by default docker should use the prebuilt images.

in same cases docker still tries to build it, exceeding the RAM requirement and often failing due to the missing submodules

.gitignore

@@ -1,4 +1,5 @@
 docker-compose.yml 
+docker-compose.override.yml
 
 # IDEA generated
 .idea
@@ -14,3 +15,4 @@ docker-compose.yml
 # App generated
 .env
 postgres-data
+greenlight-data

.gitmodules

@@ -1,9 +1,24 @@
-[submodule "bbb-webrtc-sfu"]
+[submodule "repos/bbb-etherpad-skin"]
-	path = mod/webrtc-sfu/bbb-webrtc-sfu
+	path = repos/bbb-etherpad-skin
-	url = https://github.com/bigbluebutton/bbb-webrtc-sfu.git
-[submodule "mod/etherpad/bbb-etherpad-skin"]
-	path = mod/etherpad/bbb-etherpad-skin
 	url = https://github.com/alangecker/bbb-etherpad-skin
-[submodule "mod/etherpad/bbb-etherpad-plugin"]
+[submodule "repos/bbb-etherpad-plugin"]
-	path = mod/etherpad/bbb-etherpad-plugin
+	path = repos/bbb-etherpad-plugin
 	url = https://github.com/alangecker/bbb-etherpad-plugin
+[submodule "repos/bbb-webhooks"]
+	path = repos/bbb-webhooks
+	url = https://github.com/bigbluebutton/bbb-webhooks
+[submodule "repos/bbb-playback"]
+	path = repos/bbb-playback
+	url = https://github.com/bigbluebutton/bbb-playback
+[submodule "repos/freeswitch"]
+	path = repos/freeswitch
+	url = https://github.com/signalwire/freeswitch.git
+[submodule "repos/bigbluebutton"]
+	path = repos/bigbluebutton
+	url = https://github.com/bigbluebutton/bigbluebutton.git
+[submodule "repos/bbb-webrtc-sfu"]
+	path = repos/bbb-webrtc-sfu
+	url = https://github.com/bigbluebutton/bbb-webrtc-sfu.git
+[submodule "repos/bbb-pads"]
+	path = repos/bbb-pads
+	url = https://github.com/bigbluebutton/bbb-pads.git

CHANGELOG.md

@@ -1,6 +1,52 @@
 # Changelog
 
 ## Unreleased
+- BigBlueButton 2.7.3 @alangecker
+
+
+## Release v2.7.0 (2023-09)
+- BigBlueButton 2.7.0 @alangecker [#291](https://github.com/bigbluebutton/docker/pull/291)
+- Update to ComposeV2 @leonidas-o [#271](https://github.com/bigbluebutton/docker/pull/271)
+- recordings: fix for missing `SHARED_SECRET` @ichdasich [#274](https://github.com/bigbluebutton/docker/issues/274) [#268](https://github.com/bigbluebutton/docker/issues/268)
+- Add RESOLVER_ADDRESS to env for docker-nginx-auto-ssl @pkolmann [#277](https://github.com/bigbluebutton/docker/pull/277)
+- Fix learning-dashboard @yanus [#262](https://github.com/bigbluebutton/docker/pull/262)
+
+## Release v2.6.0-2 (2023-04-04)
+- hotfix for broken freeswitch container due to enabled compresion with max file count == 1 [#260](https://github.com/bigbluebutton/docker/issues/260)
+
+## Release v2.6.0 (2023-04-03)
+- **Breaking change:** Greenlight v3 (see [upgrade note](docs/upgrading.md) @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255) 
+- BigBlueButton v2.6 @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255) 
+- Set client_max_body_size for greenlight @nr23730 [#252](https://github.com/bigbluebutton/docker/pull/252)
+- self building freeswitch (applying patches and independent from external apt repos) @alangecker
+- reduce amount of logs with senstivie data @alangecker
+
+## Release v2.5.8 (2022-11-06)
+- BBB 2.5.8 @alangecker [#238](https://github.com/bigbluebutton/docker/pull/238)
+- recordings: fix for missing ffmpeg filter @alangecker [#235](https://github.com/bigbluebutton/docker/issues/235) [#230](https://github.com/bigbluebutton/docker/pull/230)
+
+## Release v2.5.0 (2022-06-10)
+- BigBlueButton v2.5 @alangecker [#207](https://github.com/bigbluebutton/docker/pull/207)
+- central `tags.env` file with the tag names of most BBB components @alangecker
+- Usage of [official docker build images](https://gitlab.senfcall.de/senfcall-public/docker-bbb-build) for building @alangecker
+- publish docker images @alangecker [#174](https://github.com/bigbluebutton/docker/issues/174)
+- etherpad: enforce bbb-pads session handling @pedrobmarin [#211](https://github.com/bigbluebutton/docker/pull/211)
+- etherpad: avoid icons overlapping @pedrobmarin [#210](https://github.com/bigbluebutton/docker/pull/210)
+- fix recordings which include presentation polls @lightweight [#205](https://github.com/bigbluebutton/docker/pull/205)
+
+## Release v2.4.5 (2022-03-24)
+- Applied BBB v2.4.5 changes @alangecker 
+- New mute & unmute sounds by senfcall
+- Update etherpad @pedrobmarin [#202](https://github.com/bigbluebutton/docker/pull/202)
+- Use own freeswitch mirror instead of the official login-only one @alangecker [#203](https://github.com/bigbluebutton/docker/issues/203)
+- Ignore docker-compose.override.yml @dorianim [#183](https://github.com/bigbluebutton/docker/pull/183)
+
+## Release v2.4.4 (2022-02-23)
+- Applied v2.4.4 changes @alangecker [#195](https://github.com/bigbluebutton/docker/pull/195)
+- Update Russian sound announcement examples @lexuzieel [#196](https://github.com/bigbluebutton/docker/pull/196)
+- fix for presentation slides not displayed if they contain type 3 fonts @rottaran  [#191](https://github.com/bigbluebutton/docker/pull/191)
+
+## Release v2.4.0 (2021-12-29)
 - BigBlueButton v2.4 @alangecker [#159](https://github.com/bigbluebutton/docker/pull/159)
 - **Breaking change:** change nginx port from `8080` to `48087`. see [upgrade note](docs/upgrading.md) @alangeker [#133](https://github.com/bigbluebutton/docker/issues/133)
 - Enable optimization for Prometheus Exporter when recording is enabled @omidmaldar [#161](https://github.com/bigbluebutton/docker/pull/161)

README.md

@@ -1,9 +1,9 @@
 <img width="1012" alt="bbb-docker-banner" src="https://user-images.githubusercontent.com/1273169/141153216-0386cd4e-0aaf-473a-8f42-a048e52ed0d7.png">
 
 
-# 📦 BigBlueButton 2.4 Docker
+# 📦 BigBlueButton 2.7 Docker
 
-Version: 2.4.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
+Version: 2.7.3 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues)
 
 ## Features
 - Easy installation
@@ -13,24 +13,32 @@ Version: 2.4.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
 - Full IPv6 support
 - Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
 
+## Requirements
+- 4GB of RAM
+- Linux (it will not work under WSL)
+- Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
+- Public IPv4 (expect issues with a firewall / NAT)
+
 ## What is not implemented yet
 - bbb-lti
 
 ## Install
-1. Install docker-ce & docker-compose
+1. Install docker-ce & docker-compose-plugin
     1. follow instructions
         * Debian: https://docs.docker.com/engine/install/debian/
         * CentOS: https://docs.docker.com/engine/install/centos/
         * Fedora: https://docs.docker.com/engine/install/fedora/
         * Ubuntu: https://docs.docker.com/engine/install/ubuntu/
     2. Ensure docker works with `$ docker run hello-world`
-    3. Install docker-compose: https://docs.docker.com/compose/install/
+    3. Install docker compose V2: https://docs.docker.com/compose/install/
-    4. Ensure docker-compose works and that you use a version ≥ 1.28 : `$ docker-compose --version`
+    4. Ensure docker compose works and that you use a version ≥ 1.28 : `$ docker compose --version`
 2. Clone this repository
    ```sh
-   $ git clone -b main --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-docker
+   $ git clone https://github.com/bigbluebutton/docker.git bbb-docker
    $ cd bbb-docker
-   $ git submodule update --init
+
+   # use the more stable main branch (sometimes older)
+   $ git checkout main 
    ```
 3. Run setup:
    ```bash
@@ -44,11 +52,11 @@ Version: 2.4.0 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigblue
    ```
 5. Start containers:
     ```bash
-    $ docker-compose up -d
+    $ docker compose up -d --no-build
     ```
 6. If you use greenlight, you can create an admin account with:
     ```bash
-    $ docker-compose exec greenlight bundle exec rake admin:create
+    $ docker compose exec greenlight bundle exec rake admin:create
     ```
 
 ## Further How-To's

docker-compose.tmpl.yml

@@ -1,5 +1,5 @@
 {{/* if you read this, you can ignore the following lines */}}
-# auto generated by ./scripts/generate
+# auto generated by ./scripts/generate-compose
 # don't edit this directly.
 {{/* -------- */}}
 
@@ -7,8 +7,14 @@ version: '3.6'
 
 # html5 templates
 x-html5-backend: &html5backend
-  build: mod/html5
+  build: 
-  image: bbb-html5
+    context: mod/html5
+    additional_contexts:
+      - source=./repos/bigbluebutton/bigbluebutton-html5
+    args:
+      BBB_BUILD_TAG: bbb27-2023-06-13-java17
+      TAG_BBB: {{ .Env.TAG_BBB }}
+  image: alangecker/bbb-docker-html5:{{ .Env.TAG_BBB }}
   restart: unless-stopped
   depends_on:
     - redis
@@ -17,7 +23,6 @@ x-html5-backend: &html5backend
   environment: &html5backend-env
     DOMAIN: ${DOMAIN}
     CLIENT_TITLE: ${CLIENT_TITLE}
-    ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
     LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true}
     DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false}
     AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false}
@@ -39,11 +44,20 @@ x-html5-frontend: &html5frontend
 
 services:
   bbb-web:
-    build: mod/bbb-web
+    build: 
+      context: mod/bbb-web
+      additional_contexts:
+        - src-web=./repos/bigbluebutton/bigbluebutton-web
+        - src-common-message=./repos/bigbluebutton/bbb-common-message
+        - src-common-web=./repos/bigbluebutton/bbb-common-web
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
         - redis
         - etherpad
+        - bbb-pads
     healthcheck:
       test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
       start_period: 2m
@@ -62,7 +76,6 @@ services:
     volumes:
       - bigbluebutton:/var/bigbluebutton
       - vol-freeswitch:/var/freeswitch/meetings
-      - vol-kurento:/var/kurento
     networks:
       bbb-net:
         ipv4_address: 10.7.7.2
@@ -94,7 +107,16 @@ services:
 
 
   freeswitch:
-    build: mod/freeswitch
+    container_name: bbb-freeswitch
+    build: 
+      context: mod/freeswitch
+      additional_contexts:
+        - freeswitch=./repos/freeswitch/
+        - build-files=./repos/bigbluebutton/build/packages-template/bbb-freeswitch-core/
+        - fs-config=./repos/bigbluebutton/bbb-voice-conference/config/freeswitch/conf/
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FREESWITCH }}-{{ .Env.TAG_BBB }}
     restart: unless-stopped
     cap_add:
       - IPC_LOCK
@@ -117,9 +139,23 @@ services:
       - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker
       - vol-freeswitch:/var/freeswitch/meetings
     network_mode: host
+    logging:
+      # reduce logs to a minimum, so `docker compose logs -f` still works
+      driver: "local"
+      options:
+        max-size: "10k"
+        max-file: "1"
+        compress: "false"
 
   nginx:
-    build: mod/nginx
+    build:
+      context: mod/nginx
+      additional_contexts:
+        - src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard
+        - src-playback=./repos/bbb-playback
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-nginx:1.23-{{ .Env.TAG_PLAYBACK }}-{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - etherpad
@@ -134,11 +170,19 @@ services:
       - "host.docker.internal:10.7.7.1"
       - "bbb-web:10.7.7.2"
       - "etherpad:10.7.7.4"
-      - "webrtc-sfu:10.7.7.10"
+      - "webrtc-sfu:10.7.7.1"
       - "html5:10.7.7.11"
+      - "greenlight:10.7.7.21"
 
   etherpad:
-    build: mod/etherpad
+    build: 
+      context: mod/etherpad
+      additional_contexts:
+        - plugin=./repos/bbb-etherpad-plugin
+        - skin=./repos/bbb-etherpad-skin
+      args:
+        TAG_ETHERPAD: "1.9.1"
+    image: alangecker/bbb-docker-etherpad:1.9.1-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
     restart: unless-stopped
     depends_on:
       - redis
@@ -148,8 +192,24 @@ services:
       bbb-net:
         ipv4_address: 10.7.7.4
 
+  bbb-pads:
+    build: 
+      context: mod/bbb-pads
+      additional_contexts:
+        - src=./repos/bbb-pads
+    image: alangecker/bbb-docker-pads:{{ .Env.TAG_PADS }}
+    restart: unless-stopped
+    depends_on:
+      - redis
+      - etherpad
+    environment:
+      ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
+    networks:
+      bbb-net:
+        ipv4_address: 10.7.7.18
+
   redis:
-    image: redis:6.2-alpine
+    image: redis:7.2-alpine
     restart: unless-stopped
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
@@ -161,6 +221,7 @@ services:
         ipv4_address: 10.7.7.5
 
   mongodb:
+    container_name: bbb-mongodb
     image: mongo:4.4
     restart: unless-stopped
     volumes:
@@ -176,51 +237,64 @@ services:
       bbb-net:
         ipv4_address: 10.7.7.6
 
+  #  TODO: remove as soon as not required anymore by webrtc-sfu
   kurento:
-    image: kurento/kurento-media-server:6.16
+    image: kurento/kurento-media-server:6.18
     restart: unless-stopped
-    environment:
-      KMS_STUN_IP: ${STUN_IP}
-      KMS_STUN_PORT: ${STUN_PORT}
-      KMS_MIN_PORT: 24577
-      KMS_MAX_PORT: 32768
-      KMS_TURN_URL:
-      KMS_NETWORK_INTERFACES: ${NETWORK_INTERFACE:-}
-      GST_DEBUG: 3,Kurento*:4,kms*:4,KurentoWebSocketTransport:5
     network_mode: host
     volumes:
       - vol-kurento:/var/kurento
 
   webrtc-sfu:
-    build:  mod/webrtc-sfu
+    build: 
+      context: mod/webrtc-sfu
+      additional_contexts:
+        - source=./repos/bbb-webrtc-sfu
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-webrtc-sfu:{{ .Env.TAG_WEBRTC_SFU }}
     restart: unless-stopped
     depends_on:
       - redis
+      - freeswitch
       - kurento
     environment:
-      CLIENT_HOST: 0.0.0.0
+      CLIENT_HOST: 10.7.7.1
-      KURENTO_NAME: kurento
+      REDIS_HOST: 10.7.7.5
-      REDIS_HOST: redis
+      FREESWITCH_IP: 10.7.7.1
-      FREESWITCH_IP: host.docker.internal
       FREESWITCH_SIP_IP: ${EXTERNAL_IPv4}
-      ESL_IP: host.docker.internal
+      MCS_HOST: 0.0.0.0
+      MCS_ADDRESS: 127.0.0.1
+      ESL_IP: 10.7.7.1
       ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
-      LOG_LEVEL: info
+      # TODO: add mediasoup IPv6
-      NODE_CONFIG: '{"kurento":[{"ip":"${EXTERNAL_IPv4}","url":"ws://kurento:8888/kurento"}]}'
+      # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487
-    ports:
+    {{ if .Env.EXTERNAL_IPv6 }}
-      - "127.0.0.1:3008:3008"
+      MS_WEBRTC_LISTEN_IPS: '[{"ip":"{{ .Env.EXTERNAL_IPv6 }}", "announcedIp":"{{ .Env.EXTERNAL_IPv6 }}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
-    extra_hosts:
+    {{else}}
-      - host.docker.internal:10.7.7.1
+      MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
-      - kurento:10.7.7.1
+    {{end}}
-    networks:
+      MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}'
-      bbb-net:
+    volumes:
-        ipv4_address: 10.7.7.10
+      - vol-mediasoup:/var/mediasoup
+    tmpfs:
+      - /var/log/bbb-webrtc-sfu
+    network_mode: host
 
   fsesl-akka:
-    build: mod/fsesl-akka
+    build: 
+      context: mod/fsesl-akka
+      additional_contexts:
+        - src-common-message=./repos/bigbluebutton/bbb-common-message
+        - src-fsesl-client=./repos/bigbluebutton/bbb-fsesl-client
+        - src-fsesl-akka=./repos/bigbluebutton/akka-bbb-fsesl
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - redis
+      - freeswitch
     environment:
       FSESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
     networks:
@@ -228,7 +302,14 @@ services:
         ipv4_address: 10.7.7.14
 
   apps-akka:
-    build: mod/apps-akka
+    build: 
+      context: mod/apps-akka
+      additional_contexts:
+        - src-common-message=./repos/bigbluebutton/bbb-common-message
+        - src-apps-akka=./repos/bigbluebutton/akka-bbb-apps
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+    image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - redis
@@ -243,6 +324,9 @@ services:
 
   jodconverter:
     build: mod/jodconverter
+    image: alangecker/bbb-docker-jodconverter:latest
+    security_opt:
+      - 'no-new-privileges:true'
     restart: unless-stopped
     tmpfs:
       - /tmp
@@ -256,12 +340,14 @@ services:
 
   periodic:
     build: mod/periodic
+    image: alangecker/bbb-docker-periodic:v2.7.0
     restart: unless-stopped
     depends_on:
       - mongodb
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - bigbluebutton:/var/bigbluebutton
+      - vol-mediasoup:/var/mediasoup
     tmpfs:
       - /var/log/bigbluebutton
     environment:
@@ -275,15 +361,27 @@ services:
 {{ if isTrue .Env.ENABLE_RECORDING }}
   # recordings
   recordings:
-    build: mod/recordings
+    build: 
+      context: mod/recordings
+      additional_contexts:
+        - record-core=./repos/bigbluebutton/record-and-playback/core
+        - presentation=./repos/bigbluebutton/record-and-playback/presentation
+        - bbb-conf=./repos/bigbluebutton/bigbluebutton-config
+      args:
+        BBB_BUILD_TAG: bbb27-2023-06-13-java17
+        TAG_BBB_PRESENTATION_VIDEO: "4.0.3"
+    image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
     restart: unless-stopped
     depends_on:
       - redis
+      - bbb-pads
     environment:
       DOMAIN: ${DOMAIN}
+      SHARED_SECRET: ${SHARED_SECRET}
     volumes:
       - bigbluebutton:/var/bigbluebutton
       - vol-freeswitch:/var/freeswitch/meetings
+      - vol-mediasoup:/var/mediasoup
       - vol-kurento:/var/kurento
     tmpfs:
       - /var/log/bigbluebutton
@@ -296,7 +394,11 @@ services:
 {{ if isTrue .Env.ENABLE_WEBHOOKS }}
   # webhooks
   webhooks:
-    build: mod/webhooks
+    build: 
+      context: mod/webhooks
+      additional_contexts:
+        - src=./repos/bbb-webhooks
+    image: alangecker/bbb-docker-webhooks:{{ .Env.TAG_WEBHOOKS }}
     restart: unless-stopped
     environment:
       DOMAIN: ${DOMAIN}
@@ -320,19 +422,24 @@ services:
     {{else}}
       - ./mod/https/site-ipv4only.conf:/etc/nginx/conf.d/bbb-docker.conf
     {{end}}
+    {{ if isTrue .Env.DEV_MODE }}
+      # allow bbb api access without https
+      - ./mod/https/force-https.conf:/usr/local/openresty/nginx/conf/force-https.conf
+    {{end}}
     environment:
       {{ if isTrue .Env.DEV_MODE }}
       ALLOWED_DOMAINS: ""
       {{else}}
       ALLOWED_DOMAINS: ${DOMAIN}
       {{end}}
+      RESOLVER_ADDRESS: ${RESOLVER_ADDRESS:-9.9.9.9}
     network_mode: host
 {{end}}
 
 {{ if isTrue .Env.ENABLE_COTURN }}
   # coturn
   coturn:
-    image: instrumentisto/coturn:4.5
+    image: coturn/coturn:4.6-alpine
     restart: unless-stopped
     command:
       - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
@@ -349,6 +456,7 @@ services:
       - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
     environment:
       ENABLE_HTTPS_PROXY:
+    user: root
     network_mode: host
 {{end}}
 
@@ -356,29 +464,35 @@ services:
 {{ if isTrue .Env.ENABLE_GREENLIGHT }}
   # greenlight
   greenlight:
-    image: bigbluebutton/greenlight:v2
+    image: bigbluebutton/greenlight:v3.0.6.1
     restart: unless-stopped
     env_file: .env
+    depends_on:
+      - postgres
+      - redis
+
     environment:
-      DB_ADAPTER: postgresql
+      DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
-      DB_HOST: postgres
+      REDIS_URL: redis://redis:6379
-      DB_NAME: greenlight
-      DB_USERNAME: postgres
-      DB_PASSWORD: ${POSTGRESQL_SECRET:-password}
       {{ if isTrue .Env.DEV_MODE }}
-      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48087/bigbluebutton/api/
+      BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1/bigbluebutton/api
       {{else}}
-      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api/
+      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
       {{end}}
       BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
       SECRET_KEY_BASE: ${RAILS_SECRET}
-    ports:
+      RELATIVE_URL_ROOT: /
-      - 10.7.7.1:5000:80
+    volumes:
+       - ./greenlight-data:/usr/src/app/storage
+    networks:
+      bbb-net:
+        ipv4_address: 10.7.7.21
+
   postgres:
     image: postgres:12-alpine
     restart: unless-stopped
     environment:
-      POSTGRES_DB: greenlight
+      POSTGRES_DB: greenlight-v3
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
     healthcheck:
@@ -388,12 +502,15 @@ services:
       retries: 5
     volumes:
       - ./postgres-data:/var/lib/postgresql/data
+    networks:
+      bbb-net:
+        ipv4_address: 10.7.7.22
 {{end}}
 
 {{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
   # prometheus
   prometheus-exporter:
-    image: greenstatic/bigbluebutton-exporter:v0.7.0-preview2
+    image: greenstatic/bigbluebutton-exporter:latest
     restart: unless-stopped
     environment:
       API_BASE_URL: http://10.7.7.1:48087/bigbluebutton/api/
@@ -406,6 +523,11 @@ services:
     volumes:
       - bigbluebutton:/var/bigbluebutton:ro
     {{end}}
+
+    # the exporter requires /etc/bigbluebutton/bigbluebutton-release
+    tmpfs:
+      - /etc/bigbluebutton
+    entrypoint: sh -c 'echo "BIGBLUEBUTTON_RELEASE=2.7.3" > /etc/bigbluebutton/bigbluebutton-release && python server.py'
 {{end}}
 
 
@@ -413,6 +535,7 @@ volumes:
   bigbluebutton:
   vol-freeswitch:
   vol-kurento:
+  vol-mediasoup:
   html5-static:
 {{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
   ssl_data:

docs/development.md

@@ -1,5 +1,13 @@
 # bbb-docker Development
 
+## Basics
+normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out:
+
+```sh
+$ git submodule update --init
+```
+
+
 ## Running
 you can run bbb-docker locally without any certificate issues with following `.env` configurations:
 
@@ -22,7 +30,7 @@ TURN_SERVER=turns:localhost:5349?transport=tcp
 TURN_SECRET=SuperTurnSecret
 SHARED_SECRET=SuperSecret
 ETHERPAD_API_KEY=SuperEtherpadKey
-RAILS_SECRET=SuperRailsSecret
+RAILS_SECRET=SuperRailsSecret_SuperRailsSecret
 
 # ====================================
 # CUSTOMIZATION
@@ -33,38 +41,37 @@ RAILS_SECRET=SuperRailsSecret
 
 - regenerate `docker-compose.yml` \
   `$ ./scripts/generate-compose`
+- build the images \
+  `$ docker compose build`
 - you can than start it with \
-  `$ docker-compose up -d`
+  `$ docker compose up -d`
 - view the logs with \
-  `$ docker-compose logs -f`
+  `$ docker compose logs -f`
 - and access the API via \
   https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
     * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
 
 
 ## Notes
-- Joining a room via Greenlight currently leads to a "401 session not found" error (see https://github.com/alangecker/bigbluebutton-docker/issues/66). Use the API Mate instead
+- Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode
 
 ## Changes
 - After doing some changes you usually must...
   - recreate `docker-compose.yml` \
     `$ ./scripts/generate-compose`
   * rebuild the image(s): \
-    `$ docker-compose build [containername]`
+    `$ docker compose build [containername]`
   * restart changes image(s): \
-    `$ docker-compose up -d`
+    `$ docker compose up -d`
 
 
 ## How to do create a new update for a newer BBB release?
 This always consists out of following steps
 1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \
-    * Sometimes there are changes made which are not accessible in the [bigbluebutton/bigbluebutton](https://github.com/bigbluebutton/bigbluebutton) repo, so you should rather look through all the related commits in [alangecker/bbb-packages](https://github.com/alangecker/bbb-packages/commits/master)
+    * main source for that are the release notes in https://github.com/bigbluebutton/bigbluebutton/releases
-    * Before being overwhelmed: All these compiled `.js`,`.class`,etc. files are irrelevant to check! :)
 2. **Apply these changes to this project.** 
-    * Quite often you only need to set `TAG` to the corresponding release tag in [bigbluebutton/bigbluebutton](https://github.com/bigbluebutton/bigbluebutton) like `v2.2.31`. To avoid the unnecessary recreation of images, only change the TAG of those components, which actually received a change.
+    * Often you only need to checkout the git submodules to the specific release tag
-    * New config variables are also quite common
+      * List of all submodules: `git submodule`   
-    * don't forget to checkout a newer version of `bbb-webrtc-sfu` if it also happened in the release. you can find out what the current version is [here](https://github.com/alangecker/bbb-packages/blob/v2.3.x/bbb-webrtc-sfu/data/usr/local/bigbluebutton/bbb-webrtc-sfu/package.json)
-    * if available, you can also think about switching to more recent images of kurento, etherpad, nginx, etc.
 3. Test everything (with firefox **and** chromium/chrome)
     * Audio
     * Video

docs/network-config.md

@@ -4,6 +4,7 @@ Services as configured.
 |Service | Network | IP address | Other Option |
 --- | --- | --- | --- 
 | bbb-web | bbb-net | 10.7.7.2 |
+| bbb-pads | bbb-net | 10.7.7.18 |
 | html5-backend-{{$i}} | bbb-net | 10.7.7.{{add 100 $i}}| Port {{ add 4000 $i }}
 | html5-frontend-{{$i}}| bbb-net | 10.7.7.{{add 200 $i}}| Port {{ add 4100 $i }}
 | freeswitch| network_mode: host | |
@@ -12,7 +13,7 @@ Services as configured.
 | redis | bbb-net | 10.7.7.5|
 | mongodb | bbb-net | 10.7.7.6|
 | kurento | network-mode: host | |
-| webrtc-sfu | bbb-net | 10.7.7.10|     ports:      - "127.0.0.1:3008:3008" <br />    extra_hosts:<br />      - host.docker.internal:10.7.7.1<br />      - kurento:10.7.7.1
+| webrtc-sfu | bbb-net |  | network_mode: host
 | fsesl-akka | bbb-net | 10.7.7.14 |
 | apps-akka | bbb-net | 10.7.7.15 |
 | libreoffice | bbb-net | 10.7.7.7 |

docs/upgrading.md

@@ -1,11 +1,16 @@
 # How To Upgrade bbb-docker
 
-### Upgrading `v2.3.x` -> `v2.4.x`
+
-*Breaking change:* The nginx port changes from `8080` to the less common port `48087`, to avoid port conflicts (see [#133](https://github.com/bigbluebutton/docker/issues/133)). If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
+### Upgrading from `v2.5.x`
+
+- *Breaking change:* Greenlight got fully rewritten
+    * it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
+    * some greenlight settings under `.env` have changed. compare your version with `sample.env`
+    * it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
 
 apart from that follow the guide below.
 
-### within `v2.4.x` or `v2.3.x`
+### from `v2.6.x` or within `v2.7.x`
 #### Backup
 if you use greenlight, create a database backup first
 ```bash
@@ -18,5 +23,5 @@ docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`d
 ./scripts/upgrade
 
 # restart updated services
-docker-compose up -d
+docker compose up -d
 ```

mod/apps-akka/Dockerfile

@@ -1,22 +1,16 @@
-FROM mozilla/sbt:8u212_1.2.8 AS builder
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
-RUN apt-get update && apt-get install -y subversion
+COPY --from=src-common-message / /bbb-common-message
-
-# download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.4.0
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
-    && rm -rf /bbb-common-message/.svn
-
-# compile bbb-common-message
-RUN cd /bbb-common-message \
- && ./deploy.sh 
 
+# build bbb-common-message
+RUN cd /bbb-common-message && ./deploy.sh
 
 # ===================================================
 
-ENV TAG v2.4.0
+ARG TAG_APPS_AKKA
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-apps /source \
+
-    && rm -rf /source/.svn
+COPY --from=src-apps-akka / /source
 
 # compile and unzip bin
 RUN cd /source \
@@ -25,24 +19,12 @@ RUN cd /source \
 
 # ===================================================
 
-FROM openjdk:8-jre-slim-bullseye
+FROM alangecker/bbb-docker-base-java
-
-RUN apt update && apt-get install -y wget gosu
-
-# install dockerize
-ENV DOCKERIZE_VERSION v0.6.1
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
-
-RUN groupadd -g 998 bigbluebutton \
-    && useradd -m -u 998 -g bigbluebutton bigbluebutton
 
 COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka
 COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl
 COPY logback.xml /bbb-apps-akka/conf/logback.xml
+COPY entrypoint.sh /entrypoint.sh
 
-WORKDIR /bbb-apps-akka
+USER bigbluebutton
-CMD dockerize \
+ENTRYPOINT /entrypoint.sh
-    -template /etc/bigbluebutton/bbb-apps-akka.conf.tmpl:/etc/bigbluebutton/bbb-apps-akka.conf \
-    gosu bigbluebutton /bbb-apps-akka/bin/bbb-apps-akka

mod/apps-akka/bbb-apps-akka.conf

@@ -6,8 +6,8 @@ redis {
 }
 
 services {
-  bbbWebAPI="https://{{ .Env.DOMAIN }}/bigbluebutton/api"
+  bbbWebAPI="https://DOMAIN/bigbluebutton/api"
-  sharedSecret="{{ .Env.SHARED_SECRET }}"
+  sharedSecret="SHARED_SECRET"
 }
 http {
   interface = "0.0.0.0"

mod/apps-akka/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh -e
+
+TARGET=/etc/bigbluebutton/bbb-apps-akka.conf
+cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET
+sed -i "s/DOMAIN/$DOMAIN/" $TARGET
+sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET
+
+cd /bbb-apps-akka
+/bbb-apps-akka/bin/bbb-apps-akka

mod/base-java/Dockerfile

@@ -0,0 +1,24 @@
+FROM eclipse-temurin:17-jre-jammy
+
+RUN apt-get update && apt-get install -y \
+        wget unzip gosu locales \
+        imagemagick xpdf-utils curl \
+    && sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+
+ENV LANG en_US.UTF-8  
+ENV LANGUAGE en_US:en  
+ENV LC_ALL en_US.UTF-8     
+
+# add user & group
+RUN groupadd -g 998 bigbluebutton \
+    && useradd -m -u 998 -g bigbluebutton bigbluebutton \
+    && mkdir /etc/bigbluebutton \
+    && chown bigbluebutton:bigbluebutton /etc/bigbluebutton
+
+# add dockerize
+ENV DOCKERIZE_VERSION v0.6.1
+RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
+
+

mod/bbb-pads/Dockerfile

@@ -0,0 +1,18 @@
+FROM node:18-bullseye-slim AS builder
+
+COPY --from=src / /bbb-pads
+RUN cd /bbb-pads && rm -r .git && npm install --production
+
+
+RUN chmod 777 /bbb-pads/config
+# ------------------------------
+
+FROM node:18-bullseye-slim
+
+RUN apt update && apt install -y jq moreutils \
+    && useradd --uid 2003 --create-home --user-group bbb-pads
+
+COPY --from=builder /bbb-pads /bbb-pads
+USER bbb-pads
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT /entrypoint.sh

mod/bbb-pads/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+TARGET=/bbb-pads/config/settings.json
+
+cp /bbb-pads/config/settings.json.template $TARGET
+sed -i "s/ETHERPAD_API_KEY/\"$ETHERPAD_API_KEY\"/g" $TARGET
+jq '.etherpad.host = "etherpad"' $TARGET | sponge $TARGET
+jq '.express.host = "0.0.0.0"' $TARGET | sponge $TARGET
+jq '.redis.host = "redis"' $TARGET | sponge $TARGET
+
+
+cd /bbb-pads
+export NODE_ENV=production
+npm start

mod/bbb-web/Dockerfile

@@ -1,43 +1,19 @@
-FROM mozilla/sbt:8u212_1.2.8 AS builder
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
-RUN apt-get update && apt-get install -y subversion
+COPY --from=src-common-message / /bbb-common-message
 
-# download bbb-common-message
+# build bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.4.0
+RUN cd /bbb-common-message && ./deploy.sh
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
-    && rm -rf /bbb-common-message/.svn
-
-# compile bbb-common-message
-RUN cd /bbb-common-message \
- && ./deploy.sh 
 
 # ===================================================
 
-# install grails
-RUN cd /opt \
- && wget -q https://github.com/grails/grails-core/releases/download/v3.3.9/grails-3.3.9.zip \
- && unzip grails-3.3.9.zip
-ENV PATH="/opt/grails-3.3.9/bin:${PATH}"
 
-# install gradle
+COPY --from=src-common-web / /bbb-common-web
-RUN cd /opt \
+# build bbb-common-web
- && wget -q https://services.gradle.org/distributions/gradle-6.7-bin.zip \
+RUN cd /bbb-common-web && ./deploy.sh
- && unzip gradle-6.7-bin
-ENV PATH="/opt/gradle-6.7/bin:${PATH}"
 
-# download bbb-common-web
+COPY --from=src-web / /bbb-web
-ENV TAG_COMMON_WEB v2.4.0
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_WEB/bbb-common-web /bbb-common-web \
-    && rm -rf /bbb-common-message/.svn
-
-# compile bbb-common-web
-RUN cd /bbb-common-web \
- && ./deploy.sh
-
-# download bbb-web
-ENV TAG_WEB v2.4.0
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_WEB/bigbluebutton-web /bbb-web \
-    && rm -rf /bbb-web/.svn
 
 # compile bbb-web
 RUN cd /bbb-web && grails assemble
@@ -50,30 +26,9 @@ RUN unzip -q /bbb-web/build/libs/bigbluebutton-0.10.0.war -d /dist
 
 
 # ===================================================
-FROM openjdk:8-jre-slim-bullseye
+FROM alangecker/bbb-docker-base-java
 
-RUN apt-get update && apt-get install -y \
+# add blank presentation files and allow conversion to pdf/svg
-        wget unzip gosu locales \
-        imagemagick xpdf-utils curl
-
-# set locale
-RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
-ENV LANG en_US.UTF-8  
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8     
-
-
-# add user & group
-RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
-
-# add dockerize
-ENV DOCKERIZE_VERSION v0.6.1
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
-
-
-# add blank presentation files and allow conversation to pdf/svg
 RUN mkdir -p /usr/share/bigbluebutton/blank \
     && cd /usr/share/bigbluebutton/blank \
     && wget \
@@ -81,7 +36,9 @@ RUN mkdir -p /usr/share/bigbluebutton/blank \
         https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-thumb.png \
         https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-presentation.pdf \
         https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-png.png \
-    && sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml
+    && sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml \
+    && sed -i '/potrace/d' /etc/ImageMagick-6/delegates.xml
+
 
 # get bbb-web
 COPY --from=builder /dist /usr/share/bbb-web

mod/bbb-web/entrypoint.sh

@@ -24,6 +24,6 @@ cd /usr/share/bbb-web/
 dockerize \
     -template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
     -template /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml.tmpl:/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml \
-    gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher
+    gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher
 
 

mod/coturn/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e 
+apk add jq su-exec
 if [ "$ENABLE_HTTPS_PROXY" == true ]; then
-  apk add jq
 
   while [ ! -f /etc/resty-auto-ssl/storage/file/*latest ]
   do
@@ -28,4 +28,4 @@ if [ "${1:0:1}" == '-' ]; then
   set -- turnserver "$@"
 fi
 
-exec $(eval "echo $@")
+su-exec nobody $(eval "echo $@")

mod/etherpad/Dockerfile

@@ -1,27 +1,26 @@
-FROM etherpad/etherpad:1.8.16
+ARG TAG_ETHERPAD
+FROM etherpad/etherpad:$TAG_ETHERPAD
 
 USER root
 
-RUN apt-get update \
+RUN apk add git curl
-    && apt-get install -y git curl
 
 USER etherpad
 
-# ep_cursortrace: using mconf's fork due to https://github.com/ether/ep_cursortrace/pull/25 not being accepted upstream
 RUN npm install \
-    ep_cursortrace@3.1.11 \
+    ep_cursortrace@3.1.16 \
-    git+https://github.com/pedrobmarin/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
+    git+https://github.com/mconf/ep_pad_ttl.git#360136cd38493dd698435631f2373cbb7089082d \
-    git+https://github.com/pedrobmarin/ep_redis_publisher.git#1d903bf900dd53ebc5347f9583b6e240cf754d63 \
+    git+https://github.com/mconf/ep_redis_publisher.git#2b6e47c1c59362916a0b2961a29b259f2977b694 \
-    git+https://github.com/ether/ep_disable_chat.git#v0.0.3 \
+    ep_disable_chat@0.0.8 \
-    git+https://github.com/ether/ep_sticky_attributes.git#v0.1.9 \
+    ep_auth_session@1.1.1 \
 # remove npm lockfile, because somehow it prevents etherpad from detecting the manual added plugin ep_bigbluebutton_patches
-    && rm package-lock.json
+    && rm package-lock.json package.json
 
 # add skin from git submodule
-COPY --chown=etherpad:0 ./bbb-etherpad-skin /opt/etherpad-lite/src/static/skins/bigbluebutton
+COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
 
 # add plugin from git submodule
-COPY --chown=etherpad:0 ./bbb-etherpad-plugin /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
+COPY --chown=etherpad:0 --from=plugin / /opt/etherpad-lite/node_modules/ep_bigbluebutton_patches
 
 COPY settings.json /opt/etherpad-lite/settings.json
 COPY etherpad-export.sh /etherpad-export.sh

mod/etherpad/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 echo $ETHERPAD_API_KEY > /tmp/apikey
 export NODE_ENV=production
 

mod/etherpad/etherpad-export.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 src="$8"
 dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')"
 convertTo="$7"

mod/etherpad/settings.json

@@ -15,6 +15,31 @@
  *
  * This is useful, for example, when running in a Docker container.
  *
+ * DETAILED RULES:
+ *   - If the environment variable is set to the string "true" or "false", the
+ *     value becomes Boolean true or false.
+ *   - If the environment variable is set to the string "null", the value
+ *     becomes null.
+ *   - If the environment variable is set to the string "undefined", the setting
+ *     is removed entirely, except when used as the member of an array in which
+ *     case it becomes null.
+ *   - If the environment variable is set to a string representation of a finite
+ *     number, the string is converted to that number.
+ *   - If the environment variable is set to any other string, including the
+ *     empty string, the value is that string.
+ *   - If the environment variable is unset and a default value is provided, the
+ *     value is as if the environment variable was set to the provided default:
+ *       - "${UNSET_VAR:}" becomes the empty string.
+ *       - "${UNSET_VAR:foo}" becomes the string "foo".
+ *       - "${UNSET_VAR:true}" and "${UNSET_VAR:false}" become true and false.
+ *       - "${UNSET_VAR:null}" becomes null.
+ *       - "${UNSET_VAR:undefined}" causes the setting to be removed (or be set
+ *         to null, if used as a member of an array).
+ *   - If the environment variable is unset and no default value is provided,
+ *     the value becomes null. THIS BEHAVIOR MAY CHANGE IN A FUTURE VERSION OF
+ *     ETHERPAD; if you want the default value to be null, you should explicitly
+ *     specify "null" as the default value.
+ *
  * EXAMPLE:
  *    "port":     "${PORT:9001}"
  *    "minify":   "${MINIFY}"
@@ -56,6 +81,13 @@
  *    "password": "${PASSW}"  // if PASSW is not defined would result in password === null
  *    "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
  *
+ *    If you want to use an empty value (null) as default value for a variable,
+ *    simply do not set it, without putting any colons: "${ABIWORD}".
+ *
+ * 3) if you want to use newlines in the default value of a string parameter,
+ *    use "\n" as usual.
+ *
+ *    "defaultPadText" : "${DEFAULT_PAD_TEXT}Line 1\nLine 2"
  */
  {
   /*
@@ -64,10 +96,12 @@
   "title": "Etherpad",
 
   /*
-     * favicon default name
+   * Pathname of the favicon you want to use. If null, the skin's favicon is
-     * alternatively, set up a fully specified Url to your own favicon
+   * used if one is provided by the skin, otherwise the default Etherpad favicon
+   * is used. If this is a relative path it is interpreted as relative to the
+   * Etherpad root directory.
    */
-    "favicon": "favicon.ico",
+  "favicon": null,
 
   /*
    * Skin name.
@@ -83,7 +117,40 @@
   "skinName": "bigbluebutton",
 
   /*
-     * IP and port which etherpad should bind at
+   * Skin Variants
+   *
+   * Use the UI skin variants builder at /p/test#skinvariantsbuilder
+   *
+   * For the colibris skin only, you can choose how to render the three main
+   * containers:
+   * - toolbar (top menu with icons)
+   * - editor (containing the text of the pad)
+   * - background (area outside of editor, mostly visible when using page style)
+   *
+   * For each of the 3 containers you can choose 4 color combinations:
+   * super-light, light, dark, super-dark.
+   *
+   * For example, to make the toolbar dark, you will include "dark-toolbar" into
+   * skinVariants.
+   *
+   * You can provide multiple skin variants separated by spaces. Default
+   * skinVariant is "super-light-toolbar super-light-editor light-background".
+   *
+   * For the editor container, you can also make it full width by adding
+   * "full-width-editor" variant (by default editor is rendered as a page, with
+   * a max-width of 900px).
+   */
+  "skinVariants": "super-light-toolbar super-light-editor light-background",
+
+  /*
+   * IP and port which Etherpad should bind at.
+   *
+   * Binding to a Unix socket is also supported: just use an empty string for
+   * the ip, and put the full path to the socket in the port parameter.
+   *
+   * EXAMPLE USING UNIX SOCKET:
+   *    "ip": "",                             // <-- has to be an empty string
+   *    "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket
    */
   "ip": "0.0.0.0",
   "port": 9001,
@@ -122,7 +189,7 @@
    *
    *
    * Database specific settings are dependent on dbType, and go in dbSettings.
-     * Remember that since Etherpad 1.6.0 you can also store these informations in
+   * Remember that since Etherpad 1.6.0 you can also store this information in
    * credentials.json.
    *
    * For a complete list of the supported drivers, please refer to:
@@ -131,8 +198,7 @@
 
   "dbType": "redis",
   "dbSettings": {
-      "host": "redis",
+    "url": "redis://redis:6379"
-      "port": 6379
   },
 
   /*
@@ -141,22 +207,10 @@
    * See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
    */
 
-    /*
-    "dbType" : "mysql",
-    "dbSettings" : {
-      "user":     "etherpaduser",
-      "host":     "localhost",
-      "port":     3306,
-      "password": "PASSWORD",
-      "database": "etherpad_lite_db",
-      "charset":  "utf8mb4"
-    },
-    */
-  
   /*
   "dbType" : "redis",
   "dbSettings" : {
-      "host": "localhost",
+    "host": "127.0.0.1",
     "port": 6379,
     "client_options": {
       "password": "PASSWORD"
@@ -165,9 +219,10 @@
   */
 
   /*
-     * The default text of a pad
+  * The default text of a pad: A zero-width-space is used to work around an issue with Etherpad 1.9.1 where empty pads are not being created.
+  * See: https://github.com/ether/etherpad-lite/issues/5787
   */
-    "defaultPadText" : "",
+   "defaultPadText" : "\u200b",
 
   /*
    * Default Pad behavior.
@@ -185,7 +240,7 @@
     "rtl":              false,
     "alwaysShowChat":   false,
     "chatAndUsers":     false,
-      "lang":             "en-gb"
+    "lang":             "en"
   },
 
   /*
@@ -225,7 +280,7 @@
    * If this option is enabled, a user must have a session to access pads.
    * This effectively allows only group pads to be accessed.
    */
-    "requireSession": false,
+  "requireSession": true,
 
   /*
    * Users may edit pads but not create new ones.
@@ -233,13 +288,7 @@
    * Pad creation is only via the API.
    * This applies both to group pads and regular pads.
    */
-    "editOnly": false,
+  "editOnly": true,
-  
-    /*
-     * If set to true, those users who have a valid session will automatically be
-     * granted access to password protected pads.
-     */
-    "sessionNoPassword": false,
 
   /*
    * If true, all css & js will be minified before sending to the client.
@@ -328,6 +377,7 @@
      */
     "sameSite": "None"
   },
+
   /*
    * Privacy: disable IP logging
    */
@@ -383,10 +433,22 @@
   },
 
   /*
-     * Users for basic authentication.
+   * User accounts. These accounts are used by:
+   *   - default HTTP basic authentication if no plugin handles authentication
+   *   - some but not all authentication plugins
+   *   - some but not all authorization plugins
    *
-     * is_admin = true gives access to /admin.
+   * User properties:
-     * If you do not uncomment this, /admin will not be available!
+   *   - password: The user's password. Some authentication plugins will ignore
+   *     this.
+   *   - is_admin: true gives access to /admin. Defaults to false. If you do not
+   *     uncomment this, /admin will not be available!
+   *   - readOnly: If true, this user will not be able to create new pads or
+   *     modify existing pads. Defaults to false.
+   *   - canCreate: If this is true and readOnly is false, this user can create
+   *     new pads. Defaults to true.
+   *
+   * Authentication and authorization plugins may define additional properties.
    *
    * WARNING: passwords should not be stored in plaintext in this file.
    *          If you want to mitigate this, please install ep_hash_auth and
@@ -415,6 +477,17 @@
    */
   "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
 
+  "socketIo": {
+    /*
+     * Maximum permitted client message size (in bytes). All messages from
+     * clients that are larger than this will be rejected. Large values make it
+     * possible to paste large amounts of text, and plugins may require a larger
+     * value to work properly, but increasing the value increases susceptibility
+     * to denial of service attacks (malicious clients can exhaust memory).
+     */
+    "maxHttpBufferSize": 10000
+  },
+
   /*
    * Allow Load Testing tools to hit the Etherpad Instance.
    *
@@ -422,6 +495,11 @@
    */
   "loadTest": false,
 
+  /**
+  * Disable dump of objects preventing a clean exit
+  */
+  "dumpOnUncleanExit": false,
+
   /*
    * Disable indentation on new line when previous line ends with some special
    * chars (':', '[', '(', '{')
@@ -431,18 +509,15 @@
   "indentationOnNewLine": false,
   */
 
-    /*
-     * Delete pads plugin configuration.
-     */
   "ep_pad_ttl": {
     "ttl": 86400, // 24 hours
     "timeout": 30,
-      "interval": 21600, // 6 hour
+    "interval": 21600 // 6 hours
   },
 
   /*
    * Redis publisher plugin configuration.
-     * npm i git+https://git@github.com/pedrobmarin/ep_redis_publisher.git
+   * npm i git+https://git@github.com/mconf/ep_redis_publisher.git
    */
 
   "ep_redis_publisher": {
@@ -451,16 +526,32 @@
   },
 
   /*
-    "ep_redis_publisher": {
+   * From Etherpad 1.8.3 onwards, import and export of pads is always rate
-      "host": "localhost",
+   * limited.
-      "port": 6379,
+   *
-      "password": "PASSWORD"
+   * The default is to allow at most 10 requests per IP in a 90 seconds window.
-    },
+   * After that the import/export request is rejected.
+   *
+   * See https://github.com/nfriedly/express-rate-limit for more options
    */
+  "importExportRateLimiting": {
+    // duration of the rate limit window (milliseconds)
+    "windowMs": 90000,
 
+    // maximum number of requests per IP to allow during the rate limit window
+    "max": 16
+  },
 
   /*
-      * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited
+   * From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
+   * file is always bounded.
+   *
+   * File size is specified in bytes. Default is 50 MB.
+   */
+  "importMaxFileSize": 52428800, // 50 * 1024 * 1024
+
+  /*
+   * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
    *
    * The default is to allow at most 10 changes per IP in a 1 second window.
    * After that the change is rejected.
@@ -471,7 +562,7 @@
     // duration of the rate limit window (seconds)
     "duration": 1,
 
-      // maximum number of chanes per IP to allow during the rate limit window
+    // maximum number of changes per IP to allow during the rate limit window
     "points": 100
   },
 
@@ -485,9 +576,10 @@
   "toolbar": {
     "left": [
       ["bold", "italic", "underline", "strikethrough"],
-        ["orderedlist", "unorderedlist", "undo", "redo"]
+      ["orderedlist", "unorderedlist", "undo", "redo"],
+      ["importexport"]
     ],
-      "right": [["importexport"]]
+    "right": [[]]
   },
 
   /*
@@ -504,58 +596,45 @@
    */
   "loglevel": "INFO",
 
-    /*
-     * Logging configuration. See log4js documentation for further information:
-     * https://github.com/nomiddlename/log4js-node
-     *
-     * You can add as many appenders as you want here.
-     */
-    "logconfig" :
-      { "appenders": [
-          { "type": "console"
-          //, "category": "access"// only logs pad access
-          }
-  
-        /*
-        , { "type": "file"
-        , "filename": "your-log-file-here.log"
-        , "maxLogSize": 1024
-        , "backups": 3 // how many log files there're gonna be at max
-        //, "category": "test" // only log a specific category
-          }
-        */
-  
-        /*
-        , { "type": "logLevelFilter"
-          , "level": "warn" // filters out all log messages that have a lower level than "error"
-          , "appender":
-            {  Use whatever appender you want here  }
-          }
-        */
-  
-        /*
-        , { "type": "logLevelFilter"
-          , "level": "error" // filters out all log messages that have a lower level than "error"
-          , "appender":
-            { "type": "smtp"
-            , "subject": "An error occurred in your EPL instance!"
-            , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
-            , "sendInterval": 300 // 60 * 5 = 5 minutes -- will buffer log messages; set to 0 to send a mail for every message
-            , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
-                "host": "smtp.example.com", "port": 465,
-                "secureConnection": true,
-                "auth": {
-                    "user": "foo@example.com",
-                    "pass": "bar_foo"
-                }
-              }
-            }
-          }
-        */
-  
-        ]
-      }, // logconfig
   /* Override any strings found in locale directories */
-    "customLocaleStrings": {}
+  "customLocaleStrings": {
+    "de": {
+      "pad.importExport.import_export": "Export",
+      "pad.toolbar.import_export.title": "Export zu verschiedenen Dateiformaten"
+    },
+    "en-gb": {
+      "pad.importExport.import_export": "Export",
+      "pad.toolbar.import_export.title": "Export to different file formats"
+    },
+    "en": {
+      "pad.importExport.import_export": "Export",
+      "pad.toolbar.import_export.title": "Export to different file formats"
+    },
+    "es": {
+      "pad.importExport.import_export": "Exportar",
+      "pad.toolbar.import_export.title": "Exportar a diferentes formatos de archivos"
+    },
+    "fr": {
+      "pad.importExport.import_export": "Exporter",
+      "pad.toolbar.import_export.title": "Exporter vers un format de fichier différent"
+    },
+    "it": {
+      "pad.importExport.import_export": "Esportazione",
+      "pad.toolbar.import_export.title": "Esporta a diversi formati di file"
+    },
+    "pt-br": {
+      "pad.importExport.import_export": "Exportar",
+      "pad.toolbar.import_export.title": "Exportar para diferentes formatos de arquivo"
+    },
+    "pt": {
+      "pad.importExport.import_export": "Exportar",
+      "pad.toolbar.import_export.title": "Exportar para diferentes formatos de ficheiro"
     }
+  },
+
+  /* Disable Admin UI tests */
+  "enableAdminUITests": false
+}
+
+
 

mod/freeswitch/Dockerfile

@@ -1,58 +1,71 @@
-FROM debian:bullseye-slim
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
-# add freeswitch repo
+COPY --from=freeswitch / /build/freeswitch
+
+# install most recent git version for proper sparse-checkout support
+# https://stackoverflow.com/questions/72223738/failed-to-initialize-sparse-checkout
+RUN echo 'deb https://ppa.launchpadcontent.net/git-core/ppa/ubuntu focal main' > /etc/apt/sources.list.d/git-core-ppa.list && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A1715D88E1DF1F24 && \
+    apt-get update && \
+    apt-get install -y git
+
+# get build files for bbb-freeswitch (build/packages-template/bbb-freeswitch-core/)
+COPY --from=build-files / /build/
+
+# mock files expected by build.sh
+RUN mkdir -p /build/bbb-voice-conference/config/freeswitch/conf/ && \
+    touch \
+        /build/opts-build.sh \
+        /build/freeswitch.service.build \
+        /build/bbb-voice-conference/config/freeswitch/conf/a \
+        && \
+    echo "" > /usr/local/bin/fpm
+
+# build freeswitch
+RUN cd /build && ./build.sh
+
+
+# add english sounds
+RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \
+    wget http://bigbluebutton.org/downloads/sounds.tar.gz -O sounds.tar.gz && \
+    tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \
+    wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
+    unzip mute-and-unmute-sounds-master.zip && \
+    cd mute-and-unmute-sounds-master/sounds && \
+    find . -name "*.wav" -exec /bin/bash -c "sox -v 0.3  {} /tmp/tmp.wav; cp /tmp/tmp.wav /build/staging/opt/freeswitch/share/freeswitch/sounds/en/us/callie/conference/{}" \;
+
+# add bigblugbutton config
+ARG TAG_FS_CONFIG
+COPY --from=fs-config / /build/staging/opt/freeswitch/etc/freeswitch/
+
+# ===============================================
+
+# we are using ubuntu here, because libjpeg8 is required, but not available in debian
+FROM ubuntu:20.04
 RUN apt-get update && \
-apt-get install -y --no-install-recommends subversion curl wget ca-certificates gnupg gnupg2 lsb-release unzip && \
+    apt-get install -y \
-wget -O /usr/share/keyrings/freeswitch-archive-keyring.gpg https://files.freeswitch.org/repo/deb/debian-release/freeswitch-archive-keyring.gpg && \
+        xmlstarlet wget iptables curl \
-echo 'deb [signed-by=/usr/share/keyrings/freeswitch-archive-keyring.gpg] http://files.freeswitch.org/repo/deb/debian-release/ bullseye main' > /etc/apt/sources.list.d/freeswitch.list
+        libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns2 libedit2 libtiff5 libpng16-16 \
+    && \
+# install libopusenc0
+    wget -O /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb2_amd64.deb \
+    && dpkg -i /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb \
+    && rm /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb
 
-# install dockerize
+# add dockerize
-ENV DOCKERIZE_VERSION v0.6.1
+COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
-# install freeswitch
+# copy over built freeswitch & config
-RUN apt-get update && apt-get install -y \
+COPY --from=builder /build/staging/opt /opt
-        freeswitch \
+COPY --from=builder /build/staging/etc /etc
-        freeswitch-mod-commands \
-        freeswitch-mod-conference \
-        freeswitch-mod-console \
-        freeswitch-mod-dialplan-xml \
-        freeswitch-mod-dptools \
-        freeswitch-mod-event-socket \
-        freeswitch-mod-native-file \
-        freeswitch-mod-opusfile \
-        freeswitch-mod-opus \
-        freeswitch-mod-sndfile \
-        freeswitch-mod-sofia \
-        freeswitch-sounds-en-us-callie \
-        iptables
-
-
-# -- get official bbb freeswitch config
-# we use svn for retrieving the files since the repo is quite large,
-# git sparse-checkout is not yet available with buster and there
-# is no other sane way of downloading a single directory via git
-
-ENV TAG v2.3.4
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-voice-conference/config/freeswitch/conf /etc/freeswitch \
-    && rm -rf /etc/freeswitch/.svn
-
-# the current available freeswitch-mod-opusfile is broken,
-# it can't write any .opus files. The fix provided in
-# https://github.com/signalwire/freeswitch/pull/719/files
-# is not sufficient as the module still comes without opus
-# write support, so we rather switch to the binary built
-# by bigbluebutton and add its dependencies
-RUN wget -O /usr/lib/freeswitch/mod/mod_opusfile.so https://github.com/bbb-pkg/bbb-freeswitch-core/raw/43f3a47af1fcf5ea559e16bb28b900c925a7f2c3/opt/freeswitch/lib/freeswitch/mod/mod_opusfile.so \
-    && wget -O /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb1_amd64.deb \
-    && dpkg -i /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb \
-    && rm /tmp/libopusenc0_0.2.1-1bbb1_amd64.deb
-
-# add modifications
-COPY ./conf /etc/freeswitch/
 
+RUN ldconfig && \
+    ln -s /opt/freeswitch/conf /etc/freeswitch && \
+    groupadd freeswitch && \
+    useradd --home-dir /opt/freeswitch --shell /usr/sbin/nologin -g freeswitch freeswitch
 
 COPY ./entrypoint.sh /entrypoint.sh
+COPY ./conf /etc/freeswitch/
+
 ENTRYPOINT /entrypoint.sh

mod/freeswitch/conf/autoload_configs/acl.conf.xml

@@ -23,6 +23,7 @@
       <node type="allow" cidr="127.0.0.1/32"/>
       <node type="allow" cidr="10.0.0.0/8"/>
       <node type="allow" cidr="192.168.0.0/16"/>
+      <node type="allow" cidr="172.16.0.0/12" />
       <node type="allow" cidr="$${external_ip_v4}/32"/>
     </list>
 

mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl

@@ -39,7 +39,7 @@
       <!-- Domain (for presence) -->
       <param name="domain" value="$${domain}"/>
       <!-- Sample Rate-->
-      <param name="rate" value="8000"/>
+      <param name="rate" value="48000"/>
       <!-- Number of milliseconds per frame -->
       <param name="interval" value="20"/>
       <!-- Energy level required for audio to be sent to the other users -->

mod/freeswitch/conf/autoload_configs/modules.conf.xml

@@ -0,0 +1,31 @@
+<configuration name="modules.conf" description="Modules">
+  <modules>
+    <!-- Loggers (I'd load these first) -->
+    <load module="mod_console"/>
+
+    <!-- Event Handlers -->
+    <load module="mod_event_socket"/>
+
+    <!-- Endpoints -->
+    <load module="mod_sofia"/>
+
+    <!-- Applications -->
+    <load module="mod_commands"/>
+    <load module="mod_conference"/>
+    <load module="mod_dptools"/>
+    <load module="mod_audio_fork"/>
+
+    <!-- Dialplan Interfaces -->
+    <load module="mod_dialplan_xml"/>
+
+    <!-- Codec Interfaces -->
+    <load module="mod_spandsp"/>
+    <load module="mod_opus"/>
+    <load module="mod_opusfile"/>
+
+    <!-- File Format Interfaces -->
+    <load module="mod_sndfile"/>
+    <load module="mod_native_file"/>
+
+  </modules>
+</configuration>

mod/freeswitch/conf/sip_profiles/external-ipv6.xml

@@ -54,7 +54,7 @@
          for presence.
     -->
     <!-- Name of the db to use for this profile -->
-    <!--<param name="dbname" value="share_presence"/>-->
+    <param name="dbname" value="sqlite://memory://file:external-ipv6?mode=memory&amp;cache=shared"/>
     <!--<param name="presence-hosts" value="$${domain}"/>-->
     <!--<param name="force-register-domain" value="$${domain}"/>-->
     <!--all inbound reg will stored in the db using this domain -->

mod/freeswitch/conf/sip_profiles/external.xml

@@ -52,7 +52,7 @@
          for presence.
     -->
     <!-- Name of the db to use for this profile -->
-    <!--<param name="dbname" value="share_presence"/>-->
+    <param name="dbname" value="sqlite://memory://file:external?mode=memory&amp;cache=shared"/>
     <!--<param name="presence-hosts" value="$${domain}"/>-->
     <!--<param name="force-register-domain" value="$${domain}"/>-->
     <!--all inbound reg will stored in the db using this domain -->

mod/freeswitch/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 
 # remove all SIP (port 5060) iptable rules
 iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D
@@ -15,13 +15,19 @@ for IP in "${ADDR[@]}"; do
     iptables -I INPUT  -p udp --dport 5060 -s $IP -j ACCEPT
 done
 
+mkdir -p /var/freeswitch/meetings
 chown -R freeswitch:daemon /var/freeswitch/meetings
 chmod 777 /var/freeswitch/meetings
-
+chown -R freeswitch:daemon /opt/freeswitch/var
+chown -R freeswitch:daemon /opt/freeswitch/etc
+chmod -R g-rwx,o-rwx /opt/freeswitch/etc
 
 # install freeswitch sounds if missing
-SOUNDS_DIR=/usr/share/freeswitch/sounds
+SOUNDS_DIR=/opt/freeswitch/share/freeswitch/sounds
-if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
+if [ "$SOUNDS_LANGUAGE" == "en-us-callie" ]; then
+    # default, is already installed
+    echo ""
+elif [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
     if [ ! -d "$SOUNDS_DIR/de/de/daedalus3" ]; then
         echo "sounds package for de-de-daedalus3 not installed yet"
         wget -O /tmp/freeswitch-german-soundfiles.zip https://github.com/Daedalus3/freeswitch-german-soundfiles/archive/master.zip
@@ -36,10 +42,24 @@ if [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
 
     fi
 else
-    SOUNDS_PACKAGE=$(echo "freeswitch-sounds-${SOUNDS_LANGUAGE}" | tr '[:upper:]' '[:lower:]')
+    if [ ! -f $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed ]; then
-    if ! dpkg -s $SOUNDS_PACKAGE >/dev/null 2>&1; then
         echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
-        apt-get install $SOUNDS_PACKAGE
+        
+        # get filename of latest release for this sound package
+        FILENAME=$(curl -s https://files.freeswitch.org/releases/sounds/ | grep -i $SOUNDS_LANGUAGE 2> /dev/null | awk -F'\"' '{print $8}' | grep -E '\-48000-.*\.gz$' | sort -V | tail -n 1)
+
+        if [ "$FILENAME" = "" ]; then
+            echo "Error: could not find sounds for language '$SOUNDS_LANGUAGE'"
+            echo "make sure to specify a value for SOUNDS_LANGUAGE which exists on https://files.freeswitch.org/releases/sounds/"
+            exit 1
+        fi
+        for bitrate in 8000 16000 32000 48000; do
+            URL=https://files.freeswitch.org/releases/sounds/$(echo $FILENAME | sed "s/48000/$bitrate/")
+            wget -O /tmp/sounds.tar.gz $URL
+            tar xvfz /tmp/sounds.tar.gz -C $SOUNDS_DIR
+        done
+
+        touch $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed
     fi
 fi
 
@@ -49,4 +69,4 @@ export SOUNDS_PATH=$SOUNDS_DIR/$(echo "$SOUNDS_LANGUAGE" | sed 's|-|/|g')
 dockerize \
     -template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \
     -template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \
-    /usr/bin/freeswitch -u freeswitch -g daemon -nonat -nf
+    /opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -nonat -nf

mod/fsesl-akka/Dockerfile

@@ -1,29 +1,16 @@
-FROM mozilla/sbt:8u212_1.2.8 AS builder
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
-RUN apt-get update && apt-get install -y subversion
+COPY --from=src-common-message / /bbb-common-message
-
-# download bbb-common-message
-ENV TAG_COMMON_MESSAGE v2.4.0
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_COMMON_MESSAGE/bbb-common-message /bbb-common-message \
-    && rm -rf /bbb-common-message/.svn
-
-# compile bbb-common-message
-RUN cd /bbb-common-message \
- && ./deploy.sh 
 
+# build bbb-common-message
+RUN cd /bbb-common-message && ./deploy.sh
 
 # ===================================================
-ENV TAG_FSESL v2.4.0
+COPY --from=src-fsesl-client / /bbb-fsesl-client
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_FSESL/bbb-fsesl-client /bbb-fsesl-client \
+RUN cd /bbb-fsesl-client && ./deploy.sh
-    && rm -rf /bbb-fsesl-client/.svn
 
-RUN cd /bbb-fsesl-client \
+COPY --from=src-fsesl-akka / /source
-    && ./deploy.sh
-
-
-ENV TAG v2.4.0
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/akka-bbb-fsesl /source \
-    && rm -rf /source/.svn
 
 # compile and unzip bin
 RUN cd /source \
@@ -32,25 +19,12 @@ RUN unzip /source/target/universal/bbb-fsesl-akka-0.0.2.zip -d /
 
 # # ===================================================
 
-FROM openjdk:8-jre-slim-bullseye
+FROM alangecker/bbb-docker-base-java
-
-RUN apt update && apt-get install -y wget gosu
-
-# install dockerize
-ENV DOCKERIZE_VERSION v0.6.1
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
-
-
-RUN groupadd -g 1007 fsesl-akka \
-    && useradd -m -u 1007 -g fsesl-akka fsesl-akka
 
 COPY --from=builder /bbb-fsesl-akka-0.0.2 /bbb-fsesl-akka
 COPY bbb-fsesl-akka.conf /etc/bigbluebutton/bbb-fsesl-akka.conf.tmpl
 COPY logback.xml /bbb-fsesl-akka/conf/logback.xml
+COPY entrypoint.sh /entrypoint.sh
 
-WORKDIR /bbb-fsesl-akka
+USER bigbluebutton
-CMD dockerize \
+ENTRYPOINT /entrypoint.sh
-    -template /etc/bigbluebutton/bbb-fsesl-akka.conf.tmpl:/etc/bigbluebutton/bbb-fsesl-akka.conf \
-    gosu fsesl-akka /bbb-fsesl-akka/bin/bbb-fsesl-akka

mod/fsesl-akka/bbb-fsesl-akka.conf

@@ -5,7 +5,7 @@ include "/bbb-fsesl-akka/conf/application.conf"
 freeswitch {
     esl {
         host="10.7.7.1"
-        password="{{ default .Env.FSESL_PASSWORD "ClueCon" }}"
+        password="FSESL_PASSWORD"
     }
 }
 

mod/fsesl-akka/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/sh -e
+
+TARGET=/etc/bigbluebutton/bbb-fsesl-akka.conf
+
+cp /etc/bigbluebutton/bbb-fsesl-akka.conf.tmpl $TARGET
+sed -i "s/FSESL_PASSWORD/$FSESL_PASSWORD/" $TARGET
+
+cd /bbb-fsesl-akka
+/bbb-fsesl-akka/bin/bbb-fsesl-akka

mod/html5/Dockerfile

@@ -1,44 +1,44 @@
-FROM node:14.18.1-bullseye-slim AS builder
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
-RUN apt-get update && apt-get install -y wget curl subversion python3 build-essential
+# RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor
-RUN groupadd -g 2000 meteor && useradd -m -u 2001 -g meteor meteor
+# USER meteor
 
+ARG TAG_HTML5
 
-# download dockerize
+COPY --from=source ./ /source
-ENV DOCKERIZE_VERSION v0.6.1
+RUN cd /source && meteor npm ci --production \
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+    && METEOR_DISABLE_OPTIMISTIC_CACHING=1 meteor build --architecture os.linux.x86_64 --allow-superuser  --directory /app \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
+    && rm -rf /source
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
-USER meteor
+RUN cd /app/bundle/programs/server \
-ENV METEOR_VERSION 2.5
-RUN curl -sL https://install.meteor.com?release=$METEOR_VERSION | sed s/--progress-bar/-sL/g | /bin/sh
-
-ENV TAG v2.4.0
-RUN cd ~ \
-    && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bigbluebutton-html5 \
-    && mv ~/bigbluebutton-html5 ~/source \
-    && cd ~/source \
-    && ~/.meteor/meteor npm ci --production \
-    && METEOR_DISABLE_OPTIMISTIC_CACHING=1  ~/.meteor/meteor build --architecture os.linux.x86_64 --directory ~/app \
-    && rm -rf ~/source
-
-RUN cd ~/app/bundle/programs/server \
     && npm install --production
     
+RUN mkdir -p /app/bundle/programs/web.browser/app/files && \
+    cp /app/bundle/programs/server/npm/node_modules/@fontsource/*/files/*.woff* /app/bundle/programs/web.browser/app/files/
+
+RUN sed -i "s/VERSION/$TAG_BBB/" /app/bundle/programs/web.browser/head.html \
+    && find /app/bundle/programs/web.browser -name '*.js' -exec gzip -k -f -9 '{}' \; \
+    && find /app/bundle/programs/web.browser -name '*.css' -exec gzip -k -f -9 '{}' \; \
+    && find /app/bundle/programs/web.browser -name '*.wasm' -exec gzip -k -f -9 '{}' \;
+
 # ------------------------------
 
-FROM node:14.18.1-alpine
+FROM node:14.21-bullseye-slim
 
-RUN addgroup -g 2000 meteor && \
+RUN apt-get update && apt-get install -y gosu
-    adduser -D -u 2001 -G meteor meteor && \
+
-    apk add su-exec
+# add user & group
-COPY --from=builder /usr/local/bin/dockerize /usr/local/bin/dockerize
+RUN groupadd -g 2000 meteor \
-COPY --from=builder --chown=meteor:meteor /home/meteor/app/bundle /app
+    && useradd -m -u 2001 -g meteor meteor
+
+COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
+COPY --from=builder --chown=meteor:meteor /app/bundle /app
 COPY entrypoint.sh /entrypoint.sh
 COPY bbb-html5.yml /app/bbb-html5.yml.tmpl
 
-ENTRYPOINT ["/entrypoint.sh"]
+# expose TAG_BBB in container for the version display
+ARG TAG_BBB
+ENV TAG_BBB $TAG_BBB
 
-# lets set the tag again, so that it is include in the image for later version retrieval
+ENTRYPOINT ["/entrypoint.sh"]
-ENV TAG v2.4.0

mod/html5/bbb-html5.yml

@@ -1,5 +1,7 @@
 public:
   app:
+    html5ClientBuild: {{ .Env.TAG_HTML5 }}
+    bbbServerVersion: {{ .Env.TAG_HTML5 }}-docker
     listenOnlyMode: {{ .Env.LISTEN_ONLY_MODE }}
     skipCheck: {{ .Env.DISABLE_ECHO_TEST }}
     clientTitle: {{ .Env.CLIENT_TITLE }}
@@ -13,15 +15,11 @@ public:
   chat:
     enabled: {{ .Env.CHAT_ENABLED }}
     startClosed: {{ .Env.CHAT_START_CLOSED }}
-  note:
+  pads:
     url: https://{{ .Env.DOMAIN }}/pad
 private:
   app:
     host: 0.0.0.0
-  etherpad:
-    apikey: {{ .Env.ETHERPAD_API_KEY }}
-    host: etherpad
-    port: 9001
   redis:
     host: redis
     port: '6379'

mod/html5/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e
 
 cd /app
@@ -6,12 +6,12 @@ export MONGO_OPLOG_URL=mongodb://10.7.7.6/local
 export MONGO_URL=mongodb://10.7.7.6/meteor
 export ROOT_URL=http://127.0.0.1/html5client
 export NODE_ENV=production
-export SERVER_WEBSOCKET_COMPRESSION=0
+export SERVER_WEBSOCKET_COMPRESSION='{"level":5, "maxWindowBits":13, "memLevel":7, "requestMaxWindowBits":13}'
 export BIND_IP=0.0.0.0
 export LANG=en_US.UTF-8
 export INSTANCE_MAX=1
 export ENVIRONMENT_TYPE=production
-export NODE_VERSION=node-v12.16.1-linux-x64
+export NODE_VERSION=node-v14.21.1-linux-x64
 export BBB_HTML5_LOCAL_SETTINGS=/app/bbb-html5.yml
 
 if [ "$DEV_MODE" == true ]; then
@@ -26,7 +26,7 @@ fi
 
 # if container is the first frontend, do some additional tasks
 if [ "$BBB_HTML5_ROLE" == "frontend" ] && [ "$INSTANCE_ID" == "1" ]; then
-    # delete potential old settings.yml
+
 
     # copy static files into volume for direct access by nginx
     # https://github.com/bigbluebutton/bigbluebutton/issues/10739
@@ -39,5 +39,5 @@ fi
 
 dockerize \
     -template /app/bbb-html5.yml.tmpl:/app/bbb-html5.yml \
-    su-exec meteor \
+    gosu meteor \
         node --max-old-space-size=2048 --max_semi_space_size=128 main.js $PARAM

mod/https/force-https.conf

@@ -0,0 +1,15 @@
+# overwriting force-https.conf from valian/docker-nginx-auto-ssl
+
+location /bigbluebutton/api/join {
+  return 301 https://$host$request_uri;
+}
+
+# allow /api calls without redirecting to https
+location /bigbluebutton/api {
+  proxy_pass https://127.0.0.1:443;
+  proxy_ssl_verify off;
+}
+
+location / {
+  return 301 https://$host$request_uri;
+}

mod/jodconverter/Dockerfile

@@ -1,6 +1,6 @@
-FROM eugenmayer/jodconverter:rest
+FROM ghcr.io/jodconverter/jodconverter-examples:rest
 RUN echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | debconf-set-selections
-RUN sed -i 's/main/main contrib/' /etc/apt/sources.list && apt-get update
+RUN sed -i 's/main/main contrib/' /etc/apt/sources.list.d/debian.sources && apt-get update
 RUN apt-get update && apt -y install  --no-install-recommends \
     fonts-arkpandora \
     fonts-crosextra-carlito \

mod/mongo/init-replica.sh

@@ -4,10 +4,20 @@ set -e
 
 host=${HOSTNAME:-$(hostname -f)}
 
+# shut down again
+mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown
+# restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6
+mongod --oplogSize 8 --replSet rs0 --noauth \
+   --config /tmp/docker-entrypoint-temp-config.json \
+   --bind_ip 0.0.0.0 --port 27017 \
+   --tlsMode disabled \
+   --logpath /proc/1/fd/1 --logappend \
+   --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork
+
 # init replset with defaults
-mongo local --eval "rs.initiate({
+mongo 10.7.7.6 --eval "rs.initiate({
    _id: 'rs0',
-   members: [ { _id: 0, host: '127.0.0.1:27017' } ]
+   members: [ { _id: 0, host: '10.7.7.6:27017' } ]
 })"
 
 echo "Waiting to become a master"

mod/nginx/Dockerfile

@@ -1,23 +1,19 @@
-FROM node:14-alpine AS builder
+ARG BBB_BUILD_TAG
-
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
-RUN apk add subversion git
 
 # --------------------
 
-ENV TAG_LEARNING_DASHBOARD v2.4.0
+COPY --from=src-learning-dashboard / /bbb-learning-dashboard
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG_LEARNING_DASHBOARD/bbb-learning-dashboard /bbb-learning-dashboard && rm -r /bbb-learning-dashboard/.svn
 RUN cd /bbb-learning-dashboard && npm ci && npm run build
 
-ENV TAG_PLAYBACK v3.1.0
+COPY --from=src-playback / /bbb-playback
-ENV REACT_APP_BBB_PLAYBACK_BUILD=$TAG_PLAYBACK
+RUN cd /bbb-playback && npm install && npm run-script build
-RUN svn checkout https://github.com/bigbluebutton/bbb-playback/tags/$TAG_PLAYBACK /bbb-playback && rm -r /bbb-playback/.svn
-RUN cd /bbb-playback && npm ci && npm run build
 
 # --------------------
 
-FROM nginx:1.21-alpine
+FROM nginx:1.25-alpine
 
-COPY --from=builder /bbb-learning-dashboard/build /www/learning-dashboard
+COPY --from=builder /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
 COPY --from=builder /bbb-playback/build /www/playback/presentation/2.3
 COPY ./bbb /etc/nginx/bbb
 COPY ./bigbluebutton /etc/nginx/conf.d/default.conf

mod/nginx/bbb/bbb-html5.nginx

@@ -10,6 +10,7 @@ location /html5client/locales {
 }
 
 location /html5client/compatibility {
+  gzip_static on;
   alias /html5-static/app/compatibility;
 }
 
@@ -25,6 +26,10 @@ location /html5client/fonts {
   alias /html5-static/app/fonts;
 }
 
+location /html5client/files {
+  alias /html5-static/app/files;
+}
+
 location /html5client/wasm {
   types {
     application/wasm wasm;
@@ -33,8 +38,12 @@ location /html5client/wasm {
   alias /html5-static/app/wasm;
 }
 
-location /html5client/ {
+location /html5client {
+  gzip_static on;
   alias /html5-static;
   try_files $uri @html5client;
 }
 
+location /html5client/sockjs {
+  try_files $uri @html5client;
+}

mod/nginx/bbb/greenlight.nginx

@@ -1,34 +0,0 @@
-# Routes requests to Greenlight based on the '/b' prefix.
-# Use this file to route '/b' paths on your BigBlueButton server
-# to the Greenlight application. If you are using a different
-# subpath, you should change it here.
-
-
-location /b {
-  proxy_pass          http://host.docker.internal:5000;
-  proxy_set_header    Host              $host;
-  proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
-  proxy_set_header    X-Forwarded-Proto $scheme;
-  proxy_set_header    X-Forwarded-Ssl on;
-  proxy_http_version  1.1;
-}
-
-location /b/cable {
-  proxy_pass          http://host.docker.internal:5000;
-  proxy_set_header    Host              $host;
-  proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
-  proxy_set_header    X-Forwarded-Proto $scheme;
-  proxy_set_header    X-Forwarded-Ssl on;
-  proxy_set_header    Upgrade           $http_upgrade;
-  proxy_set_header    Connection        "Upgrade";
-  proxy_http_version  1.1;
-  proxy_read_timeout  6h;
-  proxy_send_timeout  6h;
-  client_body_timeout 6h;
-  send_timeout        6h;
-}
-
-# this is necessary for the preupload_presentation feature
-location /rails/active_storage {
-  return 301 /b$request_uri;
-}

mod/nginx/bbb/learning-dashboard.nginx

@@ -1,9 +1,9 @@
-location ~ /learning-dashboard/([0-9a-f]+-[0-9]+)/(.*) {
+location ~ /learning-analytics-dashboard/([0-9a-f]+-[0-9]+)/(.*) {
-    root /var/bigbluebutton/learning-dashboard/;
+    alias /var/bigbluebutton/learning-dashboard/$1/$2;
     autoindex off;
 }
 
-location /learning-dashboard/ {
+location /learning-analytics-dashboard/ {
-    alias /www/learning-dashboard/;
+    alias /www/learning-analytics-dashboard/;
     autoindex off;
 }

mod/nginx/bbb/notes.nginx

@@ -1,5 +1,10 @@
 # https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
 location /pad/p/ {
+    # Avoid setting the user name from the embedded URL
+    if ($arg_userName) {
+        return 401;
+    }
+
     rewrite /pad/p/(.*) /p/$1 break;
     rewrite ^/pad/p$ /pad/p/ permanent;
     proxy_pass http://etherpad:9001/p;
@@ -13,7 +18,17 @@ location /pad/p/ {
     proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used
     proxy_http_version 1.1;
 
-    auth_request /bigbluebutton/connection/validatePad;
+    auth_request /bigbluebutton/connection/checkAuthorization;
+    auth_request_set $auth_status $upstream_status;
+}
+
+location /pad/auth_session {
+    rewrite /pad/auth_session(.*) /auth_session$1 break;
+    proxy_pass http://etherpad:9001/;
+    proxy_pass_header Server;
+    proxy_set_header Host $host;
+    proxy_buffering off;
+    auth_request /bigbluebutton/connection/checkAuthorization;
     auth_request_set $auth_status $upstream_status;
 }
 

mod/nginx/bbb/playback-video.nginx

@@ -0,0 +1,21 @@
+# This file is part of BigBlueButton.
+#
+# Copyright © BigBlueButton Inc. and by respective authors.
+#
+# BigBlueButton is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by the
+# Free Software Foundation, either version 3.0 of the License, or (at your
+# option) any later version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with BigBlueButton. If not, see <https://www.gnu.org/licenses>.
+
+location /playback/video/ {
+	alias /var/bigbluebutton/published/video/;
+	index index.html index.htm;
+}

mod/nginx/bbb/podcast.nginx

@@ -0,0 +1,22 @@
+#
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
+#
+# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+#
+
+        location /podcast {
+                root    /var/bigbluebutton/published;
+                index  index.html index.htm;
+        }

mod/nginx/bbb/recording-screenshare.nginx

@@ -0,0 +1,22 @@
+#
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
+#
+# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+#
+
+        location /recording/screenshare {
+                alias    /var/bigbluebutton/published/screenshare;
+                index  index.html index.htm;
+        }

mod/nginx/bbb/slides.nginx

@@ -0,0 +1,28 @@
+
+#
+# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
+#
+# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
+#
+# This program is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 3.0 of the License, or (at your option) any later
+# version.
+#
+# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
+#
+        location /playback/slides {
+                root    /var/bigbluebutton;
+                index  index.html index.htm;
+        }
+
+        location /slides {
+                root    /var/bigbluebutton/published;
+                index  index.html index.htm;
+        }
+

mod/nginx/bbb/verto.nginx

@@ -1,10 +0,0 @@
-location /verto {
-  proxy_pass https://host.docker.internal:8082;
-  proxy_http_version 1.1;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "Upgrade";
-  proxy_read_timeout 6h;
-  proxy_send_timeout 6h;
-  client_body_timeout 6h;
-  send_timeout 6h;
-}

mod/nginx/bbb/web.nginx

@@ -9,32 +9,16 @@
 
                     # Workaround IE refusal to set cookies in iframe
                     add_header P3P 'CP="No P3P policy available"';
-                    if ($bbb_loadbalancer_node) {
-                        add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
-                        add_header 'Access-Control-Allow-Credentials' 'true' always;
-                    }
 		}
 
 
 		location ~ "^\/bigbluebutton\/presentation\/(?<prestoken>[a-zA-Z0-9_-]+)/upload$" {
-			# Grails can't handle CORS OPTION preflight requests correctly -> lets do this in nginx
-			if ($request_method = 'OPTIONS') {
-				add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
-				add_header 'Access-Control-Allow-Credentials' 'true' always;
-				add_header 'Content-Type' 'text/plain; charset=utf-8';
-				add_header 'Content-Length' 0;
-				return 204;
-			}
 			proxy_pass         http://bbb-web:8090;
 			proxy_redirect     default;
 			proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
 
 			# Workaround IE refusal to set cookies in iframe
 			add_header P3P 'CP="No P3P policy available"';
-			if ($bbb_loadbalancer_node) {
-				add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
-				add_header 'Access-Control-Allow-Credentials' 'true' always;
-			}
 
 			# high limit for presentation as bbb-web will reject upload if larger than configured
 			client_max_body_size       1000m;
@@ -73,9 +57,6 @@
 			proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
 			# Workaround IE refusal to set cookies in iframe
 			add_header P3P 'CP="No P3P policy available"';
-			if ($bbb_loadbalancer_node) {
-				add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
-			}
 		}
 
 		location = /bigbluebutton/presentation/checkPresentation {
@@ -87,6 +68,7 @@
 			proxy_set_header        X-Original-URI $request_uri;
 			proxy_set_header	Content-Length "";
 			proxy_set_header	X-Original-Content-Length $http_content_length;
+			proxy_set_header	X-Original-Method $request_method;
 
 			# high limit for presentation as bbb-web will reject upload if larger than configured
 			client_max_body_size       1000m;
@@ -109,6 +91,7 @@
 			proxy_set_header         Content-Length "";
 			proxy_set_header         X-Original-URI $request_uri;
 		}
+
 		location = /bigbluebutton/connection/legacyCheckAuthorization {
 			internal;
 			proxy_pass               http://bbb-web:8090;
@@ -128,9 +111,6 @@
         location ~ "^/bigbluebutton\/textTrack\/(?<textTrackToken>[a-zA-Z0-9]+)\/(?<recordId>[a-zA-Z0-9_-]+)\/(?<textTrack>.+)$" {
             # Workaround IE refusal to set cookies in iframe
             add_header P3P 'CP="No P3P policy available"';
-            if ($bbb_loadbalancer_node) {
-                add_header 'Access-Control-Allow-Origin' $bbb_loadbalancer_node always;
-            }
 
             # Allow 30M uploaded presentation document.
             client_max_body_size       30m;

mod/nginx/bbb/webrtc-sfu.nginx

@@ -5,8 +5,9 @@ location /bbb-webrtc-sfu {
     auth_request_set $user_id $sent_http_user_id;
     auth_request_set $meeting_id $sent_http_meeting_id;
     auth_request_set $voice_bridge $sent_http_voice_bridge;
+    auth_request_set $user_name $sent_http_user_name;
 
-    proxy_pass http://webrtc-sfu:3008;
+    proxy_pass http://10.7.7.1:3008;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
@@ -14,9 +15,11 @@ location /bbb-webrtc-sfu {
     proxy_set_header User-Id $user_id;
     proxy_set_header Meeting-Id $meeting_id;
     proxy_set_header Voice-Bridge $voice_bridge;
-    proxy_read_timeout 6h;
+    proxy_set_header User-Name $user_name;
-    proxy_send_timeout 6h;
+
-    client_body_timeout 6h;
+    proxy_read_timeout 60s;
-    send_timeout 6h;
+    proxy_send_timeout 60s;
+    client_body_timeout 60s;
+    send_timeout 60s;
 }
 

mod/nginx/bigbluebutton

@@ -29,12 +29,42 @@ server {
   # https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
   add_header Permissions-Policy "interest-cohort=()";
 
-  # redirect to greenlight
-  location = / {
-      return 302 /b;
-  }
 
   # Include specific rules for record and playback
   include /etc/nginx/bbb/*.nginx;
 
+  # redirect old greenlight v2 room links
+  location ~ "/b/([a-z0-9\-]+)" {
+    return 302 /rooms/$1;
+  }
+
+  # serve default.pdf from /www/
+  location = /default.pdf {
+    try_files $uri =404;
+  }
+
+  location / {
+    proxy_pass          http://greenlight:3000;
+    proxy_set_header    Host              $host;
+    proxy_set_header    X-Forwarded-For   "127.0.0.1";
+    proxy_set_header    X-Forwarded-Proto $scheme;
+    proxy_set_header    X-Forwarded-Ssl on;
+    proxy_http_version  1.1;
+    client_max_body_size 1000m;
+  }
+
+  location /cable {
+    proxy_pass          http://greenlight:3000;
+    proxy_set_header    Host              $host;
+    proxy_set_header    X-Forwarded-For   "127.0.0.1";
+    proxy_set_header    X-Forwarded-Proto $scheme;
+    proxy_set_header    X-Forwarded-Ssl on;
+    proxy_set_header    Upgrade           $http_upgrade;
+    proxy_set_header    Connection        "Upgrade";
+    proxy_http_version  1.1;
+    proxy_read_timeout  6h;
+    proxy_send_timeout  6h;
+    client_body_timeout 6h;
+    send_timeout        6h;
+  }
 }

mod/periodic/Dockerfile

@@ -1,16 +1,9 @@
 FROM debian:bullseye-slim
 
-# -- install mongo cli
-RUN apt-get update \
-    && apt-get install -y wget libcurl4 \
-    && wget https://repo.mongodb.org/apt/debian/dists/buster/mongodb-org/4.2/main/binary-amd64/mongodb-org-shell_4.2.6_amd64.deb \
-    && dpkg -i mongodb*.deb \
-    && rm mongodb*.deb
-
 # -- install docker cli
 COPY --from=library/docker:latest /usr/local/bin/docker /usr/bin/docker
 
-COPY bbb-remove-old-recordings bbb-restart-kms bbb-resync-freeswitch entrypoint.sh /
+COPY bbb-remove-old-recordings bbb-resync-freeswitch entrypoint.sh /
 
 RUN chmod +x bbb-remove-old-recordings
 

mod/periodic/bbb-restart-kms

@@ -1,40 +0,0 @@
-#!/bin/bash
-
-# Source:
-# https://github.com/alangecker/bbb-packages/blob/f83431c227be2c95025ea81083baeaa87667b170/bbb-webrtc-sfu/data/etc/cron.hourly/bbb-restart-kms
-
-#
-# Restart Kurento every 24+ hours
-#
-
-if [ ! -f /tmp/bbb-kms-last-restart.txt ]; then
-  date +%Y-%m-%d\ %H:%M:%S > /tmp/bbb-kms-last-restart.txt
-  exit
-fi
-
-users=$(mongo --quiet mongodb://10.7.7.6:27017/meteor --eval "db.users.count()")
-echo "currently active users: $users"
-
-if [ "$users" -eq 0 ]; then
-
-  # Make sure 24 hours have passed since last restart
-
-  # Seconds since epoch for last restart
-  dt1=$(cat /tmp/bbb-kms-last-restart.txt)
-  t1=`date --date="$dt1" +%s`
-
-  # Current seconds since epoch
-  dt2=`date +%Y-%m-%d\ %H:%M:%S`
-  t2=`date --date="$dt2" +%s`
-
-  # Hours since last restart
-  let "tDiff=$t2-$t1"
-  let "hDiff=$tDiff/3600"
-
-  if [ "$hDiff" -ge 24 ]; then
-    echo "scheduled restart of kurento after 24h"
-    CONTAINER_ID=$(docker ps | grep kurento | awk '{print $1}')
-    docker restart $CONTAINER_ID
-    date +%Y-%m-%d\ %H:%M:%S > /tmp/bbb-kms-last-restart.txt
-  fi
-fi

mod/periodic/bbb-resync-freeswitch

@@ -2,5 +2,4 @@
 
 # https://github.com/bigbluebutton/bigbluebutton/pull/9597/files
 
-CONTAINER_ID=$(docker ps | grep freeswitch | awk '{print $1}')
+docker exec -it bbb-freeswitch fs_cli -H 10.7.7.1 -P 8021 -x 'fsctl sync_clock_when_idle'
-docker exec -it $CONTAINER_ID fs_cli -H 10.7.7.1 -P 8021 -x 'fsctl sync_clock_when_idle'

mod/periodic/entrypoint.sh

@@ -7,14 +7,12 @@ history=5
 
 while :
 do
-	# restart kurento after 24h
-	/bbb-restart-kms
 
 	# resync freeswitch
 	/bbb-resync-freeswitch
 
 	# delete presentations older than N days
-	find /var/bigbluebutton/ -maxdepth 1 -type d -name "*-*" -mtime +$history -exec rm -rf '{}' +
+	find /var/bigbluebutton/ -maxdepth 1 -type d -name "*-[0-9]*" -mtime +$history -exec rm -rf '{}' +
 
   # delete recordings older than $RECORDING_MAX_AGE_DAYS
   if [ "$ENABLE_RECORDING" == true ] && [ "$REMOVE_OLD_RECORDING" == true ]; then

mod/recordings/Dockerfile

@@ -1,5 +1,5 @@
 
-FROM ruby:2.5-slim-buster
+FROM ruby:2.7-slim-bullseye
 
 # install apt dependencies
 RUN apt-get update && apt-get install -y \
@@ -9,15 +9,28 @@ RUN apt-get update && apt-get install -y \
     build-essential \
     libsystemd-dev \
     python3 \
-    python3-pyinotify \
+    python3-attr \
+    python3-cairo \
+    python3-gi \
+    python3-gi-cairo \
     python3-lxml \
     python3-icu \
+    python3-pyinotify \
+    python3-sortedcollections \
+    python3-packaging \
+    gir1.2-pangocairo-1.0 \
+    gir1.2-poppler-0.18 \
+    gir1.2-gtk-3.0 \
+    gir1.2-gdkpixbuf-2.0 \
+    fonts-croscore \
     ffmpeg \
     poppler-utils \
     imagemagick \
     supervisor \
+    unzip \
     locales \
     locales-all
+# TODO: missing packages
 
 ENV LC_ALL en_US.UTF-8
 ENV LANG en_US.UTF-8
@@ -40,33 +53,37 @@ RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VE
     && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
     && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
 
+# add yq for bbb-record
+RUN  wget -q https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq \
+    && chmod +x /usr/bin/yq
+
 RUN mkdir -p \
     /usr/local/bigbluebutton \
     /usr/local/bigbluebutton/core \
-    /etc/bigbluebutton
+    /etc/bigbluebutton \
+    /etc/bigbluebutton/recording
 
-ENV TAG v2.4.0
+# dependency for bbb-presentation-video
+RUN wget -q -O /tmp/python3-perfect-freehand.deb https://github.com/bigbluebutton/perfect-freehand-python/releases/download/1.2.0/python3-perfect-freehand_1.2.0_all.deb && \
+    dpkg -i /tmp/python3-perfect-freehand.deb && \
+    rm /tmp/python3-perfect-freehand.deb
 
-# add bbb-record-core (lib, scripts and Gemfile)
+ARG TAG_RECORDINGS
-RUN cd /usr/local/bigbluebutton/core \
+
-    && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/record-and-playback/core/lib \
+COPY --from=record-core / /usr/local/bigbluebutton/core
-    && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/record-and-playback/core/scripts \
-    && rm -rf /usr/local/bigbluebutton/core/*/.svn \
-    && wget https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/$TAG/record-and-playback/core/Gemfile.lock \
-    && wget https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/$TAG/record-and-playback/core/Gemfile \
-    && wget https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/$TAG/record-and-playback/core/Rakefile
 
 # add bbb-playback-presentation scripts
-RUN cd /tmp \
+COPY --from=presentation /scripts /usr/local/bigbluebutton/core/scripts/ 
-    && svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/record-and-playback/presentation/scripts \
-    && rsync -av /tmp/scripts/ /usr/local/bigbluebutton/core/scripts/ \
-    && rm -rf /tmp/scripts
 
 # install ruby dependencies
 RUN cd /usr/local/bigbluebutton/core \
     && gem install builder \
     && gem install bundler --no-document \
-    && /usr/local/bin/bundle
+    && bundle config set --local deployment true \
+    && bundle install \
+    && bundle clean \
+    && rm -r vendor/bundle/ruby/*/cache \
+    && find vendor/bundle -name '*.o' -delete
 
 # log to file instead of journald
 RUN sed -i 's|Journald::Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/lib/recordandplayback.rb && \
@@ -78,12 +95,12 @@ RUN sed -i 's|Journald::Logger\.new.*|Logger.new("/var/log/bigbluebutton/recordi
     sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/process/presentation.rb
 
 # add bbb-record with some adjustments so bbb-record works in this environment
+COPY --from=bbb-conf /bin/bbb-record /usr/bin/bbb-record
 RUN cd /usr/bin \
-    && wget https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/$TAG/bigbluebutton-config/bin/bbb-record \
     && chmod +x /usr/bin/bbb-record \
     && sed -i 's/^BBB_WEB.*/BBB_WEB=""/' /usr/bin/bbb-record \
     && sed -i 's/systemctl.*//' /usr/bin/bbb-record \
-    && echo "BIGBLUEBUTTON_RELEASE=$TAG" > /etc/bigbluebutton/bigbluebutton-release
+    && echo "BIGBLUEBUTTON_RELEASE=$TAG_RECORDINGS" > /etc/bigbluebutton/bigbluebutton-release
 
 # create user
 # the ID should match the one creating the files in `core`
@@ -93,8 +110,15 @@ RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigblueb
 # https://github.com/alangecker/bigbluebutton-docker/issues/63
 RUN chown -R 998:998 /usr/local/bigbluebutton
 
+ARG TAG_BBB_PRESENTATION_VIDEO
+RUN cd /tmp/ && \
+    wget -q -O bbb-presentation-video.zip "https://github.com/bigbluebutton/bbb-presentation-video/releases/download/${TAG_BBB_PRESENTATION_VIDEO}/ubuntu-20.04.zip" && \
+    unzip -o bbb-presentation-video.zip -d bbb-presentation-video && \
+    dpkg -i bbb-presentation-video/bbb-presentation-video*.deb && \
+    rm -rf /tmp/*
+
 COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
-COPY bigbluebutton.yml /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml.tmpl
+COPY recording.yml /etc/bigbluebutton/recording/recording.yml.tmpl
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY entrypoint.sh /entrypoint.sh
 

mod/recordings/bbb-web.properties

@@ -1 +1,2 @@
+bigbluebutton.web.serverURL=https://{{ .Env.DOMAIN }}
 securitySalt={{ .Env.SHARED_SECRET }}

mod/recordings/bigbluebutton.yml

@@ -1,59 +0,0 @@
-bbb_version: '2.1.0'
-raw_audio_src: /var/freeswitch/meetings
-raw_video_src: /usr/share/red5/webapps/video/streams
-kurento_video_src: /var/kurento/recordings
-kurento_screenshare_src: /var/kurento/screenshare
-raw_screenshare_src: /usr/share/red5/webapps/screenshare/streams
-raw_webrtc_deskshare_src: /usr/share/red5/webapps/video-broadcast/streams
-raw_deskshare_src: /var/bigbluebutton/deskshare
-raw_presentation_src: /var/bigbluebutton
-notes_endpoint: http://etherpad:9001/p
-# Specify the notes formats we archive
-# txt, doc and odt are also supported
-notes_formats:
-  - etherpad
-  - html
-  - pdf
-redis_host: redis
-redis_port: 6379
-# Uncomment and set password if redis require it.
-# redis_password: changeme
-
-# redis_workers_host: 127.0.0.1
-# redis_workers_port: 6379
-
-# Set to true to insert recording process status into
-# redis list with key "store_recording_status: true".
-# This is useful if you want to track progress status
-# and have another script process it.
-store_recording_status: false
-
-# Sequence of recording steps. Keys are the current step, values
-# are the next step(s). Examples:
-#   current_step: next_step
-#   "current_step-format": "next_step-format"
-#   current_step:
-#     - next_step
-#     - another_step-format
-steps:
-  archive: "sanity"
-  sanity: "captions"
-  captions: "process:presentation"
-  "process:presentation": "publish:presentation"
-
-# For PRODUCTION
-log_dir: /var/log/bigbluebutton
-events_dir: /var/bigbluebutton/events
-recording_dir: /var/bigbluebutton/recording
-published_dir: /var/bigbluebutton/published
-captions_dir: /var/bigbluebutton/captions
-playback_host: {{ .Env.DOMAIN }}
-playback_protocol: https
-
-# For DEVELOPMENT
-# This allows us to run the scripts manually
-#scripts_dir: /home/ubuntu/dev/bigbluebutton/record-and-playback/core/scripts
-#log_dir: /home/ubuntu/temp/log
-#recording_dir: /home/ubuntu/temp/recording
-#published_dir: /home/ubuntu/temp/published
-#playback_host: 127.0.0.1

mod/recordings/entrypoint.sh

@@ -2,11 +2,15 @@
 
 touch /var/log/bigbluebutton/recording.log
 touch /var/log/bigbluebutton/bbb-web.log
+touch /var/log/bigbluebutton/sanity.log
+touch /var/log/bigbluebutton/post_publish.log
 mkdir -p /var/log/bigbluebutton/presentation
 chown -R bigbluebutton:bigbluebutton /var/log/bigbluebutton
 
 dockerize \
-    -template /usr/local/bigbluebutton/core/scripts/bigbluebutton.yml.tmpl:/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml \
+    -template /etc/bigbluebutton/recording/recording.yml.tmpl:/etc/bigbluebutton/recording/recording.yml \
     -template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
     -stdout /var/log/bigbluebutton/recording.log \
+    -stdout /var/log/bigbluebutton/post_publish.log \
+    -stdout /var/log/bigbluebutton/sanity.log \
     /usr/bin/supervisord --nodaemon

mod/recordings/recording.yml

@@ -0,0 +1,4 @@
+redis_host: redis
+notes_endpoint: http://bbb-pads:9002/p
+playback_host: {{ .Env.DOMAIN }}
+playback_protocol: https

mod/recordings/supervisord.conf

@@ -2,9 +2,9 @@
 user=root
 
 [program:rasque_workers]
-command=rake resque:workers
+command=bundle exec rake -f Rakefile resque:workers
 directory=/usr/local/bigbluebutton/core/scripts
-environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1"
+environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",VVERBOSE="1",HOME="/home/bigbluebutton"
 user=bigbluebutton
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
@@ -15,6 +15,7 @@ stderr_logfile_maxbytes=0
 [program:rap_starter]
 command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-starter.rb
 directory=/usr/local/bigbluebutton/core/scripts
+environment=HOME="/home/bigbluebutton"
 user=bigbluebutton
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
@@ -25,6 +26,7 @@ stderr_logfile_maxbytes=0
 [program:rap_caption_inbox]
 command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-caption-inbox.rb
 directory=/usr/local/bigbluebutton/core/scripts
+environment=HOME="/home/bigbluebutton"
 user=bigbluebutton
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0

mod/webhooks/Dockerfile

@@ -1,26 +1,25 @@
-FROM node:14-alpine
+FROM node:18-bullseye-slim AS builder
-
-# download dockerize
-ENV DOCKERIZE_VERSION v0.6.1
-RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
-    && apk add subversion \
-    && mkdir /app \
-    && adduser -D -u 2002 -g webhooks webhooks \
-    && chown webhooks:webhooks /app
-
-USER webhooks
 
 
-ENV TAG v2.4.0
+RUN apt-get update && apt-get install -y git wget
-RUN svn checkout https://github.com/bigbluebutton/bigbluebutton/tags/$TAG/bbb-webhooks /app \
-    && rm -rf /app/.svn \
-    && cd /app && npm install --production
 
+RUN  wget -q https://github.com/mikefarah/yq/releases/download/v4.25.1/yq_linux_amd64 -O /usr/bin/yq \
+    && chmod +x /usr/bin/yq
+
+COPY --from=src / /bbb-webhooks
+RUN cd /bbb-webhooks && npm install --production
+
+RUN chmod 777 /bbb-webhooks/config
+# ------------------------------
+
+FROM node:18-bullseye-slim
+RUN useradd --uid 2004 --user-group bbb-webhooks
+
+COPY --from=builder /usr/bin/yq /usr/bin/yq
+COPY --from=builder /bbb-webhooks /bbb-webhooks
 COPY entrypoint.sh /entrypoint.sh
-COPY config.yml /app/config/default.yml.tmpl
 
+RUN mkdir /bbb-webhooks/log && chmod 777 /bbb-webhooks/log
+USER bbb-webhooks
 ENTRYPOINT /entrypoint.sh
 
-

mod/webhooks/config.yml

@@ -1,70 +0,0 @@
-# Shared secret of your BigBlueButton server.
-bbb:
-  serverDomain: {{ .Env.DOMAIN }}
-  sharedSecret: {{ .Env.SHARED_SECRET }}
-  # Whether to use Auth2.0 or not, Auth2.0 sends the sharedSecret whithin an Authorization header as a bearer
-  auth2_0: true  
-  apiPath: /bigbluebutton/api
-
-# The port in which the API server will run.
-server:
-  bind: 0.0.0.0
-  port: 3005
-
-# Web hooks configs
-hooks:
-  channels:
-    - from-akka-apps-redis-channel
-    - from-bbb-web-redis-channel
-    - from-akka-apps-chat-redis-channel
-    - bigbluebutton:from-bbb-apps:meeting
-    - bigbluebutton:from-bbb-apps:users
-    - bigbluebutton:from-bbb-apps:chat
-    - bigbluebutton:from-rap
-  # IP where permanent hook will post data (more than 1 URL means more than 1 permanent hook)
-  permanentURLs: []
-  # How many messages will be enqueued to be processed at the same time
-  queueSize: 10000
-  # Allow permanent hooks to receive raw message, which is the message straight from BBB
-  getRaw: false
-  # If set to higher than 1, will send events on the format:
-  # "event=[{event1},{event2}],timestamp=000" or "[{event1},{event2}]" (based on using auth2_0 or not)
-  # when there are more than 1 event on the queue at the moment of processing the queue.
-  multiEvent: 1
-  # Retry intervals for failed attempts for perform callback calls.
-  # In ms. Totals to around 5min.
-  retryIntervals:
-    - 100
-    - 500
-    - 1000
-    - 2000
-    - 4000
-    - 8000
-    - 10000
-    - 30000
-    - 60000
-    - 60000
-    - 60000
-    - 60000
-  # Reset permanent interval when exceeding maximum attemps
-  permanentIntervalReset: 8
-  # Hook's request module timeout for socket conn establishment and/or responses (ms)
-  requestTimeout: 5000
-
-# Mappings of internal to external meeting IDs
-mappings:
-  cleanupInterval: 10000 # 10 secs, in ms
-  timeout: 86400000 # 24 hours, in ms
-
-# Redis
-redis:
-  host: redis
-  port: 6379
-  keys:
-    hookPrefix: bigbluebutton:webhooks:hook
-    hooks: bigbluebutton:webhooks:hooks
-    mappings: bigbluebutton:webhooks:mappings
-    mappingPrefix: bigbluebutton:webhooks:mapping
-    eventsPrefix: bigbluebutton:webhooks:events
-    userMaps: bigbluebutton:webhooks:userMaps
-    userMapPrefix: bigbluebutton:webhooks:userMap

mod/webhooks/entrypoint.sh

@@ -1,9 +1,17 @@
 #!/bin/sh
+set -e
+TARGET=/bbb-webhooks/config/production.yml
+cp /bbb-webhooks/config/default.example.yml $TARGET
+
+yq e -i ".bbb.sharedSecret = \"$SHARED_SECRET\"" $TARGET
+yq e -i ".bbb.serverDomain = \"$DOMAIN\"" $TARGET
+yq e -i ".bbb.auth2_0 = true" $TARGET
+yq e -i ".server.bind = \"0.0.0.0\"" $TARGET
+yq e -i ".hooks.getRaw = false" $TARGET
+yq e -i ".redis.host = \"redis\"" $TARGET
 
 export NODE_ENV=production
-cd /app
+
-dockerize \
+cd /bbb-webhooks
-    -wait tcp://redis:6379 \
+node app.js
-    -template /app/config/default.yml.tmpl:/app/config/default.yml \
-    node app.js
 

mod/webrtc-sfu/Dockerfile

@@ -1,36 +1,30 @@
-FROM node:14-bullseye-slim
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
 
 
-RUN apt-get update && apt-get -y install \
-  git \
-  make \
-  python \
-  python3-pip \
-  g++ \
-  ffmpeg
-
 RUN useradd --uid 2004 --user-group webrtc-sfu 
 
-ADD ./bbb-webrtc-sfu app
+COPY --from=source / /app
-
-WORKDIR app
 
 ENV NODE_ENV production
 
-
+RUN cd /app \
-# due to the git submodule npm install crashes with following error:
+ && cp config/default.example.yml config/production.yml \
-# npm ERR! fatal: Not a git repository: ../.git/modules/bbb-webrtc-sfu
-# we simply delete the .git file
-RUN cp config/default.example.yml config/production.yml \
- && chown -R webrtc-sfu:webrtc-sfu config \
- && rm .git \
  && npm install --unsafe-perm \
  && npm cache clear --force \
  && rm -rf node_modules/mediasoup/worker/out/Release/subprojects \
  && rm -rf node_modules/mediasoup/worker/out/Release/mediasoup-worker.p \
  && rm -rf node_modules/mediasoup/worker/out/Release/deps
-COPY docker-entrypoint.sh /app/docker-entrypoint.sh
+
+
+# =============================
+FROM node:18-bullseye-slim
+RUN useradd --uid 2004 --user-group webrtc-sfu 
+ENV NODE_ENV production
+
+COPY --from=builder /app /app
+RUN mkdir /home/webrtc-sfu && chown -R webrtc-sfu:webrtc-sfu /app/config /home/webrtc-sfu
 
 USER webrtc-sfu
-ENTRYPOINT [ "./docker-entrypoint.sh" ]
+WORKDIR /app
 CMD [ "npm", "start" ]

mod/webrtc-sfu/docker-entrypoint.sh

@@ -1,6 +0,0 @@
-#!/bin/sh -e
-
-sed -i "s|^\(localIpAddress\):.*|\1: \"10.7.7.10\"|g" config/production.yml
-export KURENTO_IP="10.7.7.1"
-
-exec "$@"

repos/tags

@@ -0,0 +1,13 @@
+# autogenerated by ./scripts/collect-tags
+#
+# used to determine submodule tags without the need for
+# checking out the whole submodule
+
+repos/bbb-etherpad-plugin 068ded5
+repos/bbb-etherpad-skin 8328b77
+repos/bbb-pads v1.5.2
+repos/bbb-playback v5.0.2
+repos/bbb-webhooks v2.6.1
+repos/bbb-webrtc-sfu v2.12.0
+repos/bigbluebutton v2.7.3
+repos/freeswitch v1.10.10

sample.env

@@ -6,6 +6,8 @@
 # HTTPS Proxy
 # fully automated Lets Encrypt certificates
 ENABLE_HTTPS_PROXY=true
+# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers
+#RESOLVER_ADDRESS=x.x.x.x
 
 # coturn (a TURN Server)
 # requires either the abhove HTTPS Proxy to be enabled
@@ -44,7 +46,7 @@ ENABLE_GREENLIGHT=true
 # important! change these to any random values
 SHARED_SECRET=SuperSecret
 ETHERPAD_API_KEY=SuperEtherpadKey
-RAILS_SECRET=SuperRailsSecret
+RAILS_SECRET=SuperRailsSecret_SuperRailsSecret
 POSTGRESQL_SECRET=SuperPostgresSecret
 FSESL_PASSWORD=SuperFreeswitchESLPassword
 
@@ -59,11 +61,6 @@ DOMAIN=bbb.example.com
 EXTERNAL_IPv4=144.76.97.10
 EXTERNAL_IPv6=
 
-# setting the network interface speeds up kurentos WebRTC connection time,
-# but currently also disables IPv6 for Kurento
-# (https://github.com/Kurento/bugtracker/issues/500)
-#NETWORK_INTERFACE=ens3
-
 # STUN SERVER
 # stun.freeswitch.org
 STUN_IP=216.93.246.18
@@ -88,7 +85,7 @@ SIP_IP_ALLOWLIST=
 CLIENT_TITLE=BigBlueButton
 
 # use following lines to replace the default welcome message and footer
-WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the phone button.  Use a headset to avoid causing background noise for others."
+WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button.  Use a headset to avoid causing background noise for others."
 WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
 
 # use following line for an additional SIP dial-in message
@@ -102,14 +99,14 @@ DEFAULT_PRESENTATION=./mod/nginx/default.pdf
 # options:
 # - en-ca-june - EN Canadian June
 # - en-us-allison - US English Allison
-# - en-us-callie - US English Callie
+# - en-us-callie - US English Callie (default)
 # - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
 # - es-ar-mario - Spanish/Argentina Mario
 # - fr-ca-june - FR Canadian June
 # - pt-br-karina - Brazilian Portuguese Karina
-# - ru-ru-elena - RU Russian Elena
+# - ru-RU-elena - RU Russian Elena
-# - ru-ru-kirill - RU Russian Kirill
+# - ru-RU-kirill - RU Russian Kirill
-# - ru-ru-vika - RU Russian Viktoriya
+# - ru-RU-vika - RU Russian Viktoriya
 # - sv-se-jakob - Swedish (Sweden) Jakob
 # - zh-cn-sinmei - Chinese/China Sinmei
 # - zh-hk-sinmei - Chinese/Hong Kong Sinmei
@@ -165,180 +162,42 @@ NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
 # GREENLIGHT CONFIGURATION
 # ====================================
 
-# Microsoft Office365 Login Provider (optional)
+### SMTP CONFIGURATION
-#
+# Emails are required for the basic features of Greenlight to function.
-# For in-depth steps on setting up a Office 365 Login Provider, see:
+# Please refer to your SMTP provider to get the values for the variables below
-#
+#SMTP_SENDER_EMAIL=
-#   https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
+#SMTP_SENDER_NAME=
-#
+#SMTP_SERVER=
-OFFICE365_KEY=
+#SMTP_PORT=
-OFFICE365_SECRET=
+#SMTP_DOMAIN=
-OFFICE365_HD=
+#SMTP_USERNAME=
+#SMTP_PASSWORD=
+#SMTP_AUTH=
+#SMTP_STARTTLS_AUTO=true
+#SMTP_STARTTLS=false
+#SMTP_TLS=false
+#SMTP_SSL_VERIFY=true
 
-# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
+### EXTERNAL AUTHENTICATION METHODS
-# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
+#
-OAUTH2_REDIRECT=
+#OPENID_CONNECT_CLIENT_ID=
+#OPENID_CONNECT_CLIENT_SECRET=
+#OPENID_CONNECT_ISSUER=
+#OPENID_CONNECT_REDIRECT=
 
-# LDAP Login Provider (optional)
+# To enable hCaptcha on the user sign up and sign in, define these 2 keys
-#
+#HCAPTCHA_SITE_KEY=
-# You can enable LDAP authentication by providing values for the variables below.
+#HCAPTCHA_SECRET_KEY=
-# Configuring LDAP authentication will take precedence over all other providers.
-# For information about setting up LDAP, see:
-#
-#   https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
-#
-#   LDAP_SERVER=ldap.example.com
-#   LDAP_PORT=389
-#   LDAP_METHOD=plain
-#   LDAP_UID=uid
-#   LDAP_BASE=dc=example,dc=com
-#   LDAP_AUTH=simple
-#   LDAP_BIND_DN=cn=admin,dc=example,dc=com
-#   LDAP_PASSWORD=password
-#   LDAP_ROLE_FIELD=ou
-#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
-LDAP_SERVER=
-LDAP_PORT=
-LDAP_METHOD=
-LDAP_UID=
-LDAP_BASE=
-LDAP_BIND_DN=
-LDAP_AUTH=
-LDAP_PASSWORD=
-LDAP_ROLE_FIELD=
-LDAP_FILTER=
 
-# Set this to true if you want GreenLight to support user signup and login without
+# Set these if you are using a Simple Storage Service (S3)
-# Omniauth. For more information, see:
+# Uncomment S3_ENDPOINT only if you are using a S3 OTHER than Amazon Web Service (AWS) S3.
-#
+#S3_ACCESS_KEY_ID=
-#   https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
+#S3_SECRET_ACCESS_KEY=
-#
+#S3_REGION=
-ALLOW_GREENLIGHT_ACCOUNTS=true
+#S3_BUCKET=
+#S3_ENDPOINT=
 
-# Set this to true if you want GreenLight to send verification emails upon
+# Define the default locale language code (i.e. 'en' for English) from the fallowing list:
-# the creation of a new account
+#  [en, ar, fr, es]
-#
+#DEFAULT_LOCALE=en
-#   ALLOW_MAIL_NOTIFICATIONS=true
-#
-# The notifications are sent using sendmail, unless the SMTP_SERVER variable is set.
-# In that case, make sure the rest of the variables are properly set.
-#
-#   SMTP_SERVER=smtp.gmail.com
-#   SMTP_PORT=587
-#   SMTP_DOMAIN=gmail.com
-#   SMTP_USERNAME=<youremail@gmail.com>
-#   SMTP_PASSWORD=<yourpassword>
-#   SMTP_AUTH=plain
-#   SMTP_STARTTLS_AUTO=true
-#
-# If your mail server has a self-signed certificate, you'll also need to include the line below.
-# Please note that enable this presents its own security risks and should not be done unless necessary.
-#   SMTP_OPENSSL_VERIFY_MODE=none
-#
-SMTP_SERVER=
-SMTP_PORT=
-SMTP_DOMAIN=
-SMTP_USERNAME=
-SMTP_PASSWORD=
-SMTP_AUTH=
-SMTP_STARTTLS_AUTO=
 
-# Specify the email address that all mail is sent from
-SMTP_SENDER=
-
-# Prefix for the applications root URL.
-# Useful for deploying the application to a subdirectory, which is highly recommended
-# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
-# have to update your authentication callback URL's to reflect this change.
-#
-#   The recommended prefix is "/b".
-#
-RELATIVE_URL_ROOT=/b
-
-# Specify which settings you would like the users to configure on room creation
-# or edit after the room has been created
-# By default, all settings are turned OFF.
-#
-# Current settings available:
-#   mute-on-join: Automatically mute users by default when they join a room
-#   require-moderator-approval: Require moderators to approve new users before they can join the room
-#   anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
-#   all-join-moderator: All users join as moderators in BigBlueButton
-ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
-
-# Specify the maximum number of records to be sent to the BigBlueButton API in one call
-# Default is set to 25 records
-PAGINATION_NUMBER=25
-
-# Specify the maximum number of rows that should be displayed per page for a paginated table
-# Default is set to 25 rows
-NUMBER_OF_ROWS=25
-
-# Specify if you want to display the Google Calendar button
-#   ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
-ENABLE_GOOGLE_CALENDAR_BUTTON=
-
-# Set the application into Maintenance Mode
-#
-# Current options supported:
-# true: Renders an error page that does not allow users to access any of the features in the application
-# false: Application runs normally
-MAINTENANCE_MODE=false
-
-# Displays a flash that appears to inform the user of a scheduled maintenance window
-# This variable should contain ONLY the date and time of the scheduled maintenance
-#
-# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
-MAINTENANCE_WINDOW=
-
-# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
-#
-# Defaults to the Github Issues Page for Greenlight
-# Button can be disabled by setting the value to blank
-#
-# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
-
-# The link to the Need help? button that appears on the Account Dropdown
-#
-# Defaults to the Greenlight documentation
-# Button can be disabled by setting the value to blank
-HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
-
-# Comment this out to send logs to STDOUT in production instead of log/production.log .
-#
-# RAILS_LOG_TO_STDOUT=true
-#
-# When using docker-compose the logs can be sent to an centralized repository like PaperTrail
-# just by using the built in driver. Make sure to add to docker-compose.yml the next lines:
-#
-#     logging:
-#      driver: $LOG_DRIVER
-#      options:
-#        syslog-address: $LOG_ADDRESS
-#        tag: $LOG_TAG
-#
-# And set this variables up:
-#
-# LOG_DRIVER=syslog
-# LOG_ADDRESS=udp://logs4.papertrailapp.com:[99999]
-# LOG_TAG=greenlight.example.com:v2
-#
-# Check docker-compose and papertrail documentation for encrypting and
-# protecting access to the log repository.
-# https://docs.docker.com/config/containers/logging/syslog/#options
-# https://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl/
-#
-# For sending logs to a remote aggregator enable these variables:
-#
-# RAILS_LOG_REMOTE_NAME=logxx.papertrailapp.com
-# RAILS_LOG_REMOTE_PORT=9999
-# RAILS_LOG_REMOTE_TAG=greenlight
-#
-
-# Specify the default registration to be used by Greenlight until an administrator sets the
-# registration method
-# Allowed values are:
-#   open - For open registration
-#   invite - For invite only registration
-#   approval - For approve/decline registration
-DEFAULT_REGISTRATION=open

scripts/bbb-record

@@ -4,11 +4,8 @@ set -e
 cd $(dirname $0)/..
 
 # load .env
-if [ -f .env ]
+. functions.sh
-then
+load_env
-  # exclude WELCOME_FOOTER because it may contain invalid characters
-  export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | xargs)
-fi
 
 if [ ! "$ENABLE_RECORDING" == true ]; then
   echo "Error: recording is disabled why can't use bbb-record"
@@ -16,5 +13,5 @@ if [ ! "$ENABLE_RECORDING" == true ]; then
   exit 1
 fi
 
-docker-compose exec recordings bbb-record $@
+docker compose exec recordings bbb-record $@
-docker-compose logs --tail=15 recordings
+docker compose logs --tail=15 recordings

scripts/collect-tags

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+cd "$(dirname "$0")/.."
+. scripts/functions.sh
+
+# can't summarize the submodules without having the submodules
+ensure_submodules
+
+FILE=repos/tags
+echo '# autogenerated by ./scripts/collect-tags' > $FILE
+echo '#' >> $FILE
+echo '# used to determine submodule tags without the need for' >> $FILE
+echo '# checking out the whole submodule' >> $FILE
+echo "" >> $FILE
+
+# get list of submodules and their current tag as `git describe` also provides
+
+
+git submodule foreach --quiet 'echo $sm_path $(git describe --tags --always)'  >> $FILE
+

scripts/fs_cli

@@ -3,4 +3,8 @@ set -e
 
 cd $(dirname $0)/..
 
-docker-compose exec freeswitch fs_cli -H 10.7.7.1
+# load .env
+. functions.sh
+load_env
+
+docker compose exec freeswitch /opt/freeswitch/bin/fs_cli -H 10.7.7.1 -p "$FSESL_PASSWORD"

scripts/functions.sh

@@ -0,0 +1,28 @@
+function load_env {
+    FILE=.env
+    if [ "$BBB_DOCKER_DEV" = "1" ]; then
+        FILE=dev.env
+    else
+        FILE=.env
+    fi
+
+    if [ -f $FILE ]
+    then
+        export $(cat $FILE | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
+    fi
+}
+
+function ensure_submodules {
+    MISSING_SUBMODULES=$(git submodule status | grep -v ' (' |  awk '{print $2}' || /bin/true)
+    echo 
+    if [ ! -z "$MISSING_SUBMODULES" ]; then
+        echo "ERROR: following submodules are not checked out. we can't continue here"
+        git submodule status | grep -v ' (' |  awk '{print " -", $2}'
+        echo ""
+        echo "if you really want to build images by yourself (not required for a normal production setup), use following command to check out all the submodules and try again"
+        echo "  git submodule update --init"
+        exit 1
+    fi
+    
+}
+

scripts/generate-compose

@@ -4,11 +4,8 @@ set -e
 cd $(dirname $0)/..
 
 # load .env
-if [ -f .env ]
+. scripts/functions.sh
-then
+load_env
-  # exclude WELCOME_MESSAGE && WELCOME_FOOTER && CLIENT_TITLE because it may contain invalid characters
-  export $(cat .env | sed 's/#.*//g' | grep -v "WELCOME_FOOTER" | grep -v "WELCOME_MESSAGE" | grep -v "CLIENT_TITLE" | xargs)
-fi
 
 # check for non-optional environment variables,
 # which got introduced later and may miss in existing
@@ -33,13 +30,30 @@ if [ "$ENABLE_COTURN" == true ]; then
   fi
 fi
 
+function get_tag {
+  # is submodule checked out?
+  if [ -f "$1/.git" ]; then
+    git --git-dir=$1/.git describe --tags --always
+  else
+    # get cached tag name from repos/tags
+    grep "$1" repos/tags | awk '{print $2}'
+  fi
+}
+
 docker run  \
     --rm  \
     -v $(pwd)/docker-compose.tmpl.yml:/docker-compose.tmpl.yml \
+    -e TAG_BBB=$(get_tag repos/bigbluebutton) \
+    -e TAG_FREESWITCH=$(get_tag repos/freeswitch) \
+    -e TAG_WEBRTC_SFU=$(get_tag repos/bbb-webrtc-sfu) \
+    -e TAG_WEBHOOKS=$(get_tag repos/bbb-webhooks) \
+    -e TAG_PLAYBACK=$(get_tag repos/bbb-playback) \
+    -e TAG_PADS=$(get_tag repos/bbb-pads) \
+    -e COMMIT_ETHERPAD_SKIN=$(get_tag repos/bbb-etherpad-skin) \
+    -e COMMIT_ETHERPAD_PLUGIN=$(get_tag repos/bbb-etherpad-plugin) \
     -e DEV_MODE=${DEV_MODE:-false} \
+    -e EXTERNAL_IPv6=${EXTERNAL_IPv6:-} \
     -e ENABLE_RECORDING=${ENABLE_RECORDING:-false} \
-    -e REMOVE_OLD_RECORDING=${REMOVE_OLD_RECORDING:-false} \
-    -e RECORDING_MAX_AGE_DAYS=${RECORDING_MAX_AGE_DAYS:-14} \
     -e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
     -e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
     -e ENABLE_COTURN=${ENABLE_COTURN:-false} \

scripts/greenlight-migrate-v2-v3

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+cd $(dirname $0)/..
+
+# load .env
+if [ -f .env ]
+then
+  export $(cat .env | sed 's/#.*//g' | grep -E "RAILS_SECRET|POSTGRESQL_SECRET" | xargs)
+fi
+
+COMPOSE_PREFIX=$(docker compose ps | grep postgres | awk '{print $1}' | sed 's/-postgres-1//')
+
+docker kill -s SIGKILL greenlight-v2-tmp 2>/dev/null
+sleep 1
+
+echo "temporarily starting old greenlight v2..."
+docker run  \
+  --rm \
+  --detach --name greenlight-v2-tmp \
+  --network ${COMPOSE_PREFIX}_bbb-net \
+  --env-file .env \
+  -e DB_ADAPTER=postgresql \
+  -e DB_HOST=10.7.7.22 \
+  -e DB_NAME=greenlight \
+  -e DB_USERNAME=postgres \
+  -e DB_PASSWORD=${POSTGRESQL_SECRET:-password} \
+  -e SECRET_KEY_BASE=${RAILS_SECRET} \
+  -e V3_ENDPOINT="http://10.7.7.21:3000" \
+  -e V3_SECRET_KEY_BASE=${RAILS_SECRET} \
+  bigbluebutton/greenlight:v2.14 
+
+docker logs -f greenlight-v2-tmp &
+LOGGING_PID=$!
+
+while ! docker exec greenlight-v2-tmp nc -zw3 127.0.0.1 80
+do
+  echo "Waiting for greenlight v2 to start up ..."
+  sleep 1
+done
+
+echo "greenlight is up! starting migrations"
+
+docker exec -it greenlight-v2-tmp bundle exec rake migrations:roles && \
+docker exec -it greenlight-v2-tmp bundle exec rake migrations:users && \
+docker exec -it greenlight-v2-tmp bundle exec rake migrations:rooms && \
+docker exec -it greenlight-v2-tmp bundle exec rake migrations:settings
+
+kill $LOGGING_PID
+docker kill greenlight-v2-tmp

scripts/print-versions

@@ -1,73 +0,0 @@
-#!/bin/bash
-set -e
-
-CORE_IMAGE=$(docker-compose images -q core)
-FREESWITCH_IMAGE=$(docker-compose images -q freeswitch)
-HTML5_IMAGE=$(docker-compose images -q html5)
-KURENTO_IMAGE=$(docker-compose images -q kurento)
-ETHERPAD_IMAGE=$(docker-compose images -q etherpad)
-MONGO_IMAGE=$(docker-compose images -q mongodb)
-REDIS_IMAGE=$(docker-compose images -q redis)
-
-if [[ -z $CORE_IMAGE ]]
-then 
-    echo "this script only works if containers are created"
-    echo "either start BigBlueButton with"
-    echo "  $ docker-compose up -d"
-    echo "or at least create the containers with"
-    echo "  $ docker-compose create"
-    exit 1
-fi
-
-
-
-echo "bigbluebutton-docker"
-echo "    commit: $(git rev-parse --short HEAD) ($(git log -1 --pretty=%B | head -n 1))"
-echo "    branch: $(git rev-parse --abbrev-ref HEAD)"
-echo ""
-
-echo "core"
-docker run --rm --entrypoint /bin/sh $CORE_IMAGE -c "dpkg -l 'bbb-*' | grep ii | cut -c 5-42 | sed 's/bbb-/    bbb-/g'"
-echo ""
-
-echo "etherpad"
-ETHERPAD_VERSION=$(docker run --rm --entrypoint cat $ETHERPAD_IMAGE /opt/etherpad-lite/src/package.json | grep version | awk -F'"' '{print $4}')
-echo "    version: $ETHERPAD_VERSION"
-echo ""
-
-echo "freeswitch"
-FREESWITCH_VERSION=$(docker run --rm --entrypoint freeswitch $FREESWITCH_IMAGE -version | cut -c 21-)
-FREESWTICH_CONFIG_VERSION=$(docker image inspect $FREESWITCH_IMAGE | grep GIT_TAG= | head -n 1 | xargs | cut -c 9-)
-echo "    build:  $FREESWITCH_VERSION"
-echo "    config: $FREESWTICH_CONFIG_VERSION"
-echo ""
-
-echo "html5"
-HTML5_VERSION=$(docker image inspect $HTML5_IMAGE | grep TAG= | head -n 1 | xargs | cut -c 5-)
-echo "    version: $HTML5_VERSION"
-echo ""
-
-echo "kurento"
-KURENTO_VERSION=$(docker run --rm --entrypoint kurento-media-server $KURENTO_IMAGE --version | grep Kurento | sed 's/Kurento Media Server version: //')
-echo "    version: $KURENTO_VERSION"
-echo ""
-
-echo "mongodb"
-MONGO_VERSION=$(docker image inspect $MONGO_IMAGE | grep MONGO_VERSION | head -n 1 | xargs | cut -c 15-)
-echo "    version: $MONGO_VERSION"
-echo ""
-
-# TODO:
-# - nginx
-# - periodic 
-
-echo "redis"
-REDIS_VERSION=$(docker image inspect $REDIS_IMAGE | grep REDIS_VERSION | head -n 1 | xargs | cut -c 15-)
-echo "    version: $REDIS_VERSION"
-echo ""
-
-echo "webrtc-sfu"
-SFU_VERSION=$(cd bbb-webrtc-sfu && cat package.json | grep version | awk -F\" '{print $4}')
-SFU_COMMIT=$(cd bbb-webrtc-sfu && git rev-parse --short HEAD)
-echo "    version: $SFU_VERSION"
-echo "    commit:  $SFU_COMMIT"

scripts/publish

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+cd "$(dirname "$0")/.."
+
+# load .env
+. functions.sh
+load_env
+
+if [ -z "$ENABLE_WEBHOOKS" ]; then
+    echo "ERROR: ENABLE_WEBHOOKS must be set to true, otherwise the image would not be built"
+    exit 1
+fi
+
+if [ -z "$ENABLE_RECORDING" ]; then
+    echo "ERROR: ENABLE_RECORDING must be set to true, otherwise the image would not be built"
+    exit 1
+fi
+
+
+# generate compose file
+./scripts/generate-compose
+
+# ensure submodules are matching tags.env
+./scripts/checkout-submodules
+
+# build and push java base image
+docker build -t alangecker/bbb-docker-base-java:latest mod/base-java
+
+# buld and push other images
+docker compose build
+
+# push images
+docker push alangecker/bbb-docker-base-java:latest
+docker compose push \
+    html5-backend-1 \
+    bbb-web \
+    freeswitch \
+    apps-akka \
+    bbb-pads \
+    etherpad \
+    fsesl-akka \
+    jodconverter \
+    nginx \
+    periodic \
+    recordings \
+    webhooks \
+    webrtc-sfu

scripts/setup

@@ -208,4 +208,4 @@ echo "make sure to recreate the docker-compose.yml after each change"
 echo "  $ ./scripts/generate-compose"
 echo ""
 echo "to start bigbluebutton run"
-echo "  $ docker-compose up -d"
+echo "  $ docker compose up -d"

scripts/upgrade

@@ -15,34 +15,24 @@ then
 
 else
 
-    echo ""
-    echo "# pull newest git submodules"
-    git submodule init
-    git submodule update
-
     echo ""
     echo "# recreate docker-compose.yml"
     ./scripts/generate-compose
 
     echo ""
     echo "# pull newest images"
-    docker-compose pull --ignore-pull-failures
+    docker compose pull --ignore-pull-failures
     
-    echo ""
-    echo "# rebuild images"
-
-    # rebuild everything which got modified
-    docker-compose build --pull
 
     COMMIT_HASH=$(git rev-parse --short HEAD)
     BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
 
     echo ""
     echo "-------------------------------------"
-    echo "images successfully rebuilt!"
+    echo "update is ready!"
     echo "we are on $COMMIT_HASH ($BRANCH_NAME)"
     echo ""
     echo "use following command for restarting bbb:"
-    echo "    $ docker-compose up -d"
+    echo "    $ docker compose up -d --no-build"
     echo "-------------------------------------"
 fi

scripts/upgrade-and-build

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -e
+cd $(dirname $0)/..
+
+if [ -z $RESTARTED ]
+then
+
+    echo "# pull newest bigblugbutton-docker.git"
+    git pull
+
+    # restart script, since it might have changed.
+    RESTARTED=1 ./scripts/upgrade-and-build
+    exit
+
+else
+
+    echo ""
+    echo "# pull newest git submodules"
+    ./scripts/checkout-submodules
+
+    echo ""
+    echo "# recreate docker-compose.yml"
+    ./scripts/generate-compose
+
+    echo ""
+    echo "# pull newest images"
+    docker compose pull --ignore-pull-failures
+
+    echo ""
+    echo "# rebuild images"
+    docker build -t alangecker/bbb-docker-base-java:latest mod/base-java
+
+    # rebuild everything which got modified
+    docker compose build
+
+    COMMIT_HASH=$(git rev-parse --short HEAD)
+    BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
+    
+    echo ""
+    echo "-------------------------------------"
+    echo "images successfully rebuilt!"
+    echo "we are on $COMMIT_HASH ($BRANCH_NAME)"
+    echo ""
+    echo "use following command for restarting bbb:"
+    echo "    $ docker compose up -d"
+    echo "-------------------------------------"
+fi