aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2020-03-27 09:03:39 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2020-03-27 09:03:39 +0100
commitfd6e6aa1413602fc11bf79f7cf08120d996b8b3a (patch)
tree5e3b2e7f6ad788ef8a0f785056400442bb4d1cc7
parent08101b82621457195c9a080237913d2c5a30208e (diff)
parenta95017cf1e1761fef1ec029105d1c25f954741d4 (diff)
downloadinfrastructure-fd6e6aa1413602fc11bf79f7cf08120d996b8b3a.tar.gz
infrastructure-fd6e6aa1413602fc11bf79f7cf08120d996b8b3a.zip
Merge branch 'feature/jitsi'
-rw-r--r--.gitignore1
-rw-r--r--consul/configuration/traefik/traefik.toml4
-rw-r--r--docker/jitsi/01_gen_certs.yml8
-rw-r--r--docker/jitsi/02_run.yml36
-rw-r--r--docker/jitsi/README.md26
-rw-r--r--docker/jitsi/dev.env9
-rw-r--r--docker/jitsi/jitsi-certs/.gitignore2
-rw-r--r--docker/jitsi/jitsi-conference-focus/Dockerfile22
-rwxr-xr-xdocker/jitsi/jitsi-conference-focus/jicofo16
-rw-r--r--docker/jitsi/jitsi-front/Dockerfile20
-rw-r--r--docker/jitsi/jitsi-front/config.js517
-rwxr-xr-xdocker/jitsi/jitsi-front/entrypoint.sh38
-rw-r--r--docker/jitsi/jitsi-videobridge/Dockerfile21
-rwxr-xr-xdocker/jitsi/jitsi-videobridge/jvb_run23
-rw-r--r--docker/jitsi/jitsi-xmpp/Dockerfile11
-rw-r--r--docker/jitsi/jitsi-xmpp/external_components.cfg.lua2
-rwxr-xr-xdocker/jitsi/jitsi-xmpp/xmpp_conf42
-rwxr-xr-xdocker/jitsi/jitsi-xmpp/xmpp_gen9
-rwxr-xr-xdocker/jitsi/jitsi-xmpp/xmpp_run19
-rw-r--r--nomad/traefik.hcl5
20 files changed, 824 insertions, 7 deletions
diff --git a/.gitignore b/.gitignore
index 55145d5..189f683 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
*.retry
.git_old/
debug/gladdrinfo
+*.swp
diff --git a/consul/configuration/traefik/traefik.toml b/consul/configuration/traefik/traefik.toml
index ce50532..6145ffb 100644
--- a/consul/configuration/traefik/traefik.toml
+++ b/consul/configuration/traefik/traefik.toml
@@ -36,12 +36,12 @@ defaultEntryPoints = ["http", "https"]
dashboard = true
[consul]
- endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500"
+ endpoint = "172.17.0.1:8500"
watch = true
prefix = "traefik"
[consulCatalog]
- endpoint = "consul.service.2.cluster.deuxfleurs.fr:8500"
+ endpoint = "172.17.0.1:8500"
prefix = "traefik"
domain = "web.deuxfleurs.fr"
exposedByDefault = false
diff --git a/docker/jitsi/01_gen_certs.yml b/docker/jitsi/01_gen_certs.yml
new file mode 100644
index 0000000..8c97384
--- /dev/null
+++ b/docker/jitsi/01_gen_certs.yml
@@ -0,0 +1,8 @@
+version: '3'
+services:
+ jitsi-xmpp:
+ build: ./jitsi-xmpp
+ command: ["/usr/local/bin/xmpp_gen"]
+ volumes: [ './jitsi-certs/:/certs:rw' ]
+ env_file: [ 'dev.env' ]
+
diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml
new file mode 100644
index 0000000..af615a9
--- /dev/null
+++ b/docker/jitsi/02_run.yml
@@ -0,0 +1,36 @@
+version: '3'
+services:
+ jitsi-xmpp:
+ build: ./jitsi-xmpp
+ image: superboum/amd64_jitsi_xmpp:v1
+ network_mode: host
+ ports:
+ - "5222:5222"
+ - "5347:5347"
+ - "5280:5280"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-front:
+ build: ./jitsi-front
+ image: superboum/amd64_jitsi_front:v1
+ network_mode: host
+ ports:
+ - "443:443"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-conference-focus:
+ build: ./jitsi-conference-focus
+ image: superboum/amd64_jitsi_conference_focus:v1
+ network_mode: host
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-videobridge:
+ build: ./jitsi-videobridge
+ image: superboum/amd64_jitsi_videobridge:v1
+ network_mode: host
+ ports:
+ - "4443:4443"
+ - "10000:10000/udp"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+
diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md
new file mode 100644
index 0000000..70b59fc
--- /dev/null
+++ b/docker/jitsi/README.md
@@ -0,0 +1,26 @@
+This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
+
+To build images:
+
+```
+docker-compose -f 02_run.yml build
+```
+
+To gen the certs:
+
+```
+docker-compose -f 01_gen_certs.yml up --force-recreate
+```
+
+To run the stack:
+
+
+```
+docker-compose -f 02_run.yml up --force-recreate
+```
+
+To push the stack on the docker registry:
+
+```
+docker-compose -f 02_run.yml push
+```
diff --git a/docker/jitsi/dev.env b/docker/jitsi/dev.env
new file mode 100644
index 0000000..722ca1d
--- /dev/null
+++ b/docker/jitsi/dev.env
@@ -0,0 +1,9 @@
+JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
+JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
+JITSI_SECRET_JICOFO_USER=S3CR3T03
+JITSI_PROSODY_BOSH_PORT=5280
+JITSI_PROSODY_BOSH_HOST=127.0.0.1
+JITSI_PROSODY_HOST=127.0.0.1
+JITSI_CERTS_FOLDER=/certs/
+JITSI_NAT_PUBLIC_IP=77.204.7.239
+JITSI_NAT_LOCAL_IP=192.168.0.18
diff --git a/docker/jitsi/jitsi-certs/.gitignore b/docker/jitsi/jitsi-certs/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/docker/jitsi/jitsi-certs/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/docker/jitsi/jitsi-conference-focus/Dockerfile b/docker/jitsi/jitsi-conference-focus/Dockerfile
new file mode 100644
index 0000000..190010e
--- /dev/null
+++ b/docker/jitsi/jitsi-conference-focus/Dockerfile
@@ -0,0 +1,22 @@
+FROM debian:buster AS builder
+
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jdk maven git unzip && \
+ git clone --depth=1 https://github.com/jitsi/jicofo.git && \
+ cd jicofo && \
+ mvn package -DskipTests -Dassembly.skipAssembly=false
+
+RUN cd jicofo && \
+ unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
+ mv jicofo-1.1-SNAPSHOT /srv/jicofo
+
+
+FROM debian:buster
+
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jdk ca-certificates
+
+COPY --from=builder /srv/jicofo /srv/jicofo
+COPY jicofo /usr/local/bin/jicofo
+
+CMD ["/usr/local/bin/jicofo"]
diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo
new file mode 100755
index 0000000..2bc6e3f
--- /dev/null
+++ b/docker/jitsi/jitsi-conference-focus/jicofo
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
+update-ca-certificates -f
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+/srv/jicofo/jicofo.sh \
+ --host=${JITSI_PROSODY_HOST} \
+ --domain=jitsi.deuxfleurs.fr \
+ --secret=${JITSI_SECRET_JICOFO_COMPONENT} \
+ --user_domain=auth.jitsi.deuxfleurs.fr \
+ --user_password=${JITSI_SECRET_JICOFO_USER}
diff --git a/docker/jitsi/jitsi-front/Dockerfile b/docker/jitsi/jitsi-front/Dockerfile
new file mode 100644
index 0000000..239372e
--- /dev/null
+++ b/docker/jitsi/jitsi-front/Dockerfile
@@ -0,0 +1,20 @@
+FROM debian:buster AS builder
+
+RUN apt-get update && \
+ apt-get install -y npm git nodejs make && \
+ git clone --depth=1 https://github.com/jitsi/jitsi-meet.git && \
+ cd jitsi-meet && \
+ npm install && \
+ make
+
+FROM debian:buster
+
+COPY --from=builder /jitsi-meet /srv/jitsi-meet
+RUN apt-get update && \
+ apt-get install -y nginx && \
+ rm /etc/nginx/sites-enabled/*
+
+COPY config.js /srv/jitsi-meet/config.js
+COPY entrypoint.sh /usr/local/bin/entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
diff --git a/docker/jitsi/jitsi-front/config.js b/docker/jitsi/jitsi-front/config.js
new file mode 100644
index 0000000..34f0662
--- /dev/null
+++ b/docker/jitsi/jitsi-front/config.js
@@ -0,0 +1,517 @@
+/* eslint-disable no-unused-vars, no-var */
+
+var config = {
+ // Connection
+ //
+
+ hosts: {
+ // XMPP domain.
+ domain: 'jitsi.deuxfleurs.fr',
+
+ // When using authentication, domain for guest users.
+ // anonymousdomain: 'guest.example.com',
+
+ // Domain for authenticated users. Defaults to <domain>.
+ // authdomain: 'jitsi-meet.example.com',
+
+ // Jirecon recording component domain.
+ // jirecon: 'jirecon.jitsi-meet.example.com',
+
+ // Call control component (Jigasi).
+ // call_control: 'callcontrol.jitsi-meet.example.com',
+
+ // Focus component domain. Defaults to focus.<domain>.
+ // focus: 'focus.jitsi-meet.example.com',
+
+ // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
+ muc: 'conference.jitsi.deuxfleurs.fr'
+ },
+
+ // BOSH URL. FIXME: use XEP-0156 to discover it.
+ bosh: '//jitsi.deuxfleurs.fr/http-bind',
+
+ // Websocket URL
+ // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
+
+ // The name of client node advertised in XEP-0115 'c' stanza
+ clientNode: 'http://jitsi.org/jitsimeet',
+
+ // The real JID of focus participant - can be overridden here
+ // focusUserJid: 'focus@auth.jitsi-meet.example.com',
+
+
+ // Testing / experimental features.
+ //
+
+ testing: {
+ // Enables experimental simulcast support on Firefox.
+ enableFirefoxSimulcast: false,
+
+ // P2P test mode disables automatic switching to P2P when there are 2
+ // participants in the conference.
+ p2pTestMode: false
+
+ // Enables the test specific features consumed by jitsi-meet-torture
+ // testMode: false
+
+ // Disables the auto-play behavior of *all* newly created video element.
+ // This is useful when the client runs on a host with limited resources.
+ // noAutoPlayVideo: false
+ },
+
+ // Disables ICE/UDP by filtering out local and remote UDP candidates in
+ // signalling.
+ // webrtcIceUdpDisable: false,
+
+ // Disables ICE/TCP by filtering out local and remote TCP candidates in
+ // signalling.
+ // webrtcIceTcpDisable: false,
+
+
+ // Media
+ //
+
+ // Audio
+
+ // Disable measuring of audio levels.
+ // disableAudioLevels: false,
+ // audioLevelsInterval: 200,
+
+ // Enabling this will run the lib-jitsi-meet no audio detection module which
+ // will notify the user if the current selected microphone has no audio
+ // input and will suggest another valid device if one is present.
+ enableNoAudioDetection: true,
+
+ // Enabling this will run the lib-jitsi-meet noise detection module which will
+ // notify the user if there is noise, other than voice, coming from the current
+ // selected microphone. The purpose it to let the user know that the input could
+ // be potentially unpleasant for other meeting participants.
+ enableNoisyMicDetection: true,
+
+ // Start the conference in audio only mode (no video is being received nor
+ // sent).
+ // startAudioOnly: false,
+
+ // Every participant after the Nth will start audio muted.
+ // startAudioMuted: 10,
+
+ // Start calls with audio muted. Unlike the option above, this one is only
+ // applied locally. FIXME: having these 2 options is confusing.
+ // startWithAudioMuted: false,
+
+ // Enabling it (with #params) will disable local audio output of remote
+ // participants and to enable it back a reload is needed.
+ // startSilent: false
+
+ // Video
+
+ // Sets the preferred resolution (height) for local video. Defaults to 720.
+ // resolution: 720,
+
+ // w3c spec-compliant video constraints to use for video capture. Currently
+ // used by browsers that return true from lib-jitsi-meet's
+ // util#browser#usesNewGumFlow. The constraints are independency from
+ // this config's resolution value. Defaults to requesting an ideal aspect
+ // ratio of 16:9 with an ideal resolution of 720.
+ // constraints: {
+ // video: {
+ // aspectRatio: 16 / 9,
+ // height: {
+ // ideal: 720,
+ // max: 720,
+ // min: 240
+ // }
+ // }
+ // },
+
+ // Enable / disable simulcast support.
+ // disableSimulcast: false,
+
+ // Enable / disable layer suspension. If enabled, endpoints whose HD
+ // layers are not in use will be suspended (no longer sent) until they
+ // are requested again.
+ // enableLayerSuspension: false,
+
+ // Every participant after the Nth will start video muted.
+ // startVideoMuted: 10,
+
+ // Start calls with video muted. Unlike the option above, this one is only
+ // applied locally. FIXME: having these 2 options is confusing.
+ // startWithVideoMuted: false,
+
+ // If set to true, prefer to use the H.264 video codec (if supported).
+ // Note that it's not recommended to do this because simulcast is not
+ // supported when using H.264. For 1-to-1 calls this setting is enabled by
+ // default and can be toggled in the p2p section.
+ // preferH264: true,
+
+ // If set to true, disable H.264 video codec by stripping it out of the
+ // SDP.
+ // disableH264: false,
+
+ // Desktop sharing
+
+ // The ID of the jidesha extension for Chrome.
+ desktopSharingChromeExtId: null,
+
+ // Whether desktop sharing should be disabled on Chrome.
+ // desktopSharingChromeDisabled: false,
+
+ // The media sources to use when using screen sharing with the Chrome
+ // extension.
+ desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
+
+ // Required version of Chrome extension
+ desktopSharingChromeMinExtVersion: '0.1',
+
+ // Whether desktop sharing should be disabled on Firefox.
+ // desktopSharingFirefoxDisabled: false,
+
+ // Optional desktop sharing frame rate options. Default value: min:5, max:5.
+ // desktopSharingFrameRate: {
+ // min: 5,
+ // max: 5
+ // },
+
+ // Try to start calls with screen-sharing instead of camera video.
+ // startScreenSharing: false,
+
+ // Recording
+
+ // Whether to enable file recording or not.
+ // fileRecordingsEnabled: false,
+ // Enable the dropbox integration.
+ // dropbox: {
+ // appKey: '<APP_KEY>' // Specify your app key here.
+ // // A URL to redirect the user to, after authenticating
+ // // by default uses:
+ // // 'https://jitsi-meet.example.com/static/oauth.html'
+ // redirectURI:
+ // 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
+ // },
+ // When integrations like dropbox are enabled only that will be shown,
+ // by enabling fileRecordingsServiceEnabled, we show both the integrations
+ // and the generic recording service (its configuration and storage type
+ // depends on jibri configuration)
+ // fileRecordingsServiceEnabled: false,
+ // Whether to show the possibility to share file recording with other people
+ // (e.g. meeting participants), based on the actual implementation
+ // on the backend.
+ // fileRecordingsServiceSharingEnabled: false,
+
+ // Whether to enable live streaming or not.
+ // liveStreamingEnabled: false,
+
+ // Transcription (in interface_config,
+ // subtitles and buttons can be configured)
+ // transcribingEnabled: false,
+
+ // Enables automatic turning on captions when recording is started
+ // autoCaptionOnRecord: false,
+
+ // Misc
+
+ // Default value for the channel "last N" attribute. -1 for unlimited.
+ channelLastN: -1,
+
+ // Disables or enables RTX (RFC 4588) (defaults to false).
+ // disableRtx: false,
+
+ // Disables or enables TCC (the default is in Jicofo and set to true)
+ // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
+ // affects congestion control, it practically enables send-side bandwidth
+ // estimations.
+ // enableTcc: true,
+
+ // Disables or enables REMB (the default is in Jicofo and set to false)
+ // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
+ // control, it practically enables recv-side bandwidth estimations. When
+ // both TCC and REMB are enabled, TCC takes precedence. When both are
+ // disabled, then bandwidth estimations are disabled.
+ // enableRemb: false,
+
+ // Defines the minimum number of participants to start a call (the default
+ // is set in Jicofo and set to 2).
+ // minParticipants: 2,
+
+ // Use XEP-0215 to fetch STUN and TURN servers.
+ // useStunTurn: true,
+
+ // Enable IPv6 support.
+ // useIPv6: true,
+
+ // Enables / disables a data communication channel with the Videobridge.
+ // Values can be 'datachannel', 'websocket', true (treat it as
+ // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
+ // open any channel).
+ // openBridgeChannel: true,
+
+
+ // UI
+ //
+
+ // Use display name as XMPP nickname.
+ // useNicks: false,
+
+ // Require users to always specify a display name.
+ // requireDisplayName: true,
+
+ // Whether to use a welcome page or not. In case it's false a random room
+ // will be joined when no room is specified.
+ enableWelcomePage: true,
+
+ // Enabling the close page will ignore the welcome page redirection when
+ // a call is hangup.
+ // enableClosePage: false,
+
+ // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
+ // disable1On1Mode: false,
+
+ // Default language for the user interface.
+ // defaultLanguage: 'en',
+
+ // If true all users without a token will be considered guests and all users
+ // with token will be considered non-guests. Only guests will be allowed to
+ // edit their profile.
+ enableUserRolesBasedOnToken: false,
+
+ // Whether or not some features are checked based on token.
+ // enableFeaturesBasedOnToken: false,
+
+ // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
+ // lockRoomGuestEnabled: false,
+
+ // When enabled the password used for locking a room is restricted to up to the number of digits specified
+ // roomPasswordNumberOfDigits: 10,
+ // default: roomPasswordNumberOfDigits: false,
+
+ // Message to show the users. Example: 'The service will be down for
+ // maintenance at 01:00 AM GMT,
+ // noticeMessage: '',
+
+ // Enables calendar integration, depends on googleApiApplicationClientID
+ // and microsoftApiApplicationClientID
+ // enableCalendarIntegration: false,
+
+ // Stats
+ //
+
+ // Whether to enable stats collection or not in the TraceablePeerConnection.
+ // This can be useful for debugging purposes (post-processing/analysis of
+ // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
+ // estimation tests.
+ // gatherStats: false,
+
+ // The interval at which PeerConnection.getStats() is called. Defaults to 10000
+ // pcStatsInterval: 10000,
+
+ // To enable sending statistics to callstats.io you must provide the
+ // Application ID and Secret.
+ // callStatsID: '',
+ // callStatsSecret: '',
+
+ // enables sending participants display name to callstats
+ // enableDisplayNameInStats: false
+
+ // enables sending participants email if available to callstats and other analytics
+ // enableEmailInStats: false
+
+ // Privacy
+ //
+
+ // If third party requests are disabled, no other server will be contacted.
+ // This means avatars will be locally generated and callstats integration
+ // will not function.
+ // disableThirdPartyRequests: false,
+
+
+ // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
+ //
+
+ p2p: {
+ // Enables peer to peer mode. When enabled the system will try to
+ // establish a direct connection when there are exactly 2 participants
+ // in the room. If that succeeds the conference will stop sending data
+ // through the JVB and use the peer to peer connection instead. When a
+ // 3rd participant joins the conference will be moved back to the JVB
+ // connection.
+ enabled: true,
+
+ // Use XEP-0215 to fetch STUN and TURN servers.
+ // useStunTurn: true,
+
+ // The STUN servers that will be used in the peer to peer connections
+ stunServers: [
+
+ // { urls: 'stun:jitsi-meet.example.com:443' },
+ { urls: 'stun:stun.l.google.com:19302' },
+ { urls: 'stun:stun1.l.google.com:19302' },
+ { urls: 'stun:stun2.l.google.com:19302' }
+ ],
+
+ // Sets the ICE transport policy for the p2p connection. At the time
+ // of this writing the list of possible values are 'all' and 'relay',
+ // but that is subject to change in the future. The enum is defined in
+ // the WebRTC standard:
+ // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
+ // If not set, the effective value is 'all'.
+ // iceTransportPolicy: 'all',
+
+ // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+ // is supported).
+ preferH264: true
+
+ // If set to true, disable H.264 video codec by stripping it out of the
+ // SDP.
+ // disableH264: false,
+
+ // How long we're going to wait, before going back to P2P after the 3rd
+ // participant has left the conference (to filter out page reload).
+ // backToP2PDelay: 5
+ },
+
+ analytics: {
+ // The Google Analytics Tracking ID:
+ // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
+
+ // The Amplitude APP Key:
+ // amplitudeAPPKey: '<APP_KEY>'
+
+ // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
+ // scriptURLs: [
+ // "libs/analytics-ga.min.js", // google-analytics
+ // "https://example.com/my-custom-analytics.js"
+ // ],
+ },
+
+ // Information about the jitsi-meet instance we are connecting to, including
+ // the user region as seen by the server.
+ deploymentInfo: {
+ // shard: "shard1",
+ // region: "europe",
+ // userRegion: "asia"
+ }
+
+ // Information for the chrome extension banner
+ // chromeExtensionBanner: {
+ // // The chrome extension to be installed address
+ // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
+
+ // // Extensions info which allows checking if they are installed or not
+ // chromeExtensionsInfo: [
+ // {
+ // id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
+ // path: 'jitsi-logo-48x48.png'
+ // }
+ // ]
+ // }
+
+ // Local Recording
+ //
+
+ // localRecording: {
+ // Enables local recording.
+ // Additionally, 'localrecording' (all lowercase) needs to be added to
+ // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+ // button to show up on the toolbar.
+ //
+ // enabled: true,
+ //
+
+ // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+ // format: 'flac'
+ //
+
+ // }
+
+ // Options related to end-to-end (participant to participant) ping.
+ // e2eping: {
+ // // The interval in milliseconds at which pings will be sent.
+ // // Defaults to 10000, set to <= 0 to disable.
+ // pingInterval: 10000,
+ //
+ // // The interval in milliseconds at which analytics events
+ // // with the measured RTT will be sent. Defaults to 60000, set
+ // // to <= 0 to disable.
+ // analyticsInterval: 60000,
+ // }
+
+ // If set, will attempt to use the provided video input device label when
+ // triggering a screenshare, instead of proceeding through the normal flow
+ // for obtaining a desktop stream.
+ // NOTE: This option is experimental and is currently intended for internal
+ // use only.
+ // _desktopSharingSourceDevice: 'sample-id-or-label'
+
+ // If true, any checks to handoff to another application will be prevented
+ // and instead the app will continue to display in the current browser.
+ // disableDeepLinking: false
+
+ // A property to disable the right click context menu for localVideo
+ // the menu has option to flip the locally seen video for local presentations
+ // disableLocalVideoFlip: false
+
+ // Deployment specific URLs.
+ // deploymentUrls: {
+ // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
+ // // user documentation.
+ // userDocumentationURL: 'https://docs.example.com/video-meetings.html',
+ // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
+ // // to the specified URL for an app download page.
+ // downloadAppsUrl: 'https://docs.example.com/our-apps.html'
+ // }
+
+ // List of undocumented settings used in jitsi-meet
+ /**
+ _immediateReloadThreshold
+ autoRecord
+ autoRecordToken
+ debug
+ debugAudioLevels
+ deploymentInfo
+ dialInConfCodeUrl
+ dialInNumbersUrl
+ dialOutAuthUrl
+ dialOutCodesUrl
+ disableRemoteControl
+ displayJids
+ etherpad_base
+ externalConnectUrl
+ firefox_fake_device
+ googleApiApplicationClientID
+ iAmRecorder
+ iAmSipGateway
+ microsoftApiApplicationClientID
+ peopleSearchQueryTypes
+ peopleSearchUrl
+ requireDisplayName
+ tokenAuthUrl
+ */
+
+ // List of undocumented settings used in lib-jitsi-meet
+ /**
+ _peerConnStatusOutOfLastNTimeout
+ _peerConnStatusRtcMuteTimeout
+ abTesting
+ avgRtpStatsN
+ callStatsConfIDNamespace
+ callStatsCustomScriptUrl
+ desktopSharingSources
+ disableAEC
+ disableAGC
+ disableAP
+ disableHPF
+ disableNS
+ enableLipSync
+ enableTalkWhileMuted
+ forceJVB121Ratio
+ hiddenDomain
+ ignoreStartMuted
+ nick
+ startBitrate
+ */
+
+};
+
+/* eslint-enable no-unused-vars, no-var */
+
diff --git a/docker/jitsi/jitsi-front/entrypoint.sh b/docker/jitsi/jitsi-front/entrypoint.sh
new file mode 100755
index 0000000..1e18bd1
--- /dev/null
+++ b/docker/jitsi/jitsi-front/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+cat > /etc/nginx/sites-available/jitsi <<EOF
+server_names_hash_bucket_size 64;
+
+server {
+ listen 0.0.0.0:443 ssl http2 default_server;
+ listen [::]:443 ssl http2 default_server;
+ server_name _;
+ ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
+ ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;
+ root /srv/jitsi-meet;
+ index index.html;
+ location ~ ^/([a-zA-Z0-9=\?]+)$ {
+ rewrite ^/(.*)$ / break;
+ }
+ location / {
+ ssi on;
+ }
+ # BOSH, Bidirectional-streams Over Synchronous HTTP
+ # https://en.wikipedia.org/wiki/BOSH_(protocol)
+ location /http-bind {
+ proxy_pass http://${JITSI_PROSODY_BOSH_HOST}:${JITSI_PROSODY_BOSH_PORT}/http-bind;
+ proxy_set_header X-Forwarded-For \$remote_addr;
+ proxy_set_header Host \$http_host;
+ }
+ # external_api.js must be accessible from the root of the
+ # installation for the electron version of Jitsi Meet to work
+ # https://github.com/jitsi/jitsi-meet-electron
+ location /external_api.js {
+ alias /srv/jitsi-meet/libs/external_api.min.js;
+ }
+}
+EOF
+
+ln -sf /etc/nginx/sites-available/jitsi /etc/nginx/sites-enabled/jitsi
+
+exec "$@"
diff --git a/docker/jitsi/jitsi-videobridge/Dockerfile b/docker/jitsi/jitsi-videobridge/Dockerfile
new file mode 100644
index 0000000..e34d000
--- /dev/null
+++ b/docker/jitsi/jitsi-videobridge/Dockerfile
@@ -0,0 +1,21 @@
+FROM debian:buster AS builder
+
+RUN apt-get update && \
+ apt-get install -y wget unzip
+
+ENV VERSION=1132
+RUN wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-${VERSION}.zip -O jvb.zip && \
+ unzip jvb.zip && \
+ mv jitsi-videobridge-linux-x64-${VERSION} jvb
+
+FROM debian:buster
+
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jdk
+
+COPY --from=builder /jvb /srv/jvb
+ENV HOME=/srv/jvb
+WORKDIR /srv/jvb
+COPY jvb_run /usr/local/bin/jvb_run
+
+CMD ["/usr/local/bin/jvb_run"]
diff --git a/docker/jitsi/jitsi-videobridge/jvb_run b/docker/jitsi/jitsi-videobridge/jvb_run
new file mode 100755
index 0000000..2431081
--- /dev/null
+++ b/docker/jitsi/jitsi-videobridge/jvb_run
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+cd /srv/jvb
+
+cat > ~/.sip-communicator/sip-communicator.properties <<EOF
+org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
+# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
+# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
+org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
+org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
+org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
+EOF
+
+./jvb.sh \
+ --host=${JITSI_PROSODY_HOST} \
+ --domain=jitsi.deuxfleurs.fr \
+ --port=5347 \
+ --secret=${JITSI_SECRET_VIDEOBRIDGE}
diff --git a/docker/jitsi/jitsi-xmpp/Dockerfile b/docker/jitsi/jitsi-xmpp/Dockerfile
new file mode 100644
index 0000000..3733d49
--- /dev/null
+++ b/docker/jitsi/jitsi-xmpp/Dockerfile
@@ -0,0 +1,11 @@
+FROM debian:buster
+
+RUN apt-get update && \
+ apt-get install -y prosody
+
+COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
+COPY xmpp_conf /usr/local/bin/xmpp_conf
+COPY xmpp_gen /usr/local/bin/xmpp_gen
+COPY xmpp_run /usr/local/bin/xmpp_run
+
+CMD ["/usr/local/bin/xmpp_run"]
diff --git a/docker/jitsi/jitsi-xmpp/external_components.cfg.lua b/docker/jitsi/jitsi-xmpp/external_components.cfg.lua
new file mode 100644
index 0000000..beaaa87
--- /dev/null
+++ b/docker/jitsi/jitsi-xmpp/external_components.cfg.lua
@@ -0,0 +1,2 @@
+component_ports = { 5347 }
+component_interface = "0.0.0.0"
diff --git a/docker/jitsi/jitsi-xmpp/xmpp_conf b/docker/jitsi/jitsi-xmpp/xmpp_conf
new file mode 100755
index 0000000..2a9278e
--- /dev/null
+++ b/docker/jitsi/jitsi-xmpp/xmpp_conf
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+mkdir -p /etc/prosody/conf.{d,avail}/
+cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
+VirtualHost "jitsi.deuxfleurs.fr"
+ authentication = "anonymous"
+ ssl = {
+ key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
+ certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
+ }
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ }
+ c2s_require_encryption = false
+
+VirtualHost "auth.jitsi.deuxfleurs.fr"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
+ certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
+ }
+ authentication = "internal_plain"
+
+admins = { "focus@auth.jitsi.deuxfleurs.fr" }
+
+Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
+ component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
+Component "focus.jitsi.deuxfleurs.fr"
+ component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
+EOF
+
+ln -sf \
+ /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
+ /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
+
+
diff --git a/docker/jitsi/jitsi-xmpp/xmpp_gen b/docker/jitsi/jitsi-xmpp/xmpp_gen
new file mode 100755
index 0000000..3a2e04a
--- /dev/null
+++ b/docker/jitsi/jitsi-xmpp/xmpp_gen
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/local/bin/xmpp_conf
+
+prosodyctl cert generate jitsi.deuxfleurs.fr
+prosodyctl cert generate auth.jitsi.deuxfleurs.fr
+
+cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
+cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}
diff --git a/docker/jitsi/jitsi-xmpp/xmpp_run b/docker/jitsi/jitsi-xmpp/xmpp_run
new file mode 100755
index 0000000..8dfdf86
--- /dev/null
+++ b/docker/jitsi/jitsi-xmpp/xmpp_run
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+/usr/local/bin/xmpp_conf
+cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
+chown -R prosody:prosody /var/lib/prosody
+
+mkdir -p /usr/local/share/ca-certificates/
+ln -sf \
+ /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
+ /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
+
+prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
+
+mkdir /run/prosody
+touch /run/prosody/prosody.pid
+chown -R prosody:prosody /run/prosody
+
+cd /var/lib/prosody
+su - prosody -s /bin/bash -c prosody
diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl
index 8b9788e..3796c2d 100644
--- a/nomad/traefik.hcl
+++ b/nomad/traefik.hcl
@@ -60,11 +60,6 @@ job "frontend" {
data = "{{ key \"configuration/traefik/traefik.toml\" }}"
destination = "secrets/traefik.toml"
}
- template {
- data = "{{ key \"configuration/traefik/cloudflare.env\" }}"
- destination = "secrets/cloudflare.env"
- env = true
- }
}
}
}