From 8e9a75d149028e61d482d4e6f7be95c624537092 Mon Sep 17 00:00:00 2001
From: Felipe Cecagno <fcecagno@gmail.com>
Date: Thu, 9 Aug 2018 00:16:46 -0300
Subject: [PATCH] - reduce size of the bbb-html5 image - fix path of the html5
config file to apply METEOR_SETTINGS - remove TLS from coturn, in order to
keep the ssl certificate on traefik only - configure stun on bbb-web as well
- allow turn domain/address to be different from the server domain
---
bigbluebutton-html5/Dockerfile | 3 ++-
bigbluebutton-html5/docker-entrypoint.sh | 2 +-
bigbluebutton-web/turn-stun-servers.xml.tmpl | 12 ++++++---
labs/docker/coturn/turnserver.conf.tmpl | 7 -----
labs/docker/docker-compose.yml | 28 +++++++++++++-------
5 files changed, 30 insertions(+), 22 deletions(-)
diff --git a/bigbluebutton-html5/Dockerfile b/bigbluebutton-html5/Dockerfile
index 8e4b24cb17..bb8d36b01f 100644
--- a/bigbluebutton-html5/Dockerfile
+++ b/bigbluebutton-html5/Dockerfile
@@ -18,7 +18,8 @@ USER meteor
RUN cd /source \
&& meteor npm install \
- && meteor build --directory /app
+ && meteor build --directory /app \
+ && rm -r /source
ENV NODE_ENV production
diff --git a/bigbluebutton-html5/docker-entrypoint.sh b/bigbluebutton-html5/docker-entrypoint.sh
index 576313a793..951269c881 100755
--- a/bigbluebutton-html5/docker-entrypoint.sh
+++ b/bigbluebutton-html5/docker-entrypoint.sh
@@ -1,5 +1,5 @@
#!/bin/bash -e
-export METEOR_SETTINGS=` jq "${METEOR_SETTINGS_MODIFIER}" /source/private/config/settings-production.json `
+export METEOR_SETTINGS=` jq "${METEOR_SETTINGS_MODIFIER}" ./programs/server/assets/app/config/settings-production.json `
node main.js
diff --git a/bigbluebutton-web/turn-stun-servers.xml.tmpl b/bigbluebutton-web/turn-stun-servers.xml.tmpl
index 238ca04544..534aff2950 100644
--- a/bigbluebutton-web/turn-stun-servers.xml.tmpl
+++ b/bigbluebutton-web/turn-stun-servers.xml.tmpl
@@ -24,21 +24,27 @@ with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
">
+ <bean id="stun1" class="org.bigbluebutton.web.services.turn.StunServer">
+ <constructor-arg index="0" value="stun:{{ .Env.TURN_DOMAIN }}:3478"/>
+ </bean>
+
<bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
- <constructor-arg index="1" value="turn:{{ .Env.SERVER_DOMAIN }}:3478"/>
+ <constructor-arg index="1" value="turn:{{ .Env.TURN_DOMAIN }}:3478"/>
<constructor-arg index="2" value="86400"/>
</bean>
<bean id="turn2" class="org.bigbluebutton.web.services.turn.TurnServer">
<constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
- <constructor-arg index="1" value="turn:{{ .Env.SERVER_DOMAIN }}:5349?transport=tcp"/>
+ <constructor-arg index="1" value="turn:{{ .Env.TURN_DOMAIN }}:3478?transport=tcp"/>
<constructor-arg index="2" value="86400"/>
</bean>
<bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
<property name="stunServers">
- <set/>
+ <set>
+ <ref bean="stun1" />
+ </set>
</property>
<property name="turnServers">
<set>
diff --git a/labs/docker/coturn/turnserver.conf.tmpl b/labs/docker/coturn/turnserver.conf.tmpl
index 209455fa3f..c9810fb822 100644
--- a/labs/docker/coturn/turnserver.conf.tmpl
+++ b/labs/docker/coturn/turnserver.conf.tmpl
@@ -1,16 +1,9 @@
listening-port={{ .Env.PORT }}
-tls-listening-port={{ .Env.PORT_TLS}}
min-port=49152
max-port=65535
fingerprint
lt-cred-mech
realm={{ .Env.SERVER_DOMAIN }}
-cert={{ .Env.SSL_CERT_PATH }}
-pkey={{ .Env.SSL_KEY_PATH }}
-cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AES256"
-dh-file={{ .Env.SSL_DHPARAM_PATH }}
-no-tlsv1
-no-tlsv1_1
external-ip={{ .Env.EXTERNAL_IP }}
{{ if isTrue .Env.ENABLE_REST_API }}
diff --git a/labs/docker/docker-compose.yml b/labs/docker/docker-compose.yml
index be9b3cbc46..2bd8abbc75 100644
--- a/labs/docker/docker-compose.yml
+++ b/labs/docker/docker-compose.yml
@@ -64,22 +64,15 @@ services:
coturn:
image: ${TAG_PREFIX}bbb-coturn${TAG_SUFFIX}
restart: unless-stopped
- volumes:
- - ssl-conf:/etc/nginx/ssl
environment:
- SERVER_DOMAIN: ${SERVER_DOMAIN}
- SSL_CERT_PATH: /etc/nginx/ssl/live/${SERVER_DOMAIN}/fullchain.pem
- SSL_KEY_PATH: /etc/nginx/ssl/live/${SERVER_DOMAIN}/privkey.pem
- SSL_DHPARAM_PATH: /etc/nginx/ssl/dhp-2048.pem
+ TURN_DOMAIN: ${SERVER_DOMAIN}
SECRET: ${COTURN_REST_SECRET}
EXTERNAL_IP: ${EXTERNAL_IP}
ENABLE_REST_API: 1
PORT: 3478
- PORT_TLS: 5349
ports:
- 3478:3478/udp
- 3478:3478/tcp
- - 5349:5349/tcp
kurento:
image: ${TAG_PREFIX}bbb-kurento${TAG_SUFFIX}
@@ -119,6 +112,7 @@ services:
environment:
SERVER_DOMAIN: ${SERVER_DOMAIN}
SHARED_SECRET: ${SHARED_SECRET}
+ TURN_DOMAIN: ${SERVER_DOMAIN}
TURN_SECRET: ${COTURN_REST_SECRET}
labels:
- "traefik.backend=bbb-web"
@@ -143,12 +137,26 @@ services:
- 80:80
- 8080:8080
- 443:443
- command: traefik --docker --defaultentrypoints=http
+ command: traefik
+ - --docker
+ - --logLevel=INFO
+ - --acme
+ - --acme.httpchallenge
+ - --acme.httpchallenge.entrypoint=http
+ - --acme.acmelogging
+ - --acme.storage=/etc/traefik/acme/acme.json
+ - --acme.email=felipe@mconf.com
+ - --acme.entrypoint=https
+ - --acme.domains=${SERVER_DOMAIN}
+ - --defaultentrypoints=http,https
+ - --entryPoints='Name:http Address::80 Redirect.EntryPoint:https'
+ - --entryPoints='Name:https Address::443 TLS'
volumes:
+ - traefik-acme:/etc/traefik/acme/
- /var/run/docker.sock:/var/run/docker.sock
volumes:
- ssl-conf:
+ traefik-acme:
static:
bigbluebutton:
media-audio:
--
GitLab