jitsimeet_ prefix for vars + ansible.builtin. prefix for modules
This commit is contained in:
parent
9ed3fd6e3c
commit
41e8f376ee
|
@ -29,7 +29,7 @@ Exemple de playbook
|
|||
- all
|
||||
vars:
|
||||
# Supplanter ici les variables du rôle
|
||||
domains: ['votre-vrai-domaine.org']
|
||||
jitsimeet_domains: ['votre-vrai-domaine.org']
|
||||
service: 'mon-jitsimeet'
|
||||
|
||||
roles:
|
||||
|
|
|
@ -29,7 +29,7 @@ Example Playbook
|
|||
- all
|
||||
vars:
|
||||
# Overwrite the role variables here
|
||||
domains: ['your-real-domain.org']
|
||||
jitsimeet_domains: ['your-real-domain.org']
|
||||
service: 'my-jitsimeet'
|
||||
|
||||
roles:
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
---
|
||||
# defaults file for main vars
|
||||
|
||||
system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
||||
jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
||||
|
||||
domains: ['jitsi.example.net']
|
||||
turn_domains: ['turn.jitsi.example.net']
|
||||
certbot_admin_email: 'security@example.net'
|
||||
jitsimeet_domains: ['jitsi.example.net']
|
||||
jitsimeet_turn_domains: ['turn.jitsi.example.net']
|
||||
jitsimeet_certbot_admin_email: 'security@example.net'
|
||||
|
||||
jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
|
||||
jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||
jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||
jitsi_meet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
|
||||
jitsi_meet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
|
||||
jitsi_meet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
|
||||
colibri_ext_port: '8443'
|
||||
jitsimeet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
|
||||
jitsimeet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||
jitsimeet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||
jitsimeet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
|
||||
jitsimeet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
|
||||
jitsimeet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
|
||||
jitsimeet_colibri_ext_port: '8443'
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
# tasks file for jitsimeet install
|
||||
|
||||
- name: Set FQDN
|
||||
command: "hostnamectl set-hostname {{ domains | first }}"
|
||||
#- name: Set FQDN
|
||||
# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}"
|
||||
|
||||
- name: Add Prosody apt repository key
|
||||
ansible.builtin.get_url:
|
||||
|
@ -12,7 +12,12 @@
|
|||
force: true
|
||||
|
||||
- name: Add Jitsi Meet apt repository key + dearmor hack
|
||||
shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
|
||||
ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
|
||||
|
||||
- name: Adjust permissions of gpg key
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/trusted.gpg.d/jitsimeet.gpg
|
||||
mode: '0644'
|
||||
|
||||
- name: Add Prosody apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
|
@ -26,7 +31,7 @@
|
|||
|
||||
- name: Install system dependencies
|
||||
ansible.builtin.apt:
|
||||
name: "{{ system_dep }}"
|
||||
name: "{{ jitsimeet_system_dep }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
|
@ -39,23 +44,23 @@
|
|||
loop:
|
||||
- name: jitsi-videobridge2
|
||||
question: jitsi-videobridge/jvb-hostname
|
||||
value: "{{ domains | first }}"
|
||||
value: "{{ jitsimeet_domains | first }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-choice
|
||||
value: "{{ jitsi_meet_cert_choice }}"
|
||||
value: "{{ jitsimeet_cert_choice }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-path-crt
|
||||
value: "{{ jitsi_meet_ssl_cert_path }}"
|
||||
value: "{{ jitsimeet_ssl_cert_path }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-web-config
|
||||
question: jitsi-meet/cert-path-key
|
||||
value: "{{ jitsi_meet_ssl_key_path }}"
|
||||
value: "{{ jitsimeet_ssl_key_path }}"
|
||||
vtype: string
|
||||
- name: jitsi-meet-prosody
|
||||
question: jitsi-meet-prosody/turn-secret
|
||||
value: "{{ jitsi_meet_turn_secret }}"
|
||||
value: "{{ jitsimeet_turn_secret }}"
|
||||
vtype: string
|
||||
|
||||
- name: Install Jitsi Meet
|
||||
|
@ -70,7 +75,7 @@
|
|||
state: present
|
||||
|
||||
- name: Add certs dir for coturn/letsencrypt if needed
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: "{{ item.mode }}"
|
||||
|
@ -83,7 +88,7 @@
|
|||
- { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }
|
||||
|
||||
- name: Template config files
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
|
@ -92,10 +97,10 @@
|
|||
loop:
|
||||
- { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||
- { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
||||
- { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
|
||||
- { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }
|
||||
|
||||
|
@ -110,10 +115,10 @@
|
|||
}
|
||||
|
||||
- name: Unregister default jvb account in prosody
|
||||
ansible.builtin.command: prosodyctl unregister jvb auth.{{ domains | first }}
|
||||
ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
|
||||
|
||||
- name: Register jvb account in prosody (with proper secret)
|
||||
ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }}
|
||||
ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
|
||||
|
||||
- name: Restart prosody
|
||||
ansible.builtin.service:
|
||||
|
@ -131,75 +136,75 @@
|
|||
state: restarted
|
||||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
block:
|
||||
- name: Template vhost without SSL for successfull LE challengce
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "nginx/vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
- name: Enable temporary nginx vhost
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||
state: link
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/letsencrypt
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domains |first }}.conf" }
|
||||
- { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" }
|
||||
- { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }
|
||||
|
||||
- name: Enable multiplex module conf
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/modules-available/multiplex.conf'
|
||||
dest: '/etc/nginx/modules-enabled/multiplex.conf'
|
||||
state: link
|
||||
|
||||
- name: Enable nginx vhost
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: Check if SSL certificate for coturn is present and register result
|
||||
stat:
|
||||
path: "/etc/coturn/certs/{{ turn_domains |first }}.crt"
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
|
||||
register: ssl_coturn
|
||||
|
||||
- name: Generate certificate for coturn with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ turn_domains |first }}
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
|
||||
when: ssl_coturn.stat.exists != true
|
||||
|
||||
- name: Setup other domains if any
|
||||
include_tasks: other_domains.yml
|
||||
loop: "{{ domains[1:] }}"
|
||||
loop: "{{ jitsimeet_domains[1:] }}"
|
||||
loop_control:
|
||||
loop_var: domain
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# tasks file for other domains if any
|
||||
|
||||
- name: Template config files
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner }}"
|
||||
|
@ -13,59 +13,59 @@
|
|||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||
|
||||
- name: Check if SSL certificate is present and register result
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: Generate certificate only if required (first time)
|
||||
block:
|
||||
- name: Template vhost without SSL for successfull LE challengce
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "nginx/other.vhost.conf.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
- name: Enable temporary nginx vhost
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||
state: link
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/letsencrypt
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate certificate with certbot
|
||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domain }}
|
||||
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||
when: ssl.stat.exists != true
|
||||
|
||||
- name: (Re)check if SSL certificate is present and register result
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||
register: ssl
|
||||
|
||||
- name: (Re)template conf file for nginx vhost with SSL
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
loop:
|
||||
- { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
|
||||
|
||||
- name: Insert block in multiplex.conf
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/nginx/modules-enabled/multiplex.conf
|
||||
insertafter: "web_backend;"
|
||||
line: "{{ domain }} web_backend;"
|
||||
|
||||
- name: Enable nginx vhost
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||
state: link
|
||||
|
||||
- name: Reload nginx conf
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
|
|
@ -6,7 +6,7 @@ set -e
|
|||
|
||||
for domain in $RENEWED_DOMAINS; do
|
||||
case $domain in
|
||||
{{ turn_domains | first }})
|
||||
{{ jitsimeet_turn_domains | first }})
|
||||
daemon_cert_root=/etc/coturn/certs
|
||||
|
||||
# Make sure the certificate and private key files are
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# jitsi-meet coturn config. Do not modify this line
|
||||
use-auth-secret
|
||||
keep-address-family
|
||||
static-auth-secret={{ jitsi_meet_turn_secret }}
|
||||
realm={{ turn_domains | first }}
|
||||
cert=/etc/coturn/certs/{{ turn_domains | first }}.crt
|
||||
pkey=/etc/coturn/certs/{{ turn_domains | first }}.key
|
||||
static-auth-secret={{ jitsimeet_turn_secret }}
|
||||
realm={{ jitsimeet_turn_domains | first }}
|
||||
cert=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.crt
|
||||
pkey=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.key
|
||||
no-multicast-peers
|
||||
no-cli
|
||||
#no-loopback-peers
|
||||
|
|
|
@ -30,31 +30,31 @@ var config = {
|
|||
|
||||
hosts: {
|
||||
// XMPP domain.
|
||||
domain: '{{ domains | first }}',
|
||||
domain: '{{ jitsimeet_domains | first }}',
|
||||
|
||||
// When using authentication, domain for guest users.
|
||||
// anonymousdomain: 'guest.example.com',
|
||||
|
||||
// Domain for authenticated users. Defaults to <domain>.
|
||||
// authdomain: '{{ domains | first }}',
|
||||
// authdomain: '{{ jitsimeet_domains | first }}',
|
||||
|
||||
// Focus component domain. Defaults to focus.<domain>.
|
||||
// focus: 'focus.{{ domains | first }}',
|
||||
// focus: 'focus.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||
muc: 'conference.' + subdomain + '{{ domains | first }}',
|
||||
muc: 'conference.' + subdomain + '{{ jitsimeet_domains | first }}',
|
||||
},
|
||||
|
||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||
bosh: 'https://{{ domains | first }}/' + subdir + 'http-bind',
|
||||
bosh: 'https://{{ jitsimeet_domains | first }}/' + subdir + 'http-bind',
|
||||
|
||||
// Websocket URL (XMPP)
|
||||
websocket: 'wss://{{ domains | first }}/' + subdir + 'xmpp-websocket',
|
||||
websocket: 'wss://{{ jitsimeet_domains | first }}/' + subdir + 'xmpp-websocket',
|
||||
|
||||
// The real JID of focus participant - can be overridden here
|
||||
// Do not change username - FIXME: Make focus username configurable
|
||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||
// focusUserJid: 'focus@auth.{{ domains | first }}',
|
||||
// focusUserJid: 'focus@auth.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// Options related to the bridge (colibri) data channel
|
||||
bridgeChannel: {
|
||||
|
@ -302,9 +302,9 @@ var config = {
|
|||
// appKey: '<APP_KEY>', // Specify your app key here.
|
||||
// // A URL to redirect the user to, after authenticating
|
||||
// // by default uses:
|
||||
// // 'https://{{ domains | first }}/static/oauth.html'
|
||||
// // 'https://{{ jitsimeet_domains | first }}/static/oauth.html'
|
||||
// redirectURI:
|
||||
// 'https://{{ domains | first }}/subfolder/static/oauth.html',
|
||||
// 'https://{{ jitsimeet_domains | first }}/subfolder/static/oauth.html',
|
||||
// },
|
||||
|
||||
// recordingService: {
|
||||
|
@ -947,7 +947,7 @@ var config = {
|
|||
// The STUN servers that will be used in the peer to peer connections
|
||||
stunServers: [
|
||||
|
||||
{ urls: 'stun:{{ turn_domains | first }}:3478' },
|
||||
{ urls: 'stun:{{ jitsimeet_turn_domains | first }}:3478' },
|
||||
//{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
|
||||
],
|
||||
},
|
||||
|
@ -1301,7 +1301,7 @@ var config = {
|
|||
// The URL of the moderated rooms microservice, if available. If it
|
||||
// is present, a link to the service will be rendered on the welcome page,
|
||||
// otherwise the app doesn't render it.
|
||||
// moderatedRoomServiceUrl: 'https://moderated.{{ domains | first }}',
|
||||
// moderatedRoomServiceUrl: 'https://moderated.{{ jitsimeet_domains | first }}',
|
||||
|
||||
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||
// disableTileView: true,
|
||||
|
|
|
@ -63,7 +63,7 @@ var interfaceConfig = {
|
|||
*/
|
||||
DISABLE_VIDEO_BACKGROUND: false,
|
||||
|
||||
DISPLAY_WELCOME_FOOTER: {{ welcome_footer }},
|
||||
DISPLAY_WELCOME_FOOTER: {{ jitsimeet_welcome_footer }},
|
||||
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
||||
DISPLAY_WELCOME_PAGE_CONTENT: true,
|
||||
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
stream {
|
||||
map $ssl_preread_server_name $name {
|
||||
{{ domains | first }} web_backend;
|
||||
{{ turn_domains | first }} turn_backend;
|
||||
{{ jitsimeet_domains | first }} web_backend;
|
||||
{{ jitsimeet_turn_domains | first }} turn_backend;
|
||||
}
|
||||
|
||||
upstream web_backend {
|
||||
|
|
|
@ -105,7 +105,7 @@ server {
|
|||
proxy_pass http://prosody/room-info?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host {{ domains | first }};
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
}
|
||||
|
||||
location ~ ^/_api/public/(.*)$ {
|
||||
|
@ -130,7 +130,7 @@ server {
|
|||
proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host {{ domains | first }};
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
proxy_set_header Connection "";
|
||||
}
|
||||
|
||||
|
@ -141,7 +141,7 @@ server {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host {{ domains | first }};
|
||||
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ map $arg_vnode $prosody_node {
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ domains | first }} {{ turn_domains | first }};
|
||||
server_name {{ jitsimeet_domains | first }} {{ jitsimeet_turn_domains | first }};
|
||||
|
||||
# For certbot
|
||||
location ~ /.well-known/acme-challenge {
|
||||
|
@ -50,7 +50,7 @@ server {
|
|||
server {
|
||||
listen 8088 ssl http2;
|
||||
listen [::]:8088 ssl http2;
|
||||
server_name {{ domains | first }};
|
||||
server_name {{ jitsimeet_domains | first }};
|
||||
|
||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||
error_log /var/log/nginx/{{ service }}.error.log;
|
||||
|
@ -74,16 +74,16 @@ server {
|
|||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
set $prefix "";
|
||||
set $custom_index "";
|
||||
set $config_js_location /etc/jitsi/meet/{{ domains | first }}-config.js;
|
||||
set $interface_config_js_location /etc/jitsi/meet/{{ domains | first }}-interface_config.js;
|
||||
set $config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js;
|
||||
set $interface_config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js;
|
||||
set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
|
||||
|
||||
##
|
||||
# Certificates
|
||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||
##
|
||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||
|
||||
root /usr/share/jitsi-meet;
|
||||
|
||||
|
@ -240,10 +240,10 @@ server {
|
|||
|
||||
## Pour communiquer les stats colibri à un serveur externe Grafana
|
||||
server {
|
||||
listen {{ colibri_ext_port }} ssl http2;
|
||||
listen [::]:{{ colibri_ext_port }} ssl http2;
|
||||
listen {{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||
listen [::]:{{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||
|
||||
server_name {{ domains | first }};
|
||||
server_name {{ jitsimeet_domains | first }};
|
||||
|
||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
@ -256,8 +256,8 @@ server {
|
|||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||
|
||||
-- domain mapper options, must at least have domain base set to use the mapper
|
||||
muc_mapper_domain_base = "{{ domains | first }}";
|
||||
muc_mapper_domain_base = "{{ jitsimeet_domains | first }}";
|
||||
|
||||
external_service_secret = "{{ jitsi_meet_turn_secret }}";
|
||||
external_service_secret = "{{ jitsimeet_turn_secret }}";
|
||||
external_services = {
|
||||
{ type = "stun", host = "{{ turn_domains | first }}", port = 3478 },
|
||||
{ type = "turn", host = "{{ turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||
{ type = "turns", host = "{{ turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||
{ type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 },
|
||||
{ type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||
{ type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||
};
|
||||
|
||||
cross_domain_bosh = false;
|
||||
|
@ -33,11 +33,11 @@ ssl = {
|
|||
}
|
||||
|
||||
unlimited_jids = {
|
||||
"focus@auth.{{ domains | first }}",
|
||||
"jvb@auth.{{ domains | first }}"
|
||||
"focus@auth.{{ jitsimeet_domains | first }}",
|
||||
"jvb@auth.{{ jitsimeet_domains | first }}"
|
||||
}
|
||||
|
||||
VirtualHost "{{ domains | first }}"
|
||||
VirtualHost "{{ jitsimeet_domains | first }}"
|
||||
authentication = "jitsi-anonymous" -- do not delete me
|
||||
-- Properties below are modified by jitsi-meet-tokens package config
|
||||
-- and authentication above is switched to "token"
|
||||
|
@ -48,13 +48,13 @@ VirtualHost "{{ domains | first }}"
|
|||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||
-- use the global one.
|
||||
ssl = {
|
||||
key = "/etc/prosody/certs/{{ domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/{{ domains | first }}.crt";
|
||||
key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt";
|
||||
}
|
||||
av_moderation_component = "avmoderation.{{ domains | first }}"
|
||||
speakerstats_component = "speakerstats.{{ domains | first }}"
|
||||
conference_duration_component = "conferenceduration.{{ domains | first }}"
|
||||
end_conference_component = "endconference.{{ domains | first }}"
|
||||
av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}"
|
||||
speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}"
|
||||
conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}"
|
||||
end_conference_component = "endconference.{{ jitsimeet_domains | first }}"
|
||||
-- we need bosh
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
|
@ -72,13 +72,13 @@ VirtualHost "{{ domains | first }}"
|
|||
"room_metadata";
|
||||
}
|
||||
c2s_require_encryption = false
|
||||
lobby_muc = "lobby.{{ domains | first }}"
|
||||
breakout_rooms_muc = "breakout.{{ domains | first }}"
|
||||
room_metadata_component = "metadata.{{ domains | first }}"
|
||||
main_muc = "conference.{{ domains | first }}"
|
||||
-- muc_lobby_whitelist = { "recorder.{{ domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||
lobby_muc = "lobby.{{ jitsimeet_domains | first }}"
|
||||
breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}"
|
||||
room_metadata_component = "metadata.{{ jitsimeet_domains | first }}"
|
||||
main_muc = "conference.{{ jitsimeet_domains | first }}"
|
||||
-- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||
|
||||
Component "conference.{{ domains | first }}" "muc"
|
||||
Component "conference.{{ jitsimeet_domains | first }}" "muc"
|
||||
restrict_room_creation = true
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
|
@ -90,14 +90,14 @@ Component "conference.{{ domains | first }}" "muc"
|
|||
"muc_rate_limit";
|
||||
"muc_password_whitelist";
|
||||
}
|
||||
admins = { "focus@auth.{{ domains | first }}" }
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_password_whitelist = {
|
||||
"focus@auth.{{ domains | first }}"
|
||||
"focus@auth.{{ jitsimeet_domains | first }}"
|
||||
}
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
Component "breakout.{{ domains | first }}" "muc"
|
||||
Component "breakout.{{ jitsimeet_domains | first }}" "muc"
|
||||
restrict_room_creation = true
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
|
@ -107,25 +107,25 @@ Component "breakout.{{ domains | first }}" "muc"
|
|||
"muc_rate_limit";
|
||||
"polls";
|
||||
}
|
||||
admins = { "focus@auth.{{ domains | first }}" }
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
-- internal muc component
|
||||
Component "internal.auth.{{ domains | first }}" "muc"
|
||||
Component "internal.auth.{{ jitsimeet_domains | first }}" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_hide_all";
|
||||
"ping";
|
||||
}
|
||||
admins = { "focus@auth.{{ domains | first }}", "jvb@auth.{{ domains | first }}" }
|
||||
admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" }
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
VirtualHost "auth.{{ domains | first }}"
|
||||
VirtualHost "auth.{{ jitsimeet_domains | first }}"
|
||||
ssl = {
|
||||
key = "/etc/prosody/certs/auth.{{ domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/auth.{{ domains | first }}.crt";
|
||||
key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key";
|
||||
certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"limits_exception";
|
||||
|
@ -133,22 +133,22 @@ VirtualHost "auth.{{ domains | first }}"
|
|||
authentication = "internal_hashed"
|
||||
|
||||
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
||||
Component "focus.{{ domains | first }}" "client_proxy"
|
||||
target_address = "focus@auth.{{ domains | first }}"
|
||||
Component "focus.{{ jitsimeet_domains | first }}" "client_proxy"
|
||||
target_address = "focus@auth.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "speakerstats.{{ domains | first }}" "speakerstats_component"
|
||||
muc_component = "conference.{{ domains | first }}"
|
||||
Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "conferenceduration.{{ domains | first }}" "conference_duration_component"
|
||||
muc_component = "conference.{{ domains | first }}"
|
||||
Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "endconference.{{ domains | first }}" "end_conference"
|
||||
muc_component = "conference.{{ domains | first }}"
|
||||
Component "endconference.{{ jitsimeet_domains | first }}" "end_conference"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "avmoderation.{{ domains | first }}" "av_moderation_component"
|
||||
muc_component = "conference.{{ domains | first }}"
|
||||
Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
|
||||
Component "lobby.{{ domains | first }}" "muc"
|
||||
Component "lobby.{{ jitsimeet_domains | first }}" "muc"
|
||||
storage = "memory"
|
||||
restrict_room_creation = true
|
||||
muc_room_locking = false
|
||||
|
@ -159,6 +159,6 @@ Component "lobby.{{ domains | first }}" "muc"
|
|||
"polls";
|
||||
}
|
||||
|
||||
Component "metadata.{{ domains | first }}" "room_metadata_component"
|
||||
muc_component = "conference.{{ domains | first }}"
|
||||
breakout_rooms_component = "breakout.{{ domains | first }}"
|
||||
Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component"
|
||||
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||
breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}"
|
||||
|
|
|
@ -9,7 +9,7 @@ videobridge {
|
|||
}
|
||||
websockets {
|
||||
enabled = true
|
||||
domain = "{{ domains | first }}:443"
|
||||
domain = "{{ jitsimeet_domains | first }}:443"
|
||||
tls = true
|
||||
}
|
||||
apis {
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
|
||||
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ turn_domains | first }}:3478
|
||||
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ jitsimeet_turn_domains | first }}:3478
|
||||
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
|
||||
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
|
||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsimeet_domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_jvb_secret }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsi_meet_jvb_muc_nick }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsimeet_jvb_secret }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsimeet_domains | first }}
|
||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsimeet_jvb_muc_nick }}
|
||||
#org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html
|
||||
# Switches off the BWE mechanism.
|
||||
#org.jitsi.videobridge.TRUST_BWE=false
|
||||
|
|
Loading…
Reference in a new issue