From b800fd381e2c84e5754a8f70c8c87ad98499df5d Mon Sep 17 00:00:00 2001 From: holzi1005 Date: Wed, 11 Jun 2025 09:37:31 +0200 Subject: [PATCH] add livekit --- .docker-compose.https.yml | 32 +------ .docker-compose.livekit.yml | 181 ++++++++++++++++++++++++++++++++++++ .templates/livekit.yaml | 13 +++ livekit/livekit.yaml | 23 ----- setup.sh | 11 +++ 5 files changed, 207 insertions(+), 53 deletions(-) create mode 100644 .docker-compose.livekit.yml create mode 100644 .templates/livekit.yaml delete mode 100644 livekit/livekit.yaml diff --git a/.docker-compose.https.yml b/.docker-compose.https.yml index 1925da0..b6f693e 100644 --- a/.docker-compose.https.yml +++ b/.docker-compose.https.yml @@ -108,7 +108,7 @@ services: - internal keycloak-ja: - image: quay.io/keycloak/keycloak:26.0.1 + image: quay.io/keycloak/keycloak:22.0.3 depends_on: app-ja: condition: service_healthy @@ -121,8 +121,7 @@ services: KC_DB: mariadb KC_DB_USERNAME: keycloak KC_HTTP_RELATIVE_PATH: /keycloak - KC_PROXY: edge - KC_HOSTNAME: /keycloak + KC_PROXY: passthrough restart: unless-stopped command: - start-dev @@ -140,33 +139,6 @@ services: - external - internal - livekit-ja: - image: livekit/livekit-server:v1.8 - command: --config /etc/livekit.yaml - restart: unless-stopped - network_mode: host - labels: - - "traefik.enable=true" - - "traefik.http.routers.livekit-ja.tls=true" - - "traefik.http.routers.livekit-ja.rule=Host(``)" - - "traefik.http.routers.livekit-ja.entrypoints=web" - - "traefik.http.routers.livekit-ja.tls.certresolver=letsencrypt" - - "traefik.http.services.livekit-ja.loadbalancer.server.port=7880" - volumes: - - ./livekit/livekit.yaml:/etc/livekit.yaml - networks: - - external - - internal - redis-ja: - image: redis:7-alpine - hostname: redis-ja - command: redis-server /etc/redis.conf - restart: unless-stopped - volumes: - - ./redis/redis.conf:/etc/redis.conf - networks: - - internal - networks: external: internal: diff --git a/.docker-compose.livekit.yml b/.docker-compose.livekit.yml new file mode 100644 index 0000000..7aeeb41 --- /dev/null +++ b/.docker-compose.livekit.yml @@ -0,0 +1,181 @@ +services: + traefik-ja: + image: "traefik:v3.3" + + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.unsecure.address=:80" + # Global HTTPS + - "--entrypoints.web.address=:443" + - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" + - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" + # SSL configuration + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" + - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + + networks: + - external + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - ./data/letsencrypt:/letsencrypt + - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro + + websocket-ja: + hostname: websocket-ja + image: git.h2-invent.com/meetling/websocket: + restart: unless-stopped + depends_on: + - traefik-ja + env_file: + - ./.env + - ./.env.local + - ./.env.custom + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"] + interval: 10s + retries: 5 + timeout: 10s + start_period: 10s + + labels: + - "traefik.enable=true" + - "traefik.http.routers.websocket-ja.rule=Host(``) && PathPrefix(`/ws`)" + - "traefik.http.routers.websocket-ja.entrypoints=web" + - "traefik.http.routers.websocket-ja.tls=true" + - "traefik.http.routers.websocket-ja.tls.certresolver=letsencrypt" + - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=http" + - "traefik.http.routers.app-secure.middlewares=sslheader@docker" + networks: + - external + - internal + volumes: + - caddy_data:/data + - caddy_config:/config + + #Here is the Jitsi-Admin app + app-ja: + image: git.h2-invent.com/meetling/application: + restart: unless-stopped + depends_on: + db-ja: + condition: service_healthy + env_file: + - ./.env + - ./.env.local + - ./.env.custom + volumes: + - theme_data:/var/www/html/theme + - image_upload:/var/www/html/public/uploads/images + - theme_assests_data:/var/www/html/public/theme + - recording_uploads:/var/www/html/data/recording + networks: + - external + - internal + labels: + - "traefik.enable=true" + - "traefik.http.routers.app-ja.tls=true" + - "traefik.http.routers.app-ja.rule=Host(``)" + - "traefik.http.routers.app-ja.entrypoints=web" + - "traefik.http.routers.app-ja.tls.certresolver=letsencrypt" + + db-ja: + image: mariadb:latest + hostname: db-ja + healthcheck: + test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] + timeout: 20s + retries: 10 + env_file: + - ./.env + - ./.env.local + - ./.env.custom + restart: unless-stopped + environment: + MARIADB_ROOT_PASSWORD: test + volumes: + - mariadb:/var/lib/mysql + - ./mysql-initdb:/docker-entrypoint-initdb.d + networks: + - internal + + keycloak-ja: + image: quay.io/keycloak/keycloak:26.0.1 + depends_on: + app-ja: + condition: service_healthy + env_file: + - ./.env + - ./.env.local + - ./.env.custom + environment: + KEYCLOAK_ADMIN: admin + KC_DB: mariadb + KC_DB_USERNAME: keycloak + KC_HTTP_RELATIVE_PATH: /keycloak + KC_PROXY: edge + KC_HOSTNAME: /keycloak + restart: unless-stopped + command: + - start-dev + - --import-realm + labels: + - "traefik.enable=true" + - "traefik.http.routers.keycloak-ja.tls=true" + - "traefik.http.routers.keycloak-ja.rule=Host(``) && PathPrefix(`/keycloak`)" + - "traefik.http.routers.keycloak-ja.entrypoints=web" + - "traefik.http.routers.keycloak-ja.tls.certresolver=letsencrypt" + - "traefik.http.services.keycloak-ja.loadbalancer.server.port=8080" + volumes: + - ./keycloak/:/opt/keycloak/data/import + networks: + - external + - internal + + livekit-ja: + image: livekit/livekit-server:v1.8 + command: --config /etc/livekit.yaml --node-ip + restart: unless-stopped + network_mode: host + labels: + - "traefik.enable=true" + - "traefik.http.routers.livekit-ja.tls=true" + - "traefik.http.routers.livekit-ja.rule=Host(``)" + - "traefik.http.routers.livekit-ja.entrypoints=web" + - "traefik.http.routers.livekit-ja.tls.certresolver=letsencrypt" + - "traefik.http.services.livekit-ja.loadbalancer.server.port=7880" + volumes: + - ./livekit/livekit.yaml:/etc/livekit.yaml + networks: + - external + - internal + redis-ja: + image: redis:7-alpine + hostname: redis-ja + command: redis-server /etc/redis.conf + restart: unless-stopped + volumes: + - ./redis/redis.conf:/etc/redis.conf + networks: + - internal + +networks: + external: + internal: + +volumes: + mariadb: + caddy_data: + caddy_config: + image_upload: + theme_data: + theme_assests_data: + recording_uploads: diff --git a/.templates/livekit.yaml b/.templates/livekit.yaml new file mode 100644 index 0000000..ab65c8d --- /dev/null +++ b/.templates/livekit.yaml @@ -0,0 +1,13 @@ +port: 7880 +bind_addresses: + - "" +rtc: + tcp_port: 7881 + port_range_start: 50000 + port_range_end: 60000 + use_external_ip: false + enable_loopback_candidate: false +redis: + address: redis-ja:6379 +keys: + meetling: diff --git a/livekit/livekit.yaml b/livekit/livekit.yaml deleted file mode 100644 index a9e5280..0000000 --- a/livekit/livekit.yaml +++ /dev/null @@ -1,23 +0,0 @@ -port: 7880 -bind_addresses: - - "" -rtc: - tcp_port: 7881 - port_range_start: 50000 - port_range_end: 60000 - use_external_ip: false - enable_loopback_candidate: false -redis: - address: redis-ja:6379 - username: "" - password: "" - db: 0 - use_tls: false - sentinel_master_name: "" - sentinel_username: "" - sentinel_password: "" - sentinel_addresses: [] - cluster_addresses: [] - max_redirects: null -keys: - APIVg6jLoiMwFHp: O7CKx1ptmrBOtM6bMePQq0derknyE5jbjnYXlRm4oG0 diff --git a/setup.sh b/setup.sh index 0c8f5b5..ba0793d 100644 --- a/setup.sh +++ b/setup.sh @@ -34,11 +34,13 @@ else MERCURE_JWT_SECRET=$(date +%s | sha256sum | base64 | head -c 32) KEYCLOAK_ADMIN_PW=$(date +%s | sha256sum | base64 | head -c 32) NEW_UUID=$(date +%s | sha256sum | base64 | head -c 32) + LIVEKIT_KEY=$(date +%s | sha256sum | base64 | head -c 32) echo "KEYCLOAK_PW=$KEYCLOAK_PW" >> $FILE echo "JITSI_ADMIN_PW=$JITSI_ADMIN_PW" >> $FILE echo "MERCURE_JWT_SECRET=$MERCURE_JWT_SECRET" >> $FILE echo "KEYCLOAK_ADMIN_PW=$KEYCLOAK_ADMIN_PW" >> $FILE echo "NEW_UUID=$NEW_UUID" >> $FILE + echo "LIVEKIT_KEY=$LIVEKIT_KEY" >> $FILE source $FILE fi @@ -159,6 +161,15 @@ sed -i "s||$HOST_IP|g" docker-compose.yml sed -i "s||$VERSION|g" docker-compose.yml +echo ------------------------------------------------------------ +echo --------- 3. Build Docker Compose File --------------------- +echo ------------------------------------------------------------ +echo "" +cp .templates/livekit.yaml livekit/livekit.yaml +sed -i "s||$LIVEKIT_KEY|g" livekit/livekit.yaml +sed -i "s||$KEYCLOAK_PW|g" livekit/livekit.yaml + + echo ------------------------------------------------------------ echo --------- 4. Migrate and Setup Docker Volume User ---------- echo ------------------------------------------------------------