Vadym/OVHserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: добавлен BigBlueButton для проведения workshops

Browse source 
- Установлен BigBlueButton с Greenlight v3 frontend
- Настроен SMTP через Microsoft 365 Relay (aiimpress-com0e.mail.protection.outlook.com:25)
- Email отправка работает: noreply@ai-impress.com
- Доступ: https://bbb.ai-impress.com
- Настроена интеграция с Traefik для SSL
- Включены: запись вебинаров (90 дней), webhooks для n8n, Prometheus экспорт
- Локаль: русский язык (ru-RU)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
SamoilenkoVadym 2025-11-08 21:13:40 +00:00
parent d1ebf0e042
commit 256cdc2a04
117 changed files with 6037 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
opt/02-core/bigbluebutton/.gitignore vendored Normal file
View file

@ -0,0 +1,26 @@
docker-compose.yml
docker-compose.override.yml
# IDEA generated
.idea
# OS generated
.DS_Store
.AppleDouble
# Tmp files
*.swp
*.log
# App generated
.env
.env.bak
postgres-data
greenlight-data
.cache/*/**
!.cache/*/.gitkeep
data/*
!data/.gitkeep
conf/bbb-html5.yml

27
opt/02-core/bigbluebutton/.gitmodules vendored Normal file
View file

@ -0,0 +1,27 @@
[submodule "repos/bbb-etherpad-skin"]
path = repos/bbb-etherpad-skin
url = https://github.com/alangecker/bbb-etherpad-skin
[submodule "repos/bbb-etherpad-plugin"]
path = repos/bbb-etherpad-plugin
url = https://github.com/alangecker/bbb-etherpad-plugin
[submodule "repos/bbb-webhooks"]
path = repos/bbb-webhooks
url = https://github.com/bigbluebutton/bbb-webhooks
[submodule "repos/bbb-playback"]
path = repos/bbb-playback
url = https://github.com/bigbluebutton/bbb-playback
[submodule "repos/freeswitch"]
path = repos/freeswitch
url = https://github.com/signalwire/freeswitch.git
[submodule "repos/bigbluebutton"]
path = repos/bigbluebutton
url = https://github.com/bigbluebutton/bigbluebutton.git
[submodule "repos/bbb-webrtc-sfu"]
path = repos/bbb-webrtc-sfu
url = https://github.com/bigbluebutton/bbb-webrtc-sfu.git
[submodule "repos/bbb-pads"]
path = repos/bbb-pads
url = https://github.com/bigbluebutton/bbb-pads.git
[submodule "repos/bbb-webrtc-recorder"]
path = repos/bbb-webrtc-recorder
url = https://github.com/bigbluebutton/bbb-webrtc-recorder.git

140
opt/02-core/bigbluebutton/CHANGELOG.md Normal file
View file

@ -0,0 +1,140 @@
# Changelog
## Unreleased
## Release v3.0.4 (2025-03-27)
- update to 3.0.4 @tibroc [#347](https://github.com/bigbluebutton/docker/pull/347
- fix not accepting length of dial in / voiceBridge numbers @alangecker
- upgrade: migrate postgres & greenlight data @alangecker
## Release v3.0.1 (2025-03-11)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- :tada: **BigBlueButton 3.0** [#313](https://github.com/bigbluebutton/docker/pull/313)
## Release v2.7.3 (2023-12-08)
**Breaking change!** make sure to read the [upgrading notes](https://github.com/bigbluebutton/docker/blob/develop/docs/upgrading.md)
- BigBlueButton 2.7.3 @alangecker [#304](https://github.com/bigbluebutton/docker/pull/304)
- use local sources instead of pulling inside container @alangecker [#307](https://github.com/bigbluebutton/docker/pull/307)
- BigBlueButton 2.7.0 @alangecker [#291](https://github.com/bigbluebutton/docker/pull/291)
- Update to ComposeV2 @leonidas-o [#271](https://github.com/bigbluebutton/docker/pull/271)
- recordings: fix for missing `SHARED_SECRET` @ichdasich [#274](https://github.com/bigbluebutton/docker/issues/274) [#268](https://github.com/bigbluebutton/docker/issues/268)
- Add RESOLVER_ADDRESS to env for docker-nginx-auto-ssl @pkolmann [#277](https://github.com/bigbluebutton/docker/pull/277)
- Fix learning-dashboard @yanus [#262](https://github.com/bigbluebutton/docker/pull/262)
## Release v2.6.0-2 (2023-04-04)
- hotfix for broken freeswitch container due to enabled compresion with max file count == 1 [#260](https://github.com/bigbluebutton/docker/issues/260)
## Release v2.6.0 (2023-04-03)
- **Breaking change:** Greenlight v3 (see [upgrade note](docs/upgrading.md) @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255)
- BigBlueButton v2.6 @alangecker [#255](https://github.com/bigbluebutton/docker/pull/255)
- Set client_max_body_size for greenlight @nr23730 [#252](https://github.com/bigbluebutton/docker/pull/252)
- self building freeswitch (applying patches and independent from external apt repos) @alangecker
- reduce amount of logs with senstivie data @alangecker
## Release v2.5.8 (2022-11-06)
- BBB 2.5.8 @alangecker [#238](https://github.com/bigbluebutton/docker/pull/238)
- recordings: fix for missing ffmpeg filter @alangecker [#235](https://github.com/bigbluebutton/docker/issues/235) [#230](https://github.com/bigbluebutton/docker/pull/230)
## Release v2.5.0 (2022-06-10)
- BigBlueButton v2.5 @alangecker [#207](https://github.com/bigbluebutton/docker/pull/207)
- central `tags.env` file with the tag names of most BBB components @alangecker
- Usage of [official docker build images](https://gitlab.senfcall.de/senfcall-public/docker-bbb-build) for building @alangecker
- publish docker images @alangecker [#174](https://github.com/bigbluebutton/docker/issues/174)
- etherpad: enforce bbb-pads session handling @pedrobmarin [#211](https://github.com/bigbluebutton/docker/pull/211)
- etherpad: avoid icons overlapping @pedrobmarin [#210](https://github.com/bigbluebutton/docker/pull/210)
- fix recordings which include presentation polls @lightweight [#205](https://github.com/bigbluebutton/docker/pull/205)
## Release v2.4.5 (2022-03-24)
- Applied BBB v2.4.5 changes @alangecker
- New mute & unmute sounds by senfcall
- Update etherpad @pedrobmarin [#202](https://github.com/bigbluebutton/docker/pull/202)
- Use own freeswitch mirror instead of the official login-only one @alangecker [#203](https://github.com/bigbluebutton/docker/issues/203)
- Ignore docker-compose.override.yml @dorianim [#183](https://github.com/bigbluebutton/docker/pull/183)
## Release v2.4.4 (2022-02-23)
- Applied v2.4.4 changes @alangecker [#195](https://github.com/bigbluebutton/docker/pull/195)
- Update Russian sound announcement examples @lexuzieel [#196](https://github.com/bigbluebutton/docker/pull/196)
- fix for presentation slides not displayed if they contain type 3 fonts @rottaran [#191](https://github.com/bigbluebutton/docker/pull/191)
## Release v2.4.0 (2021-12-29)
- BigBlueButton v2.4 @alangecker [#159](https://github.com/bigbluebutton/docker/pull/159)
- **Breaking change:** change nginx port from `8080` to `48087`. see [upgrade note](docs/upgrading.md) @alangeker [#133](https://github.com/bigbluebutton/docker/issues/133)
- Enable optimization for Prometheus Exporter when recording is enabled @omidmaldar [#161](https://github.com/bigbluebutton/docker/pull/161)
- Automatically remove old recordings after N days @omidmaldar [#162](https://github.com/bigbluebutton/docker/pull/162)
## Release v2.3.14-1 (2021-10-06)
- Applied changes v2.3.5-v2.3.14 @alangecker
- updated wget to not use proxies [#143](https://github.com/bigbluebutton/docker/pull/143) @mghadam
- fixed sed delimiter for CERTPATH and KEYPATH [#144](https://github.com/bigbluebutton/docker/pull/144) @mghadam
- https_proxy: fix setting of ALLOWED_DOMAINS [#145](https://github.com/bigbluebutton/docker/pull/145) @clandmeter
- coturn: expose ENABLE_HTTPS_PROXY env variable [#146](https://github.com/bigbluebutton/docker/pull/146) [#156](https://github.com/bigbluebutton/docker/pull/156) @clandmeter @omidmaldar
## Release v2.3.4-1 (2021-06-22) #131
- Applied v2.3.4 changes [#130](https://github.com/bigbluebutton/docker/pull/130) @alangecker
- Reintegrate turn with default ports and support for external certificates [#126](https://github.com/bigbluebutton/docker/pull/126) @cjhille
- Fix freeswitch package names for languages with uppercase characters in the path [#119](https://github.com/bigbluebutton/docker/pull/119) @lexuzieel
- Exclude CLIENT_TITLE when generating compose file [#118](https://github.com/bigbluebutton/docker/pull/118) @bb
- Fix for preuploaded presentations not working [#116](https://github.com/bigbluebutton/docker/pull/116) @manfred-w
- Add POSTGRESQL_SECRET as environement variable [#111](https://github.com/bigbluebutton/docker/pull/111) @caminsha
## Release v2.3.0
- :tada: **BigBlueButton 2.3** including all its changes
- Template based generation of docker-compose.yml [2.2.x#71](https://github.com/alangecker/bigbluebutton-docker/pull/71) [2.2.x#42](https://github.com/alangecker/bigbluebutton-docker/issues/42) @trickert76 @alangecker
- Removal of `core` and all dependencies on the bigbluebutton ubuntu repository. Seperate container for `bbb-web`, `fsesl-akka` and `apps-akka` [2.2.x#26](https://github.com/alangecker/bigbluebutton-docker/issues/26) @alangecker
- Fix recordings for Moodle BBB plugin: [2.2.x#110](https://github.com/alangecker/bigbluebutton-docker/pull/110) @danjesus
- Fixed recordings container restart setting [2.2.x#109](https://github.com/alangecker/bigbluebutton-docker/pull/109) @manfred-w
- Option for freeswitch language [2.2.x#85](https://github.com/alangecker/bigbluebutton-docker/pull/85) @alangecker @Daedalus3
- Disabled integrated coturn [#73](https://github.com/bigbluebutton/docker/issues/73)
## Release v2.2.31-1 (2020-12-23) #84
- Applied v2.2.31 changes @alangecker
- Fix when presentation after recording unable to delete and change access rights #82 #63 @cardinalit
- Enable cameraQualityThresholds by default
## Release v2.2.30-1 (2020-12-01) #79
- Applied v2.2.30 changes @alangecker
- Applied v2.2.29 changes @alangecker
- Fix bug due to unnecessary port forward #81 @trickert76 @alangecker
## Release v2.2.28-1 (2020-10-22) #67
- Applied v2.2.28 changes @alangecker
- Etherpad skin & plugin #69 @alangecker
- Updated `development.md` docs (example config & note about issue #66) @alangecker
- Allow setting the breakout room limit @alangecker
## Release v2.2.27-2 (2020-10-16)
- Increase proxy timeout to avoid aborting websocket connections @alangecker
- Added a changelog
## Release v2.2.27-1 (2020-10-14)
- Applied BBB v2.2.27 changes https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.2.27 @alangecker
- Upgrade docker base images (etherpad and bigbluebutton-exporter) @alangecker
## Release v2.2.26-1 (2020-09-29)
- Applied changes from BBB v2.2.24 to v2.2.26 #58 #60 @alangecker
## Release v2.2.23-1 (2020-09-06)
- :tada: Recording #16 by @artemtech and @alangecker
- v2.2.23 changes by @alangecker
- sip_profile extension field #54 by @yksflip
- Remove greenlight container name #49 by @alangecker
## Hotfix (2020-08-15)
- Allow imagemagick to convert to pdf/svg #51 #52 @alangecker
## Release v2.2.22-1 (2020-08-12) #50
- v2.2.22 changes by @alangecker
- Disable freeswitch logfiles inside containers
## Release v2.2.21-1 (2020-7-18)
- Changes for v2.2.21 #44 @alangecker
- expose more BBB settings in .env file #34 @cjhille
- IPv6 Support #32 @alangecker
- Development Mode & Instructions #39 @alangecker
- Prometheus Exporter Integration #40 @alangecker

165
opt/02-core/bigbluebutton/LICENSE Normal file
View file

@ -0,0 +1,165 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.

82
opt/02-core/bigbluebutton/README.md Normal file
View file

@ -0,0 +1,82 @@
<img width="1012" alt="bbb-docker-banner" src="https://user-images.githubusercontent.com/1273169/141153216-0386cd4e-0aaf-473a-8f42-a048e52ed0d7.png">
# 📦 BigBlueButton 3.0 Docker
Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
## Features
- Easy installation
- Greenlight included
- TURN server included
- Fully automated HTTPS certificates
- Full IPv6 support
- Runs on any major linux distributon (Debian, Ubuntu, CentOS,...)
## currently missing / broken
- NAT support
- bbb-transcription-controller
- livekit
## Requirements
- 4GB of RAM
- Linux (it will not work under Windows/WSL)
- Root access (bbb-docker uses host networking, so it won't work with Kubernetes, any "CaaS"-Service, etc.)
- Public IPv4 (expect issues with a firewall / NAT)
- firewall allows internal networking (e.g. for ufw: `ufw allow 10.7.7.0/24`)
- git installed
## Install production server
1. Ensure the requirements above are fulfilled (it really doesn't work without them)
2. Install docker-ce & docker-compose-plugin
1. follow instructions
* Debian: https://docs.docker.com/engine/install/debian/
* CentOS: https://docs.docker.com/engine/install/centos/
* Fedora: https://docs.docker.com/engine/install/fedora/
* Ubuntu: https://docs.docker.com/engine/install/ubuntu/
2. Ensure docker works with `$ docker run hello-world`
3. Ensure you use a docker version ≥ 23.0 : `$ docker --version`
3. Clone this repository
```sh
$ git clone https://github.com/bigbluebutton/docker.git bbb-docker
$ cd bbb-docker
# optional: use the more stable main branch (often much older)
$ git checkout main
```
4. Run setup:
```bash
$ ./scripts/setup
```
5. (optional) Make additional configuration adjustments
```bash
$ nano .env
# always recreate the docker-compose.yml file after making any changes
$ ./scripts/generate-compose
```
6. Start containers:
```bash
$ docker compose up -d --no-build
```
7. If you use greenlight, you can create an admin account with:
```bash
$ docker compose exec greenlight bundle exec rake admin:create
```
## Development setup
1. Clone this repository
```sh
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
```
2. Start dev server
```sh
$ cd bbb-dev
$ ./scripts/dev
```
3. Use API Mate with the link presented in the console to create & join a conference
## Further How-To's
<!-- - [Running behind NAT](docs/behind-nat.md) -->
- [Integration into an existing web server](docs/existing-web-server.md)

4
opt/02-core/bigbluebutton/conf/.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
*/*
!.gitkeep
!example.xml
*.pdf

0
opt/02-core/bigbluebutton/conf/sip_profiles/.gitkeep Normal file
View file

12
opt/02-core/bigbluebutton/conf/sip_profiles/example.xml Normal file
View file

@ -0,0 +1,12 @@
<!-- All Options: https://freeswitch.org/confluence/display/FREESWITCH/Gateways+Configuration -->
<!--
<include>
<gateway name="sipgate.de">
<param name="proxy" value="sipgate.de"/>
<param name="username" value="USERNAME"/>
<param name="password" value="PASSWORD"/>
<param name="extension" value="EXTERNALDID"/>
</gateway>
</include>
-->

0
opt/02-core/bigbluebutton/data/.gitkeep Normal file
View file

576
opt/02-core/bigbluebutton/docker-compose.tmpl.yml Normal file
View file

@ -0,0 +1,576 @@
{{/* if you read this, you can ignore the following lines */}}
# auto generated by ./scripts/generate-compose
# don't edit this directly.
{{/* -------- */}}
{{ $ignore_tls_cert_errors := or (isTrue .Env.DEV_MODE) (isTrue .Env.IGNORE_TLS_CERT_ERRORS)}}
services:
{{ if isTrue .Env.DEV_MODE }}
html5-dev:
build:
context: mod/html5-dev
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
restart: unless-stopped
volumes:
- ./repos/bigbluebutton/bigbluebutton-html5:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
network_mode: host
{{ end }}
bbb-web:
build:
context: mod/bbb-web
additional_contexts:
- src-web=./repos/bigbluebutton/bigbluebutton-web
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-common-web=./repos/bigbluebutton/bbb-common-web
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-web:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
- collabora
healthcheck:
test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
start_period: 2m
environment:
IGNORE_TLS_CERT_ERRORS: {{ $ignore_tls_cert_errors }}
DOMAIN: ${DOMAIN}
ENABLE_RECORDING: ${ENABLE_RECORDING:-false}
SHARED_SECRET: ${SHARED_SECRET}
WELCOME_MESSAGE: ${WELCOME_MESSAGE:-}
WELCOME_FOOTER: ${WELCOME_FOOTER}
STUN_SERVER: stun:${STUN_IP}:${STUN_PORT}
ENABLE_HTTPS_PROXY: ${ENABLE_HTTPS_PROXY:-false}
TURN_SECRET: ${TURN_SECRET:-}
TURN_EXT_SERVER: ${TURN_EXT_SERVER:-}
TURN_EXT_SECRET: ${TURN_EXT_SECRET:-}
ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.2
freeswitch:
container_name: bbb-freeswitch
build:
context: mod/freeswitch
additional_contexts:
- freeswitch=./repos/freeswitch/
- build-files=./repos/bigbluebutton/build/packages-template/bbb-freeswitch-core/
- fs-config=./repos/bigbluebutton/bbb-voice-conference/config/freeswitch/conf/
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-freeswitch:{{ .Env.TAG_FREESWITCH }}-{{ .Env.TAG_BBB }}
restart: unless-stopped
cap_add:
- IPC_LOCK
- NET_ADMIN
- NET_RAW
- NET_BROADCAST
- SYS_NICE
- SYS_RESOURCE
environment:
DOMAIN: ${DOMAIN}
EXTERNAL_IPv4: ${EXTERNAL_IPv4}
EXTERNAL_IPv6: ${EXTERNAL_IPv6:-::1}
SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST:-}
DISABLE_SOUND_MUTED: ${DISABLE_SOUND_MUTED:-false}
DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false}
SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie}
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
{{ if .Env.SIP_IP_ALLOWLIST }}
ports:
- 5060:5060/udp
{{ end }}
volumes:
- ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external-dialin
- ./data/freeswitch-meetings:/var/freeswitch/meetings
networks:
bbb-net:
ipv4_address: 10.7.7.10
logging:
# reduce logs to a minimum, so `docker compose logs -f` still works
driver: "local"
options:
max-size: "10k"
max-file: "1"
compress: "false"
nginx:
build:
context: mod/nginx
additional_contexts:
- src-learning-dashboard=./repos/bigbluebutton/bbb-learning-dashboard
- src-playback=./repos/bbb-playback
- src-html5=./repos/bigbluebutton/bigbluebutton-html5
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25
restart: unless-stopped
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf
{{ if isTrue .Env.DEV_MODE }}
# overwrite html5 config
- ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro
{{ end }}
tmpfs:
- /tmp
network_mode: host
extra_hosts:
- "host.docker.internal:10.7.7.1"
- "bbb-web:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.1"
- "greenlight:10.7.7.21"
- "bbb-graphql-server:10.7.7.31"
- "bbb-graphql-middleware:10.7.7.32"
etherpad:
build:
context: mod/etherpad
additional_contexts:
- plugin=./repos/bbb-etherpad-plugin
- skin=./repos/bbb-etherpad-skin
args:
TAG_ETHERPAD: "2.2.7"
image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
restart: unless-stopped
depends_on:
- redis
- collabora
environment:
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
networks:
bbb-net:
ipv4_address: 10.7.7.4
bbb-pads:
build:
context: mod/bbb-pads
additional_contexts:
- src=./repos/bbb-pads
image: alangecker/bbb-docker-pads:{{ .Env.TAG_PADS }}
restart: unless-stopped
depends_on:
- redis
- etherpad
environment:
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
networks:
bbb-net:
ipv4_address: 10.7.7.18
bbb-export-annotations:
build:
context: mod/bbb-export-annotations
additional_contexts:
src: ./repos/bigbluebutton/bbb-export-annotations
image: alangecker/bbb-docker-bbb-export-annotations:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- etherpad
- bbb-pads
networks:
# need connections to:
# https://github.com/bigbluebutton/bigbluebutton/blob/v2.7.0/bbb-export-annotations/config/settings.json
# "bbbWebAPI": "http://127.0.0.1:8090", -> bbb-web
# "bbbPadsAPI": "http://127.0.0.1:9002", -> bbb-pads
bbb-net:
ipv4_address: 10.7.7.19
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
tmpfs:
- /tmp
redis:
image: redis:7.2-alpine
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 1s
timeout: 3s
retries: 30
networks:
bbb-net:
ipv4_address: 10.7.7.5
webrtc-sfu:
build:
context: mod/webrtc-sfu
additional_contexts:
- source=./repos/bbb-webrtc-sfu
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-webrtc-sfu:{{ .Env.TAG_WEBRTC_SFU }}
restart: unless-stopped
depends_on:
- redis
- freeswitch
environment:
ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
{{ if .Env.EXTERNAL_IPv6 }}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"::", "announcedIp":"${EXTERNAL_IPv6}"}, {"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{else}}
MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]'
{{end}}
volumes:
- ./data/mediasoup:/var/mediasoup
tmpfs:
- /var/log/bbb-webrtc-sfu
network_mode: host
security_opt:
- seccomp:unconfined # allow io_uring access for mediasoup
ulimits:
memlock: -1 # allow io_uring_register_buffers to allocate enough ram
fsesl-akka:
build:
context: mod/fsesl-akka
additional_contexts:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-fsesl-client=./repos/bigbluebutton/bbb-fsesl-client
- src-fsesl-akka=./repos/bigbluebutton/akka-bbb-fsesl
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-fsesl-akka:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- freeswitch
environment:
FSESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon}
networks:
bbb-net:
ipv4_address: 10.7.7.14
apps-akka:
build:
context: mod/apps-akka
additional_contexts:
- src-common-message=./repos/bigbluebutton/bbb-common-message
- src-apps-akka=./repos/bigbluebutton/akka-bbb-apps
- src-config=./repos/bigbluebutton/bigbluebutton-html5/private/config/
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
image: alangecker/bbb-docker-apps-akka:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- postgres
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
volumes:
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./conf/bbb-html5.yml:/etc/bigbluebutton/bbb-html5.yml:ro
networks:
bbb-net:
ipv4_address: 10.7.7.15
bbb-graphql-server:
build:
context: mod/bbb-graphql-server
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-server
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
GRAPHQL_ENGINE_TAG: v2.45.0
image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
depends_on:
- postgres
- bbb-web
- apps-akka
- bbb-graphql-actions
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
HASURA_GRAPHQL_ADMIN_SECRET: TODO_CHANGE_ME
networks:
bbb-net:
ipv4_address: 10.7.7.31
bbb-graphql-actions:
build:
context: mod/bbb-graphql-actions
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-actions
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-actions:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- apps-akka
networks:
bbb-net:
ipv4_address: 10.7.7.30
{{ if isTrue .Env.DEV_MODE }}
volumes:
- ./repos/bigbluebutton/bbb-graphql-actions:/app/:rw
- ./.cache/npm:/tmp/.npm:rw
{{ end }}
bbb-graphql-middleware:
build:
context: mod/bbb-graphql-middleware
{{ if isTrue .Env.DEV_MODE }}
dockerfile: Dockerfile.dev
{{ else }}
additional_contexts:
- src=./repos/bigbluebutton/bbb-graphql-middleware
{{ end }}
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
image: alangecker/bbb-docker-graphql-middleware:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- bbb-graphql-server
- bbb-graphql-actions
- bbb-web
- redis
networks:
bbb-net:
ipv4_address: 10.7.7.32
extra_hosts:
- "nginx:10.7.7.1"
{{ if isTrue .Env.DEV_MODE }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
volumes:
- ./repos/bigbluebutton/bbb-graphql-middleware:/app/:ro
- ./repos/bigbluebutton/bbb-graphql-middleware/config/config.yml:/usr/share/bbb-graphql-middleware/config.yml:ro
- ./mod/bbb-graphql-middleware/config.yml:/etc/bigbluebutton/bbb-graphql-middleware.yml:ro
- ./.cache/go:/gopath:rw
- ./.cache/go-build:/.cache/go-build:rw
{{ end }}
collabora:
image: collabora/code:latest
restart: unless-stopped
tmpfs:
- /tmp
networks:
bbb-net:
ipv4_address: 10.7.7.20
# disable logging (way to verbose)
logging:
driver: none
periodic:
build: mod/periodic
image: alangecker/bbb-docker-periodic:v3.0.0
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/mediasoup:/var/mediasoup
tmpfs:
- /var/log/bigbluebutton
environment:
ENABLE_RECORDING: ${ENABLE_RECORDING}
REMOVE_OLD_RECORDING: ${REMOVE_OLD_RECORDING}
RECORDING_MAX_AGE_DAYS: ${RECORDING_MAX_AGE_DAYS}
networks:
bbb-net:
ipv4_address: 10.7.7.12
{{ if isTrue .Env.ENABLE_RECORDING }}
# recordings
recordings:
build:
context: mod/recordings
additional_contexts:
- record-core=./repos/bigbluebutton/record-and-playback/core
- presentation=./repos/bigbluebutton/record-and-playback/presentation
- bbb-conf=./repos/bigbluebutton/bigbluebutton-config
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2"
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
- redis
- bbb-pads
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
- ./data/mediasoup:/var/mediasoup
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
tmpfs:
- /var/log/bigbluebutton
- /tmp
networks:
bbb-net:
ipv4_address: 10.7.7.16
bbb-webrtc-recorder:
build:
context: mod/bbb-webrtc-recorder
additional_contexts:
- src=./repos/bbb-webrtc-recorder
image: alangecker/bbb-docker-webrtc-recorder:{{ .Env.TAG_WEBRTC_RECORDER }}
depends_on:
- redis
volumes:
- ./data/bbb-webrtc-recorder:/var/lib/bbb-webrtc-recorder
# WebRTC connection to bbb-webrtc-sfu seem to
# only to work via the external IP
network_mode: host
extra_hosts:
- "redis:10.7.7.5"
{{end}}
{{ if isTrue .Env.ENABLE_WEBHOOKS }}
# webhooks
webhooks:
build:
context: mod/webhooks
additional_contexts:
- src=./repos/bbb-webhooks
image: alangecker/bbb-docker-webhooks:{{ .Env.TAG_WEBHOOKS }}
restart: unless-stopped
environment:
DOMAIN: ${DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
depends_on:
- redis
networks:
bbb-net:
ipv4_address: 10.7.7.17
{{end}}
{{ if isTrue .Env.ENABLE_HTTPS_PROXY }}
haproxy:
build: mod/haproxy
image: alangecker/bbb-haproxy:2.8.10
volumes:
- ./data/haproxy/letsencrypt:/etc/letsencrypt
- ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
- ./mod/haproxy/protocolmap:/etc/haproxy/protocolmap
environment:
- IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
- CERT1=${DOMAIN}
- EMAIL=${LETSENCRYPT_EMAIL}
network_mode: host
{{end}}
# coturn
coturn:
image: coturn/coturn:4.6-alpine
restart: unless-stopped
command:
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
- "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}"
- "--static-auth-secret=${TURN_SECRET}"
- "--allowed-peer-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv4}"
- "--relay-ip=${EXTERNAL_IPv6:-::1}"
volumes:
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
network_mode: host
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
image: bigbluebutton/greenlight:v3.5.0
restart: unless-stopped
env_file: .env
depends_on:
- postgres
- redis
environment:
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
REDIS_URL: redis://redis:6379
{{ if $ignore_tls_cert_errors }}
BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
{{else}}
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
{{end}}
BIGBLUEBUTTON_SECRET: ${SHARED_SECRET}
SECRET_KEY_BASE: ${RAILS_SECRET}
RELATIVE_URL_ROOT: /
volumes:
- ./data/greenlight:/usr/src/app/storage
networks:
bbb-net:
ipv4_address: 10.7.7.21
{{end}}
postgres:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_MULTIPLE_DATABASES: bbb_graphql,hasura_app,greenlight
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- ./data/postgres:/var/lib/postgresql/data
- ./mod/postgres/initdb.sh:/docker-entrypoint-initdb.d/initdb.sh
networks:
bbb-net:
ipv4_address: 10.7.7.22
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER }}
# prometheus
prometheus-exporter:
image: greenstatic/bigbluebutton-exporter:latest
restart: unless-stopped
environment:
API_BASE_URL: http://10.7.7.1:48087/bigbluebutton/api/
API_SECRET: ${SHARED_SECRET}
RECORDINGS_METRICS_READ_FROM_DISK: "${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false}"
networks:
bbb-net:
ipv4_address: 10.7.7.33
{{ if isTrue .Env.ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION }}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton:ro
{{end}}
# the exporter requires /etc/bigbluebutton/bigbluebutton-release
tmpfs:
- /etc/bigbluebutton:mode=777
entrypoint: sh -c 'echo "BIGBLUEBUTTON_RELEASE=2.7.3" > /etc/bigbluebutton/bigbluebutton-release && python server.py'
{{end}}
networks:
bbb-net:
ipam:
driver: default
config:
- subnet: "10.7.7.0/24"

14
opt/02-core/bigbluebutton/docs/behind-nat.md Normal file
View file

@ -0,0 +1,14 @@
# Note if you use a Firewall / NAT
Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface.
#### Temporary way (until next reboot)
```
$ ip addr add 144.76.97.34/32 dev ens3
```
#### Permanent way
Specific to your linux distribution. Use a search engine of your choice. ;)
## Ports
Also don't forget to forward all necassary ports listed in https://docs.bigbluebutton.org/admin/configure-firewall.html

50
opt/02-core/bigbluebutton/docs/development.md Normal file
View file

@ -0,0 +1,50 @@
# bbb-docker Development
## Basics
normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out
```sh
$ git clone --recurse-submodules https://github.com/bigbluebutton/docker.git bbb-dev
$ cd bbb-dev
```
## Running
you can now run bbb-docker locally by simply starting
```sh
$ ./scripts/dev
```
Use the API Mate with the link presented in the console to create & join a conference.
### Hints
- the html5 component will watch and automatically reload on any changes 🚀
- if you change anything in the other components, you need to
* manually rebuilt it \
`$ docker compose build CONTAINERNAME`
* restart it \
`$ docker compose up -d CONTAINERNAME`
- if you change any variable in .env, always run following to rebuild the `docker-compose.yml``
`$ ./scripts/generate-compose`
- view the logs with \
`$ docker compose logs -f`
- At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
## Notes
- Due to the self signed ssl certificate it is currently not possible to notify greenlight about recordings in dev mode
## How to do create a new update for a newer BBB release?
This always consists out of following steps
1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \
* main source for that are the release notes in https://github.com/bigbluebutton/bigbluebutton/releases
2. **Apply these changes to this project.**
* Often you only need to checkout the git submodules to the specific release tag
* List of all submodules: `git submodule`
3. Test everything (with firefox **and** chromium/chrome)
* Audio
* Video
* Presentation upload
* Shared Notes
4. Create a `CHANGELOG.md` entry
5. Create a Pull Request
6. Receive big thanks from @alangecker

82
opt/02-core/bigbluebutton/docs/existing-web-server.md Normal file
View file

@ -0,0 +1,82 @@
# How to integrate into an existing Web server setup
Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web server may be already in use.
You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy.
> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using your Web server features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script.
## Installation
1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`.
2. Now all the required Docker containers should be running. BigBlueButton listens to port 48087. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one.
At this point, choose one of the following sections according to which Web server you're running ([Apache](#integration-with-apache)).
Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`.
## Integration with nginx
1. Add the following directives to the _https_ virtual host `bbb.example.com`
```
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $remote_addr $endpoint_addr {
"~:" [::1];
default 127.0.0.1;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name bbb.example.com;
ssl_certificate /etc/letsencrypt/live/bbb.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bbb.example.com/privkey.pem;
access_log /var/log/nginx/bigbluebutton.access.log;
error_log /var/log/nginx/bigbluebutton.error.log;
location / {
proxy_http_version 1.1;
proxy_pass http://$endpoint_addr:48087;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache_bypass $http_upgrade;
}
}
```
2. Restart nginx
```
service nginx restart
```
## Integration with Apache
1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules, whenever they are not already enabled:
```
sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
```
2. Add the following directives to the _https_ virtual host `bbb.example.com`:
```
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:48087%{REQUEST_URI} [P,QSA,L]
<Location />
Require all granted
ProxyPass http://127.0.0.1:48087/
ProxyPassReverse http://127.0.0.1:48087/
</Location>
```
3. Restart Apache:
```
service apache2 restart
```

36
opt/02-core/bigbluebutton/docs/network-config.md Normal file
View file

@ -0,0 +1,36 @@
## Network Configuration
Services as configured.
|Service | Network | IP address | Other Option |
--- | --- | --- | ---
| bbb-web | bbb-net | 10.7.7.2 |
| bbb-pads | bbb-net | 10.7.7.18 |
| html5-backend-{{$i}} | bbb-net | 10.7.7.{{add 100 $i}}| Port {{ add 4000 $i }}
| html5-frontend-{{$i}}| bbb-net | 10.7.7.{{add 200 $i}}| Port {{ add 4100 $i }}
| freeswitch| network_mode: host | |
| nginx | network_mode: host| | extra_hosts: <br /> - "host.docker.internal:10.7.7.1"<br /> - "core:10.7.7.2"<br /> - "etherpad:10.7.7.4"<br /> - "webrtc-sfu:10.7.7.10"<br /> - "html5:10.7.7.11"
| etherpad | bbb-net | 10.7.7.4|
| redis | bbb-net | 10.7.7.5|
| mongodb | bbb-net | 10.7.7.6|
| kurento | network-mode: host | |
| webrtc-sfu | bbb-net | | network_mode: host
| fsesl-akka | bbb-net | 10.7.7.14 |
| apps-akka | bbb-net | 10.7.7.15 |
| libreoffice | bbb-net | 10.7.7.7 |
| periodic | bbb-net | 10.7.7.12 |
| recordings | bbb-net | 10.7.7.16 |
| webhooks | bbb-net | 10.7.7.17 |
| https_proxy | bbb-net | |network_mode: host
| coturn | network_mode: host | |
| greenlight | | | ports: 10.7.7.1:5000:80
| prometheus | bbb-net | 10.7.7.33 |
| bbb-export-annotations | bbb-net | 10.7.7.19 |
```yml
networks:
bbb-net:
ipam:
driver: default
config:
- subnet: "10.7.7.0/24"
```

33
opt/02-core/bigbluebutton/docs/upgrading.md Normal file
View file

@ -0,0 +1,33 @@
# How To Upgrade bbb-docker
### Breaking changes `v2.7.x` -> `v3.0.x`
- **A setup behind NAT does currently not work!**
- `LETSENCRYPT_EMAIL` is now required in `.env` when used with the integrated HAProxy
- the greenlight postgres database is now called `greenlight` instead of `greenlight-v3`
### Breaking changes `v2.6.x` -> `v2.7.x`
- We use now Docker Compose V2
* make sure you have docker ≥ 23.0 installed (`$ docker -v`)
* update all usages of `docker-compose` to `docker compose` in your scripts
### Breaking changes `v2.5.x` -> `v2.6.x`
- Greenlight got fully rewritten
* it is starting as a fresh installation. you can migrate your data with `./scripts/greenlight-migrate-v2-v3`
* some greenlight settings under `.env` have changed. compare your version with `sample.env`
* it is now served directly under `/` and not in `/b`. If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
### Backup
if you use greenlight, create a database backup first
```bash
docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
```
### Upgrading
```bash
# upgrade!
./scripts/upgrade
# restart updated services
docker compose up -d --no-build
```

43
opt/02-core/bigbluebutton/mod/apps-akka/Dockerfile Normal file
View file

@ -0,0 +1,43 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# ===================================================
ARG TAG_APPS_AKKA
COPY --from=src-apps-akka / /source
# compile and unzip bin
RUN cd /source \
&& sbt universal:packageBin \
&& unzip /source/target/universal/bbb-apps-akka-0.0.4.zip -d /
# ===================================================
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-settings
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
COPY --from=src-config /settings.yml /settings.yml
ARG TAG_BBB
RUN yq e -i ".public.app.bbbServerVersion = \"$TAG_BBB\"" /settings.yml
RUN yq e -i ".public.app.html5ClientBuild = \"$TAG_BBB\"" /settings.yml
# ===================================================
FROM alangecker/bbb-docker-base-java
COPY --from=builder-settings /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /bbb-apps-akka-0.0.4 /bbb-apps-akka
COPY bbb-apps-akka.conf /etc/bigbluebutton/bbb-apps-akka.conf.tmpl
COPY logback.xml /bbb-apps-akka/conf/logback.xml
COPY entrypoint.sh /entrypoint.sh
COPY --from=builder-settings --chown=bigbluebutton:bigbluebutton /settings.yml /usr/share/bigbluebutton/html5-client/private/config/settings.yml
USER bigbluebutton
ENTRYPOINT /entrypoint.sh

25
opt/02-core/bigbluebutton/mod/apps-akka/bbb-apps-akka.conf Normal file
View file

@ -0,0 +1,25 @@
// include default config from upstream
include "/bbb-apps-akka/conf/application.conf"
redis {
host="10.7.7.5"
}
services {
bbbWebAPI="https://DOMAIN/bigbluebutton/api"
sharedSecret="SHARED_SECRET"
graphqlMiddlewareAPI = "http://10.7.7.32:8378"
}
http {
interface = "0.0.0.0"
}
postgres {
properties = {
serverName = "postgres"
portNumber = "5432"
databaseName = "bbb_graphql"
user = "postgres"
password = "POSTGRES_PASSWORD"
}
}

17
opt/02-core/bigbluebutton/mod/apps-akka/entrypoint.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/sh -e
# bbb-apps-akka.conf
TARGET=/etc/bigbluebutton/bbb-apps-akka.conf
cp /etc/bigbluebutton/bbb-apps-akka.conf.tmpl $TARGET
sed -i "s/DOMAIN/$DOMAIN/" $TARGET
sed -i "s/SHARED_SECRET/$SHARED_SECRET/" $TARGET
sed -i "s/POSTGRES_PASSWORD/$POSTGRES_PASSWORD/" $TARGET
# settings.yml
TARGET=/usr/share/bigbluebutton/html5-client/private/config/settings.yml
yq e -i ".public.kurento.wsUrl = \"wss://$DOMAIN/bbb-webrtc-sfu\"" $TARGET
yq e -i ".public.pads.url = \"https://$DOMAIN/pad\"" $TARGET
cd /bbb-apps-akka
/bbb-apps-akka/bin/bbb-apps-akka

18
opt/02-core/bigbluebutton/mod/apps-akka/logback.xml Normal file
View file

@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<Pattern>%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level %logger{35} - %msg%n</Pattern>
</layout>
</appender>
<logger name="akka" level="INFO" />
<logger name="org.bigbluebutton" level="DEBUG" />
<logger name="io.lettuce" level="INFO" />
<logger name="slick" level="INFO" />
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>

24
opt/02-core/bigbluebutton/mod/base-java/Dockerfile Normal file
View file

@ -0,0 +1,24 @@
FROM eclipse-temurin:17-jre-jammy
RUN apt-get update && apt-get install -y \
wget unzip gosu locales \
imagemagick xpdf-utils curl \
&& sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
# add user & group
RUN groupadd -g 998 bigbluebutton \
&& useradd -m -u 998 -g bigbluebutton bigbluebutton \
&& mkdir /etc/bigbluebutton \
&& chown bigbluebutton:bigbluebutton /etc/bigbluebutton
# add dockerize
ENV DOCKERIZE_VERSION v0.7.0
RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz

23
opt/02-core/bigbluebutton/mod/bbb-export-annotations/Dockerfile Normal file
View file

@ -0,0 +1,23 @@
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-export-annotations
RUN cd /bbb-export-annotations && npm ci && npm install
# --------------------
FROM node:22-bookworm-slim
RUN groupadd -g 998 bigbluebutton \
&& useradd -m -u 998 -g bigbluebutton bigbluebutton
RUN apt update && apt install -y \
nodejs npm cairosvg ghostscript imagemagick nodejs poppler-utils
COPY --from=builder /bbb-export-annotations /bbb-export-annotations
COPY ./config/settings.json /bbb-export-annotations/config/settings.json
USER bigbluebutton
WORKDIR /bbb-export-annotations
ENV NODE_ENV=production
ENTRYPOINT npm start

40
opt/02-core/bigbluebutton/mod/bbb-export-annotations/config/settings.json Normal file
View file

@ -0,0 +1,40 @@
{
"log": {
"level": "info",
"msgName": "PresAnnStatusMsg"
},
"shared": {
"presAnnDropboxDir": "/tmp/pres-ann-dropbox",
"cairosvg": "/usr/bin/cairosvg",
"ghostscript": "/usr/bin/gs"
},
"process": {
"maxImageWidth": 1440,
"maxImageHeight": 1080,
"pointsPerInch": 72,
"pixelsPerInch": 96,
"cairoSVGUnsafeFlag": false
},
"notifier": {
"pod_id": "DEFAULT_PRESENTATION_POD",
"is_downloadable": "false",
"msgName": "NewPresFileAvailableMsg"
},
"bbbWebAPI": "http://bbb-web:8090",
"bbbPadsAPI": "http://bbb-pads:9002",
"redis": {
"host": "redis",
"port": 6379,
"password": null,
"channels": {
"queue": "exportJobs",
"publish": "to-akka-apps-redis-channel"
}
},
"fonts": {
"draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
"sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
"serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
"mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
}
}

34
opt/02-core/bigbluebutton/mod/bbb-graphql-actions/Dockerfile Normal file
View file

@ -0,0 +1,34 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src ./ /src
RUN cd /src && \
npm ci --no-progress && \
npm run build
# delete node_modules (it should create a fresh one inside /src/dist/)
RUN rm -rf /src/node_modules
RUN cd /src/dist && \
mv index.js bbb-graphql-actions.js && \
cp ../package.json ../package-lock.json . && \
npm ci --no-progress --omit=dev
# ------------------------------
FROM node:22-bookworm-slim
RUN groupadd -g 2062 app \
&& useradd -m -u 2063 -g app app
USER app
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
ENV NODE_ENV=production
COPY --from=builder /src/dist /app
CMD [ "node", "/app/bbb-graphql-actions.js" ]

16
opt/02-core/bigbluebutton/mod/bbb-graphql-actions/Dockerfile.dev Normal file
View file

@ -0,0 +1,16 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN apt-get update && apt-get install -y gosu
# allow any user to use node in /root/.nvm
RUN chmod 755 /root
COPY dev-entrypoint.sh /dev-entrypoint.sh
ENTRYPOINT [ "/dev-entrypoint.sh" ]
WORKDIR /app
ENV SERVER_HOST 0.0.0.0
ENV BBB_REDIS_HOST redis
CMD [ "npm install && npm start" ]

12
opt/02-core/bigbluebutton/mod/bbb-graphql-actions/dev-entrypoint.sh Executable file
View file

@ -0,0 +1,12 @@
#!/bin/bash
# get owner of /app
OWNER="$(stat -c '%u' "/app")"
GROUP="$(stat -c '%g' "/app")"
useradd --home-dir /tmp -u $OWNER user || /bin/true
# run with same user to avoid any issues
# with file permissions
. /root/.nvm/nvm.sh
gosu $OWNER:$GROUP bash -c "$@"

12
opt/02-core/bigbluebutton/mod/bbb-graphql-middleware/Dockerfile Normal file
View file

@ -0,0 +1,12 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src / /src/
RUN cd /src/ && CGO_ENABLED=0 go build -o bbb-graphql-middleware cmd/bbb-graphql-middleware/main.go
# ------------------------------
FROM alpine
COPY --from=builder /src/bbb-graphql-middleware /app/bbb-graphql-middleware
COPY --from=builder /src/config/config.yml /usr/share/bbb-graphql-middleware/config.yml
COPY config.yml /etc/bigbluebutton/bbb-graphql-middleware.yml
CMD [ "/app/bbb-graphql-middleware" ]

8
opt/02-core/bigbluebutton/mod/bbb-graphql-middleware/Dockerfile.dev Normal file
View file

@ -0,0 +1,8 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
WORKDIR /app
ENV GOPATH /gopath
CMD ["go", "run", "cmd/bbb-graphql-middleware/main.go", "--signal", "SIGTERM"]

15
opt/02-core/bigbluebutton/mod/bbb-graphql-middleware/config.yml Normal file
View file

@ -0,0 +1,15 @@
server:
listen_host: 0.0.0.0
listen_port: 8378
redis:
host: redis
port: 6379
password: ""
hasura:
url: ws://nginx:8185/v1/graphql
graphql-actions:
url: http://bbb-graphql-actions:8093
auth_hook:
url: http://bbb-web:8090/bigbluebutton/connection/checkGraphqlAuthorization
session_vars_hook:
url: http://apps-akka:8901/userInfo

25
opt/02-core/bigbluebutton/mod/bbb-graphql-server/Dockerfile Normal file
View file

@ -0,0 +1,25 @@
ARG BBB_BUILD_TAG
ARG GRAPHQL_ENGINE_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
RUN curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | INSTALL_PATH=/usr/local/bin VERSION=v2.44.0 bash
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && chmod a+x /usr/local/bin/yq
# ----------------------------
FROM hasura/graphql-engine:$GRAPHQL_ENGINE_TAG
# install netstat, required for start script
RUN apt-get update && apt-get install -y net-tools gosu
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
COPY --from=builder /usr/local/bin/hasura /usr/local/bin/hasura
COPY --from=src /bbb_schema.sql /app/
COPY --from=src /metadata /app/metadata
COPY config.yaml /app/config.yaml
COPY entrypoint.sh /entrypoint.sh
COPY start.sh /app/start.sh
ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "/app/start.sh" ]

7
opt/02-core/bigbluebutton/mod/bbb-graphql-server/config.yaml Normal file
View file

@ -0,0 +1,7 @@
version: 3
endpoint: http://localhost:8085
admin_secret: bigbluebutton
metadata_directory: metadata
actions:
kind: synchronous
handler_webhook_baseurl: http://localhost:3000

27
opt/02-core/bigbluebutton/mod/bbb-graphql-server/entrypoint.sh Executable file
View file

@ -0,0 +1,27 @@
#!/bin/bash
# for psql
export PGHOST=postgres
export PGUSER="${POSTGRES_USER}"
export PGPASSWORD="${POSTGRES_PASSWORD}"
# for hasura
export HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_LOG_LEVEL=warn
export HASURA_GRAPHQL_ENABLE_CONSOLE=false
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_SERVER_PORT=8085
export HASURA_GRAPHQL_ENABLE_TELEMETRY=false
export HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE=10
export HASURA_GRAPHQL_AUTH_HOOK=http://apps-akka:8901/userInfo
export HASURA_BBB_GRAPHQL_ACTIONS_ADAPTER_URL=http://bbb-graphql-actions:8093
export HASURA_GRAPHQL_BBB_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/bbb_graphql
exec $@

39
opt/02-core/bigbluebutton/mod/bbb-graphql-server/start.sh Executable file
View file

@ -0,0 +1,39 @@
#!/bin/bash
set -e
cd /app/
# patch database url
# TODO: this should be possible upstream in BBB via an environment variable
yq e -i ".[1].configuration.connection_info.database_url = \"$HASURA_GRAPHQL_BBB_DATABASE_URL\"" metadata/databases/databases.yaml
sed -i "s/^admin_secret: .*/admin_secret: $HASURA_GRAPHQL_ADMIN_SECRET/g" /app/config.yaml
echo "SELECT 'CREATE DATABASE hasura_app' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'hasura_app')\gexec" | psql
echo "Restarting database bbb_graphql"
psql -c "SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE datname = 'bbb_graphql'" > /dev/null
psql -c "drop database if exists bbb_graphql with (force)"
psql -c "create database bbb_graphql WITH TEMPLATE template0 LC_COLLATE 'C.UTF-8'"
psql -c "alter database bbb_graphql set timezone to 'UTC'"
echo "Creating tables in bbb_graphql"
psql -U postgres -d bbb_graphql -q -f bbb_schema.sql --set ON_ERROR_STOP=on
echo "Starting hasura-graphql-engine"
gosu nobody graphql-engine serve &
PID=$!
sleep 1
#Check if Hasura is ready before applying metadata
while ! netstat -tuln | grep ":$HASURA_GRAPHQL_SERVER_PORT " > /dev/null; do
echo "Waiting for Hasura's port ($HASURA_GRAPHQL_SERVER_PORT) to be ready..."
sleep 1
done
echo "Applying new metadata to Hasura"
/usr/local/bin/hasura metadata apply --skip-update-check
wait "$PID"

18
opt/02-core/bigbluebutton/mod/bbb-pads/Dockerfile Normal file
View file

@ -0,0 +1,18 @@
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-pads
RUN cd /bbb-pads && rm -r .git && npm install --production
RUN chmod 777 /bbb-pads/config
# ------------------------------
FROM node:22-bookworm-slim
RUN apt update && apt install -y jq moreutils \
&& useradd --uid 2003 --create-home --user-group bbb-pads
COPY --from=builder /bbb-pads /bbb-pads
USER bbb-pads
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

15
opt/02-core/bigbluebutton/mod/bbb-pads/entrypoint.sh Executable file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -e
TARGET=/bbb-pads/config/settings.json
cp /bbb-pads/config/settings.json.template $TARGET
sed -i "s/ETHERPAD_API_KEY/\"$ETHERPAD_API_KEY\"/g" $TARGET
jq '.etherpad.host = "etherpad"' $TARGET | sponge $TARGET
jq '.express.host = "0.0.0.0"' $TARGET | sponge $TARGET
jq '.redis.host = "redis"' $TARGET | sponge $TARGET
cd /bbb-pads
export NODE_ENV=production
npm start

57
opt/02-core/bigbluebutton/mod/bbb-web/Dockerfile Normal file
View file

@ -0,0 +1,57 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# ===================================================
COPY --from=src-common-web / /bbb-common-web
# build bbb-common-web
RUN cd /bbb-common-web && ./deploy.sh
COPY --from=src-web / /bbb-web
# compile bbb-web
RUN cd /bbb-web && grails assemble
# compile pres-checker
RUN cd /bbb-web/pres-checker && gradle resolveDeps
# extract .war
RUN unzip -q /bbb-web/build/libs/bigbluebutton-0.10.0.war -d /dist
# ===================================================
FROM alangecker/bbb-docker-base-java
# add blank presentation files and allow conversion to pdf/svg
RUN mkdir -p /usr/share/bigbluebutton/blank \
&& cd /usr/share/bigbluebutton/blank \
&& wget \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-svg.svg \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-thumb.png \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-presentation.pdf \
https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-png.png \
&& sed -i 's/<policy domain="coder" rights="none" pattern="PDF" \/>/<policy domain="coder" rights="write" pattern="PDF" \/>/g' /etc/ImageMagick-6/policy.xml \
&& sed -i '/potrace/d' /etc/ImageMagick-6/delegates.xml
# get bbb-web
COPY --from=builder /dist /usr/share/bbb-web
# get pres-checker
COPY --from=builder /bbb-web/pres-checker/lib /usr/share/prescheck/lib
COPY --from=builder /bbb-web/pres-checker/run.sh /usr/share/prescheck/prescheck.sh
# add entrypoint and templates
COPY entrypoint.sh /entrypoint.sh
COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl
COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml
COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh
ENTRYPOINT ["/entrypoint.sh"]

26
opt/02-core/bigbluebutton/mod/bbb-web/bbb-web.properties Normal file
View file

@ -0,0 +1,26 @@
defaultWelcomeMessage={{ .Env.WELCOME_MESSAGE }}
defaultWelcomeMessageFooter={{ .Env.WELCOME_FOOTER }}
{{ if isTrue .Env.ENABLE_RECORDING }}
disableRecordingDefault=false
{{ else }}
disableRecordingDefault=true
{{ end }}
bigbluebutton.web.serverURL=https://{{ .Env.DOMAIN }}
securitySalt={{ .Env.SHARED_SECRET }}
redisHost=redis
{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }}
beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
# fetch presentations without HTTPS
presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
learningDashboardEnabled={{ .Env.ENABLE_LEARNING_DASHBOARD }}
defaultNumDigitsForTelVoice=9

31
opt/02-core/bigbluebutton/mod/bbb-web/entrypoint.sh Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
set -e
# create recording directory structure if it doesn't exist yet
mkdir -p /var/bigbluebutton/recording/status
mkdir -p /var/bigbluebutton/events
mkdir -p /var/bigbluebutton/recording
mkdir -p /var/bigbluebutton/recording/raw
mkdir -p /var/bigbluebutton/recording/process
mkdir -p /var/bigbluebutton/recording/publish
mkdir -p /var/bigbluebutton/recording/status/recorded
mkdir -p /var/bigbluebutton/recording/status/archived
mkdir -p /var/bigbluebutton/recording/status/processed
mkdir -p /var/bigbluebutton/recording/status/ended
mkdir -p /var/bigbluebutton/recording/status/sanity
mkdir -p /var/bigbluebutton/recording/status/published
mkdir -p /var/bigbluebutton/captions
mkdir -p /var/bigbluebutton/captions/inbox
mkdir -p /var/bigbluebutton/published
mkdir -p /var/bigbluebutton/deleted
mkdir -p /var/bigbluebutton/unpublished
mkdir -p /var/bigbluebutton/basic_stats
chown -R bigbluebutton:bigbluebutton /var/bigbluebutton
cd /usr/share/bbb-web/
dockerize \
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
-template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \
gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher

28
opt/02-core/bigbluebutton/mod/bbb-web/logback.xml Normal file
View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT"
class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<Pattern>%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level %logger{35} - %msg%n</Pattern>
</layout>
</appender>
<logger name="akka" level="INFO" />
<logger name="io.lettuce" level="INFO" />
<logger name="org.bigbluebutton" level="DEBUG" />
<logger name="grails.app.controllers" level="DEBUG" />
<logger name="grails.app.services" level="DEBUG" />
<logger name="org.grails.web.servlet" level="ERROR" />
<logger name="org.grails.web.pages" level="ERROR" />
<logger name="org.grails.web.sitemesh" level="ERROR" />
<logger name="org.grails.web.mapping.filter" level="ERROR" />
<logger name="org.grails.web.mapping" level="ERROR" />
<logger name="org.grails.commons" level="ERROR" />
<logger name="org.springframework" level="ERROR" />
<root level="WARN">
<appender-ref ref="STDOUT" />
</root>
</configuration>

36
opt/02-core/bigbluebutton/mod/bbb-web/office-convert.sh Executable file
View file

@ -0,0 +1,36 @@
#!/bin/bash
set -e
set -u
PATH="/bin/:/usr/bin/"
# This script receives three params
# Param 1: Input office file path (e.g. "/tmp/test.odt")
# Param 2: Output pdf file path (e.g. "/tmp/test.pdf")
# Param 3: Destination Format (pdf default)
# Param 4: Timeout (secs) (optional)
if (( $# == 0 )); then
echo "Missing parameter 1 (Input office file path)";
exit 1
elif (( $# == 1 )); then
echo "Missing parameter 2 (Output pdf file path)";
exit 1
fi;
source="$1"
dest="$2"
# If output format is missing, define PDF
convertTo="${3:-pdf}"
# If timeout is missing, define 60
timeoutSecs="${4:-60}"
# Truncate timeout to max 3 digits (as expected by sudoers)
timeoutSecs="${timeoutSecs:0:3}"
# The timeout is important.
timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
exit 0

59
opt/02-core/bigbluebutton/mod/bbb-web/turn-stun-servers.xml Normal file
View file

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<bean id="stun1" class="org.bigbluebutton.web.services.turn.StunServer">
<constructor-arg index="0" value="{{ .Env.STUN_SERVER }}"/>
</bean>
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turn:{{ .Env.DOMAIN }}:3478"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
{{/* ignore when using a self signed certificate in dev mode */}}
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
<constructor-arg index="1" value="turns:{{ .Env.DOMAIN }}:443?transport=tcp"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<bean id="turn2" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_EXT_SECRET }}"/>
<constructor-arg index="1" value="{{ .Env.TURN_EXT_SERVER }}"/>
<constructor-arg index="2" value="86400"/>
</bean>
{{end}}
<bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
<property name="stunServers">
<set>
<ref bean="stun1" />
</set>
</property>
<property name="turnServers">
<set>
<ref bean="turn0" />
{{if and (isTrue .Env.ENABLE_HTTPS_PROXY) (not (isTrue .Env.IGNORE_TLS_CERT_ERRORS)) }}
<ref bean="turn1" />
{{end}}
{{if .Env.TURN_EXT_SERVER }}
<ref bean="turn2" />
{{end}}
</set>
</property>
<property name="remoteIceCandidates">
<set>
</set>
</property>
</bean>
</beans>

40
opt/02-core/bigbluebutton/mod/bbb-webrtc-recorder/Dockerfile Normal file
View file

@ -0,0 +1,40 @@
# Build stage
FROM golang:1.23 as builder
ARG APP_VERSION=devel
ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder
WORKDIR /app
COPY --from=src go.* ./
RUN go mod tidy
COPY --from=src . ./
RUN APP_VERSION=$(cat ./VERSION | sed 's/ /-/g') \
go build -o ./build/bbb-webrtc-recorder \
-ldflags="-X '$GOMOD/internal.AppVersion=v${APP_VERSION1}'" \
./cmd/bbb-webrtc-recorder
RUN mv /app/build/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
# Running stage
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y gosu
# use same UID as in the recordings container
RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
# config
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_ADDRESS=redis:6379
ENV BBBRECORDER_PUBSUB_ADAPTERS_REDIS_NETWORK=tcp
ENV BBBRECORDER_DEBUG=true
# Copy the binary to the production image from the builder stage.
COPY --from=builder /usr/bin/bbb-webrtc-recorder /usr/bin/bbb-webrtc-recorder
COPY --from=builder /app/config/bbb-webrtc-recorder.yml /etc/bbb-webrtc-recorder/bbb-webrtc-recorder.yml
CMD ["/bin/sh", "-c", "chown -R bigbluebutton:bigbluebutton /var/lib/bbb-webrtc-recorder && gosu bigbluebutton /usr/bin/bbb-webrtc-recorder"]

28
opt/02-core/bigbluebutton/mod/coturn/turnserver.conf Normal file
View file

@ -0,0 +1,28 @@
listening-port=3478
# listening-ip=${INTERNAL_IP:-$IP}
# relay-ip=${INTERNAL_IP:-$IP}
min-port=32769
max-port=65535
# verbose
fingerprint
lt-cred-mech
use-auth-secret
realm=bbb-docker
keep-address-family
no-cli
no-tlsv1
no-tlsv1_1
# Block connections to IP ranges which shouldn't be reachable
no-loopback-peers
no-multicast-peers
# we only need to allow peer connections from the machine itself (from mediasoup or freeswitch).
denied-peer-ip=0.0.0.0-255.255.255.255
denied-peer-ip=::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

29
opt/02-core/bigbluebutton/mod/etherpad/Dockerfile Normal file
View file

@ -0,0 +1,29 @@
ARG TAG_ETHERPAD
FROM etherpad/etherpad:$TAG_ETHERPAD
USER root
RUN apk add git curl
USER etherpad
RUN pnpm run plugins i \
ep_disable_chat@0.0.10 \
ep_auth_session@1.1.1 \
--github \
mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
mconf/ep_pad_ttl#360136cd38493dd698435631f2373cbb7089082d \
mconf/ep_redis_publisher#2b6e47c1c59362916a0b2961a29b259f2977b694
# add skin from git submodule
COPY --chown=etherpad:0 --from=skin / /opt/etherpad-lite/src/static/skins/bigbluebutton
# add plugin from git submodule
COPY --chown=etherpad:0 --from=plugin / /ep_bigbluebutton_patches
RUN pnpm run plugins i --path /ep_bigbluebutton_patches
COPY settings.json /opt/etherpad-lite/settings.json
COPY etherpad-export.sh /etherpad-export.sh
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

3
opt/02-core/bigbluebutton/mod/etherpad/entrypoint.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/sh
echo $ETHERPAD_API_KEY > /tmp/apikey
pnpm run prod --apikey /tmp/apikey

9
opt/02-core/bigbluebutton/mod/etherpad/etherpad-export.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
src="$8"
dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')"
convertTo="$7"
curl -v -F "data=@${src}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
exit 0

723
opt/02-core/bigbluebutton/mod/etherpad/settings.json Normal file
View file

@ -0,0 +1,723 @@
/*
* This file must be valid JSON. But comments are allowed
*
* Please edit settings.json, not settings.json.template
*
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
* a separate file (credentials.json).
*
*
* ENVIRONMENT VARIABLE SUBSTITUTION
* =================================
*
* All the configuration values can be read from environment variables using the
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
*
* This is useful, for example, when running in a Docker container.
*
* DETAILED RULES:
* - If the environment variable is set to the string "true" or "false", the
* value becomes Boolean true or false.
* - If the environment variable is set to the string "null", the value
* becomes null.
* - If the environment variable is set to the string "undefined", the setting
* is removed entirely, except when used as the member of an array in which
* case it becomes null.
* - If the environment variable is set to a string representation of a finite
* number, the string is converted to that number.
* - If the environment variable is set to any other string, including the
* empty string, the value is that string.
* - If the environment variable is unset and a default value is provided, the
* value is as if the environment variable was set to the provided default:
* - "${UNSET_VAR:}" becomes the empty string.
* - "${UNSET_VAR:foo}" becomes the string "foo".
* - "${UNSET_VAR:true}" and "${UNSET_VAR:false}" become true and false.
* - "${UNSET_VAR:null}" becomes null.
* - "${UNSET_VAR:undefined}" causes the setting to be removed (or be set
* to null, if used as a member of an array).
* - If the environment variable is unset and no default value is provided,
* the value becomes null. THIS BEHAVIOR MAY CHANGE IN A FUTURE VERSION OF
* ETHERPAD; if you want the default value to be null, you should explicitly
* specify "null" as the default value.
*
* EXAMPLE:
* "port": "${PORT:9001}"
* "minify": "${MINIFY}"
* "skinName": "${SKIN_NAME:colibris}"
*
* Would read the configuration values for those items from the environment
* variables PORT, MINIFY and SKIN_NAME.
*
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
* "colibris" would be used.
* The configuration value "minify", on the other hand, does not have a
* designated default value. Thus, if the environment variable MINIFY were
* undefined, "minify" would be null.
*
* REMARKS:
* 1) please note that variable substitution always needs to be quoted.
*
* "port": 9001, <-- Literal values. When not using
* "minify": false substitution, only strings must be
* "skinName": "colibris" quoted. Booleans and numbers must not.
*
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
* "skinName": "${SKIN_NAME}" even if the required value is a number or
* a boolean.
* Etherpad will take care of rewriting it
* to the proper type if necessary.
*
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
* "minify": ${MINIFY} around variable names are missing.
* "skinName": ${SKIN_NAME}
*
* 2) Beware of undefined variables and default values: nulls and empty strings
* are different!
*
* This is particularly important for user's passwords (see the relevant
* section):
*
* "password": "${PASSW}" // if PASSW is not defined would result in password === null
* "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
*
* If you want to use an empty value (null) as default value for a variable,
* simply do not set it, without putting any colons: "${ABIWORD}".
*
* 3) if you want to use newlines in the default value of a string parameter,
* use "\n" as usual.
*
* "defaultPadText" : "${DEFAULT_PAD_TEXT}Line 1\nLine 2"
*/
{
/*
* Name your instance!
*/
"title": "Etherpad",
/*
* Pathname of the favicon you want to use. If null, the skin's favicon is
* used if one is provided by the skin, otherwise the default Etherpad favicon
* is used. If this is a relative path it is interpreted as relative to the
* Etherpad root directory.
*/
"favicon": null,
/*
* Skin name.
*
* Its value has to be an existing directory under src/static/skins.
* You can write your own, or use one of the included ones:
*
* - "no-skin": an empty skin (default). This yields the unmodified,
* traditional Etherpad theme.
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
* become the default in Etherpad 2.0
*/
"skinName": "bigbluebutton",
/*
* Skin Variants
*
* Use the UI skin variants builder at /p/test#skinvariantsbuilder
*
* For the colibris skin only, you can choose how to render the three main
* containers:
* - toolbar (top menu with icons)
* - editor (containing the text of the pad)
* - background (area outside of editor, mostly visible when using page style)
*
* For each of the 3 containers you can choose 4 color combinations:
* super-light, light, dark, super-dark.
*
* For example, to make the toolbar dark, you will include "dark-toolbar" into
* skinVariants.
*
* You can provide multiple skin variants separated by spaces. Default
* skinVariant is "super-light-toolbar super-light-editor light-background".
*
* For the editor container, you can also make it full width by adding
* "full-width-editor" variant (by default editor is rendered as a page, with
* a max-width of 900px).
*/
"skinVariants": "",
/*
* IP and port which Etherpad should bind at.
*
* Binding to a Unix socket is also supported: just use an empty string for
* the ip, and put the full path to the socket in the port parameter.
*
* EXAMPLE USING UNIX SOCKET:
* "ip": "", // <-- has to be an empty string
* "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket
*/
"ip": "0.0.0.0",
"port": 9001,
/*
* Option to hide/show the settings.json in admin page.
*
* Default option is set to true
*/
"showSettingsInAdminPage": true,
/*
* Settings for cleanup of pads
*/
"cleanup": {
"enabled": false,
"keepRevisions": 5
},
/*
* Node native SSL support
*
* This is disabled by default.
* Make sure to have the minimum and correct file access permissions set so
* that the Etherpad server can access them
*/
/*
"ssl" : {
"key" : "/path-to-your/epl-server.key",
"cert" : "/path-to-your/epl-server.crt",
"ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
},
*/
/*
* The type of the database.
*
* You can choose between many DB drivers, for example: dirty, postgres,
* sqlite, mysql.
*
* You shouldn't use "dirty" for for anything else than testing or
* development.
*
*
* Database specific settings are dependent on dbType, and go in dbSettings.
* Remember that since Etherpad 1.6.0 you can also store this information in
* credentials.json.
*
* For a complete list of the supported drivers, please refer to:
* https://www.npmjs.com/package/ueberdb2
*/
"dbType": "redis",
"dbSettings": {
"url": "redis://redis:6379"
},
/*
* An Example of MySQL Configuration (commented out).
*
* See: https://github.com/ether/etherpad-lite/wiki/How-to-use-Etherpad-Lite-with-MySQL
*/
/*
"dbType" : "redis",
"dbSettings" : {
"host": "127.0.0.1",
"port": 6379,
"client_options": {
"password": "PASSWORD"
}
},
*/
/*
* The default text of a pad: A zero-width-space is used to work around an issue with Etherpad 1.9.1 where empty pads are not being created.
* See: https://github.com/ether/etherpad-lite/issues/5787
*/
"defaultPadText" : "\u200b",
/*
* Default Pad behavior.
*
* Change them if you want to override.
*/
"padOptions": {
"noColors": true,
"showControls": true,
"showChat": false,
"showLineNumbers": false,
"useMonospaceFont": false,
"userName": false,
"userColor": false,
"rtl": false,
"alwaysShowChat": false,
"chatAndUsers": false,
"lang": "en"
},
/*
* Pad Shortcut Keys
*/
"padShortcutEnabled" : {
"altF9": true, /* focus on the File Menu and/or editbar */
"altC": false, /* focus on the Chat window */
"cmdShift2": true, /* shows a gritter popup showing a line author */
"delete": true,
"return": true,
"esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */
"cmdS": true, /* save a revision */
"tab": true, /* indent */
"cmdZ": true, /* undo/redo */
"cmdY": true, /* redo */
"cmdI": true, /* italic */
"cmdB": true, /* bold */
"cmdU": true, /* underline */
"cmd5": true, /* strike through */
"cmdShiftL": true, /* unordered list */
"cmdShiftN": true, /* ordered list */
"cmdShift1": true, /* ordered list */
"cmdShiftC": true, /* clear authorship */
"cmdH": true, /* backspace */
"ctrlHome": true, /* scroll to top of pad */
"pageUp": true,
"pageDown": true
},
/*
* Enables the use of a different server. We have a different one that syncs changes from the original server.
* It is hosted on GitHub and should not be blocked by many firewalls.
* https://etherpad.org/ep_infos
*/
"updateServer": "https://etherpad.org/ep_infos",
/*
* Should we suppress errors from being visible in the default Pad Text?
*/
"suppressErrorsInPadText": true,
/*
* If this option is enabled, a user must have a session to access pads.
* This effectively allows only group pads to be accessed.
*/
"requireSession": true,
/*
* Users may edit pads but not create new ones.
*
* Pad creation is only via the API.
* This applies both to group pads and regular pads.
*/
"editOnly": true,
/*
* If true, all css & js will be minified before sending to the client.
*
* This will improve the loading performance massively, but makes it difficult
* to debug the javascript/css
*/
"minify": true,
/*
* How long may clients use served javascript code (in seconds)?
*
* Not setting this may cause problems during deployment.
* Set to 0 to disable caching.
*/
"maxAge": 21600, // 60 * 60 * 6 = 6 hours
/*
* Absolute path to the Abiword executable.
*
* Abiword is needed to get advanced import/export features of pads. Setting
* it to null disables Abiword and will only allow plain text and HTML
* import/exports.
*/
"abiword": null,
/*
* This is the absolute path to the soffice executable.
*
* LibreOffice can be used in lieu of Abiword to export pads.
* Setting it to null disables LibreOffice exporting.
*/
"soffice": "/etherpad-export.sh",
/*
* Allow import of file types other than the supported ones:
* txt, doc, docx, rtf, odt, html & htm
*/
"allowUnknownFileEnds": false,
/*
* This setting is used if you require authentication of all users.
*
* Note: "/admin" always requires authentication.
*/
"requireAuthentication": false,
/*
* Require authorization by a module, or a user with is_admin set, see below.
*/
"requireAuthorization": false,
/*
* When you use NGINX or another proxy/load-balancer set this to true.
*
* This is especially necessary when the reverse proxy performs SSL
* termination, otherwise the cookies will not have the "secure" flag.
*
* The other effect will be that the logs will contain the real client's IP,
* instead of the reverse proxy's IP.
*/
"trustProxy": true,
/*
* Settings controlling the session cookie issued by Etherpad.
*/
"cookie": {
/*
* How often (in milliseconds) the key used to sign the express_sid cookie
* should be rotated. Long rotation intervals reduce signature verification
* overhead (because there are fewer historical keys to check) and database
* load (fewer historical keys to store, and less frequent queries to
* get/update the keys). Short rotation intervals are slightly more secure.
*
* Multiple Etherpad processes sharing the same database (table) is
* supported as long as the clock sync error is significantly less than this
* value.
*
* Key rotation can be disabled (not recommended) by setting this to 0 or
* null, or by disabling session expiration (see sessionLifetime).
*/
"keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* Value of the SameSite cookie property. "Lax" is recommended unless
* Etherpad will be embedded in an iframe from another site, in which case
* this must be set to "None". Note: "None" will not work (the browser will
* not send the cookie to Etherpad) unless https is used to access Etherpad
* (either directly or via a reverse proxy with "trustProxy" set to true).
*
* "Strict" is not recommended because it has few security benefits but
* significant usability drawbacks vs. "Lax". See
* https://stackoverflow.com/q/41841880 for discussion.
*/
"sameSite": "None",
/*
* How long (in milliseconds) after navigating away from Etherpad before the
* user is required to log in again. (The express_sid cookie is set to
* expire at time now + sessionLifetime when first created, and its
* expiration time is periodically refreshed to a new now + sessionLifetime
* value.) If requireAuthentication is false then this value does not really
* matter.
*
* The "best" value depends on your users' usage patterns and the amount of
* convenience you desire. A long lifetime is more convenient (users won't
* have to log back in as often) but has some drawbacks:
* - It increases the amount of state kept in the database.
* - It might weaken security somewhat: The cookie expiration is refreshed
* indefinitely without consulting authentication or authorization
* hooks, so once a user has accessed a pad, the user can continue to
* use the pad until the user leaves for longer than sessionLifetime.
* - More historical keys (sessionLifetime / keyRotationInterval) must be
* checked when verifying signatures.
*
* Session lifetime can be set to infinity (not recommended) by setting this
* to null or 0. Note that if the session does not expire, most browsers
* will delete the cookie when the browser exits, but a session record is
* kept in the database forever.
*/
"sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
/*
* How long (in milliseconds) before the expiration time of an active user's
* session is refreshed (to now + sessionLifetime). This setting affects the
* following:
* - How often a new session expiration time will be written to the
* database.
* - How often each user's browser will ping the Etherpad server to
* refresh the expiration time of the session cookie.
*
* High values reduce the load on the database and the load from browsers,
* but can shorten the effective session lifetime if Etherpad is restarted
* or the user navigates away.
*
* Automatic session refreshes can be disabled (not recommended) by setting
* this to null.
*/
"sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
},
/*
* Privacy: disable IP logging
*/
"disableIPlogging": true,
/*
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
* message is shown to user.
*
* Set to 0 to disable automatic reconnection.
*/
"automaticReconnectionTimeout": 0,
/*
* By default, when caret is moved out of viewport, it scrolls the minimum
* height needed to make this line visible.
*/
"scrollWhenFocusLineIsOutOfViewport": {
/*
* Percentage of viewport height to be additionally scrolled.
*
* E.g.: use "percentage.editionAboveViewport": 0.5, to place caret line in
* the middle of viewport, when user edits a line above of the
* viewport
*
* Set to 0 to disable extra scrolling
*/
"percentage": {
"editionAboveViewport": 0,
"editionBelowViewport": 0
},
/*
* Time (in milliseconds) used to animate the scroll transition.
* Set to 0 to disable animation
*/
"duration": 0,
/*
* Flag to control if it should scroll when user places the caret in the
* last line of the viewport
*/
"scrollWhenCaretIsInTheLastLineOfViewport": false,
/*
* Percentage of viewport height to be additionally scrolled when user
* presses arrow up in the line of the top of the viewport.
*
* Set to 0 to let the scroll to be handled as default by Etherpad
*/
"percentageToScrollWhenUserPressesArrowUp": 0
},
/*
* User accounts. These accounts are used by:
* - default HTTP basic authentication if no plugin handles authentication
* - some but not all authentication plugins
* - some but not all authorization plugins
*
* User properties:
* - password: The user's password. Some authentication plugins will ignore
* this.
* - is_admin: true gives access to /admin. Defaults to false. If you do not
* uncomment this, /admin will not be available!
* - readOnly: If true, this user will not be able to create new pads or
* modify existing pads. Defaults to false.
* - canCreate: If this is true and readOnly is false, this user can create
* new pads. Defaults to true.
*
* Authentication and authorization plugins may define additional properties.
*
* WARNING: passwords should not be stored in plaintext in this file.
* If you want to mitigate this, please install ep_hash_auth and
* follow the section "secure your installation" in README.md
*/
/*
"users": {
"admin": {
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "changeme1",
"is_admin": true
},
"user": {
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
// 2) please note that if password is null, the user will not be created
"password": "changeme1",
"is_admin": false
}
},
*/
/*
* Restrict socket.io transport methods
*/
"socketTransportProtocols" : ["websocket", "polling"],
"socketIo": {
/*
* Maximum permitted client message size (in bytes). All messages from
* clients that are larger than this will be rejected. Large values make it
* possible to paste large amounts of text, and plugins may require a larger
* value to work properly, but increasing the value increases susceptibility
* to denial of service attacks (malicious clients can exhaust memory).
*/
"maxHttpBufferSize": 50000
},
/*
* Allow Load Testing tools to hit the Etherpad Instance.
*
* WARNING: this will disable security on the instance.
*/
"loadTest": false,
/**
* Disable dump of objects preventing a clean exit
*/
"dumpOnUncleanExit": false,
/*
* Disable indentation on new line when previous line ends with some special
* chars (':', '[', '(', '{')
*/
/*
"indentationOnNewLine": false,
*/
"ep_pad_ttl": {
"ttl": 86400, // 24 hours
"timeout": 30,
"interval": 21600 // 6 hours
},
/*
* Redis publisher plugin configuration.
* npm i git+https://git@github.com/mconf/ep_redis_publisher.git
*/
"ep_redis_publisher": {
"host": "redis",
"port": 6379
},
/*
* From Etherpad 1.8.3 onwards, import and export of pads is always rate
* limited.
*
* The default is to allow at most 10 requests per IP in a 90 seconds window.
* After that the import/export request is rejected.
*
* See https://github.com/nfriedly/express-rate-limit for more options
*/
"importExportRateLimiting": {
// duration of the rate limit window (milliseconds)
"windowMs": 90000,
// maximum number of requests per IP to allow during the rate limit window
"max": 32
},
/*
* From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
* file is always bounded.
*
* File size is specified in bytes. Default is 50 MB.
*/
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
/*
The authentication method used by the server.
The default value is sso
If you want to use the old authentication system, change this to apikey
*/
"authenticationMethod": "apikey",
/*
* From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
*
* The default is to allow at most 10 changes per IP in a 1 second window.
* After that the change is rejected.
*
* See https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#websocket-single-connection-prevent-flooding for more options
*/
"commitRateLimiting": {
// duration of the rate limit window (seconds)
"duration": 1,
// maximum number of changes per IP to allow during the rate limit window
"points": 100
},
/*
* Toolbar buttons configuration.
*
* Uncomment to customize.
*/
"toolbar": {
"left": [
["bold", "italic", "underline", "strikethrough"],
["orderedlist", "unorderedlist", "undo", "redo"],
["importexport"]
],
"right": [[]]
},
/*
* Expose Etherpad version in the web interface and in the Server http header.
*
* Do not enable on production machines.
*/
"exposeVersion": false,
/*
* The log level we are using.
*
* Valid values: DEBUG, INFO, WARN, ERROR
*/
"loglevel": "INFO",
/*
* The log layout type to use.
*
* Valid values: basic, colored
*/
"logLayoutType": "colored",
/* Override any strings found in locale directories */
"customLocaleStrings": {
"de": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export zu verschiedenen Dateiformaten"
},
"en-gb": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export to different file formats"
},
"en": {
"pad.importExport.import_export": "Export",
"pad.toolbar.import_export.title": "Export to different file formats"
},
"es": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar a diferentes formatos de archivos"
},
"fr": {
"pad.importExport.import_export": "Exporter",
"pad.toolbar.import_export.title": "Exporter vers un format de fichier différent"
},
"it": {
"pad.importExport.import_export": "Esportazione",
"pad.toolbar.import_export.title": "Esporta a diversi formati di file"
},
"pt-br": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar para diferentes formatos de arquivo"
},
"pt": {
"pad.importExport.import_export": "Exportar",
"pad.toolbar.import_export.title": "Exportar para diferentes formatos de ficheiro"
}
},
/* Disable Admin UI tests */
"enableAdminUITests": false,
/*
* Enable/Disable case-insensitive pad names.
*/
"lowerCasePadIds": false
}

71
opt/02-core/bigbluebutton/mod/freeswitch/Dockerfile Normal file
View file

@ -0,0 +1,71 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=freeswitch / /build/freeswitch
# install most recent git version for proper sparse-checkout support
# https://stackoverflow.com/questions/72223738/failed-to-initialize-sparse-checkout
RUN echo 'deb https://ppa.launchpadcontent.net/git-core/ppa/ubuntu focal main' > /etc/apt/sources.list.d/git-core-ppa.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A1715D88E1DF1F24 && \
apt-get update && \
apt-get install -y git
# get build files for bbb-freeswitch (build/packages-template/bbb-freeswitch-core/)
COPY --from=build-files / /build/
# mock files expected by build.sh
RUN mkdir -p /build/bbb-voice-conference/config/freeswitch/conf/ && \
touch \
/build/opts-build.sh \
/build/freeswitch.service.build \
/build/bbb-voice-conference/config/freeswitch/conf/a \
&& \
echo "" > /usr/local/bin/fpm
# build freeswitch
RUN cd /build && ./build.sh
# add english sounds
RUN mkdir -p /build/staging/opt/freeswitch/share/freeswitch && \
wget https://ubuntu.bigbluebutton.org/sounds.tar.gz -O sounds.tar.gz && \
tar xvfz sounds.tar.gz -C /build/staging/opt/freeswitch/share/freeswitch && \
wget https://gitlab.senfcall.de/senfcall-public/mute-and-unmute-sounds/-/archive/master/mute-and-unmute-sounds-master.zip && \
unzip mute-and-unmute-sounds-master.zip && \
cd mute-and-unmute-sounds-master/sounds && \
find . -name "*.wav" -exec /bin/bash -c "sox -v 0.3 {} /tmp/tmp.wav; cp /tmp/tmp.wav /build/staging/opt/freeswitch/share/freeswitch/sounds/en/us/callie/conference/{}" \;
# add bigblugbutton config
ARG TAG_FS_CONFIG
COPY --from=fs-config / /build/staging/opt/freeswitch/etc/freeswitch/
# ===============================================
# we are using ubuntu here, because libjpeg8 is required, but not available in debian
FROM ubuntu:22.04
RUN apt-get update && \
apt-get install -y \
xmlstarlet wget iptables curl \
libfreetype6 libcurl4 libspeex1 libspeexdsp1 libopus0 libsndfile1 libopusfile0 liblua5.2-0 libjbig0 libldns3 libedit2 libtiff5 libpng16-16 libsqlite3-0 \
&& \
# install libopusenc0
wget -O /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb https://launchpad.net/~bigbluebutton/+archive/ubuntu/support/+files/libopusenc0_0.2.1-1bbb2_amd64.deb \
&& dpkg -i /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb \
&& rm /tmp/libopusenc0_0.2.1-1bbb2_amd64.deb
# add dockerize
COPY --from=alangecker/bbb-docker-base-java /usr/local/bin/dockerize /usr/local/bin/dockerize
# copy over built freeswitch & config
COPY --from=builder /build/staging/opt /opt
COPY --from=builder /build/staging/etc /etc
RUN ldconfig && \
ln -s /opt/freeswitch/conf /etc/freeswitch && \
groupadd freeswitch && \
useradd --home-dir /opt/freeswitch --shell /usr/sbin/nologin -g freeswitch freeswitch
COPY ./entrypoint.sh /entrypoint.sh
COPY ./conf /etc/freeswitch/
ENTRYPOINT /entrypoint.sh

285
opt/02-core/bigbluebutton/mod/freeswitch/conf/autoload_configs/conference.conf.xml.tmpl Normal file
View file

@ -0,0 +1,285 @@
<!-- http://wiki.freeswitch.org/wiki/Mod_conference -->
<!-- None of these paths are real if you want any of these options you need to really set them up -->
<configuration name="conference.conf" description="Audio Conference">
<!-- Advertise certain presence on startup . -->
<advertise>
<room name="3001@$${domain}" status="FreeSWITCH"/>
</advertise>
<!-- These are the default keys that map when you do not specify a caller control group -->
<!-- Note: none and default are reserved names for group names. Disabled if dist-dtmf member flag is set. -->
<caller-controls>
<group name="default">
<control action="mute" digits="0"/>
<control action="deaf mute" digits="*"/>
<control action="energy up" digits="9"/>
<control action="energy equ" digits="8"/>
<control action="energy dn" digits="7"/>
<control action="vol talk up" digits="3"/>
<control action="vol talk zero" digits="2"/>
<control action="vol talk dn" digits="1"/>
<control action="vol listen up" digits="6"/>
<control action="vol listen zero" digits="5"/>
<control action="vol listen dn" digits="4"/>
<!--control action="hangup" digits="#"/ -->
</group>
</caller-controls>
<!-- Profiles are collections of settings you can reference by name. -->
<profiles>
<!--If no profile is specified it will default to "default"-->
<profile name="default">
<!-- Directory to drop CDR's
'auto' means $PREFIX/logs/conference_cdr/<confernece_uuid>.cdr.xml
a non-absolute path means $PREFIX/logs/<value>/<confernece_uuid>.cdr.xml
absolute path means <value>/<confernece_uuid>.cdr.xml
-->
<!-- <param name="cdr-log-dir" value="auto"/> -->
<!-- Domain (for presence) -->
<param name="domain" value="$${domain}"/>
<!-- Sample Rate-->
<param name="rate" value="48000"/>
<!-- Number of milliseconds per frame -->
<param name="interval" value="20"/>
<!-- Energy level required for audio to be sent to the other users -->
<param name="energy-level" value="100"/>
<!--Can be | delim of waste|mute|deaf|dist-dtmf waste will always transmit data to each channel
even during silence. dist-dtmf propagates dtmfs to all other members, but channel controls
via dtmf will be disabled. -->
<!-- <param name="member-flags" value="waste"/> -->
<!-- Name of the caller control group to use for this profile -->
<!-- <param name="caller-controls" value="some name"/> -->
<!-- Name of the caller control group to use for the moderator in this profile -->
<!-- <param name="moderator-controls" value="some name"/> -->
<!-- TTS Engine to use -->
<!-- <param name="tts-engine" value="cepstral"/> -->
<!-- TTS Voice to use -->
<!-- <param name="tts-voice" value="david"/> -->
<!-- If TTS is enabled all audio-file params beginning with -->
<!-- 'say:' will be considered text to say with TTS -->
<!-- Override the default path here, after which you use relative paths in the other sound params -->
<!-- Note: The default path is the conference's first caller's sound_prefix -->
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<!-- File to play to acknowledge succees -->
<!-- <param name="ack-sound" value="beep.wav"/> -->
<!-- File to play to acknowledge failure -->
<!-- <param name="nack-sound" value="beeperr.wav"/> -->
<!-- File to play to acknowledge muted -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<!-- File to play to acknowledge unmuted -->
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<!-- File to play if you are alone in the conference -->
<param name="alone-sound" value="conference/conf-alone.wav"/>
<!-- File to play endlessly (nobody will ever be able to talk) -->
<!-- <param name="perpetual-sound" value="perpetual.wav"/> -->
<!-- File to play when you're alone (music on hold)-->
<param name="moh-sound" value="$${hold_music}"/>
<!-- File to play when you join the conference -->
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<!-- File to play when you leave the conference -->
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<!-- File to play when you are ejected from the conference -->
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<!-- File to play when the conference is locked -->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<!-- File to play when the conference is locked during the call-->
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<!-- File to play when the conference is unlocked during the call-->
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<!-- File to play to prompt for a pin -->
<param name="pin-sound" value="conference/conf-pin.wav"/>
<!-- File to play to when the pin is invalid -->
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<!-- Conference pin -->
<!-- <param name="pin" value="12345"/> -->
<!-- <param name="moderator-pin" value="54321"/> -->
<!-- Max number of times the user can be prompted for PIN -->
<!-- <param name="pin-retries" value="3"/> -->
<!-- Default Caller ID Name for outbound calls -->
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<!-- Default Caller ID Number for outbound calls -->
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- Suppress start and stop talking events -->
<!-- <param name="suppress-events" value="start-talking,stop-talking"/> -->
<!-- enable comfort noise generation -->
<param name="comfort-noise" value="true"/>
<!-- Uncomment auto-record to toggle recording every conference call. -->
<!-- Another valid value is shout://user:pass@server.com/live.mp3 -->
<!--
<param name="auto-record" value="$${recordings_dir}/${conference_name}_${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
-->
<!-- IVR digit machine timeouts -->
<!-- How much to wait between DTMF digits to match caller-controls -->
<!-- <param name="ivr-dtmf-timeout" value="500"/> -->
<!-- How much to wait for the first DTMF, 0 forever -->
<!-- <param name="ivr-input-timeout" value="0" /> -->
<!-- Delay before a conference is asked to be terminated -->
<!-- <param name="endconf-grace-time" value="120" /> -->
<!-- Can be | delim of wait-mod|audio-always|video-bridge|video-floor-only
wait_mod will wait until the moderator in,
audio-always will always mix audio from all members regardless they are talking or not -->
<!-- <param name="conference-flags" value="audio-always"/> -->
<!-- Allow live array sync for Verto -->
<!-- <param name="conference-flags" value="livearray-sync"/> -->
</profile>
<profile name="wideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="ultrawideband">
<param name="domain" value="$${domain}"/>
<param name="rate" value="32000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="true"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|transcode-video|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1280x720"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
<!-- <param name="video-auto-floor-msec" value="100"/> -->
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
</profile>
<profile name="cdquality">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="sound-prefix" value="$${sounds_dir}/en/us/callie"/> -->
{{if not (isTrue .Env.DISABLE_SOUND_MUTED) }}
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
{{end}}
{{if not (isTrue .Env.DISABLE_SOUND_ALONE) }}
<param name="alone-sound" value="conference/conf-alone.wav"/>
{{end}}
<!--
<param name="moh-sound" value="$${hold_music}"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
-->
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<!-- param name="comfort-noise" value="true"/ -->
<param name="comfort-noise" value="1400"/>
<param name="video-auto-floor-msec" value="2000"/>
<!-- <param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|auto-3d-position|minimize-video-encoding"/> -->
<!-- <param name="video-mode" value="mux"/> -->
<!-- <param name="video-layout-name" value="3x3"/> -->
<!-- <param name="video-layout-name" value="group:grid"/> -->
<!-- <param name="video-canvas-size" value="1920x1080"/> -->
<!-- <param name="video-canvas-bgcolor" value="#333333"/> -->
<!-- <param name="video-layout-bgcolor" value="#000000"/> -->
<!-- <param name="video-codec-bandwidth" value="2mb"/> -->
<!-- <param name="video-fps" value="15"/> -->
</profile>
<profile name="video-mcu-stereo">
<param name="domain" value="$${domain}"/>
<param name="rate" value="48000"/>
<param name="channels" value="2"/>
<param name="interval" value="20"/>
<param name="energy-level" value="100"/>
<!-- <param name="tts-engine" value="flite"/> -->
<!-- <param name="tts-voice" value="kal16"/> -->
<param name="muted-sound" value="conference/conf-muted.wav"/>
<param name="unmuted-sound" value="conference/conf-unmuted.wav"/>
<param name="alone-sound" value="conference/conf-alone.wav"/>
<param name="moh-sound" value="local_stream://stereo"/>
<param name="enter-sound" value="tone_stream://%(200,0,500,600,700)"/>
<param name="exit-sound" value="tone_stream://%(500,0,300,200,100,50,25)"/>
<param name="kicked-sound" value="conference/conf-kicked.wav"/>
<param name="locked-sound" value="conference/conf-locked.wav"/>
<param name="is-locked-sound" value="conference/conf-is-locked.wav"/>
<param name="is-unlocked-sound" value="conference/conf-is-unlocked.wav"/>
<param name="pin-sound" value="conference/conf-pin.wav"/>
<param name="bad-pin-sound" value="conference/conf-bad-pin.wav"/>
<param name="caller-id-name" value="$${outbound_caller_name}"/>
<param name="caller-id-number" value="$${outbound_caller_id}"/>
<param name="comfort-noise" value="false"/>
<param name="conference-flags" value="video-floor-only|rfc-4579|livearray-sync|minimize-video-encoding"/>
<param name="video-mode" value="mux"/>
<param name="video-layout-name" value="3x3"/>
<param name="video-layout-name" value="group:grid"/>
<param name="video-canvas-size" value="1920x1080"/>
<param name="video-canvas-bgcolor" value="#333333"/>
<param name="video-layout-bgcolor" value="#000000"/>
<param name="video-codec-bandwidth" value="1mb"/>
<param name="video-fps" value="15"/>
</profile>
<profile name="sla">
<param name="domain" value="$${domain}"/>
<param name="rate" value="16000"/>
<param name="interval" value="20"/>
<param name="caller-controls" value="none"/>
<param name="energy-level" value="200"/>
<param name="moh-sound" value="silence"/>
<param name="comfort-noise" value="true"/>
</profile>
</profiles>
</configuration>

10
opt/02-core/bigbluebutton/mod/freeswitch/conf/autoload_configs/event_socket.conf.xml Normal file
View file

@ -0,0 +1,10 @@
<configuration name="event_socket.conf" description="Socket Client">
<settings>
<param name="nat-map" value="false"/>
<param name="listen-ip" value="$${local_ip_v4}"/>
<param name="listen-port" value="8021"/>
<param name="password" value="$${esl_password}"/>
<param name="apply-inbound-acl" value="rfc1918.auto"/>
<!--<param name="stop-on-bind-error" value="true"/>-->
</settings>
</configuration>

32
opt/02-core/bigbluebutton/mod/freeswitch/conf/autoload_configs/modules.conf.xml Normal file
View file

@ -0,0 +1,32 @@
<configuration name="modules.conf" description="Modules">
<modules>
<!-- Loggers (I'd load these first) -->
<load module="mod_console"/>
<!-- <load module="mod_logfile"/> -->
<!-- Event Handlers -->
<load module="mod_event_socket"/>
<!-- Endpoints -->
<load module="mod_sofia"/>
<!-- Applications -->
<load module="mod_commands"/>
<load module="mod_conference"/>
<load module="mod_dptools"/>
<load module="mod_audio_fork"/>
<!-- Dialplan Interfaces -->
<load module="mod_dialplan_xml"/>
<!-- Codec Interfaces -->
<load module="mod_spandsp"/>
<load module="mod_opus"/>
<load module="mod_opusfile"/>
<!-- File Format Interfaces -->
<load module="mod_sndfile"/>
<load module="mod_native_file"/>
</modules>
</configuration>

31
opt/02-core/bigbluebutton/mod/freeswitch/conf/dialplan/public/dialin.xml Normal file
View file

@ -0,0 +1,31 @@
<include>
<extension name="from_my_provider">
<!-- match only calls from dial-in which haven't got transfered yet -->
<condition field="destination_number" expression="^(?!SEND_TO_CONFERENCE).*$"/>
<condition field="${sofia_profile_name}" expression="^external-dialin$">
<action application="start_dtmf" />
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="set_profile_var" data="caller_id_name=${regex(${caller_id_name}|^.*(.{4})$|xxx-xxx-%1)}"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
<extension name="check_if_conference_active">
<condition field="${conference ${pin} list}" expression="/sofia/g" />
<condition field="destination_number" expression="^SEND_TO_CONFERENCE$">
<action application="set" data="bbb_authorized=true"/>
<action application="transfer" data="${pin} XML default"/>
</condition>
</extension>
<extension name="conf_bad_pin">
<condition field="${pin}" expression="^\d{5}$">
<action application="answer"/>
<action application="sleep" data="1000"/>
<action application="play_and_get_digits" data="9 9 3 30000 # conference/conf-bad-pin.wav ivr/ivr-that_was_an_invalid_entry.wav pin \d+"/>
<action application="transfer" data="SEND_TO_CONFERENCE XML public"/>
</condition>
</extension>
</include>

86
opt/02-core/bigbluebutton/mod/freeswitch/conf/sip_profiles/external-dialin.xml Normal file
View file

@ -0,0 +1,86 @@
<profile name="external-dialin">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external-dialin/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="1"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="5060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge browser -->
<param name="apply-candidate-acl" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external_dialin?mode=memory&amp;cache=shared"/>
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${external_ip_v4}"/>
<param name="ext-sip-ip" value="$${external_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

115
opt/02-core/bigbluebutton/mod/freeswitch/conf/sip_profiles/external.xml Normal file
View file

@ -0,0 +1,115 @@
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<!--
SIP port is not rquired, since we are using WS for the
internal connection and a seperate profile (external-dialin-xml)
for SIP dial in
-->
<param name="sip-port" value="15060"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- Added for Microsoft Edge browser -->
<param name="apply-candidate-acl" value="localnet.auto"/>
<param name="apply-candidate-acl" value="wan_v4.auto"/>
<param name="apply-candidate-acl" value="rfc1918.auto"/>
<param name="apply-candidate-acl" value="any_v4.auto"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<param name="dbname" value="sqlite://memory://file:external?mode=memory&amp;cache=shared"/>
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="auto-nat"/>
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="ext-sip-ip" value="$${local_ip_v4}"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<param name="enable-3pcc" value="proxy"/>
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>

453
opt/02-core/bigbluebutton/mod/freeswitch/conf/vars.xml.tmpl Normal file
View file

@ -0,0 +1,453 @@
<include>
<!-- Preprocessor Variables
These are introduced when configuration strings must be consistent across modules.
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
toll fraud in the future. It's your responsibility to secure your own system.
This default config is used to demonstrate the feature set of FreeSWITCH.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-->
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
<!-- Did you change it yet? -->
<!--
The following variables are set dynamically - calculated if possible by freeswitch - and
are available to the config as $${variable}. You can see their calculated value via fs_cli
by entering eval $${variable}
hostname
local_ip_v4
local_mask_v4
local_ip_v6
switch_serial
base_dir
recordings_dir
sound_prefix
sounds_dir
conf_dir
log_dir
run_dir
db_dir
mod_dir
htdocs_dir
script_dir
temp_dir
grammar_dir
certs_dir
storage_dir
cache_dir
core_uuid
zrtp_enabled
nat_public_addr
nat_private_addr
nat_type
-->
<X-PRE-PROCESS cmd="set" data="sound_prefix={{ .Env.SOUNDS_PATH }}"/>
<X-PRE-PROCESS cmd="set" data="esl_password={{ .Env.ESL_PASSWORD }}"/>
<!--
This setting is what sets the default domain FreeSWITCH will use if all else fails.
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
-->
<X-PRE-PROCESS cmd="set" data="local_ip_v4=10.7.7.10"/>
<X-PRE-PROCESS cmd="set" data="external_ip_v4={{ .Env.EXTERNAL_IPv4 }}"/>
<X-PRE-PROCESS cmd="set" data="domain={{ .Env.DOMAIN }}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=external"/>
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
<!--
Enable ZRTP globally you can override this on a per channel basis
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
-->
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
<!--
NOTICE: When using SRTP it's critical that you do not offer or accept
variable bit rate codecs, doing so would leak information and possibly
compromise your SRTP stream. (FS-6404)
Supported SRTP Crypto Suites:
AEAD_AES_256_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
[RFC5116]), except that the tag length, t, is 8, and an
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AEAD_AES_128_GCM_8
____________________________________________________________________________
This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
[RFC5116]), except that the tag length, t, is 8, and an
authentication tag with a length of 8 octets (64 bits) is used.
An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
corresponding plaintext.
AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
____________________________________________________________________________
AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
and HMAC-SHA1 message authentication with an 80-bit authentication
tag. The master-key length is 128 bits and has a default lifetime of
a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
first.
AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
____________________________________________________________________________
This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
the authentication tag is 32 bits. The length of the base64-decoded key and
salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
the crypto attribute is considered invalid.
AES_CM_128_NULL_AUTH
____________________________________________________________________________
The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
method. This policy is NOT RECOMMENDED unless it is unavoidable; see
Section 7.5 of [RFC3711].
SRTP variables that modify behaviors based on direction/leg:
rtp_secure_media
____________________________________________________________________________
possible values:
mandatory - Accept/Offer SAVP negotiation ONLY
optional - Accept/Offer SAVP/AVP with SAVP preferred
forbidden - More useful for inbound to deny SAVP negotiation
false - implies forbidden
true - implies mandatory
default if not set is accept SAVP inbound if offered.
rtp_secure_media_inbound | rtp_secure_media_outbound
____________________________________________________________________________
This is the same as rtp_secure_media, but would apply to either inbound
or outbound offers specifically.
How to specify crypto suites:
____________________________________________________________________________
By default without specifying any crypto suites FreeSWITCH will offer
crypto suites from strongest to weakest accepting the strongest each
endpoint has in common. If you wish to force specific crypto suites you
can do so by appending the suites in a comma separated list in the order
that you wish to offer them in.
Examples:
rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
Additionally you can narrow this down on either inbound or outbound by
specifying as so:
rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
rtp_secure_media_suites
____________________________________________________________________________
Optionally you can use rtp_secure_media_suites to dictate the suite list
and only use rtp_secure_media=[optional|mandatory|false|true] without having
to dictate the suite list with the rtp_secure_media* variables.
-->
<!--
Examples of codec options: (module must be compiled and loaded)
codecname[@8000h|16000h|32000h[@XXi]]
XX is the frame size must be multiples allowed for the codec
FreeSWITCH can support 10-120ms on some codecs.
We do not support exceeding the MTU of the RTP packet.
iLBC@30i - iLBC using mode=30 which will win in all cases.
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
speex@8000h@20i - Speex 8kHz using 20ms ptime.
speex@16000h@20i - Speex 16kHz using 20ms ptime.
speex@32000h@20i - Speex 32kHz using 20ms ptime.
BV16 - BroadVoice 16kb/s narrowband, 8kHz
BV32 - BroadVoice 32kb/s wideband, 16kHz
G7221@16000h - G722.1 16kHz (aka Siren 7)
G7221@32000h - G722.1C 32kHz (aka Siren 14)
CELT@32000h - CELT 32kHz, only 10ms supported
CELT@48000h - CELT 48kHz, only 10ms supported
GSM@40i - GSM 8kHz using 40ms ptime. (GSM is done in multiples of 20, Default is 20ms)
G722 - G722 16kHz using default 20ms ptime. (multiples of 10)
PCMU - G711 8kHz ulaw using default 20ms ptime. (multiples of 10)
PCMA - G711 8kHz alaw using default 20ms ptime. (multiples of 10)
G726-16 - G726 16kbit adpcm using default 20ms ptime. (multiples of 10)
G726-24 - G726 24kbit adpcm using default 20ms ptime. (multiples of 10)
G726-32 - G726 32kbit adpcm using default 20ms ptime. (multiples of 10)
G726-40 - G726 40kbit adpcm using default 20ms ptime. (multiples of 10)
AAL2-G726-16 - Same as G726-16 but using AAL2 packing. (multiples of 10)
AAL2-G726-24 - Same as G726-24 but using AAL2 packing. (multiples of 10)
AAL2-G726-32 - Same as G726-32 but using AAL2 packing. (multiples of 10)
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
These are the passthru audio codecs:
G729 - G729 in passthru mode. (mod_g729)
G723 - G723.1 in passthru mode. (mod_g723_1)
AMR - AMR in passthru mode. (mod_amr)
These are the passthru video codecs: (mod_h26x)
H261 - H.261 Video
H263 - H.263 Video
H263-1998 - H.263-1998 Video
H263-2000 - H.263-2000 Video
H264 - H.264 Video
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
96 - AMR
97 - iLBC (30)
98 - iLBC (20)
99 - Speex 8kHz, 16kHz, 32kHz
100 -
101 - telephone-event
102 -
103 -
104 -
105 -
106 - BV16
107 - G722.1 (16kHz)
108 -
109 -
110 -
111 -
112 -
113 -
114 - CELT 32kHz, 48kHz
115 - G722.1C (32kHz)
116 -
117 - SILK 8kHz
118 - SILK 12kHz
119 - SILK 16kHz
120 - SILK 24kHz
121 - AAL2-G726-40 && G726-40
122 - AAL2-G726-32 && G726-32
123 - AAL2-G726-24 && G726-24
124 - AAL2-G726-16 && G726-16
125 -
126 -
127 - BV32
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G722,PCMU,PCMA"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,speex@16000h@20i,G722,PCMU,PCMA"/>
<!--
xmpp_client_profile and xmpp_server_profile
xmpp_client_profile can be any string.
xmpp_server_profile is appended to "dingaling_" to form the database name
containing the "subscriptions" table.
used by: dingaling.conf.xml enum.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/>
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
<!--
THIS IS ONLY USED FOR DINGALING
bind_server_ip
Can be an ip address, a dns name, or "auto".
This determines an ip address available on this host to bind.
If you are separating RTP and SIP traffic, you will want to have
use different addresses where this variable appears.
Used by: dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
If you're going to load test FreeSWITCH please input real IP addresses
for external_rtp_ip and external_sip_ip
-->
<!-- external_rtp_ip
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.l.google.com:19302"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.l.google.com:19302"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.
-->
<X-PRE-PROCESS cmd="set" data="unroll_loops=true"/>
<!-- outbound_caller_id and outbound_caller_name
The caller ID telephone number we should use when calling out.
Used by: conference.conf.xml and user directory for default
outbound callerid name and number.
-->
<X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
<X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/>
<!-- various debug and defaults -->
<X-PRE-PROCESS cmd="set" data="call_debug=false"/>
<X-PRE-PROCESS cmd="set" data="console_loglevel=info"/>
<X-PRE-PROCESS cmd="set" data="default_areacode=918"/>
<X-PRE-PROCESS cmd="set" data="default_country=US"/>
<!-- if false or undefined, the destination number is included in presence NOTIFY dm:note.
if true, the destination number is not included -->
<X-PRE-PROCESS cmd="set" data="presence_privacy=false"/>
<X-PRE-PROCESS cmd="set" data="au-ring=%(400,200,383,417);%(400,2000,383,417)"/>
<X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/>
<X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/>
<X-PRE-PROCESS cmd="set" data="es-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/>
<X-PRE-PROCESS cmd="set" data="hk-ring=%(400,200,440,480);%(400,3000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/>
<X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/>
<X-PRE-PROCESS cmd="set" data="in-ring=%(400,200,425,375);%(400,2000,425,375)"/>
<X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/>
<X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/>
<X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/>
<X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/>
<X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/>
<X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="uk-ring=%(400,200,400,450);%(400,2000,400,450)"/>
<X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="bong-ring=v=-7;%(100,0,941.0,1477.0);v=-7;>=2;+=.1;%(1400,0,350,440)"/>
<X-PRE-PROCESS cmd="set" data="beep=%(1000,0,640)"/>
<X-PRE-PROCESS cmd="set" data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/>
<!--
Digits Dialed filter: (FS-6940)
The digits stream may contain valid credit card numbers or social security numbers, These digit
filters will allow you to make a valant effort to stamp out sensitive information for
PCI/HIPPA compliance. (see xml_cdr dialed_digits)
df_us_ssn = US Social Security Number pattern
df_us_luhn = Visa, MasterCard, American Express, Diners Club, Discover and JCB
-->
<X-PRE-PROCESS cmd="set" data="df_us_ssn=(?!219099999|078051120)(?!666|000|9\d{2})\d{3}(?!00)\d{2}(?!0{4})\d{4}"/>
<X-PRE-PROCESS cmd="set" data="df_luhn=?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11}"/>
<!-- change XX to X below to enable -->
<XX-PRE-PROCESS cmd="set" data="digits_dialed_filter=(($${df_luhn})|($${df_us_ssn}))"/>
<!--
Setting up your default sip provider is easy.
Below are some values that should work in most cases.
These are for conf/directory/default/example.com.xml
-->
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
<X-PRE-PROCESS cmd="set" data="default_provider_username=joeuser"/>
<X-PRE-PROCESS cmd="set" data="default_provider_password=password"/>
<X-PRE-PROCESS cmd="set" data="default_provider_from_domain=example.com"/>
<!-- true or false -->
<X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
<X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
<!--
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
default: tlsv1,tlsv1.1,tlsv1.2
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
<!--
TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
The actual ciphers supported will change per platform.
openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
Will show you what is available in your version of openssl.
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
<!-- Internal SIP Profile -->
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5090"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
<!-- External SIP Profile -->
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
<!-- Video Settings -->
<!-- Setting the max bandwidth -->
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=1mb"/>
<X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=1mb"/>
<!-- WebRTC Video -->
<!-- Suppress CNG for WebRTC Audio -->
<X-PRE-PROCESS cmd="set" data="suppress_cng=true"/>
<!-- Enable liberal DTMF for those that can't get it right -->
<X-PRE-PROCESS cmd="set" data="rtp_liberal_dtmf=true"/>
<!-- Helps with WebRTC Audio -->
<!-- Stock Video Avatars -->
<X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/>
<X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
</include>

72
opt/02-core/bigbluebutton/mod/freeswitch/entrypoint.sh Executable file
View file

@ -0,0 +1,72 @@
#!/bin/bash -e
# remove all SIP (port 5060) iptable rules
iptables -S INPUT | grep "\-\-dport 5060 " | cut -d " " -f 2- | xargs -rL1 iptables -D
# block requests to 5060 (tcp/udp)
iptables -A INPUT -p tcp --dport 5060 -s 0.0.0.0/0 -j REJECT
iptables -A INPUT -p udp --dport 5060 -s 0.0.0.0/0 -j REJECT
# allow some IPs
IFS=',' read -ra ADDR <<< "$SIP_IP_ALLOWLIST"
for IP in "${ADDR[@]}"; do
# process "$i"
echo "allow port 5060/udp for $IP"
iptables -I INPUT -p udp --dport 5060 -s $IP -j ACCEPT
done
mkdir -p /var/freeswitch/meetings
chown -R freeswitch:daemon /var/freeswitch/meetings
chmod 777 /var/freeswitch/meetings
chown -R freeswitch:daemon /opt/freeswitch/var
chown -R freeswitch:daemon /opt/freeswitch/etc
chmod -R g-rwx,o-rwx /opt/freeswitch/etc
# install freeswitch sounds if missing
SOUNDS_DIR=/opt/freeswitch/share/freeswitch/sounds
if [ "$SOUNDS_LANGUAGE" == "en-us-callie" ]; then
# default, is already installed
echo ""
elif [ "$SOUNDS_LANGUAGE" == "de-de-daedalus3" ]; then
if [ ! -d "$SOUNDS_DIR/de/de/daedalus3" ]; then
echo "sounds package for de-de-daedalus3 not installed yet"
wget -O /tmp/freeswitch-german-soundfiles.zip https://github.com/Daedalus3/freeswitch-german-soundfiles/archive/master.zip
mkdir -p $SOUNDS_DIR/de/de/daedalus3
unzip /tmp/freeswitch-german-soundfiles.zip -d /tmp/
mv /tmp/freeswitch-german-soundfiles-master $SOUNDS_DIR/de/de/daedalus3/conference
# symlink other folders
for folder in "digits" "ivr" "misc"; do
ln -s $SOUNDS_DIR/en/us/callie/$folder $SOUNDS_DIR/de/de/daedalus3/$folder
done
fi
else
if [ ! -f $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed ]; then
echo "sounds package for $SOUNDS_LANGUAGE not installed yet"
# get filename of latest release for this sound package
FILENAME=$(curl -s https://files.freeswitch.org/releases/sounds/ | grep -i $SOUNDS_LANGUAGE 2> /dev/null | awk -F'\"' '{print $8}' | grep -E '\-48000-.*\.gz$' | sort -V | tail -n 1)
if [ "$FILENAME" = "" ]; then
echo "Error: could not find sounds for language '$SOUNDS_LANGUAGE'"
echo "make sure to specify a value for SOUNDS_LANGUAGE which exists on https://files.freeswitch.org/releases/sounds/"
exit 1
fi
for bitrate in 8000 16000 32000 48000; do
URL=https://files.freeswitch.org/releases/sounds/$(echo $FILENAME | sed "s/48000/$bitrate/")
wget -O /tmp/sounds.tar.gz $URL
tar xvfz /tmp/sounds.tar.gz -C $SOUNDS_DIR
done
touch $SOUNDS_DIR/$SOUNDS_LANGUAGE.installed
fi
fi
export SOUNDS_PATH=$SOUNDS_DIR/$(echo "$SOUNDS_LANGUAGE" | sed 's|-|/|g')
dockerize \
-template /etc/freeswitch/vars.xml.tmpl:/etc/freeswitch/vars.xml \
-template /etc/freeswitch/autoload_configs/conference.conf.xml.tmpl:/etc/freeswitch/autoload_configs/conference.conf.xml \
/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -nonat -nf

30
opt/02-core/bigbluebutton/mod/fsesl-akka/Dockerfile Normal file
View file

@ -0,0 +1,30 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
COPY --from=src-common-message / /bbb-common-message
# build bbb-common-message
RUN cd /bbb-common-message && ./deploy.sh
# ===================================================
COPY --from=src-fsesl-client / /bbb-fsesl-client
RUN cd /bbb-fsesl-client && ./deploy.sh
COPY --from=src-fsesl-akka / /source
# compile and unzip bin
RUN cd /source \
&& sbt universal:packageBin
RUN unzip /source/target/universal/bbb-fsesl-akka-0.0.2.zip -d /
# # ===================================================
FROM alangecker/bbb-docker-base-java
COPY --from=builder /bbb-fsesl-akka-0.0.2 /bbb-fsesl-akka
COPY bbb-fsesl-akka.conf /etc/bigbluebutton/bbb-fsesl-akka.conf.tmpl
COPY logback.xml /bbb-fsesl-akka/conf/logback.xml
COPY entrypoint.sh /entrypoint.sh
USER bigbluebutton
ENTRYPOINT /entrypoint.sh

18
opt/02-core/bigbluebutton/mod/fsesl-akka/bbb-fsesl-akka.conf Normal file
View file

@ -0,0 +1,18 @@
// include default config from upstream
include "/bbb-fsesl-akka/conf/application.conf"
freeswitch {
esl {
host="freeswitch"
password="FSESL_PASSWORD"
}
}
redis {
host="redis"
}
http {
interface = "0.0.0.0"
}

9
opt/02-core/bigbluebutton/mod/fsesl-akka/entrypoint.sh Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh -e
TARGET=/etc/bigbluebutton/bbb-fsesl-akka.conf
cp /etc/bigbluebutton/bbb-fsesl-akka.conf.tmpl $TARGET
sed -i "s/FSESL_PASSWORD/$FSESL_PASSWORD/" $TARGET
cd /bbb-fsesl-akka
/bbb-fsesl-akka/bin/bbb-fsesl-akka

17
opt/02-core/bigbluebutton/mod/fsesl-akka/logback.xml Normal file
View file

@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<Pattern>%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX"} %-5level %logger{35} - %msg%n</Pattern>
</layout>
</appender>
<logger name="akka" level="INFO" />
<logger name="org.bigbluebutton" level="DEBUG" />
<logger name="org.freeswitch.esl" level="WARN" />
<logger name="io.lettuce" level="INFO" />
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>

4
opt/02-core/bigbluebutton/mod/haproxy/Dockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM ghcr.io/tomdess/docker-haproxy-certbot:2.8.10
# overwrite bootstrap.sh
COPY bootstrap.sh /bootstrap.sh

30
opt/02-core/bigbluebutton/mod/haproxy/bootstrap.sh Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e
# save container environment variables to use it
# in cron scripts
declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
# when used with an IP, we'll also disable certbot
if [[ "$CERT1" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
IGNORE_TLS_CERT_ERRORS=true
fi
if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
# use self signed certificate
if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
mkdir -p /etc/haproxy/certs
# generate self signed certificate
openssl req -x509 -nodes -days 700 -newkey rsa:2048 \
-keyout /tmp/domain.key -out /tmp/domain.crt \
-subj "/C=CA/ST=Quebec/L=Montreal/O=BigBlueButton Development/OU=bbb-docker/CN=10.7.7.1"
cat /tmp/domain.key /tmp/domain.crt | tee /etc/haproxy/certs/haproxy-10.7.7.1.pem >/dev/null
fi
else
# obtain certificates from lets encrypt
/certs.sh
fi
supervisord -c /etc/supervisord.conf -n

80
opt/02-core/bigbluebutton/mod/haproxy/haproxy.cfg Normal file
View file

@ -0,0 +1,80 @@
global
log stdout format raw local0 debug
maxconn 20480
############# IMPORTANT #################################
## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ##
## acme-http01-webroot.lua file ##
# chroot /jail ##
#########################################################
lua-load /etc/haproxy/acme-http01-webroot.lua
#
# SSL options
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 4096
# workaround for bug #14 (Cert renewal blocks HAProxy indefinitely with Websocket connections)
hard-stop-after 3s
# DNS runt-time resolution on backend hosts
resolvers docker
nameserver dns "127.0.0.11:53"
defaults
log global
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# option forwardfor
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# never fail on address resolution
default-server init-addr last,libc,none
frontend http
bind *:80,[::]:80
mode http
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
redirect scheme https code 301 if !{ ssl_fc }
frontend nginx_or_turn
bind *:443,:::443 ssl crt /etc/haproxy/certs/ ssl-min-ver TLSv1.2 alpn h2,http/1.1,stun.turn
mode tcp
option tcplog
tcp-request content capture req.payload(0,1) len 1
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+X}[capture.req.hdr(0)]"
tcp-request inspect-delay 30s
# We terminate SSL on haproxy. HTTP2 is a binary protocol. haproxy has to
# decide which protocol is spoken. This is negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
# If no ALPN value is set, the first byte is inspected and depending on the
# value traffic is sent to either port 81 or coturn.
use_backend nginx-http2 if { ssl_fc_alpn h2 }
use_backend nginx if { ssl_fc_alpn http/1.1 }
use_backend turn if { ssl_fc_alpn stun.turn }
use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
default_backend turn
backend turn
mode tcp
server localhost 10.7.7.1:3478 check
backend nginx
mode tcp
server localhost 10.7.7.1:48081 send-proxy check
backend nginx-http2
mode tcp
server localhost 10.7.7.1:48082 send-proxy check

52
opt/02-core/bigbluebutton/mod/haproxy/protocolmap Normal file
View file

@ -0,0 +1,52 @@
a nginx
b nginx
c nginx
d nginx
e nginx
f nginx
g nginx
h nginx
i nginx
j nginx
k nginx
l nginx
m nginx
n nginx
o nginx
p nginx
q nginx
r nginx
s nginx
t nginx
u nginx
v nginx
w nginx
x nginx
y nginx
z nginx
A nginx
B nginx
C nginx
D nginx
E nginx
F nginx
G nginx
H nginx
I nginx
J nginx
K nginx
L nginx
M nginx
N nginx
O nginx
P nginx
Q nginx
R nginx
S nginx
T nginx
U nginx
V nginx
W nginx
X nginx
Y nginx
Z nginx

13
opt/02-core/bigbluebutton/mod/html5-dev/Dockerfile Normal file
View file

@ -0,0 +1,13 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG
# use /tmp as home dir as writeable directory for whatever UID we get
ENV HOME /tmp
# allow all user to access .nvm in root
RUN chmod 755 /root
WORKDIR /app
COPY /entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

11
opt/02-core/bigbluebutton/mod/html5-dev/entrypoint.sh Executable file
View file

@ -0,0 +1,11 @@
set -e
# enable nvm
. /root/.nvm/nvm.sh
if [ -n "$1" ]; then
exec "$@"
else
npm install
npm start -- --host 0.0.0.0
fi

15
opt/02-core/bigbluebutton/mod/livekit/livekit.yaml Normal file
View file

@ -0,0 +1,15 @@
port: 7880
log_level: debug
# when enabled, LiveKit will expose prometheus metrics on :6789/metrics
#prometheus_port: 6789
rtc:
port_range_start: 16384
port_range_end: 32768
use_external_ip: false
redis:
# redis is recommended for production deploys
address: redis:6379
keys:
# TODO: change keys
TEST: TEST

49
opt/02-core/bigbluebutton/mod/nginx/Dockerfile Normal file
View file

@ -0,0 +1,49 @@
ARG BBB_BUILD_TAG
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-learning-dashboard
COPY --from=src-learning-dashboard / /bbb-learning-dashboard
RUN cd /bbb-learning-dashboard && npm ci && npm run build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-playback
COPY --from=src-playback / /bbb-playback
RUN cd /bbb-playback && npm install && npm run-script build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5
COPY --from=src-html5 / /source
RUN cd /source && CI=true npm ci
RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build-safari && npm run build
RUN cd /source/dist && \
HASH=$(ls | grep -Eo 'bundle\.[a-f0-9]{20}\.js' | head -n 1 | grep -Eo '[a-f0-9]{20}') && \
if [ -z "$HASH" ]; then \
echo "Bundle hash not found."; \
else \
for FILE in *.safari.js *.safari.js.map; do \
if [[ "$FILE" == *"$HASH"* ]]; then \
continue; \
fi; \
PREFIX="${FILE%%.safari.js*}"; \
SUFFIX="${FILE#*.safari.js}"; \
NEW_NAME="${PREFIX}.${HASH}.safari.js${SUFFIX}"; \
echo "Renaming $FILE → $NEW_NAME"; \
mv "$FILE" "$NEW_NAME"; \
done; \
fi
RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/stylesheets/fonts.css
# --------------------
FROM nginx:1.27-alpine
COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
COPY --from=builder-html5 /source/dist /usr/share/bigbluebutton/html5-client/
COPY ./bbb /etc/nginx/bbb
COPY ./bigbluebutton /etc/nginx/conf.d/default.conf
COPY ./bbb-graphql-client-settings-cache.conf /etc/nginx/conf.d/bbb-graphql-client-settings-cache.conf
COPY ./nginx.conf /etc/nginx/nginx.conf

1
opt/02-core/bigbluebutton/mod/nginx/bbb-graphql-client-settings-cache.conf Normal file
View file

@ -0,0 +1 @@
proxy_cache_path /tmp/hasura-client-settings-cache levels=1:2 keys_zone=client_settings_cache:64m inactive=2880m use_temp_path=off;

23
opt/02-core/bigbluebutton/mod/nginx/bbb-html5.dev.nginx Normal file
View file

@ -0,0 +1,23 @@
# serve locale index from prebuilt static files
location = /html5client/locales/ {
alias /usr/share/bigbluebutton/html5-client/locales/;
autoindex on;
autoindex_format json;
# Prevent browsers from caching
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires 0;
}
# running from source (npm start)
location /html5client/ {
rewrite /html5client/(.*) /$1 break;
gzip_static on;
proxy_pass http://10.7.7.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}

4
opt/02-core/bigbluebutton/mod/nginx/bbb/bbb-exporter.nginx Normal file
View file

@ -0,0 +1,4 @@
location /bbb-exporter {
proxy_pass http://10.7.7.33:9688;
proxy_http_version 1.1;
}

13
opt/02-core/bigbluebutton/mod/nginx/bbb/bbb-html5.nginx Normal file
View file

@ -0,0 +1,13 @@
# running in production (static assets)
location /html5client {
gzip_static on;
alias /usr/share/bigbluebutton/html5-client/;
index index.html;
try_files $uri $uri/ =404;
}
location /html5client/locales {
alias /usr/share/bigbluebutton/html5-client/locales;
autoindex on;
autoindex_format json;
}

26
opt/02-core/bigbluebutton/mod/nginx/bbb/demo.nginx Normal file
View file

@ -0,0 +1,26 @@
# Forward request to /demo to tomcat. This is for
# the BigBlueButton api demos.
location = /demo/ {
return 301 /demo/demo1.jsp;
}
location /demo {
proxy_pass http://host.docker.internal:8001;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}

39
opt/02-core/bigbluebutton/mod/nginx/bbb/graphql.nginx Normal file
View file

@ -0,0 +1,39 @@
# Websocket connection
location /graphql {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
#proxy_pass http://bbb-graphql-server:8085; #Hasura (it requires to change the location to /v1/graphql)
proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware
}
#Set cache system for client settings
location /api/rest/clientSettings {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_cache client_settings_cache;
proxy_cache_key "$uri|$meeting_id";
proxy_cache_use_stale updating;
proxy_cache_valid 24h;
proxy_cache_lock on;
add_header X-Cached $upstream_cache_status;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}
location /api/rest/userMetadata {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8185; #Hasura
}

4
opt/02-core/bigbluebutton/mod/nginx/bbb/learning-dashboard.nginx Normal file
View file

@ -0,0 +1,4 @@
location /learning-analytics-dashboard/ {
alias /www/learning-analytics-dashboard/;
autoindex off;
}

11
opt/02-core/bigbluebutton/mod/nginx/bbb/livekit.nginx Normal file
View file

@ -0,0 +1,11 @@
location /livekit/ {
proxy_pass http://127.0.0.1:7880/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
}

4
opt/02-core/bigbluebutton/mod/nginx/bbb/loadbalancer.nginx Normal file
View file

@ -0,0 +1,4 @@
# If you run this BBB node behind a proxy loadbalancer set the hostname of
# the loadbalancer here. This will be used to add CORS headers so requesting
# slides and API calls won't fail
set $bbb_loadbalancer_node '';

4
opt/02-core/bigbluebutton/mod/nginx/bbb/notes-playback.nginx Normal file
View file

@ -0,0 +1,4 @@
location /notes {
root /var/bigbluebutton/published;
index index.html index.htm;
}

77
opt/02-core/bigbluebutton/mod/nginx/bbb/notes.nginx Normal file
View file

@ -0,0 +1,77 @@
# https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
location /pad/p/ {
# Avoid setting the user name from the embedded URL
if ($arg_userName) {
return 401;
}
rewrite /pad/p/(.*) /p/$1 break;
rewrite ^/pad/p$ /pad/p/ permanent;
proxy_pass http://etherpad:9001/p;
proxy_pass_header Server;
proxy_redirect /p /pad/p;
proxy_set_header Host $host;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_http_version 1.1;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}
location /pad/auth_session {
rewrite /pad/auth_session(.*) /auth_session$1 break;
proxy_pass http://etherpad:9001/;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_buffering off;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}
location /pad {
rewrite /pad/(.*) /$1 break;
rewrite ^/pad$ /pad/ permanent;
proxy_pass http://etherpad:9001/;
proxy_pass_header Server;
proxy_redirect / /pad/;
proxy_set_header Host $host;
proxy_buffering off;
}
location /pad/socket.io/socket.io.js {
rewrite /pad/socket.io/socket.io.js /socket.io/socket.io.js break;
proxy_pass http://etherpad:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}
location /pad/socket.io {
rewrite /pad/socket.io/(.*) /socket.io/$1 break;
proxy_pass http://etherpad:9001/;
proxy_redirect / /pad/;
proxy_set_header Host $host;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto $real_scheme; # for EP to set secure cookie flag when https is used
proxy_set_header Host $host; # pass the host header
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}
location /static {
rewrite /static/(.*) /static/$1 break;
proxy_pass http://etherpad:9001/;
proxy_set_header Host $host;
proxy_buffering off;
}

21
opt/02-core/bigbluebutton/mod/nginx/bbb/playback-video.nginx Normal file
View file

@ -0,0 +1,21 @@
# This file is part of BigBlueButton.
#
# Copyright © BigBlueButton Inc. and by respective authors.
#
# BigBlueButton is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by the
# Free Software Foundation, either version 3.0 of the License, or (at your
# option) any later version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with BigBlueButton. If not, see <https://www.gnu.org/licenses>.
location /playback/video/ {
alias /var/bigbluebutton/published/video/;
index index.html index.htm;
}

22
opt/02-core/bigbluebutton/mod/nginx/bbb/podcast.nginx Normal file
View file

@ -0,0 +1,22 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /podcast {
root /var/bigbluebutton/published;
index index.html index.htm;
}

46
opt/02-core/bigbluebutton/mod/nginx/bbb/presentation-slides.nginx Normal file
View file

@ -0,0 +1,46 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
# Have nginx serve the presentation slides instead of tomcat as large files
# causes tomcat to OOM. (ralam sept 20, 2018)
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/svg\/(?<page_num>\d+)$ {
default_type image/svg+xml;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg;
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/pdf\/(?<job_id>[A-Za-z0-9]+)\/annotated_slides.pdf$ {
default_type application/pdf;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/pdfs/$job_id/annotated_slides.pdf;
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/thumbnail\/(?<page_num>\d+)$ {
default_type image/png;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png;
add_header 'Access-Control-Allow-Origin' '*' always;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/textfiles\/(?<page_num>\d+)$ {
default_type text/plain;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt;
add_header 'Access-Control-Allow-Origin' '*' always;
}

28
opt/02-core/bigbluebutton/mod/nginx/bbb/presentation.nginx Normal file
View file

@ -0,0 +1,28 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /playback/presentation/2.0/playback.html {
return 301 /playback/presentation/2.3/$arg_meetingId?$query_string;
}
location /playback/presentation/2.3 {
try_files $uri /playback/presentation/2.3/index.html;
}
location /presentation {
root /var/bigbluebutton/published;
index index.html index.htm;
}

22
opt/02-core/bigbluebutton/mod/nginx/bbb/recording-screenshare.nginx Normal file
View file

@ -0,0 +1,22 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /recording/screenshare {
alias /var/bigbluebutton/published/screenshare;
index index.html index.htm;
}

28
opt/02-core/bigbluebutton/mod/nginx/bbb/slides.nginx Normal file
View file

@ -0,0 +1,28 @@
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free Software
# Foundation; either version 3.0 of the License, or (at your option) any later
# version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /playback/slides {
root /var/bigbluebutton;
index index.html index.htm;
}
location /slides {
root /var/bigbluebutton/published;
index index.html index.htm;
}

182
opt/02-core/bigbluebutton/mod/nginx/bbb/web.nginx Executable file
View file

@ -0,0 +1,182 @@
# Handle request to bbb-web running within a SpringBoot Tomcat embedded servlet container. This is for BBB-API and Presentation.
location /bigbluebutton {
proxy_http_version 1.1;
location /bigbluebutton {
proxy_pass http://bbb-web:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
}
location ~ "^\/bigbluebutton\/presentation\/(?<prestoken>[a-zA-Z0-9_-]+)/upload$" {
proxy_pass http://bbb-web:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
# high limit for presentation as bbb-web will reject upload if larger than configured
client_max_body_size 1000m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
proxy_request_buffering off;
# Send a sub-request to allow bbb-web to refuse before loading
# If file is larger than configured bbb-web will return with code 403 and Header: x-file-too-large = 1
auth_request /bigbluebutton/presentation/checkPresentation;
error_page 403 = @error403;
auth_request_set $file_too_large_header $upstream_http_x_file_too_large;
}
location /bigbluebutton/presentation/download {
return 404;
}
location ~ "^/bigbluebutton/presentation/download\/[0-9a-f]+-[0-9]+/[0-9a-f]+-[0-9]+$" {
if ($arg_presFilename !~ "^[0-9a-f]+-[0-9]+\.[0-9a-zA-Z]+$") {
return 404;
}
proxy_pass http://bbb-web:8090$uri$is_args$args;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
}
location = /bigbluebutton/presentation/checkPresentation {
proxy_pass http://bbb-web:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Presentation-Token $prestoken;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length "";
proxy_set_header X-Original-Content-Length $http_content_length;
proxy_set_header X-Original-Method $request_method;
# high limit for presentation as bbb-web will reject upload if larger than configured
client_max_body_size 1000m;
client_body_buffer_size 128k;
proxy_pass_request_body off;
proxy_request_buffering off;
}
# To check connection authentication, include:
# auth_request /bigbluebutton/connection/checkAuthorization;
# auth_request_set $auth_status $upstream_status;
#
# and make sure to add sessionToken param in the request URI
location = /bigbluebutton/connection/checkAuthorization {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location = /bigbluebutton/connection/checkGraphqlAuthorization {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
# this is required for CORS preflight checks in cluster setup
proxy_set_header X-Original-Method $request_method;
}
location = /bigbluebutton/connection/legacyCheckAuthorization {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location = /bigbluebutton/connection/validatePad {
internal;
proxy_pass http://bbb-web:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location ~ "^/bigbluebutton\/textTrack\/(?<textTrackToken>[a-zA-Z0-9]+)\/(?<recordId>[a-zA-Z0-9_-]+)\/(?<textTrack>.+)$" {
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
proxy_request_buffering off;
# Send a sub-request to allow bbb-web to refuse before loading
auth_request /bigbluebutton/textTrack/validateAuthToken;
default_type text/plain;
alias /var/bigbluebutton/captions/$recordId/$textTrack;
}
location = /bigbluebutton/textTrack/validateAuthToken {
internal;
proxy_pass http://bbb-web:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-textTrack-token $textTrackToken;
proxy_set_header X-textTrack-recordId $recordId;
proxy_set_header X-textTrack-track $textTrack;
proxy_set_header X-Original-URI $request_uri;
}
location /bigbluebutton/rtt-check {
default_type text/plain;
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "0";
# this Header is required for cluster setups as the ping check is a
# CORS request. No cookies are required so we can just allow anyone
# to use this endpoint.
add_header 'Access-Control-Allow-Origin' '*';
return 200 "";
}
}
location @error403 {
if ($file_too_large_header = '1') {
return 413;
}
return 403;
}

9
opt/02-core/bigbluebutton/mod/nginx/bbb/webhooks.nginx Normal file
View file

@ -0,0 +1,9 @@
# Pass to the webhooks app all requests made to the webhooks API.
location /bigbluebutton/api/hooks {
proxy_pass http://10.7.7.17:3005;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}

25
opt/02-core/bigbluebutton/mod/nginx/bbb/webrtc-sfu.nginx Normal file
View file

@ -0,0 +1,25 @@
location /bbb-webrtc-sfu {
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
# Extra variables are annotated by bbb-web as custom headers
auth_request_set $user_id $sent_http_user_id;
auth_request_set $meeting_id $sent_http_meeting_id;
auth_request_set $voice_bridge $sent_http_voice_bridge;
auth_request_set $user_name $sent_http_user_name;
proxy_pass http://10.7.7.1:3008;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Following custom headers are used by bbb-webrtc-sfu
proxy_set_header User-Id $user_id;
proxy_set_header Meeting-Id $meeting_id;
proxy_set_header Voice-Bridge $voice_bridge;
proxy_set_header User-Name $user_name;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
client_body_timeout 60s;
send_timeout 60s;
}

86
opt/02-core/bigbluebutton/mod/nginx/bigbluebutton Normal file
View file

@ -0,0 +1,86 @@
server {
# proxied from HAProxy
listen 48082 http2 proxy_protocol;
listen 48081 proxy_protocol;
# optional ports for other reverse proxies
listen 48087 default_server;
listen [::]:48087 default_server;
server_name _;
access_log /dev/stdout;
absolute_redirect off;
root /www/;
# This variable is used instead of $scheme by bigbluebutton nginx include
# files, so $scheme can be overridden in reverse-proxy configurations.
set $real_scheme $scheme;
# opt-out of google's floc tracking
# https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
add_header Permissions-Policy "interest-cohort=()";
# Include specific rules for record and playback
include /etc/nginx/bbb/*.nginx;
# redirect old greenlight v2 room links
location ~ "/b/([a-z0-9\-]+)" {
return 302 /rooms/$1;
}
# serve default.pdf from /www/
location = /default.pdf {
try_files $uri =404;
}
location / {
proxy_pass http://greenlight:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For "127.0.0.1";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_http_version 1.1;
client_max_body_size 1000m;
}
location /cable {
proxy_pass http://greenlight:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For "127.0.0.1";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_http_version 1.1;
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
}
upstream hasura {
least_conn;
server bbb-graphql-server:8085;
# you might want to add more bbb-graphql-server@ instances to balance the
# load to multiple bbb-graphql-server instances. Execute
# `systemctl enable --now bbb-graphql-server@8086` and uncomment the
# following line:
# server 127.0.0.1:8086;
}
server {
listen 10.7.7.1:8185;
listen 127.0.0.1:8185;
root /var/www/html;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_pass http://hasura;
}
}

BIN
opt/02-core/bigbluebutton/mod/nginx/default.pdf Normal file
View file

Binary file not shown.

53
opt/02-core/bigbluebutton/mod/nginx/nginx.conf Normal file
View file

@ -0,0 +1,53 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 20000;
events {
worker_connections 10000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
# additional server only used for greenlight in dev mode
# allows it to use the BBB API without failing
# due to the self signed certificates
#
# all other requests (e.g. /join) is then redirected
listen 48083 http2;
location /bigbluebutton/api/join {
return 301 https://10.7.7.1$request_uri;
}
location /bigbluebutton/api {
proxy_pass http://127.0.0.1:48087;
}
location / {
return 301 https://10.7.7.1$request_uri;
}
}
}

10
opt/02-core/bigbluebutton/mod/periodic/Dockerfile Normal file
View file

@ -0,0 +1,10 @@
FROM debian:bookworm-slim
# -- install docker cli
COPY --from=library/docker:latest /usr/local/bin/docker /usr/bin/docker
COPY bbb-remove-old-recordings bbb-resync-freeswitch entrypoint.sh /
RUN chmod +x bbb-remove-old-recordings
ENTRYPOINT ["/entrypoint.sh"]

41
opt/02-core/bigbluebutton/mod/periodic/bbb-remove-old-recordings Executable file
View file

@ -0,0 +1,41 @@
#!/bin/bash
# Source: https://docs.bigbluebutton.org/admin/customize.html#delete-recordings-older-than-n-days
set -e
LOGFILE=/var/log/bigbluebutton/bbb-recording-cleanup-$(date --iso-8601='seconds' -u).log
shopt -s nullglob
NOW=$(date +%s)
echo "$(date --rfc-3339=seconds) Deleting recordings older than ${RECORDING_MAX_AGE_DAYS} days" >"${LOGFILE}"
# Find the name of recordings container in order to access `bbb-record` utility
BBB_RECORDINGS_CONTAINER_NAME=$(docker ps --filter "name=recordings" --filter "status=running" --format "{{.Names}}")
if [ $BBB_RECORDINGS_CONTAINER_NAME == "" ]; then
echo "$(date --rfc-3339=seconds) ERROR: recordings container is not running" >>"${LOGFILE}"
exit 1
fi
for donefile in /var/bigbluebutton/recording/status/published/*-presentation.done ; do
MTIME=$(stat -c %Y "${donefile}")
# Check the age of the recording
if [ $(( ( $NOW - $MTIME ) / 86400 )) -gt $RECORDING_MAX_AGE_DAYS ]; then
MEETING_ID=$(basename "${donefile}")
MEETING_ID=${MEETING_ID%-presentation.done}
echo "${MEETING_ID}" >> "${LOGFILE}"
docker exec "$BBB_RECORDINGS_CONTAINER_NAME" bbb-record --delete "${MEETING_ID}" >>"${LOGFILE}"
fi
done
for eventsfile in /var/bigbluebutton/recording/raw/*/events.xml ; do
MTIME=$(stat -c %Y "${eventsfile}")
# Check the age of the recording
if [ $(( ( $NOW - $MTIME ) / 86400 )) -gt $RECORDING_MAX_AGE_DAYS ]; then
MEETING_ID="${eventsfile%/events.xml}"
MEETING_ID="${MEETING_ID##*/}"
echo "${MEETING_ID}" >> "${LOGFILE}"
docker exec "$BBB_RECORDINGS_CONTAINER_NAME" bbb-record --delete "${MEETING_ID}" >>"${LOGFILE}"
fi
done

5
opt/02-core/bigbluebutton/mod/periodic/bbb-resync-freeswitch Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
# https://github.com/bigbluebutton/bigbluebutton/pull/9597/files
docker exec -it bbb-freeswitch fs_cli -H 10.7.7.1 -P 8021 -x 'fsctl sync_clock_when_idle'

23
opt/02-core/bigbluebutton/mod/periodic/entrypoint.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/bash
#
# How N days back to keep files
#
history=5
while :
do
# resync freeswitch
/bbb-resync-freeswitch
# delete presentations older than N days
find /var/bigbluebutton/ -maxdepth 1 -type d -name "*-[0-9]*" -mtime +$history -exec rm -rf '{}' +
# delete recordings older than $RECORDING_MAX_AGE_DAYS
if [ "$ENABLE_RECORDING" == true ] && [ "$REMOVE_OLD_RECORDING" == true ]; then
/bbb-remove-old-recordings
fi
sleep 30m
done

21
opt/02-core/bigbluebutton/mod/postgres/initdb.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
set -e
set -u
function create_user_and_database() {
local database=$1
echo " Creating user and database '$database'"
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE DATABASE $database;
GRANT ALL PRIVILEGES ON DATABASE $database TO $POSTGRES_USER;
EOSQL
}
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
create_user_and_database $db
done
echo "Multiple databases created"
fi

125
opt/02-core/bigbluebutton/mod/recordings/Dockerfile Normal file
View file

@ -0,0 +1,125 @@
FROM ruby:3.0-slim-bullseye
# install apt dependencies
RUN apt-get update && apt-get install -y \
wget \
subversion \
rsync \
build-essential \
libsystemd-dev \
python3 \
python3-attr \
python3-cairo \
python3-gi \
python3-gi-cairo \
python3-lxml \
python3-icu \
python3-pyinotify \
python3-sortedcollections \
python3-packaging \
gir1.2-pangocairo-1.0 \
gir1.2-poppler-0.18 \
gir1.2-gtk-3.0 \
gir1.2-gdkpixbuf-2.0 \
fonts-croscore \
ffmpeg \
poppler-utils \
imagemagick \
supervisor \
unzip \
locales \
locales-all
# TODO: missing packages
ENV LC_ALL en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8
# compile and install mkclean
RUN cd /tmp \
&& wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
&& tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
&& cd /tmp/mkclean-0.8.10 \
&& sed -i 's/\r//g' ./mkclean/configure.compiled \
&& ./mkclean/configure.compiled \
&& make -C mkclean \
&& cp ./release/gcc_linux_x64/mkclean /usr/bin/mkclean \
&& rm -r /tmp/mkclean-*
# add dockerize
ENV DOCKERIZE_VERSION v0.6.1
RUN wget -q https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz
# add yq for bbb-record
RUN wget -q https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq \
&& chmod +x /usr/bin/yq
RUN mkdir -p \
/usr/local/bigbluebutton \
/usr/local/bigbluebutton/core \
/etc/bigbluebutton \
/etc/bigbluebutton/recording
# dependency for bbb-presentation-video
RUN wget -q -O /tmp/python3-perfect-freehand.deb https://github.com/bigbluebutton/perfect-freehand-python/releases/download/1.2.0/python3-perfect-freehand_1.2.0_all.deb && \
dpkg -i /tmp/python3-perfect-freehand.deb && \
rm /tmp/python3-perfect-freehand.deb
ARG TAG_RECORDINGS
COPY --from=record-core / /usr/local/bigbluebutton/core
# add bbb-playback-presentation scripts
COPY --from=presentation /scripts /usr/local/bigbluebutton/core/scripts/
# install ruby dependencies
RUN cd /usr/local/bigbluebutton/core \
&& gem install builder \
&& gem install bundler --no-document \
&& bundle config set --local deployment true \
&& bundle install \
&& bundle clean \
&& rm -r vendor/bundle/ruby/*/cache \
&& find vendor/bundle -name '*.o' -delete
# log to file instead of journald
RUN sed -i 's|Journald::Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/lib/recordandplayback.rb && \
sed -i 's|Journald::Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/rap-caption-inbox.rb && \
sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/rap-process-worker.rb && \
sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/archive/archive.rb && \
sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/publish/presentation.rb && \
sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/utils/captions.rb && \
sed -i 's|Logger\.new.*|Logger.new("/var/log/bigbluebutton/recording.log")|g' /usr/local/bigbluebutton/core/scripts/process/presentation.rb
# add bbb-record with some adjustments so bbb-record works in this environment
COPY --from=bbb-conf /bin/bbb-record /usr/bin/bbb-record
RUN cd /usr/bin \
&& chmod +x /usr/bin/bbb-record \
&& sed -i 's/^BBB_WEB.*/BBB_WEB=""/' /usr/bin/bbb-record \
&& sed -i 's/systemctl.*//' /usr/bin/bbb-record \
&& echo "BIGBLUEBUTTON_RELEASE=$TAG_RECORDINGS" > /etc/bigbluebutton/bigbluebutton-release
# create user
# the ID should match the one creating the files in `core`
RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
# change owner
# https://github.com/alangecker/bigbluebutton-docker/issues/63
RUN chown -R 998:998 /usr/local/bigbluebutton
ARG TAG_BBB_PRESENTATION_VIDEO
RUN cd /tmp/ && \
wget -q -O bbb-presentation-video.zip "https://github.com/bigbluebutton/bbb-presentation-video/releases/download/${TAG_BBB_PRESENTATION_VIDEO}/ubuntu-20.04.zip" && \
unzip -o bbb-presentation-video.zip -d bbb-presentation-video && \
dpkg -i bbb-presentation-video/bbb-presentation-video*.deb && \
rm -rf /tmp/*
COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
COPY recording.yml /etc/bigbluebutton/recording/recording.yml.tmpl
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT /entrypoint.sh

2
opt/02-core/bigbluebutton/mod/recordings/bbb-web.properties Normal file
View file

@ -0,0 +1,2 @@
bigbluebutton.web.serverURL=https://{{ .Env.DOMAIN }}
securitySalt={{ .Env.SHARED_SECRET }}

16
opt/02-core/bigbluebutton/mod/recordings/entrypoint.sh Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
touch /var/log/bigbluebutton/recording.log
touch /var/log/bigbluebutton/bbb-web.log
touch /var/log/bigbluebutton/sanity.log
touch /var/log/bigbluebutton/post_publish.log
mkdir -p /var/log/bigbluebutton/presentation
chown -R bigbluebutton:bigbluebutton /var/log/bigbluebutton
dockerize \
-template /etc/bigbluebutton/recording/recording.yml.tmpl:/etc/bigbluebutton/recording/recording.yml \
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
-stdout /var/log/bigbluebutton/recording.log \
-stdout /var/log/bigbluebutton/post_publish.log \
-stdout /var/log/bigbluebutton/sanity.log \
/usr/bin/supervisord --nodaemon

4
opt/02-core/bigbluebutton/mod/recordings/recording.yml Normal file
View file

@ -0,0 +1,4 @@
redis_host: redis
notes_endpoint: http://bbb-pads:9002/p
playback_host: {{ .Env.DOMAIN }}
playback_protocol: https

34
opt/02-core/bigbluebutton/mod/recordings/supervisord.conf Normal file
View file

@ -0,0 +1,34 @@
[supervisord]
user=root
[program:rasque_workers]
command=bundle exec rake -f Rakefile resque:workers
directory=/usr/local/bigbluebutton/core/scripts
environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",HOME="/home/bigbluebutton"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
stderr_logfile_maxbytes=0
[program:rap_starter]
command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-starter.rb
directory=/usr/local/bigbluebutton/core/scripts
environment=HOME="/home/bigbluebutton"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
stderr_logfile_maxbytes=0
[program:rap_caption_inbox]
command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-caption-inbox.rb
directory=/usr/local/bigbluebutton/core/scripts
environment=HOME="/home/bigbluebutton"
user=bigbluebutton
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
stderr_logfile_maxbytes=0

Some files were not shown because too many files have changed in this diff Show more