diff --git a/apps/jitsi/.env b/apps/jitsi/.env index d388e7cf8..53ace13e5 100644 --- a/apps/jitsi/.env +++ b/apps/jitsi/.env @@ -1,21 +1,241 @@ -W9_VERSION='stable-10431' +W9_VERSION='stable-10888' W9_REPO=jitsi/web +W9_DIST='community' W9_POWER_PASSWORD='DmIl1gkx!W7ok6Ph' #### -- Not allowed to edit below environments when recreate app based on existing data -- #### W9_ID='jitsi' +W9_HTTP_PORT_SET='9443' W9_HTTPS_PORT_SET='9443' +W9_UDP_PORT_SET='10000' W9_HTTPS_PORT=443 -W9_URL='internetIP' +W9_URL=internet_ip:$W9_HTTP_PORT_SET +W9_URL_REPLACE=true W9_NETWORK=websoft9 #### --------------------------------------------------------------------------------------- #### +# Official Jitsi variables below preserve the upstream env.example structure. +# Most options stay commented for reference; only the values used by this +# Websoft9 package are enabled. + +# shellcheck disable=SC2034 + +################################################################################ +################################################################################ +# Welcome to the Jitsi Meet Docker setup! +# +# This sample .env file contains some basic options to get you started. +# The full options reference can be found here: +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker +################################################################################ +################################################################################ + + +# +# Basic configuration options +# + +# Directory where all configuration will be stored +#CONFIG=~/.jitsi-meet-cfg + +# Exposed HTTP port (will redirect to HTTPS port) +#HTTP_PORT=8000 + +# Exposed HTTPS port +#HTTPS_PORT=8443 + +# System time zone +TZ=UTC + # Public URL for the web service (required) +# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL PUBLIC_URL=https://$W9_URL -# System Time Zone -TZ=UTC +# Media IP addresses and ports to advertise by the JVB +# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs +# See the "Running behind NAT or on a LAN environment" section in the Handbook: +# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment +#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4,192.168.178.1#12000,fe80::1#12000 + +# Keep private candidates hidden from clients in public deployments. +JVB_ADVERTISE_PRIVATE_CANDIDATES=false + +# +# Memory limits for Java components +# + +#JICOFO_MAX_MEMORY=3072m +#VIDEOBRIDGE_MAX_MEMORY=3072m + +# +# JaaS Components (beta) +# https://jaas.8x8.vc +# + +# Enable JaaS Components (hosted Jigasi) +# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL +#ENABLE_JAAS_COMPONENTS=0 + +# +# Let's Encrypt configuration +# + +# Enable Let's Encrypt certificate generation +#ENABLE_LETSENCRYPT=1 + +# Domain for which to generate the certificate +#LETSENCRYPT_DOMAIN=meet.example.com + +# E-Mail for receiving important account notifications (mandatory) +#LETSENCRYPT_EMAIL=alice@atlanta.net + +# Use the staging server (for avoiding rate limits while testing) +#LETSENCRYPT_USE_STAGING=1 + +# Set ACME server. Default is zerossl, you can peek one at https://github.com/acmesh-official/acme.sh/wiki/Server +#LETSENCRYPT_ACME_SERVER="letsencrypt" + +# +# Etherpad integration (for document sharing) +# + +# Set the etherpad-lite URL in the docker local network (uncomment to enable) +#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 + +# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable) +#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/ + +# +# rtcstats integration +# + +# Enable rtcstats analytics (uncomment to enable) +#RTCSTATS_ENABLED=true + +# Send the console logs to the rtcstats server +#RTCSTATS_STORE_LOGS=true + +# The interval at which rtcstats will poll getStats, defaults to 10000ms. +#RTCSTATS_POLL_INTERVAL=10000 + +# Send the SDP to the rtcstats server +#RTCSTATS_SEND_SDP=true + +# +# Whiteboard integration +# + +# Set the excalidraw-backend URL in the docker local network (uncomment to enable) +#WHITEBOARD_COLLAB_SERVER_URL_BASE=http://whiteboard.meet.jitsi + +# Set the excalidraw-backend public URL (uncomment to enable) +#WHITEBOARD_COLLAB_SERVER_PUBLIC_URL=https://whiteboard.meet.my.domain + + +# +# Basic Jigasi configuration options (needed for SIP gateway support) +# + +# SIP URI for incoming / outgoing calls +#JIGASI_SIP_URI=test@sip2sip.info + +# Password for the specified SIP account as a clear text +#JIGASI_SIP_PASSWORD= + +# SIP server (use the SIP account domain if in doubt) +#JIGASI_SIP_SERVER=sip2sip.info + +# SIP server port +#JIGASI_SIP_PORT=5060 + +# SIP server transport +#JIGASI_SIP_TRANSPORT=UDP + + +# +# Authentication configuration (see handbook for details) +# + +# Enable authentication (will ask for login and password to join the meeting) +#ENABLE_AUTH=1 + +# Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in) +#ENABLE_GUESTS=1 + +# Select authentication type: internal, jwt, ldap or matrix +#AUTH_TYPE=internal + +# JWT authentication +# + +# Application identifier +#JWT_APP_ID=my_jitsi_app_id + +# Application secret known only to your token generator +#JWT_APP_SECRET=my_jitsi_app_secret + +# (Optional) Set asap_accepted_issuers as a comma separated list +#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client + +# (Optional) Set asap_accepted_audiences as a comma separated list +#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 + +# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) +# + +# LDAP url for connection +#LDAP_URL=ldaps://ldap.domain.com/ + +# LDAP base DN. Can be empty +#LDAP_BASE=DC=example,DC=domain,DC=com + +# LDAP user DN. Do not specify this parameter for the anonymous bind +#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com + +# LDAP user password. Do not specify this parameter for the anonymous bind +#LDAP_BINDPW=LdapUserPassw0rd + +# LDAP filter. Tokens example: +# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail +# %s - %s is replaced by the complete service string +# %r - %r is replaced by the complete realm string +#LDAP_FILTER=(sAMAccountName=%u) + +# LDAP authentication method +#LDAP_AUTH_METHOD=bind + +# LDAP version +#LDAP_VERSION=3 + +# LDAP TLS using +#LDAP_USE_TLS=1 + +# List of SSL/TLS ciphers to allow +#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC + +# Require and verify server certificate +#LDAP_TLS_CHECK_PEER=1 + +# Path to CA cert file. Used when server certificate verify is enabled +#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt + +# Path to CA certs directory. Used when server certificate verify is enabled +#LDAP_TLS_CACERT_DIR=/etc/ssl/certs + +# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// +# LDAP_START_TLS=1 + + +# +# Security +# +# Set these to strong passwords to avoid intruders from impersonating a service account +# The service(s) won't start unless these are specified +# Running ./gen-passwords.sh will update .env with strong passwords +# You may skip the Jigasi and Jibri passwords if you are not using those +# DO NOT reuse passwords +# # XMPP password for Jicofo client connections JICOFO_AUTH_PASSWORD=JICOFO$W9_POWER_PASSWORD @@ -26,9 +246,21 @@ JVB_AUTH_PASSWORD=JVB$W9_POWER_PASSWORD # XMPP password for Jigasi MUC client connections JIGASI_XMPP_PASSWORD=JIGASI$W9_POWER_PASSWORD +# XMPP password for Jigasi transcriber client connections +#JIGASI_TRANSCRIBER_PASSWORD= + # XMPP recorder password for Jibri client connections JIBRI_RECORDER_PASSWORD=RECORDER$W9_POWER_PASSWORD # XMPP password for Jibri client connections JIBRI_XMPP_PASSWORD=XMPP$W9_POWER_PASSWORD -W9_DIST='community' + +# +# Docker Compose options +# + +# Container restart policy +#RESTART_POLICY=unless-stopped + +# Jitsi image version (useful for local development) +#JITSI_IMAGE_VERSION=latest diff --git a/apps/jitsi/README.md b/apps/jitsi/README.md index 0ef25bc52..5abee0d14 100644 --- a/apps/jitsi/README.md +++ b/apps/jitsi/README.md @@ -3,7 +3,7 @@ This is an **[Docker Compose template](https://github.com/Websoft9/docker-library)** powered by [Websoft9](https://www.websoft9.com) based on Docker for Jitsi: - - community: stable-9779 + - community: stable-10888 ## System Requirements diff --git a/apps/jitsi/docker-compose.yml b/apps/jitsi/docker-compose.yml index 745b36c6f..c6f07c3ab 100644 --- a/apps/jitsi/docker-compose.yml +++ b/apps/jitsi/docker-compose.yml @@ -1,6 +1,5 @@ # image: https://hub.docker.com/r/jitsi/web/ # compose: https://github.com/jitsi/docker-jitsi-meet -version: '3.8' services: # Frontend @@ -22,13 +21,19 @@ services: - AUDIO_QUALITY_OPUS_BITRATE - AUTO_CAPTION_ON_RECORD - BRANDING_DATA_URL + - BWE_ESTIMATOR_ENGINE - BOSH_RELATIVE - CHROME_EXTENSION_BANNER_JSON + - CODEC_ORDER_JVB + - CODEC_ORDER_JVB_MOBILE + - CODEC_ORDER_P2P + - CODEC_ORDER_P2P_MOBILE - COLIBRI_WEBSOCKET_PORT - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME - COLIBRI_WEBSOCKET_REGEX - CONFCODE_URL - CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN + - CSP_HEADER - DEFAULT_LANGUAGE - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE @@ -57,7 +62,9 @@ services: - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - DYNAMIC_BRANDING_URL + - ENABLE_ADAPTIVE_MODE - ENABLE_AUDIO_PROCESSING + - ENABLE_AUTOMATIC_GAIN_CONTROL - ENABLE_AUTH - ENABLE_AUTH_DOMAIN - ENABLE_BREAKOUT_ROOMS @@ -98,6 +105,7 @@ services: - ENABLE_TALK_WHILE_MUTED - ENABLE_TCC - ENABLE_TRANSCRIPTIONS + - ENABLE_VLA - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - ETHERPAD_PUBLIC_URL @@ -115,9 +123,11 @@ services: - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - LETSENCRYPT_USE_STAGING + - LETSENCRYPT_ACME_SERVER - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID + - NGINX_KEEPALIVE_TIMEOUT - NGINX_RESOLVER - NGINX_WORKER_PROCESSES - NGINX_WORKER_CONNECTIONS @@ -125,10 +135,18 @@ services: - PREFERRED_LANGUAGE - PUBLIC_URL - P2P_PREFERRED_CODEC + - P2P_STUN_SERVERS - RESOLUTION - RESOLUTION_MIN - RESOLUTION_WIDTH - RESOLUTION_WIDTH_MIN + - RTCSTATS_ENABLED + - RTCSTATS_STORE_LOGS + - RTCSTATS_POLL_INTERVAL + - RTCSTATS_SEND_SDP + - RTCSTATS_URL_BASE + - RTC_VISUALIZER_URL_BASE + - RTC_VISUALIZER_PATH - START_AUDIO_MUTED - START_AUDIO_ONLY - START_SILENT @@ -171,6 +189,7 @@ services: - XMPP_BOSH_URL_BASE - XMPP_DOMAIN - XMPP_GUEST_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_PORT @@ -203,6 +222,7 @@ services: - ENABLE_IPV6 - ENABLE_LOBBY - ENABLE_RECORDING + - ENABLE_TRANSCRIPTIONS - ENABLE_S2S - ENABLE_VISITORS - ENABLE_XMPP_WEBSOCKET @@ -222,6 +242,8 @@ services: - JIBRI_XMPP_PASSWORD - JICOFO_AUTH_PASSWORD - JICOFO_COMPONENT_SECRET + - JIGASI_TRANSCRIBER_PASSWORD + - JIGASI_TRANSCRIBER_USER - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - JVB_AUTH_USER @@ -262,7 +284,14 @@ services: - PROSODY_C2S_REQUIRE_ENCRYPTION - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL + - PROSODY_DISABLE_C2S_LIMIT + - PROSODY_DISABLE_S2S_LIMIT + - PROSODY_ENABLE_FILTER_MESSAGES + - PROSODY_ENABLE_MUC_RESOURCE_VALIDATE + - PROSODY_MUC_RESOURCE_VALIDATE_ANONYMOUS_STRICT + - PROSODY_MUC_RESOURCE_VALIDATE_ANON_METHODS - PROSODY_ENABLE_RATE_LIMITS + - PROSODY_ENABLE_RECORDING_METADATA - PROSODY_ENABLE_STANZA_COUNTS - PROSODY_ENABLE_S2S - PROSODY_ENABLE_METRICS @@ -281,20 +310,25 @@ services: - PROSODY_TRUSTED_PROXIES - PROSODY_VISITOR_INDEX - PROSODY_VISITORS_MUC_PREFIX + - PROSODY_VISITORS_S2S_VHOSTS - PUBLIC_URL - STUN_HOST - STUN_PORT - TURN_CREDENTIALS + - TURN_USERNAME + - TURN_PASSWORD - TURN_HOST - TURNS_HOST - TURN_PORT - TURNS_PORT - TURN_TRANSPORT + - TURN_TTL - TZ - VISITORS_MAX_VISITORS_PER_NODE - VISITORS_XMPP_DOMAIN - VISITORS_XMPP_SERVER - VISITORS_XMPP_PORT + - WAIT_FOR_HOST_DISABLE_AUTO_OWNERS - XMPP_BREAKOUT_MUC_MODULES - XMPP_CONFIGURATION - XMPP_DOMAIN @@ -307,6 +341,7 @@ services: - XMPP_MUC_MODULES - XMPP_MUC_CONFIGURATION - XMPP_INTERNAL_MUC_MODULES + - XMPP_HIDDEN_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_PORT - XMPP_SERVER_S2S_PORT @@ -331,6 +366,7 @@ services: - BRIDGE_STRESS_THRESHOLD - ENABLE_AUTH - ENABLE_AUTO_OWNER + - ENABLE_MODERATOR_CHECKS - ENABLE_CODEC_VP8 - ENABLE_CODEC_VP9 - ENABLE_CODEC_AV1 @@ -341,6 +377,8 @@ services: - ENABLE_OCTO_SCTP - ENABLE_RECORDING - ENABLE_SCTP + - ENABLE_SHARED_DOCUMENT_RANDOM_NAME + - ENABLE_TRANSCRIPTIONS - ENABLE_VISITORS - ENABLE_AUTO_LOGIN - JICOFO_AUTH_LIFETIME @@ -357,11 +395,18 @@ services: - JICOFO_CONF_STRIP_SIMULCAST - JICOFO_CONF_SSRC_REWRITING - JICOFO_ENABLE_HEALTH_CHECKS + - JICOFO_ENABLE_ICE_FAILURE_DETECTION + - JICOFO_ENABLE_LOAD_REDISTRIBUTION - JICOFO_ENABLE_REST - JICOFO_HEALTH_CHECKS_USE_PRESENCE + - JICOFO_ICE_FAILURE_INTERVAL + - JICOFO_ICE_FAILURE_MIN_ENDPOINTS + - JICOFO_ICE_FAILURE_THRESHOLD - JICOFO_MAX_MEMORY - JICOFO_MULTI_STREAM_BACKWARD_COMPAT - JICOFO_OCTO_REGION + - JICOFO_RESTART_REQUEST_MAX + - JICOFO_RESTART_REQUEST_INTERVAL - JICOFO_TRUSTED_DOMAINS - JIBRI_BREWERY_MUC - JIBRI_REQUEST_RETRIES @@ -389,6 +434,7 @@ services: - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER @@ -403,8 +449,8 @@ services: image: jitsi/jvb:${W9_VERSION} container_name: $W9_ID-jvb restart: unless-stopped - # ports: - # - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' + ports: + - '${W9_UDP_PORT_SET:-10000}:${W9_UDP_PORT_SET:-10000}/udp' # - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080' volumes: - jvb_config:/config:Z @@ -418,6 +464,7 @@ services: - AUTOSCALER_SIDECAR_REGION - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL + - DISABLE_AWS_HARVESTER - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET - ENABLE_JVB_XMPP_SERVER @@ -432,7 +479,7 @@ services: - JVB_DISABLE_STUN - JVB_DISABLE_XMPP - JVB_INSTANCE_ID - - JVB_PORT + - JVB_PORT=${W9_UDP_PORT_SET:-10000} - JVB_MUC_NICKNAME - JVB_STUN_SERVERS - JVB_LOG_FILE diff --git a/apps/jitsi/variables.json b/apps/jitsi/variables.json index de7c54933..8b6321e18 100644 --- a/apps/jitsi/variables.json +++ b/apps/jitsi/variables.json @@ -8,7 +8,7 @@ { "dist": "community", "version": [ - "stable-10431" + "stable-10888" ] } ],