More sane jitsi config

master
Meliurwen 3 years ago
parent 5809c3920f
commit fe8736a48f
Signed by: meliurwen
GPG Key ID: 818A8B35E9F1CE10
  1. 61
      .env.example
  2. 1
      .gitignore
  3. 104
      docker-compose.yml
  4. 2
      jicofo-jvb.env.example
  5. 2
      prosody-jicofo-jvb.env.example
  6. 9
      prosody-jicofo.env.example
  7. 7
      prosody-jvb.env.example
  8. 12
      web-prosody-jicofo.env.example
  9. 10
      web-prosody.env.example
  10. 5
      web.env.example

@ -26,68 +26,17 @@ JVB_TAG=
JVB_CONTAINER_NAME= JVB_CONTAINER_NAME=
JVB_RESTART= JVB_RESTART=
# Media port # Media port
JVB_PORT=10000 JVB_PORT=
JVB_TCP_PORT=4443
# Public URL for the web service (required) # Public URL for the web service (required)
PUBLIC_URL=https://sub.domain.tld PUBLIC_URL=https://sub.domain.tld
#
# Security
#
# - Set these to strong passwords to avoid intruders from impersonating a
# service account.
# - The service(s) won't start unless these are specified.
# - Running ./gen-passwords.sh will update .env with strong passwords.
# - You may skip the Jigasi and Jibri passwords if you are not using those.
# - DO NOT reuse passwords.
#
# Prosody (XMPP Server) and Jicofo (Focus Component)
#
# XMPP component password for Jicofo
JICOFO_COMPONENT_SECRET=
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
#
# Prosody (XMPP Server) and Jvb (Video Bridge)
#
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
#
# Authentication configuration (see handbook for details)
#
# Enable authentication
ENABLE_AUTH=1
# Enable guest access
ENABLE_GUESTS=1
# Select authentication type: internal, jwt or ldap
AUTH_TYPE=internal
# #
# Advanced configuration options (you generally don't need to change these) # Advanced configuration options (you generally don't need to change these)
# #
# Internal XMPP domain
XMPP_DOMAIN=meet.jitsi
# Internal XMPP server # Internal XMPP server
XMPP_SERVER=xmpp.meet.jitsi XMPP_SERVER=
# Internal XMPP domain for authenticated services # Internal XMPP domain for authenticated services
XMPP_AUTH_DOMAIN=auth.meet.jitsi XMPP_AUTH_DOMAIN=
# XMPP domain for the MUC # Internal XMPP server URL
XMPP_MUC_DOMAIN=muc.meet.jitsi XMPP_BOSH_URL_BASE=
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery
# XMPP user for JVB client connections
JVB_AUTH_USER=jvb
# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER=focus
# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi

1
.gitignore vendored

@ -1 +1,2 @@
*.env *.env
vol/

@ -7,33 +7,26 @@ services:
restart: ${WEB_RESTART:-unless-stopped} restart: ${WEB_RESTART:-unless-stopped}
expose: expose:
- "80" - "80"
- "8443" - "443"
networks: networks:
meet.jitsi: meet.jitsi:
aliases:
- ${XMPP_DOMAIN}
webservices: webservices:
volumes: volumes:
- ${LOCAL_STACK_DIR}/web:/config:Z - ${LOCAL_STACK_DIR:-./vol}/web:/config:Z
- ${LOCAL_STACK_DIR}/transcripts:/usr/share/jitsi-meet/transcripts:Z - ${LOCAL_STACK_DIR:-./vol}/transcripts:/usr/share/jitsi-meet/transcripts:Z
- ${LOCAL_STACK_DIR}/web/custom/images:/usr/share/jitsi-meet/images:ro - ${LOCAL_STACK_DIR:-./vol}/web/custom/images:/usr/share/jitsi-meet/images:ro
- ${LOCAL_STACK_DIR}/web/custom/title.html:/usr/share/jitsi-meet/title.html:ro - ${LOCAL_STACK_DIR:-./vol}/web/custom/title.html:/usr/share/jitsi-meet/title.html:ro
- ${LOCAL_STACK_DIR}/web/custom/body.html:/usr/share/jitsi-meet/body.html:ro - ${LOCAL_STACK_DIR:-./vol}/web/custom/body.html:/usr/share/jitsi-meet/body.html:ro
- ${LOCAL_STACK_DIR}/web/custom/css/custom.css:/usr/share/jitsi-meet/css/custom.css:ro - ${LOCAL_STACK_DIR:-./vol}/web/custom/css/custom.css:/usr/share/jitsi-meet/css/custom.css:ro
env_file: env_file:
- web.env - web.env
- web-prosody-jicofo.env
- web-prosody.env
environment: environment:
- TZ - TZ=${TZ:-Etc/UTC}
- ENABLE_XMPP_WEBSOCKET
- PUBLIC_URL - PUBLIC_URL
- ENABLE_AUTH - XMPP_AUTH_DOMAIN=${XMPP_AUTH_DOMAIN:-auth.meet.jitsi}
- ENABLE_GUESTS - XMPP_BOSH_URL_BASE=${XMPP_BOSH_URL_BASE:-http://xmpp.meet.jitsi:5280}
- JICOFO_AUTH_USER
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
prosody: prosody:
image: ${PRS_IMG:-jitsi/prosody}:${PRS_TAG:-latest} image: ${PRS_IMG:-jitsi/prosody}:${PRS_TAG:-latest}
@ -46,30 +39,21 @@ services:
networks: networks:
meet.jitsi: meet.jitsi:
aliases: aliases:
- ${XMPP_SERVER} - ${XMPP_SERVER:-xmpp.meet.jitsi}
volumes: volumes:
- ${LOCAL_STACK_DIR}/prosody/config:/config:Z - ${LOCAL_STACK_DIR:-./vol}/prosody/config:/config:Z
- ${LOCAL_STACK_DIR}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z - ${LOCAL_STACK_DIR:-./vol}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
env_file: env_file:
- prosody.env - prosody.env
- prosody-jicofo.env
- prosody-jvb.env
- web-prosody-jicofo.env
- web-prosody.env
- prosody-jicofo-jvb.env
environment: environment:
- TZ - TZ=${TZ:-Etc/UTC}
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_PASSWORD
- JVB_AUTH_PASSWORD
- AUTH_TYPE
- ENABLE_AUTH
- ENABLE_GUESTS
- ENABLE_XMPP_WEBSOCKET
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- JICOFO_AUTH_USER
- JVB_AUTH_USER
- PUBLIC_URL - PUBLIC_URL
- XMPP_AUTH_DOMAIN=${XMPP_AUTH_DOMAIN:-auth.meet.jitsi}
jicofo: jicofo:
image: ${JCF_IMG:-jitsi/jicofo}:${JCF_TAG:-latest} image: ${JCF_IMG:-jitsi/jicofo}:${JCF_TAG:-latest}
@ -78,22 +62,17 @@ services:
networks: networks:
meet.jitsi: meet.jitsi:
volumes: volumes:
- ${LOCAL_STACK_DIR}/jicofo:/config:Z - ${LOCAL_STACK_DIR:-./vol}/jicofo:/config:Z
env_file: env_file:
- jicofo.env - jicofo.env
- prosody-jicofo.env
- web-prosody-jicofo.env
- prosody-jicofo-jvb.env
- jicofo-jvb.env
environment: environment:
- TZ - TZ=${TZ:-Etc/UTC}
- JICOFO_COMPONENT_SECRET - XMPP_AUTH_DOMAIN=${XMPP_AUTH_DOMAIN:-auth.meet.jitsi}
- JICOFO_AUTH_PASSWORD - XMPP_SERVER=${XMPP_SERVER:-xmpp.meet.jitsi}
- AUTH_TYPE
- ENABLE_AUTH
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_SERVER
- JICOFO_AUTH_USER
- JVB_BREWERY_MUC
depends_on: depends_on:
- prosody - prosody
@ -102,27 +81,22 @@ services:
container_name: ${JVB_CONTAINER_NAME:-jitsi-jvb} container_name: ${JVB_CONTAINER_NAME:-jitsi-jvb}
restart: ${JVB_RESTART:-unless-stopped} restart: ${JVB_RESTART:-unless-stopped}
ports: ports:
- ${JVB_PORT}:${JVB_PORT}/udp - ${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp
- ${JVB_TCP_PORT}:${JVB_TCP_PORT}
networks: networks:
meet.jitsi: meet.jitsi:
aliases:
- jvb.meet.jitsi
volumes: volumes:
- ${LOCAL_STACK_DIR}/jvb:/config:Z - ${LOCAL_STACK_DIR:-./vol}/jvb:/config:Z
env_file: env_file:
- jvb.env - jvb.env
- prosody-jvb.env
- prosody-jicofo-jvb.env
- jicofo-jvb.env
environment: environment:
- TZ - TZ=${TZ:-Etc/UTC}
- JVB_AUTH_PASSWORD
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- JVB_AUTH_USER
- JVB_BREWERY_MUC
- JVB_TCP_PORT
- JVB_PORT
- PUBLIC_URL - PUBLIC_URL
- XMPP_AUTH_DOMAIN=${XMPP_AUTH_DOMAIN:-auth.meet.jitsi}
- XMPP_SERVER=${XMPP_SERVER:-xmpp.meet.jitsi}
- JVB_PORT=${JVB_PORT:-10000}
depends_on: depends_on:
- prosody - prosody

@ -0,0 +1,2 @@
# MUC for the JVB pool
JVB_BREWERY_MUC=jvbbrewery

@ -0,0 +1,2 @@
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi

@ -0,0 +1,9 @@
# Prosody (XMPP Server) and Jicofo (Focus Component)
#
# XMPP component password for Jicofo
JICOFO_COMPONENT_SECRET=q9jw8pt7v7dplm548yg8uksz0gylemg5
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=q9jw8pt7v7dplm548yg8uksz0gylemg5
# Select authentication type: internal, jwt or ldap
AUTH_TYPE=internal

@ -0,0 +1,7 @@
# Prosody (XMPP Server) and Jvb (Video Bridge)
#
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=9m0elmhpkblm5pwiixdnpkviu0u7slpd
# XMPP user for JVB client connections
JVB_AUTH_USER=jvb

@ -0,0 +1,12 @@
# Enable authentication
ENABLE_AUTH=1
# Internal XMPP domain
XMPP_DOMAIN=meet.jitsi
# XMPP domain for the MUC
XMPP_MUC_DOMAIN=muc.meet.jitsi
# XMPP user for Jicofo client connections.
# NOTE: this option doesn't currently work due to a bug
JICOFO_AUTH_USER=focus

@ -0,0 +1,10 @@
# Enable guest access
ENABLE_GUESTS=1
# XMPP domain for unauthenticated users
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# XMPP domain for the jibri recorder
XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
ENABLE_XMPP_WEBSOCKET=1

@ -8,7 +8,7 @@ ENABLE_LETSENCRYPT=0
#ENABLE_HTTP_REDIRECT=1 #ENABLE_HTTP_REDIRECT=1
# Disable HTTPS: handle TLS connections outside of this setup # Disable HTTPS: handle TLS connections outside of this setup
#DISABLE_HTTPS=1 DISABLE_HTTPS=1
# Domain for which to generate the certificate # Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com #LETSENCRYPT_DOMAIN=meet.example.com
@ -95,8 +95,5 @@ START_VIDEO_MUTED
TESTING_CAP_SCREENSHARE_BITRATE TESTING_CAP_SCREENSHARE_BITRATE
TESTING_OCTO_PROBABILITY TESTING_OCTO_PROBABILITY
# Internal XMPP server URL
XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
# Authenticate using external service or just focus external auth window if there is one already. # Authenticate using external service or just focus external auth window if there is one already.
# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} # TOKEN_AUTH_URL=https://auth.meet.example.com/{room}

Loading…
Cancel
Save