datenspuren/jitsi-deployment
datenspuren
/
jitsi-deployment
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'dev'

This commit is contained in:
Saúl Ibarra Corretgé 2020-03-23 20:00:24 +01:00
parent 76acc65027 f4ac7cc352
commit 31c16d5285
13 changed files with 284 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -365,9 +365,14 @@ If you want to enable the Transcribing function, these options are required:
Variable | Description | Example
--- | --- | ---
`ENABLE_TRANSCRIPTIONS` | Enable Jigasi transcription in a conference | 1
`GOOGLE_APPLICATION_CREDENTIALS` | Credentials for connect to Cloud Google API from Jigasi. Path located inside the container | /config/key.json
`GC_PROJECT_ID` | `project_id` from Google Cloud Credetials
`GC_PRIVATE_KEY_ID` | `private_key_id` from Google Cloud Credetials
`GC_PRIVATE_KEY` | `private_key` from Google Cloud Credetials
`GC_CLIENT_EMAIL` | `client_email` from Google Cloud Credetials
`GC_CLIENT_ID` | `client_id` from Google Cloud Credetials
`GC_CLIENT_CERT_URL` | `client_x509_cert_url` from Google Cloud Credetials
For setting `GOOGLE_APPLICATION_CREDENTIALS` please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
For setting the Google Cloud Credentials please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
### Advanced configuration

16
env.example
View File

@ -15,7 +15,7 @@ HTTPS_PORT=8443
TZ=Europe/Amsterdam
# Public URL for the web service.
#PUBLIC_URL="https://meet.example.com"
#PUBLIC_URL=https://meet.example.com
# IP address of the Docker host. See the "Running on a LAN environment" section
# in the README.
@ -246,11 +246,15 @@ JIGASI_PORT_MAX=20050
# Jigasi post to the chat an url with transcription file. Default false.
#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
# section "Before you begin" from 1 to 5 paragraph. Copy the key on
# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
# Credentials for connect to Cloud Google API from Jigasi
# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
# Copy the values from the json to the related env vars
#GC_PROJECT_ID=
#GC_PRIVATE_KEY_ID=
#GC_PRIVATE_KEY=
#GC_CLIENT_EMAIL=
#GC_CLIENT_ID=
#GC_CLIENT_CERT_URL=
# Enable recording
#ENABLE_RECORDING=1

26
examples/kubernetes/README.md Normal file
View File

@ -0,0 +1,26 @@
# Install guide for kubernetes
This guide will deploy jitsi in the most simple way: as several containers in a single pod. This is enough to start in case your hardware is enough. If you need to scale components to severa instance, you'll have to modify it to use several services and pods.
Create a namespace to deploy jitsi to:
`kubectl create namespace jitsi`
Add the secret with secret values (replace `...` with some random strings):
`kubectl create secret generic jitsi-config --from-literal=JICOFO_COMPONENT_SECRET=... --from-literal=JICOFO_AUTH_PASSWORD=... --from-literal=JVB_AUTH_PASSWORD=... `
Deploy the service to listen for JVB UDP traffic on all cluster nodes port 30300:
`kubectl create -f jvb-service.yaml`
Now we can deploy the rest of the application:
`kubectl create -f deployment.yaml`
To expose the webapp, we can use Ingress (replace the `host` value with your actual hostname):
`kubectl create -f web-service.yaml`
You can either use "https" or "http" service port, depending on whether your ingress allows self-signed certs.

143
examples/kubernetes/deployment.yaml Normal file
View File

@ -0,0 +1,143 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: jitsi
name: jitsi
namespace: jitsi
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
k8s-app: jitsi
template:
metadata:
labels:
k8s-app: jitsi
spec:
containers:
- name: jicofo
image: jitsi/jicofo
imagePullPolicy: Always
env:
- name: XMPP_SERVER
value: localhost
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: America/Los_Angeles
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: prosody
image: jitsi/prosody
imagePullPolicy: Always
env:
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JICOFO_COMPONENT_SECRET
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_COMPONENT_SECRET
- name: JVB_AUTH_USER
value: jvb
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_USER
value: focus
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: TZ
value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: web
image: jitsi/web
imagePullPolicy: Always
env:
- name: XMPP_SERVER
value: localhost
- name: JICOFO_AUTH_USER
value: focus
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: XMPP_BOSH_URL_BASE
value: http://127.0.0.1:5280
- name: XMPP_MUC_DOMAIN
value: muc.meet.jitsi
- name: TZ
value: America/Los_Angeles
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: jvb
image: jitsi/jvb
imagePullPolicy: Always
env:
- name: XMPP_SERVER
value: localhost
- name: DOCKER_HOST_ADDRESS
value: <Set the address for any node in the cluster here>
- name: XMPP_DOMAIN
value: meet.jitsi
- name: XMPP_AUTH_DOMAIN
value: auth.meet.jitsi
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.meet.jitsi
- name: JVB_STUN_SERVERS
value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
- name: JICOFO_AUTH_USER
value: focus
- name: JVB_TCP_HARVESTER_DISABLED
value: "true"
- name: JVB_AUTH_USER
value: jvb
- name: JVB_PORT
value: "30300"
- name: JVB_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JVB_AUTH_PASSWORD
- name: JICOFO_AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: jitsi-config
key: JICOFO_AUTH_PASSWORD
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: TZ
value: America/Los_Angeles

17
examples/kubernetes/jvb-service.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
labels:
service: jvb
name: jvb-udp
namespace: jitsi
spec:
type: NodePort
externalTrafficPolicy: Cluster
ports:
- port: 30300
protocol: UDP
targetPort: 30300
nodePort: 30300
selector:
k8s-app: jitsi

32
examples/kubernetes/web-service.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: v1
kind: Service
metadata:
labels:
service: web
name: web
namespace: jitsi
spec:
ports:
- name: "http"
port: 80
targetPort: 80
- name: "https"
port: 443
targetPort: 443
selector:
k8s-app: jitsi
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: jitsi
namespace: jitsi
spec:
rules:
- host: ...
http:
paths:
- path: /
backend:
serviceName: web
servicePort: https

2
jibri.yml
View File

@ -28,6 +28,8 @@ services:
- JIBRI_LOGS_DIR
- DISPLAY=:0
- TZ
depends_on:
- jicofo
networks:
meet.jitsi:

1
jicofo/rootfs/etc/cont-init.d/10-config
View File

@ -8,3 +8,4 @@ if [[ ! -f /config/logging.properties ]]; then
cp /defaults/logging.properties /config
fi
chown -R jicofo:jitsi /config

7
jigasi.yml
View File

@ -34,7 +34,12 @@ services:
- JIGASI_TRANSCRIBER_ADVERTISE_URL
- JIGASI_TRANSCRIBER_RECORD_AUDIO
- JIGASI_TRANSCRIBER_SEND_TXT
- GOOGLE_APPLICATION_CREDENTIALS
- GC_PROJECT_ID
- GC_PRIVATE_KEY_ID
- GC_PRIVATE_KEY
- GC_CLIENT_EMAIL
- GC_CLIENT_ID
- GC_CLIENT_CERT_URL
- TZ
depends_on:
- prosody

6
jigasi/Dockerfile
View File

@ -1,11 +1,13 @@
ARG JITSI_REPO=jitsi
FROM ${JITSI_REPO}/base-java
ENV GOOGLE_APPLICATION_CREDENTIALS /config/key.json
RUN \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jigasi && \
apt-dpkg-wrap apt-get install -y jigasi jq && \
apt-cleanup
COPY rootfs/ /
VOLUME /config
VOLUME ["/config", "/tmp/transcripts"]

6
jigasi/rootfs/defaults/sip-communicator.properties
View File

@ -109,6 +109,12 @@ org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }}
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
{{ if .Env.ENABLE_AUTH | default "0" | toBool }}
org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}
org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }}

29
jigasi/rootfs/etc/cont-init.d/10-config
View File

@ -10,3 +10,32 @@ fi
mkdir -pm777 /tmp/transcripts
chown jigasi:jitsi /tmp/transcripts
# Create Google Cloud Credentials
if [[ $ENABLE_TRANSCRIPTIONS -eq 1 || $ENABLE_TRANSCRIPTIONS == "true" ]] && [[ ! -f /config/key.json ]]; then
if [[ -z $GC_PROJECT_ID || -z $GC_PRIVATE_KEY_ID || -z $GC_PRIVATE_KEY || -z $GC_CLIENT_EMAIL || -z $GC_CLIENT_ID || -z $GC_CLIENT_CERT_URL ]]; then
echo 'Transcriptions: One or more environment variables are undefined'
exit 1
fi
jq -n \
--arg GC_PROJECT_ID "$GC_PROJECT_ID" \
--arg GC_PRIVATE_KEY_ID "$GC_PRIVATE_KEY_ID" \
--arg GC_PRIVATE_KEY "$GC_PRIVATE_KEY" \
--arg GC_CLIENT_EMAIL "$GC_CLIENT_EMAIL" \
--arg GC_CLIENT_ID "$GC_CLIENT_ID" \
--arg GC_CLIENT_CERT_URL "$GC_CLIENT_CERT_URL" \
'{
type: "service_account",
project_id: $GC_PROJECT_ID,
private_key_id: $GC_PRIVATE_KEY_ID,
private_key: $GC_PRIVATE_KEY,
client_email: $GC_CLIENT_EMAIL,
client_id: $GC_CLIENT_ID,
auth_uri: "https://accounts.google.com/o/oauth2/auth",
token_uri: "https://oauth2.googleapis.com/token",
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",
client_x509_cert_url: $GC_CLIENT_CERT_URL
}' \
> /config/key.json
fi

2
web/Dockerfile
View File

@ -13,4 +13,4 @@ COPY rootfs/ /
EXPOSE 80 443
VOLUME ["/config", "/etc/letsencrypt"]
VOLUME ["/config", "/etc/letsencrypt", "/usr/share/jitsi-meet/transcripts"]