param name="liberal-dtmf" value="true"/>
+  </settings>
+</profile>
+
diff --git a/restart.sh b/restart.sh
new file mode 100755
index 0000000..b92334e
--- /dev/null
+++ b/restart.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -x
+
+ID=`docker ps --format "{{.ID}}" --filter ancestor=bigbluebutton/b2`
+
+if [ "$ID" != "" ]; then
+  docker stop $ID
+fi
+docker build -t bigbluebutton/b2 .
+
+docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935/tcp -p 5066:5066/tcp -p 3478:3478/udp -p 3478:3478 -v /home/firstuser/dev/bigbluebutton/bigbluebutton-html5:/root/bigbluebutton-html5 --cap-add=NET_ADMIN bigbluebutton/b2 -h 192.168.0.130 > /dev/null
+
+cat << HERE
+
+   docker exec -it `docker ps --format "{{.ID}}" --filter ancestor=bigbluebutton/b2` supervisorctl status
+   docker exec -it `docker ps --format "{{.ID}}" --filter ancestor=bigbluebutton/b2` /bin/bash
+
+HERE
+
+ID=`docker ps --format "{{.ID}}" --filter ancestor=bigbluebutton/b2`
diff --git a/setup.sh b/setup.sh
index e0701ef..9ab6427 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,13 +1,29 @@
 #!/bin/bash
+
+#
+# BlueButton open source conferencing system - http://www.bigbluebutton.org/
+#
+# Copyright (c) 2018 BigBlueButton Inc.
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+#
 set -x
 
 change_var_value () {
         sed -i "s<^[[:blank:]#]*\(${2}\).*<\1=${3}<" $1
 }
 
-# docker build -t ffdixon/play_win .
-# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935/tcp -p 5066:5066/tcp -p 2202:2202 -p 32750-32768:32750-32768/udp --cap-add=NET_ADMIN ffdixon/play_win -h 192.168.0.130
-# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935/tcp -p 5066:5066/tcp -p 2202:2202 -p 32750-32768:32750-32768/udp --cap-add=NET_ADMIN ffdixon/play_win -h 192.168.10.186
+# docker run -p 80:80/tcp -p 443:443/tcp -p 1935:1935 -p 5066:5066 -p 3478:3478 -p 3478:3478/udp b2 -h 192.168.0.130
 
 while getopts "eh:" opt; do
   case $opt in
@@ -21,8 +37,8 @@ while getopts "eh:" opt; do
     e)
       SECRET=$OPTARG
       ;;
-    :) 
-      echo "Missing option argument for -$OPTARG" >&2; 
+    :)
+      echo "Missing option argument for -$OPTARG" >&2;
       exit 1
       ;;
     \?)
@@ -48,38 +64,28 @@ while [ ! -f /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp ]; do sleep 1; done
 sudo /etc/init.d/tomcat7 stop
 
 
-# Setup loopback address so FreeSWITCH can bind WS-BIND-URL to host IP
-#
-sudo ip addr add $HOST dev lo
-
 # Setup the BigBlueButton configuration files
 #
 PROTOCOL_HTTP=http
 PROTOCOL_RTMP=rtmp
+
 IP=$(echo "$(LANG=c ifconfig  | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^et.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')$(LANG=c ifconfig  | awk -v RS="" '{gsub (/\n[ ]*inet /," ")}1' | grep ^en.* | grep addr: | head -n1 | sed 's/.*addr://g' | sed 's/ .*//g')" | head -n1)
 
-sed -i 's/<!-- <param name="rtp-start-port" value="16384"\/> -->/<param name="rtp-start-port" value="32750"\/>/g' /opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml
-sed -i 's/<!-- <param name="rtp-end-port" value="32768"\/> -->/<param name="rtp-end-port" value="32768"\/>/g' /opt/freeswitch/etc/freeswitch/autoload_configs/switch.conf.xml
+xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]/@data' --value "stun:coturn" /opt/freeswitch/conf/vars.xml
+xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_sip_ip=")]/@data' --value "stun:coturn" /opt/freeswitch/conf/vars.xml
+xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "local_ip_v4=")]/@data' --value "${IP}" /opt/freeswitch/conf/vars.xml
 
-sed -i "s/stun:stun.freeswitch.org/$HOST/g" /opt/freeswitch/etc/freeswitch/vars.xml
-sed -i "s/<X-PRE-PROCESS cmd=\"set\" data=\"local_ip_v4=.*//g" /opt/freeswitch/etc/freeswitch/vars.xml
+sed -i "s/proxy_pass .*/proxy_pass $PROTOCOL_HTTP:\/\/$IP:5066;/g" /etc/bigbluebutton/nginx/sip.nginx
 
-sed -i "s/ext-rtp-ip\" value=\"\$\${local_ip_v4/ext-rtp-ip\" value=\"\$\${external_rtp_ip/g" /opt/freeswitch/conf/sip_profiles/external.xml
-sed -i "s/ext-sip-ip\" value=\"\$\${local_ip_v4/ext-sip-ip\" value=\"\$\${external_sip_ip/g" /opt/freeswitch/conf/sip_profiles/external.xml
-sed -i "s/<param name=\"ws-binding\".*/<param name=\"ws-binding\"  value=\"$HOST:5066\"\/>/g" /opt/freeswitch/conf/sip_profiles/external.xml
-
-sed -i "s/proxy_pass .*/proxy_pass $PROTOCOL_HTTP:\/\/$HOST:5066;/g" /etc/bigbluebutton/nginx/sip.nginx
-
-sed -i "s/porttest host=\(\"[^\"]*\"\)/porttest host=rtmp://\"$HOST\"/g" /var/www/bigbluebutton/client/conf/config.xml
-sed -i "s/publishURI=\"[^\"]*\"/publishURI=\"$HOST\"/" /var/www/bigbluebutton/client/conf/config.xml
 sed -i "s/http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_HTTP:\/\/$HOST\2/g"  /var/www/bigbluebutton/client/conf/config.xml
 sed -i "s/rtmp[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/$PROTOCOL_RTMP:\/\/$HOST\2/g" /var/www/bigbluebutton/client/conf/config.xml
 
 sed -i "s/server_name  .*/server_name  $HOST;/g" /etc/nginx/sites-available/bigbluebutton
 
 sed -i "s/bigbluebutton.web.serverURL=http[s]*:\/\/.*/bigbluebutton.web.serverURL=$PROTOCOL_HTTP:\/\/$HOST/g" \
-                        /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
+  /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties
 
+# Update Java screen share configuration
 change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties streamBaseUrl rtmp://$HOST/screenshare
 change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpUrl $PROTOCOL_HTTP://$HOST/screenshare
 change_var_value /usr/share/red5/webapps/screenshare/WEB-INF/screenshare.properties jnlpFile $PROTOCOL_HTTP://$HOST/screenshare/screenshare.jnlp
@@ -88,38 +94,137 @@ change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.propertie
 change_var_value /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties freeswitch.ip $IP
 
 sed -i  "s/bbbWebAPI[ ]*=[ ]*\"[^\"]*\"/bbbWebAPI=\"${PROTOCOL_HTTP}:\/\/$HOST\/bigbluebutton\/api\"/g" \
-	/usr/share/bbb-apps-akka/conf/application.conf
+  /usr/share/bbb-apps-akka/conf/application.conf
 sed -i "s/bbbWebHost[ ]*=[ ]*\"[^\"]*\"/bbbWebHost=\"$HOST\"/g" \
-	/usr/share/bbb-apps-akka/conf/application.conf
+  /usr/share/bbb-apps-akka/conf/application.conf
 sed -i "s/deskshareip[ ]*=[ ]*\"[^\"]*\"/deskshareip=\"$HOST\"/g" \
-	/usr/share/bbb-apps-akka/conf/application.conf
+  /usr/share/bbb-apps-akka/conf/application.conf
 sed -i  "s/defaultPresentationURL[ ]*=[ ]*\"[^\"]*\"/defaultPresentationURL=\"${PROTOCOL_HTTP}:\/\/$HOST\/default.pdf\"/g" \
-	/usr/share/bbb-apps-akka/conf/application.conf
+  /usr/share/bbb-apps-akka/conf/application.conf
 
-# Fix to ensure application.conf has the latest shared secret
+cat > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini  << HERE
+; Only IP address are supported, not domain names for addresses
+; You have to find a valid stun server. You can check if it works
+; using this tool:
+;   http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
+;stunServerAddress=64.233.177.127
+;stunServerPort=19302
+
+turnURL=kurento:kurento@${HOST}:3478
+
+;pemCertificate is deprecated. Please use pemCertificateRSA instead
+;pemCertificate=<path>
+;pemCertificateRSA=<path>
+;pemCertificateECDSA=<path>
+HERE
+
+TURN_SECRET=`openssl rand -hex 16`
+
+# Configure coturn to handle incoming UDP connections
+cat > /etc/turnserver.conf << HERE
+denied-peer-ip=0.0.0.0-255.255.255.255
+allowed-peer-ip=$IP
+fingerprint
+lt-cred-mech
+use-auth-secret
+static-auth-secret=$TURN_SECRET
+user=user:password
+log-file=/var/log/turn.log
+HERE
+
+# Setup tomcat7 to share the TURN server information with clients (with matching secret)
+cat > /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/spring/turn-stun-servers.xml << HERE
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+   <bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
+      <constructor-arg index="0" value="$TURN_SECRET" />
+      <constructor-arg index="1" value="turn:$HOST:3478" />
+      <constructor-arg index="2" value="86400" />
+   </bean>
+   <bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
+      <constructor-arg index="0" value="$TURN_SECRET" />
+      <constructor-arg index="1" value="turn:$HOST:3478?transport=tcp" />
+      <constructor-arg index="2" value="86400" />
+   </bean>
+   <bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
+      <property name="stunServers">
+         <set />
+      </property>
+      <property name="turnServers">
+         <set>
+            <ref bean="turn0" />
+            <ref bean="turn1" />
+         </set>
+      </property>
+      <property name="remoteIceCandidates">
+         <set />
+      </property>
+   </bean>
+</beans>
+HERE
+
+cat > /opt/freeswitch/conf/autoload_configs/acl.conf.xml << HERE
+<configuration name="acl.conf" description="Network Lists">
+  <network-lists>
+    <list name="domains" default="allow">
+      <!-- domain= is special it scans the domain from the directory to build the ACL -->
+      <node type="allow" domain="\$\${domain}"/>
+      <!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
+      <!-- <node type="allow" cidr="192.168.0.0/24"/> -->
+    </list>
+
+    <list name="webrtc-turn" default="deny">
+      <node type="allow" cidr="$IP/32"/>
+    </list>
+
+  </network-lists>
+</configuration>
+HERE
+
+
+# Ensure bbb-apps-akka has the latest shared secret from bbb-web
 SECRET=$(cat /var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties | grep -v '#' | grep securitySalt | cut -d= -f2);
 sed -i "s/sharedSecret[ ]*=[ ]*\"[^\"]*\"/sharedSecret=\"$SECRET\"/g" \
-	/usr/share/bbb-apps-akka/conf/application.conf
+  /usr/share/bbb-apps-akka/conf/application.conf
 
 sed -i "s/BigBlueButtonURL = \"http[s]*:\/\/\([^\"\/]*\)\([\"\/]\)/BigBlueButtonURL = \"$PROTOCOL_HTTP:\/\/$HOST\2/g" \
-                        /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
+  /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp
 
 sed -i "s/playback_host: .*/playback_host: $HOST/g" /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml
 
 sed -i 's/daemonize no/daemonize yes/g' /etc/redis/redis.conf
 
+sed -i "s|\"wsUrl.*|\"wsUrl\": \"ws://$HOST/bbb-webrtc-sfu\",|g" \
+  /usr/share/meteor/bundle/programs/server/assets/app/config/settings-production.json
+
 rm /usr/share/red5/log/sip.log
 
 # Add a sleep to each recording process so we can restart with supervisord
+# (This works around the limitation that supervisord can't restart after intervals)
 sed -i 's/BigBlueButton.logger.debug("rap-archive-worker done")/sleep 20; BigBlueButton.logger.debug("rap-archive-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-archive-worker.rb
-
 sed -i 's/BigBlueButton.logger.debug("rap-process-worker done")/sleep 20; BigBlueButton.logger.debug("rap-process-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-process-worker.rb
-
-sed -i 's/BigBlueButton.logger.debug("rap-sanity-worker done")/sleep 20; BigBlueButton.logger.debug("rap-sanity-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-sanity-worker.rb
-
-sed -i 's/BigBlueButton.logger.debug("rap-publish-worker done")/sleep 20; BigBlueButton.logger.debug("rap-publish-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-publish-worker.rb 
+sed -i 's/BigBlueButton.logger.debug("rap-sanity-worker done")/sleep 20 ; BigBlueButton.logger.debug("rap-sanity-worker done")/g'  /usr/local/bigbluebutton/core/scripts/rap-sanity-worker.rb
+sed -i 's/BigBlueButton.logger.debug("rap-publish-worker done")/sleep 20; BigBlueButton.logger.debug("rap-publish-worker done")/g' /usr/local/bigbluebutton/core/scripts/rap-publish-worker.rb
 
 # Start BigBlueButton!
 #
-/usr/bin/supervisord
+
+export NODE_ENV=production
+
+export DAEMON_LOG=/var/log/kurento-media-server
+export GST_DEBUG="3,Kurento*:4,kms*:4"
+export KURENTO_LOGS_PATH=$DAEMON_LOG
+
+cat << HERE
+
+BigBlueButton is now starting up at this address
+
+  http://$HOST
+
+HERE
+
+updatedb
+exec /usr/bin/supervisord > /var/log/supervisord.log
 
diff --git a/supervisord.conf b/supervisord.conf
index bd2e68f..f6fcba7 100644
--- a/supervisord.conf
+++ b/supervisord.conf
@@ -77,11 +77,25 @@ stderr_logfile=/var/log/supervisor/%(program_name)s.log
 user=mongodb
 autorestart=true
 
+[program:bbb-webrtc-sfu]
+command=/usr/bin/node server.js
+directory=/usr/local/bigbluebutton/bbb-webrtc-sfu
+user=bigbluebutton
+group=bigbluebutton
+autorestart=true
+
+[program:kurento-media-server]
+command=/usr/bin/kurento-media-server
+directory=/usr/share/meteor/bundle
+user=kurento
+group=kurento
+autorestart=true
+
 [program:bbb-html5]
 command=/usr/share/meteor/bundle/systemd_start.sh
 directory=/usr/share/meteor/bundle
-user=meteor
-group=meteor
+#user=meteor
+#group=meteor
 autorestart=true
 
 [program:tomcat7]
@@ -89,3 +103,10 @@ startsecs = 0
 autorestart = false
 user=tomcat7
 command=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin/java -Djava.util.logging.config.file=/var/lib/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC -Xms256m -Xmx256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -Djava.endorsed.dirs=/usr/share/tomcat7/endorsed -classpath /usr/share/tomcat7/bin/bootstrap.jar:/usr/share/tomcat7/bin/tomcat-juli.jar -Dcatalina.base=/var/lib/tomcat7 -Dcatalina.home=/usr/share/tomcat7 -Djava.io.tmpdir=/tmp/tomcat7-tomcat7-tmp org.apache.catalina.startup.Bootstrap start
+
+[program:coturn]
+startsecs = 0
+autorestart = false
+user=turnserver
+command=/usr/bin/turnserver -c /etc/turnserver.conf -u kurento:kurento
+