aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi/deploy/jitsi.hcl
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@dufour.io>2021-02-01 09:50:38 +0100
committerQuentin Dufour <quentin@dufour.io>2021-02-01 09:50:38 +0100
commit088c9df20ce62019244b71120edef9b9bded9523 (patch)
tree2ba4a73e5e5fdc62e48017f81a692cc3907edabf /app/jitsi/deploy/jitsi.hcl
parent0a87d26e47646fb0a3e9a9399ea83b39640583b1 (diff)
downloadinfrastructure-088c9df20ce62019244b71120edef9b9bded9523.tar.gz
infrastructure-088c9df20ce62019244b71120edef9b9bded9523.zip
Prepare Nomad deployment
Diffstat (limited to 'app/jitsi/deploy/jitsi.hcl')
-rw-r--r--app/jitsi/deploy/jitsi.hcl155
1 files changed, 91 insertions, 64 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl
index 1e625bb..82fdfcd 100644
--- a/app/jitsi/deploy/jitsi.hcl
+++ b/app/jitsi/deploy/jitsi.hcl
@@ -11,46 +11,59 @@ job "jitsi" {
network {
port "bosh_port" { }
- port "ext_port" { static = 5347 }
- port "xmpp_port" { static = 5222 }
+ port "xmpp_port" { }
port "https_port" { }
- port "video1_port" { static = 8081 }
- port "video2_port" { static = 10000 }
+ port "video_port" { static = 8080 }
}
task "xmpp" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_xmpp:v8"
- ports = [ "bosh_port", "ext_port", "xmpp_port" ]
+ image = "superboum/amd64_jitsi_xmpp:v9"
+ ports = [ "bosh_port", "xmpp_port" ]
network_mode = "host"
+ volumes = [
+ "secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua"
+ "secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt"
+ "secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key"
+ "secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt"
+ "secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key"
+ ]
}
template {
- data = file("../config/global_env.tpl")
+ data = <<EOF
+JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" }}
+JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" }}
+EOF
destination = "secrets/global_env"
env = true
}
+ template {
+ data = file("../config/prosody.cfg.lua")
+ destination = "secrets/prosody.cfg.lua"
+ }
+
# --- secrets ---
template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.crt"
}
template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
+ data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}"
+ destination = "secrets/certs/auth.jitsi.key"
}
template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+ destination = "secrets/certs/jitsi.crt"
}
template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
+ destination = "secrets/certs/jitsi.key"
}
resources {
@@ -62,7 +75,7 @@ job "jitsi" {
tags = [ "jitsi", "bosh" ]
port = "bosh_port"
address_mode = "host"
- name = "jitsi-xmpp-bosh"
+ name = "bosh-jitsi"
check {
type = "tcp"
port = "bosh_port"
@@ -77,42 +90,47 @@ job "jitsi" {
}
service {
- tags = [ "jitsi", "ext" ]
- port = "ext_port"
- address_mode = "host"
- name = "jitsi-ext"
- }
-
- service {
tags = [ "jitsi", "xmpp" ]
port = "xmpp_port"
address_mode = "host"
- name = "jitsi-xmpp"
+ name = "xmpp-jitsi"
}
}
task "front" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_meet:v3"
+ image = "superboum/amd64_jitsi_meet:v4"
network_mode = "host"
ports = [ "https_port" ]
+ volumes = [
+ "secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt"
+ "secrets/certs/jitsi.key:/etc/nginx/jitsi.key"
+ "secrets/config.js:/srv/jitsi-meet/config.js"
+ "secrets/nginx.conf:/etc/nginx/nginx.conf"
+ ]
}
template {
- data = file("../config/global_env.tpl")
- destination = "secrets/global_env"
+ data = file("../config/config.js")
+ destination = "secrets/config.js"
+ env = true
+ }
+
+ template {
+ data = file("../config/nginx.conf")
+ destination = "secrets/nginx.conf"
env = true
}
# --- secrets ---
template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+ destination = "secrets/certs/jitsi.crt"
}
template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ data = "{{ key \"secrets/jitsi/jitsi.key\" }}"
+ destination = "secrets/certs/jitsi.key"
}
resources {
@@ -130,7 +148,7 @@ job "jitsi" {
]
port = "https_port"
address_mode = "host"
- name = "jitsi-front-https"
+ name = "https-jitsi"
check {
type = "tcp"
port = "https_port"
@@ -148,25 +166,29 @@ job "jitsi" {
task "jicofo" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_conference_focus:v6"
+ image = "superboum/amd64_jitsi_conference_focus:v7"
network_mode = "host"
+ volumes = [
+ "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt"
+ "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt"
+ "secrets/jicofo.conf:/etc/jitsi/jicofo.conf"
+ ]
}
template {
- data = file("../config/global_env.tpl")
- destination = "secrets/global_env"
- env = true
+ data = file("../config/jicofo.conf")
+ destination = "secrets/jicofo.conf"
}
#--- secrets ---
template {
- data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+ destination = "secrets/certs/jitsi.crt"
}
template {
- data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
- destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.crt"
}
resources {
@@ -178,56 +200,61 @@ job "jitsi" {
task "videobridge" {
driver = "docker"
config {
- image = "superboum/amd64_jitsi_videobridge:v16"
+ image = "superboum/amd64_jitsi_videobridge:v17"
network_mode = "host"
- ports = [ "video1_port", "video2_port" ]
+ ports = [ "video_port" ]
ulimit {
nofile = "1048576:1048576"
nproc = "65536:65536"
}
+ volumes = [
+ "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt"
+ "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt"
+ "secrets/videobridge.conf:/etc/jitsi/videobridge.conf"
+ ]
}
env {
- #JITSI_DEBUG = 1
- JITSI_VIDEO_TCP = 8081
- VIDEOBRIDGE_MAX_MEMORY = "1450m"
+ # Our container can autodetect the public IP with the ifconfig.me service
+ # However we would like to avoid relying on a 3rd party service for production use
+ # That's why I am setting the public IP address statically here VVVV
+ JITSI_NAT_PUBLIC_IP = "78.197.205.190"
}
template {
- data = file("../config/global_env.tpl")
- destination = "secrets/global_env"
+ data = file("../config/videobridge.conf")
+ destination = "secrets/videobridge.conf"
env = true
}
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.crt\" }}"
+ destination = "secrets/certs/jitsi.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.crt"
+ }
+
resources {
cpu = 900
- memory = 1500
+ memory = 3000
}
service {
- tags = [ "jitsi", "(diplonat (tcp_port 8081))" ]
- port = "video1_port"
+ tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ]
+ port = "video_port"
address_mode = "host"
- name = "jitsi-videobridge-video1"
+ name = "video-jitsi"
check {
type = "tcp"
- port = "video1_port"
+ port = "video_port"
interval = "60s"
timeout = "5s"
- check_restart {
- limit = 3
- grace = "90s"
- ignore_warnings = false
- }
}
}
-
- service {
- tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
- port = "video2_port"
- address_mode = "host"
- name = "jitsi-videobridge-video2"
- }
}
}
}