From 43c869e890f56edf3a6d9fc0c737533f47e6bb46 Mon Sep 17 00:00:00 2001
From: Chris <stofflees@gmail.com>
Date: Tue, 22 Dec 2020 18:05:10 +0000
Subject: [PATCH] Add jitsi container

---
 bootstrap.sh                |   5 ++
 docker-compose.yml          | 164 +++++++++++++++++++++++++++++++-----
 nextcloud/config/config.php |   2 +-
 nginx.conf                  |  20 +++++
 4 files changed, 168 insertions(+), 23 deletions(-)

diff --git a/bootstrap.sh b/bootstrap.sh
index 0949008..70501f8 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -52,6 +52,9 @@ chmod +x /app/gitea/gitea
 chown -R git /app/gitea/gitea
 chown -R git /var/lib/gitea
 
+echo "------- Adding config folders for jitsi -------"
+mkdir -p /opt/jitsi/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
+
 echo "------- Setting up firewall -------"
 ufw default deny incoming
 ufw default allow outgoing
@@ -66,3 +69,5 @@ systemctl enable docker --now
 docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d
 # Create a super user for pinry
 docker exec -it scarif_pinry_1 python manage.py createsuperuser --settings=pinry.settings.docker
+# Create user for jitsi
+docker-compose exec prosody prosodyctl --config /config/prosody.cfg.lua register chris meet.jitsi ${USER_PASSWORD}
diff --git a/docker-compose.yml b/docker-compose.yml
index eda9cec..37084ba 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,9 +1,9 @@
 # Options for building certificates
-#x-certs: &certs
-#  image: paulczar/omgwtfssl
-#  restart: "no"
-#  volumes:
-#    - certs:/certs
+x-certs: &certs
+  image: paulczar/omgwtfssl
+  restart: "no"
+  volumes:
+    - /opt/ssl:/certs
 
 version: "3.4"
 
@@ -67,8 +67,8 @@ services:
       - redis
       - nginx
     extra_hosts:
-      - "tower.scarif.local:${LOCAL_IP}"
-      - "office.scarif.local:${LOCAL_IP}" 
+      - "tower.scarif.space:${LOCAL_IP}"
+      - "office.scarif.space:${LOCAL_IP}" 
   
   collabora:
     image: collabora/code
@@ -90,8 +90,8 @@ services:
     networks:
       - nginx
     extra_hosts:
-      - "tower.scarif.local:${LOCAL_IP}"
-      - "office.scarif.local:${LOCAL_IP}" 
+      - "tower.scarif.space:${LOCAL_IP}"
+      - "office.scarif.space:${LOCAL_IP}" 
 
   pinry:
     image: 'getpinry/pinry'
@@ -133,19 +133,140 @@ services:
     depends_on:
       - db
 
-  cadvisor:
-    image: gcr.io/cadvisor/cadvisor:v0.37.0
+  jitsi:
+    image: jitsi/web:latest
+    restart: always
     volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:ro
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
-      - /dev/disk/:/dev/disk:ro
-    privileged: true
-    devices:
-      - /dev/kmsg
+      - /opt/jitsi/web:/config:Z
+      - /opt/jitsi/transcripts:/usr/share/jitsi-meet/transcripts:Z
+    environment:
+      - ENABLE_LETSENCRYPT=false
+      - ENABLE_HTTP_REDIRECT=false
+      - ENABLE_HSTS=false
+      - ENABLE_XMPP_WEBSOCKET=true
+      - DISABLE_HTTPS=true
+      - PUBLIC_URL=https://comms.${DOMAIN}
+      - TZ=UTC
+      - ENABLE_AUDIO_PROCESSING=true
+      - ENABLE_AUTH=true
+      - ENABLE_GUESTS=true
+      - ENABLE_LIPSYNC=true
+      - ENABLE_PREJOIN_PAGE=true
+      - ENABLE_WELCOME_PAGE=true
+      - ENABLE_CLOSE_PAGE=true
+      - ENABLE_REQUIRE_DISPLAY_NAME=false
+      - ENABLE_TALK_WHILE_MUTED=true
+      - JICOFO_AUTH_USER=focus
+      - DISABLE_AUDIO_LEVELS=false
+      - ENABLE_NOISY_MIC_DETECTION=true
+      - XMPP_AUTH_DOMAIN=auth.meet.jitsi
+      - XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
+      - XMPP_DOMAIN=meet.jitsi
+      - XMPP_GUEST_DOMAIN=guest.meet.jitsi
+      - XMPP_MUC_DOMAIN=muc.meet.jitsi
+      - XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
     networks:
-      - nginx
+      nginx:
+      meet.jitsi:
+
+  # XMPP server
+  prosody:
+    image: jitsi/prosody:latest
+    restart: always
+    expose:
+      - '5222'
+      - '5347'
+      - '5280'
+    volumes:
+      - /opt/jitsi/prosody/config:/config:Z
+      - /opt/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=true
+      - ENABLE_GUESTS=true
+      - ENABLE_LOBBY=true
+      - ENABLE_XMPP_WEBSOCKET=true
+
+      - XMPP_DOMAIN=meet.jitsi
+      - XMPP_AUTH_DOMAIN=auth.meet.jitsi
+      - XMPP_GUEST_DOMAIN=guest.meet.jitsi
+      - XMPP_MUC_DOMAIN=muc.meet.jitsi
+      - XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+      - XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
+      - JICOFO_COMPONENT_SECRET
+      - JICOFO_AUTH_USER=focus
+      - JICOFO_AUTH_PASSWORD
+      - JVB_AUTH_USER=jvb
+      - JVB_AUTH_PASSWORD
+      - JIGASI_XMPP_PASSWORD
+      - JIBRI_XMPP_PASSWORD
+      - JIBRI_RECORDER_PASSWORD
+      - PUBLIC_URL=https://comms.${DOMAIN}
+      - TZ=UTC
+    networks:
+      meet.jitsi:
+        aliases:
+          - xmpp.meet.jitsi
+
+  # Focus component
+  jicofo:
+    image: jitsi/jicofo:latest
+    restart: always
+    volumes:
+      - /opt/jitsi/jicofo:/config:Z
+    environment:
+      - AUTH_TYPE=internal
+      - ENABLE_AUTH=true
+      - XMPP_DOMAIN=meet.jitsi
+      - XMPP_AUTH_DOMAIN=auth.meet.jitsi
+      - XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+      - XMPP_MUC_DOMAIN=muc.meet.jitsi
+      - XMPP_SERVER=xmpp.meet.jitsi
+      - JICOFO_COMPONENT_SECRET
+      - JICOFO_AUTH_USER=focus
+      - JICOFO_AUTH_PASSWORD
+      - JVB_BREWERY_MUC=jvbbrewery
+      - JIGASI_BREWERY_MUC=jigasibrewery
+      - JIBRI_BREWERY_MUC=jibribrewery
+      - JIBRI_PENDING_TIMEOUT=90
+      - TZ=UTC
+    depends_on:
+      - prosody
+    networks:
+      meet.jitsi:
+
+  # Video bridge
+  jvb:
+    image: jitsi/jvb:latest
+    restart: always
+    ports:
+      - '10000:10000/udp'
+      - '4443:4443'
+    volumes:
+      - /opt/jitsi/jvb:/config:Z
+    environment:
+      - DOCKER_HOST_ADDRESS=${LOCAL_IP}
+      - XMPP_AUTH_DOMAIN=meet.jitsi
+      - XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+      - XMPP_SERVER=xmpp.meet.jitsi
+      - JVB_AUTH_USER=jvb
+      - JVB_AUTH_PASSWORD
+      - JVB_BREWERY_MUC=jvbbrewery
+      - JVB_PORT=10000
+      - JVB_TCP_HARVESTER_DISABLED=true
+      - JVB_TCP_PORT=4443
+      - JVB_TCP_MAPPED_PORT=4443
+      - JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
+      - JVB_ENABLE_APIS=
+      - PUBLIC_URL=https://comms.${DOMAIN}
+      - TZ=UTC
+    depends_on:
+      - prosody
+    networks:
+      meet.jitsi:
+        aliases:
+          - jvb.meet.jitsi
+
 
   db:
     image: mariadb
@@ -182,7 +303,6 @@ services:
       - nextcloud
       - gitea
       - collabora
-      - cadvisor
       - pinry
     ports:
       - 80:80
@@ -205,7 +325,6 @@ volumes:
   monica-public:
   monica-data:
   nextcloud:
-  #certs:
   dashboard:
   pinry:
 
@@ -213,3 +332,4 @@ networks:
   db:
   nginx:
   redis:
+  meet.jitsi:
diff --git a/nextcloud/config/config.php b/nextcloud/config/config.php
index 9aef3a4..2c23e98 100755
--- a/nextcloud/config/config.php
+++ b/nextcloud/config/config.php
@@ -18,7 +18,7 @@ $CONFIG = [
  */
 'trusted_domains' =>
    [
-    'tower.scarif.local',
+    'tower.scarif.space',
   ],
 
 /**
diff --git a/nginx.conf b/nginx.conf
index a5c3a36..648840b 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -482,6 +482,26 @@ http {
         }
     }
 
+    upstream jitsi-handler {
+        server jitsi:80;
+    }
+
+    server {
+        listen 443 ssl http2;
+
+        ssl_certificate /etc/nginx/certs/scarif.space.crt;
+        ssl_certificate_key /etc/nginx/certs/scarif.space.key;
+
+        gzip_types text/plain text/css application/json application/x-javascript
+                   text/xml application/xml application/xml+rss text/javascript;
+
+        server_name comms.scarif.space;
+
+        location / {
+            proxy_pass http://jitsi-handler;
+        }
+    }
+
     server {
         listen 80 default_server;
         listen [::]:80 default_server;