diff options
author | Quentin Dufour <quentin@dufour.io> | 2021-02-01 09:50:38 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@dufour.io> | 2021-02-01 09:50:38 +0100 |
commit | 088c9df20ce62019244b71120edef9b9bded9523 (patch) | |
tree | 2ba4a73e5e5fdc62e48017f81a692cc3907edabf /app/jitsi/deploy/jitsi.hcl | |
parent | 0a87d26e47646fb0a3e9a9399ea83b39640583b1 (diff) | |
download | infrastructure-088c9df20ce62019244b71120edef9b9bded9523.tar.gz infrastructure-088c9df20ce62019244b71120edef9b9bded9523.zip |
Prepare Nomad deployment
Diffstat (limited to 'app/jitsi/deploy/jitsi.hcl')
-rw-r--r-- | app/jitsi/deploy/jitsi.hcl | 155 |
1 files changed, 91 insertions, 64 deletions
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl index 1e625bb..82fdfcd 100644 --- a/app/jitsi/deploy/jitsi.hcl +++ b/app/jitsi/deploy/jitsi.hcl @@ -11,46 +11,59 @@ job "jitsi" { network { port "bosh_port" { } - port "ext_port" { static = 5347 } - port "xmpp_port" { static = 5222 } + port "xmpp_port" { } port "https_port" { } - port "video1_port" { static = 8081 } - port "video2_port" { static = 10000 } + port "video_port" { static = 8080 } } task "xmpp" { driver = "docker" config { - image = "superboum/amd64_jitsi_xmpp:v8" - ports = [ "bosh_port", "ext_port", "xmpp_port" ] + image = "superboum/amd64_jitsi_xmpp:v9" + ports = [ "bosh_port", "xmpp_port" ] network_mode = "host" + volumes = [ + "secrets/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua" + "secrets/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt" + "secrets/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key" + "secrets/certs/jitsi.crt:/var/lib/prosody/jitsi.crt" + "secrets/certs/jitsi.key:/var/lib/prosody/jitsi.key" + ] } template { - data = file("../config/global_env.tpl") + data = <<EOF +JICOFO_AUTH_PASSWORD={{ key "secrets/jitsi/jicofo_pass" }} +JVB_AUTH_PASSWORD={{ key "secrets/jitsi/jvb_pass" }} +EOF destination = "secrets/global_env" env = true } + template { + data = file("../config/prosody.cfg.lua") + destination = "secrets/prosody.cfg.lua" + } + # --- secrets --- template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" + destination = "secrets/certs/auth.jitsi.crt" } template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" + data = "{{ key \"secrets/jitsi/auth.jitsi.key\" }}" + destination = "secrets/certs/auth.jitsi.key" } template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" + destination = "secrets/certs/jitsi.crt" } template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + data = "{{ key \"secrets/jitsi/jitsi.key\" }}" + destination = "secrets/certs/jitsi.key" } resources { @@ -62,7 +75,7 @@ job "jitsi" { tags = [ "jitsi", "bosh" ] port = "bosh_port" address_mode = "host" - name = "jitsi-xmpp-bosh" + name = "bosh-jitsi" check { type = "tcp" port = "bosh_port" @@ -77,42 +90,47 @@ job "jitsi" { } service { - tags = [ "jitsi", "ext" ] - port = "ext_port" - address_mode = "host" - name = "jitsi-ext" - } - - service { tags = [ "jitsi", "xmpp" ] port = "xmpp_port" address_mode = "host" - name = "jitsi-xmpp" + name = "xmpp-jitsi" } } task "front" { driver = "docker" config { - image = "superboum/amd64_jitsi_meet:v3" + image = "superboum/amd64_jitsi_meet:v4" network_mode = "host" ports = [ "https_port" ] + volumes = [ + "secrets/certs/jitsi.crt:/etc/nginx/jitsi.crt" + "secrets/certs/jitsi.key:/etc/nginx/jitsi.key" + "secrets/config.js:/srv/jitsi-meet/config.js" + "secrets/nginx.conf:/etc/nginx/nginx.conf" + ] } template { - data = file("../config/global_env.tpl") - destination = "secrets/global_env" + data = file("../config/config.js") + destination = "secrets/config.js" + env = true + } + + template { + data = file("../config/nginx.conf") + destination = "secrets/nginx.conf" env = true } # --- secrets --- template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" + destination = "secrets/certs/jitsi.crt" } template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.key" + data = "{{ key \"secrets/jitsi/jitsi.key\" }}" + destination = "secrets/certs/jitsi.key" } resources { @@ -130,7 +148,7 @@ job "jitsi" { ] port = "https_port" address_mode = "host" - name = "jitsi-front-https" + name = "https-jitsi" check { type = "tcp" port = "https_port" @@ -148,25 +166,29 @@ job "jitsi" { task "jicofo" { driver = "docker" config { - image = "superboum/amd64_jitsi_conference_focus:v6" + image = "superboum/amd64_jitsi_conference_focus:v7" network_mode = "host" + volumes = [ + "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt" + "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt" + "secrets/jicofo.conf:/etc/jitsi/jicofo.conf" + ] } template { - data = file("../config/global_env.tpl") - destination = "secrets/global_env" - env = true + data = file("../config/jicofo.conf") + destination = "secrets/jicofo.conf" } #--- secrets --- template { - data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" + data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" + destination = "secrets/certs/jitsi.crt" } template { - data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" - destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" + data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" + destination = "secrets/certs/auth.jitsi.crt" } resources { @@ -178,56 +200,61 @@ job "jitsi" { task "videobridge" { driver = "docker" config { - image = "superboum/amd64_jitsi_videobridge:v16" + image = "superboum/amd64_jitsi_videobridge:v17" network_mode = "host" - ports = [ "video1_port", "video2_port" ] + ports = [ "video_port" ] ulimit { nofile = "1048576:1048576" nproc = "65536:65536" } + volumes = [ + "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt" + "secrets/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt" + "secrets/videobridge.conf:/etc/jitsi/videobridge.conf" + ] } env { - #JITSI_DEBUG = 1 - JITSI_VIDEO_TCP = 8081 - VIDEOBRIDGE_MAX_MEMORY = "1450m" + # Our container can autodetect the public IP with the ifconfig.me service + # However we would like to avoid relying on a 3rd party service for production use + # That's why I am setting the public IP address statically here VVVV + JITSI_NAT_PUBLIC_IP = "78.197.205.190" } template { - data = file("../config/global_env.tpl") - destination = "secrets/global_env" + data = file("../config/videobridge.conf") + destination = "secrets/videobridge.conf" env = true } + # --- secrets --- + template { + data = "{{ key \"secrets/jitsi/jitsi.crt\" }}" + destination = "secrets/certs/jitsi.crt" + } + + template { + data = "{{ key \"secrets/jitsi/auth.jitsi.crt\" }}" + destination = "secrets/certs/auth.jitsi.crt" + } + resources { cpu = 900 - memory = 1500 + memory = 3000 } service { - tags = [ "jitsi", "(diplonat (tcp_port 8081))" ] - port = "video1_port" + tags = [ "jitsi", "(diplonat (tcp_port 8080) (udp_port 8080))" ] + port = "video_port" address_mode = "host" - name = "jitsi-videobridge-video1" + name = "video-jitsi" check { type = "tcp" - port = "video1_port" + port = "video_port" interval = "60s" timeout = "5s" - check_restart { - limit = 3 - grace = "90s" - ignore_warnings = false - } } } - - service { - tags = [ "jitsi", "(diplonat (udp_port 10000))" ] - port = "video2_port" - address_mode = "host" - name = "jitsi-videobridge-video2" - } } } } |