more updates march

2026-03-01 17:38:47 +00:00
parent ceee62f62c
commit a085ba9714
810 changed files with 27066 additions and 6471 deletions
--- a/jitsi/jvb/Dockerfile
+++ b/jitsi/jvb/Dockerfile
@@ -0,0 +1,17 @@
+ARG JITSI_REPO=jitsi
+ARG BASE_TAG=latest
+FROM ${JITSI_REPO}/base-java:${BASE_TAG}
+
+LABEL org.opencontainers.image.title="Jitsi Videobridge (jvb)"
+LABEL org.opencontainers.image.description="WebRTC compatible server designed to route video streams amongst participants in a conference."
+LABEL org.opencontainers.image.url="https://jitsi.org/jitsi-videobridge/"
+LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
+LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
+
+RUN apt-dpkg-wrap apt-get update && \
+    apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils libpcap0.8 && \
+    apt-cleanup
+
+COPY rootfs/ /
+
+VOLUME /config
--- a/jitsi/jvb/rootfs/defaults/autoscaler-sidecar.config
+++ b/jitsi/jvb/rootfs/defaults/autoscaler-sidecar.config
@@ -0,0 +1,19 @@
+{{ $JVB_COLIBRI_PORT := .Env.JVB_COLIBRI_PORT | default "8080" -}}
+{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
+{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
+export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
+export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
+export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
+export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh"
+export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
+export ENABLE_REPORT_STATS=true
+export POLLING_URL="{{ .Env.AUTOSCALER_URL  }}/sidecar/poll"
+export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
+export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
+export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats"
+export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
+export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
+export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
+export INSTANCE_TYPE="JVB"
+export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
+export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","publicIp":"{{ .Env.JVB_ADVERTISE_IPS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'
--- a/jitsi/jvb/rootfs/defaults/jvb.conf
+++ b/jitsi/jvb/rootfs/defaults/jvb.conf
@@ -0,0 +1,175 @@
+{{ $COLIBRI_REST_ENABLED := .Env.COLIBRI_REST_ENABLED | default "false" | toBool -}}
+{{ $DISABLE_AWS_HARVESTER := .Env.DISABLE_AWS_HARVESTER | default "true" | toBool -}}
+{{ $DISABLE_XMPP := .Env.JVB_DISABLE_XMPP | default "0" | toBool -}}
+{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "0" | toBool -}}
+{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
+{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "1" | toBool -}}
+{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool }}
+{{ $JVB_DISABLE_STUN := .Env.JVB_DISABLE_STUN | default "0" | toBool -}}
+{{ $JVB_STUN_SERVERS := .Env.JVB_STUN_SERVERS | default "meet-jit-si-turnrelay.jitsi.net:443" -}}
+{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
+{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
+{{ $JVB_CC_TRUST_BWE := .Env.JVB_CC_TRUST_BWE | default "true" | toBool -}}
+{{ $JVB_MUC_NICKNAME := .Env.JVB_MUC_NICKNAME | default .Env.HOSTNAME -}}
+{{ $JVB_ADVERTISE_PRIVATE_CANDIDATES := .Env.JVB_ADVERTISE_PRIVATE_CANDIDATES | default "true" | toBool -}}
+{{ $JVB_ADVERTISE_IPS := .Env.JVB_ADVERTISE_IPS | default "" -}}
+{{ $JVB_IPS := splitList "," $JVB_ADVERTISE_IPS | compact -}}
+{{ $JVB_REQUIRE_VALID_ADDRESS := .Env.JVB_REQUIRE_VALID_ADDRESS | default "0" | toBool -}}
+{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
+{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
+{{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
+{{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
+{{ $JVB_XMPP_SERVERS := splitList "," $JVB_XMPP_SERVER | compact -}}
+{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
+{{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}}
+{{ $USE_USRSCTP := .Env.JVB_USE_USRSCTP | default "false" | toBool -}}
+{{ $WS_DOMAIN := .Env.JVB_WS_DOMAIN | default $PUBLIC_URL_DOMAIN -}}
+{{ $WS_SERVER_ID := .Env.JVB_WS_SERVER_ID | default .Env.JVB_WS_SERVER_ID_FALLBACK | default "default" -}}
+{{ $WS_TLS := .Env.JVB_WS_TLS | default "1" | toBool -}}
+{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
+{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
+{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
+{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
+{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER | compact -}}
+{{/* assign env from context, preserve during range when . is re-assigned */}}
+{{ $ENV := .Env -}}
+
+videobridge {
+    cc {
+        use-vla-target-bitrate = {{ .Env.ENABLE_VLA | default "0" | toBool }}
+        trust-bwe = {{ $JVB_CC_TRUST_BWE }}
+    }
+    ice {
+        udp {
+            port = {{ .Env.JVB_PORT | default 10000 }}
+        }
+        advertise-private-candidates = {{ $JVB_ADVERTISE_PRIVATE_CANDIDATES }}
+    }
+    apis {
+{{ if not $DISABLE_XMPP -}}
+        xmpp-client {
+            configs {
+{{ if $ENABLE_JVB_XMPP_SERVER }}
+{{ range $index, $element := $JVB_XMPP_SERVERS -}}
+{{ $SERVER := splitn ":" 2 $element }}
+                shard{{ $index }} {
+                    HOSTNAME = "{{ $SERVER._0 }}"
+                    PORT = "{{ $SERVER._1 | default $JVB_XMPP_PORT }}"
+                    DOMAIN = "{{ $JVB_XMPP_AUTH_DOMAIN }}"
+                    USERNAME = "{{ $JVB_AUTH_USER }}"
+                    PASSWORD = "{{ $ENV.JVB_AUTH_PASSWORD }}"
+                    MUC_JIDS = "{{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}"
+                    MUC_NICKNAME = "{{ $JVB_MUC_NICKNAME }}"
+                    DISABLE_CERTIFICATE_VERIFICATION = true
+                }
+{{ end -}}
+{{ else }}
+{{ range $index, $element := $XMPP_SERVERS -}}
+{{ $SERVER := splitn ":" 2 $element }}
+                shard{{ $index }} {
+                    HOSTNAME = "{{ $SERVER._0 }}"
+                    PORT = "{{ $SERVER._1 | default $XMPP_PORT }}"
+                    DOMAIN = "{{ $XMPP_AUTH_DOMAIN }}"
+                    USERNAME = "{{ $JVB_AUTH_USER }}"
+                    PASSWORD = "{{ $ENV.JVB_AUTH_PASSWORD }}"
+                    MUC_JIDS = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
+                    MUC_NICKNAME = "{{ $JVB_MUC_NICKNAME }}"
+                    DISABLE_CERTIFICATE_VERIFICATION = true
+                }
+{{ end -}}
+{{ end -}}
+            }
+        }
+{{ end -}}
+        rest {
+            enabled = {{ $COLIBRI_REST_ENABLED }}
+        }
+    }
+    rest {
+        shutdown {
+            enabled = {{ $SHUTDOWN_REST_ENABLED }}
+        }
+    }
+    sctp {
+      enabled = {{ $ENABLE_SCTP }}
+      use-usrsctp = {{ $USE_USRSCTP }}
+    }
+    stats {
+        enabled = true
+    }
+    websockets {
+        enabled = {{ $ENABLE_COLIBRI_WEBSOCKET }}
+        domain = "{{ $WS_DOMAIN }}"
+        tls = {{ $WS_TLS }}
+        server-id = "{{ $WS_SERVER_ID }}"
+    }
+    http-servers {
+        private {
+          host = 0.0.0.0
+          send-server-version = false
+        }
+        public {
+            host = 0.0.0.0
+            port = 9090
+            send-server-version = false
+        }
+    }
+    health {
+        require-valid-address = {{ $JVB_REQUIRE_VALID_ADDRESS }}
+    }
+
+    {{ if $ENABLE_OCTO -}}
+    relay {
+        enabled = true
+        region = "{{ .Env.JVB_OCTO_REGION | default "europe" }}"
+        relay-id = "{{ .Env.JVB_OCTO_RELAY_ID | default .Env.JVB_OCTO_BIND_ADDRESS }}"
+    }
+    {{ end -}}
+}
+
+jmt {
+    bwe {
+        estimator {
+            engine = "{{ .Env.BWE_ESTIMATOR_ENGINE | default "GoogleCc2" }}"
+        }
+    }
+}
+
+ice4j {
+    harvest {
+        mapping {
+            aws {
+                enabled = {{ not $DISABLE_AWS_HARVESTER }}
+            }
+            stun {
+{{ if not $JVB_DISABLE_STUN -}}
+                addresses = [ "{{ join "\",\"" (splitList "," $JVB_STUN_SERVERS) }}" ]
+{{ else -}}
+                enabled = false
+{{ end -}}
+            }
+            static-mappings = [
+{{ range $index, $element := $JVB_IPS -}}
+{{ if contains "#" $element -}}
+{{ $element_ip_port := splitn "#" 2 $element -}}
+                {
+                    local-address = "{{ $ENV.LOCAL_ADDRESS }}"
+                    public-address = "{{ $element_ip_port._0 }}"
+                    local-port = {{ $ENV.JVB_PORT | default 10000 }}
+                    public-port = {{ $element_ip_port._1 }}
+                    name = "ip-{{ $index }}"
+                },
+{{ else -}}
+                {
+                    local-address = "{{ $ENV.LOCAL_ADDRESS }}"
+                    public-address = "{{ $element }}"
+                    name = "ip-{{ $index }}"
+                },
+{{ end -}}
+{{ end -}}
+            ]
+        }
+    }
+}
+
+include "custom-jvb.conf"
--- a/jitsi/jvb/rootfs/defaults/logging.properties
+++ b/jitsi/jvb/rootfs/defaults/logging.properties
@@ -0,0 +1,12 @@
+{{ if .Env.SENTRY_DSN | toBool }}
+handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
+{{ else }}
+handlers= java.util.logging.ConsoleHandler
+{{ end }}
+
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
+org.jitsi.utils.logging2.JitsiLogFormatter.programname=JVB
+
+.level=INFO
+io.sentry.jul.SentryHandler.level=WARNING
--- a/jitsi/jvb/rootfs/etc/cont-init.d/10-config
+++ b/jitsi/jvb/rootfs/etc/cont-init.d/10-config
@@ -0,0 +1,76 @@
+#!/usr/bin/with-contenv bash
+
+if [[ -z $JVB_DISABLE_XMPP ]]; then
+    if [[ -z $JVB_AUTH_PASSWORD ]]; then
+        echo 'FATAL ERROR: JVB auth password must be set'
+        exit 1
+    fi
+
+    OLD_JVB_AUTH_PASSWORD=passw0rd
+    if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
+        echo 'FATAL ERROR: JVB auth password must be changed, check the README'
+        exit 1
+    fi
+
+    [ -z "${XMPP_SERVER}" ] && export XMPP_SERVER=xmpp.meet.jitsi
+
+    # On environments like Swarm the IP address used by the default gateway need not be
+    # the one used for inter-container traffic. Use that one for our fallback ID.
+    XMPP_SERVER_IP=$(dig +short +search ${XMPP_SERVER})
+    export JVB_WS_SERVER_ID_FALLBACK=$(ip route get ${XMPP_SERVER_IP} | grep -oP '(?<=src ).*' | awk '{ print $1 '})
+fi
+
+# Migration from DOCKER_HOST_ADDRESS to JVB_ADVERTISE_IPS
+if [[ -z "${JVB_ADVERTISE_IPS}" ]]; then
+    if [[ ! -z "${DOCKER_HOST_ADDRESS}" ]]; then
+        echo "WARNING: DOCKER_HOST_ADDRESS is deprecated, migrate to JVB_ADVERTISE_IPS"
+        export JVB_ADVERTISE_IPS=${DOCKER_HOST_ADDRESS}
+    fi
+fi
+
+# Local IP for the ice4j mapping harvester.
+export LOCAL_ADDRESS=$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1 '})
+
+export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jitsi-videobridge2 | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
+
+if [[ -f /config/custom-sip-communicator.properties ]]; then
+    cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties
+fi
+
+# set random jvb nickname for the instance if is not set
+[ -z "${JVB_INSTANCE_ID}" ] && export JVB_INSTANCE_ID="jvb-$(date +%N)"
+
+# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled
+if [ -n "$AUTOSCALER_URL" ]; then
+    if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
+        export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem"
+    fi
+    if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then
+        # assume key id is equal to the base real path of the key file minus .pem
+        export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')"
+    fi
+
+    if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then
+        echo "AUTOSCALER_URL found, enabling autoscaler sidecar"
+
+        export JVB_VERSION="$(dpkg -s jitsi-videobridge2 | grep Version | awk '{print $2}' | sed 's/..$//')"
+
+        [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000"
+        [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook"
+        [ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JVB_INSTANCE_ID"
+        [ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker"
+        [ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jvb"
+
+        mkdir -p /etc/jitsi/autoscaler-sidecar
+        tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config
+    else
+        echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled"
+    fi
+else
+    echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled"
+fi
+
+tpl /defaults/logging.properties > /config/logging.properties
+tpl /defaults/jvb.conf > /config/jvb.conf
+
+chown -R jvb:jitsi /config
--- a/jitsi/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run
+++ b/jitsi/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run
@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
+    DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
+    exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
+else
+    # if autoscaler-sidecar should not be started,
+    # prevent s6 from restarting this script again and again
+    s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
+fi
--- a/jitsi/jvb/rootfs/etc/services.d/jvb/finish
+++ b/jitsi/jvb/rootfs/etc/services.d/jvb/finish
@@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv bash
+
+# When the jvb is shutdown (or gracefully shutdown), it exits with code 0.
+# In this case, we don't want S6 to restart the service. We want to stop all
+# services and shutdown the container.
+
+if [[ $1 -eq 0 ]]; then
+  /opt/jitsi/shutdown.sh
+fi
--- a/jitsi/jvb/rootfs/etc/services.d/jvb/run
+++ b/jitsi/jvb/rootfs/etc/services.d/jvb/run
@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+export JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jvb.conf"
+
+DAEMON=/usr/share/jitsi-videobridge/jvb.sh
+
+JVB_CMD="exec $DAEMON"
+[ -n "$JVB_LOG_FILE" ] && JVB_CMD="$JVB_CMD 2>&1 | tee $JVB_LOG_FILE"
+
+exec s6-setuidgid jvb /bin/bash -c "$JVB_CMD"
--- a/jitsi/jvb/rootfs/opt/jitsi/shutdown.sh
+++ b/jitsi/jvb/rootfs/opt/jitsi/shutdown.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bash
+
+if [ -n "$AUTOSCALER_URL" ]; then
+    # notify the sidecar of imminent shutdown
+    PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
+    curl -d '{}' -v 0:$PORT/hook/v1/shutdown
+    sleep 10
+fi
+
+# shutdown everything
+s6-svscanctl -t /var/run/s6/services
--- a/jitsi/jvb/rootfs/usr/local/bin/healthcheck.sh
+++ b/jitsi/jvb/rootfs/usr/local/bin/healthcheck.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+curl --fail-with-body http://127.0.0.1:8080/about/health