aboutsummaryrefslogtreecommitdiff
path: root/app/jitsi
diff options
context:
space:
mode:
authorQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
committerQuentin <quentin@dufour.io>2021-01-18 08:18:21 +0100
commitad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch)
tree6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/jitsi
parent79b7273ff2a487d6721d393682c8ad3927467a75 (diff)
parentc642370def01f09d966b3b9c643cfe416ea115cf (diff)
downloadinfrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz
infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/jitsi')
-rw-r--r--app/jitsi/build/jitsi-conference-focus/Dockerfile27
-rwxr-xr-xapp/jitsi/build/jitsi-conference-focus/jicofo16
-rw-r--r--app/jitsi/build/jitsi-conference-focus/sip-communicator.properties2
-rw-r--r--app/jitsi/build/jitsi-meet/Dockerfile28
-rw-r--r--app/jitsi/build/jitsi-meet/config.js517
-rwxr-xr-xapp/jitsi/build/jitsi-meet/entrypoint.sh38
-rw-r--r--app/jitsi/build/jitsi-videobridge/Dockerfile30
-rwxr-xr-xapp/jitsi/build/jitsi-videobridge/jvb_run54
-rw-r--r--app/jitsi/build/jitsi-xmpp/Dockerfile13
-rw-r--r--app/jitsi/build/jitsi-xmpp/external_components.cfg.lua2
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_conf49
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_gen9
-rwxr-xr-xapp/jitsi/build/jitsi-xmpp/xmpp_run20
-rw-r--r--app/jitsi/config/global_env.tpl10
-rw-r--r--app/jitsi/deploy/jitsi.hcl234
-rw-r--r--app/jitsi/integratio/01_gen_certs.yml8
-rw-r--r--app/jitsi/integratio/02_run.yml27
-rw-r--r--app/jitsi/integratio/README.md26
-rw-r--r--app/jitsi/integratio/dev.env10
-rw-r--r--app/jitsi/integratio/jitsi-certs/.gitignore2
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt1
-rw-r--r--app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key1
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt1
-rw-r--r--app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key1
24 files changed, 1126 insertions, 0 deletions
diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile
new file mode 100644
index 0000000..e2c459c
--- /dev/null
+++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile
@@ -0,0 +1,27 @@
+FROM debian:buster AS builder
+
+ARG PREFIXV
+ARG VERSION
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jdk maven wget unzip && \
+ wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip
+
+RUN unzip jicofo.zip && \
+ mv jicofo*${VERSION} jicofo && \
+ cd jicofo && \
+ mvn package -DskipTests -Dassembly.skipAssembly=false && \
+ unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
+ mv jicofo-1.1-SNAPSHOT /srv/build
+
+FROM debian:buster
+
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jre-headless ca-certificates
+
+ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
+
+COPY --from=builder /srv/build /srv/jicofo
+COPY jicofo /usr/local/bin/jicofo
+COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties
+
+CMD ["/usr/local/bin/jicofo"]
diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo
new file mode 100755
index 0000000..2bc6e3f
--- /dev/null
+++ b/app/jitsi/build/jitsi-conference-focus/jicofo
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
+update-ca-certificates -f
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+/srv/jicofo/jicofo.sh \
+ --host=${JITSI_PROSODY_HOST} \
+ --domain=jitsi.deuxfleurs.fr \
+ --secret=${JITSI_SECRET_JICOFO_COMPONENT} \
+ --user_domain=auth.jitsi.deuxfleurs.fr \
+ --user_password=${JITSI_SECRET_JICOFO_USER}
diff --git a/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties b/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties
new file mode 100644
index 0000000..53c32e2
--- /dev/null
+++ b/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties
@@ -0,0 +1,2 @@
+org.jitsi.jicofo.SHORT_ID=1
+org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/build/jitsi-meet/Dockerfile b/app/jitsi/build/jitsi-meet/Dockerfile
new file mode 100644
index 0000000..feef115
--- /dev/null
+++ b/app/jitsi/build/jitsi-meet/Dockerfile
@@ -0,0 +1,28 @@
+FROM debian:buster AS builder
+
+ARG PREFIXV
+ARG VERSION
+
+RUN apt-get update && \
+ apt-get install -y curl && \
+ curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
+ apt-get install -y git nodejs make wget unzip && \
+ wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
+
+RUN unzip jitsi-meet.zip && \
+ mv jitsi-meet-*${VERSION} jitsi-meet && \
+ cd jitsi-meet && \
+ npm install && \
+ make
+
+FROM debian:buster
+
+COPY --from=builder /jitsi-meet /srv/jitsi-meet
+RUN apt-get update && \
+ apt-get install -y nginx && \
+ rm /etc/nginx/sites-enabled/*
+
+COPY config.js /srv/jitsi-meet/config.js
+COPY entrypoint.sh /usr/local/bin/entrypoint
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+CMD ["/usr/sbin/nginx", "-g", "daemon off;"]
diff --git a/app/jitsi/build/jitsi-meet/config.js b/app/jitsi/build/jitsi-meet/config.js
new file mode 100644
index 0000000..18ff319
--- /dev/null
+++ b/app/jitsi/build/jitsi-meet/config.js
@@ -0,0 +1,517 @@
+/* eslint-disable no-unused-vars, no-var */
+
+var config = {
+ // Connection
+ //
+
+ hosts: {
+ // XMPP domain.
+ domain: 'jitsi.deuxfleurs.fr',
+
+ // When using authentication, domain for guest users.
+ // anonymousdomain: 'guest.example.com',
+
+ // Domain for authenticated users. Defaults to <domain>.
+ // authdomain: 'jitsi-meet.example.com',
+
+ // Jirecon recording component domain.
+ // jirecon: 'jirecon.jitsi-meet.example.com',
+
+ // Call control component (Jigasi).
+ // call_control: 'callcontrol.jitsi-meet.example.com',
+
+ // Focus component domain. Defaults to focus.<domain>.
+ // focus: 'focus.jitsi-meet.example.com',
+
+ // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
+ muc: 'conference.jitsi.deuxfleurs.fr'
+ },
+
+ // BOSH URL. FIXME: use XEP-0156 to discover it.
+ bosh: '//jitsi.deuxfleurs.fr/http-bind',
+
+ // Websocket URL
+ // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket',
+
+ // The name of client node advertised in XEP-0115 'c' stanza
+ clientNode: 'http://jitsi.org/jitsimeet',
+
+ // The real JID of focus participant - can be overridden here
+ // focusUserJid: 'focus@auth.jitsi-meet.example.com',
+
+
+ // Testing / experimental features.
+ //
+
+ testing: {
+ // Enables experimental simulcast support on Firefox.
+ enableFirefoxSimulcast: false,
+
+ // P2P test mode disables automatic switching to P2P when there are 2
+ // participants in the conference.
+ p2pTestMode: false
+
+ // Enables the test specific features consumed by jitsi-meet-torture
+ // testMode: false
+
+ // Disables the auto-play behavior of *all* newly created video element.
+ // This is useful when the client runs on a host with limited resources.
+ // noAutoPlayVideo: false
+ },
+
+ // Disables ICE/UDP by filtering out local and remote UDP candidates in
+ // signalling.
+ // webrtcIceUdpDisable: false,
+
+ // Disables ICE/TCP by filtering out local and remote TCP candidates in
+ // signalling.
+ // webrtcIceTcpDisable: false,
+
+
+ // Media
+ //
+
+ // Audio
+
+ // Disable measuring of audio levels.
+ // disableAudioLevels: false,
+ // audioLevelsInterval: 200,
+
+ // Enabling this will run the lib-jitsi-meet no audio detection module which
+ // will notify the user if the current selected microphone has no audio
+ // input and will suggest another valid device if one is present.
+ enableNoAudioDetection: true,
+
+ // Enabling this will run the lib-jitsi-meet noise detection module which will
+ // notify the user if there is noise, other than voice, coming from the current
+ // selected microphone. The purpose it to let the user know that the input could
+ // be potentially unpleasant for other meeting participants.
+ enableNoisyMicDetection: true,
+
+ // Start the conference in audio only mode (no video is being received nor
+ // sent).
+ // startAudioOnly: false,
+
+ // Every participant after the Nth will start audio muted.
+ // startAudioMuted: 10,
+
+ // Start calls with audio muted. Unlike the option above, this one is only
+ // applied locally. FIXME: having these 2 options is confusing.
+ // startWithAudioMuted: false,
+
+ // Enabling it (with #params) will disable local audio output of remote
+ // participants and to enable it back a reload is needed.
+ // startSilent: false
+
+ // Video
+
+ // Sets the preferred resolution (height) for local video. Defaults to 720.
+ resolution: 480,
+
+ // w3c spec-compliant video constraints to use for video capture. Currently
+ // used by browsers that return true from lib-jitsi-meet's
+ // util#browser#usesNewGumFlow. The constraints are independency from
+ // this config's resolution value. Defaults to requesting an ideal aspect
+ // ratio of 16:9 with an ideal resolution of 720.
+ constraints: {
+ video: {
+ aspectRatio: 16 / 9,
+ height: {
+ ideal: 480,
+ max: 720,
+ min: 240
+ }
+ }
+ },
+
+ // Enable / disable simulcast support.
+ // disableSimulcast: false,
+
+ // Enable / disable layer suspension. If enabled, endpoints whose HD
+ // layers are not in use will be suspended (no longer sent) until they
+ // are requested again.
+ // enableLayerSuspension: false,
+
+ // Every participant after the Nth will start video muted.
+ // startVideoMuted: 10,
+
+ // Start calls with video muted. Unlike the option above, this one is only
+ // applied locally. FIXME: having these 2 options is confusing.
+ // startWithVideoMuted: false,
+
+ // If set to true, prefer to use the H.264 video codec (if supported).
+ // Note that it's not recommended to do this because simulcast is not
+ // supported when using H.264. For 1-to-1 calls this setting is enabled by
+ // default and can be toggled in the p2p section.
+ // preferH264: true,
+
+ // If set to true, disable H.264 video codec by stripping it out of the
+ // SDP.
+ // disableH264: false,
+
+ // Desktop sharing
+
+ // The ID of the jidesha extension for Chrome.
+ desktopSharingChromeExtId: null,
+
+ // Whether desktop sharing should be disabled on Chrome.
+ // desktopSharingChromeDisabled: false,
+
+ // The media sources to use when using screen sharing with the Chrome
+ // extension.
+ desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
+
+ // Required version of Chrome extension
+ desktopSharingChromeMinExtVersion: '0.1',
+
+ // Whether desktop sharing should be disabled on Firefox.
+ // desktopSharingFirefoxDisabled: false,
+
+ // Optional desktop sharing frame rate options. Default value: min:5, max:5.
+ // desktopSharingFrameRate: {
+ // min: 5,
+ // max: 5
+ // },
+
+ // Try to start calls with screen-sharing instead of camera video.
+ // startScreenSharing: false,
+
+ // Recording
+
+ // Whether to enable file recording or not.
+ // fileRecordingsEnabled: false,
+ // Enable the dropbox integration.
+ // dropbox: {
+ // appKey: '<APP_KEY>' // Specify your app key here.
+ // // A URL to redirect the user to, after authenticating
+ // // by default uses:
+ // // 'https://jitsi-meet.example.com/static/oauth.html'
+ // redirectURI:
+ // 'https://jitsi-meet.example.com/subfolder/static/oauth.html'
+ // },
+ // When integrations like dropbox are enabled only that will be shown,
+ // by enabling fileRecordingsServiceEnabled, we show both the integrations
+ // and the generic recording service (its configuration and storage type
+ // depends on jibri configuration)
+ // fileRecordingsServiceEnabled: false,
+ // Whether to show the possibility to share file recording with other people
+ // (e.g. meeting participants), based on the actual implementation
+ // on the backend.
+ // fileRecordingsServiceSharingEnabled: false,
+
+ // Whether to enable live streaming or not.
+ // liveStreamingEnabled: false,
+
+ // Transcription (in interface_config,
+ // subtitles and buttons can be configured)
+ // transcribingEnabled: false,
+
+ // Enables automatic turning on captions when recording is started
+ // autoCaptionOnRecord: false,
+
+ // Misc
+
+ // Default value for the channel "last N" attribute. -1 for unlimited.
+ channelLastN: -1,
+
+ // Disables or enables RTX (RFC 4588) (defaults to false).
+ // disableRtx: false,
+
+ // Disables or enables TCC (the default is in Jicofo and set to true)
+ // (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
+ // affects congestion control, it practically enables send-side bandwidth
+ // estimations.
+ // enableTcc: true,
+
+ // Disables or enables REMB (the default is in Jicofo and set to false)
+ // (draft-alvestrand-rmcat-remb-03). This setting affects congestion
+ // control, it practically enables recv-side bandwidth estimations. When
+ // both TCC and REMB are enabled, TCC takes precedence. When both are
+ // disabled, then bandwidth estimations are disabled.
+ // enableRemb: false,
+
+ // Defines the minimum number of participants to start a call (the default
+ // is set in Jicofo and set to 2).
+ // minParticipants: 2,
+
+ // Use XEP-0215 to fetch STUN and TURN servers.
+ // useStunTurn: true,
+
+ // Enable IPv6 support.
+ // useIPv6: true,
+
+ // Enables / disables a data communication channel with the Videobridge.
+ // Values can be 'datachannel', 'websocket', true (treat it as
+ // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
+ // open any channel).
+ // openBridgeChannel: true,
+
+
+ // UI
+ //
+
+ // Use display name as XMPP nickname.
+ // useNicks: false,
+
+ // Require users to always specify a display name.
+ // requireDisplayName: true,
+
+ // Whether to use a welcome page or not. In case it's false a random room
+ // will be joined when no room is specified.
+ enableWelcomePage: true,
+
+ // Enabling the close page will ignore the welcome page redirection when
+ // a call is hangup.
+ // enableClosePage: false,
+
+ // Disable hiding of remote thumbnails when in a 1-on-1 conference call.
+ // disable1On1Mode: false,
+
+ // Default language for the user interface.
+ defaultLanguage: 'fr',
+
+ // If true all users without a token will be considered guests and all users
+ // with token will be considered non-guests. Only guests will be allowed to
+ // edit their profile.
+ enableUserRolesBasedOnToken: false,
+
+ // Whether or not some features are checked based on token.
+ // enableFeaturesBasedOnToken: false,
+
+ // Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
+ // lockRoomGuestEnabled: false,
+
+ // When enabled the password used for locking a room is restricted to up to the number of digits specified
+ // roomPasswordNumberOfDigits: 10,
+ // default: roomPasswordNumberOfDigits: false,
+
+ // Message to show the users. Example: 'The service will be down for
+ // maintenance at 01:00 AM GMT,
+ // noticeMessage: '',
+
+ // Enables calendar integration, depends on googleApiApplicationClientID
+ // and microsoftApiApplicationClientID
+ // enableCalendarIntegration: false,
+
+ // Stats
+ //
+
+ // Whether to enable stats collection or not in the TraceablePeerConnection.
+ // This can be useful for debugging purposes (post-processing/analysis of
+ // the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
+ // estimation tests.
+ // gatherStats: false,
+
+ // The interval at which PeerConnection.getStats() is called. Defaults to 10000
+ // pcStatsInterval: 10000,
+
+ // To enable sending statistics to callstats.io you must provide the
+ // Application ID and Secret.
+ // callStatsID: '',
+ // callStatsSecret: '',
+
+ // enables sending participants display name to callstats
+ // enableDisplayNameInStats: false
+
+ // enables sending participants email if available to callstats and other analytics
+ // enableEmailInStats: false
+
+ // Privacy
+ //
+
+ // If third party requests are disabled, no other server will be contacted.
+ // This means avatars will be locally generated and callstats integration
+ // will not function.
+ // disableThirdPartyRequests: false,
+
+
+ // Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
+ //
+
+ p2p: {
+ // Enables peer to peer mode. When enabled the system will try to
+ // establish a direct connection when there are exactly 2 participants
+ // in the room. If that succeeds the conference will stop sending data
+ // through the JVB and use the peer to peer connection instead. When a
+ // 3rd participant joins the conference will be moved back to the JVB
+ // connection.
+ enabled: true,
+
+ // Use XEP-0215 to fetch STUN and TURN servers.
+ // useStunTurn: true,
+
+ // The STUN servers that will be used in the peer to peer connections
+ stunServers: [
+
+ // { urls: 'stun:jitsi-meet.example.com:443' },
+ { urls: 'stun:stun.l.google.com:19302' },
+ { urls: 'stun:stun1.l.google.com:19302' },
+ { urls: 'stun:stun2.l.google.com:19302' }
+ ],
+
+ // Sets the ICE transport policy for the p2p connection. At the time
+ // of this writing the list of possible values are 'all' and 'relay',
+ // but that is subject to change in the future. The enum is defined in
+ // the WebRTC standard:
+ // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
+ // If not set, the effective value is 'all'.
+ // iceTransportPolicy: 'all',
+
+ // If set to true, it will prefer to use H.264 for P2P calls (if H.264
+ // is supported).
+ preferH264: true,
+
+ // If set to true, disable H.264 video codec by stripping it out of the
+ // SDP.
+ // disableH264: false,
+
+ // How long we're going to wait, before going back to P2P after the 3rd
+ // participant has left the conference (to filter out page reload).
+ backToP2PDelay: 60
+ },
+
+ analytics: {
+ // The Google Analytics Tracking ID:
+ // googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
+
+ // The Amplitude APP Key:
+ // amplitudeAPPKey: '<APP_KEY>'
+
+ // Array of script URLs to load as lib-jitsi-meet "analytics handlers".
+ // scriptURLs: [
+ // "libs/analytics-ga.min.js", // google-analytics
+ // "https://example.com/my-custom-analytics.js"
+ // ],
+ },
+
+ // Information about the jitsi-meet instance we are connecting to, including
+ // the user region as seen by the server.
+ deploymentInfo: {
+ // shard: "shard1",
+ // region: "europe",
+ // userRegion: "asia"
+ }
+
+ // Information for the chrome extension banner
+ // chromeExtensionBanner: {
+ // // The chrome extension to be installed address
+ // url: 'https://chrome.google.com/webstore/detail/jitsi-meetings/kglhbbefdnlheedjiejgomgmfplipfeb',
+
+ // // Extensions info which allows checking if they are installed or not
+ // chromeExtensionsInfo: [
+ // {
+ // id: 'kglhbbefdnlheedjiejgomgmfplipfeb',
+ // path: 'jitsi-logo-48x48.png'
+ // }
+ // ]
+ // }
+
+ // Local Recording
+ //
+
+ // localRecording: {
+ // Enables local recording.
+ // Additionally, 'localrecording' (all lowercase) needs to be added to
+ // TOOLBAR_BUTTONS in interface_config.js for the Local Recording
+ // button to show up on the toolbar.
+ //
+ // enabled: true,
+ //
+
+ // The recording format, can be one of 'ogg', 'flac' or 'wav'.
+ // format: 'flac'
+ //
+
+ // }
+
+ // Options related to end-to-end (participant to participant) ping.
+ // e2eping: {
+ // // The interval in milliseconds at which pings will be sent.
+ // // Defaults to 10000, set to <= 0 to disable.
+ // pingInterval: 10000,
+ //
+ // // The interval in milliseconds at which analytics events
+ // // with the measured RTT will be sent. Defaults to 60000, set
+ // // to <= 0 to disable.
+ // analyticsInterval: 60000,
+ // }
+
+ // If set, will attempt to use the provided video input device label when
+ // triggering a screenshare, instead of proceeding through the normal flow
+ // for obtaining a desktop stream.
+ // NOTE: This option is experimental and is currently intended for internal
+ // use only.
+ // _desktopSharingSourceDevice: 'sample-id-or-label'
+
+ // If true, any checks to handoff to another application will be prevented
+ // and instead the app will continue to display in the current browser.
+ // disableDeepLinking: false
+
+ // A property to disable the right click context menu for localVideo
+ // the menu has option to flip the locally seen video for local presentations
+ // disableLocalVideoFlip: false
+
+ // Deployment specific URLs.
+ // deploymentUrls: {
+ // // If specified a 'Help' button will be displayed in the overflow menu with a link to the specified URL for
+ // // user documentation.
+ // userDocumentationURL: 'https://docs.example.com/video-meetings.html',
+ // // If specified a 'Download our apps' button will be displayed in the overflow menu with a link
+ // // to the specified URL for an app download page.
+ // downloadAppsUrl: 'https://docs.example.com/our-apps.html'
+ // }
+
+ // List of undocumented settings used in jitsi-meet
+ /**
+ _immediateReloadThreshold
+ autoRecord
+ autoRecordToken
+ debug
+ debugAudioLevels
+ deploymentInfo
+ dialInConfCodeUrl
+ dialInNumbersUrl
+ dialOutAuthUrl
+ dialOutCodesUrl
+ disableRemoteControl
+ displayJids
+ etherpad_base
+ externalConnectUrl
+ firefox_fake_device
+ googleApiApplicationClientID
+ iAmRecorder
+ iAmSipGateway
+ microsoftApiApplicationClientID
+ peopleSearchQueryTypes
+ peopleSearchUrl
+ requireDisplayName
+ tokenAuthUrl
+ */
+
+ // List of undocumented settings used in lib-jitsi-meet
+ /**
+ _peerConnStatusOutOfLastNTimeout
+ _peerConnStatusRtcMuteTimeout
+ abTesting
+ avgRtpStatsN
+ callStatsConfIDNamespace
+ callStatsCustomScriptUrl
+ desktopSharingSources
+ disableAEC
+ disableAGC
+ disableAP
+ disableHPF
+ disableNS
+ enableLipSync
+ enableTalkWhileMuted
+ forceJVB121Ratio
+ hiddenDomain
+ ignoreStartMuted
+ nick
+ startBitrate
+ */
+
+};
+
+/* eslint-enable no-unused-vars, no-var */
+
diff --git a/app/jitsi/build/jitsi-meet/entrypoint.sh b/app/jitsi/build/jitsi-meet/entrypoint.sh
new file mode 100755
index 0000000..1cd96dc
--- /dev/null
+++ b/app/jitsi/build/jitsi-meet/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+cat > /etc/nginx/sites-available/jitsi <<EOF
+server_names_hash_bucket_size 64;
+
+server {
+ listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server;
+ listen [::]:${NGINX_PORT} ssl http2 default_server;
+ server_name _;
+ ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt;
+ ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key;
+ root /srv/jitsi-meet;
+ index index.html;
+ location ~ ^/([a-zA-Z0-9=\?]+)$ {
+ rewrite ^/(.*)$ / break;
+ }
+ location / {
+ ssi on;
+ }
+ # BOSH, Bidirectional-streams Over Synchronous HTTP
+ # https://en.wikipedia.org/wiki/BOSH_(protocol)
+ location /http-bind {
+ proxy_pass http://${JITSI_PROSODY_BOSH_HOST}:${JITSI_PROSODY_BOSH_PORT}/http-bind;
+ proxy_set_header X-Forwarded-For \$remote_addr;
+ proxy_set_header Host \$http_host;
+ }
+ # external_api.js must be accessible from the root of the
+ # installation for the electron version of Jitsi Meet to work
+ # https://github.com/jitsi/jitsi-meet-electron
+ location /external_api.js {
+ alias /srv/jitsi-meet/libs/external_api.min.js;
+ }
+}
+EOF
+
+ln -sf /etc/nginx/sites-available/jitsi /etc/nginx/sites-enabled/jitsi
+
+exec "$@"
diff --git a/app/jitsi/build/jitsi-videobridge/Dockerfile b/app/jitsi/build/jitsi-videobridge/Dockerfile
new file mode 100644
index 0000000..c17fb4f
--- /dev/null
+++ b/app/jitsi/build/jitsi-videobridge/Dockerfile
@@ -0,0 +1,30 @@
+FROM debian:buster AS builder
+
+ARG PREFIXV
+ARG VERSION
+
+RUN apt-get update && \
+ apt-get install -y wget unzip maven openjdk-11-jdk && \
+ wget https://github.com/jitsi/jitsi-videobridge/archive/${PREFIXV}${VERSION}.zip -O jvb.zip
+
+RUN unzip jvb.zip && \
+ mv jitsi-videobridge*${VERSION} jvb && \
+ cd jvb && \
+ mvn package -DskipTests && \
+ ls jvb/target && \
+ unzip jvb/target/jitsi-videobridge*.zip && \
+ mv jitsi-videobridge-*-SNAPSHOT build
+
+FROM debian:buster
+
+RUN apt-get update && \
+ apt-get install -y openjdk-11-jre-headless
+
+COPY --from=builder /jvb/build /srv/jvb
+ENV HOME=/root
+WORKDIR /root
+COPY jvb_run /usr/local/bin/jvb_run
+
+ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"
+
+CMD ["/usr/local/bin/jvb_run"]
diff --git a/app/jitsi/build/jitsi-videobridge/jvb_run b/app/jitsi/build/jitsi-videobridge/jvb_run
new file mode 100755
index 0000000..b86c911
--- /dev/null
+++ b/app/jitsi/build/jitsi-videobridge/jvb_run
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+mkdir -p /root/.sip-communicator
+
+cat > /root/.sip-communicator/sip-communicator.properties <<EOF
+# Enable broadcasting stats/presence in a MUC
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+
+# Connect to the first XMPP server
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+# Do we need it? @FIXME
+org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
+
+# NAT things, two times just in case...
+org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
+org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
+org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
+org.jitsi.videobridge.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
+org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
+org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
+org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
+EOF
+
+[ -v JITSI_DEBUG ] && cat >> /root/.sip-communicator/sip-communicator.properties <<EOF
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_ARBITRARY_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_SIP_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_JABBER_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_RTP_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_ICE4j_ENABLED=true
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_COUNT=1
+net.java.sip.communicator.packetlogging.PACKET_LOGGING_FILE_SIZE=-1
+EOF
+
+/srv/jvb/jvb.sh \
+ --host=${JITSI_PROSODY_HOST} \
+ --domain=jitsi.deuxfleurs.fr \
+ --port=5347 \
+ --secret=${JITSI_SECRET_VIDEOBRIDGE} \
+ --apis=xmpp,rest
diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile
new file mode 100644
index 0000000..f3dcd36
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@@ -0,0 +1,13 @@
+FROM debian:buster
+
+ARG VERSION
+
+RUN apt-get update && \
+ apt-get install -y prosody=${VERSION}
+
+COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
+COPY xmpp_conf /usr/local/bin/xmpp_conf
+COPY xmpp_gen /usr/local/bin/xmpp_gen
+COPY xmpp_run /usr/local/bin/xmpp_run
+
+CMD ["/usr/local/bin/xmpp_run"]
diff --git a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua
new file mode 100644
index 0000000..beaaa87
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua
@@ -0,0 +1,2 @@
+component_ports = { 5347 }
+component_interface = "0.0.0.0"
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_conf b/app/jitsi/build/jitsi-xmpp/xmpp_conf
new file mode 100755
index 0000000..34b2cb3
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_conf
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+cat >> /etc/hosts <<EOF
+${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
+127.0.0.1 `hostname`
+EOF
+
+mkdir -p /etc/prosody/conf.{d,avail}/
+cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
+http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
+
+VirtualHost "jitsi.deuxfleurs.fr"
+ authentication = "anonymous"
+ ssl = {
+ key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
+ certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
+ }
+ modules_enabled = {
+ "bosh";
+ "pubsub";
+ }
+ c2s_require_encryption = false
+
+VirtualHost "auth.jitsi.deuxfleurs.fr"
+ ssl = {
+ key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
+ certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
+ }
+ authentication = "internal_plain"
+ admins = { "focus@auth.jitsi.deuxfleurs.fr"}
+
+Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+ storage = "memory"
+ modules_enabled = { "ping"; }
+ admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+
+Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
+ component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
+Component "focus.jitsi.deuxfleurs.fr"
+ component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
+
+EOF
+
+ln -sf \
+ /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
+ /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
+
+
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen
new file mode 100755
index 0000000..3a2e04a
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_gen
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/local/bin/xmpp_conf
+
+prosodyctl cert generate jitsi.deuxfleurs.fr
+prosodyctl cert generate auth.jitsi.deuxfleurs.fr
+
+cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
+cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}
diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run
new file mode 100755
index 0000000..6383b65
--- /dev/null
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_run
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+/usr/local/bin/xmpp_conf
+cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
+chown -R prosody:prosody /var/lib/prosody
+
+mkdir -p /usr/local/share/ca-certificates/
+ln -sf \
+ /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
+ /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
+
+prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
+prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
+
+mkdir /run/prosody
+touch /run/prosody/prosody.pid
+chown -R prosody:prosody /run/prosody
+
+cd /var/lib/prosody
+su - prosody -s /bin/bash -c prosody
diff --git a/app/jitsi/config/global_env.tpl b/app/jitsi/config/global_env.tpl
new file mode 100644
index 0000000..836a131
--- /dev/null
+++ b/app/jitsi/config/global_env.tpl
@@ -0,0 +1,10 @@
+JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }}
+JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }}
+JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }}
+JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }}
+JITSI_PROSODY_BOSH_HOST=127.0.0.1
+JITSI_PROSODY_HOST=127.0.0.1
+JITSI_CERTS_FOLDER=/secrets/certs/
+JITSI_NAT_PUBLIC_IP=82.253.205.190
+JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }}
+NGINX_PORT={{ env "NOMAD_PORT_https_port" }}
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl
new file mode 100644
index 0000000..852e1e6
--- /dev/null
+++ b/app/jitsi/deploy/jitsi.hcl
@@ -0,0 +1,234 @@
+job "jitsi" {
+ datacenters = ["dc1"]
+ type = "service"
+
+ constraint {
+ attribute = "${attr.cpu.arch}"
+ value = "amd64"
+ }
+
+ group "core" {
+
+ network {
+ port "bosh_port" { }
+ port "ext_port" { static = 5347 }
+ port "xmpp_port" { static = 5222 }
+ port "https_port" { }
+ port "video1_port" { static = 8080 }
+ port "video2_port" { static = 10000 }
+ }
+
+ task "xmpp" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_xmpp:v8"
+ ports = [ "bosh_port", "ext_port", "xmpp_port" ]
+ network_mode = "host"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ }
+
+ resources {
+ cpu = 300
+ memory = 200
+ }
+
+ service {
+ tags = [ "jitsi", "bosh" ]
+ port = "bosh_port"
+ address_mode = "host"
+ name = "jitsi-xmpp-bosh"
+ check {
+ type = "tcp"
+ port = "bosh_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ service {
+ tags = [ "jitsi", "ext" ]
+ port = "ext_port"
+ address_mode = "host"
+ name = "jitsi-ext"
+ }
+
+ service {
+ tags = [ "jitsi", "xmpp" ]
+ port = "xmpp_port"
+ address_mode = "host"
+ name = "jitsi-xmpp"
+ }
+ }
+
+ task "front" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_meet:v3"
+ network_mode = "host"
+ ports = [ "https_port" ]
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ # --- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.key"
+ }
+
+ resources {
+ cpu = 300
+ memory = 200
+ }
+
+ service {
+ tags = [
+ "jitsi",
+ "traefik.enable=true",
+ "traefik.frontend.entryPoints=https,http",
+ "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
+ "traefik.protocol=https"
+ ]
+ port = "https_port"
+ address_mode = "host"
+ name = "jitsi-front-https"
+ check {
+ type = "tcp"
+ port = "https_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+ }
+
+ task "jicofo" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_conference_focus:v6"
+ network_mode = "host"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ #--- secrets ---
+ template {
+ data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/jitsi.deuxfleurs.fr.crt"
+ }
+
+ template {
+ data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}"
+ destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt"
+ }
+
+ resources {
+ cpu = 300
+ memory = 400
+ }
+ }
+
+ task "videobridge" {
+ driver = "docker"
+ config {
+ image = "superboum/amd64_jitsi_videobridge:v16"
+ network_mode = "host"
+ ports = [ "video1_port", "video2_port" ]
+ ulimit {
+ nofile = "1048576:1048576"
+ nproc = "65536:65536"
+ }
+ }
+
+ env {
+ #JITSI_DEBUG = 1
+ JITSI_VIDEO_TCP = 8080
+ VIDEOBRIDGE_MAX_MEMORY = "1450m"
+ }
+
+ template {
+ data = file("../config/global_env.tpl")
+ destination = "secrets/global_env"
+ env = true
+ }
+
+ resources {
+ cpu = 900
+ memory = 1500
+ }
+
+ service {
+ tags = [ "jitsi", "(diplonat (tcp_port 8080))" ]
+ port = "video1_port"
+ address_mode = "host"
+ name = "jitsi-videobridge-video1"
+ check {
+ type = "tcp"
+ port = "video1_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
+
+ service {
+ tags = [ "jitsi", "(diplonat (udp_port 10000))" ]
+ port = "video2_port"
+ address_mode = "host"
+ name = "jitsi-videobridge-video2"
+ }
+ }
+ }
+}
+
diff --git a/app/jitsi/integratio/01_gen_certs.yml b/app/jitsi/integratio/01_gen_certs.yml
new file mode 100644
index 0000000..bf73291
--- /dev/null
+++ b/app/jitsi/integratio/01_gen_certs.yml
@@ -0,0 +1,8 @@
+version: '3'
+services:
+ jitsi-xmpp:
+ image: superboum/amd64_jitsi_xmpp:v2
+ command: ["/usr/local/bin/xmpp_gen"]
+ volumes: [ './jitsi-certs/:/certs:rw' ]
+ env_file: [ 'dev.env' ]
+
diff --git a/app/jitsi/integratio/02_run.yml b/app/jitsi/integratio/02_run.yml
new file mode 100644
index 0000000..73eefad
--- /dev/null
+++ b/app/jitsi/integratio/02_run.yml
@@ -0,0 +1,27 @@
+version: '3.4'
+services:
+ jitsi-xmpp:
+ image: superboum/amd64_jitsi_xmpp:v3
+ ports:
+ - "5222:5222"
+ - "5347:5347"
+ - "5280:5280"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-meet:
+ image: superboum/amd64_jitsi_meet:v1
+ ports:
+ - "443:443"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-conference-focus:
+ image: superboum/amd64_jitsi_conference_focus:v4
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
+ jitsi-videobridge:
+ image: superboum/amd64_jitsi_videobridge:v14
+ ports:
+ - "8080:8080/tcp"
+ - "10000:10000/udp"
+ env_file: [ 'dev.env' ]
+ volumes: [ './jitsi-certs/:/certs:ro' ]
diff --git a/app/jitsi/integratio/README.md b/app/jitsi/integratio/README.md
new file mode 100644
index 0000000..70b59fc
--- /dev/null
+++ b/app/jitsi/integratio/README.md
@@ -0,0 +1,26 @@
+This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md
+
+To build images:
+
+```
+docker-compose -f 02_run.yml build
+```
+
+To gen the certs:
+
+```
+docker-compose -f 01_gen_certs.yml up --force-recreate
+```
+
+To run the stack:
+
+
+```
+docker-compose -f 02_run.yml up --force-recreate
+```
+
+To push the stack on the docker registry:
+
+```
+docker-compose -f 02_run.yml push
+```
diff --git a/app/jitsi/integratio/dev.env b/app/jitsi/integratio/dev.env
new file mode 100644
index 0000000..1dd2122
--- /dev/null
+++ b/app/jitsi/integratio/dev.env
@@ -0,0 +1,10 @@
+JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
+JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
+JITSI_SECRET_JICOFO_USER=S3CR3T03
+JITSI_PROSODY_BOSH_PORT=5280
+JITSI_PROSODY_BOSH_HOST=172.17.0.1
+JITSI_PROSODY_HOST=172.17.0.1
+JITSI_CERTS_FOLDER=/certs/
+JITSI_NAT_PUBLIC_IP=37.164.35.154
+JITSI_NAT_LOCAL_IP=192.168.0.231
+JITSI_VIDEO_TCP=8080
diff --git a/app/jitsi/integratio/jitsi-certs/.gitignore b/app/jitsi/integratio/jitsi-certs/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/app/jitsi/integratio/jitsi-certs/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt
new file mode 100644
index 0000000..f2c4d4b
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt
@@ -0,0 +1 @@
+SSL_CERT jitsi_auth autj.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key
new file mode 100644
index 0000000..4a332f8
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/auth.jitsi.deuxfleurs.fr.key
@@ -0,0 +1 @@
+SSL_KEY jitsi_auth autj.jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt
new file mode 100644
index 0000000..32750d3
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.crt
@@ -0,0 +1 @@
+SSL_CERT jitsi jitsi.deuxfleurs.fr
diff --git a/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key
new file mode 100644
index 0000000..7676132
--- /dev/null
+++ b/app/jitsi/secrets/jitsi/jitsi.deuxfleurs.fr.key
@@ -0,0 +1 @@
+SSL_KEY jitsi