dockerfile 8.13 KB
Newer Older
sreg's avatar
sreg committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
FROM ubuntu:xenial

ENV LANG=fr_FR.UTF-8

RUN apt-get update && \
    apt-get -y install rsyslog logrotate cron bzip2 telnet vim language-pack-fr wget curl sudo openssl apt-transport-https software-properties-common net-tools && \
    echo "LANG=\"fr_FR.UTF-8\"\nLANGUAGE=\"fr_FR:fr\"\nLC_NUMERIC=\"fr_FR.UTF-8\"\nLC_TIME=\"fr_FR.UTF-8\"\nLC_MONETARY=\"fr_FR.UTF-8\"\nLC_PAPER=\"fr_FR.UTF-8\"\nLC_IDENTIFICATION=\"fr_FR.UTF-8\"\nLC_NAME=\"fr_FR.UTF-8\"\nLC_ADDRESS=\"fr_FR.UTF-8\"\nLC_TELEPHONE=\"fr_FR.UTF-8\"\nLC_MEASUREMENT=\"fr_FR.UTF-8\"" >>/etc/default/locale

ARG JITSI_LETSENCRYPT=${JITSI_LETSENCRYPT:-true}
ARG JITSI_DOMAIN
ARG JITSI_PORT=$JITSI_PORT
ARG COTURN_INSTALLSERVER=${COTURN_INSTALLSERVER:-false}
ARG COTURN_LETSENCRYPT=${COTURN_LETSENCRYPT:-true}
ARG COTURN_DOMAIN=$COTURN_DOMAIN
ARG COTURN_PORT=${COTURN_PORT:-443}
ARG COTURN_SECRET=${COTURN_SECRET:-secret}
ARG CERTBOT_MAIL=${CERTBOT_MAIL:-certbot@domain.tld}
ARG DHPARAM=/etc/letsencrypt/dhparam.pem

ENV JITSI_DOMAIN=$JITSI_DOMAIN
ENV JITSI_LETSENCRYPT=$JITSI_LETSENCRYPT
ENV COTURN_DOMAIN=$COTURN_DOMAIN
ENV COTURN_LETSENCRYPT=$COTURN_LETSENCRYPT
ENV COTURN_INSTALLSERVER=$COTURN_INSTALLSERVER
ENV CERTBOT_MAIL=$CERTBOT_MAIL
ENV DHPARAM=$DHPARAM

RUN apt-get update && \
    add-apt-repository -y ppa:certbot/certbot; \
    apt-get update; \
    apt-get -y install gnupg apt-utils cron;

RUN echo "*$JITSI_DOMAIN*"; \
    if [ "$JITSI_DOMAIN" != "" ]; then \
      apt-get update && \
      bash -c "wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -"; \
      echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi.list; \
      apt-get update && \
      apt-get -y install nginx openjdk-9-jre-headless ca-certificates-java authbind certbot python-certbot-nginx; \
      echo "$JITSI_DOMAIN" | apt-get -y install jitsi-videobridge; \
      echo "1" | apt-get -y install jitsi-meet-web-config; \
      SIP_PASS=`echo $RANDOM$RANDOM | md5sum | awk '{ print $1 }'`; \
      echo "sipuser #?!a9dklkldsjk" | apt-get -y install jitsi-meet jigasi prosody-modules; \
      wget https://raw.githubusercontent.com/otalk/mod_turncredentials/master/mod_turncredentials.lua -O /usr/lib/prosody/modules/mod_turncredentials.lua; \
      #
      GETIP=`curl ifconfig.me/ip`; \
      echo "***$GETIP***"; \
      echo "org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      echo "org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=$JITSI_PORT" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      echo "org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      echo "org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${PUBLIC_IP:=$GETIP}" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      echo "org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      echo "org.jitsi.videobridge.ENABLE_REST_COLIBRI=false" >>/etc/jitsi/videobridge/sip-communicator.properties; \
      #sed -i 's/^JVB_OPTS=.*$/JVB_OPTS="--apis=rest,xmpp"/' /etc/jitsi/videobridge/config; \
      #
      sed -i "s/\/\/ openBridgeChannel.*/openBridgeChannel: 'websocket',\nuseRtcpMux: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      sed -i "s/enableWelcomePage: .*$/enableWelcomePage: false,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      sed -i "s/\/\/ defaultLanguage.*/defaultLanguage: 'fr',/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      sed -i "s/\/\/ disableThirdPartyRequests.*/disableThirdPartyRequests: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      #sed -i "s/\/\/ startWithVideoMuted:.*/startWithVideoMuted: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      #
      sed -i '/location = \/http-bind {/a \\tproxy_set_header Upgrade $http_upgrade;\n\tproxy_set_header Connection "Upgrade";' /etc/nginx/sites-enabled/$JITSI_DOMAIN.conf; \
    fi

RUN if [ "$JITSI_DOMAIN" != "" ]  && [ "$COTURN_DOMAIN" != "" ]; then \
      sed -i '/ modules_enabled/a   "turncredentials";' /etc/prosody/conf.d/$JITSI_DOMAIN.cfg.lua; \
      sed -i '/ p2p:/i \\tuseStunTurn: true,' /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      sed -i '/ p2p:/a \\tuseStunTurn: true,' /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
      echo "turncredentials_secret = \"$COTURN_SECRET\";" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "turncredentials_host = \"$COTURN_DOMAIN\";" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "turncredentials_port = 443;" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "turncredentials_ttl = 86400;" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "turncredentials = {" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "    { type = \"stun\", host = \"$COTURN_DOMAIN\" }," >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "    { type = \"turn\", host = \"$COTURN_DOMAIN\", port = 443}," >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "    { type = \"turns\", host = \"$COTURN_DOMAIN\", port = $COTURN_PORT, transport = \"tcp\" }" >>/etc/prosody/conf.d/prosody.cfg.lua; \
      echo "}" >>/etc/prosody/conf.d/prosody.cfg.lua; \
    fi

RUN if [ "$COTURN_INSTALLSERVER" != "false" ]; then \
      GETIP=`curl ifconfig.me/ip`; \
      apt-get update && \
      apt-get -y install coturn certbot; \
      sed -i 's/#TURNSERVER/TURNSERVER/' /etc/default/coturn; \
      GETIP=`curl ifconfig.me/ip`; \
      echo "realm=$GETIP\n" \
           "server-name=$GETIP\n" \
           "cert=/etc/letsencrypt/live/$COTURN_DOMAIN/cert.pem\n" \
           "pkey=/etc/letsencrypt/live/$COTURN_DOMAIN/privkey.pem\n" \
           "dh-file=$DHPARAM\n" \
           "fingerprint\n" \
           "listening-ip=LOCAL_IP\n" \
           "external-ip=$GETIP/LOCAL_IP\n" \
           "listening-port=$COTURN_PORT\n" \
           #"min-port=10000\n" \
           #"max-port=20000\n" \
           "log-file=/var/log/turnserver.log\n" \
           "verbose\n" \
           "static-auth-secret=$COTURN_SECRET\n" \
           "use-auth-secret\n" \
           "lt-cred-mech\n" \
           "stale-nonce\n" \
           "cipher-list=\"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5\"\n" \
           "user=jitsi:jitsi\n" \
           "no-loopback-peers\n" \
           "no-multicast-peers\n" \
           | sed 's/^ *//;s/ *$//' >>/etc/turnserver.conf; \
    fi;

CMD LOCAL_IP=`hostname -I | cut -d " " -f1`; \
    #
    if [ "$COTURN_INSTALLSERVER" != "false" ]; then \
      if [ ! -f "$DHPARAM" ]; then openssl dhparam -out "$DHPARAM" 2048; fi; \
      #echo "upstream turn_https {\n	server localhost:444;\n}\nserver {\n	listen 443 ssl;\n\n	server_name $COTURN_DOMAIN;\n	ssl_certificate /etc/letsencrypt/live/$COTURN_DOMAIN/cert.pem;\n	ssl_certificate_key /etc/letsencrypt/live/$COTURN_DOMAIN/privkey.pem;\n\n	location / {\n		proxy_pass https://turn_https;\n	}\n}\n" >>/etc/nginx/sites-enabled/coturn.conf; \
      sed -i "s/LOCAL_IP/$LOCAL_IP/" /etc/turnserver.conf; \
      echo "COTURN: $COTURN_LETSENCRYPT;$COTURN_DOMAIN"; \
      if [ "$COTURN_LETSENCRYPT" != "false" ] && [ ! -d "/etc/letsencrypt/live/$COTURN_DOMAIN" ]; then \
        certbot certonly --standalone --preferred-challenges http -d "$COTURN_DOMAIN" --agree-tos --email "$CERTBOT_MAIL" --non-interactive; \
      fi; \
      service coturn start; \
    fi; \
    #
    if [ "$JITSI_DOMAIN" != "" ]; then \
      sed -i "s/^\(org\.ice4j\.ice.harvest\.NAT_HARVESTER_LOCAL_ADDRESS\).*$/\1=$LOCAL_IP/" /etc/jitsi/videobridge/sip-communicator.properties; \
      service nginx start; \
      service prosody start; \
      service jicofo start; \
      service jitsi-videobridge start; \
      service jigasi start; \
      echo "*$JITSI_DOMAIN;$CERTBOT_MAIL*"; \
      if [ "$JITSI_LETSENCRYPT" != "false" ] && [ ! -d "/etc/letsencrypt/live/$JITSI_DOMAIN" ]; then \
        certbot certonly --webroot --agree-tos -w "/usr/share/jitsi-meet/" -d "$JITSI_DOMAIN" -m "$CERTBOT_MAIL" --non-interactive; \
      fi; \
      ln -sf /etc/letsencrypt/live/$JITSI_DOMAIN/fullchain.pem /etc/jitsi/meet/$JITSI_DOMAIN.crt; \
      ln -sf /etc/letsencrypt/live/$JITSI_DOMAIN/privkey.pem /etc/jitsi/meet/$JITSI_DOMAIN.key; \
      service nginx reload; \
    fi; \
    service cron start; \
    sleep infinity;