Merged client playbook and server playbook

2025-11-04 04:08:15 +00:00 · 2023-04-18 14:52:43 +02:00
parent 2c76f99dd1
commit ec0dbee7bb
341 changed files with 153 additions and 811 deletions
--- a/roles/server_docker-bigbluebutton/templates/env.j2
+++ b/roles/server_docker-bigbluebutton/templates/env.j2
@@ -0,0 +1,273 @@
+ENABLE_COTURN=true
+COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{domain}}/fullchain.pem
+COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{domain}}/privkey.pem
+ENABLE_GREENLIGHT=true
+
+# Enable Webhooks
+# used by some integrations
+#ENABLE_WEBHOOKS=true
+
+# Prometheus Exporter
+# serves the bigbluebutton-exporter under following URL:
+# https://yourdomain/bbb-exporter
+#ENABLE_PROMETHEUS_EXPORTER=true
+#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
+
+# Recording
+# IMPORTANT: this is currently a big privacy issues, because it will
+# record everything which happens in the conference, even when the button
+# suggets, that it does not.
+# https://github.com/bigbluebutton/bigbluebutton/issues/9202
+# make sure that you get peoples consent, before they join a room
+ENABLE_RECORDING=false
+REMOVE_OLD_RECORDING=true
+RECORDING_MAX_AGE_DAYS=365
+
+# ====================================
+# SECRETS
+# ====================================
+# important! change these to any random values
+SHARED_SECRET={{bigbluebutton_shared_secret}}
+ETHERPAD_API_KEY={{bigbluebutton_etherpad_api_key}}
+RAILS_SECRET={{bigbluebutton_rails_secret}}
+POSTGRESQL_SECRET={{bigbluebutton_postgresql_secret}}
+FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
+
+
+
+# ====================================
+# CONNECTION
+# ====================================
+
+DOMAIN={{domain}}
+
+EXTERNAL_IPv4={{ip4_address}}
+EXTERNAL_IPv6=
+
+# STUN SERVER
+# stun.freeswitch.org
+STUN_IP={{ip4_address}}
+STUN_PORT=3478
+
+# TURN SERVER
+# uncomment and adjust following two lines to add an external TURN server
+TURN_SERVER=turns:{{domain}}:5349?transport=tcp
+TURN_SECRET={{bigbluebutton_turn_secret}}
+
+# Allowed SIP IPs
+# due to high traffic caused by bots, by default the SIP port is blocked.
+# but you can allow access by your providers IP or IP ranges (comma seperated)
+# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
+SIP_IP_ALLOWLIST=
+
+
+# ====================================
+# CUSTOMIZATION
+# ====================================
+
+CLIENT_TITLE=BigBlueButton
+
+# use following lines to replace the default welcome message and footer
+WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button.  Use a headset to avoid causing background noise for others."
+WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
+
+# use following line for an additional SIP dial-in message
+#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br>  INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
+
+# for a different default presentation, place the pdf file in ./conf/ and
+# adjust the following path
+DEFAULT_PRESENTATION=./mod/nginx/default.pdf
+
+# language of sound announcements
+# options:
+# - en-ca-june - EN Canadian June
+# - en-us-allison - US English Allison
+# - en-us-callie - US English Callie
+# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
+# - es-ar-mario - Spanish/Argentina Mario
+# - fr-ca-june - FR Canadian June
+# - pt-br-karina - Brazilian Portuguese Karina
+# - ru-RU-elena - RU Russian Elena
+# - ru-RU-kirill - RU Russian Kirill
+# - ru-RU-vika - RU Russian Viktoriya
+# - sv-se-jakob - Swedish (Sweden) Jakob
+# - zh-cn-sinmei - Chinese/China Sinmei
+# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
+SOUNDS_LANGUAGE=en-us-callie
+
+# set to false to disable listenOnlyMode
+LISTEN_ONLY_MODE=true
+
+# set to true to disable echo test
+DISABLE_ECHO_TEST=false
+
+# set to true to automatically share webcam
+AUTO_SHARE_WEBCAM=false
+
+# set to true to disable video preview for webcam sharing
+DISABLE_VIDEO_PREVIEW=false
+
+# set to false to disable chat
+CHAT_ENABLED=true
+
+# set to true to start chat closed
+CHAT_START_CLOSED=false
+
+# set to true to disable announcements "You are now (un-)muted"
+DISABLE_SOUND_MUTED=false
+
+# set to true to disable announcement "You are the only person in this conference"
+DISABLE_SOUND_ALONE=false
+
+# maximum count of breakout rooms per meeting
+# Warning: increasing the limit of breakout rooms per meeting
+# can generate excessive overhead to the server. We recommend
+# this value to be kept under 12.
+BREAKOUTROOM_LIMIT=8
+
+# set to false to disable the learning dashboard
+ENABLE_LEARNING_DASHBOARD=true
+
+# ====================================
+# Tuning
+# ====================================
+# Default = 2; Min = 1; Max = 4
+# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
+NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
+
+# Default = 2; Min = 1; Max = 8
+# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
+# stretching the recommended number of users in BigBlueButton
+NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
+
+
+# ====================================
+# GREENLIGHT CONFIGURATION
+# ====================================
+
+# Microsoft Office365 Login Provider (optional)
+#
+# For in-depth steps on setting up a Office 365 Login Provider, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
+#
+OFFICE365_KEY=
+OFFICE365_SECRET=
+OFFICE365_HD=
+
+# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
+# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
+OAUTH2_REDIRECT=
+
+# LDAP Login Provider (optional)
+#
+# You can enable LDAP authentication by providing values for the variables below.
+# Configuring LDAP authentication will take precedence over all other providers.
+# For information about setting up LDAP, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
+#
+#   LDAP_SERVER=ldap.example.com
+#   LDAP_PORT=389
+#   LDAP_METHOD=plain
+#   LDAP_UID=uid
+#   LDAP_BASE=dc=example,dc=com
+#   LDAP_AUTH=simple
+#   LDAP_BIND_DN=cn=admin,dc=example,dc=com
+#   LDAP_PASSWORD=password
+#   LDAP_ROLE_FIELD=ou
+#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
+LDAP_SERVER=
+LDAP_PORT=
+LDAP_METHOD=
+LDAP_UID=
+LDAP_BASE=
+LDAP_BIND_DN=
+LDAP_AUTH=
+LDAP_PASSWORD=
+LDAP_ROLE_FIELD=
+LDAP_FILTER=
+
+# Set this to true if you want GreenLight to support user signup and login without
+# Omniauth. For more information, see:
+#
+#   https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
+#
+ALLOW_GREENLIGHT_ACCOUNTS=true
+
+SMTP_SERVER={{system_email_host}}
+SMTP_DOMAIN={{domain}}
+SMTP_PORT={{system_email_port}}
+SMTP_USERNAME={{system_email_username}}
+SMTP_PASSWORD={{system_email_password}}
+SMTP_AUTH=plain
+SMTP_OPENSSL_VERIFY_MODE=none
+SMTP_STARTTLS_AUTO=true
+SMTP_SENDER={{system_email_username}}
+SMTP_SENDER_EMAIL={{system_email_username}}
+
+# Prefix for the applications root URL.
+# Useful for deploying the application to a subdirectory, which is highly recommended
+# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
+# have to update your authentication callback URL's to reflect this change.
+#
+#   The recommended prefix is "/b".
+#
+RELATIVE_URL_ROOT="/b"
+
+# Specify which settings you would like the users to configure on room creation
+# or edit after the room has been created
+# By default, all settings are turned OFF.
+#
+# Current settings available:
+#   mute-on-join: Automatically mute users by default when they join a room
+#   require-moderator-approval: Require moderators to approve new users before they can join the room
+#   anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
+#   all-join-moderator: All users join as moderators in BigBlueButton
+ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
+
+# Specify the maximum number of records to be sent to the BigBlueButton API in one call
+# Default is set to 25 records
+PAGINATION_NUMBER=25
+
+# Specify the maximum number of rows that should be displayed per page for a paginated table
+# Default is set to 25 rows
+NUMBER_OF_ROWS=25
+
+# Specify if you want to display the Google Calendar button
+#   ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
+ENABLE_GOOGLE_CALENDAR_BUTTON=
+
+# Set the application into Maintenance Mode
+#
+# Current options supported:
+# true: Renders an error page that does not allow users to access any of the features in the application
+# false: Application runs normally
+MAINTENANCE_MODE=false
+
+# Displays a flash that appears to inform the user of a scheduled maintenance window
+# This variable should contain ONLY the date and time of the scheduled maintenance
+#
+# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
+MAINTENANCE_WINDOW=
+
+# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
+#
+# Defaults to the Github Issues Page for Greenlight
+# Button can be disabled by setting the value to blank
+#
+# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
+
+# The link to the Need help? button that appears on the Account Dropdown
+#
+# Defaults to the Greenlight documentation
+# Button can be disabled by setting the value to blank
+HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
+
+# Specify the default registration to be used by Greenlight until an administrator sets the
+# registration method
+# Allowed values are:
+#   open - For open registration
+#   invite - For invite only registration
+#   approval - For approve/decline registration
+DEFAULT_REGISTRATION=invite
--- a/roles/server_docker-bigbluebutton/templates/nginx-proxy.conf.j2
+++ b/roles/server_docker-bigbluebutton/templates/nginx-proxy.conf.j2
@@ -0,0 +1,29 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+map $remote_addr $endpoint_addr {
+    "~:"    [::1];
+    default    127.0.0.1;
+}
+
+server {
+  listen 443 ssl http2 default_server;
+  listen [::]:443 ssl http2 default_server;
+  server_name {{domain}};
+
+  ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
+
+  location / {
+    proxy_http_version 1.1;
+    proxy_pass http://$endpoint_addr:48087;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_cache_bypass $http_upgrade;
+  }
+}