master
commit
3e9e6f8b53
@ -0,0 +1,92 @@ |
||||
# Global Settings |
||||
LOCAL_STACK_DIR=/srv/docker/volumes/jitsi-meet |
||||
TZ=Europe/Berlin |
||||
|
||||
# Jitsi Web Frontend |
||||
WEB_IMG= |
||||
WEB_TAG= |
||||
WEB_CONTAINER_NAME= |
||||
WEB_RESTART= |
||||
|
||||
# Prosody (XMPP Server) |
||||
PRS_IMG= |
||||
PRS_TAG= |
||||
PRS_CONTAINER_NAME= |
||||
PRS_RESTART= |
||||
|
||||
# Jicofo (Focus Component) |
||||
JCF_IMG= |
||||
JCF_TAG= |
||||
JCF_CONTAINER_NAME= |
||||
JCF_RESTART= |
||||
|
||||
# Jvb (Video Bridge) |
||||
JVB_IMG= |
||||
JVB_TAG= |
||||
JVB_CONTAINER_NAME= |
||||
JVB_RESTART= |
||||
# Media port |
||||
JVB_PORT=10000 |
||||
|
||||
# Public URL for the web service (required) |
||||
PUBLIC_URL=https://sub.domain.tld |
||||
|
||||
# |
||||
# Security |
||||
# |
||||
# - Set these to strong passwords to avoid intruders from impersonating a |
||||
# service account. |
||||
# - The service(s) won't start unless these are specified. |
||||
# - Running ./gen-passwords.sh will update .env with strong passwords. |
||||
# - You may skip the Jigasi and Jibri passwords if you are not using those. |
||||
# - DO NOT reuse passwords. |
||||
# |
||||
# Prosody (XMPP Server) and Jicofo (Focus Component) |
||||
# |
||||
# XMPP component password for Jicofo |
||||
JICOFO_COMPONENT_SECRET= |
||||
# XMPP password for Jicofo client connections |
||||
JICOFO_AUTH_PASSWORD= |
||||
# |
||||
# Prosody (XMPP Server) and Jvb (Video Bridge) |
||||
# |
||||
# XMPP password for JVB client connections |
||||
JVB_AUTH_PASSWORD= |
||||
|
||||
# |
||||
# Authentication configuration (see handbook for details) |
||||
# |
||||
# Enable authentication |
||||
ENABLE_AUTH=1 |
||||
# Enable guest access |
||||
ENABLE_GUESTS=1 |
||||
# Select authentication type: internal, jwt or ldap |
||||
AUTH_TYPE=internal |
||||
|
||||
# |
||||
# Advanced configuration options (you generally don't need to change these) |
||||
# |
||||
# Internal XMPP domain |
||||
XMPP_DOMAIN=meet.jitsi |
||||
# Internal XMPP server |
||||
XMPP_SERVER=xmpp.meet.jitsi |
||||
# Internal XMPP domain for authenticated services |
||||
XMPP_AUTH_DOMAIN=auth.meet.jitsi |
||||
# XMPP domain for the MUC |
||||
XMPP_MUC_DOMAIN=muc.meet.jitsi |
||||
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools |
||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi |
||||
# XMPP domain for unauthenticated users |
||||
XMPP_GUEST_DOMAIN=guest.meet.jitsi |
||||
|
||||
# MUC for the JVB pool |
||||
JVB_BREWERY_MUC=jvbbrewery |
||||
# XMPP user for JVB client connections |
||||
JVB_AUTH_USER=jvb |
||||
|
||||
# XMPP user for Jicofo client connections. |
||||
# NOTE: this option doesn't currently work due to a bug |
||||
JICOFO_AUTH_USER=focus |
||||
|
||||
# XMPP domain for the jibri recorder |
||||
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi |
@ -0,0 +1 @@ |
||||
*.env |
@ -0,0 +1,131 @@ |
||||
version: "3" |
||||
|
||||
services: |
||||
web: |
||||
image: ${WEB_IMG:-jitsi/web}:${WEB_TAG:-latest} |
||||
container_name: ${WEB_CONTAINER_NAME:-jitsi-web} |
||||
restart: ${WEB_RESTART:-unless-stopped} |
||||
expose: |
||||
- "80" |
||||
- "8443" |
||||
networks: |
||||
meet.jitsi: |
||||
aliases: |
||||
- ${XMPP_DOMAIN} |
||||
webservices: |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR}/web:/config:Z |
||||
- ${LOCAL_STACK_DIR}/transcripts:/usr/share/jitsi-meet/transcripts:Z |
||||
- ${LOCAL_STACK_DIR}/web/custom/images:/usr/share/jitsi-meet/images:ro |
||||
- ${LOCAL_STACK_DIR}/web/custom/title.html:/usr/share/jitsi-meet/title.html:ro |
||||
env_file: |
||||
- web.env |
||||
environment: |
||||
- TZ |
||||
- ENABLE_XMPP_WEBSOCKET |
||||
- PUBLIC_URL |
||||
- ENABLE_AUTH |
||||
- ENABLE_GUESTS |
||||
- JICOFO_AUTH_USER |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_DOMAIN |
||||
- XMPP_GUEST_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_RECORDER_DOMAIN |
||||
|
||||
prosody: |
||||
image: ${PRS_IMG:-jitsi/prosody}:${PRS_TAG:-latest} |
||||
container_name: ${PRS_CONTAINER_NAME:-jitsi-prosody} |
||||
restart: ${PRS_RESTART:-unless-stopped} |
||||
expose: |
||||
- "5222" |
||||
- "5347" |
||||
- "5280" |
||||
networks: |
||||
meet.jitsi: |
||||
aliases: |
||||
- ${XMPP_SERVER} |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR}/prosody/config:/config:Z |
||||
- ${LOCAL_STACK_DIR}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z |
||||
env_file: |
||||
- prosody.env |
||||
environment: |
||||
- TZ |
||||
- JICOFO_COMPONENT_SECRET |
||||
- JICOFO_AUTH_PASSWORD |
||||
- JVB_AUTH_PASSWORD |
||||
- AUTH_TYPE |
||||
- ENABLE_AUTH |
||||
- ENABLE_GUESTS |
||||
- ENABLE_XMPP_WEBSOCKET |
||||
- XMPP_DOMAIN |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_GUEST_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_RECORDER_DOMAIN |
||||
- JICOFO_AUTH_USER |
||||
- JVB_AUTH_USER |
||||
- PUBLIC_URL |
||||
|
||||
jicofo: |
||||
image: ${JCF_IMG:-jitsi/jicofo}:${JCF_TAG:-latest} |
||||
container_name: ${JCF_CONTAINER_NAME:-jitsi-jicofo} |
||||
restart: ${JCF_RESTART:-unless-stopped} |
||||
networks: |
||||
meet.jitsi: |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR}/jicofo:/config:Z |
||||
env_file: |
||||
- jicofo.env |
||||
environment: |
||||
- TZ |
||||
- JICOFO_COMPONENT_SECRET |
||||
- JICOFO_AUTH_PASSWORD |
||||
- AUTH_TYPE |
||||
- ENABLE_AUTH |
||||
- XMPP_DOMAIN |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_MUC_DOMAIN |
||||
- XMPP_SERVER |
||||
- JICOFO_AUTH_USER |
||||
- JVB_BREWERY_MUC |
||||
depends_on: |
||||
- prosody |
||||
|
||||
jvb: |
||||
image: ${JVB_IMG:-jitsi/jvb}:${JVB_TAG:-latest} |
||||
container_name: ${JVB_CONTAINER_NAME:-jitsi-jvb} |
||||
restart: ${JVB_RESTART:-unless-stopped} |
||||
ports: |
||||
- "${JVB_PORT}:${JVB_PORT}/udp" |
||||
- "${JVB_TCP_PORT}:${JVB_TCP_PORT}" |
||||
networks: |
||||
meet.jitsi: |
||||
aliases: |
||||
- jvb.meet.jitsi |
||||
volumes: |
||||
- ${LOCAL_STACK_DIR}/jvb:/config:Z |
||||
env_file: |
||||
- jvb.env |
||||
environment: |
||||
- TZ |
||||
- JVB_AUTH_PASSWORD |
||||
- XMPP_AUTH_DOMAIN |
||||
- XMPP_INTERNAL_MUC_DOMAIN |
||||
- XMPP_SERVER |
||||
- JVB_AUTH_USER |
||||
- JVB_BREWERY_MUC |
||||
- JVB_PORT |
||||
- PUBLIC_URL |
||||
depends_on: |
||||
- prosody |
||||
|
||||
# Custom network so all services can communicate using a FQDN |
||||
networks: |
||||
meet.jitsi: |
||||
webservices: |
||||
external: |
||||
name: webservices |
@ -0,0 +1,21 @@ |
||||
#!/bin/bash |
||||
|
||||
function generatePassword() { |
||||
openssl rand -hex 16 |
||||
} |
||||
|
||||
JICOFO_COMPONENT_SECRET=$(generatePassword) |
||||
JICOFO_AUTH_PASSWORD=$(generatePassword) |
||||
JVB_AUTH_PASSWORD=$(generatePassword) |
||||
JIGASI_XMPP_PASSWORD=$(generatePassword) |
||||
JIBRI_RECORDER_PASSWORD=$(generatePassword) |
||||
JIBRI_XMPP_PASSWORD=$(generatePassword) |
||||
|
||||
sed -i.bak \ |
||||
-e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \ |
||||
-e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \ |
||||
-e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \ |
||||
-e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \ |
||||
-e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \ |
||||
-e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \ |
||||
"$(dirname "$0")/*.env" |
@ -0,0 +1,19 @@ |
||||
|
||||
# Base URL of Jicofo's reservation REST API |
||||
#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com |
||||
# MUC name for the Jigasi pool |
||||
JIGASI_BREWERY_MUC=jigasibrewery |
||||
|
||||
# SIP URI for incoming / outgoing calls |
||||
#JIGASI_SIP_URI=test@sip2sip.info |
||||
|
||||
# MUC name for the Jibri pool |
||||
JIBRI_BREWERY_MUC=jibribrewery |
||||
|
||||
# MUC connection timeout |
||||
JIBRI_PENDING_TIMEOUT=90 |
||||
|
||||
# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health) |
||||
#JICOFO_ENABLE_HEALTH_CHECKS=true |
||||
|
||||
JICOFO_MAX_MEMORY=500m |
@ -0,0 +1,19 @@ |
||||
|
||||
# IP address of the Docker host |
||||
# See the "Running behind NAT or on a LAN environment" section in the Handbook: |
||||
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment |
||||
#DOCKER_HOST_ADDRESS=192.168.1.1 |
||||
# TCP Fallback for Jitsi Videobridge for when UDP isn't available |
||||
JVB_TCP_HARVESTER_DISABLED=true |
||||
JVB_TCP_PORT=4443 |
||||
JVB_TCP_MAPPED_PORT=4443 |
||||
# STUN servers used to discover the server's public IP |
||||
JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 |
||||
# A comma separated list of APIs to enable when the JVB is started [default: none] |
||||
# See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information |
||||
#JVB_ENABLE_APIS=rest,colibri |
||||
|
||||
JVB_WS_DOMAIN |
||||
JVB_WS_SERVER_ID |
||||
|
||||
VIDEOBRIDGE_MAX_MEMORY=500m |
@ -0,0 +1,116 @@ |
||||
|
||||
|
||||
# Control whether the lobby feature should be enabled or not |
||||
ENABLE_LOBBY=1 |
||||
|
||||
GLOBAL_MODULES |
||||
GLOBAL_CONFIG |
||||
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) |
||||
# |
||||
|
||||
# LDAP url for connection |
||||
#LDAP_URL=ldaps://ldap.domain.com/ |
||||
|
||||
# LDAP base DN. Can be empty |
||||
#LDAP_BASE=DC=example,DC=domain,DC=com |
||||
|
||||
# LDAP user DN. Do not specify this parameter for the anonymous bind |
||||
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com |
||||
|
||||
# LDAP user password. Do not specify this parameter for the anonymous bind |
||||
#LDAP_BINDPW=LdapUserPassw0rd |
||||
|
||||
# LDAP filter. Tokens example: |
||||
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail |
||||
# %s - %s is replaced by the complete service string |
||||
# %r - %r is replaced by the complete realm string |
||||
#LDAP_FILTER=(sAMAccountName=%u) |
||||
|
||||
# LDAP authentication method |
||||
#LDAP_AUTH_METHOD=bind |
||||
|
||||
# LDAP version |
||||
#LDAP_VERSION=3 |
||||
|
||||
# LDAP TLS using |
||||
#LDAP_USE_TLS=1 |
||||
|
||||
# List of SSL/TLS ciphers to allow |
||||
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC |
||||
|
||||
# Require and verify server certificate |
||||
#LDAP_TLS_CHECK_PEER=1 |
||||
|
||||
# Path to CA cert file. Used when server certificate verify is enabled |
||||
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt |
||||
|
||||
# Path to CA certs directory. Used when server certificate verify is enabled |
||||
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs |
||||
|
||||
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// |
||||
# LDAP_START_TLS=1 |
||||
|
||||
# Custom Prosody modules for XMPP_DOMAIN (comma separated) |
||||
XMPP_MODULES= |
||||
|
||||
# Custom Prosody modules for MUC component (comma separated) |
||||
XMPP_MUC_MODULES= |
||||
|
||||
# Custom Prosody modules for internal MUC component (comma separated) |
||||
XMPP_INTERNAL_MUC_MODULES= |
||||
|
||||
# XMPP user for Jigasi MUC client connections |
||||
JIGASI_XMPP_USER=jigasi |
||||
|
||||
# XMPP password for Jigasi MUC client connections |
||||
JIGASI_XMPP_PASSWORD= |
||||
|
||||
|
||||
# XMPP user for Jibri client connections |
||||
JIBRI_XMPP_USER=jibri |
||||
# XMPP password for Jibri client connections |
||||
JIBRI_XMPP_PASSWORD= |
||||
# XMPP recorder user for Jibri client connections |
||||
JIBRI_RECORDER_USER=recorder |
||||
# XMPP recorder password for Jibri client connections |
||||
JIBRI_RECORDER_PASSWORD= |
||||
|
||||
# Directory for recordings inside Jibri container |
||||
JIBRI_RECORDING_DIR=/config/recordings |
||||
|
||||
# The finalizing script. Will run after recording is complete |
||||
JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh |
||||
|
||||
# When jibri gets a request to start a service for a room, the room |
||||
# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain |
||||
# We'll build the url for the call by transforming that into: |
||||
# https://xmpp_domain/subdomain/roomName |
||||
# So if there are any prefixes in the jid (like jitsi meet, which |
||||
# has its participants join a muc at conference.xmpp_domain) then |
||||
# list that prefix here so it can be stripped out to generate |
||||
# the call url correctly |
||||
#JIBRI_STRIP_DOMAIN_JID=muc |
||||
|
||||
# Directory for logs inside Jibri container |
||||
#JIBRI_LOGS_DIR=/config/logs |
||||
|
||||
# JWT authentication |
||||
# |
||||
|
||||
# Application identifier |
||||
#JWT_APP_ID=my_jitsi_app_id |
||||
|
||||
# Application secret known only to your token |
||||
#JWT_APP_SECRET=my_jitsi_app_secret |
||||
|
||||
# (Optional) Set asap_accepted_issuers as a comma separated list |
||||
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client |
||||
|
||||
# (Optional) Set asap_accepted_audiences as a comma separated list |
||||
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 |
||||
|
||||
JWT_ASAP_KEYSERVER |
||||
JWT_ALLOW_EMPTY |
||||
JWT_AUTH_TYPE |
||||
JWT_TOKEN_AUTH_MODULE |
||||
LOG_LEVEL |
@ -0,0 +1,102 @@ |
||||
APP_NAME="Jitsi Meet" |
||||
|
||||
# Enable Let's Encrypt certificate generation |
||||
ENABLE_LETSENCRYPT=0 |
||||
|
||||
# Redirect HTTP traffic to HTTPS |
||||
# Necessary for Let's Encrypt, relies on standard HTTPS port (443) |
||||
#ENABLE_HTTP_REDIRECT=1 |
||||
|
||||
# Disable HTTPS: handle TLS connections outside of this setup |
||||
#DISABLE_HTTPS=1 |
||||
|
||||
# Domain for which to generate the certificate |
||||
#LETSENCRYPT_DOMAIN=meet.example.com |
||||
|
||||
# Use the staging server (for avoiding rate limits while testing) |
||||
#LETSENCRYPT_USE_STAGING=1 |
||||
|
||||
# Reverse-proxy and certbot |
||||
VIRTUAL_HOST=sub.domain.tld |
||||
VIRTUAL_PORT=80 |
||||
LETSENCRYPT_HOST=sub.domain.tld |
||||
LETSENCRYPT_EMAIL=account@domain.tld |
||||
|
||||
# |
||||
# Stuff to sort out |
||||
# |
||||
AMPLITUDE_ID |
||||
ANALYTICS_SCRIPT_URLS |
||||
ANALYTICS_WHITELISTED_EVENTS |
||||
BRIDGE_CHANNEL |
||||
BRANDING_DATA_URL |
||||
CALLSTATS_CUSTOM_SCRIPT_URL |
||||
CALLSTATS_ID |
||||
CALLSTATS_SECRET |
||||
CHROME_EXTENSION_BANNER_JSON |
||||
CONFCODE_URL |
||||
CONFIG_EXTERNAL_CONNECT |
||||
DEPLOYMENTINFO_ENVIRONMENT |
||||
DEPLOYMENTINFO_ENVIRONMENT_TYPE |
||||
DEPLOYMENTINFO_USERREGION |
||||
DIALIN_NUMBERS_URL |
||||
DIALOUT_AUTH_URL |
||||
DIALOUT_CODES_URL |
||||
DROPBOX_APPKEY |
||||
DROPBOX_REDIRECT_URI |
||||
ENABLE_AUDIO_PROCESSING |
||||
ENABLE_CALENDAR |
||||
ENABLE_FILE_RECORDING_SERVICE |
||||
ENABLE_FILE_RECORDING_SERVICE_SHARING |
||||
ENABLE_IPV6 |
||||
ENABLE_LIPSYNC |
||||
ENABLE_NO_AUDIO_DETECTION |
||||
ENABLE_P2P |
||||
|
||||
# Show a prejoin page before entering a conference |
||||
ENABLE_PREJOIN_PAGE=1 |
||||
# Enable recording |
||||
ENABLE_RECORDING=0 |
||||
|
||||
ENABLE_REMB |
||||
ENABLE_REQUIRE_DISPLAY_NAME |
||||
ENABLE_SIMULCAST |
||||
ENABLE_STATS_ID |
||||
ENABLE_STEREO |
||||
ENABLE_SUBDOMAINS |
||||
ENABLE_TALK_WHILE_MUTED |
||||
ENABLE_TCC |
||||
|
||||
# Enable Jigasi transcription |
||||
ENABLE_TRANSCRIPTIONS=0 |
||||
|
||||
# Set etherpad-lite public URL (uncomment to enable) |
||||
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain |
||||
|
||||
# Set etherpad-lite URL in docker local network (uncomment to enable) |
||||
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 |
||||
GOOGLE_ANALYTICS_ID |
||||
GOOGLE_API_APP_CLIENT_ID |
||||
INVITE_SERVICE_URL |
||||
|
||||
MATOMO_ENDPOINT |
||||
MATOMO_SITE_ID |
||||
MICROSOFT_API_APP_CLIENT_ID |
||||
NGINX_RESOLVER |
||||
PEOPLE_SEARCH_URL |
||||
RESOLUTION |
||||
RESOLUTION_MIN |
||||
RESOLUTION_WIDTH |
||||
RESOLUTION_WIDTH_MIN |
||||
START_AUDIO_ONLY |
||||
START_AUDIO_MUTED |
||||
START_BITRATE |
||||
START_VIDEO_MUTED |
||||
TESTING_CAP_SCREENSHARE_BITRATE |
||||
TESTING_OCTO_PROBABILITY |
||||
|
||||
# Internal XMPP server URL |
||||
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 |
||||
|
||||
# Authenticate using external service or just focus external auth window if there is one already. |
||||
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} |
Loading…
Reference in new issue