From 4940546bd44376801bc5bc670adee86148bf9c5c Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 3 Dec 2022 20:43:33 +0100 Subject: [PATCH] Finished big blue button implementation --- playbook.yml | 2 - roles/docker-bigbluebutton/handlers/main.yml | 11 +- roles/docker-bigbluebutton/readme.md | 15 +- roles/docker-bigbluebutton/tasks/main.yml | 24 +- .../templates/docker-compose.yml.j2 | 469 ------------------ roles/docker-bigbluebutton/templates/env.j2 | 2 +- .../templates/nginx-proxy.conf.j2 | 45 +- roles/docker-bigbluebutton/vars/main.yml | 3 +- 8 files changed, 47 insertions(+), 524 deletions(-) delete mode 100644 roles/docker-bigbluebutton/templates/docker-compose.yml.j2 diff --git a/playbook.yml b/playbook.yml index 144adcbe..c1cf25d8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -143,8 +143,6 @@ - role: docker-bigbluebutton vars: domain: bbb.{{top_domain}} - http_port_I: 8012 - http_port_II: 8013 - name: setup akaunting hosts hosts: akaunting_hosts become: true diff --git a/roles/docker-bigbluebutton/handlers/main.yml b/roles/docker-bigbluebutton/handlers/main.yml index 5d1a9b11..b4f67a90 100644 --- a/roles/docker-bigbluebutton/handlers/main.yml +++ b/roles/docker-bigbluebutton/handlers/main.yml @@ -1,8 +1,17 @@ --- -- name: setup bigbluebutton +- name: create docker-compose.yml for bigbluebutton + command: + cmd: bash ./scripts/generate-compose + chdir: "{{docker_compose_bigbluebutton_path}}" + environment: + COMPOSE_HTTP_TIMEOUT: 600 + DOCKER_CLIENT_TIMEOUT: 600 + listen: setup bigbluebutton +- name: docker compose up bigbluebutton command: cmd: docker-compose -p bigbluebutton up -d --force-recreate chdir: "{{docker_compose_bigbluebutton_path}}" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 + listen: setup bigbluebutton \ No newline at end of file diff --git a/roles/docker-bigbluebutton/readme.md b/roles/docker-bigbluebutton/readme.md index 52d5af9d..b945e797 100644 --- a/roles/docker-bigbluebutton/readme.md +++ b/roles/docker-bigbluebutton/readme.md @@ -1,12 +1,21 @@ # docker bigbluebutton +Role to deploy [BigBlueButton](https://bigbluebutton.org/). -## cleanup +## naintance + +### cleanup ```bash docker-compose down; - docker volume rm bigbluebutton_bigbluebutton bigbluebutton_html5-static bigbluebutton_vol-freeswitch bigbluebutton_vol-kurento bigbluebutton_vol-mediasoup + docker volume rm bigbluebutton_bigbluebutton bigbluebutton_html5-static bigbluebutton_vol-freeswitch bigbluebutton_vol-kurento bigbluebutton_vol-mediasoup bigbluebutton_database +``` + +### check container status +```bash +watch -n 2 "docker ps -a | grep bigbluebutton" ``` ## Further information - https://github.com/bigbluebutton/docker - https://docs.bigbluebutton.org/greenlight/gl-install.html#setting-bigbluebutton-credentials -- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/ \ No newline at end of file +- https://goneuland.de/big-blue-button-mit-docker-und-traefik-installieren/ +- https://github.com/docker/compose/issues/4799 \ No newline at end of file diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index 19c0a809..b4de5b2c 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -2,26 +2,10 @@ - name: recieve {{domain}} certificate command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} -#- name: configure {{domain}}.conf -# template: src=roles/native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf -# notify: restart nginx - - name: configure {{domain}}.conf template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx -- name: register directory - stat: - path: "{{docker_compose_bigbluebutton_path}}" - register: docker_compose_bigbluebutton_path_register - -- name: checkout repository - ansible.builtin.shell: git checkout . - become: true - args: - chdir: "{{docker_compose_bigbluebutton_path}}" - when: docker_compose_bigbluebutton_path_register.stat.exists - - name: pull docker repository git: repo: "https://github.com/bigbluebutton/docker.git" @@ -30,13 +14,7 @@ recursive: yes version: main notify: setup bigbluebutton - become: true - -- name: configure .env +- name: deploy .env template: src=env.j2 dest={{docker_compose_bigbluebutton_path}}/.env notify: setup bigbluebutton - -- name: configure docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose_bigbluebutton_path}}/docker-compose.yml - notify: setup bigbluebutton diff --git a/roles/docker-bigbluebutton/templates/docker-compose.yml.j2 b/roles/docker-bigbluebutton/templates/docker-compose.yml.j2 deleted file mode 100644 index 6a4b2862..00000000 --- a/roles/docker-bigbluebutton/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,469 +0,0 @@ -version: '3.6' - -# html5 templates -x-html5-backend: &html5backend - build: - context: mod/html5 - args: - BBB_BUILD_TAG: v2022-03-30 - TAG_HTML5: v2.5.7 - image: alangecker/bbb-docker-html5:v2.5.7 - restart: unless-stopped - depends_on: - - redis - - mongodb - - etherpad - environment: &html5backend-env - DOMAIN: ${DOMAIN} - CLIENT_TITLE: ${CLIENT_TITLE} - LISTEN_ONLY_MODE: ${LISTEN_ONLY_MODE:-true} - DISABLE_ECHO_TEST: ${DISABLE_ECHO_TEST:-false} - AUTO_SHARE_WEBCAM: ${AUTO_SHARE_WEBCAM:-false} - DISABLE_VIDEO_PREVIEW: ${DISABLE_VIDEO_PREVIEW:-false} - CHAT_ENABLED: ${CHAT_ENABLED:-true} - CHAT_START_CLOSED: ${CHAT_START_CLOSED:-false} - BREAKOUTROOM_LIMIT: ${BREAKOUTROOM_LIMIT:-8} - DEV_MODE: ${DEV_MODE:-} - BBB_HTML5_ROLE: backend - -x-html5-frontend: &html5frontend - <<: *html5backend - volumes: - - html5-static:/html5-static:rw - environment: &html5frontend-env - <<: *html5backend-env - BBB_HTML5_ROLE: frontend - -services: - bbb-web: - build: - context: mod/bbb-web - args: - BBB_BUILD_TAG: v2022-03-30 - TAG_COMMON_MESSAGE: v2.5.7 - TAG_BBB_WEB: v2.5.8 - image: alangecker/bbb-docker-web:v2.5.8 - restart: unless-stopped - depends_on: - - redis - - etherpad - healthcheck: - test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1 - start_period: 2m - environment: - DEV_MODE: ${DEV_MODE:-} - DOMAIN: ${DOMAIN} - ENABLE_RECORDING: ${ENABLE_RECORDING:-false} - SHARED_SECRET: ${SHARED_SECRET} - WELCOME_MESSAGE: ${WELCOME_MESSAGE:-} - WELCOME_FOOTER: ${WELCOME_FOOTER} - STUN_SERVER: stun:${STUN_IP}:${STUN_PORT} - TURN_SERVER: ${TURN_SERVER:-} - TURN_SECRET: ${TURN_SECRET:-} - ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} - NUMBER_OF_BACKEND_NODEJS_PROCESSES: 2 - volumes: - - bigbluebutton:/var/bigbluebutton - - vol-freeswitch:/var/freeswitch/meetings - ports: - - 127.0.0.1:{{http_port_II}}:8090 - networks: - bbb-net: - ipv4_address: 10.7.7.2 - logging: - driver: journald - - - html5-backend-1: - <<: *html5backend - environment: - <<: *html5backend-env - INSTANCE_ID: 1 - PORT: 4000 - networks: - bbb-net: - ipv4_address: 10.7.7.100 - logging: - driver: journald - - html5-backend-2: - <<: *html5backend - environment: - <<: *html5backend-env - INSTANCE_ID: 2 - PORT: 4001 - logging: - driver: journald - networks: - bbb-net: - ipv4_address: 10.7.7.101 - - - - html5-frontend-1: - <<: *html5frontend - environment: - <<: *html5frontend-env - INSTANCE_ID: 1 - PORT: 4100 - logging: - driver: journald - networks: - bbb-net: - ipv4_address: 10.7.7.200 - - html5-frontend-2: - <<: *html5frontend - environment: - <<: *html5frontend-env - INSTANCE_ID: 2 - PORT: 4101 - networks: - bbb-net: - ipv4_address: 10.7.7.201 - logging: - driver: journald - - freeswitch: - container_name: bbb-freeswitch - build: - context: mod/freeswitch - args: - TAG_FS_CONFIG: v2.5.7 - image: alangecker/bbb-docker-freeswitch:v2.5.7 - restart: unless-stopped - cap_add: - - IPC_LOCK - - NET_ADMIN - - NET_RAW - - NET_BROADCAST - - SYS_NICE - - SYS_RESOURCE - environment: - DOMAIN: ${DOMAIN} - EXTERNAL_IPv4: ${EXTERNAL_IPv4} - EXTERNAL_IPv6: ${EXTERNAL_IPv6:-::1} - SIP_IP_ALLOWLIST: ${SIP_IP_ALLOWLIST:-} - DISABLE_SOUND_MUTED: ${DISABLE_SOUND_MUTED:-false} - DISABLE_SOUND_ALONE: ${DISABLE_SOUND_ALONE:-false} - SOUNDS_LANGUAGE: ${SOUNDS_LANGUAGE:-en-us-callie} - ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} - volumes: - - ./conf/sip_profiles:/etc/freeswitch/sip_profiles/external - - ./conf/dialplan_public:/etc/freeswitch/dialplan/public_docker - - vol-freeswitch:/var/freeswitch/meetings - network_mode: host - logging: - driver: journald - - nginx: - build: - context: mod/nginx - args: - TAG_LEARNING_DASHBOARD: v2.5.5 - image: alangecker/bbb-docker-nginx:1.21-v4.0.0-v2.5.5 - restart: unless-stopped - depends_on: - - etherpad - - webrtc-sfu - - html5-backend-1 - volumes: - - bigbluebutton:/var/bigbluebutton - - html5-static:/html5-static:ro - - ${DEFAULT_PRESENTATION:-/dev/null}:/www/default.pdf - network_mode: host - extra_hosts: - - "host.docker.internal:10.7.7.1" - - "bbb-web:10.7.7.2" - - "etherpad:10.7.7.4" - - "webrtc-sfu:10.7.7.1" - - "html5:10.7.7.11" - logging: - driver: journald - - etherpad: - build: mod/etherpad - image: alangecker/bbb-docker-etherpad:1.8.18-3 - restart: unless-stopped - logging: - driver: journald - depends_on: - - redis - environment: - ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} - networks: - bbb-net: - ipv4_address: 10.7.7.4 - - bbb-pads: - build: mod/bbb-pads - image: alangecker/bbb-docker-pads:v1.2.2 - restart: unless-stopped - logging: - driver: journald - depends_on: - - redis - - etherpad - environment: - ETHERPAD_API_KEY: ${ETHERPAD_API_KEY} - networks: - bbb-net: - ipv4_address: 10.7.7.18 - - redis: - image: redis:7.0-alpine - restart: unless-stopped - logging: - driver: journald - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 1s - timeout: 3s - retries: 30 - networks: - bbb-net: - ipv4_address: 10.7.7.5 - - mongodb: - container_name: bbb-mongodb - image: mongo:4.4 - restart: unless-stopped - logging: - driver: journald - volumes: - - ./mod/mongo/mongod.conf:/etc/mongod.conf - - ./mod/mongo/init-replica.sh:/docker-entrypoint-initdb.d/init-replica.sh - tmpfs: - - /data/configdb - - /data/db - command: mongod --config /etc/mongod.conf --oplogSize 8 --replSet rs0 --noauth - healthcheck: - test: bash -c "if mongo --eval 'quit(db.runCommand({ ping':' 1 }).ok ? 0 ':' 2)'; then exit 0; fi; exit 1;" - networks: - bbb-net: - ipv4_address: 10.7.7.6 - - # TODO: remove as soon as not required anymore by webrtc-sfu - kurento: - image: kurento/kurento-media-server:6.18 - restart: unless-stopped - logging: - driver: journald - network_mode: host - volumes: - - vol-kurento:/var/kurento - - webrtc-sfu: - build: - context: mod/webrtc-sfu - args: - BBB_BUILD_TAG: v2022-03-30 - image: alangecker/bbb-docker-webrtc-sfu:v2.8.6 - restart: unless-stopped - logging: - driver: journald - depends_on: - - redis - - freeswitch - environment: - CLIENT_HOST: 10.7.7.1 - REDIS_HOST: 10.7.7.5 - FREESWITCH_IP: 10.7.7.1 - FREESWITCH_SIP_IP: ${EXTERNAL_IPv4} - ESL_IP: 10.7.7.1 - ESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} - # TODO: add mediasoup IPv6 - # TODO: can listen to 0.0.0.0 for nat support? https://github.com/versatica/mediasoup/issues/487 - - MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"${EXTERNAL_IPv4}"}]' - - MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"${EXTERNAL_IPv4}"}' - volumes: - - vol-mediasoup:/var/mediasoup - tmpfs: - - /var/log/bbb-webrtc-sfu - network_mode: host - - fsesl-akka: - build: - context: mod/fsesl-akka - args: - BBB_BUILD_TAG: v2022-03-30 - TAG_COMMON_MESSAGE: v2.5.7 - TAG_FSESL_AKKA: v2.5.7 - image: alangecker/bbb-docker-fsesl-akka:v2.5.7 - restart: unless-stopped - depends_on: - - redis - - freeswitch - environment: - FSESL_PASSWORD: ${FSESL_PASSWORD:-ClueCon} - networks: - bbb-net: - ipv4_address: 10.7.7.14 - logging: - driver: journald - - apps-akka: - build: - context: mod/apps-akka - args: - BBB_BUILD_TAG: v2022-03-30 - TAG_COMMON_MESSAGE: v2.5.7 - TAG_APPS_AKKA: v2.5.7 - image: alangecker/bbb-docker-apps-akka:v2.5.7 - restart: unless-stopped - depends_on: - - redis - environment: - DOMAIN: ${DOMAIN} - SHARED_SECRET: ${SHARED_SECRET} - volumes: - - vol-freeswitch:/var/freeswitch/meetings - networks: - bbb-net: - ipv4_address: 10.7.7.15 - logging: - driver: journald - - jodconverter: - build: mod/jodconverter - image: alangecker/bbb-docker-jodconverter:latest - security_opt: - - 'no-new-privileges:true' - restart: unless-stopped - tmpfs: - - /tmp - deploy: - resources: - limits: - memory: 512M - networks: - bbb-net: - ipv4_address: 10.7.7.20 - logging: - driver: journald - - periodic: - build: mod/periodic - image: alangecker/bbb-docker-periodic:v2.5.0-rc.1 - restart: unless-stopped - depends_on: - - mongodb - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - bigbluebutton:/var/bigbluebutton - - vol-mediasoup:/var/mediasoup - tmpfs: - - /var/log/bigbluebutton - environment: - ENABLE_RECORDING: ${ENABLE_RECORDING} - REMOVE_OLD_RECORDING: ${REMOVE_OLD_RECORDING} - RECORDING_MAX_AGE_DAYS: ${RECORDING_MAX_AGE_DAYS} - networks: - bbb-net: - ipv4_address: 10.7.7.12 - logging: - driver: journald - - # recordings - recordings: - build: - context: mod/recordings - args: - BBB_BUILD_TAG: v2022-03-30 - TAG_RECORDINGS: v2.5.7 - image: alangecker/bbb-docker-recordings:v2.5.7 - restart: unless-stopped - depends_on: - - redis - - bbb-pads - environment: - DOMAIN: ${DOMAIN} - volumes: - - bigbluebutton:/var/bigbluebutton - - vol-freeswitch:/var/freeswitch/meetings - - vol-mediasoup:/var/mediasoup - - vol-kurento:/var/kurento - tmpfs: - - /var/log/bigbluebutton - - /tmp - networks: - bbb-net: - ipv4_address: 10.7.7.16 - logging: - driver: journald - - # coturn - coturn: - image: coturn/coturn:4.6-alpine - restart: unless-stopped - command: - - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}" - - "--external-ip=${EXTERNAL_IPv6:-::1}/${EXTERNAL_IPv6:-::1}" - - "--static-auth-secret=${TURN_SECRET}" - volumes: - - - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem - - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem - - - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf - environment: - ENABLE_HTTPS_PROXY: - user: root - network_mode: host - logging: - driver: journald - - # greenlight - greenlight: - logging: - driver: journald - image: bigbluebutton/greenlight:v2 - restart: unless-stopped - env_file: .env - environment: - DB_ADAPTER: postgresql - DB_HOST: postgres - DB_NAME: greenlight - DB_USERNAME: postgres - DB_PASSWORD: ${POSTGRESQL_SECRET:-password} - SAFE_HOSTS: ${DOMAIN} - BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/ - BIGBLUEBUTTON_SECRET: ${SHARED_SECRET} - SECRET_KEY_BASE: ${RAILS_SECRET} - ports: - - 127.0.0.1:{{http_port_I}}:80 - postgres: - image: postgres:12-alpine - restart: unless-stopped - logging: - driver: journald - environment: - POSTGRES_DB: greenlight - POSTGRES_USER: postgres - POSTGRES_PASSWORD: ${POSTGRESQL_SECRET:-password} - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - database:/var/lib/postgresql/data - -volumes: - database: - bigbluebutton: - vol-freeswitch: - vol-kurento: - vol-mediasoup: - html5-static: - - -networks: - bbb-net: - ipam: - driver: default - config: - - subnet: "10.7.7.0/24" diff --git a/roles/docker-bigbluebutton/templates/env.j2 b/roles/docker-bigbluebutton/templates/env.j2 index 05ab3c7e..69838704 100644 --- a/roles/docker-bigbluebutton/templates/env.j2 +++ b/roles/docker-bigbluebutton/templates/env.j2 @@ -212,7 +212,7 @@ SMTP_SENDER={{system_email_username}} # # The recommended prefix is "/b". # -RELATIVE_URL_ROOT="{{relative_url_root}}" +RELATIVE_URL_ROOT="/b" # Specify which settings you would like the users to configure on room creation # or edit after the room has been created diff --git a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 index 9a2d7f34..19bf393c 100644 --- a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 +++ b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 @@ -1,30 +1,29 @@ -server -{ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} +map $remote_addr $endpoint_addr { + "~:" [::1]; + default 127.0.0.1; +} + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; server_name {{domain}}; - {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %} - - {% with http_port=http_port_II %} - {% include 'roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2' %} - {% endwith %} + ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; - location {{relative_url_root}} { - proxy_pass http://127.0.0.1:{{http_port_I}}; - - # headers + location / { + proxy_http_version 1.1; + proxy_pass http://$endpoint_addr:48087; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Port 443; - - # deactivate buffering - proxy_buffering off; - proxy_request_buffering off; - - # timeouts - proxy_connect_timeout 1s; - proxy_send_timeout 900s; - proxy_read_timeout 900s; - send_timeout 900s; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_cache_bypass $http_upgrade; } } diff --git a/roles/docker-bigbluebutton/vars/main.yml b/roles/docker-bigbluebutton/vars/main.yml index e3e48a67..51232f32 100644 --- a/roles/docker-bigbluebutton/vars/main.yml +++ b/roles/docker-bigbluebutton/vars/main.yml @@ -1,2 +1 @@ -docker_compose_bigbluebutton_path: "/home/administrator/docker-compose/bigbluebutton/" -relative_url_root: "/b/" \ No newline at end of file +docker_compose_bigbluebutton_path: "/home/administrator/docker-compose/bigbluebutton/" \ No newline at end of file