chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add jitsi container

Browse Source
This commit is contained in:
Chris
2020-12-22 18:05:10 +00:00
parent 8629648666
commit 43c869e890
4 changed files with 168 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bootstrap.sh
View File

@@ -52,6 +52,9 @@ chmod +x /app/gitea/gitea
chown -R git /app/gitea/gitea
chown -R git /var/lib/gitea
echo "------- Adding config folders for jitsi -------"
mkdir -p /opt/jitsi/{web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
echo "------- Setting up firewall -------"
ufw default deny incoming
ufw default allow outgoing
@@ -66,3 +69,5 @@ systemctl enable docker --now
docker-compose -f "/opt/scarif/docker-compose.yml" --env-file "/opt/scarif/.env" up -d
# Create a super user for pinry
docker exec -it scarif_pinry_1 python manage.py createsuperuser --settings=pinry.settings.docker
# Create user for jitsi
docker-compose exec prosody prosodyctl --config /config/prosody.cfg.lua register chris meet.jitsi ${USER_PASSWORD}

164
docker-compose.yml
View File

@@ -1,9 +1,9 @@
# Options for building certificates
#x-certs: &certs
# image: paulczar/omgwtfssl
# restart: "no"
# volumes:
# - certs:/certs
x-certs: &certs
image: paulczar/omgwtfssl
restart: "no"
volumes:
- /opt/ssl:/certs
version: "3.4"
@@ -67,8 +67,8 @@ services:
- redis
- nginx
extra_hosts:
- "tower.scarif.local:${LOCAL_IP}"
- "office.scarif.local:${LOCAL_IP}"
- "tower.scarif.space:${LOCAL_IP}"
- "office.scarif.space:${LOCAL_IP}"
collabora:
image: collabora/code
@@ -90,8 +90,8 @@ services:
networks:
- nginx
extra_hosts:
- "tower.scarif.local:${LOCAL_IP}"
- "office.scarif.local:${LOCAL_IP}"
- "tower.scarif.space:${LOCAL_IP}"
- "office.scarif.space:${LOCAL_IP}"
pinry:
image: 'getpinry/pinry'
@@ -133,19 +133,140 @@ services:
depends_on:
- db
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.37.0
jitsi:
image: jitsi/web:latest
restart: always
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
privileged: true
devices:
- /dev/kmsg
- /opt/jitsi/web:/config:Z
- /opt/jitsi/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- ENABLE_LETSENCRYPT=false
- ENABLE_HTTP_REDIRECT=false
- ENABLE_HSTS=false
- ENABLE_XMPP_WEBSOCKET=true
- DISABLE_HTTPS=true
- PUBLIC_URL=https://comms.${DOMAIN}
- TZ=UTC
- ENABLE_AUDIO_PROCESSING=true
- ENABLE_AUTH=true
- ENABLE_GUESTS=true
- ENABLE_LIPSYNC=true
- ENABLE_PREJOIN_PAGE=true
- ENABLE_WELCOME_PAGE=true
- ENABLE_CLOSE_PAGE=true
- ENABLE_REQUIRE_DISPLAY_NAME=false
- ENABLE_TALK_WHILE_MUTED=true
- JICOFO_AUTH_USER=focus
- DISABLE_AUDIO_LEVELS=false
- ENABLE_NOISY_MIC_DETECTION=true
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
- XMPP_DOMAIN=meet.jitsi
- XMPP_GUEST_DOMAIN=guest.meet.jitsi
- XMPP_MUC_DOMAIN=muc.meet.jitsi
- XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
networks:
- nginx
nginx:
meet.jitsi:
# XMPP server
prosody:
image: jitsi/prosody:latest
restart: always
expose:
- '5222'
- '5347'
- '5280'
volumes:
- /opt/jitsi/prosody/config:/config:Z
- /opt/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=true
- ENABLE_GUESTS=true
- ENABLE_LOBBY=true
- ENABLE_XMPP_WEBSOCKET=true
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- XMPP_GUEST_DOMAIN=guest.meet.jitsi
- XMPP_MUC_DOMAIN=muc.meet.jitsi
- XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
- XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER=focus
- JICOFO_AUTH_PASSWORD
- JVB_AUTH_USER=jvb
- JVB_AUTH_PASSWORD
- JIGASI_XMPP_PASSWORD
- JIBRI_XMPP_PASSWORD
- JIBRI_RECORDER_PASSWORD
- PUBLIC_URL=https://comms.${DOMAIN}
- TZ=UTC
networks:
meet.jitsi:
aliases:
- xmpp.meet.jitsi
# Focus component
jicofo:
image: jitsi/jicofo:latest
restart: always
volumes:
- /opt/jitsi/jicofo:/config:Z
environment:
- AUTH_TYPE=internal
- ENABLE_AUTH=true
- XMPP_DOMAIN=meet.jitsi
- XMPP_AUTH_DOMAIN=auth.meet.jitsi
- XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
- XMPP_MUC_DOMAIN=muc.meet.jitsi
- XMPP_SERVER=xmpp.meet.jitsi
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER=focus
- JICOFO_AUTH_PASSWORD
- JVB_BREWERY_MUC=jvbbrewery
- JIGASI_BREWERY_MUC=jigasibrewery
- JIBRI_BREWERY_MUC=jibribrewery
- JIBRI_PENDING_TIMEOUT=90
- TZ=UTC
depends_on:
- prosody
networks:
meet.jitsi:
# Video bridge
jvb:
image: jitsi/jvb:latest
restart: always
ports:
- '10000:10000/udp'
- '4443:4443'
volumes:
- /opt/jitsi/jvb:/config:Z
environment:
- DOCKER_HOST_ADDRESS=${LOCAL_IP}
- XMPP_AUTH_DOMAIN=meet.jitsi
- XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
- XMPP_SERVER=xmpp.meet.jitsi
- JVB_AUTH_USER=jvb
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC=jvbbrewery
- JVB_PORT=10000
- JVB_TCP_HARVESTER_DISABLED=true
- JVB_TCP_PORT=4443
- JVB_TCP_MAPPED_PORT=4443
- JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
- JVB_ENABLE_APIS=
- PUBLIC_URL=https://comms.${DOMAIN}
- TZ=UTC
depends_on:
- prosody
networks:
meet.jitsi:
aliases:
- jvb.meet.jitsi
db:
image: mariadb
@@ -182,7 +303,6 @@ services:
- nextcloud
- gitea
- collabora
- cadvisor
- pinry
ports:
- 80:80
@@ -205,7 +325,6 @@ volumes:
monica-public:
monica-data:
nextcloud:
#certs:
dashboard:
pinry:
@@ -213,3 +332,4 @@ networks:
db:
nginx:
redis:
meet.jitsi:

2
nextcloud/config/config.php
View File

@@ -18,7 +18,7 @@ $CONFIG = [
*/
'trusted_domains' =>
[
'tower.scarif.local',
'tower.scarif.space',
],
/**

20
nginx.conf
View File

@@ -482,6 +482,26 @@ http {
}
}
upstream jitsi-handler {
server jitsi:80;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/scarif.space.crt;
ssl_certificate_key /etc/nginx/certs/scarif.space.key;
gzip_types text/plain text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server_name comms.scarif.space;
location / {
proxy_pass http://jitsi-handler;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;