diff options
| -rw-r--r-- | app/build/docker-compose.yml | 6 | ||||
| -rwxr-xr-x | app/build/jitsi-meet/entrypoint.sh | 4 | ||||
| -rw-r--r-- | app/build/jitsi-xmpp/Dockerfile | 4 | ||||
| -rwxr-xr-x | app/build/jitsi-xmpp/xmpp_conf | 2 | ||||
| -rw-r--r-- | app/config/configuration/jitsi/global_env.tpl | 10 | ||||
| -rwxr-xr-x | app/config/restore_configuration.sh | 7 | ||||
| -rw-r--r-- | app/config/secrets/jitsi/global_env.sample | 9 | ||||
| -rw-r--r-- | app/deployment/jitsi.hcl | 116 |
8 files changed, 76 insertions, 82 deletions
diff --git a/app/build/docker-compose.yml b/app/build/docker-compose.yml index 38031d2..de2c229 100644 --- a/app/build/docker-compose.yml +++ b/app/build/docker-compose.yml @@ -49,7 +49,7 @@ services: # https://github.com/jitsi/jitsi-meet PREFIXV: stable/jitsi-meet_ VERSION: 4966 - image: superboum/amd64_jitsi_meet:v1 + image: superboum/amd64_jitsi_meet:v2 jitsi-conference-focus: build: @@ -73,8 +73,8 @@ services: build: context: ./jitsi-xmpp args: - VERSION: fake-1 - image: superboum/amd64_jitsi_xmpp:v4 + VERSION: 0.11.2-1 + image: superboum/amd64_jitsi_xmpp:v8 plume: build: diff --git a/app/build/jitsi-meet/entrypoint.sh b/app/build/jitsi-meet/entrypoint.sh index 1e18bd1..1cd96dc 100755 --- a/app/build/jitsi-meet/entrypoint.sh +++ b/app/build/jitsi-meet/entrypoint.sh @@ -4,8 +4,8 @@ cat > /etc/nginx/sites-available/jitsi <<EOF server_names_hash_bucket_size 64; server { - listen 0.0.0.0:443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + listen 0.0.0.0:${NGINX_PORT} ssl http2 default_server; + listen [::]:${NGINX_PORT} ssl http2 default_server; server_name _; ssl_certificate ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.crt; ssl_certificate_key ${JITSI_CERTS_FOLDER}/jitsi.deuxfleurs.fr.key; diff --git a/app/build/jitsi-xmpp/Dockerfile b/app/build/jitsi-xmpp/Dockerfile index 3733d49..f3dcd36 100644 --- a/app/build/jitsi-xmpp/Dockerfile +++ b/app/build/jitsi-xmpp/Dockerfile @@ -1,7 +1,9 @@ FROM debian:buster +ARG VERSION + RUN apt-get update && \ - apt-get install -y prosody + apt-get install -y prosody=${VERSION} COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua COPY xmpp_conf /usr/local/bin/xmpp_conf diff --git a/app/build/jitsi-xmpp/xmpp_conf b/app/build/jitsi-xmpp/xmpp_conf index 5990d07..34b2cb3 100755 --- a/app/build/jitsi-xmpp/xmpp_conf +++ b/app/build/jitsi-xmpp/xmpp_conf @@ -7,6 +7,8 @@ EOF mkdir -p /etc/prosody/conf.{d,avail}/ cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF +http_ports = { ${JITSI_PROSODY_BOSH_PORT} } + VirtualHost "jitsi.deuxfleurs.fr" authentication = "anonymous" ssl = { diff --git a/app/config/configuration/jitsi/global_env.tpl b/app/config/configuration/jitsi/global_env.tpl new file mode 100644 index 0000000..836a131 --- /dev/null +++ b/app/config/configuration/jitsi/global_env.tpl @@ -0,0 +1,10 @@ +JITSI_SECRET_VIDEOBRIDGE={{ key "secrets/jitsi/jitsi_secret_videobridge" }} +JITSI_SECRET_JICOFO_COMPONENT={{ key "secrets/jitsi/jitsi_secret_jicofo_component" }} +JITSI_SECRET_JICOFO_USER={{ key "secrets/jitsi/jitsi_secret_jicofo_user" }} +JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }} +JITSI_PROSODY_BOSH_HOST=127.0.0.1 +JITSI_PROSODY_HOST=127.0.0.1 +JITSI_CERTS_FOLDER=/secrets/certs/ +JITSI_NAT_PUBLIC_IP=82.253.205.190 +JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }} +NGINX_PORT={{ env "NOMAD_PORT_https_port" }} diff --git a/app/config/restore_configuration.sh b/app/config/restore_configuration.sh deleted file mode 100755 index 63d71a1..0000000 --- a/app/config/restore_configuration.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -find {configuration,secrets}/$1 -type f \ - | grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \ - | while read filename; do - consul kv put "${filename}" "@${filename}" - done diff --git a/app/config/secrets/jitsi/global_env.sample b/app/config/secrets/jitsi/global_env.sample deleted file mode 100644 index 658c9c9..0000000 --- a/app/config/secrets/jitsi/global_env.sample +++ /dev/null @@ -1,9 +0,0 @@ -JITSI_SECRET_VIDEOBRIDGE=redacted -JITSI_SECRET_JICOFO_COMPONENT=redacted -JITSI_SECRET_JICOFO_USER=redacted -JITSI_PROSODY_BOSH_PORT=5280 -JITSI_PROSODY_BOSH_HOST=127.0.0.1 -JITSI_PROSODY_HOST=127.0.0.1 -JITSI_CERTS_FOLDER=/secrets/certs/ -JITSI_NAT_PUBLIC_IP=redacted -JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }} diff --git a/app/deployment/jitsi.hcl b/app/deployment/jitsi.hcl index 3c8de3a..9c1edd5 100644 --- a/app/deployment/jitsi.hcl +++ b/app/deployment/jitsi.hcl @@ -8,39 +8,50 @@ job "jitsi" { } group "core" { + + network { + port "bosh_port" { } + port "ext_port" { static = 5347 } + port "xmpp_port" { static = 5222 } + port "https_port" { } + port "video1_port" { static = 8080 } + port "video2_port" { static = 10000 } + } + task "xmpp" { driver = "docker" config { - image = "superboum/amd64_jitsi_xmpp:v4" + image = "superboum/amd64_jitsi_xmpp:v8" + ports = [ "bosh_port", "ext_port", "xmpp_port" ] network_mode = "host" } template { + data = file("../config/configuration/jitsi/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + # --- secrets --- + template { data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" } + template { data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.key\" }}" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.key" } + template { data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" } + template { data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" destination = "secrets/certs/jitsi.deuxfleurs.fr.key" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } resources { cpu = 300 @@ -49,13 +60,12 @@ job "jitsi" { service { tags = [ "jitsi", "bosh" ] - port = 5280 - address_mode = "driver" + port = "bosh_port" + address_mode = "host" name = "jitsi-xmpp-bosh" check { type = "tcp" - address_mode = "driver" - port = 5280 + port = "bosh_port" interval = "60s" timeout = "5s" check_restart { @@ -68,15 +78,15 @@ job "jitsi" { service { tags = [ "jitsi", "ext" ] - port = 5347 - address_mode = "driver" + port = "ext_port" + address_mode = "host" name = "jitsi-ext" } service { tags = [ "jitsi", "xmpp" ] - port = 5222 - address_mode = "driver" + port = "xmpp_port" + address_mode = "host" name = "jitsi-xmpp" } } @@ -84,11 +94,19 @@ job "jitsi" { task "front" { driver = "docker" config { - image = "superboum/amd64_jitsi_meet:v1" + image = "superboum/amd64_jitsi_meet:v2" network_mode = "host" + ports = [ "https_port" ] } template { + data = file("../config/configuration/jitsi/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + # --- secrets --- + template { data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" } @@ -96,16 +114,6 @@ job "jitsi" { data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.key\" }}" destination = "secrets/certs/jitsi.deuxfleurs.fr.key" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } resources { cpu = 300 @@ -120,13 +128,12 @@ job "jitsi" { "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", "traefik.protocol=https" ] - port = 443 - address_mode = "driver" + port = "https_port" + address_mode = "host" name = "jitsi-front-https" check { type = "tcp" - port = 443 - address_mode = "driver" + port = "https_port" interval = "60s" timeout = "5s" check_restart { @@ -146,23 +153,21 @@ job "jitsi" { } template { + data = file("../config/configuration/jitsi/global_env.tpl") + destination = "secrets/global_env" + env = true + } + + #--- secrets --- + template { data = "{{ key \"secrets/jitsi/jitsi.deuxfleurs.fr.crt\" }}" destination = "secrets/certs/jitsi.deuxfleurs.fr.crt" } + template { data = "{{ key \"secrets/jitsi/auth.jitsi.deuxfleurs.fr.crt\" }}" destination = "secrets/certs/auth.jitsi.deuxfleurs.fr.crt" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } - template { - source = "secrets/global_env.tpl" - destination = "secrets/global_env" - env = true - } resources { cpu = 300 @@ -175,7 +180,7 @@ job "jitsi" { config { image = "superboum/amd64_jitsi_videobridge:v15" network_mode = "host" - port_map { video1_port = 8080 } # this is a hack, check secrets/jitsi/global_env to understand why + ports = [ "video1_port", "video2_port" ] ulimit { nofile = "1048576:1048576" nproc = "65536:65536" @@ -188,13 +193,8 @@ job "jitsi" { VIDEOBRIDGE_MAX_MEMORY = "1450m" } - artifact { - source = "http://127.0.0.1:8500/v1/kv/secrets/jitsi/global_env?raw" - destination = "secrets/global_env.tpl" - mode = "file" - } template { - source = "secrets/global_env.tpl" + data = file("../config/configuration/jitsi/global_env.tpl") destination = "secrets/global_env" env = true } @@ -202,20 +202,16 @@ job "jitsi" { resources { cpu = 900 memory = 1500 - network { - port "video1_port" { static = "8080" } # this is a hack - } } service { tags = [ "jitsi", "(diplonat (tcp_port 8080))" ] - port = 8080 - address_mode = "driver" + port = "video1_port" + address_mode = "host" name = "jitsi-videobridge-video1" check { type = "tcp" - port = 8080 - address_mode = "driver" + port = "video1_port" interval = "60s" timeout = "5s" check_restart { @@ -228,8 +224,8 @@ job "jitsi" { service { tags = [ "jitsi", "(diplonat (udp_port 10000))" ] - port = 10000 - address_mode = "driver" + port = "video2_port" + address_mode = "host" name = "jitsi-videobridge-video2" } } |