diff --git a/.docker-compose.https.yml b/.docker-compose.https.yml index e6726a3..b6f693e 100644 --- a/.docker-compose.https.yml +++ b/.docker-compose.https.yml @@ -1,8 +1,6 @@ -version: '3.8' - services: traefik-ja: - image: "traefik:v2.5" + image: "traefik:v3.3" command: - "--log.level=DEBUG" diff --git a/.docker-compose.livekit.yml b/.docker-compose.livekit.yml new file mode 100644 index 0000000..3ef9868 --- /dev/null +++ b/.docker-compose.livekit.yml @@ -0,0 +1,167 @@ +services: + traefik-ja: + image: "traefik:v3.3" + + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.file.directory=/etc/traefik/dynamic" + - "--providers.file.watch=true" + - "--entrypoints.unsecure.address=:80" + # Global HTTPS + - "--entrypoints.web.address=:443" + - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" + - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" + # SSL configuration + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" + - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + + networks: + - external + restart: unless-stopped + ports: + - "80:80" + - "8443:443" + extra_hosts: + - "host.docker.internal:host-gateway" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - ./data/letsencrypt:/letsencrypt + - ./traefik/:/etc/traefik/dynamic:ro + + websocket-ja: + hostname: websocket-ja + image: git.h2-invent.com/meetling/websocket: + restart: unless-stopped + depends_on: + - traefik-ja + env_file: + - ./.env + - ./.env.local + - ./.env.custom + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"] + interval: 10s + retries: 5 + timeout: 10s + start_period: 10s + + labels: + - "traefik.enable=true" + - "traefik.http.routers.websocket-ja.rule=Host(``) && PathPrefix(`/ws`)" + - "traefik.http.routers.websocket-ja.entrypoints=web" + - "traefik.http.routers.websocket-ja.tls=true" + - "traefik.http.routers.websocket-ja.tls.certresolver=letsencrypt" + - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=http" + - "traefik.http.routers.app-secure.middlewares=sslheader@docker" + networks: + - external + - internal + volumes: + - caddy_data:/data + - caddy_config:/config + + #Here is the Jitsi-Admin app + app-ja: + image: git.h2-invent.com/meetling/application: + restart: unless-stopped + depends_on: + db-ja: + condition: service_healthy + env_file: + - ./.env + - ./.env.local + - ./.env.custom + volumes: + - theme_data:/var/www/html/theme + - image_upload:/var/www/html/public/uploads/images + - theme_assests_data:/var/www/html/public/theme + - recording_uploads:/var/www/html/data/recording + networks: + - external + - internal + labels: + - "traefik.enable=true" + - "traefik.http.routers.app-ja.tls=true" + - "traefik.http.routers.app-ja.rule=Host(``)" + - "traefik.http.routers.app-ja.entrypoints=web" + - "traefik.http.routers.app-ja.tls.certresolver=letsencrypt" + + db-ja: + image: mariadb:latest + hostname: db-ja + healthcheck: + test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] + timeout: 20s + retries: 10 + env_file: + - ./.env + - ./.env.local + - ./.env.custom + restart: unless-stopped + environment: + MARIADB_ROOT_PASSWORD: test + volumes: + - mariadb:/var/lib/mysql + - ./mysql-initdb:/docker-entrypoint-initdb.d + networks: + - internal + + keycloak-ja: + image: quay.io/keycloak/keycloak:26.0.1 + depends_on: + app-ja: + condition: service_healthy + env_file: + - ./.env + - ./.env.local + - ./.env.custom + restart: unless-stopped + command: + - start-dev + - --import-realm + labels: + - "traefik.enable=true" + - "traefik.http.routers.keycloak-ja.tls=true" + - "traefik.http.routers.keycloak-ja.rule=Host(``) && PathPrefix(`/keycloak`)" + - "traefik.http.routers.keycloak-ja.entrypoints=web" + - "traefik.http.routers.keycloak-ja.tls.certresolver=letsencrypt" + - "traefik.http.services.keycloak-ja.loadbalancer.server.port=8080" + volumes: + - ./keycloak/:/opt/keycloak/data/import + networks: + - external + - internal + + livekit-ja: + image: livekit/livekit-server:v1.8 + command: --config /etc/livekit.yaml --node-ip + restart: unless-stopped + network_mode: host + volumes: + - ./livekit/livekit.yaml:/etc/livekit.yaml + redis-ja: + image: redis:7-alpine + hostname: redis-ja + command: redis-server /etc/redis.conf + restart: unless-stopped + volumes: + - ./redis/redis.conf:/etc/redis.conf + network_mode: host + +networks: + external: + internal: + +volumes: + mariadb: + caddy_data: + caddy_config: + image_upload: + theme_data: + theme_assests_data: + recording_uploads: diff --git a/.templates/livekit.yaml b/.templates/livekit.yaml new file mode 100644 index 0000000..d1f6589 --- /dev/null +++ b/.templates/livekit.yaml @@ -0,0 +1,18 @@ +port: 7880 +bind_addresses: + - "" +rtc: + tcp_port: 7881 + port_range_start: 50000 + port_range_end: 60000 + use_external_ip: false + enable_loopback_candidate: false + turn_servers: + - host: + port: 443 + protocol: tls + credential: +redis: + address: 127.0.0.1:6379 +keys: + meetling: diff --git a/.templates/traefik-livekit.yaml b/.templates/traefik-livekit.yaml new file mode 100644 index 0000000..f46f9fd --- /dev/null +++ b/.templates/traefik-livekit.yaml @@ -0,0 +1,15 @@ +http: + routers: + livekit-ja: + rule: "Host(``)" + entryPoints: + - web + service: livekit-ja + tls: + certResolver: letsencrypt + + services: + livekit-ja: + loadBalancer: + servers: + - url: "http://host.docker.internal:7880" diff --git a/livekit/.gitkeep b/livekit/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/redis/redis.conf b/redis/redis.conf new file mode 100644 index 0000000..f009419 --- /dev/null +++ b/redis/redis.conf @@ -0,0 +1,5 @@ +bind 0.0.0.0 +protected-mode no +port 6379 +timeout 0 +tcp-keepalive 300 \ No newline at end of file diff --git a/setup.sh b/setup.sh index 5195554..e2681cc 100644 --- a/setup.sh +++ b/setup.sh @@ -34,11 +34,15 @@ else MERCURE_JWT_SECRET=$(date +%s | sha256sum | base64 | head -c 32) KEYCLOAK_ADMIN_PW=$(date +%s | sha256sum | base64 | head -c 32) NEW_UUID=$(date +%s | sha256sum | base64 | head -c 32) + LIVEKIT_KEY=$(date +%s | sha256sum | base64 | head -c 32) + COTURN_KEY=$(date +%s | sha256sum | base64 | head -c 32) echo "KEYCLOAK_PW=$KEYCLOAK_PW" >> $FILE echo "JITSI_ADMIN_PW=$JITSI_ADMIN_PW" >> $FILE echo "MERCURE_JWT_SECRET=$MERCURE_JWT_SECRET" >> $FILE echo "KEYCLOAK_ADMIN_PW=$KEYCLOAK_ADMIN_PW" >> $FILE echo "NEW_UUID=$NEW_UUID" >> $FILE + echo "LIVEKIT_KEY=$LIVEKIT_KEY" >> $FILE + echo "COTURN_KEY=$COTURN_KEY" >> $FILE source $FILE fi @@ -49,7 +53,7 @@ fi echo "VERSION=$VERSION" >> $FILE ENVIRONMENT=${ENVIRONMENT:=prod} - read -p "Enter the environment dev/prod[$ENVIRONMENT]: " input + read -p "Enter the environment dev/prod/livekit [$ENVIRONMENT]: " input ENVIRONMENT=${input:=$ENVIRONMENT} sed -i '/ENVIRONMENT/d' $FILE echo "ENVIRONMENT=$ENVIRONMENT" >> $FILE @@ -61,11 +65,25 @@ fi echo "HTTP_METHOD=$HTTP_METHOD" >> $FILE PUBLIC_URL=${PUBLIC_URL:=dev.domain.de} - read -p "Enter the url you want to enter the jitsi-admin with no protocoll (no http/https) [$PUBLIC_URL]: " input + read -p "Enter the Domain you want to enter the jitsi-admin with no protocoll [$PUBLIC_URL]: " input PUBLIC_URL=${input:=$PUBLIC_URL} sed -i '/PUBLIC_URL/d' $FILE echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE + if [ "$ENVIRONMENT" = "livekit" ]; then + LIVEKIT_URL=${LIVEKIT_URL:=livekit-dev.domain.de} + read -p "Enter the Domain you want run your livekit server on [$LIVEKIT_URL]: " input + LIVEKIT_URL=${input:=$LIVEKIT_URL} + sed -i '/LIVEKIT_URL/d' $FILE + echo "LIVEKIT_URL=$LIVEKIT_URL" >> $FILE + + TURN_URL=${TURN_URL:=""} + read -p "Enter the Domain for your Turn Server (Empty if no Coturn setup) [$TURN_URL]: " input + TURN_URL=${input:=$TURN_URL} + sed -i '/TURN_URL/d' $FILE + echo "TURN_URL=$TURN_URL" >> $FILE + fi + default_language=${default_language:=en} read -p "Which language you want to set as default allowed values: [de, en, fr, es, vi, zh, ru, ja, pt]: [$default_language] " input default_language=${input:=$default_language} @@ -111,12 +129,13 @@ if [ -f .env.local ]; then fi cat < .env.local +APP_DEBUG='$ENVIRONMENT' APP_SCHEME='$HTTP_METHOD' MAILER_DSN='null://null' DATABASE_URL='mysql://jitsiadmin:$JITSI_ADMIN_PW@db-ja:3306/jitsiadmin' laF_baseUrl='$HTTP_METHOD://$PUBLIC_URL' +laF_startpage='0' VICH_BASE='$HTTP_METHOD://$PUBLIC_URL' -GIT_VERSION=1.0.12 PUBLIC_URL='$PUBLIC_URL' OAUTH_KEYCLOAK_CLIENT_SECRET=$NEW_UUID OAUTH_KEYCLOAK_SERVER='$HTTP_METHOD://$PUBLIC_URL/keycloak' @@ -127,17 +146,15 @@ DEFAULT_LANGUAGE=$default_language MERCURE_URL='http://websocket-ja:3000/.well-known/mercure' MERCURE_PUBLIC_URL='$HTTP_METHOD://$PUBLIC_URL' WEBSOCKET_SECRET=$MERCURE_JWT_SECRET -KEYCLOAK_ADMIN=admin -KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PW +KC_BOOTSTRAP_ADMIN_USERNAME=admin +KC_BOOTSTRAP_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PW KC_DB=mariadb KC_DB_USERNAME=keycloak KC_DB_PASSWORD=$KEYCLOAK_PW KC_DB_URL='jdbc:mariadb://db-ja:3306/keycloak' -KC_HOSTNAME_URL='$HTTP_METHOD://$PUBLIC_URL/keycloak' -KC_HOSTNAME_PATH='$HTTP_METHOD://$PUBLIC_URL/keycloak' -KC_HOSTNAME_ADMIN_URL='$HTTP_METHOD://$PUBLIC_URL/keycloak' -KC_HTTP_RELATIVE_PATH=/keycloak -KC_PROXY=passthrough +KC_HOSTNAME='$HTTP_METHOD://$PUBLIC_URL/keycloak' +KC_HTTP_RELATIVE_PATH: /keycloak +KC_PROXY_HEADERS: xforwarded EOL echo ".env.local Datei wurde erfolgreich erstellt." @@ -146,13 +163,37 @@ echo ------------------------------------------------------------ echo --------- 3. Build Docker Compose File --------------------- echo ------------------------------------------------------------ echo "" -cp .docker-compose.$HTTP_METHOD.yml docker-compose.yml +cp .docker-compose.$ENVIRONMENT.yml docker-compose.yml sed -i "s||$PUBLIC_URL|g" docker-compose.yml +sed -i "s||$LIVEKIT_URL|g" docker-compose.yml sed -i "s||$HOST_IP|g" docker-compose.yml sed -i "s||$VERSION|g" docker-compose.yml + +if [ "$ENVIRONMENT" = "livekit" ]; then + echo ------------------------------------------------------------ + echo --------- 4. Setup Livekit --------------------------------- + echo ------------------------------------------------------------ + echo "" + cp .templates/traefik-livekit.yaml traefik/config.yaml + sed -i "s||$LIVEKIT_URL|g" traefik/config.yaml + + cp .templates/livekit.yaml livekit/livekit.yaml + sed -i "s||$LIVEKIT_KEY|g" livekit/livekit.yaml + sed -i "s||$KEYCLOAK_PW|g" livekit/livekit.yaml + + if [ -z "$COTURN_KEY" ]; then + sed -i '/turn_servers:/,/^ *credential: /d' livekit/livekit.yaml + else + sed -i "s||$TURN_URL|g" livekit/livekit.yaml + sed -i "s||$COTURN_KEY|g" livekit/livekit.yaml + fi + +fi + + echo ------------------------------------------------------------ -echo --------- 4. Migrate and Setup Docker Volume User ---------- +echo --------- Option: Migrate and Setup Docker Volume User ----- echo ------------------------------------------------------------ echo "" diff --git a/traefik/.gitkeep b/traefik/.gitkeep new file mode 100644 index 0000000..e69de29