8 changed files with 15 additions and 259 deletions
--- a/.docker-compose.https.yml
+++ b/.docker-compose.https.yml
@ -1,6 +1,8 @@
 version: '3.8'
 services:
  traefik-ja:
-    image: "traefik:v3.3"
+    image: "traefik:v2.5"
    command:
      - "--log.level=DEBUG"
--- a/.docker-compose.livekit.yml
+++ b/.docker-compose.livekit.yml
@ -1,167 +0,0 @@
 services:
  traefik-ja:
    image: "traefik:v3.3"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--entrypoints.unsecure.address=:80"
      # Global HTTPS
      - "--entrypoints.web.address=:443"
      - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
      - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
      # SSL configuration
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
      - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    networks:
      - external
    restart: unless-stopped
    ports:
      - "80:80"
      - "8443:443"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      -  ./data/letsencrypt:/letsencrypt
      - ./traefik/:/etc/traefik/dynamic:ro
  websocket-ja:
    hostname: websocket-ja
    image: git.h2-invent.com/meetling/websocket:<version>
    restart: unless-stopped
    depends_on:
      - traefik-ja
    env_file:
      - ./.env
      - ./.env.local
      - ./.env.custom
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"]
      interval: 10s
      retries: 5
      timeout: 10s
      start_period: 10s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.websocket-ja.rule=Host(`<clientUrl>`) && PathPrefix(`/ws`)"
      - "traefik.http.routers.websocket-ja.entrypoints=web"
      - "traefik.http.routers.websocket-ja.tls=true"
      - "traefik.http.routers.websocket-ja.tls.certresolver=letsencrypt"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=http"
      - "traefik.http.routers.app-secure.middlewares=sslheader@docker"
    networks:
      - external
      - internal
    volumes:
      - caddy_data:/data
      - caddy_config:/config
  #Here is the Jitsi-Admin app
  app-ja:
    image: git.h2-invent.com/meetling/application:<version>
    restart: unless-stopped
    depends_on:
      db-ja:
        condition: service_healthy
    env_file:
      - ./.env
      - ./.env.local
      - ./.env.custom
    volumes:
      - theme_data:/var/www/html/theme
      - image_upload:/var/www/html/public/uploads/images
      - theme_assests_data:/var/www/html/public/theme
      - recording_uploads:/var/www/html/data/recording
    networks:
      - external
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app-ja.tls=true"
      - "traefik.http.routers.app-ja.rule=Host(`<clientUrl>`)"
      - "traefik.http.routers.app-ja.entrypoints=web"
      - "traefik.http.routers.app-ja.tls.certresolver=letsencrypt"
  db-ja:
    image: mariadb:latest
    hostname: db-ja
    healthcheck:
      test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ]
      timeout: 20s
      retries: 10
    env_file:
      - ./.env
      - ./.env.local
      - ./.env.custom
    restart: unless-stopped
    environment:
      MARIADB_ROOT_PASSWORD: test
    volumes:
      - mariadb:/var/lib/mysql
      - ./mysql-initdb:/docker-entrypoint-initdb.d
    networks:
      - internal
  keycloak-ja:
    image: quay.io/keycloak/keycloak:26.0.1
    depends_on:
      app-ja:
        condition: service_healthy
    env_file:
      - ./.env
      - ./.env.local
      - ./.env.custom
    restart: unless-stopped
    command:
      - start-dev
      - --import-realm
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.keycloak-ja.tls=true"
      - "traefik.http.routers.keycloak-ja.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
      - "traefik.http.routers.keycloak-ja.entrypoints=web"
      - "traefik.http.routers.keycloak-ja.tls.certresolver=letsencrypt"
      - "traefik.http.services.keycloak-ja.loadbalancer.server.port=8080"
    volumes:
      - ./keycloak/:/opt/keycloak/data/import
    networks:
      - external
      - internal
  livekit-ja:
    image: livekit/livekit-server:v1.8
    command: --config /etc/livekit.yaml --node-ip <hostIp>
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./livekit/livekit.yaml:/etc/livekit.yaml
  redis-ja:
    image: redis:7-alpine
    hostname: redis-ja
    command: redis-server /etc/redis.conf
    restart: unless-stopped
    volumes:
      - ./redis/redis.conf:/etc/redis.conf
    network_mode: host
 networks:
  external:
  internal:
 volumes:
  mariadb:
  caddy_data:
  caddy_config:
  image_upload:
  theme_data:
  theme_assests_data:
  recording_uploads:
--- a/.templates/livekit.yaml
+++ b/.templates/livekit.yaml
@ -1,18 +0,0 @@
 port: 7880
 bind_addresses:
    - ""
 rtc:
    tcp_port: 7881
    port_range_start: 50000
    port_range_end: 60000
    use_external_ip: false
    enable_loopback_candidate: false
    turn_servers:
        - host: <turnUrl>
          port: 443
          protocol: tls
          credential: <turnSecret>
 redis:
    address: 127.0.0.1:6379
 keys:
    meetling: <secret>
--- a/.templates/traefik-livekit.yaml
+++ b/.templates/traefik-livekit.yaml
@ -1,15 +0,0 @@
 http:
  routers:
    livekit-ja:
      rule: "Host(`<livekitUrl>`)"
      entryPoints:
        - web
      service: livekit-ja
      tls:
        certResolver: letsencrypt
  services:
    livekit-ja:
      loadBalancer:
        servers:
          - url: "http://host.docker.internal:7880"
--- a/livekit/.gitkeep
+++ b/livekit/.gitkeep
--- a/redis/redis.conf
+++ b/redis/redis.conf
@ -1,5 +0,0 @@
 bind 0.0.0.0
 protected-mode no
 port 6379
 timeout 0
 tcp-keepalive 300
--- a/setup.sh
+++ b/setup.sh
@ -34,15 +34,11 @@ else
    MERCURE_JWT_SECRET=$(date +%s | sha256sum | base64 | head -c 32)
    KEYCLOAK_ADMIN_PW=$(date +%s | sha256sum | base64 | head -c 32)
    NEW_UUID=$(date +%s | sha256sum | base64 | head -c 32)
    LIVEKIT_KEY=$(date +%s | sha256sum | base64 | head -c 32)
    COTURN_KEY=$(date +%s | sha256sum | base64 | head -c 32)
    echo "KEYCLOAK_PW=$KEYCLOAK_PW" >> $FILE
    echo "JITSI_ADMIN_PW=$JITSI_ADMIN_PW" >> $FILE
    echo "MERCURE_JWT_SECRET=$MERCURE_JWT_SECRET" >> $FILE
    echo "KEYCLOAK_ADMIN_PW=$KEYCLOAK_ADMIN_PW" >> $FILE
    echo "NEW_UUID=$NEW_UUID" >> $FILE
    echo "LIVEKIT_KEY=$LIVEKIT_KEY" >> $FILE
    echo "COTURN_KEY=$COTURN_KEY" >> $FILE
    source $FILE
 fi
@ -53,7 +49,7 @@ fi
  echo "VERSION=$VERSION" >> $FILE
  ENVIRONMENT=${ENVIRONMENT:=prod}
-  read -p "Enter the environment dev/prod/livekit [$ENVIRONMENT]: " input
+  read -p "Enter the environment dev/prod[$ENVIRONMENT]: " input
  ENVIRONMENT=${input:=$ENVIRONMENT}
  sed -i '/ENVIRONMENT/d' $FILE
  echo "ENVIRONMENT=$ENVIRONMENT" >> $FILE
@ -65,25 +61,11 @@ fi
  echo "HTTP_METHOD=$HTTP_METHOD" >> $FILE
  PUBLIC_URL=${PUBLIC_URL:=dev.domain.de}
-  read -p "Enter the Domain you want to enter the jitsi-admin with no protocoll [$PUBLIC_URL]: " input
+  read -p "Enter the url you want to enter the jitsi-admin with no protocoll (no http/https) [$PUBLIC_URL]: " input
  PUBLIC_URL=${input:=$PUBLIC_URL}
  sed -i '/PUBLIC_URL/d' $FILE
  echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE
  if [ "$ENVIRONMENT" = "livekit" ]; then
    LIVEKIT_URL=${LIVEKIT_URL:=livekit-dev.domain.de}
    read -p "Enter the Domain you want run your livekit server on [$LIVEKIT_URL]: " input
    LIVEKIT_URL=${input:=$LIVEKIT_URL}
    sed -i '/LIVEKIT_URL/d' $FILE
    echo "LIVEKIT_URL=$LIVEKIT_URL" >> $FILE
    TURN_URL=${TURN_URL:=""}
    read -p "Enter the Domain for your Turn Server (Empty if no Coturn setup) [$TURN_URL]: " input
    TURN_URL=${input:=$TURN_URL}
    sed -i '/TURN_URL/d' $FILE
    echo "TURN_URL=$TURN_URL" >> $FILE
  fi
  default_language=${default_language:=en}
  read -p "Which language you want to set as default allowed values: [de, en, fr, es, vi, zh, ru, ja, pt]: [$default_language] " input
  default_language=${input:=$default_language}
@ -129,13 +111,12 @@ if [ -f .env.local ]; then
 fi
 cat <<EOL > .env.local
 APP_DEBUG='$ENVIRONMENT'
 APP_SCHEME='$HTTP_METHOD'
 MAILER_DSN='null://null'
 DATABASE_URL='mysql://jitsiadmin:$JITSI_ADMIN_PW@db-ja:3306/jitsiadmin'
 laF_baseUrl='$HTTP_METHOD://$PUBLIC_URL'
 laF_startpage='0'
 VICH_BASE='$HTTP_METHOD://$PUBLIC_URL'
 GIT_VERSION=1.0.12
 PUBLIC_URL='$PUBLIC_URL'
 OAUTH_KEYCLOAK_CLIENT_SECRET=$NEW_UUID
 OAUTH_KEYCLOAK_SERVER='$HTTP_METHOD://$PUBLIC_URL/keycloak'
@ -146,15 +127,17 @@ DEFAULT_LANGUAGE=$default_language
 MERCURE_URL='http://websocket-ja:3000/.well-known/mercure'
 MERCURE_PUBLIC_URL='$HTTP_METHOD://$PUBLIC_URL'
 WEBSOCKET_SECRET=$MERCURE_JWT_SECRET
-KC_BOOTSTRAP_ADMIN_USERNAME=admin
+KEYCLOAK_ADMIN=admin
-KC_BOOTSTRAP_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PW
+KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PW
 KC_DB=mariadb
 KC_DB_USERNAME=keycloak
 KC_DB_PASSWORD=$KEYCLOAK_PW
 KC_DB_URL='jdbc:mariadb://db-ja:3306/keycloak'
-KC_HOSTNAME='$HTTP_METHOD://$PUBLIC_URL/keycloak'
+KC_HOSTNAME_URL='$HTTP_METHOD://$PUBLIC_URL/keycloak'
-KC_HTTP_RELATIVE_PATH: /keycloak
+KC_HOSTNAME_PATH='$HTTP_METHOD://$PUBLIC_URL/keycloak'
-KC_PROXY_HEADERS: xforwarded
+KC_HOSTNAME_ADMIN_URL='$HTTP_METHOD://$PUBLIC_URL/keycloak'
 KC_HTTP_RELATIVE_PATH=/keycloak
 KC_PROXY=passthrough
 EOL
 echo ".env.local Datei wurde erfolgreich erstellt."
@ -163,37 +146,13 @@ echo ------------------------------------------------------------
 echo --------- 3. Build Docker Compose File ---------------------
 echo ------------------------------------------------------------
 echo ""
-cp .docker-compose.$ENVIRONMENT.yml docker-compose.yml
+cp .docker-compose.$HTTP_METHOD.yml docker-compose.yml
 sed -i "s|<clientUrl>|$PUBLIC_URL|g" docker-compose.yml
 sed -i "s|<livekitUrl>|$LIVEKIT_URL|g" docker-compose.yml
 sed -i "s|<hostIp>|$HOST_IP|g" docker-compose.yml
 sed -i "s|<version>|$VERSION|g" docker-compose.yml
 if [ "$ENVIRONMENT" = "livekit" ]; then
  echo ------------------------------------------------------------
  echo --------- 4. Setup Livekit ---------------------------------
  echo ------------------------------------------------------------
  echo ""
  cp .templates/traefik-livekit.yaml traefik/config.yaml
  sed -i "s|<livekitUrl>|$LIVEKIT_URL|g" traefik/config.yaml
  cp .templates/livekit.yaml livekit/livekit.yaml
  sed -i "s|<secret>|$LIVEKIT_KEY|g" livekit/livekit.yaml
  sed -i "s|<keycloak-pw>|$KEYCLOAK_PW|g" livekit/livekit.yaml
  if [ -z "$COTURN_KEY" ]; then
    sed -i '/turn_servers:/,/^ *credential: <turnSecret>/d' livekit/livekit.yaml
  else
    sed -i "s|<turnUrl>|$TURN_URL|g" livekit/livekit.yaml
    sed -i "s|<turnSecret>|$COTURN_KEY|g" livekit/livekit.yaml
  fi
 fi
 echo ------------------------------------------------------------
-echo --------- Option: Migrate and Setup Docker Volume User -----
+echo --------- 4. Migrate and Setup Docker Volume User ----------
 echo ------------------------------------------------------------
 echo ""
--- a/traefik/.gitkeep
+++ b/traefik/.gitkeep