athaliar/dockerStuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more updates march

Browse Source
This commit is contained in:
Nathan root
2026-03-01 17:38:47 +00:00
parent ceee62f62c
commit a085ba9714
810 changed files with 27066 additions and 6471 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
jitsi/.env.bak Normal file
View File

@@ -0,0 +1,227 @@
# shellcheck disable=SC2034
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port (will redirect to HTTPS port)
HTTP_PORT=8000
# Exposed HTTPS port
HTTPS_PORT=8443
# System time zone
TZ=UTC
# Public URL for the web service (required)
# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL
#PUBLIC_URL=https://meet.example.com:${HTTPS_PORT}
# Media IP addresses and ports to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4,192.168.178.1#12000,fe80::1#12000
#
# Memory limits for Java components
#
#JICOFO_MAX_MEMORY=3072m
#VIDEOBRIDGE_MAX_MEMORY=3072m
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable JaaS Components (hosted Jigasi)
# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
#ENABLE_JAAS_COMPONENTS=0
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com
# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
# Set ACME server. Default is zerossl, you can peek one at https://github.com/acmesh-official/acme.sh/wiki/Server
#LETSENCRYPT_ACME_SERVER="letsencrypt"
#
# Etherpad integration (for document sharing)
#
# Set the etherpad-lite URL in the docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
#
# Whiteboard integration
#
# Set the excalidraw-backend URL in the docker local network (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_URL_BASE=http://whiteboard.meet.jitsi
# Set the excalidraw-backend public URL (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_PUBLIC_URL=https://whiteboard.meet.my.domain
#
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
#JIGASI_SIP_PORT=5060
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
# Enable authentication (will ask for login and password to join the meeting)
#ENABLE_AUTH=1
# Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in)
#ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal
# JWT authentication
#
# Application identifier
#JWT_APP_ID=my_jitsi_app_id
# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/
# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com
# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
# LDAP authentication method
#LDAP_AUTH_METHOD=bind
# LDAP version
#LDAP_VERSION=3
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1
#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=
# XMPP password for Jigasi transcriber client connections
JIGASI_TRANSCRIBER_PASSWORD=
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=
#
# Docker Compose options
#
# Container restart policy
#RESTART_POLICY=unless-stopped
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest

1201
jitsi/CHANGELOG.md Normal file
View File

File diff suppressed because it is too large Load Diff

203
jitsi/LICENSE Normal file
View File

@@ -0,0 +1,203 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

63
jitsi/Makefile Normal file
View File

@@ -0,0 +1,63 @@
FORCE_REBUILD ?= 0
JITSI_RELEASE ?= stable
JITSI_BUILD ?= unstable
JITSI_REPO ?= jitsi
JITSI_SERVICES := base base-java web prosody jicofo jvb jigasi jibri
BUILD_ARGS := \
--build-arg JITSI_REPO=$(JITSI_REPO) \
--build-arg JITSI_RELEASE=$(JITSI_RELEASE)
ifeq ($(FORCE_REBUILD), 1)
BUILD_ARGS := $(BUILD_ARGS) --no-cache
endif
all: build-all
release:
@$(foreach SERVICE, $(JITSI_SERVICES), $(MAKE) --no-print-directory JITSI_SERVICE=$(SERVICE) buildx;)
buildx:
docker buildx build \
--platform linux/amd64,linux/arm64 \
--progress=plain \
$(BUILD_ARGS) --build-arg BASE_TAG=$(JITSI_BUILD) \
--pull --push \
--tag $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD) \
--tag $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_RELEASE) \
$(JITSI_SERVICE)
$(addprefix buildx_,$(JITSI_SERVICES)):
$(MAKE) --no-print-directory JITSI_SERVICE=$(patsubst buildx_%,%,$@) buildx
build:
docker buildx build \
$(BUILD_ARGS) \
--load \
--progress plain \
--tag $(JITSI_REPO)/$(JITSI_SERVICE) \
$(JITSI_SERVICE)
$(addprefix build_,$(JITSI_SERVICES)):
$(MAKE) --no-print-directory JITSI_SERVICE=$(patsubst build_%,%,$@) build
tag:
docker tag $(JITSI_REPO)/$(JITSI_SERVICE) $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD)
push:
docker push $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD)
%-all:
@$(foreach SERVICE, $(JITSI_SERVICES), $(MAKE) --no-print-directory JITSI_SERVICE=$(SERVICE) $(subst -all,;,$@))
clean:
docker-compose stop
docker-compose rm
docker network prune
prepare:
FORCE_REBUILD=1 $(MAKE)
.PHONY: all build tag push clean prepare release $(addprefix build_,$(JITSI_SERVICES))

39
jitsi/README.md Normal file
View File

@@ -0,0 +1,39 @@
# Jitsi Meet on Docker
![](resources/jitsi-docker.png)
[Jitsi](https://jitsi.org/) is a set of Open Source projects that allows you to easily build and deploy secure videoconferencing solutions.
[Jitsi Meet](https://jitsi.org/jitsi-meet/) is a fully encrypted, 100% Open Source video conferencing solution that you can use all day, every day, for free — with no account needed.
This repository contains the necessary tools to run a Jitsi Meet stack on [Docker](https://www.docker.com) using [Docker Compose](https://docs.docker.com/compose/).
All our images are published on [DockerHub](https://hub.docker.com/u/jitsi/).
## Supported architectures
Starting with `stable-7439` the published images are available for `amd64` and `arm64`.
## Tags
These are the currently published tags for all our images:
Tag | Description
-- | --
`stable` | Points to the latest stable release
`stable-NNNN-X` | A stable release
`unstable` | Points to the latest unstable release
`unstable-YYYY-MM-DD` | Daily unstable release
`latest` | Deprecated, no longer updated (will be removed)
## Installation
The installation manual is available [here](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker).
### Kubernetes
If you plan to install the jitsi-meet stack on a Kubernetes cluster you can find tools and tutorials in the project [Jitsi on Kubernetes](https://github.com/jitsi-contrib/jitsi-kubernetes).
## TODO
* Builtin TURN server.

13
jitsi/base-java/Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
ARG JITSI_REPO=jitsi
ARG BASE_TAG=latest
FROM ${JITSI_REPO}/base:${BASE_TAG}
RUN mkdir -p /usr/share/man/man1 && \
mkdir -p /etc/apt/keyrings/ && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y unzip ca-certificates curl gnupg && \
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y nodejs openjdk-17-jre-headless openjdk-17-jdk-headless && \
apt-cleanup

40
jitsi/base/Dockerfile Normal file
View File

@@ -0,0 +1,40 @@
FROM docker.io/library/debian:bookworm-slim
ARG JITSI_RELEASE=stable
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
COPY rootfs /
RUN \
dpkgArch="$(dpkg --print-architecture)" && \
case "${dpkgArch##*-}" in \
"amd64") TPL_ARCH=amd64; S6_ARCH=amd64 ;; \
"arm64") TPL_ARCH=arm64; S6_ARCH=aarch64 ;; \
*) echo "unsupported architecture"; exit 1 ;; \
esac && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg wget curl && \
wget -qO /usr/bin/tpl https://github.com/jitsi/tpl/releases/download/v1.4.0/tpl-linux-${TPL_ARCH} && \
# Workaround S6 bug when /bin is a symlink
wget -qO /tmp/s6.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-${S6_ARCH}.tar.gz && \
mkdir /tmp/s6 && \
tar xfz /tmp/s6.tar.gz -C /tmp/s6 && \
tar hxfz /tmp/s6.tar.gz -C / && \
rm -f /usr/bin/execlineb && \
cp /tmp/s6/bin/execlineb /usr/bin/ && \
rm -rf /tmp/s6* && \
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmour > /etc/apt/trusted.gpg.d/jitsi.gpg && \
echo "deb https://download.jitsi.org $JITSI_RELEASE/" > /etc/apt/sources.list.d/jitsi.list && \
echo "deb http://ftp.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get dist-upgrade -y && \
apt-cleanup && \
chmod +x /usr/bin/tpl
RUN [ "$JITSI_RELEASE" = "unstable" ] && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jq procps curl vim iputils-ping net-tools && \
apt-cleanup || \
true
ENTRYPOINT [ "/init" ]

2
jitsi/base/rootfs/etc/apt/apt.conf.d/99local Normal file
View File

@@ -0,0 +1,2 @@
APT::Install-Recommends "false";
APT::Install-Suggests "false";

0
jitsi/base/rootfs/etc/cont-finish.d/.gitkeep Normal file
View File

0
jitsi/base/rootfs/etc/cont-init.d/.gitkeep Normal file
View File

10
jitsi/base/rootfs/etc/cont-init.d/01-set-timezone Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/with-contenv bash
if [[ ! -z "$TZ" ]]; then
if [[ -f /usr/share/zoneinfo/$TZ ]]; then
ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
echo "$TZ" > /etc/timezone
else
echo "WARNING: $TZ is not a valid time zone."
fi
fi

0
jitsi/base/rootfs/etc/fix-attrs.d/.gitkeep Normal file
View File

0
jitsi/base/rootfs/etc/services.d/.gitkeep Normal file
View File

3
jitsi/base/rootfs/usr/bin/apt-cleanup Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
rm -rf /var/lib/apt/lists/

8
jitsi/base/rootfs/usr/bin/apt-dpkg-wrap Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive
bin=$1
shift
exec "$bin" "$@"

1
jitsi/config/jitsi-meet-cfg/jibri/recordings/de5a80fe-e70e-496a-b9ee-b6277187488e/metadata.json Normal file
View File

@@ -0,0 +1 @@
{"meeting_url":"https://jitsi.athaliapps.xyz//waaa","participants":[],"share":true}

BIN
jitsi/config/jitsi-meet-cfg/jibri/recordings/de5a80fe-e70e-496a-b9ee-b6277187488e/waaa_2026-01-16-18-53-13.mp4 Normal file
View File

Binary file not shown.

132
jitsi/config/jitsi-meet-cfg/jicofo/jicofo.conf Normal file
View File

@@ -0,0 +1,132 @@
jicofo {
// Configuration related to jitsi-videobridge
bridge {
brewery-jid = "jvbbrewery@internal-muc.meet.jitsi"
}
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
codec {
video {
}
audio {
}
rtp-extensions {
video-layers-allocation {
enabled = false
}
}
}
conference {
max-ssrcs-per-user = "20"
max-ssrc-groups-per-user = "20"
}
jibri {
brewery-jid = "jibribrewery@internal-muc.meet.jitsi"
pending-timeout = "90"
}
octo {
// Whether or not to use Octo. Note that when enabled, its use will be determined by
// $jicofo.bridge.selection-strategy. There's a corresponding flag in the JVB and these
// two MUST be in sync (otherwise bridges will crash because they won't know how to
// deal with octo channels).
enabled = false
sctp-datachannels = true
}
sctp {
enabled = true
}
xmpp {
client {
enabled = true
hostname = "xmpp.meet.jitsi"
port = "5222"
domain = "auth.meet.jitsi"
xmpp-domain = "meet.jitsi"
username = "focus"
password = "94ff7046987877b99cbf8b1e15aa4c84"
conference-muc-jid = "muc.meet.jitsi"
client-proxy = "focus.meet.jitsi"
disable-certificate-verification = true
}
trusted-domains = [ "hidden.meet.jitsi" ]
}
}
include "custom-jicofo.conf"

13
jitsi/config/jitsi-meet-cfg/jicofo/logging.properties Normal file
View File

@@ -0,0 +1,13 @@
handlers= java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo
.level=INFO
io.sentry.jul.SentryHandler.level=WARNING
# Enable debug packets logging
#org.jitsi.impl.protocol.xmpp.level=FINE

93
jitsi/config/jitsi-meet-cfg/jvb/jvb.conf Normal file
View File

@@ -0,0 +1,93 @@
videobridge {
cc {
use-vla-target-bitrate = false
trust-bwe = true
}
ice {
udp {
port = 10000
}
advertise-private-candidates = true
}
apis {
xmpp-client {
configs {
shard0 {
HOSTNAME = "xmpp.meet.jitsi"
PORT = "5222"
DOMAIN = "auth.meet.jitsi"
USERNAME = "jvb"
PASSWORD = "44d9e2703b1f2a09f518e88adb2bff5b"
MUC_JIDS = "jvbbrewery@internal-muc.meet.jitsi"
MUC_NICKNAME = "4e7d9023d072"
DISABLE_CERTIFICATE_VERIFICATION = true
}
}
}
rest {
enabled = false
}
}
rest {
shutdown {
enabled = false
}
}
sctp {
enabled = true
use-usrsctp = false
}
stats {
enabled = true
}
websockets {
enabled = false
domain = "jitsi.athaliapps.xyz"
tls = true
server-id = "172.21.0.5"
}
http-servers {
private {
host = 0.0.0.0
send-server-version = false
}
public {
host = 0.0.0.0
port = 9090
send-server-version = false
}
}
health {
require-valid-address = false
}
}
jmt {
bwe {
estimator {
engine = "GoogleCc2"
}
}
}
ice4j {
harvest {
mapping {
aws {
enabled = false
}
stun {
addresses = [ "meet-jit-si-turnrelay.jitsi.net:443" ]
}
static-mappings = [
]
}
}
}
include "custom-jvb.conf"

10
jitsi/config/jitsi-meet-cfg/jvb/logging.properties Normal file
View File

@@ -0,0 +1,10 @@
handlers= java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.utils.logging2.JitsiLogFormatter.programname=JVB
.level=INFO
io.sentry.jul.SentryHandler.level=WARNING

27
jitsi/config/jitsi-meet-cfg/prosody/config/certs/auth.meet.jitsi.crt Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEiTCCA3GgAwIBAgIUROLDqMTQcjv4ed46Vwnn5GwdMNAwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAkdCMRUwEwYDVQQHDAxUaGUgSW50ZXJuZXQxGjAYBgNV
BAoMEVlvdXIgT3JnYW5pc2F0aW9uMRgwFgYDVQQLDA9YTVBQIERlcGFydG1lbnQx
GDAWBgNVBAMMD2F1dGgubWVldC5qaXRzaTEjMCEGCSqGSIb3DQEJARYUeG1wcEBh
dXRoLm1lZXQuaml0c2kwHhcNMjYwMTE2MTc1NjQxWhcNMjcwMTE2MTc1NjQxWjCB
mTELMAkGA1UEBhMCR0IxFTATBgNVBAcMDFRoZSBJbnRlcm5ldDEaMBgGA1UECgwR
WW91ciBPcmdhbmlzYXRpb24xGDAWBgNVBAsMD1hNUFAgRGVwYXJ0bWVudDEYMBYG
A1UEAwwPYXV0aC5tZWV0LmppdHNpMSMwIQYJKoZIhvcNAQkBFhR4bXBwQGF1dGgu
bWVldC5qaXRzaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6l2BBG
35BzAnR1Zlu+CFkLDd4P6mrMCWUQ0zQwNvbjGD664BkwmuyxNmCIL/Gn/kOJa9tx
4hcIdMOj3gUJtVcfhiLwum8+ZrsPbzu2jusZ7Ot1kHnURXaQh5bw3rKIWEpU5IdH
PWn58Q/CBQFhHITbw6bQc5eGEis3wmNSYqtd4TL8a1J5GgLlspK/7QBoBatlpu+P
IttNbNTTtWhdOfdKPGRPNj8SYRNga+aefK7Pkz5Wx4l8ypeguUvZTWSJxJetScH/
xRR9n/DUnDrh9AGiyTy/fWJH8++o51s4J/LpKObv+tvp/4+2ilqu2IHwx61n4+Fn
hljIF6IoD0inmpMCAwEAAaOBxjCBwzCBkwYDVR0RBIGLMIGIoCoGCCsGAQUFBwgH
oB4WHF94bXBwLWNsaWVudC5hdXRoLm1lZXQuaml0c2mgKgYIKwYBBQUHCAegHhYc
X3htcHAtc2VydmVyLmF1dGgubWVldC5qaXRzaaAdBggrBgEFBQcIBaARDA9hdXRo
Lm1lZXQuaml0c2mCD2F1dGgubWVldC5qaXRzaTAMBgNVHRMEBTADAQH/MB0GA1Ud
DgQWBBS/u1DPLBur9ylkND3heEIhbtYVxjANBgkqhkiG9w0BAQsFAAOCAQEAAbc/
5aVW0PRJ7pj3UHagTarQqKXbcUucj/b4jJiEZqAygECG5GLWJ7orhHr/uUWLXXuH
Ii7yfAiI9gfakAIzqO+B+B6W2/cK/WYOtKLzbhNDaqLkwroW/akxdVlIWau1XBPq
wQuk/8WoaNO+/62bkA5txVVMBG2Pd3XbI/SU0g0xUIjYuUFry+EZ1BIPDzXSqe32
a4vK4jhKWJt51D9trUeqHuCsRxuY5mmcyPXu3L0wPsYPARqUCuH4c1CJ2pCwtnzY
3pHndxtAmvt97W08fJbmwvH3CrS4n9lUm4R1umt7nvvv3X8Uy+r1J57k1ZF+dTX0
CB9fzc3S2lLKZz4hxg==
-----END CERTIFICATE-----

28
jitsi/config/jitsi-meet-cfg/prosody/config/certs/auth.meet.jitsi.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCepdgQRt+QcwJ0
dWZbvghZCw3eD+pqzAllENM0MDb24xg+uuAZMJrssTZgiC/xp/5DiWvbceIXCHTD
o94FCbVXH4Yi8LpvPma7D287to7rGezrdZB51EV2kIeW8N6yiFhKVOSHRz1p+fEP
wgUBYRyE28Om0HOXhhIrN8JjUmKrXeEy/GtSeRoC5bKSv+0AaAWrZabvjyLbTWzU
07VoXTn3SjxkTzY/EmETYGvmnnyuz5M+VseJfMqXoLlL2U1kicSXrUnB/8UUfZ/w
1Jw64fQBosk8v31iR/PvqOdbOCfy6Sjm7/rb6f+PtopartiB8MetZ+PhZ4ZYyBei
KA9Ip5qTAgMBAAECggEAHyNP4An5EUHxhmgQegs3Wjq4MxCOov1/Do4Z1hFsiFKU
TKOjHm6SycgScynntxeQ6TKMr9qPVJP9TvTXu8dnBz2Rt0PmY7UstqRV4bN4I57I
CILfo3nNVHMTmcWXABWQtq4o2IBcBnPfI4eiMd4cmdsEcLZTKbdP05mzFolyAk4w
rB8QTh3zb/AHbWvE/av4BltL+njHaA2eyuYFpBeg0GrloUnevu2WsXJJ+ecS9zr5
vzY+DS2LadmBq4A6Yzt7iaBHVSGR/uAgkd+u+MQmbkW5wD/Znq0bOAo/G+dYWXGb
LRUa8mS/nXJuDlio3RyskRL2H42fSiRjGkppmYNZeQKBgQDJjluquTTLHcCbmMXM
yuJ9kDCrXCtEekQr3Z66WXUClpc1mhWiTupLQfja+TgJKwszqZFukfdvJ6KuwlT7
1p+6bHfH6eZC9bfJDYZBEimdRifB3wupB1zG52fyQ4TkJjG6YyI0y+4+/Tsy+6Rn
ax2gFixiPWCcxn9GPDRvOHZHXQKBgQDJgF8ljuSMZQaxKyatpOTtnsDJtLDpcqs4
PPy6Dk3/SvjXie5tVQiMS04QLV1HbPXj3cWUw5/a3MdM2cORyfsuEeWzaXdS8Yhz
4A6Xz8FpA5ALfHqdHdMn/n4S19hv08NC1giQUSYVbj1Bvf/FI9mW41PNiXFkNmc0
GVGLkMz6rwKBgQC7lydx6hZcxUAykSnnxRyvyLfDhXEvtqwkN4w33HKvCgGJ/fMM
sW4WxTwccb/ZqJowZy3YPzqP1c/v3ybBjav0EmgZRHTu9UsscM33WjQpENaH9lQf
6Z5L8awpKvZQccvusb1wbi07quyiMtt89ZEJIhoFBSMaRxTGBdq3eVF8cQKBgG9M
V8GgDr85Yhvj8MZC6SwS3vvKsVkQvGAg15tRIWXcnFw5VJfROxp60dB/riEwnxTQ
vzyvXRF/lxnswmg5f2LwAcc6fu0yeiM+4/CYkYUWsa6WgAdenO5fVHXGAUerWRQG
ss479GQr8uvoLWlPpvT/9Z72xsoKfrC5N2B2h7IDAoGAJY114ZODRPa+5zdb7w5g
OxHZgBKaqrhCJEa6V8XD9gPiwpN+zKj30y0qFlZQyoGnc06FaD3oTo3SnqofS9VT
IxRhfhoE0ALFMF5Fgu1KxVVAFELnjkocX9rFs0CPv9t+QaWvI2v6N/IjlKT5ps0e
L49rnKVKmCBxRAQhQkX5YMk=
-----END PRIVATE KEY-----

51
jitsi/config/jitsi-meet-cfg/prosody/config/certs/meet.jitsi.crt Normal file
View File

@@ -0,0 +1,51 @@
-----BEGIN CERTIFICATE-----
MIIJBzCCB++gAwIBAgIUH+KYpsT4hdVdVRHyRjdOC3nuuNYwDQYJKoZIhvcNAQEL
BQAwgY8xCzAJBgNVBAYTAkdCMRUwEwYDVQQHDAxUaGUgSW50ZXJuZXQxGjAYBgNV
BAoMEVlvdXIgT3JnYW5pc2F0aW9uMRgwFgYDVQQLDA9YTVBQIERlcGFydG1lbnQx
EzARBgNVBAMMCm1lZXQuaml0c2kxHjAcBgkqhkiG9w0BCQEWD3htcHBAbWVldC5q
aXRzaTAeFw0yNjAxMTYxNzU2NDFaFw0yNzAxMTYxNzU2NDFaMIGPMQswCQYDVQQG
EwJHQjEVMBMGA1UEBwwMVGhlIEludGVybmV0MRowGAYDVQQKDBFZb3VyIE9yZ2Fu
aXNhdGlvbjEYMBYGA1UECwwPWE1QUCBEZXBhcnRtZW50MRMwEQYDVQQDDAptZWV0
LmppdHNpMR4wHAYJKoZIhvcNAQkBFg94bXBwQG1lZXQuaml0c2kwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIX2+FTCLVn10kfWdfsakC9zBrJf6+1URz
N8t3kpnx86tOBxbmm516JB30AfvvxP/nPY5fMw8m6MXN/D/PJKHXmS2qOPVlueyc
HxXR9yFZ4eeFYO8UxnDpvNnyadY0velt5vqmc2qT+icXevfTJHkFiL2zmk+SR0sM
LqxcamagtsoreYhqWfwoJaP0VLSGqz6Ox7BJ9OEc0+h9LgXb/B5G4zku8Qkvi1/6
ml45WMvrf1kqr7+WQJ6nG0QmrtOH3AhNrOFIhRk5ObQkRV5cIxZRt8aC4P71Bi6O
rKz0FmQIIpv7lvoO6d0Y0vAF2ISBQ//LHvVVa/v6WzI+jOOArU6XAgMBAAGjggVX
MIIFUzAMBgNVHRMEBTADAQH/MIIFIgYDVR0RBIIFGTCCBRWgKgYIKwYBBQUHCAeg
HhYcX3htcHAtY2xpZW50LmF1dGgubWVldC5qaXRzaaAqBggrBgEFBQcIB6AeFhxf
eG1wcC1zZXJ2ZXIuYXV0aC5tZWV0LmppdHNpoB0GCCsGAQUFBwgFoBEMD2F1dGgu
bWVldC5qaXRzaaArBggrBgEFBQcIB6AfFh1feG1wcC1zZXJ2ZXIucG9sbHMubWVl
dC5qaXRzaaAeBggrBgEFBQcIBaASDBBwb2xscy5tZWV0LmppdHNpoDIGCCsGAQUF
BwgHoCYWJF94bXBwLXNlcnZlci5hdm1vZGVyYXRpb24ubWVldC5qaXRzaaAlBggr
BgEFBQcIBaAZDBdhdm1vZGVyYXRpb24ubWVldC5qaXRzaaApBggrBgEFBQcIB6Ad
FhtfeG1wcC1zZXJ2ZXIubXVjLm1lZXQuaml0c2mgHAYIKwYBBQUHCAWgEAwObXVj
Lm1lZXQuaml0c2mgLgYIKwYBBQUHCAegIhYgX3htcHAtc2VydmVyLmJyZWFrb3V0
Lm1lZXQuaml0c2mgIQYIKwYBBQUHCAWgFQwTYnJlYWtvdXQubWVldC5qaXRzaaAy
BggrBgEFBQcIB6AmFiRfeG1wcC1zZXJ2ZXIuaW50ZXJuYWwtbXVjLm1lZXQuaml0
c2mgJQYIKwYBBQUHCAWgGQwXaW50ZXJuYWwtbXVjLm1lZXQuaml0c2mgLgYIKwYB
BQUHCAegIhYgX3htcHAtc2VydmVyLm1ldGFkYXRhLm1lZXQuaml0c2mgIQYIKwYB
BQUHCAWgFQwTbWV0YWRhdGEubWVldC5qaXRzaaAyBggrBgEFBQcIB6AmFiRfeG1w
cC1zZXJ2ZXIuc3BlYWtlcnN0YXRzLm1lZXQuaml0c2mgJQYIKwYBBQUHCAWgGQwX
c3BlYWtlcnN0YXRzLm1lZXQuaml0c2mgJQYIKwYBBQUHCAegGRYXX3htcHAtY2xp
ZW50Lm1lZXQuaml0c2mgJQYIKwYBBQUHCAegGRYXX3htcHAtc2VydmVyLm1lZXQu
aml0c2mgGAYIKwYBBQUHCAWgDAwKbWVldC5qaXRzaaAzBggrBgEFBQcIB6AnFiVf
eG1wcC1zZXJ2ZXIuZW5kY29uZmVyZW5jZS5tZWV0LmppdHNpoCYGCCsGAQUFBwgF
oBoMGGVuZGNvbmZlcmVuY2UubWVldC5qaXRzaaArBggrBgEFBQcIB6AfFh1feG1w
cC1zZXJ2ZXIubG9iYnkubWVldC5qaXRzaaAeBggrBgEFBQcIBaASDBBsb2JieS5t
ZWV0LmppdHNpoCsGCCsGAQUFBwgHoB8WHV94bXBwLXNlcnZlci5mb2N1cy5tZWV0
LmppdHNpoB4GCCsGAQUFBwgFoBIMEGZvY3VzLm1lZXQuaml0c2mCD2F1dGgubWVl
dC5qaXRzaYIQcG9sbHMubWVldC5qaXRzaYIXYXZtb2RlcmF0aW9uLm1lZXQuaml0
c2mCDm11Yy5tZWV0LmppdHNpghNicmVha291dC5tZWV0LmppdHNpghdpbnRlcm5h
bC1tdWMubWVldC5qaXRzaYITbWV0YWRhdGEubWVldC5qaXRzaYIXc3BlYWtlcnN0
YXRzLm1lZXQuaml0c2mCCm1lZXQuaml0c2mCGGVuZGNvbmZlcmVuY2UubWVldC5q
aXRzaYIQbG9iYnkubWVldC5qaXRzaYIQZm9jdXMubWVldC5qaXRzaTAdBgNVHQ4E
FgQUfUndA7nZG7ipv25FeT9o+RKo/FMwDQYJKoZIhvcNAQELBQADggEBAE7OyO81
OfRw2yhp3bTCpsakv8TP6HG4vSfui4iDQgAuyY6/OhX9IFNLcgLLkQNChKH4jI6L
naCeM0sI4q3LqJnE1UUVngn2ov+dyY4A9+CEPXBRVgN5XRBnQXsFNL39q6+fucXR
OOjQpvakhRQKB64GWgt/vlZxoEuofsnmPc20zhpktJL3NDTsXRPjVoHQlHalaDTk
uh9MgU/MOP/wMzCHAq2L4aWetMxgirrtFqBgL2MEtSRBcqu2gIARnejywfmPgG7x
tSwtHL//FyT6fS+TG0fB7mxIDCVdJkMScdIvFvPa39DqZb+l4g3VL5DS+ctbQHlX
L+xdHJuEssWajAU=
-----END CERTIFICATE-----

28
jitsi/config/jitsi-meet-cfg/prosody/config/certs/meet.jitsi.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIX2+FTCLVn10k
fWdfsakC9zBrJf6+1URzN8t3kpnx86tOBxbmm516JB30AfvvxP/nPY5fMw8m6MXN
/D/PJKHXmS2qOPVlueycHxXR9yFZ4eeFYO8UxnDpvNnyadY0velt5vqmc2qT+icX
evfTJHkFiL2zmk+SR0sMLqxcamagtsoreYhqWfwoJaP0VLSGqz6Ox7BJ9OEc0+h9
LgXb/B5G4zku8Qkvi1/6ml45WMvrf1kqr7+WQJ6nG0QmrtOH3AhNrOFIhRk5ObQk
RV5cIxZRt8aC4P71Bi6OrKz0FmQIIpv7lvoO6d0Y0vAF2ISBQ//LHvVVa/v6WzI+
jOOArU6XAgMBAAECggEAE27ODgt4RWeTTPqsj+dXEOaQV5PzxOZCITqEDTC2pXSQ
ZJzjZ7In77SZAxU+Ld7ZQsABktIM4iUpKfUQ6zIOUC6W8y9a/Wauv+Vz5E0neuQh
5Bmmlkk4ojKioJQLJkpU3UfNf18qMvfL2sceSef7pMHCRCzvEqy/ZosQRFY9ZdCo
h620izh2xkPFYkaLJY+Q3EUmXC+CLstu6dsYrdHUJi9eR1ok0UfBI3rM7D2F1JQ1
lwi5vXaQLFIosFRLNBs13rv0RvFKFBDuztLpt+F+HWlOXtkWNxuNQu8VM8y6KnMA
+saXTdh5eWHMUnBV7aO7mA7Ae7D7UU+EE0AmT2tawQKBgQDtiXWcERyI0ZBlqokg
G5vLEzJmLyAIVnOjCEyLWnGXsT/9jyo7WGfsNId5DLk76kR9x9UKEOtmLTC/usz7
u/ainOCAil7DF49ksX5LPusn0kjuAnDyranK0aSAWcgwR2V5s9CiS3NPtKEe583W
JSPzR8+x3A66DFZ/BSbna3OziQKBgQDX8nqmjTy5yx9TohXLB4w2RLnBRUngalGK
rlCzqY5QIS0fUhsOd71fqobgYTT8qvSG1cq6bVDOB2+NLp8pyLzhLozHvCdDEPMt
JGj3SoWBT5t7NtVXghgQqvlYyo9fH77EmuxxCjLA3vznqbIOn2a5tklH4v3r95IY
xY2N5xTJHwKBgCujfT/WxO890NFcqySC7fQ46qFrNu9RMp1ZAPb4/rVnkuH6Uz/j
1fPHErxiYgVn3H1fIPxgb16uHq6amt4EgiMNvxDeWtpskaNmGFWqkXkXYN6ZBDcR
QIhKS3ZpCCYWd8YMCuBGDEEwZglPfLlCyYAASV/blbkIWzuqrqMFUpRBAoGABYXB
9ThvcSDssCrY+9Q5lbm0NmkbNo4Bf9ZtYerYJNx0VvS2lGwjf6rQwDQ8Mqn8juYw
xQu+oUY3aBjlISBtFCUonIMHTgPE9EaWGJzjRSdQBpqkYhSFoQd+UPL9L6WUL1r2
6P0lxyDsvs/sKcuRyPYMcbYwYDR4nAGRWSursGkCgYBY2H1C7vH2v7d1pTdL8L78
IJw3xrD2o8MoG8SXpQeer8Edk335Y07TEJaPXsDIk84gyKselD284hSQyRQiv+A6
yfrwS+4gIKA/4n68k3fX1bnOF1pxFWINQmHwtDfBLiMCZ+Tz2V6/XBqzymO1HxQB
SLBrJopVWCn09lh32GqoQw==
-----END PRIVATE KEY-----

210
jitsi/config/jitsi-meet-cfg/prosody/config/conf.d/jitsi-meet.cfg.lua Normal file
View File

@@ -0,0 +1,210 @@
admins = {
"jigasi@auth.meet.jitsi",
"jibri@auth.meet.jitsi",
"focus@auth.meet.jitsi",
"jvb@auth.meet.jitsi"
}
unlimited_jids = {
"focus@auth.meet.jitsi",
"jvb@auth.meet.jitsi"
}
plugin_paths = { "/prosody-plugins-custom", "/prosody-plugins/", "/prosody-plugins-contrib" }
muc_mapper_domain_base = "meet.jitsi";
muc_mapper_domain_prefix = "muc";
recorder_prefixes = { "jibricorder@hidden.meet.jitsi" };
transcriber_prefixes = { "transcriber@hidden.meet.jitsi" };
http_default_host = "meet.jitsi"
consider_bosh_secure = true;
consider_websocket_secure = true;
smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
smacks_max_old_sessions = 1;
VirtualHost "meet.jitsi"
authentication = "jitsi-anonymous"
ssl = {
key = "/config/certs/meet.jitsi.key";
certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
"bosh";
"features_identity";
"websocket";
"smacks"; -- XEP-0198: Stream Management
"conference_duration";
"muc_lobby_rooms";
"muc_breakout_rooms";
}
main_muc = "muc.meet.jitsi"
lobby_muc = "lobby.meet.jitsi"
muc_lobby_whitelist = { "hidden.meet.jitsi" }
breakout_rooms_muc = "breakout.meet.jitsi"
c2s_require_encryption = true
VirtualHost "auth.meet.jitsi"
ssl = {
key = "/config/certs/auth.meet.jitsi.key";
certificate = "/config/certs/auth.meet.jitsi.crt";
}
modules_enabled = {
"limits_exception";
"smacks";
}
authentication = "internal_hashed"
smacks_hibernation_time = 15;
VirtualHost "hidden.meet.jitsi"
modules_enabled = {
"smacks";
}
authentication = "internal_hashed"
Component "internal-muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_filter_access";
}
restrict_room_creation = true
muc_filter_whitelist="auth.meet.jitsi"
muc_room_locking = false
muc_room_default_public_jids = true
muc_room_cache_size = 1000
muc_tombstones = false
muc_room_allow_persistent = false
Component "muc.meet.jitsi" "muc"
restrict_room_creation = true
storage = "memory"
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
"muc_domain_mapper";
"muc_password_whitelist";
}
-- The size of the cache that saves state for IP addresses
rate_limit_cache_size = 10000;
muc_room_cache_size = 10000
muc_room_locking = false
muc_room_default_public_jids = true
muc_password_whitelist = {
"focus@auth.meet.jitsi";
"jibricorder@hidden.meet.jitsi";
}
muc_tombstones = false
muc_room_allow_persistent = false
Component "focus.meet.jitsi" "client_proxy"
target_address = "focus@auth.meet.jitsi"
Component "speakerstats.meet.jitsi" "speakerstats_component"
muc_component = "muc.meet.jitsi"
Component "endconference.meet.jitsi" "end_conference"
muc_component = "muc.meet.jitsi"
Component "avmoderation.meet.jitsi" "av_moderation_component"
muc_component = "muc.meet.jitsi"
Component "lobby.meet.jitsi" "muc"
storage = "memory"
restrict_room_creation = true
muc_tombstones = false
muc_room_allow_persistent = false
muc_room_cache_size = 10000
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
"muc_hide_all";
}
Component "breakout.meet.jitsi" "muc"
storage = "memory"
restrict_room_creation = true
muc_room_cache_size = 10000
muc_room_locking = false
muc_room_default_public_jids = true
muc_tombstones = false
muc_room_allow_persistent = false
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
}
Component "metadata.meet.jitsi" "room_metadata_component"
muc_component = "muc.meet.jitsi"
breakout_rooms_component = "breakout.meet.jitsi"
Component "polls.meet.jitsi" "polls_component"

8
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/accounts/focus.dat Normal file
View File

@@ -0,0 +1,8 @@
return {
["stored_key"] = "d5f30854172b578423d1f634a0123d458b77aa83";
["server_key"] = "4dd8d1597bc8ebd4a4927f4766c3f50b7f15ce5e";
["salt"] = "cfa75b87-3310-43e0-96de-3d9cd877c42c";
["updated"] = 1771159995;
["created"] = 1771159995;
["iteration_count"] = 10000;
};

8
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/accounts/jibri.dat Normal file
View File

@@ -0,0 +1,8 @@
return {
["stored_key"] = "72999fc0d164b80af2aada0e3e010d7159a9b135";
["created"] = 1771159996;
["iteration_count"] = 10000;
["server_key"] = "5c8b1ecd580e79be5bf0c78288aa2a6facbeb8be";
["updated"] = 1771159996;
["salt"] = "1ab9fcf9-d2c7-45a2-8159-a7b21e64537b";
};

8
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/accounts/jigasi.dat Normal file
View File

@@ -0,0 +1,8 @@
return {
["stored_key"] = "6ccd1286118f62e771a6d0b810a5b3816a3cbbc8";
["updated"] = 1771159997;
["salt"] = "22d87674-9ee6-4797-8b68-675238befebc";
["iteration_count"] = 10000;
["server_key"] = "d8a8186ebcac156a5ccd4ea0672ce6ce16b9f572";
["created"] = 1771159997;
};

8
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/accounts/jvb.dat Normal file
View File

@@ -0,0 +1,8 @@
return {
["iteration_count"] = 10000;
["server_key"] = "682417cfb5ab08af468c63939c93a77627092f8a";
["created"] = 1771159996;
["stored_key"] = "31c1eaad2c7864fcf687e8a2a598f671b7078bd0";
["salt"] = "f21edf85-bab8-4cff-9a25-0bd407c3e8d4";
["updated"] = 1771159996;
};

3
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/cron.dat Normal file
View File

@@ -0,0 +1,3 @@
return {
["tokenauth/clear_expired_grants"] = 1772304798;
};

10
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/roster/focus.dat Normal file
View File

@@ -0,0 +1,10 @@
return {
[false] = {
["version"] = 2;
["pending"] = {};
};
["focus.meet.jitsi"] = {
["groups"] = {};
["subscription"] = "from";
};
};

6
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/smacks_h/focus.dat Normal file
View File

@@ -0,0 +1,6 @@
return {
["29mD6U3eKdAM"] = {
["h"] = 256283;
["t"] = 1771150708;
};
};

6
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/smacks_h/jibri.dat Normal file
View File

@@ -0,0 +1,6 @@
return {
["q31fs-cxAA87"] = {
["h"] = 85388;
["t"] = 1771150708;
};
};

6
jitsi/config/jitsi-meet-cfg/prosody/config/data/auth%2emeet%2ejitsi/smacks_h/jvb.dat Normal file
View File

@@ -0,0 +1,6 @@
return {
["8GG5iSn1TZ3P"] = {
["h"] = 768516;
["t"] = 1771150708;
};
};

8
jitsi/config/jitsi-meet-cfg/prosody/config/data/hidden%2emeet%2ejitsi/accounts/jibricorder.dat Normal file
View File

@@ -0,0 +1,8 @@
return {
["salt"] = "9584f0d8-cb40-46a8-933a-df4e348b7b11";
["updated"] = 1771159996;
["created"] = 1771159996;
["server_key"] = "f300772638dfe10690cceabd8ca9623880eb4167";
["iteration_count"] = 10000;
["stored_key"] = "c675b6787bd42e88463966582e21244084a2f17a";
};

3
jitsi/config/jitsi-meet-cfg/prosody/config/data/hidden%2emeet%2ejitsi/cron.dat Normal file
View File

@@ -0,0 +1,3 @@
return {
["tokenauth/clear_expired_grants"] = 1772304798;
};

6
jitsi/config/jitsi-meet-cfg/prosody/config/data/hidden%2emeet%2ejitsi/smacks_h/jibricorder.dat Normal file
View File

@@ -0,0 +1,6 @@
return {
["kQ5j80obn78Z"] = {
["h"] = 30;
["t"] = 1768589795;
};
};

1
jitsi/config/jitsi-meet-cfg/prosody/config/data/prosody.pid Normal file
View File

@@ -0,0 +1 @@
241

220
jitsi/config/jitsi-meet-cfg/prosody/config/prosody.cfg.lua Normal file
View File

@@ -0,0 +1,220 @@
-- Prosody Example Configuration File
--
-- Information on configuring Prosody can be found on our
-- website at http://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: luac -p prosody.cfg.lua
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- The only thing left to do is rename this file to remove the .dist ending, and fill in the
-- blanks. Good luck, and happy Jabbering!
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }
component_admins_as_room_owners = true
-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
--use_libevent = true;
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"limits"; -- Enable bandwidth limiting for XMPP connections
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
-- Admin interfaces
-- "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- Nice to have
"version"; -- Replies to server version requests
"ping"; -- Replies to XMPP pings with pongs
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
"http_health";
};
component_ports = { }
https_ports = { }
trusted_proxies = {
"127.0.0.1";
"::1";
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
"offline"; -- Store offline messages
"register";
-- "c2s"; -- Handle client connections
"s2s"; -- Handle server-to-server connections
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
-- Enable rate limits for incoming connections
limits = {
-- Limit incoming client connections
c2s = {
rate = "10kb/s";
};
-- Limit incoming server connections
s2sin = {
rate = "30kb/s";
};
}
--Prosody garbage collector settings
--For more information see https://prosody.im/doc/advanced_gc
gc = {
mode = "incremental";
threshold = 400;
speed = 250;
step_size = 13;
}
pidfile = "/config/data/prosody.pid";
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
c2s_require_encryption = true;
-- set c2s port
c2s_ports = { 5222 } -- Listen on specific c2s port
c2s_interfaces = { "*", "::" }
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security
s2s_secure_auth = false
-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.
--s2s_insecure_domains = { "gmail.com" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
authentication = "internal_hashed"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See http://prosody.im/doc/storage for more info.
--storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the
-- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work)
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Logging configuration
-- For advanced logging see http://prosody.im/doc/logging
--
-- Debian:
-- Logs info and higher to /var/log
-- Logs errors to syslog also
log = {
{ levels = {min = "info"}, timestamps = "%Y-%m-%d %X", to = "console"};
}
-- Enable use of native prosody 0.11 support for epoll over select
network_backend = "epoll";
-- Set the TCP backlog to 511 since the kernel rounds it up to the next power of 2: 512.
network_settings = {
tcp_backlog = 511;
}
unbound = {
resolvconf = true
}
http_ports = { 5280 }
http_interfaces = { "*", "::" }
data_path = "/config/data"
Include "conf.d/*.cfg.lua"

13
jitsi/config/jitsi-meet-cfg/prosody/config/rules.d/jvb_muc_presence_filter.pfw Normal file
View File

@@ -0,0 +1,13 @@
{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
# Drop all presence from a jvb in a MUC to a jvb
FROM: {{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}
TO: {{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}
KIND: presence
# Seems safer to allow all "unavailable" to pass
TYPE: available
# Allow self-presence (code=110)
NOT INSPECT: {http://jabber.org/protocol/muc#user}x/status@code=110
DROP.

30
jitsi/config/jitsi-meet-cfg/prosody/config/saslauthd.conf Normal file
View File

@@ -0,0 +1,30 @@
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE }}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ if eq $PROSODY_AUTH_TYPE "ldap" }}
ldap_servers: {{ .Env.LDAP_URL }}
ldap_search_base: {{ .Env.LDAP_BASE }}
{{ if .Env.LDAP_BINDDN | default "" }}
ldap_bind_dn: {{ .Env.LDAP_BINDDN }}
ldap_bind_pw: {{ .Env.LDAP_BINDPW }}
{{ end }}
ldap_filter: {{ .Env.LDAP_FILTER | default "uid=%u" }}
ldap_version: {{ .Env.LDAP_VERSION | default "3" }}
ldap_auth_method: {{ .Env.LDAP_AUTH_METHOD | default "bind" }}
{{ if .Env.LDAP_USE_TLS | default "0" | toBool }}
ldap_tls_key: /config/certs/{{ $XMPP_DOMAIN }}.key
ldap_tls_cert: /config/certs/{{ $XMPP_DOMAIN }}.crt
{{ if .Env.LDAP_TLS_CHECK_PEER | default "0" | toBool }}
ldap_tls_check_peer: yes
ldap_tls_cacert_file: {{ .Env.LDAP_TLS_CACERT_FILE | default "/etc/ssl/certs/ca-certificates.crt" }}
ldap_tls_cacert_dir: {{ .Env.LDAP_TLS_CACERT_DIR | default "/etc/ssl/certs" }}
{{ end }}
{{ if .Env.LDAP_TLS_CIPHERS }}
ldap_tls_ciphers: {{ .Env.LDAP_TLS_CIPHERS }}
{{ end }}
{{ end }}
{{ end }}
{{ if .Env.LDAP_START_TLS | default "0" | toBool }}
ldap_start_tls: yes
{{ end }}

238
jitsi/config/jitsi-meet-cfg/web/config.js Normal file
View File

@@ -0,0 +1,238 @@
// Jitsi Meet configuration.
var config = {};
config.hosts = {};
config.hosts.domain = 'meet.jitsi';
var subdir = '<!--# echo var="subdir" default="" -->';
var subdomain = '<!--# echo var="subdomain" default="" -->';
if (subdir.startsWith('<!--')) {
subdir = '';
}
if (subdomain) {
subdomain = subdomain.substring(0,subdomain.length-1).split('.').join('_').toLowerCase() + '.';
}
config.hosts.muc = 'muc.' + subdomain + 'meet.jitsi';
config.bosh = 'https://jitsi.athaliapps.xyz/' + subdir + 'http-bind';
config.websocket = 'wss://jitsi.athaliapps.xyz/' + subdir + 'xmpp-websocket';
config.bridgeChannel = {
preferSctp: true
};
// Video configuration.
//
config.resolution = 720;
config.constraints = {
video: {
height: { ideal: 720, max: 720, min: 180 },
width: { ideal: 1280, max: 1280, min: 320},
}
};
config.startVideoMuted = 10;
config.startWithVideoMuted = false;
config.flags = {
sourceNameSignaling: true,
sendMultipleVideoStreams: true,
receiveMultipleVideoStreams: true
};
// ScreenShare Configuration.
//
// Audio configuration.
//
config.enableNoAudioDetection = true;
config.enableTalkWhileMuted = false;
config.disableAP = false;
config.disableAGC = false;
config.audioQuality = {
stereo: false
};
config.startAudioOnly = false;
config.startAudioMuted = 10;
config.startWithAudioMuted = false;
config.startSilent = false;
config.enableOpusRed = false;
config.disableAudioLevels = false;
config.enableNoisyMicDetection = true;
// Peer-to-Peer options.
//
config.p2p = {
enabled: true,
codecPreferenceOrder: ["AV1", "VP9", "VP8", "H264"],
mobileCodecPreferenceOrder: ["VP8", "VP9", "H264", "AV1"]
};
// Breakout Rooms
//
config.hideAddRoomButton = false;
// Etherpad
//
// Recording.
//
config.hiddenDomain = 'hidden.meet.jitsi';
config.recordingService = {
// Whether to enable file recording or not using the "service" defined by the finalizer in Jibri
enabled: true,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
sharingEnabled: false
};
// Live streaming configuration.
config.liveStreaming = {
enabled: false,
dataPrivacyLink: 'https://policies.google.com/privacy',
helpLink: 'https://jitsi.org/live',
termsLink: 'https://www.youtube.com/t/terms',
validatorRegExpString: '^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}'
};
// Local recording configuration.
config.localRecording = {
disable: false,
notifyAllParticipants: false,
disableSelfRecording: false
};
// Analytics.
//
config.analytics = {};
// Dial in/out services.
//
// Calendar service integration.
//
config.enableCalendarIntegration = false;
// Invitation service.
//
// Miscellaneous.
//
// Prejoin page.
config.prejoinConfig = {
enabled: true,
// Hides the participant name editing field in the prejoin screen.
hideDisplayName: false
};
// List of buttons to hide from the extra join options dropdown on prejoin screen.
// Welcome page.
config.welcomePage = {
disabled: false
};
// Close page.
config.enableClosePage = false;
// Default language.
// Require users to always specify a display name.
config.requireDisplayName = false;
// Chrome extension banner.
// Disables profile and the edit of all fields from the profile settings (display name and email)
config.disableProfile = false;
// Room password (false for anything, number for max digits)
config.roomPasswordNumberOfDigits = false;
// Advanced.
//
// Transcriptions (subtitles and buttons can be configured in interface_config)
config.transcription = {
enabled: false,
disableClosedCaptions: true,
translationLanguages: [],
translationLanguagesHead: ['en'],
useAppLanguage: true,
preferredLanguage: 'en-US',
disableStartForAll: false,
autoCaptionOnRecord: false,
};
// Dynamic branding
// Deployment information.
//
config.deploymentInfo = {};
// Deep Linking
config.disableDeepLinking = false;
// P2P preferred codec
// Video quality settings.
//
config.videoQuality = {};
config.videoQuality.codecPreferenceOrder = ["AV1", "VP9", "VP8", "H264"];
config.videoQuality.mobileCodecPreferenceOrder = ["VP8", "VP9", "H264", "AV1"];
config.videoQuality.enableAdaptiveMode = true;
config.videoQuality.av1 = {};
config.videoQuality.h264 = {};
config.videoQuality.vp8 = {};
config.videoQuality.vp9 = {};
// Reactions
config.disableReactions = false;
// Polls
config.disablePolls = false;
// Configure toolbar buttons
// Hides the buttons at pre-join screen
// Configure remote participant video menu
config.remoteVideoMenu = {
disabled: false,
disableKick: false,
disableGrantModerator: false,
disablePrivateChat: false
};
// Configure e2eping
config.e2eping = {
enabled: false
};
// Settings for the Excalidraw whiteboard integration.
config.whiteboard = {
enabled: false,
};
// JaaS support: pre-configure image if JAAS_APP_ID was set.
// Testing
config.testing = {
enableCodecSelectionAPI: true
};

251
jitsi/config/jitsi-meet-cfg/web/interface_config.js Normal file
View File

@@ -0,0 +1,251 @@
/* eslint-disable no-unused-vars, no-var, max-len */
/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
/**
* !!!IMPORTANT!!!
*
* This file is considered deprecated. All options will eventually be moved to
* config.js, and no new options should be added here.
*/
var interfaceConfig = {
APP_NAME: 'Jitsi Meet',
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
/**
* A UX mode where the last screen share participant is automatically
* pinned. Valid values are the string "remote-only" so remote participants
* get pinned but not local, otherwise any truthy value for all participants,
* and any falsy value to disable the feature.
*
* Note: this mode is experimental and subject to breakage.
*/
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
BRAND_WATERMARK_LINK: '',
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
DEFAULT_BACKGROUND: '#040404',
DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
/**
* If true, notifications regarding joining/leaving are no longer displayed.
*/
DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
/**
* If true, presence status: busy, calling, connected etc. is not displayed.
*/
DISABLE_PRESENCE_STATUS: false,
/**
* Whether the speech to text transcription subtitles panel is disabled.
* If {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_TRANSCRIPTION_SUBTITLES: false,
/**
* Whether or not the blurred video background for large video should be
* displayed on browsers that can support it.
*/
DISABLE_VIDEO_BACKGROUND: false,
DISPLAY_WELCOME_FOOTER: true,
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
DISPLAY_WELCOME_PAGE_CONTENT: false,
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
ENABLE_DIAL_OUT: true,
FILM_STRIP_MAX_HEIGHT: 120,
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: true,
/**
* Hide the invite prompt in the header when alone in the meeting.
*/
HIDE_INVITE_MORE_HEADER: false,
JITSI_WATERMARK_LINK: 'https://jitsi.org',
LANG_DETECTION: true, // Allow i18n to detect the system language
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
/**
* Maximum coefficient of the ratio of the large video to the visible area
* after the large video is scaled to fit the window.
*
* @type {number}
*/
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
/**
* Whether the mobile app Jitsi Meet is to be promoted to participants
* attempting to join a conference in a mobile Web browser. If
* {@code undefined}, defaults to {@code true}.
*
* @type {boolean}
*/
MOBILE_APP_PROMO: true,
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, electron, firefox , safari, webkit
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'electron', 'safari', 'webkit' ],
POLICY_LOGO: null,
PROVIDER_NAME: 'Jitsi',
/**
* If true, will display recent list
*
* @type {boolean}
*/
RECENT_LIST_ENABLED: true,
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar', 'sounds', 'more' ],
/**
* Specify which sharing features should be displayed. If the value is not set
* all sharing features will be shown. You can set [] to disable all.
*/
// SHARING_FEATURES: ['email', 'url', 'dial-in', 'embed'],
SHOW_BRAND_WATERMARK: false,
/**
* Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
* If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
* being already installed is done before rendering.
*/
SHOW_CHROME_EXTENSION_BANNER: false,
SHOW_JITSI_WATERMARK: true,
SHOW_POWERED_BY: false,
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
/*
* If indicated some of the error dialogs may point to the support URL for
* help.
*/
SUPPORT_URL: 'https://community.jitsi.org/',
// Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [],
/**
* Whether to show thumbnails in filmstrip as a column instead of as a row.
*/
VERTICAL_FILMSTRIP: true,
// Determines how the video would fit the screen. 'both' would fit the whole
// screen, 'height' would fit the original video height to the height of the
// screen, 'width' would fit the original video width to the width of the
// screen respecting ratio, 'nocrop' would make the video as large as
// possible and preserve aspect ratio without cropping.
VIDEO_LAYOUT_FIT: 'both',
/**
* If true, hides the video quality label indicating the resolution status
* of the current large video.
*
* @type {boolean}
*/
VIDEO_QUALITY_LABEL_DISABLED: false,
/**
* How many columns the tile view can expand to. The respected range is
* between 1 and 5.
*/
// TILE_VIEW_MAX_COLUMNS: 5,
// List of undocumented settings
/**
INDICATOR_FONT_SIZES
PHONE_NUMBER_REGEX
*/
// -----------------DEPRECATED CONFIGS BELOW THIS LINE-----------------------------
/**
* Specify URL for downloading ios mobile app.
*/
// MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
/**
* Specify custom URL for downloading android mobile app.
*/
// MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
/**
* Specify mobile app scheme for opening the app from the mobile browser.
*/
// APP_SCHEME: 'org.jitsi.meet',
// NATIVE_APP_NAME: 'Jitsi Meet',
/**
* Hide the logo on the deep linking pages.
*/
// HIDE_DEEP_LINKING_LOGO: false,
/**
* Specify the Android app package name.
*/
// ANDROID_APP_PACKAGE: 'org.jitsi.meet',
/**
* Specify custom URL for downloading f droid app.
*/
// MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/packages/org.jitsi.meet/',
// Connection indicators (
// CONNECTION_INDICATOR_AUTO_HIDE_ENABLED,
// CONNECTION_INDICATOR_AUTO_HIDE_TIMEOUT,
// CONNECTION_INDICATOR_DISABLED) got moved to config.js.
// Please use disableModeratorIndicator from config.js
// DISABLE_FOCUS_INDICATOR: false,
// Please use defaultLocalDisplayName from config.js
// DEFAULT_LOCAL_DISPLAY_NAME: 'me',
// Please use defaultLogoUrl from config.js
// DEFAULT_LOGO_URL: 'images/watermark.svg',
// Please use defaultRemoteDisplayName from config.js
// DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
// Moved to config.js as `toolbarConfig.initialTimeout`.
// INITIAL_TOOLBAR_TIMEOUT: 20000,
// Please use `liveStreaming.helpLink` from config.js
// Documentation reference for the live streaming feature.
// LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
// Moved to config.js as `toolbarConfig.alwaysVisible`.
// TOOLBAR_ALWAYS_VISIBLE: false,
// This config was moved to config.js as `toolbarButtons`.
// TOOLBAR_BUTTONS: [],
// Moved to config.js as `toolbarConfig.timeout`.
// TOOLBAR_TIMEOUT: 4000,
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
// eslint-disable-next-line sort-keys
makeJsonParserHappy: 'even if last key had a trailing comma'
// No configuration value should follow this line.
};
/* eslint-enable no-unused-vars, no-var, max-len */

22
jitsi/config/jitsi-meet-cfg/web/keys/cert.crt Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDpTCCAo2gAwIBAgIUCjyN8IyKCfIabmaZ9G/nDIKtS+AwDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4x
EjAQBgNVBAoMCWppdHNpLm9yZzEVMBMGA1UECwwMSml0c2kgU2VydmVyMQowCAYD
VQQDDAEqMB4XDTI2MDExNjE4MDAwNloXDTM2MDExNDE4MDAwNlowYjELMAkGA1UE
BhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEjAQBgNVBAoMCWpp
dHNpLm9yZzEVMBMGA1UECwwMSml0c2kgU2VydmVyMQowCAYDVQQDDAEqMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GaG+yX+PMHSQXg+wgLgqwrSZNWw
a07ps/CDasyrr1kQHgfM3UCK+FQqfU/8d0Vx2p/KlYIHAvLPMTUqAGsP9sa2rqCE
Qsmsn515mETadsXCB8gkBYHg5VnoFcOpzBhCkptj09PJilk4OaHpTAwu3IrVHkJo
Elpr3rmpfJFMNCJRl1TnfGk8hX06l5Ff9mt1ZWJzofvEWI0LPI3P3QjeTh8r4bb6
JUOM+3bMD3TAvSIRuD2naydx6N4glZIYmIaIHLmPkWKC72IYTU1xxdfOiVib0niI
Cqs/YmKMRY/ZCh+LZNNV48rBoUtl9XuJ48N/oo9i7UopHpNALd16YjNNYwIDAQAB
o1MwUTAdBgNVHQ4EFgQUDHIhGtX3WXvmjqbd67UwBfSLkP0wHwYDVR0jBBgwFoAU
DHIhGtX3WXvmjqbd67UwBfSLkP0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAqqHwvZ3p9fXd+4y+m2hxvIhrNwlja++dcmCVwE0uKhUvcK8Ofkgi
RGDqj5PPnl1njVqU8fi8S/Udy600WmIg9PQuVdD08j54gSk8Vtpf/DHNThbUytjB
0eytLBLji+Dq0iD8Q5fEa7xdSCn84Os5qZBaDiykh2GyoeMu9gbikcUWFj1wKtAO
31rJAqMIRb36xfjZukDmlohvdFBH7U/YYLXhTvTytgfROI+C1GGSBBc5xWhMjY3V
nXUda2ADlw3Z0YQKm93bG9klfDKU3TiKyX7vUkpuQwyTANL9K0FBUgbUB/PLG6Zj
Pq/QC9EtKbbfiCl0/9CaCrbm2vkHsxhQRw==
-----END CERTIFICATE-----

28
jitsi/config/jitsi-meet-cfg/web/keys/cert.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDcZob7Jf48wdJB
eD7CAuCrCtJk1bBrTumz8INqzKuvWRAeB8zdQIr4VCp9T/x3RXHan8qVggcC8s8x
NSoAaw/2xrauoIRCyayfnXmYRNp2xcIHyCQFgeDlWegVw6nMGEKSm2PT08mKWTg5
oelMDC7citUeQmgSWmveual8kUw0IlGXVOd8aTyFfTqXkV/2a3VlYnOh+8RYjQs8
jc/dCN5OHyvhtvolQ4z7dswPdMC9IhG4PadrJ3Ho3iCVkhiYhogcuY+RYoLvYhhN
TXHF186JWJvSeIgKqz9iYoxFj9kKH4tk01XjysGhS2X1e4njw3+ij2LtSikek0At
3XpiM01jAgMBAAECggEAYYkD4h/5p1SU4gE/MKeKWlczLYl9hbeJ5+YfmkNSFQrC
fa+xAxbdiTDiDsu3a+bxEDGXutsslCr08w9Wc5HtoiVlUdlaPp42RPqxBWgvD9HL
YJs7Ca7k4kqL0RniSh5QU8XtgyAd+BosriCPeGaJ1HKiBr6XhMu8Ifgi36wDP6w/
5nMvuqrXA4pYaUTtVOWERctuHoibyiwLL9qVzUy0W4NqCH8F38vqXCutdNTQk+A+
epUtznF93ElcTD/uqNxUvWg7xBcqB4x/IOPnG0eRKh8Q/hccXw+dr/G6gubWhAdr
+IKE5BqJ27gxY18XJ1uJMPHZnCqOJIufJjVWbvp7vQKBgQD330t69bxs7BiqBM9h
G+se5f6wpzDBgHJlJvDMfZTcVd+uyhZPmroeuOwA5dfEMmQeJU7pAIlQymDEw1Qv
gpv+4q1lI0bmfidqJmhoHPDJcAx5UWzKI4gnz72nhg4Ep8lOB4qdJVS0zC6yOUpF
CoBXZ7GZH7LpUItnqIFq+ydWRQKBgQDjoKCXLtj3LOGp0SWwcAQOAAn0MIUXSf1A
lM0S6LpWpL5sIeEkkthAvB0bHsoFkfNfaIyYS/fkHm4r33rkM6iBjv0BD3H3oD2b
9fnkIYPZ3QV5nDfk2GabNO0RBJLvzks90c+99+gfunoKV+b6TVwh2Suyoe1uf3Fu
OJIdSMoDhwKBgQCbJgQ70aaAUwNZICuh7/SqYXGapvuokrqHv+kHRi+v/nxFDq8K
YqHO6xaltTfp0VTDXbzXsQNCM3qAjnaaSllUIBRCcuNFEH+hPKsrR7obi+vy39mF
aNoneSuPuSP7G/6vvZ6woBY2GHu+CIgJUPpmOzx5yNKWoViwqFNhYBUONQKBgAbQ
hj5Abspnk5Hr6v7vO4/XvHSNB079LhHC4qjQQtPZNsIx+XWI1+SIPS7UqyOjjO+s
R5k/nPo9VvsFQ76VNVQ7naNsfPL23yFOKd8Eidf53/IWFS5KtDetS/OYeXWobWQ6
ZcfAJjjc8k5g909DBaEVyVMduef29MRh+S3bQgD9An8Wmqqzs7YT/+lyxWf2itFj
xKIxallQb/gZNqNrSixWYYhY6w3EIcp7cEvUgG4lf+8fQJfQhH7bxlvaPcsJJ7UY
JhLT/7gWMwv3mO85hR5wgXGP/HqBGOcgsAb+MM16kHY+DUAU3G8PoOonPK4s+61t
NEy8c2SwvY1Yjst/dqU6
-----END PRIVATE KEY-----

141
jitsi/config/jitsi-meet-cfg/web/nginx/meet.conf Normal file
View File

@@ -0,0 +1,141 @@
server_name _;
charset utf8;
client_max_body_size 0;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
set $prefix "";
# Opt out of FLoC (deprecated)
add_header Permissions-Policy "interest-cohort=()";
include /config/nginx-custom/*.conf;
location = /config.js {
alias /config/config.js;
}
location = /interface_config.js {
alias /config/interface_config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
# ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known|transcripts)/(.*)$ {
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}
# BOSH
location = /http-bind {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host meet.jitsi;
proxy_pass http://xmpp.meet.jitsi:5280/http-bind?prefix=$prefix&$args;
}
# xmpp websockets
location = /xmpp-websocket {
tcp_nodelay on;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host meet.jitsi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://xmpp.meet.jitsi:5280/xmpp-websocket?prefix=$prefix&$args;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
# Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
}
location ~ ^/([^/?&:'"]+)/config.js$ {
set $subdomain "$1.";
set $subdir "$1/";
alias /config/config.js;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
# Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}

69
jitsi/config/jitsi-meet-cfg/web/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,69 @@
user www-data;
worker_processes 4;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 0;
resolver 127.0.0.11;
include /etc/nginx/mime.types;
types {
# add support for the wav MIME type that is requried to playback wav files in Firefox.
audio/wav wav;
}
default_type application/octet-stream;
##
# Logging Settings
##
access_log /dev/stdout;
error_log /dev/stderr;
##
# Gzip Settings
##
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
gzip_min_length 860;
##
# Connection header for WebSocket reverse proxy
##
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
##
# Virtual Host Configs
##
include /config/nginx/site-confs/*;
}
daemon off;

24
jitsi/config/jitsi-meet-cfg/web/nginx/site-confs/default Normal file
View File

@@ -0,0 +1,24 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
include /config/nginx/meet.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include /config/nginx/ssl.conf;
include /config/nginx/meet.conf;
}

25
jitsi/config/jitsi-meet-cfg/web/nginx/ssl.conf Normal file
View File

@@ -0,0 +1,25 @@
# session settings
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# ssl certs
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
# protocols
# Mozilla Guideline v5.6, nginx 1.14.2, OpenSSL 1.1.1d, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Diffie-Hellman parameter for DHE cipher suites
ssl_dhparam /defaults/ffdhe2048.txt;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

510
jitsi/docker-compose.yml Normal file
View File

@@ -0,0 +1,510 @@
services:
# Frontend
web:
image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
- ${CONFIG}/web/load-test:/usr/share/jitsi-meet/load-test:Z
labels:
service: "jitsi-web"
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- AUTO_CAPTION_ON_RECORD
- BRANDING_DATA_URL
- BWE_ESTIMATOR_ENGINE
- BOSH_RELATIVE
- CHROME_EXTENSION_BANNER_JSON
- CODEC_ORDER_JVB
- CODEC_ORDER_JVB_MOBILE
- CODEC_ORDER_P2P
- CODEC_ORDER_P2P_MOBILE
- COLIBRI_WEBSOCKET_PORT
- COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME
- COLIBRI_WEBSOCKET_REGEX
- CONFCODE_URL
- CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DESKTOP_SHARING_FRAMERATE_AUTO
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DISABLE_START_FOR_ALL
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_ADAPTIVE_MODE
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTOMATIC_GAIN_CONTROL
- ENABLE_AUTH
- ENABLE_AUTH_DOMAIN
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK
- ENABLE_LIVESTREAMING_HELP_LINK
- ENABLE_LIVESTREAMING_TERMS_LINK
- ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING
- ENABLE_LOAD_TEST_CLIENT
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
- ENABLE_SUBDOMAINS
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_VLA
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- JVB_PREFER_SCTP
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- LETSENCRYPT_ACME_SERVER
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_KEEPALIVE_TIMEOUT
- NGINX_RESOLVER
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PREFERRED_LANGUAGE
- PUBLIC_URL
- P2P_PREFERRED_CODEC
- P2P_STUN_SERVERS
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TRANSLATION_LANGUAGES
- TRANSLATION_LANGUAGES_HEAD
- TZ
- USE_APP_LANGUAGE
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_H264_FULL
- VIDEOQUALITY_BITRATE_H264_ULTRA
- VIDEOQUALITY_BITRATE_H264_SS_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP8_FULL
- VIDEOQUALITY_BITRATE_VP8_ULTRA
- VIDEOQUALITY_BITRATE_VP8_SS_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_BITRATE_VP9_FULL
- VIDEOQUALITY_BITRATE_VP9_ULTRA
- VIDEOQUALITY_BITRATE_VP9_SS_HIGH
- VIDEOQUALITY_BITRATE_AV1_LOW
- VIDEOQUALITY_BITRATE_AV1_STANDARD
- VIDEOQUALITY_BITRATE_AV1_HIGH
- VIDEOQUALITY_BITRATE_AV1_FULL
- VIDEOQUALITY_BITRATE_AV1_ULTRA
- VIDEOQUALITY_BITRATE_AV1_SS_HIGH
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_HIDDEN_DOMAIN
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
- WHITEBOARD_COLLAB_SERVER_URL_BASE
networks:
meet.jitsi:
depends_on:
- jvb
# XMPP server
prosody:
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
expose:
- '${XMPP_PORT:-5222}'
- '${PROSODY_S2S_PORT:-5269}'
- '5347'
- '${PROSODY_HTTP_PORT:-5280}'
labels:
service: "jitsi-prosody"
volumes:
- ${CONFIG}/prosody/config:/config:Z
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_S2S
- ENABLE_TRANSCRIPTIONS
- ENABLE_VISITORS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JIBRI_SIP_BREWERY_MUC
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JICOFO_AUTH_PASSWORD
- JICOFO_COMPONENT_SECRET
- JIGASI_TRANSCRIBER_PASSWORD
- JIGASI_TRANSCRIBER_USER
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_SIGN_TYPE
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- MATRIX_LOBBY_BYPASS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_ADMINS
- PROSODY_AUTH_TYPE
- PROSODY_C2S_LIMIT
- PROSODY_C2S_REQUIRE_ENCRYPTION
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_DISABLE_C2S_LIMIT
- PROSODY_DISABLE_S2S_LIMIT
- PROSODY_ENABLE_FILTER_MESSAGES
- PROSODY_ENABLE_RATE_LIMITS
- PROSODY_ENABLE_RECORDING_METADATA
- PROSODY_ENABLE_STANZA_COUNTS
- PROSODY_ENABLE_S2S
- PROSODY_ENABLE_METRICS
- PROSODY_GUEST_AUTH_TYPE
- PROSODY_HTTP_PORT
- PROSODY_LOG_CONFIG
- PROSODY_METRICS_ALLOWED_CIDR
- PROSODY_MODE
- PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE
- PROSODY_S2S_LIMIT
- PROSODY_S2S_PORT
- PROSODY_TRUSTED_PROXIES
- PROSODY_VISITOR_INDEX
- PROSODY_VISITORS_MUC_PREFIX
- PROSODY_VISITORS_S2S_VHOSTS
- PUBLIC_URL
- STUN_HOST
- STUN_PORT
- TURN_CREDENTIALS
- TURN_USERNAME
- TURN_PASSWORD
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TURN_TRANSPORT
- TURN_TTL
- TZ
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_PORT
- WAIT_FOR_HOST_DISABLE_AUTO_OWNERS
- XMPP_BREAKOUT_MUC_MODULES
- XMPP_CONFIGURATION
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_LOBBY_MUC_MODULES
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_HIDDEN_DOMAIN
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER_S2S_PORT
- XMPP_SPEAKERSTATS_MODULES
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER:-xmpp.meet.jitsi}
# Focus component
jicofo:
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888'
volumes:
- ${CONFIG}/jicofo:/config:Z
labels:
service: "jitsi-jicofo"
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- ENABLE_AUTO_OWNER
- ENABLE_MODERATOR_CHECKS
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_AV1
- ENABLE_CODEC_H264
- ENABLE_CODEC_OPUS_RED
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- ENABLE_OCTO_SCTP
- ENABLE_RECORDING
- ENABLE_SCTP
- ENABLE_SHARED_DOCUMENT_RANDOM_NAME
- ENABLE_TRANSCRIPTIONS
- ENABLE_VISITORS
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_LIFETIME
- JICOFO_AUTH_PASSWORD
- JICOFO_AUTH_TYPE
- JICOFO_BRIDGE_REGION_GROUPS
- JICOFO_ENABLE_AUTH
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_CONF_SOURCE_SIGNALING_DELAYS
- JICOFO_CONF_MAX_AUDIO_SENDERS
- JICOFO_CONF_MAX_VIDEO_SENDERS
- JICOFO_CONF_STRIP_SIMULCAST
- JICOFO_CONF_SSRC_REWRITING
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_ENABLE_ICE_FAILURE_DETECTION
- JICOFO_ENABLE_LOAD_REDISTRIBUTION
- JICOFO_ENABLE_REST
- JICOFO_HEALTH_CHECKS_USE_PRESENCE
- JICOFO_ICE_FAILURE_INTERVAL
- JICOFO_ICE_FAILURE_MIN_ENDPOINTS
- JICOFO_ICE_FAILURE_THRESHOLD
- JICOFO_MAX_MEMORY
- JICOFO_MULTI_STREAM_BACKWARD_COMPAT
- JICOFO_OCTO_REGION
- JICOFO_RESTART_REQUEST_MAX
- JICOFO_RESTART_REQUEST_INTERVAL
- JICOFO_TRUSTED_DOMAINS
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JIGASI_TRUSTED_DOMAINS
- JVB_BREWERY_MUC
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- PROSODY_VISITORS_MUC_PREFIX
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- VISITORS_MAX_PARTICIPANTS
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_AUTH_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_DOMAIN
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_HIDDEN_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- MAX_SSRCS_PER_USER
- MAX_SSRC_GROUPS_PER_USER
depends_on:
- prosody
networks:
meet.jitsi:
# Video bridge
jvb:
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
- '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
volumes:
- ${CONFIG}/jvb:/config:Z
labels:
service: "jitsi-jvb"
environment:
- AUTOSCALER_SIDECAR_KEY_FILE
- AUTOSCALER_SIDECAR_KEY_ID
- AUTOSCALER_SIDECAR_GROUP_NAME
- AUTOSCALER_SIDECAR_HOST_ID
- AUTOSCALER_SIDECAR_INSTANCE_ID
- AUTOSCALER_SIDECAR_PORT
- AUTOSCALER_SIDECAR_REGION
- AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
- AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
- DISABLE_AWS_HARVESTER
- DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- ENABLE_SCTP
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_CC_TRUST_BWE
- JVB_DISABLE_STUN
- JVB_DISABLE_XMPP
- JVB_INSTANCE_ID
- JVB_PORT
- JVB_MUC_NICKNAME
- JVB_STUN_SERVERS
- JVB_LOG_FILE
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_REQUIRE_VALID_ADDRESS
- JVB_USE_USRSCTP
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- JVB_WS_TLS
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- PUBLIC_URL
- SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ
- VIDEOBRIDGE_MAX_MEMORY
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
meet.jitsi:
# Custom network so all services can communicate using a FQDN
networks:
meet.jitsi:

227
jitsi/env.example Normal file
View File

@@ -0,0 +1,227 @@
# shellcheck disable=SC2034
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port (will redirect to HTTPS port)
HTTP_PORT=8000
# Exposed HTTPS port
HTTPS_PORT=8443
# System time zone
TZ=UTC
# Public URL for the web service (required)
# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL
#PUBLIC_URL=https://meet.example.com:${HTTPS_PORT}
# Media IP addresses and ports to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4,192.168.178.1#12000,fe80::1#12000
#
# Memory limits for Java components
#
#JICOFO_MAX_MEMORY=3072m
#VIDEOBRIDGE_MAX_MEMORY=3072m
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable JaaS Components (hosted Jigasi)
# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
#ENABLE_JAAS_COMPONENTS=0
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com
# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
# Set ACME server. Default is zerossl, you can peek one at https://github.com/acmesh-official/acme.sh/wiki/Server
#LETSENCRYPT_ACME_SERVER="letsencrypt"
#
# Etherpad integration (for document sharing)
#
# Set the etherpad-lite URL in the docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
#
# Whiteboard integration
#
# Set the excalidraw-backend URL in the docker local network (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_URL_BASE=http://whiteboard.meet.jitsi
# Set the excalidraw-backend public URL (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_PUBLIC_URL=https://whiteboard.meet.my.domain
#
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
#JIGASI_SIP_PORT=5060
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
# Enable authentication (will ask for login and password to join the meeting)
#ENABLE_AUTH=1
# Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in)
#ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal
# JWT authentication
#
# Application identifier
#JWT_APP_ID=my_jitsi_app_id
# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/
# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com
# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
# LDAP authentication method
#LDAP_AUTH_METHOD=bind
# LDAP version
#LDAP_VERSION=3
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1
#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=
# XMPP password for Jigasi transcriber client connections
JIGASI_TRANSCRIBER_PASSWORD=
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=
#
# Docker Compose options
#
# Container restart policy
#RESTART_POLICY=unless-stopped
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest

15
jitsi/etherpad.yml Normal file
View File

@@ -0,0 +1,15 @@
services:
# Etherpad: real-time collaborative document editing
etherpad:
image: etherpad/etherpad:2.0.3
restart: ${RESTART_POLICY:-unless-stopped}
environment:
- TITLE=${ETHERPAD_TITLE:-""}
- DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT:-""}
- SKIN_NAME=${ETHERPAD_SKIN_NAME:-colibris}
- SKIN_VARIANTS=${ETHERPAD_SKIN_VARIANTS:-"super-light-toolbar super-light-editor light-background full-width-editor"}
- SUPPRESS_ERRORS_IN_PAD_TEXT=true
networks:
meet.jitsi:
aliases:
- etherpad.meet.jitsi

5
jitsi/examples/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Community Examples
This folder used to contain community maintained example configurations for
Kubernetes and Traefik. They have now been migrated to the [jitsi-contrib](https://github.com/jitsi-contrib)
organization.

21
jitsi/gen-passwords.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
function generatePassword() {
openssl rand -hex 16
}
JICOFO_AUTH_PASSWORD=$(generatePassword)
JVB_AUTH_PASSWORD=$(generatePassword)
JIGASI_XMPP_PASSWORD=$(generatePassword)
JIBRI_RECORDER_PASSWORD=$(generatePassword)
JIBRI_XMPP_PASSWORD=$(generatePassword)
JIGASI_TRANSCRIBER_PASSWORD=$(generatePassword)
sed -i.bak \
-e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
-e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
-e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
-e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
-e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
-e "s#JIGASI_TRANSCRIBER_PASSWORD=.*#JIGASI_TRANSCRIBER_PASSWORD=${JIGASI_TRANSCRIBER_PASSWORD}#g" \
"$(dirname "$0")/.env"

14
jitsi/grafana.yml Normal file
View File

@@ -0,0 +1,14 @@
services:
# Grafana: used for visualization of metrics and log data through customizable dashboards.
grafana:
image: grafana/grafana:10.2.0
environment:
- GF_ANALYTICS_REPORTING_ENABLED=false
volumes:
- ./log-analyser/grafana:/var/lib/grafana
- ./log-analyser/grafana-provisioning/dashboards/:/etc/grafana/provisioning/dashboards/
- ./log-analyser/grafana-provisioning/datasources/:/etc/grafana/provisioning/datasources/
ports:
- "3000:3000"
networks:
meet.jitsi:

65
jitsi/jibri.yml Normal file
View File

@@ -0,0 +1,65 @@
services:
jibri:
image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
volumes:
- ${CONFIG}/jibri:/config:Z
shm_size: '2gb'
cap_add:
- SYS_ADMIN
environment:
- AUTOSCALER_SIDECAR_KEY_FILE
- AUTOSCALER_SIDECAR_KEY_ID
- AUTOSCALER_SIDECAR_GROUP_NAME
- AUTOSCALER_SIDECAR_HOST_ID
- AUTOSCALER_SIDECAR_INSTANCE_ID
- AUTOSCALER_SIDECAR_PORT
- AUTOSCALER_SIDECAR_REGION
- AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
- AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
- AUTOSCALER_URL
- CHROMIUM_FLAGS
- DISPLAY=:0
- ENABLE_STATS_D
- IGNORE_CERTIFICATE_ERRORS
- JIBRI_WEBHOOK_SUBSCRIBERS
- JIBRI_INSTANCE_ID
- JIBRI_ENABLE_PROMETHEUS
- JIBRI_HTTP_API_EXTERNAL_PORT
- JIBRI_HTTP_API_INTERNAL_PORT
- JIBRI_RECORDING_RESOLUTION
- JIBRI_RECORDING_VIDEO_ENCODE_PRESET_RECORDING
- JIBRI_RECORDING_VIDEO_ENCODE_PRESET_STREAMING
- JIBRI_RECORDING_CONSTANT_RATE_FACTOR
- JIBRI_RECORDING_FRAMERATE
- JIBRI_RECORDING_QUEUE_SIZE
- JIBRI_RECORDING_STREAMING_MAX_BITRATE
- JIBRI_USAGE_TIMEOUT
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JIBRI_XORG_HORIZ_SYNC
- JIBRI_XORG_VERT_REFRESH
- JIBRI_BREWERY_MUC
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JIBRI_RECORDING_DIR
- JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
- JIBRI_STRIP_DOMAIN_JID
- JIBRI_STATSD_HOST
- JIBRI_STATSD_PORT
- LOCAL_ADDRESS
- PUBLIC_URL
- TZ
- XMPP_AUTH_DOMAIN
- XMPP_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_HIDDEN_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- XMPP_TRUST_ALL_CERTS
depends_on:
- jicofo
networks:
meet.jitsi:

47
jitsi/jibri/Dockerfile Normal file
View File

@@ -0,0 +1,47 @@
ARG JITSI_REPO=jitsi
ARG BASE_TAG=latest
FROM ${JITSI_REPO}/base-java:${BASE_TAG}
LABEL org.opencontainers.image.title="Jitsi Broadcasting Infrastructure (jibri)"
LABEL org.opencontainers.image.description="Components for recording and/or streaming a conference."
LABEL org.opencontainers.image.url="https://github.com/jitsi/jibri"
LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
ARG USE_CHROMIUM=0
#ARG CHROME_RELEASE=latest
# https://googlechromelabs.github.io/chrome-for-testing/
ARG CHROME_RELEASE=143.0.7499.40
COPY rootfs/ /
RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" \
jibri \
libgl1-mesa-dri \
procps \
jitsi-upload-integrations \
jitsi-autoscaler-sidecar \
jq \
pulseaudio \
dbus \
dbus-x11 \
rtkit \
unzip \
fonts-noto \
fonts-noto-cjk \
libcap2-bin \
rclone && \
/usr/bin/install-chrome.sh && \
apt-cleanup && \
adduser jibri rtkit && \
dpkgArch="$(dpkg --print-architecture)" && \
case "${dpkgArch##*-}" in \
"amd64") SC_ARCH=x86_64 ;; \
"arm64") SC_ARCH=aarch64 ;; \
*) echo "unsupported architecture"; exit 1 ;; \
esac && \
wget -qO /usr/bin/shm-check https://github.com/saghul/shm-check/releases/download/v1.0.0/shm-check-${SC_ARCH} && \
chmod +x /usr/bin/shm-check
VOLUME /config

19
jitsi/jibri/rootfs/defaults/autoscaler-sidecar.config Normal file
View File

@@ -0,0 +1,19 @@
{{ $JIBRI_HTTP_API_EXTERNAL_PORT := .Env.JIBRI_HTTP_API_EXTERNAL_PORT | default "2222" -}}
{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
export GRACEFUL_SHUTDOWN_SCRIPT="/opt/jitsi/jibri/wait_graceful_shutdown.sh"
export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
export ENABLE_REPORT_STATS=true
export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll"
export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
export STATS_RETRIEVE_URL="http://localhost:{{ $JIBRI_HTTP_API_EXTERNAL_PORT }}/jibri/api/v1.0/health"
export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
export INSTANCE_TYPE="jibri"
export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JIBRI_INSTANCE_ID }}","version":"{{ .Env.JIBRI_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'

96
jitsi/jibri/rootfs/defaults/jibri.conf Normal file
View File

@@ -0,0 +1,96 @@
{{ $IGNORE_CERTIFICATE_ERRORS := .Env.IGNORE_CERTIFICATE_ERRORS | default "false" | toBool -}}
{{ $ENABLE_PROMETHEUS := .Env.JIBRI_ENABLE_PROMETHEUS | default "false" | toBool -}}
{{ $JIBRI_RECORDING_RESOLUTION := .Env.JIBRI_RECORDING_RESOLUTION | default "1280x720" -}}
{{ $JIBRI_RECORDING_VIDEO_ENCODE_PRESET_RECORDING := .Env.JIBRI_RECORDING_VIDEO_ENCODE_PRESET_RECORDING | default "ultrafast" -}}
{{ $JIBRI_RECORDING_VIDEO_ENCODE_PRESET_STREAMING := .Env.JIBRI_RECORDING_VIDEO_ENCODE_PRESET_STREAMING | default "veryfast" -}}
{{ $JIBRI_RECORDING_CONSTANT_RATE_FACTOR := .Env.JIBRI_RECORDING_CONSTANT_RATE_FACTOR | default 25 -}}
{{ $JIBRI_RECORDING_FRAMERATE := .Env.JIBRI_RECORDING_FRAMERATE | default 30 -}}
{{ $JIBRI_RECORDING_QUEUE_SIZE := .Env.JIBRI_RECORDING_QUEUE_SIZE | default 4096 -}}
{{ $JIBRI_RECORDING_STREAMING_MAX_BITRATE := .Env.JIBRI_RECORDING_STREAMING_MAX_BITRATE | default "2976k" -}}
{{ $JIBRI_SINGLE_USE_MODE := .Env.JIBRI_SINGLE_USE_MODE | default "false" -}}
{{ $STATSD_HOST := .Env.JIBRI_STATSD_HOST | default "localhost" -}}
{{ $STATSD_PORT := .Env.JIBRI_STATSD_PORT | default "8125" -}}
jibri {
// A unique identifier for this Jibri
id = "{{ .Env.JIBRI_INSTANCE_ID }}"
// Whether or not Jibri should return to idle state after handling
// (successfully or unsuccessfully) a request. A value of 'true'
// here means that a Jibri will NOT return back to the IDLE state
// and will need to be restarted in order to be used again.
single-use-mode = {{ $JIBRI_SINGLE_USE_MODE }}
api {
{{ if or .Env.JIBRI_HTTP_API_EXTERNAL_PORT .Env.JIBRI_HTTP_API_INTERNAL_PORT -}}
http {
{{ if .Env.JIBRI_HTTP_API_EXTERNAL_PORT -}}
external-api-port = {{ .Env.JIBRI_HTTP_API_EXTERNAL_PORT }}
{{ end -}}
{{ if .Env.JIBRI_HTTP_API_INTERNAL_PORT -}}
internal-api-port = {{ .Env.JIBRI_HTTP_API_INTERNAL_PORT }}
{{ end -}}
}
{{ end -}}
}
recording {
recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR | default "/config/recordings" }}"
{{ if .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH -}}
finalize-script = "{{ .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH }}"
{{ end -}}
}
{{ if .Env.JIBRI_WEBHOOK_SUBSCRIBERS -}}
webhook {
subscribers = [{{ range $index, $element := (splitList "," .Env.JIBRI_WEBHOOK_SUBSCRIBERS | compact) }}{{ if gt $index 0}},{{ end }}"{{ $element }}"{{ end }}]
}{{ end }}
ffmpeg {
resolution = "{{ $JIBRI_RECORDING_RESOLUTION }}"
// The audio source that will be used to capture audio on Linux
audio-source = "pulse"
// The audio device that will be used to capture audio on Linux
audio-device = "default"
framerate = {{ $JIBRI_RECORDING_FRAMERATE }}
queue-size = {{ $JIBRI_RECORDING_QUEUE_SIZE }}
streaming-max-bitrate = "{{ $JIBRI_RECORDING_STREAMING_MAX_BITRATE }}"
// Available presets: ultrafast, superfast, veryfast, faster, fast, medium,
// slow, slower, veryslow, placebo
video-encode-preset-streaming = "{{ $JIBRI_RECORDING_VIDEO_ENCODE_PRESET_STREAMING }}"
video-encode-preset-recording = "{{ $JIBRI_RECORDING_VIDEO_ENCODE_PRESET_RECORDING }}"
// The range of the CRF scale is 0-51, where 0 is lossless,
// 23 is the default, and 51 is worst quality possible.
h264-constant-rate-factor = {{ $JIBRI_RECORDING_CONSTANT_RATE_FACTOR }}
}
{{ if .Env.CHROMIUM_FLAGS -}}
chrome {
// The flags which will be passed to chromium when launching
flags = [
"{{ join "\",\"" (splitList "," .Env.CHROMIUM_FLAGS | compact) }}"
]
}
{{ else if $IGNORE_CERTIFICATE_ERRORS -}}
chrome {
flags = [
"--use-fake-ui-for-media-stream",
"--start-maximized",
"--kiosk",
"--enabled",
"--autoplay-policy=no-user-gesture-required",
"--ignore-certificate-errors"
]
}
{{ end -}}
stats {
{{- if .Env.ENABLE_STATS_D }}
enable-stats-d = {{ .Env.ENABLE_STATS_D }}
host = "{{ $STATSD_HOST }}"
port = {{ $STATSD_PORT }}
{{- end }}
prometheus.enabled = {{ $ENABLE_PROMETHEUS }}
}
}
include "xmpp.conf"
include "/config/custom-jibri.conf"

33
jitsi/jibri/rootfs/defaults/logging.properties Normal file
View File

@@ -0,0 +1,33 @@
handlers = java.util.logging.FileHandler, java.util.logging.ConsoleHandler
org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jibri
java.util.logging.FileHandler.level = FINE
java.util.logging.FileHandler.pattern = /config/logs/log.%g.txt
java.util.logging.FileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
java.util.logging.FileHandler.count = 10
java.util.logging.FileHandler.limit = 10000000
org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.level = FINE
org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = /config/logs/ffmpeg.%g.txt
org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.count = 10
org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.limit = 10000000
org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.level = FINE
org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = /config/logs/pjsua.%g.txt
org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.count = 10
org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.limit = 10000000
org.jitsi.jibri.selenium.util.BrowserFileHandler.level = FINE
org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = /config/logs/browser.%g.txt
org.jitsi.jibri.selenium.util.BrowserFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.jibri.selenium.util.BrowserFileHandler.count = 10
org.jitsi.jibri.selenium.util.BrowserFileHandler.limit = 10000000
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.level = FINE
org.glassfish.level = INFO

77
jitsi/jibri/rootfs/defaults/xmpp.conf Normal file
View File

@@ -0,0 +1,77 @@
{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
{{ $JIBRI_STRIP_DOMAIN_JID := .Env.JIBRI_STRIP_DOMAIN_JID | default $XMPP_MUC_DOMAIN_PREFIX -}}
{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
{{ $JIBRI_USAGE_TIMEOUT := .Env.JIBRI_USAGE_TIMEOUT | default "0" -}}
{{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}}
{{ $XMPP_TRUST_ALL_CERTS := .Env.XMPP_TRUST_ALL_CERTS | default "true" | toBool -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER | compact -}}
{{/* assign env from context, preserve during range when . is re-assigned */}}
{{ $ENV := .Env -}}
jibri.api.xmpp.environments = [
// See example_xmpp_envs.conf for an example of what is expected here
{{ range $index, $element := $XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 2 $element }}
{
// A user-friendly name for this environment
name = "{{ $ENV.XMPP_ENV_NAME }}-{{$index}}"
// A list of XMPP server hosts to which we'll connect
xmpp-server-hosts = [
"{{ $SERVER._0 }}"
]
// The base XMPP domain
xmpp-domain = "{{ $XMPP_DOMAIN }}"
{{ if $ENV.PUBLIC_URL -}}
// An (optional) base url the Jibri will join if it is set
base-url = "{{ $ENV.PUBLIC_URL }}"
{{ end -}}
// The MUC we'll join to announce our presence for
// recording and streaming services
control-muc {
domain = "{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
room-name = "{{ $JIBRI_BREWERY_MUC }}"
nickname = "{{ $ENV.JIBRI_INSTANCE_ID }}"
}
// The login information for the control MUC
control-login {
domain = "{{ $XMPP_AUTH_DOMAIN }}"
port = "{{ $SERVER._1 | default $XMPP_PORT }}"
username = "{{ $JIBRI_XMPP_USER }}"
password = "{{ $ENV.JIBRI_XMPP_PASSWORD }}"
}
// The login information the selenium web client will use
call-login {
domain = "{{ $XMPP_HIDDEN_DOMAIN }}"
username = "{{ $JIBRI_RECORDER_USER }}"
password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}"
}
// The value we'll strip from the room JID domain to derive
// the call URL
strip-from-room-domain = "{{ $JIBRI_STRIP_DOMAIN_JID }}."
// How long Jibri sessions will be allowed to last before
// they are stopped. A value of 0 allows them to go on
// indefinitely
usage-timeout = "{{ $JIBRI_USAGE_TIMEOUT }}"
// Whether or not we'll automatically trust any cert on
// this XMPP domain
trust-all-xmpp-certs = {{ $XMPP_TRUST_ALL_CERTS }}
}
{{ end }}
]

122
jitsi/jibri/rootfs/defaults/xorg-video-dummy.conf Normal file
View File

@@ -0,0 +1,122 @@
{{ $JIBRI_RECORDING_RESOLUTION := .Env.JIBRI_RECORDING_RESOLUTION | default "1280x720" -}}
{{ $JIBRI_HORIZ_SYNC := .Env.JIBRI_XORG_HORIZ_SYNC | default "5.0 - 1000.0" -}}
{{ $JIBRI_VERT_REFRESH := .Env.JIBRI_XORG_VERT_REFRESH | default "5.0 - 200.0" -}}
# This xorg configuration file is meant to be used by xpra
# to start a dummy X11 server.
# For details, please see:
# https://xpra.org/Xdummy.html
Section "ServerFlags"
Option "DontVTSwitch" "true"
Option "AllowMouseOpenFail" "true"
Option "PciForceNone" "true"
Option "AutoEnableDevices" "false"
Option "AutoAddDevices" "false"
EndSection
Section "Device"
Identifier "dummy_videocard"
Driver "dummy"
Option "ConstantDPI" "true"
#VideoRam 4096000
#VideoRam 256000
VideoRam 192000
EndSection
Section "Monitor"
Identifier "dummy_monitor"
HorizSync {{ $JIBRI_HORIZ_SYNC }}
VertRefresh {{ $JIBRI_VERT_REFRESH }}
#This can be used to get a specific DPI, but only for the default resolution:
#DisplaySize 508 317
#NOTE: the highest modes will not work without increasing the VideoRam
# for the dummy video card.
Modeline "32768x32768" 15226.50 32768 35800 39488 46208 32768 32771 32781 32953
Modeline "32768x16384" 7516.25 32768 35544 39192 45616 16384 16387 16397 16478
Modeline "16384x8192" 2101.93 16384 16416 24400 24432 8192 8390 8403 8602
Modeline "8192x4096" 424.46 8192 8224 9832 9864 4096 4195 4202 4301
Modeline "5496x1200" 199.13 5496 5528 6280 6312 1200 1228 1233 1261
Modeline "5280x1080" 169.96 5280 5312 5952 5984 1080 1105 1110 1135
Modeline "5280x1200" 191.40 5280 5312 6032 6064 1200 1228 1233 1261
Modeline "5120x3200" 199.75 5120 5152 5904 5936 3200 3277 3283 3361
Modeline "4800x1200" 64.42 4800 4832 5072 5104 1200 1229 1231 1261
Modeline "3840x2880" 133.43 3840 3872 4376 4408 2880 2950 2955 3025
Modeline "3840x2560" 116.93 3840 3872 4312 4344 2560 2622 2627 2689
Modeline "3840x2048" 91.45 3840 3872 4216 4248 2048 2097 2101 2151
Modeline "3840x1080" 100.38 3840 3848 4216 4592 1080 1081 1084 1093
Modeline "3600x1200" 106.06 3600 3632 3984 4368 1200 1201 1204 1214
Modeline "3288x1080" 39.76 3288 3320 3464 3496 1080 1106 1108 1135
Modeline "2048x2048" 49.47 2048 2080 2264 2296 2048 2097 2101 2151
Modeline "2048x1536" 80.06 2048 2104 2312 2576 1536 1537 1540 1554
Modeline "2560x1600" 47.12 2560 2592 2768 2800 1600 1639 1642 1681
Modeline "2560x1440" 42.12 2560 2592 2752 2784 1440 1475 1478 1513
Modeline "1920x1440" 69.47 1920 1960 2152 2384 1440 1441 1444 1457
Modeline "1920x1200" 26.28 1920 1952 2048 2080 1200 1229 1231 1261
Modeline "1920x1080" 23.53 1920 1952 2040 2072 1080 1106 1108 1135
Modeline "1680x1050" 20.08 1680 1712 1784 1816 1050 1075 1077 1103
Modeline "1600x1200" 22.04 1600 1632 1712 1744 1200 1229 1231 1261
Modeline "1600x900" 33.92 1600 1632 1760 1792 900 921 924 946
Modeline "1440x900" 30.66 1440 1472 1584 1616 900 921 924 946
ModeLine "1366x768" 72.00 1366 1414 1446 1494 768 771 777 803
Modeline "1280x1024" 31.50 1280 1312 1424 1456 1024 1048 1052 1076
Modeline "1280x800" 24.15 1280 1312 1400 1432 800 819 822 841
Modeline "1280x768" 23.11 1280 1312 1392 1424 768 786 789 807
Modeline "1360x768" 24.49 1360 1392 1480 1512 768 786 789 807
Modeline "1024x768" 18.71 1024 1056 1120 1152 768 786 789 807
Modeline "768x1024" 19.50 768 800 872 904 1024 1048 1052 1076
#common resolutions for android devices (both orientations):
Modeline "800x1280" 25.89 800 832 928 960 1280 1310 1315 1345
Modeline "1280x800" 24.15 1280 1312 1400 1432 800 819 822 841
Modeline "720x1280" 30.22 720 752 864 896 1280 1309 1315 1345
Modeline "1280x720" 27.41 1280 1312 1416 1448 720 737 740 757
Modeline "768x1024" 24.93 768 800 888 920 1024 1047 1052 1076
Modeline "1024x768" 23.77 1024 1056 1144 1176 768 785 789 807
Modeline "600x1024" 19.90 600 632 704 736 1024 1047 1052 1076
Modeline "1024x600" 18.26 1024 1056 1120 1152 600 614 617 631
Modeline "536x960" 16.74 536 568 624 656 960 982 986 1009
Modeline "960x536" 15.23 960 992 1048 1080 536 548 551 563
Modeline "600x800" 15.17 600 632 688 720 800 818 822 841
Modeline "800x600" 14.50 800 832 880 912 600 614 617 631
Modeline "480x854" 13.34 480 512 560 592 854 873 877 897
Modeline "848x480" 12.09 848 880 920 952 480 491 493 505
Modeline "480x800" 12.43 480 512 552 584 800 818 822 841
Modeline "800x480" 11.46 800 832 872 904 480 491 493 505
#resolutions for android devices (both orientations)
#minus the status bar
#38px status bar (and width rounded up)
Modeline "800x1242" 25.03 800 832 920 952 1242 1271 1275 1305
Modeline "1280x762" 22.93 1280 1312 1392 1424 762 780 783 801
Modeline "720x1242" 29.20 720 752 856 888 1242 1271 1276 1305
Modeline "1280x682" 25.85 1280 1312 1408 1440 682 698 701 717
Modeline "768x986" 23.90 768 800 888 920 986 1009 1013 1036
Modeline "1024x730" 22.50 1024 1056 1136 1168 730 747 750 767
Modeline "600x986" 19.07 600 632 704 736 986 1009 1013 1036
Modeline "1024x562" 17.03 1024 1056 1120 1152 562 575 578 591
Modeline "536x922" 16.01 536 568 624 656 922 943 947 969
Modeline "960x498" 14.09 960 992 1040 1072 498 509 511 523
Modeline "600x762" 14.39 600 632 680 712 762 779 783 801
Modeline "800x562" 13.52 800 832 880 912 562 575 578 591
Modeline "480x810" 12.59 480 512 552 584 810 828 832 851
Modeline "848x442" 11.09 848 880 920 952 442 452 454 465
Modeline "480x762" 11.79 480 512 552 584 762 779 783 801
EndSection
Section "Screen"
Identifier "dummy_screen"
Device "dummy_videocard"
Monitor "dummy_monitor"
DefaultDepth 24
SubSection "Display"
Viewport 0 0
Depth 24
Modes {{ $JIBRI_RECORDING_RESOLUTION | quote }}
EndSubSection
EndSection
Section "ServerLayout"
Identifier "dummy_layout"
Screen "dummy_screen"
EndSection

3
jitsi/jibri/rootfs/etc/chromium/policies/managed/managed_policies.json Normal file
View File

@@ -0,0 +1,3 @@
{
"CommandLineFlagSecurityWarningsEnabled": false
}

93
jitsi/jibri/rootfs/etc/cont-init.d/10-config Normal file
View File

@@ -0,0 +1,93 @@
#!/usr/bin/with-contenv bash
# Check if the SYS_ADMIN cap is set
if ! capsh --has-p=cap_sys_admin; then
echo "Required capability SYS_ADMIN is missing"
exit 1
fi
# Check if /dev/shm is large enough (2GB at least)
if ! shm-check; then
echo "/dev/shm must be at least 2GB in size"
exit 1
fi
if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then
echo 'FATAL ERROR: Jibri recorder password and auth password must be set'
exit 1
fi
OLD_JIBRI_RECORDER_PASSWORD=passw0rd
if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
exit 1
fi
OLD_JIBRI_XMPP_PASSWORD=passw0rd
if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
exit 1
fi
# DISPLAY is necessary for start
[ -z "${DISPLAY}" ] \
&& ( echo -e "\e[31mERROR: Please set DISPLAY variable.\e[39m"; kill 1; exit 1 )
# script for finalizing must have executing bit.
[ ! -z "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
&& [ -f "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
&& [ ! -x "${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}" ] \
&& chmod +x ${JIBRI_FINALIZE_RECORDING_SCRIPT_PATH}
# set random jibri nickname for the instance if is not set
[ -z "${JIBRI_INSTANCE_ID}" ] && export JIBRI_INSTANCE_ID="jibri-$(date +%N)"
# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled
if [ -n "$AUTOSCALER_URL" ]; then
if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem"
fi
if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then
# assume key id is equal to the base real path of the key file minus .pem
export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')"
fi
if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
echo "AUTOSCALER_URL found, enabling autoscaler sidecar"
export JIBRI_VERSION="$(dpkg -s jibri | grep Version | awk '{print $2}' | sed 's/..$//')"
[ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000"
[ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook"
[ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JIBRI_INSTANCE_ID"
[ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker"
[ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jibri"
[ -z "$LOCAL_ADDRESS" ] && export LOCAL_ADDRESS="$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1 '})"
mkdir -p /etc/jitsi/autoscaler-sidecar
tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config
else
echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled"
fi
else
echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled"
fi
# maintain backward compatibility with older variable
[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
# always recreate configs
tpl /defaults/jibri.conf > /etc/jitsi/jibri/jibri.conf
tpl /defaults/xmpp.conf > /etc/jitsi/jibri/xmpp.conf
tpl /defaults/logging.properties > /etc/jitsi/jibri/logging.properties
tpl /defaults/xorg-video-dummy.conf > /etc/jitsi/jibri/xorg-video-dummy.conf
# make recording dir
[ -z "${JIBRI_RECORDING_DIR}" ] && export JIBRI_RECORDING_DIR=/config/recordings
mkdir -p ${JIBRI_RECORDING_DIR}
chown -R jibri ${JIBRI_RECORDING_DIR}
# make logs dir
JIBRI_LOGS_DIR=/config/logs
mkdir -p ${JIBRI_LOGS_DIR}
chown -R jibri ${JIBRI_LOGS_DIR}

2
jitsi/jibri/rootfs/etc/fix-attrs.d/10-jibri Normal file
View File

@@ -0,0 +1,2 @@
/home/jibri/.config true jibri 0640 0750
/home/jibri false jibri 0640 0750

3
jitsi/jibri/rootfs/etc/opt/chrome/policies/managed/managed_policies.json Normal file
View File

@@ -0,0 +1,3 @@
{
"CommandLineFlagSecurityWarningsEnabled": false
}

65
jitsi/jibri/rootfs/etc/pulse/default.pa Normal file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/pulseaudio -nF
#
# This file is part of PulseAudio.
#
# PulseAudio is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PulseAudio is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
# This startup script is used only if PulseAudio is started per-user
# (i.e. not in system mode)
# Customized for Jibri
.fail
### Automatically restore the volume of streams and devices
load-module module-device-restore
load-module module-stream-restore
load-module module-card-restore
### Automatically augment property information from .desktop files
### stored in /usr/share/application
load-module module-augment-properties
### Should be after module-*-restore but before module-*-detect
load-module module-switch-on-port-available
### Load several protocols
load-module module-native-protocol-unix
### Automatically restore the default sink/source when changed by the user
### during runtime
### NOTE: This should be loaded as early as possible so that subsequent modules
### that look up the default sink/source get the right value
load-module module-default-device-restore
### Make sure we always have a sink around, even if it is a null sink.
load-module module-always-sink
### Honour intended role device property
load-module module-intended-roles
### Automatically suspend sinks/sources that become idle for too long
load-module module-suspend-on-idle
### If autoexit on idle is enabled we want to make sure we only quit
### when no local session needs us anymore.
#.ifexists module-console-kit.so
#load-module module-console-kit
#.endif
#.ifexists module-systemd-login.so
#load-module module-systemd-login
#.endif
### Enable positioned event sounds
load-module module-position-event-sounds

5
jitsi/jibri/rootfs/etc/services.d/10-xorg/run Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/with-contenv bash
DAEMON="/usr/bin/Xorg -nocursor -noreset +extension RANDR +extension RENDER -logfile /tmp/xorg.log -config /etc/jitsi/jibri/xorg-video-dummy.conf ${DISPLAY}"
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"

5
jitsi/jibri/rootfs/etc/services.d/20-icewm/run Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/with-contenv bash
DAEMON="/usr/bin/icewm-session"
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"

4
jitsi/jibri/rootfs/etc/services.d/30-pulse/run Normal file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/with-contenv bash
HOME=/home/jibri
exec s6-setuidgid jibri /bin/bash -c "exec /usr/bin/pulseaudio"

9
jitsi/jibri/rootfs/etc/services.d/40-jibri/finish Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/with-contenv bash
# When jibri is shutdown (or gracefully shutdown), it exits with code 255.
# In this case, we don't want S6 to restart the service. We want to stop all
# services and shutdown the container.
if [[ $1 -eq 255 ]]; then
s6-svscanctl -t /var/run/s6/services
fi

12
jitsi/jibri/rootfs/etc/services.d/40-jibri/run Normal file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/with-contenv bash
# we have to set it, otherwise chrome won't find ~/.asoundrc file
HOME=/home/jibri
DAEMON=/opt/jitsi/jibri/launch.sh
CHROME_BIN_PATH="$(which google-chrome)"
[ $? -ne 0 ] && CHROME_BIN_PATH="$(which chromium)"
# pre-warm google chrome before jibri launches to ensure fast chrome launch during recordings
[ -n "$CHROME_BIN_PATH" ] && s6-setuidgid jibri $CHROME_BIN_PATH --timeout=1000 --headless about:blank
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"

10
jitsi/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/with-contenv bash
if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
else
# if autoscaler-sidecar should not be started,
# prevent s6 from restarting this script again and again
s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
fi

1
jitsi/jibri/rootfs/home/jibri/.config/pulse/client.conf Normal file
View File

@@ -0,0 +1 @@
autospawn = no

9
jitsi/jibri/rootfs/home/jibri/.config/pulse/daemon.conf Normal file
View File

@@ -0,0 +1,9 @@
daemonize = no
high-priority = no
realtime-scheduling = yes
realtime-priority = 5
exit-idle-time = -1
flat-volumes = no
deferred-volume-safety-margin-usec = 1
log-level = info
log-target = file:/config/logs/pulse.log

8
jitsi/jibri/rootfs/home/jibri/.config/pulse/default.pa Normal file
View File

@@ -0,0 +1,8 @@
.include /etc/pulse/default.pa
# Load the virtual sink and set it as default
load-module module-virtual-sink sink_name=jibri-loop
set-default-sink jibri-loop
# set the monitor of the jibri-loop sink to be the default source
set-default-source jibri-loop.monitor

11
jitsi/jibri/rootfs/opt/jitsi/shutdown.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/with-contenv bash
# notify the sidecar of imminent shutdown
PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
curl -d '{}' -v 0:$PORT/hook/v1/shutdown
sleep 10
# signal jibri to shutdown via rest api
/opt/jitsi/jibri/shutdown.sh
# shutdown everything else
s6-svscanctl -t /var/run/s6/services

43
jitsi/jibri/rootfs/usr/bin/install-chrome.sh Executable file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
set -o pipefail -xeu
dpkgArch="$(dpkg --print-architecture)"
if [ "${USE_CHROMIUM}" = 1 -o "${dpkgArch##*-}" = "arm64" ]; then
echo "Using Debian's Chromium"
apt-dpkg-wrap apt-get install -y chromium chromium-driver chromium-sandbox
chromium --version
else
if [ "${CHROME_RELEASE}" = "latest" ]; then
wget -qO - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmour > /etc/apt/trusted.gpg.d/google.gpg
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
apt-dpkg-wrap apt-get update
apt-dpkg-wrap apt-get install -y google-chrome-stable
else
CHROME_DEB="/tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb"
curl -4so ${CHROME_DEB} "http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb"
apt-dpkg-wrap apt-get install -y ${CHROME_DEB}
rm -f ${CHROME_DEB}
fi
google-chrome --version
BASE_URL=https://googlechromelabs.github.io/chrome-for-testing
if [ "${CHROME_RELEASE}" = "latest" ]; then
CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_STABLE)"
else
CHROMEDRIVER_MAJOR_RELEASE=$(echo $CHROME_RELEASE | cut -d. -f1)
CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_${CHROMEDRIVER_MAJOR_RELEASE})"
fi
CHROMEDRIVER_ZIP="/tmp/chromedriver_linux64.zip"
curl -4Lso ${CHROMEDRIVER_ZIP} "https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_RELEASE}/linux64/chromedriver-linux64.zip"
unzip ${CHROMEDRIVER_ZIP} -d /tmp/
mv /tmp/chromedriver-linux64/chromedriver /usr/bin/
chmod +x /usr/bin/chromedriver
rm -rf /tmp/chromedriver*
fi
chromedriver --version

17
jitsi/jicofo/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
ARG JITSI_REPO=jitsi
ARG BASE_TAG=latest
FROM ${JITSI_REPO}/base-java:${BASE_TAG}
LABEL org.opencontainers.image.title="Jitsi Conference Focus (jicofo)"
LABEL org.opencontainers.image.description="Server-side focus component that manages media sessions and acts as load balancer."
LABEL org.opencontainers.image.url="https://github.com/jitsi/jicofo"
LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jicofo && \
apt-cleanup
COPY rootfs/ /
VOLUME /config

338
jitsi/jicofo/rootfs/defaults/jicofo.conf Normal file
View File

@@ -0,0 +1,338 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}}
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}}
{{ $JICOFO_AUTH_LIFETIME := .Env.JICOFO_AUTH_LIFETIME | default "24 hours" -}}
{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "1" | toBool -}}
{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
{{ $ENABLE_TRANSCRIPTIONS := .Env.ENABLE_TRANSCRIPTIONS | default "0" | toBool -}}
{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
{{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default $ENABLE_SCTP | toBool -}}
{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}}
{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}}
{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}}
{{ $ENABLE_SHARED_DOCUMENT_RANDOM_NAME := .Env.ENABLE_SHARED_DOCUMENT_RANDOM_NAME | default "0" | toBool -}}
{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool -}}
{{ $ICE_FAILURE_INTERVAL := .Env.JICOFO_ICE_FAILURE_INTERVAL | default "60" -}}
{{ $ICE_FAILURE_MIN_ENDPOINTS := .Env.JICOFO_ICE_FAILURE_MIN_ENDPOINTS | default "40" -}}
{{ $ICE_FAILURE_THRESHOLD := .Env.JICOFO_ICE_FAILURE_THRESHOLD | default "0.1" -}}
{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}}
{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}}
{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default "90 seconds" -}}
{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
{{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
{{ $RESTART_REQUEST_INTERVAL := .Env.JICOFO_RESTART_REQUEST_INTERVAL | default "60" -}}
{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_REQUIRE_MUC_CONFIG := .Env.JICOFO_VISITORS_REQUIRE_MUC_CONFIG | default "0" | toBool }}
{{ $VISITORS_XMPP_AUTH_DOMAIN := .Env.VISITORS_XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER | compact -}}
{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default 52220 }}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}}
{{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}}
{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default (or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS | ternary $XMPP_HIDDEN_DOMAIN "") -}}
{{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST | compact -}}
{{ $ENV := .Env }}
jicofo {
{{ if $JICOFO_ENABLE_AUTH }}
authentication {
enabled = true
// The type of authentication. Supported values are XMPP or JWT.
{{ if eq $JICOFO_AUTH_TYPE "jwt" }}
type = JWT
{{ else }}
type = XMPP
{{ end }}
login-url = "{{ $XMPP_DOMAIN }}"
enable-auto-login = {{ $ENABLE_AUTO_LOGIN }}
authentication-lifetime = {{ $JICOFO_AUTH_LIFETIME }}
}
{{ end }}
// Configuration related to jitsi-videobridge
bridge {
{{ if .Env.MAX_BRIDGE_PARTICIPANTS }}
max-bridge-participants = "{{ .Env.MAX_BRIDGE_PARTICIPANTS }}"
{{ end }}
{{ if .Env.BRIDGE_AVG_PARTICIPANT_STRESS }}
// The assumed average stress per participant. default is 0.01
average-participant-stress = "{{ .Env.BRIDGE_AVG_PARTICIPANT_STRESS }}"
{{ end }}
{{ if .Env.BRIDGE_STRESS_THRESHOLD }}
// The stress level above which a bridge is considered overstressed. 0.8 is the default value
stress-threshold = "{{ .Env.BRIDGE_STRESS_THRESHOLD }}"
{{ end }}
{{ if $ENABLE_VISITORS }}
selection-strategy = VisitorSelectionStrategy
visitor-selection-strategy = RegionBasedBridgeSelectionStrategy
participant-selection-strategy = RegionBasedBridgeSelectionStrategy
topology-strategy = VisitorTopologyStrategy
{{ else }}
{{ if .Env.OCTO_BRIDGE_SELECTION_STRATEGY }}
selection-strategy = "{{ .Env.OCTO_BRIDGE_SELECTION_STRATEGY }}"
{{ end }}
{{ end }}
{{ if .Env.JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS }}
health-checks {
enabled = {{ .Env.JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS | toBool }}
use-presence = {{ $HEALTH_CHECKS_USE_PRESENCE }}
}
{{ end }}
{{ if .Env.JICOFO_ENABLE_ICE_FAILURE_DETECTION }}
ice-failure-detection {
enabled = {{ .Env.JICOFO_ENABLE_ICE_FAILURE_DETECTION | toBool }}
interval = {{ $ICE_FAILURE_INTERVAL }} seconds
min-endpoints = {{ $ICE_FAILURE_MIN_ENDPOINTS }}
threshold = {{ $ICE_FAILURE_THRESHOLD }}
}
{{ end }}
{{ if .Env.JICOFO_ENABLE_LOAD_REDISTRIBUTION }}
load-redistribution {
enabled = {{ .Env.JICOFO_ENABLE_LOAD_REDISTRIBUTION | toBool }}
}
{{ end }}
{{ if $ENABLE_JVB_XMPP_SERVER }}
brewery-jid = "{{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}"
{{ else }}
brewery-jid = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
{{ end }}
{{ if .Env.JICOFO_BRIDGE_REGION_GROUPS }}
region-groups = [{{ .Env.JICOFO_BRIDGE_REGION_GROUPS }}]
{{ end }}
}
// Configure the codecs and RTP extensions to be used in the offer sent to clients.
codec {
video {
{{ if .Env.ENABLE_CODEC_VP8 }}
vp8 {
enabled = {{ .Env.ENABLE_CODEC_VP8 | toBool }}
}
{{ end }}
{{ if .Env.ENABLE_CODEC_VP9 }}
vp9 {
enabled = {{ .Env.ENABLE_CODEC_VP9 | toBool }}
}
{{ end }}
{{ if .Env.ENABLE_CODEC_AV1 }}
av1 {
enabled = {{ .Env.ENABLE_CODEC_AV1 | toBool }}
}
{{ end }}
{{ if .Env.ENABLE_CODEC_H264 }}
h264 {
enabled = {{ .Env.ENABLE_CODEC_H264 | toBool }}
}
{{ end }}
}
audio {
{{ if .Env.ENABLE_CODEC_OPUS_RED }}
opus {
red {
enabled = {{ .Env.ENABLE_CODEC_OPUS_RED | toBool }}
}
}
{{ end }}
}
rtp-extensions {
video-layers-allocation {
enabled = {{ .Env.ENABLE_VLA | default "0" | toBool }}
}
}
}
conference {
{{ if .Env.ENABLE_AUTO_OWNER }}
enable-auto-owner = {{ .Env.ENABLE_AUTO_OWNER | toBool }}
{{ end }}
{{ if .Env.ENABLE_MODERATOR_CHECKS }}
enable-moderator-checks = {{ .Env.ENABLE_MODERATOR_CHECKS | toBool }}
{{ end }}
{{ if .Env.JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT }}
initial-timeout = "{{ .Env.JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT }}"
{{ end }}
max-ssrcs-per-user = "{{ $MAX_SSRCS_PER_USER }}"
max-ssrc-groups-per-user = "{{ $MAX_SSRC_GROUPS_PER_USER }}"
{{ if .Env.JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT }}
single-participant-timeout = "{{ .Env.JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT }}"
{{ end }}
{{ if .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }}
source-signaling-delays = {{ .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }}
{{ end }}
{{ if .Env.JICOFO_CONF_MAX_AUDIO_SENDERS }}
max-audio-senders = {{ .Env.JICOFO_CONF_MAX_AUDIO_SENDERS }}
{{ end }}
{{ if .Env.JICOFO_CONF_MAX_VIDEO_SENDERS }}
max-video-senders = {{ .Env.JICOFO_CONF_MAX_VIDEO_SENDERS }}
{{ end }}
{{ if .Env.JICOFO_CONF_STRIP_SIMULCAST }}
strip-simulcast = {{ .Env.JICOFO_CONF_STRIP_SIMULCAST | toBool }}
{{ end }}
{{ if .Env.JICOFO_CONF_SSRC_REWRITING }}
use-ssrc-rewriting = {{ .Env.JICOFO_CONF_SSRC_REWRITING | toBool }}
{{ end }}
{{ if .Env.JICOFO_MULTI_STREAM_BACKWARD_COMPAT }}
enable-multi-stream-backward-compat = {{ .Env.JICOFO_MULTI_STREAM_BACKWARD_COMPAT | toBool }}
{{ end }}
{{ if $ENABLE_SHARED_DOCUMENT_RANDOM_NAME }}
shared-document {
use-random-name = {{ $ENABLE_SHARED_DOCUMENT_RANDOM_NAME }}
}
{{ end }}
{{ if .Env.JICOFO_RESTART_REQUEST_MAX }}
restart-request-rate-limits {
max-requests = {{ .Env.JICOFO_RESTART_REQUEST_MAX }}
interval = {{ $RESTART_REQUEST_INTERVAL }} seconds
}
{{ end }}
}
{{ if .Env.JICOFO_ENABLE_HEALTH_CHECKS }}
// Configuration for the internal health checks performed by jicofo.
health {
// Whether to perform health checks.
enabled = {{ .Env.JICOFO_ENABLE_HEALTH_CHECKS | toBool }}
}
{{ end }}
{{ if $ENABLE_RECORDING }}
jibri {
brewery-jid = "{{ $JIBRI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
{{ if .Env.JIBRI_REQUEST_RETRIES }}
num-retries = "{{ .Env.JIBRI_REQUEST_RETRIES }}"
{{ end }}
pending-timeout = "{{ $JIBRI_PENDING_TIMEOUT }}"
}
{{ end }}
{{ if .Env.JIBRI_SIP_BREWERY_MUC }}
jibri-sip {
brewery-jid = "{{ .Env.JIBRI_SIP_BREWERY_MUC }}"
}
{{ end }}
{{ if or .Env.JIGASI_SIP_URI $ENABLE_TRANSCRIPTIONS }}
jigasi {
brewery-jid = "{{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
}
{{ end }}
{{ if .Env.JICOFO_OCTO_REGION }}
local-region = "{{ .Env.JICOFO_OCTO_REGION }}"
{{ end }}
octo {
// Whether or not to use Octo. Note that when enabled, its use will be determined by
// $jicofo.bridge.selection-strategy. There's a corresponding flag in the JVB and these
// two MUST be in sync (otherwise bridges will crash because they won't know how to
// deal with octo channels).
enabled = {{ $ENABLE_OCTO }}
sctp-datachannels = {{ $ENABLE_OCTO_SCTP }}
}
{{ if $ENABLE_REST }}
rest {
host = "0.0.0.0"
}
{{ end }}
sctp {
enabled = {{ $ENABLE_SCTP }}
}
{{ if $ENABLE_VISITORS }}
visitors {
enabled = true
{{ if .Env.VISITORS_MAX_PARTICIPANTS }}
max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }}
{{ end }}
{{ if $VISITORS_MAX_VISITORS_PER_NODE }}
max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }}
{{ end }}
require-muc-config-flag = {{ $VISITORS_REQUIRE_MUC_CONFIG }}
}
{{ end }}
xmpp {
{{ if $ENABLE_VISITORS }}
{{ if $.Env.VISITORS_XMPP_SERVER }}
visitors {
{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 2 $element }}
v{{ $index }} {
enabled = true
conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
hostname = {{ $SERVER._0 }}
{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
port = {{ $SERVER._1 | default $DEFAULT_PORT }}
domain = "{{ $VISITORS_XMPP_AUTH_DOMAIN }}"
xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
disable-certificate-verification = true
}
{{ end }}
}
{{ end }}
{{ end }}
client {
enabled = true
hostname = "{{ $XMPP_SERVER }}"
port = "{{ $XMPP_PORT }}"
domain = "{{ $XMPP_AUTH_DOMAIN }}"
xmpp-domain = "{{ $XMPP_DOMAIN }}"
username = "focus"
password = "{{ .Env.JICOFO_AUTH_PASSWORD }}"
conference-muc-jid = "{{ $XMPP_MUC_DOMAIN }}"
client-proxy = "focus.{{ $XMPP_DOMAIN }}"
disable-certificate-verification = true
}
{{ if $ENABLE_JVB_XMPP_SERVER }}
service {
enabled = true
hostname = "{{ $JVB_XMPP_SERVER }}"
port = "{{ $JVB_XMPP_PORT }}"
domain = "{{ $JVB_XMPP_AUTH_DOMAIN }}"
username = "focus"
password = "{{ .Env.JICOFO_AUTH_PASSWORD }}"
disable-certificate-verification = true
}
{{ end }}
trusted-domains = [ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ]
}
}
include "custom-jicofo.conf"

15
jitsi/jicofo/rootfs/defaults/logging.properties Normal file
View File

@@ -0,0 +1,15 @@
{{ if .Env.SENTRY_DSN | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers= java.util.logging.ConsoleHandler
{{ end }}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo
.level=INFO
io.sentry.jul.SentryHandler.level=WARNING
# Enable debug packets logging
#org.jitsi.impl.protocol.xmpp.level=FINE

22
jitsi/jicofo/rootfs/etc/cont-init.d/10-config Normal file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/with-contenv bash
export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jicofo | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo auth password must be set'
exit 1
fi
OLD_JICOFO_AUTH_PASSWORD=passw0rd
if [[ "$JICOFO_AUTH_PASSWORD" == "$OLD_JICOFO_AUTH_PASSWORD" ]]; then
echo 'FATAL ERROR: Jicofo auth password must be changed, check the README'
exit 1
fi
# maintain backward compatibility with older variable
[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
tpl /defaults/logging.properties > /config/logging.properties
tpl /defaults/jicofo.conf > /config/jicofo.conf
chown -R jicofo:jitsi /config

11
jitsi/jicofo/rootfs/etc/services.d/jicofo/run Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/with-contenv bash
JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
DAEMON=/usr/share/jicofo/jicofo.sh
DAEMON_DIR=/usr/share/jicofo/
JICOFO_CMD="exec $DAEMON"
[ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE"
exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD"

3
jitsi/jicofo/rootfs/usr/local/bin/healthcheck.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
curl --fail-with-body http://127.0.0.1:8888/about/health

68
jitsi/jigasi.yml Normal file
View File

@@ -0,0 +1,68 @@
services:
# SIP gateway (audio)
jigasi:
image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-10710}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp'
volumes:
- ${CONFIG}/jigasi:/config:Z
environment:
- AUTOSCALER_SIDECAR_KEY_FILE
- AUTOSCALER_SIDECAR_KEY_ID
- AUTOSCALER_SIDECAR_GROUP_NAME
- AUTOSCALER_SIDECAR_HOST_ID
- AUTOSCALER_SIDECAR_INSTANCE_ID
- AUTOSCALER_SIDECAR_PORT
- AUTOSCALER_SIDECAR_REGION
- AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
- AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
- AUTOSCALER_URL
- BOSH_URL_PATTERN
- ENABLE_AUTH
- ENABLE_GUESTS
- ENABLE_VISITORS
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_DOMAIN
- PUBLIC_URL
- JIGASI_CONFIGURATION
- JIGASI_DISABLE_SIP
- JIGASI_ENABLE_REST
- JIGASI_JVB_TIMEOUT
- JIGASI_LOCAL_REGION
- JIGASI_LOG_FILE
- JIGASI_MODE=sip
- JIGASI_SIP_URI
- JIGASI_SIP_PASSWORD
- JIGASI_SIP_SERVER
- JIGASI_SIP_PORT
- JIGASI_SIP_TRANSPORT
- JIGASI_SIP_DEFAULT_ROOM
- JIGASI_STATS_ID
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JIGASI_BREWERY_MUC
- JIGASI_PORT_MIN
- JIGASI_PORT_MAX
- JIGASI_HEALTH_CHECK_SIP_URI
- JIGASI_HEALTH_CHECK_INTERVAL
- JIGASI_SIP_KEEP_ALIVE_METHOD
- JIGASI_ENABLE_SDES_SRTP
- JIGASI_VISITORS_QUEUE_SERVICE_URL
- JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_PATH
- JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_ID
- SHUTDOWN_REST_ENABLED
- SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- USE_TRANSLATOR_IN_CONFERENCE
depends_on:
- prosody
networks:
meet.jitsi:

19
jitsi/jigasi/Dockerfile Normal file
View File

@@ -0,0 +1,19 @@
ARG JITSI_REPO=jitsi
ARG BASE_TAG=latest
FROM ${JITSI_REPO}/base-java:${BASE_TAG}
LABEL org.opencontainers.image.title="Jitsi Gateway to SIP (jigasi)"
LABEL org.opencontainers.image.description="Server-side application that allows regular SIP clients to join conferences."
LABEL org.opencontainers.image.url="https://github.com/jitsi/jigasi"
LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
ENV GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jigasi jq jitsi-autoscaler-sidecar && \
apt-cleanup
COPY rootfs/ /
VOLUME ["/config", "/tmp/transcripts"]

19
jitsi/jigasi/rootfs/defaults/autoscaler-sidecar.config Normal file
View File

@@ -0,0 +1,19 @@
{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
{{ $JIGASI_STATS_PORT := .Env.JIGASI_STATS_PORT | default "8788" -}}
export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jigasi/graceful_shutdown.sh"
export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
export ENABLE_REPORT_STATS=true
export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll"
export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
export STATS_RETRIEVE_URL="http://localhost:{{ $JIGASI_STATS_PORT }}/about/stats"
export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
export INSTANCE_TYPE="jigasi"
export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JIGASI_INSTANCE_ID }}","version":"{{ .Env.JIGASI_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'

20
jitsi/jigasi/rootfs/defaults/logging.properties Normal file
View File

@@ -0,0 +1,20 @@
{{ if .Env.SENTRY_DSN | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers=java.util.logging.ConsoleHandler
{{ end }}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
.level=INFO
net.sf.level=SEVERE
net.java.sip.communicator.plugin.reconnectplugin.level=FINE
org.ice4j.level=SEVERE
org.jitsi.impl.neomedia.level=SEVERE
io.sentry.jul.SentryHandler.level=WARNING
# Do not worry about missing strings
net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
#net.java.sip.communicator.service.protocol.level=ALL

80
jitsi/jigasi/rootfs/defaults/sip-communicator.properties Normal file
View File

@@ -0,0 +1,80 @@
{{ $JIGASI_JVB_TIMEOUT := .Env.JIGASI_JVB_TIMEOUT | default "30000" -}}
{{ $JIGASI_LOCAL_REGION := .Env.JIGASI_LOCAL_REGION | default "" -}}
{{ $BOSH_URL_PATTERN := .Env.BOSH_URL_PATTERN | default "" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER | compact -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
{{ $XMPP_SERVER_ADDRESS := splitn ":" 3 ($XMPP_SERVERS | first) }}
{{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}}
{{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}}
{{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST | compact -}}
{{ $ENABLE_REST := .Env.JIGASI_ENABLE_REST | default "false" | toBool -}}
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
# Adjust opus encoder complexity
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
# Disables packet logging
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false
# Control REST Shutdown
org.jitsi.jigasi.ENABLE_REST_SHUTDOWN={{ $SHUTDOWN_REST_ENABLED }}
org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.MUC_JOIN_TIMEOUT=10
org.jitsi.jigasi.HEALTH_CHECK_SIP_URI={{ .Env.JIGASI_HEALTH_CHECK_SIP_URI | default "" }}
org.jitsi.jigasi.HEALTH_CHECK_INTERVAL={{ .Env.JIGASI_HEALTH_CHECK_INTERVAL | default "300000" }}
org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ $XMPP_SERVER_ADDRESS._0 }}
org.jitsi.jigasi.xmpp.acc.SERVER_PORT={{ $XMPP_SERVER_ADDRESS._1 | default $XMPP_PORT }}
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.USE_DEFAULT_STUN_SERVER=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the
# remote certificates always.
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
{{ if .Env.JIGASI_SIP_DEFAULT_ROOM }}
org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }}
{{ end }}
org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ $XMPP_MUC_DOMAIN }}
# when checking other participants whether they are jibri/jigasi we can also check the the domain they use for connecting
{{ if $TRUSTED_DOMAIN_LIST }}
org.jitsi.jigasi.TRUSTED_DOMAINS=[ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ]
{{ end }}
org.jitsi.jigasi.JVB_INVITE_TIMEOUT={{ $JIGASI_JVB_TIMEOUT }}
{{ if $JIGASI_LOCAL_REGION }}
org.jitsi.jigasi.LOCAL_REGION={{ $JIGASI_LOCAL_REGION }}
{{ end }}
{{ if $BOSH_URL_PATTERN }}
org.jitsi.jigasi.xmpp.acc.BOSH_URL_PATTERN={{ $BOSH_URL_PATTERN }}
{{ end }}
{{ if $ENABLE_REST }}
org.jitsi.jigasi.rest.jetty.host=0.0.0.0
{{ end }}
{{ if .Env.JIGASI_STATS_ID -}}
org.jitsi.jigasi.STATS_ID={{ .Env.JIGASI_STATS_ID }}
{{- end }}
{{ if .Env.JIGASI_CONFIGURATION -}}
{{ join "\n" (splitList "," .Env.JIGASI_CONFIGURATION | compact) }}
{{ end -}}

98
jitsi/jigasi/rootfs/defaults/sipserver-sip-communicator.properties Normal file
View File

@@ -0,0 +1,98 @@
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $JIGASI_SIP_PASSWORD := .Env.JIGASI_SIP_PASSWORD | default "replaceme" -}}
{{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
{{ $USE_TRANSLATOR_IN_CONFERENCE := .Env.USE_TRANSLATOR_IN_CONFERENCE | default "0" | toBool -}}
org.jitsi.jigasi.ENABLE_SIP=true
# SIP account
net.java.sip.communicator.impl.protocol.sip.acc1=acc1
{{ if .Env.JIGASI_SIP_SERVER }}
net.java.sip.communicator.impl.protocol.sip.acc1.PROXY_ADDRESS={{ .Env.JIGASI_SIP_SERVER }}
net.java.sip.communicator.impl.protocol.sip.acc1.PROXY_AUTO_CONFIG=false
net.java.sip.communicator.impl.protocol.sip.acc1.PROXY_PORT={{ .Env.JIGASI_SIP_PORT | default "5060" }}
net.java.sip.communicator.impl.protocol.sip.acc1.PREFERRED_TRANSPORT={{ .Env.JIGASI_SIP_TRANSPORT | default "UDP" }}
{{ end }}
{{ if .Env.JIGASI_ENABLE_SDES_SRTP | default "0" | toBool }}
net.java.sip.communicator.impl.protocol.sip.acc1.SAVP_OPTION=1
net.java.sip.communicator.impl.protocol.sip.acc1.DEFAULT_ENCRYPTION=true
net.java.sip.communicator.impl.protocol.sip.acc1.DEFAULT_SIPZRTP_ATTRIBUTE=false
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL.ZRTP=0
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL.SDES=1
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL.DTLS-SRTP=0
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL_STATUS.ZRTP=false
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL_STATUS.SDES=true
net.java.sip.communicator.impl.protocol.sip.acc1.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=false
net.java.sip.communicator.impl.protocol.sip.acc1.SDES_CIPHER_SUITES=AES_CM_128_HMAC_SHA1_80,AES_CM_128_HMAC_SHA1_32
{{ end }}
net.java.sip.communicator.impl.protocol.sip.acc1.ACCOUNT_UID=SIP\:{{ .Env.JIGASI_SIP_URI }}
net.java.sip.communicator.impl.protocol.sip.acc1.PASSWORD={{ $JIGASI_SIP_PASSWORD | b64enc }}
net.java.sip.communicator.impl.protocol.sip.acc1.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1.SERVER_ADDRESS={{ .Env.JIGASI_SIP_SERVER }}
net.java.sip.communicator.impl.protocol.sip.acc1.USER_ID={{ .Env.JIGASI_SIP_URI }}
net.java.sip.communicator.impl.protocol.sip.acc1.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1.KEEP_ALIVE_METHOD={{ .Env.JIGASI_SIP_KEEP_ALIVE_METHOD | default "OPTIONS" }}
net.java.sip.communicator.impl.protocol.sip.acc1.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1.JITSI_MEET_ROOM_HEADER_NAME=X-Room-Name
net.java.sip.communicator.impl.protocol.sip.acc1.JITSI_MEET_DOMAIN_BASE_HEADER_NAME=X-Domain-Base
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.AMR-WB/16000=750
# Temporarily disable G722, see: https://github.com/jitsi/docker-jitsi-meet/issues/1357
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.G722/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1.DOMAIN_BASE={{ $XMPP_DOMAIN }}
{{ if .Env.ENABLE_AUTH | default "0" | toBool }}
{{ if .Env.ENABLE_GUESTS | default "0" | toBool }}
org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_GUEST_DOMAIN }}
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=true
{{ else }}
org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
{{ end }}
org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }}
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
{{ end }}
# forces sending presence on sip call hangup
net.java.sip.communicator.impl.protocol.jabber.FORCE_PRESENCE_ON_LEAVE=true
{{ if $USE_TRANSLATOR_IN_CONFERENCE }}
org.jitsi.jigasi.xmpp.acc.USE_TRANSLATOR_IN_CONFERENCE=true
net.java.sip.communicator.impl.protocol.sip.acc1.USE_TRANSLATOR_IN_CONFERENCE=true
# Should be enabled when using translator mode
net.java.sip.communicator.impl.neomedia.audioSystem.audiosilence.captureDevice_list=["AudioSilenceCaptureDevice:noTransferData"]
{{ end }}
{{ if $ENABLE_VISITORS -}}
org.jitsi.jigasi.ENABLE_SIP_VISITORS=true
{{ if .Env.JIGASI_VISITORS_QUEUE_SERVICE_URL -}}
org.jitsi.jigasi.VISITOR_QUEUE_SERVICE={{ .Env.JIGASI_VISITORS_QUEUE_SERVICE_URL }}
{{ end -}}
{{ if .Env.JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_PATH -}}
org.jitsi.jigasi.VISITOR_QUEUE_SERVICE_PRIVATE_KEY_PATH={{ .Env.JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_PATH }}
{{ end -}}
{{ if .Env.JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_ID -}}
org.jitsi.jigasi.VISITOR_QUEUE_SERVICE_PRIVATE_KEY_ID={{ .Env.JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_ID }}
{{ end -}}
{{ end -}}

71
jitsi/jigasi/rootfs/defaults/transcriber-sip-communicator.properties Normal file
View File

@@ -0,0 +1,71 @@
{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
{{ $JIGASI_TRANSCRIBER_FILTER_SILENCE := .Env.JIGASI_TRANSCRIBER_FILTER_SILENCE | default "0" | toBool -}}
{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}}
{{ $JIGASI_TRANSCRIBER_ENABLE_SAVING := .Env.JIGASI_TRANSCRIBER_ENABLE_SAVING | default "1" | toBool -}}
{{ $JIGASI_TRANSCRIBER_ENABLE_TRANSLATION := .Env.JIGASI_TRANSCRIBER_ENABLE_TRANSLATION | default "0" | toBool -}}
org.jitsi.jigasi.ENABLE_SIP=false
org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}
org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_TRANSCRIBER_PASSWORD }}
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
# Transcription config
org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
{{ if $JIGASI_TRANSCRIBER_ENABLE_TRANSLATION -}}
org.jitsi.jigasi.transcription.ENABLE_TRANSLATION=true
{{ end -}}
{{ if $JIGASI_TRANSCRIBER_ENABLE_SAVING -}}
org.jitsi.jigasi.transcription.DIRECTORY=/tmp/transcripts
org.jitsi.jigasi.transcription.BASE_URL={{ .Env.PUBLIC_URL }}/transcripts
org.jitsi.jigasi.transcription.jetty.port=-1
org.jitsi.jigasi.transcription.ADVERTISE_URL={{ .Env.JIGASI_TRANSCRIBER_ADVERTISE_URL | default "false"}}
org.jitsi.jigasi.transcription.SAVE_JSON=false
org.jitsi.jigasi.transcription.SAVE_TXT=true
{{ end -}}
org.jitsi.jigasi.transcription.SEND_JSON=true
org.jitsi.jigasi.transcription.SEND_TXT={{ .Env.JIGASI_TRANSCRIBER_SEND_TXT | default "false"}}
org.jitsi.jigasi.transcription.RECORD_AUDIO={{ .Env.JIGASI_TRANSCRIBER_RECORD_AUDIO | default "false"}}
org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav
{{ if .Env.JIGASI_TRANSCRIBER_CUSTOM_SERVICE -}}
org.jitsi.jigasi.transcription.customService={{ .Env.JIGASI_TRANSCRIBER_CUSTOM_SERVICE }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_CUSTOM_TRANSLATION_SERVICE -}}
org.jitsi.jigasi.transcription.translationService={{ .Env.JIGASI_TRANSCRIBER_CUSTOM_TRANSLATION_SERVICE }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_LIBRETRANSLATE_URL -}}
org.jitsi.jigasi.transcription.libreTranslate.api_url={{ .Env.JIGASI_TRANSCRIBER_LIBRETRANSLATE_URL }}
{{ end -}}
{{ if $JIGASI_TRANSCRIBER_FILTER_SILENCE -}}
org.jitsi.jigasi.transcription.FILTER_SILENCE = true
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL -}}
org.jitsi.jigasi.transcription.remoteTranscriptionConfigUrl={{ .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL }}
{{ if .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_KEY_PATH -}}
org.jitsi.jigasi.transcription.remoteTranscriptionConfigUrl.keyPath={{ .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_KEY_PATH }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_KEY_ID -}}
org.jitsi.jigasi.transcription.remoteTranscriptionConfigUrl.kid={{ .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_KEY_ID }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_AUD -}}
org.jitsi.jigasi.transcription.remoteTranscriptionConfigUrl.aud={{ .Env.JIGASI_TRANSCRIBER_REMOTE_CONFIG_URL_AUD }}
{{ end -}}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_OCI_REGION -}}
org.jitsi.jigasi.transcription.oci.websocketUrl=wss://realtime.aiservice.{{ .Env.JIGASI_TRANSCRIBER_OCI_REGION }}.oci.oraclecloud.com
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_OCI_COMPARTMENT -}}
org.jitsi.jigasi.transcription.oci.compartmentId={{ .Env.JIGASI_TRANSCRIBER_OCI_COMPARTMENT }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_WHISPER_URL -}}
org.jitsi.jigasi.transcription.whisper.websocket_url={{ .Env.JIGASI_TRANSCRIBER_WHISPER_URL }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY_NAME -}}
org.jitsi.jigasi.transcription.whisper.private_key_name={{ .Env.JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY_NAME }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY -}}
org.jitsi.jigasi.transcription.whisper.private_key={{ .Env.JIGASI_TRANSCRIBER_WHISPER_PRIVATE_KEY }}
{{ end -}}
{{ if .Env.JIGASI_TRANSCRIBER_VOSK_URL -}}
org.jitsi.jigasi.transcription.vosk.websocket_url={{ .Env.JIGASI_TRANSCRIBER_VOSK_URL }}
{{ end -}}

68
jitsi/jigasi/rootfs/defaults/xmpp-sip-communicator.properties Normal file
View File

@@ -0,0 +1,68 @@
{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}}
{{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}}
{{ $JIGASI_XMPP_PASSWORD := .Env.JIGASI_XMPP_PASSWORD | default "replaceme" -}}
{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER | compact -}}
# XMPP account used for control
{{ range $index, $element := $XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 3 $element }}
{{ $ID := $SERVER._2 | default $index }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}=acc-{{ $ID }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.ACCOUNT_UID=Jabber:{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}@{{ $ID }}
net.java.sip.communicator.plugin.reconnectplugin.ATLEAST_ONE_SUCCESSFUL_CONNECTION.Jabber\:{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_SERVER_OVERRIDDEN=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.SERVER_ADDRESS={{ $SERVER._0 }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.SERVER_PORT={{ $SERVER._1 | default $XMPP_PORT }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.ALLOW_NON_SECURE=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.PASSWORD={{ $JIGASI_XMPP_PASSWORD | b64enc }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.AUTO_GENERATE_RESOURCE=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.RESOURCE_PRIORITY=30
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.KEEP_ALIVE_METHOD=XEP-0199
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.KEEP_ALIVE_INTERVAL=20
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.CALLING_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.JINGLE_NODES_ENABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_CARBON_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.DEFAULT_ENCRYPTION=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_USE_ICE=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_ACCOUNT_DISABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_PREFERRED_PROTOCOL=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.AUTO_DISCOVER_JINGLE_NODES=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.PROTOCOL=Jabber
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_USE_UPNP=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IM_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.SERVER_STORED_INFO_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.IS_FILE_TRANSFER_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.USE_DEFAULT_STUN_SERVER=false
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.ENCRYPTION_PROTOCOL.DTLS-SRTP=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.VIDEO_CALLING_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.G722/8000=705
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.PCMA/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.PCMU/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.iLBC/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.opus/48000=750
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.Encodings.telephone-event/8000=0
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.BREWERY={{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}
net.java.sip.communicator.impl.protocol.jabber.acc-{{ $ID }}.DOMAIN_BASE={{ $PUBLIC_URL_DOMAIN }}
{{ end -}}
org.jitsi.jigasi.ALLOWED_JID={{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}

107
jitsi/jigasi/rootfs/etc/cont-init.d/10-config Normal file
View File

@@ -0,0 +1,107 @@
#!/usr/bin/with-contenv bash
export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jigasi | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
if [[ -z $JIGASI_XMPP_PASSWORD ]]; then
echo 'FATAL ERROR: Jigasi auth password must be set'
exit 1
fi
OLD_JIGASI_XMPP_PASSWORD=passw0rd
if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
exit 1
fi
[ -z "$JIGASI_MODE" ] && JIGASI_MODE="sip"
JIGASI_MODE="$(echo $JIGASI_MODE | tr '[:upper:]' '[:lower:]')"
if [[ "$JIGASI_MODE" == "transcriber" ]]; then
# set random jigasi nickname for the instance if is not set
[ -z "${JIGASI_INSTANCE_ID}" ] && export JIGASI_INSTANCE_ID="transcriber-$(date +%N)"
fi
# set random jigasi nickname for the instance if is not set
[ -z "${JIGASI_INSTANCE_ID}" ] && export JIGASI_INSTANCE_ID="jigasi-$(date +%N)"
# set stats id for the instance
[ -z "${JIGASI_STATS_ID}" ] && export JIGASI_STATS_ID="$JIGASI_INSTANCE_ID"
# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled
if [ -n "$AUTOSCALER_URL" ]; then
if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem"
fi
if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then
# assume key id is equal to the base real path of the key file minus .pem
export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')"
fi
if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
echo "AUTOSCALER_URL found, enabling autoscaler sidecar"
export JIGASI_VERSION="$(dpkg -s jigasi | grep Version | awk '{print $2}' | sed 's/..$//')"
[ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000"
[ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JIGASI_INSTANCE_ID"
[ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker"
[ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jigasi"
mkdir -p /etc/jitsi/autoscaler-sidecar
tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config
else
echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled"
fi
else
echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled"
fi
# maintain backward compatibility with older variable
[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
tpl /defaults/logging.properties > /config/logging.properties
tpl /defaults/sip-communicator.properties > /config/sip-communicator.properties
tpl /defaults/xmpp-sip-communicator.properties >> /config/sip-communicator.properties
if [[ "$JIGASI_MODE" == "sip" ]]; then
tpl /defaults/sipserver-sip-communicator.properties >> /config/sip-communicator.properties
elif [[ "$JIGASI_MODE" == "transcriber" ]]; then
tpl /defaults/transcriber-sip-communicator.properties >> /config/sip-communicator.properties
mkdir -pm777 /tmp/transcripts
chown jigasi:jitsi /tmp/transcripts
# Create Google Cloud Credentials
if [[ -z $GC_PROJECT_ID || -z $GC_PRIVATE_KEY_ID || -z $GC_PRIVATE_KEY || -z $GC_CLIENT_EMAIL || -z $GC_CLIENT_ID || -z $GC_CLIENT_CERT_URL ]]; then
echo 'Transcriptions: One or more gcloud environment variables are undefined, skipping gcloud credentials file /config/key.json'
else
jq -n \
--arg GC_PROJECT_ID "$GC_PROJECT_ID" \
--arg GC_PRIVATE_KEY_ID "$GC_PRIVATE_KEY_ID" \
--arg GC_PRIVATE_KEY "$GC_PRIVATE_KEY" \
--arg GC_CLIENT_EMAIL "$GC_CLIENT_EMAIL" \
--arg GC_CLIENT_ID "$GC_CLIENT_ID" \
--arg GC_CLIENT_CERT_URL "$GC_CLIENT_CERT_URL" \
'{
type: "service_account",
project_id: $GC_PROJECT_ID,
private_key_id: $GC_PRIVATE_KEY_ID,
private_key: $GC_PRIVATE_KEY,
client_email: $GC_CLIENT_EMAIL,
client_id: $GC_CLIENT_ID,
auth_uri: "https://accounts.google.com/o/oauth2/auth",
token_uri: "https://oauth2.googleapis.com/token",
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",
client_x509_cert_url: $GC_CLIENT_CERT_URL
}' \
> /config/key.json
fi
fi
if [[ -f /config/custom-sip-communicator.properties ]]; then
cat /config/custom-sip-communicator.properties >> /config/sip-communicator.properties
fi
if [[ -f /config/custom-logging.properties ]]; then
cat /config/custom-logging.properties >> /config/logging.properties
fi
chown jigasi /config -R

10
jitsi/jigasi/rootfs/etc/services.d/50-autoscaler-sidecar/run Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/with-contenv bash
if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
else
# if autoscaler-sidecar should not be started,
# prevent s6 from restarting this script again and again
s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
fi

9
jitsi/jigasi/rootfs/etc/services.d/jigasi/finish Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/with-contenv bash
# When the jigasi is shutdown (or gracefully shutdown), it exits with code 0.
# In this case, we don't want S6 to restart the service. We want to stop all
# services and shutdown the container.
if [[ $1 -eq 0 ]]; then
/opt/jitsi/shutdown.sh
fi

11
jitsi/jigasi/rootfs/etc/services.d/jigasi/run Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/with-contenv bash
JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties"
DAEMON=/usr/share/jigasi/jigasi.sh
DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=${JIGASI_PORT_MIN:-20000} --max-port=${JIGASI_PORT_MAX:-20050}"
JIGASI_CMD="JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
[ -n "$JIGASI_LOG_FILE" ] && JIGASI_CMD="$JIGASI_CMD 2>&1 | tee $JIGASI_LOG_FILE"
exec s6-setuidgid jigasi /bin/bash -c "$JIGASI_CMD"

11
jitsi/jigasi/rootfs/opt/jitsi/shutdown.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/with-contenv bash
if [ -n "$AUTOSCALER_URL" ]; then
# notify the sidecar of imminent shutdown
PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
curl -d '{}' -v 0:$PORT/hook/v1/shutdown
sleep 10
fi
# shutdown everything
s6-svscanctl -t /var/run/s6/services

3
jitsi/jigasi/rootfs/usr/local/bin/healthcheck.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
curl --fail-with-body http://127.0.0.1:8788/about/health

17
jitsi/jvb/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
ARG JITSI_REPO=jitsi
ARG BASE_TAG=latest
FROM ${JITSI_REPO}/base-java:${BASE_TAG}
LABEL org.opencontainers.image.title="Jitsi Videobridge (jvb)"
LABEL org.opencontainers.image.description="WebRTC compatible server designed to route video streams amongst participants in a conference."
LABEL org.opencontainers.image.url="https://jitsi.org/jitsi-videobridge/"
LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils libpcap0.8 && \
apt-cleanup
COPY rootfs/ /
VOLUME /config

Some files were not shown because too many files have changed in this diff Show More