mirror of
https://github.com/luzifer-docker/jitsi.git
synced 2024-12-29 22:11:23 +00:00
Initial version
This commit is contained in:
commit
c11d15be47
11 changed files with 292 additions and 0 deletions
27
Dockerfile
Normal file
27
Dockerfile
Normal file
|
@ -0,0 +1,27 @@
|
|||
FROM debian:stable
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive \
|
||||
GOSU_VERSION=1.11 \
|
||||
KORVIKE_VERSION=v0.6.1 \
|
||||
S6_VERSION=v1.21.8.0 \
|
||||
TERM=xterm
|
||||
|
||||
COPY build.sh /usr/local/bin/
|
||||
|
||||
RUN set -ex \
|
||||
&& bash /usr/local/bin/build.sh
|
||||
|
||||
# Add config templates
|
||||
COPY config/* /usr/local/share/jitsi-config/
|
||||
|
||||
# Add S6 start files
|
||||
COPY setup.sh /etc/cont-init.d/
|
||||
COPY services /etc/services.d
|
||||
|
||||
# Application expose
|
||||
EXPOSE 80/tcp
|
||||
|
||||
# Hopefully has some sense?
|
||||
EXPOSE 10000/udp 10001/udp 10002/udp 10003/udp 10004/udp 10005/udp 10006/udp 10007/udp 10008/udp 10009/udp 10010/udp
|
||||
|
||||
ENTRYPOINT ["/init"]
|
61
build.sh
Executable file
61
build.sh
Executable file
|
@ -0,0 +1,61 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
packages_build=(
|
||||
curl
|
||||
gnupg
|
||||
)
|
||||
|
||||
packages_install=(
|
||||
jitsi-meet
|
||||
)
|
||||
|
||||
no_postinst_pkgs=(
|
||||
jitsi-meet-prosody # Executes some certificate generator on wrong hostname
|
||||
jitsi-meet-web-config # Executes another cert generator
|
||||
)
|
||||
|
||||
# Install packages required for build
|
||||
apt-get update
|
||||
apt-get install -yq "${packages_build[@]}"
|
||||
|
||||
# Add Jitsi install repo
|
||||
echo "deb https://download.jitsi.org stable/" >>/etc/apt/sources.list.d/jitsi.list
|
||||
curl -sSfL "https://download.jitsi.org/jitsi-key.gpg.key" | apt-key add -
|
||||
apt-get update
|
||||
|
||||
# Install jitsi-meet without triggering postinst which breaks in Docker build
|
||||
pushd /tmp
|
||||
for pkg in "${no_postinst_pkgs[@]}"; do
|
||||
# Get and unpack package
|
||||
apt-get download ${pkg}
|
||||
dpkg --unpack ${pkg}*.deb
|
||||
|
||||
# Remove postinst file in case it exists
|
||||
rm -f /var/lib/dpkg/info/${pkg}.postinst
|
||||
|
||||
# Install package
|
||||
dpkg --configure ${pkg} || apt-get install -yqf #To fix dependencies
|
||||
done
|
||||
popd
|
||||
|
||||
apt-get install -yq "${packages_install[@]}"
|
||||
|
||||
# Install korvike in the container
|
||||
curl -sSfL "https://github.com/Luzifer/korvike/releases/download/${KORVIKE_VERSION}/korvike_linux_amd64.tar.gz" |
|
||||
tar -xzf - -C /usr/local/bin
|
||||
mv /usr/local/bin/korvike_linux_amd64 /usr/local/bin/korvike
|
||||
|
||||
# Install gosu
|
||||
curl -sSfLo /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64"
|
||||
chmod 0755 /usr/local/bin/gosu
|
||||
|
||||
# Install S6 overlay
|
||||
curl -sSfL "https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz" |
|
||||
tar -xzf - -C /
|
||||
|
||||
# Cleanup
|
||||
apt-get remove -yq --purge "${packages_build[@]}"
|
||||
apt-get autoremove -yq --purge
|
||||
apt-get clean
|
||||
rm -rf /var/lib/apt/lists/* || true
|
9
config/jitsi-meet.js
Normal file
9
config/jitsi-meet.js
Normal file
|
@ -0,0 +1,9 @@
|
|||
var config = {
|
||||
hosts: {
|
||||
domain: '{{ env `JITSI_DOMAIN` }}',
|
||||
muc: 'conference.{{ env `JITSI_DOMAIN` }}',
|
||||
bridge: 'jitsi-videobridge.{{ env `JITSI_DOMAIN` }}',
|
||||
},
|
||||
useNicks: false,
|
||||
bosh: '//{{ env `JITSI_DOMAIN` }}/http-bind',
|
||||
};
|
73
config/nginx.conf
Normal file
73
config/nginx.conf
Normal file
|
@ -0,0 +1,73 @@
|
|||
user www-data;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
tcp_nodelay on;
|
||||
|
||||
tcp_nopush on;
|
||||
types_hash_max_size 2048;
|
||||
server_names_hash_bucket_size 64;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
||||
server_name localhost;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
ssi on;
|
||||
index index.html index.htm;
|
||||
error_page 404 /static/404.html;
|
||||
|
||||
location = /config.js {
|
||||
alias /etc/jitsi/meet/config.js;
|
||||
}
|
||||
|
||||
location = /external_api.js {
|
||||
alias /usr/share/jitsi-meet/libs/external_api.min.js;
|
||||
}
|
||||
|
||||
#ensure all static content can always be found first
|
||||
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
alias /usr/share/jitsi-meet/$1/$2;
|
||||
}
|
||||
|
||||
# BOSH
|
||||
location = /http-bind {
|
||||
proxy_pass http://localhost:5280/http-bind;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location ~ ^/([^/?&:'"]+)$ {
|
||||
try_files $uri @root_path;
|
||||
}
|
||||
|
||||
location @root_path {
|
||||
rewrite ^/(.*)$ / break;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
32
config/prosody.cfg.lua
Normal file
32
config/prosody.cfg.lua
Normal file
|
@ -0,0 +1,32 @@
|
|||
VirtualHost "{{ env `JITSI_DOMAIN` }}"
|
||||
authentication = "anonymous"
|
||||
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/{{ env `JITSI_DOMAIN` }}.key";
|
||||
certificate = "/var/lib/prosody/{{ env `JITSI_DOMAIN` }}.crt";
|
||||
}
|
||||
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
}
|
||||
|
||||
c2s_require_encryption = false
|
||||
|
||||
VirtualHost "auth.{{ env `JITSI_DOMAIN` }}"
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/auth.{{ env `JITSI_DOMAIN` }}.key";
|
||||
certificate = "/var/lib/prosody/auth.{{ env `JITSI_DOMAIN` }}.crt";
|
||||
}
|
||||
|
||||
authentication = "internal_plain"
|
||||
|
||||
admins = { "focus@auth.{{ env `JITSI_DOMAIN` }}" }
|
||||
|
||||
Component "conference.{{ env `JITSI_DOMAIN` }}" "muc"
|
||||
|
||||
Component "jitsi-videobridge.{{ env `JITSI_DOMAIN` }}"
|
||||
component_secret = "{{ env `JITSI_VBR_SECRET` }}"
|
||||
|
||||
Component "focus.{{ env `JITSI_DOMAIN` }}"
|
||||
component_secret = "{{ env `JITSI_JICOFO_SECRET` }}"
|
12
config/startenv
Normal file
12
config/startenv
Normal file
|
@ -0,0 +1,12 @@
|
|||
JICOFO_HOST=localhost
|
||||
JICOFO_HOSTNAME={{ env `JITSI_DOMAIN` }}
|
||||
JICOFO_SECRET={{ env `JITSI_JICOFO_SECRET` }}
|
||||
JICOFO_AUTH_USER=focus
|
||||
JICOFO_AUTH_DOMAIN=auth.{{ env `JITSI_DOMAIN` }}
|
||||
JICOFO_AUTH_PASSWORD={{ env `JITSI_ADMIN_SECRET` }}
|
||||
|
||||
|
||||
JVB_HOST=localhost
|
||||
JVB_HOSTNAME={{ env `JITSI_DOMAIN` }}
|
||||
JVB_PORT=5347
|
||||
JVB_SECRET={{ env `JITSI_VBR_SECRET` }}
|
12
services/jicofo/run
Executable file
12
services/jicofo/run
Executable file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
[ -f /etc/jitsi-env.conf ] && source /etc/jitsi-env.conf
|
||||
|
||||
exec /usr/local/bin/gosu jicofo /usr/share/jicofo/jicofo.sh \
|
||||
--host=$JICOFO_HOST \
|
||||
--domain=$JICOFO_HOSTNAME \
|
||||
--secret=$JICOFO_SECRET \
|
||||
--user_name=$JICOFO_AUTH_USER \
|
||||
--user_domain=$JICOFO_AUTH_DOMAIN \
|
||||
--user_password=$JICOFO_AUTH_PASSWORD
|
2
services/nginx/run
Executable file
2
services/nginx/run
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/usr/bin/execlineb -P
|
||||
nginx -g "daemon off;"
|
12
services/prosody/run
Executable file
12
services/prosody/run
Executable file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
DAEMON=/usr/bin/prosody
|
||||
PIDPATH=/run/prosody
|
||||
PIDFILE="$PIDPATH"/prosody.pid
|
||||
USER=prosody
|
||||
|
||||
mkdir -p "$(dirname $PIDFILE)"
|
||||
chown prosody:adm "$(dirname $PIDFILE)"
|
||||
|
||||
exec /usr/local/bin/gosu prosody /usr/bin/prosody
|
10
services/videobridge/run
Executable file
10
services/videobridge/run
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
[ -f /etc/jitsi-env.conf ] && source /etc/jitsi-env.conf
|
||||
|
||||
exec /usr/local/bin/gosu jvb /usr/share/jitsi-videobridge/jvb.sh \
|
||||
--host=$JVB_HOST \
|
||||
--domain=$JVB_HOSTNAME \
|
||||
--port=$JVB_PORT \
|
||||
--secret=$JVB_SECRET
|
42
setup.sh
Normal file
42
setup.sh
Normal file
|
@ -0,0 +1,42 @@
|
|||
#!/usr/bin/with-contenv /bin/bash
|
||||
set -euxo pipefail
|
||||
|
||||
cfg_file_path="/usr/local/share/jitsi-config"
|
||||
|
||||
[ -n "${JITSI_DOMAIN:-}" ] || {
|
||||
echo "Missing JITSI_DOMAIN env variable" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Generate internal passwords
|
||||
export JITSI_VBR_SECRET=$(openssl rand -hex 20)
|
||||
export JITSI_JICOFO_SECRET=$(openssl rand -hex 20)
|
||||
export JITSI_ADMIN_SECRET=$(openssl rand -hex 20)
|
||||
|
||||
# Generate configuration files
|
||||
korvike \
|
||||
-i "${cfg_file_path}/jitsi-meet.js" \
|
||||
-o "/etc/jitsi/meet/config.js"
|
||||
|
||||
korvike \
|
||||
-i "${cfg_file_path}/prosody.cfg.lua" \
|
||||
-o "/etc/prosody/conf.d/${JITSI_DOMAIN}.cfg.lua"
|
||||
|
||||
korvike \
|
||||
-i "${cfg_file_path}/nginx.conf" \
|
||||
-o "/etc/nginx/nginx.conf"
|
||||
|
||||
korvike \
|
||||
-i "${cfg_file_path}/startenv" \
|
||||
-o "/etc/jitsi-env.conf"
|
||||
|
||||
# Generate certificates
|
||||
echo | prosodyctl cert generate "${JITSI_DOMAIN}"
|
||||
echo | prosodyctl cert generate "auth.${JITSI_DOMAIN}"
|
||||
|
||||
# Trust generated certificate
|
||||
ln -sf /var/lib/prosody/auth.${JITSI_DOMAIN}.crt /usr/local/share/ca-certificates/auth.${JITSI_DOMAIN}.crt
|
||||
update-ca-certificates -f
|
||||
|
||||
# Generate user for admin
|
||||
prosodyctl register focus "auth.${JITSI_DOMAIN}" "${JITSI_ADMIN_SECRET}"
|
Loading…
Reference in a new issue