fa9aca784d
We are currently running an all in one jitsi meet service at meetpad.opendev.org due to connectivity issues for colibri websockets to the jvb servers. Before we open these up we need to configure the http server for websockets on the jvbs to do tls as they are on different hosts. Note it isn't entirely clear yet if a randomly generated keystore is sufficient for the needs of the jvb colibri websocket system. If not we may need to convert an LE provisioned cert and key pair into a keystore. Change-Id: Ifbca19f1c112e30ee45975112863fc808db39fc9
160 lines
4.7 KiB
YAML
160 lines
4.7 KiB
YAML
# Based on https://github.com/jitsi/docker-jitsi-meet/blob/stable-7648-4/docker-compose.yml
|
|
# Licensed under the ASL v2.
|
|
|
|
version: '3.5'
|
|
|
|
services:
|
|
# Frontend
|
|
web:
|
|
image: docker.io/jitsi/web:stable
|
|
restart: ${RESTART_POLICY:-unless-stopped}
|
|
network_mode: host
|
|
volumes:
|
|
- ${CONFIG}/web:/config
|
|
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
|
|
- ${DEFAULTS}/web/interface_config.js:/defaults/interface_config.js
|
|
- ${DEFAULTS}/web/nginx/meet.conf:/defaults/meet.conf
|
|
- ${DEFAULTS}/web/settings-config.js:/defaults/settings-config.js
|
|
environment:
|
|
- ENABLE_AUTH
|
|
- ENABLE_GUESTS
|
|
- ENABLE_LETSENCRYPT
|
|
- ENABLE_HTTP_REDIRECT
|
|
- ENABLE_TRANSCRIPTIONS
|
|
- ENABLE_P2P
|
|
- DISABLE_HTTPS
|
|
- JICOFO_AUTH_USER
|
|
- LETSENCRYPT_DOMAIN
|
|
- LETSENCRYPT_EMAIL
|
|
- PUBLIC_URL
|
|
- ENABLE_XMPP_WEBSOCKET
|
|
- XMPP_DOMAIN
|
|
- XMPP_AUTH_DOMAIN
|
|
- XMPP_BOSH_URL_BASE
|
|
- XMPP_GUEST_DOMAIN
|
|
- XMPP_MUC_DOMAIN
|
|
- XMPP_RECORDER_DOMAIN
|
|
- ETHERPAD_URL_BASE
|
|
- TZ
|
|
- JIBRI_BREWERY_MUC
|
|
- JIBRI_PENDING_TIMEOUT
|
|
- JIBRI_XMPP_USER
|
|
- JIBRI_XMPP_PASSWORD
|
|
- JIBRI_RECORDER_USER
|
|
- JIBRI_RECORDER_PASSWORD
|
|
- ENABLE_RECORDING
|
|
- START_AUDIO_MUTED
|
|
- START_VIDEO_MUTED
|
|
|
|
# XMPP server
|
|
prosody:
|
|
image: docker.io/jitsi/prosody:stable
|
|
restart: ${RESTART_POLICY:-unless-stopped}
|
|
network_mode: host
|
|
volumes:
|
|
- ${CONFIG}/prosody:/config
|
|
environment:
|
|
- AUTH_TYPE
|
|
- ENABLE_AUTH
|
|
- ENABLE_GUESTS
|
|
- GLOBAL_MODULES
|
|
- GLOBAL_CONFIG
|
|
- LDAP_URL
|
|
- LDAP_BASE
|
|
- LDAP_BINDDN
|
|
- LDAP_BINDPW
|
|
- LDAP_FILTER
|
|
- LDAP_AUTH_METHOD
|
|
- LDAP_VERSION
|
|
- LDAP_USE_TLS
|
|
- LDAP_TLS_CIPHERS
|
|
- LDAP_TLS_CHECK_PEER
|
|
- LDAP_TLS_CACERT_FILE
|
|
- LDAP_TLS_CACERT_DIR
|
|
- LDAP_START_TLS
|
|
- ENABLE_XMPP_WEBSOCKET
|
|
- XMPP_DOMAIN
|
|
- XMPP_AUTH_DOMAIN
|
|
- XMPP_GUEST_DOMAIN
|
|
- XMPP_MUC_DOMAIN
|
|
- XMPP_INTERNAL_MUC_DOMAIN
|
|
- XMPP_MODULES
|
|
- XMPP_MUC_MODULES
|
|
- XMPP_INTERNAL_MUC_MODULES
|
|
- XMPP_RECORDER_DOMAIN
|
|
- JICOFO_COMPONENT_SECRET
|
|
- JICOFO_AUTH_USER
|
|
- JICOFO_AUTH_PASSWORD
|
|
- JVB_AUTH_USER
|
|
- JVB_AUTH_PASSWORD
|
|
- JIGASI_XMPP_USER
|
|
- JIGASI_XMPP_PASSWORD
|
|
- JIBRI_XMPP_USER
|
|
- JIBRI_XMPP_PASSWORD
|
|
- JIBRI_RECORDER_USER
|
|
- JIBRI_RECORDER_PASSWORD
|
|
- JWT_APP_ID
|
|
- JWT_APP_SECRET
|
|
- JWT_ACCEPTED_ISSUERS
|
|
- JWT_ACCEPTED_AUDIENCES
|
|
- JWT_ASAP_KEYSERVER
|
|
- JWT_ALLOW_EMPTY
|
|
- JWT_AUTH_TYPE
|
|
- JWT_TOKEN_AUTH_MODULE
|
|
- LOG_LEVEL
|
|
- TZ
|
|
|
|
# Focus component
|
|
jicofo:
|
|
image: docker.io/jitsi/jicofo:stable
|
|
restart: ${RESTART_POLICY:-unless-stopped}
|
|
network_mode: host
|
|
volumes:
|
|
- ${CONFIG}/jicofo:/config
|
|
environment:
|
|
- ENABLE_AUTH
|
|
- XMPP_DOMAIN
|
|
- XMPP_AUTH_DOMAIN
|
|
- XMPP_INTERNAL_MUC_DOMAIN
|
|
- XMPP_SERVER
|
|
- JICOFO_COMPONENT_SECRET
|
|
- JICOFO_AUTH_USER
|
|
- JICOFO_AUTH_PASSWORD
|
|
- JICOFO_RESERVATION_REST_BASE_URL
|
|
- JVB_BREWERY_MUC
|
|
- JIGASI_BREWERY_MUC
|
|
- JIBRI_BREWERY_MUC
|
|
- JIBRI_PENDING_TIMEOUT
|
|
- TZ
|
|
depends_on:
|
|
- prosody
|
|
|
|
# Video bridge
|
|
jvb:
|
|
image: docker.io/jitsi/jvb:stable
|
|
restart: ${RESTART_POLICY:-unless-stopped}
|
|
network_mode: host
|
|
volumes:
|
|
- ${CONFIG}/jvb:/config
|
|
- ${DEFAULTS}/jvb/jvb.conf:/defaults/jvb.conf
|
|
environment:
|
|
- DOCKER_HOST_ADDRESS
|
|
- PUBLIC_URL
|
|
- XMPP_AUTH_DOMAIN
|
|
- XMPP_INTERNAL_MUC_DOMAIN
|
|
- XMPP_SERVER
|
|
- JVB_AUTH_USER
|
|
- JVB_AUTH_PASSWORD
|
|
- JVB_BREWERY_MUC
|
|
- JVB_PORT
|
|
- JVB_TCP_HARVESTER_DISABLED
|
|
- JVB_TCP_PORT
|
|
- JVB_STUN_SERVERS
|
|
- JVB_ENABLE_APIS
|
|
- JVB_KEYSTORE_PATH
|
|
- JVB_KEYSTORE_PASSWORD
|
|
- JVB_WS_SERVER_ID
|
|
- TZ
|
|
depends_on:
|
|
- prosody
|