system-config/playbooks/roles/jitsi-meet/files/jitsi-meet-docker/meet-docker-compose.yaml
Clark Boylan fa9aca784d Update colibri for all the JVBs
We are currently running an all in one jitsi meet service at
meetpad.opendev.org due to connectivity issues for colibri websockets to
the jvb servers. Before we open these up we need to configure the http
server for websockets on the jvbs to do tls as they are on different
hosts.

Note it isn't entirely clear yet if a randomly generated keystore is
sufficient for the needs of the jvb colibri websocket system. If not we
may need to convert an LE provisioned cert and key pair into a keystore.

Change-Id: Ifbca19f1c112e30ee45975112863fc808db39fc9
2022-09-16 12:10:00 -07:00

160 lines
4.7 KiB
YAML

# Based on https://github.com/jitsi/docker-jitsi-meet/blob/stable-7648-4/docker-compose.yml
# Licensed under the ASL v2.
version: '3.5'
services:
# Frontend
web:
image: docker.io/jitsi/web:stable
restart: ${RESTART_POLICY:-unless-stopped}
network_mode: host
volumes:
- ${CONFIG}/web:/config
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
- ${DEFAULTS}/web/interface_config.js:/defaults/interface_config.js
- ${DEFAULTS}/web/nginx/meet.conf:/defaults/meet.conf
- ${DEFAULTS}/web/settings-config.js:/defaults/settings-config.js
environment:
- ENABLE_AUTH
- ENABLE_GUESTS
- ENABLE_LETSENCRYPT
- ENABLE_HTTP_REDIRECT
- ENABLE_TRANSCRIPTIONS
- ENABLE_P2P
- DISABLE_HTTPS
- JICOFO_AUTH_USER
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- PUBLIC_URL
- ENABLE_XMPP_WEBSOCKET
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_RECORDER_DOMAIN
- ETHERPAD_URL_BASE
- TZ
- JIBRI_BREWERY_MUC
- JIBRI_PENDING_TIMEOUT
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- ENABLE_RECORDING
- START_AUDIO_MUTED
- START_VIDEO_MUTED
# XMPP server
prosody:
image: docker.io/jitsi/prosody:stable
restart: ${RESTART_POLICY:-unless-stopped}
network_mode: host
volumes:
- ${CONFIG}/prosody:/config
environment:
- AUTH_TYPE
- ENABLE_AUTH
- ENABLE_GUESTS
- GLOBAL_MODULES
- GLOBAL_CONFIG
- LDAP_URL
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_AUTH_METHOD
- LDAP_VERSION
- LDAP_USE_TLS
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- ENABLE_XMPP_WEBSOCKET
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_TOKEN_AUTH_MODULE
- LOG_LEVEL
- TZ
# Focus component
jicofo:
image: docker.io/jitsi/jicofo:stable
restart: ${RESTART_POLICY:-unless-stopped}
network_mode: host
volumes:
- ${CONFIG}/jicofo:/config
environment:
- ENABLE_AUTH
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_RESERVATION_REST_BASE_URL
- JVB_BREWERY_MUC
- JIGASI_BREWERY_MUC
- JIBRI_BREWERY_MUC
- JIBRI_PENDING_TIMEOUT
- TZ
depends_on:
- prosody
# Video bridge
jvb:
image: docker.io/jitsi/jvb:stable
restart: ${RESTART_POLICY:-unless-stopped}
network_mode: host
volumes:
- ${CONFIG}/jvb:/config
- ${DEFAULTS}/jvb/jvb.conf:/defaults/jvb.conf
environment:
- DOCKER_HOST_ADDRESS
- PUBLIC_URL
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_PORT
- JVB_TCP_HARVESTER_DISABLED
- JVB_TCP_PORT
- JVB_STUN_SERVERS
- JVB_ENABLE_APIS
- JVB_KEYSTORE_PATH
- JVB_KEYSTORE_PASSWORD
- JVB_WS_SERVER_ID
- TZ
depends_on:
- prosody