kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 10:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8af39c32ec6701da75088730c11346ede3045fe9
computer-playbook/roles/web-app-bigbluebutton/templates/env.j2
Kevin Veen-Birkenbach 73a38e0b2b Refactor TURN/STUN handling: 
- Split internal/external Coturn for BBB and Nextcloud
- Added dedicated relay port ranges per app
- Updated env and compose overrides for coturn
- Ensure coturn role is loaded conditionally
- Standardize credential/env passing for coturn
@See https://chatgpt.com/share/68d6f376-4878-800f-b4f7-62822caa49ea
2025-09-26 22:11:55 +02:00

299 lines
10 KiB
Django/Jinja
Raw Blame History

# Coturn
ENABLE_COTURN={{ BBB_INTERNAL_COTURN_ENABLED }}
## Credentials
COTURN_TLS_CERT_PATH={{ BBB_COTURN_TLS_CERT_PATH }}
COTURN_TLS_KEY_PATH={{ BBB_COTURN_TLS_KEY_PATH }}
ENABLE_GREENLIGHT={{ BBB_GREENLIGHT_ENABLED }}
# Enable Webhooks
# used by some integrations
#ENABLE_WEBHOOKS=true
# Prometheus Exporter
# serves the bigbluebutton-exporter under following URL:
# https://yourdomain/bbb-exporter
#ENABLE_PROMETHEUS_EXPORTER=true
#ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=true
# Recording
# IMPORTANT: this is currently a big privacy issues, because it will
# record everything which happens in the conference, even when the button
# suggets, that it does not.
# https://github.com/bigbluebutton/bigbluebutton/issues/9202
# make sure that you get peoples consent, before they join a room
ENABLE_RECORDING=false
REMOVE_OLD_RECORDING=true
RECORDING_MAX_AGE_DAYS=365
# ====================================
# SECRETS
# ====================================
# important! change these to any random values
SHARED_SECRET={{ BBB_SHARED_SECRET }}
ETHERPAD_API_KEY={{ BBB_ETHERPAD_API_KEY }}
RAILS_SECRET={{ BBB_RAILS_SECRET }}
POSTGRESQL_SECRET={{ BBB_POSTGRESQL_SECRET }}
FSESL_PASSWORD={{ BBB_FSESL_PASSWORD }}
# ====================================
# CONNECTION
# ====================================
DOMAIN={{ domain }}
# IP
EXTERNAL_IPv4={{ networks.internet.ip4 }}
{% if BBB_IP6_ENABLED %}
EXTERNAL_IPv6={{ networks.internet.ip6 }}
{% endif %}
# STUN SERVER
# stun.freeswitch.org
STUN_IP={{ BBB_TURN_DOMAIN }}
STUN_PORT={{ BBB_STUN_PORT }}
# TURN SERVER
TURN_SERVER=turns:{{ BBB_TURN_DOMAIN }}:{{ BBB_TURN_PORT }}?transport=tcp
TURN_SECRET={{ BBB_TURN_SECRET }}
# Allowed SIP IPs
# due to high traffic caused by bots, by default the SIP port is blocked.
# but you can allow access by your providers IP or IP ranges (comma seperated)
# Hint: if you want to allow requests from every IP, you can use 0.0.0.0/0
SIP_IP_ALLOWLIST=
# ====================================
# CUSTOMIZATION
# ====================================
CLIENT_TITLE=BigBlueButton
# use following lines to replace the default welcome message and footer
WELCOME_MESSAGE="Welcome to <b>%%CONFNAME%%</b>!<br><br>For help on using BigBlueButton see these (short) <a href='https://www.bigbluebutton.org/html5' target='_blank'><u>tutorial videos</u></a>.<br><br>To join the audio bridge click the speaker button. Use a headset to avoid causing background noise for others."
WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/'' target='_blank'><u>BigBlueButton</u></a>."
# use following line for an additional SIP dial-in message
#WELCOME_FOOTER="This server is running <a href='https://docs.bigbluebutton.org/' target='_blank'><u>BigBlueButton</u></a>. <br><br>To join this meeting by phone, dial:<br> INSERT_YOUR_PHONE_NUMBER_HERE<br>Then enter %%CONFNUM%% as the conference PIN number."
# for a different default presentation, place the pdf file in ./conf/ and
# adjust the following path
DEFAULT_PRESENTATION=./mod/nginx/default.pdf
# language of sound announcements
# options:
# - en-ca-june - EN Canadian June
# - en-us-allison - US English Allison
# - en-us-callie - US English Callie
# - de-de-daedalus3 - German by Daedalus3 (https://github.com/Daedalus3/freeswitch-german-soundfiles)
# - es-ar-mario - Spanish/Argentina Mario
# - fr-ca-june - FR Canadian June
# - pt-br-karina - Brazilian Portuguese Karina
# - ru-RU-elena - RU Russian Elena
# - ru-RU-kirill - RU Russian Kirill
# - ru-RU-vika - RU Russian Viktoriya
# - sv-se-jakob - Swedish (Sweden) Jakob
# - zh-cn-sinmei - Chinese/China Sinmei
# - zh-hk-sinmei - Chinese/Hong Kong Sinmei
SOUNDS_LANGUAGE=en-us-callie
# set to false to disable listenOnlyMode
LISTEN_ONLY_MODE=true
# set to true to disable echo test
DISABLE_ECHO_TEST=false
# set to true to automatically share webcam
AUTO_SHARE_WEBCAM=false
# set to true to disable video preview for webcam sharing
DISABLE_VIDEO_PREVIEW=false
# set to false to disable chat
CHAT_ENABLED=true
# set to true to start chat closed
CHAT_START_CLOSED=false
# set to true to disable announcements "You are now (un-)muted"
DISABLE_SOUND_MUTED=false
# set to true to disable announcement "You are the only person in this conference"
DISABLE_SOUND_ALONE=false
# maximum count of breakout rooms per meeting
# Warning: increasing the limit of breakout rooms per meeting
# can generate excessive overhead to the server. We recommend
# this value to be kept under 12.
BREAKOUTROOM_LIMIT=8
# set to false to disable the learning dashboard
ENABLE_LEARNING_DASHBOARD=true
# ====================================
# Tuning
# ====================================
# Default = 2; Min = 1; Max = 4
# On powerful systems with high number of meetings you can set values up to 4 to accelerate handling of events
NUMBER_OF_BACKEND_NODEJS_PROCESSES=2
# Default = 2; Min = 1; Max = 8
# Set a number between 1 and 4 times the value of NUMBER_OF_BACKEND_NODEJS_PROCESSES where higher number helps with meetings
# stretching the recommended number of users in BigBlueButton
NUMBER_OF_FRONTEND_NODEJS_PROCESSES=2
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
# Microsoft Office365 Login Provider (optional)
#
# For in-depth steps on setting up a Office 365 Login Provider, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#office365-oauth2
#
OFFICE365_KEY=
OFFICE365_SECRET=
OFFICE365_HD=
# OAUTH2_REDIRECT allows you to specify the redirect_url passed to oauth on sign in.
# It is useful for cases when Greenlight is deployed behind a Network Load Balancer or proxy
OAUTH2_REDIRECT=
{% if BBB_LDAP_ENABLED | bool %}
# LDAP Login Provider (optional)
#
# You can enable LDAP authentication by providing values for the variables below.
# Configuring LDAP authentication will take precedence over all other providers.
# For information about setting up LDAP, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-config.html#ldap-auth
#
# LDAP_SERVER=ldap.example.com
# LDAP_PORT=389
# LDAP_METHOD=plain
# LDAP_UID={{ LDAP.USER.ATTRIBUTES.ID }}
# LDAP_BASE=dc=example,dc=com
# LDAP_AUTH=simple
# LDAP_BIND_DN=cn=admin,dc=example,dc=com
# LDAP_PASSWORD=password
# LDAP_ROLE_FIELD=ou
# LDAP_FILTER=(&(attr1=value1)(attr2=value2))
LDAP_SERVER="{{ LDAP.SERVER.DOMAIN }}"
LDAP_PORT="{{ LDAP.SERVER.PORT }}"
LDAP_METHOD=
LDAP_UID={{ LDAP.USER.ATTRIBUTES.ID }}
LDAP_BASE="{{ LDAP.DN.ROOT }}"
LDAP_BIND_DN="{{ LDAP.DN.ADMINISTRATOR.DATA }}"
LDAP_AUTH=password
LDAP_PASSWORD="{{ LDAP.BIND_CREDENTIAL }}"
LDAP_ROLE_FIELD=
LDAP_FILTER=
{% endif %}
# ====================================
# GREENLIGHT CONFIGURATION
# ====================================
# Set this to true if you want GreenLight to support user signup and login without
# Omniauth. For more information, see:
#
# https://docs.bigbluebutton.org/greenlight/gl-overview.html#accounts-and-profile
#
ALLOW_GREENLIGHT_ACCOUNTS=true
### SMTP CONFIGURATION
# Emails are required for the basic features of Greenlight to function.
# Please refer to your SMTP provider to get the values for the variables below
SMTP_SERVER={{ SYSTEM_EMAIL.HOST }}
SMTP_DOMAIN={{ SYSTEM_EMAIL.DOMAIN }}
SMTP_PORT={{ SYSTEM_EMAIL.PORT }}
SMTP_USERNAME={{ users['no-reply'].email }}
SMTP_PASSWORD={{ users['no-reply'].mailu_token }}
SMTP_AUTH=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_STARTTLS_AUTO={{ SYSTEM_EMAIL.START_TLS | lower }}
SMTP_STARTTLS={{ SYSTEM_EMAIL.START_TLS | lower }}
SMTP_TLS={{ SYSTEM_EMAIL.TLS | lower }}
SMTP_SSL_VERIFY=true
SMTP_SENDER={{ users['no-reply'].email }}
SMTP_SENDER_EMAIL={{ users['no-reply'].email }}
# Prefix for the applications root URL.
# Useful for deploying the application to a subdirectory, which is highly recommended
# if deploying on a BigBlueButton server. Keep in mind that if you change this, you'll
# have to update your authentication callback URL's to reflect this change.
#
# The recommended prefix is "/b".
#
RELATIVE_URL_ROOT="/b"
# Specify which settings you would like the users to configure on room creation
# or edit after the room has been created
# By default, all settings are turned OFF.
#
# Current settings available:
# mute-on-join: Automatically mute users by default when they join a room
# require-moderator-approval: Require moderators to approve new users before they can join the room
# anyone-can-start: Allows anyone with the join url to start the room in BigBlueButton
# all-join-moderator: All users join as moderators in BigBlueButton
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start,all-join-moderator
# Specify the maximum number of records to be sent to the BigBlueButton API in one call
# Default is set to 25 records
PAGINATION_NUMBER=25
# Specify the maximum number of rows that should be displayed per page for a paginated table
# Default is set to 25 rows
NUMBER_OF_ROWS=25
# Specify if you want to display the Google Calendar button
# ENABLE_GOOGLE_CALENDAR_BUTTON=true|false
ENABLE_GOOGLE_CALENDAR_BUTTON=
# Set the application into Maintenance Mode
#
# Current options supported:
# true: Renders an error page that does not allow users to access any of the features in the application
# false: Application runs normally
MAINTENANCE_MODE=false
# Displays a flash that appears to inform the user of a scheduled maintenance window
# This variable should contain ONLY the date and time of the scheduled maintenance
#
# Ex: MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST
MAINTENANCE_WINDOW=
# The link to the Report an Issue button that appears on the 500 page and in the Account Dropdown
#
# Defaults to the Github Issues Page for Greenlight
# Button can be disabled by setting the value to blank
#
# REPORT_ISSUE_URL=https://github.com/bigbluebutton/greenlight/issues/new
# The link to the Need help? button that appears on the Account Dropdown
#
# Defaults to the Greenlight documentation
# Button can be disabled by setting the value to blank
HELP_URL=https://docs.bigbluebutton.org/greenlight/gl-overview.html
# Specify the default registration to be used by Greenlight until an administrator sets the
# registration method
# Allowed values are:
# open - For open registration
# invite - For invite only registration
# approval - For approve/decline registration
DEFAULT_REGISTRATION=invite
{% if BBB_OIDC_ENABLED | bool %}
### EXTERNAL AUTHENTICATION METHODS
# @See https://docs.bigbluebutton.org/greenlight/v3/external-authentication/
#
OPENID_CONNECT_CLIENT_ID={{ OIDC.CLIENT.ID }}
OPENID_CONNECT_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
OPENID_CONNECT_ISSUER={{ OIDC.CLIENT.ISSUER_URL }}
OPENID_CONNECT_REDIRECT={{ domains | get_url(application_id, WEB_PROTOCOL) }}
# OPENID_CONNECT_UID_FIELD=sub default
{% endif %}
Reference in New Issue View Git Blame Copy Permalink