Commit b0c050fb authored by sreg's avatar sreg

Creation

parent 6b32a708
FROM ubuntu:xenial
ENV LANG=fr_FR.UTF-8
RUN apt-get update && \
apt-get -y install rsyslog logrotate cron bzip2 telnet vim language-pack-fr wget curl sudo openssl apt-transport-https software-properties-common net-tools && \
echo "LANG=\"fr_FR.UTF-8\"\nLANGUAGE=\"fr_FR:fr\"\nLC_NUMERIC=\"fr_FR.UTF-8\"\nLC_TIME=\"fr_FR.UTF-8\"\nLC_MONETARY=\"fr_FR.UTF-8\"\nLC_PAPER=\"fr_FR.UTF-8\"\nLC_IDENTIFICATION=\"fr_FR.UTF-8\"\nLC_NAME=\"fr_FR.UTF-8\"\nLC_ADDRESS=\"fr_FR.UTF-8\"\nLC_TELEPHONE=\"fr_FR.UTF-8\"\nLC_MEASUREMENT=\"fr_FR.UTF-8\"" >>/etc/default/locale
ARG JITSI_LETSENCRYPT=${JITSI_LETSENCRYPT:-true}
ARG JITSI_DOMAIN
ARG JITSI_PORT=$JITSI_PORT
ARG COTURN_INSTALLSERVER=${COTURN_INSTALLSERVER:-false}
ARG COTURN_LETSENCRYPT=${COTURN_LETSENCRYPT:-true}
ARG COTURN_DOMAIN=$COTURN_DOMAIN
ARG COTURN_PORT=${COTURN_PORT:-443}
ARG COTURN_SECRET=${COTURN_SECRET:-secret}
ARG CERTBOT_MAIL=${CERTBOT_MAIL:-certbot@domain.tld}
ARG DHPARAM=/etc/letsencrypt/dhparam.pem
ENV JITSI_DOMAIN=$JITSI_DOMAIN
ENV JITSI_LETSENCRYPT=$JITSI_LETSENCRYPT
ENV COTURN_DOMAIN=$COTURN_DOMAIN
ENV COTURN_LETSENCRYPT=$COTURN_LETSENCRYPT
ENV COTURN_INSTALLSERVER=$COTURN_INSTALLSERVER
ENV CERTBOT_MAIL=$CERTBOT_MAIL
ENV DHPARAM=$DHPARAM
RUN apt-get update && \
add-apt-repository -y ppa:certbot/certbot; \
apt-get update; \
apt-get -y install gnupg apt-utils cron;
RUN echo "*$JITSI_DOMAIN*"; \
if [ "$JITSI_DOMAIN" != "" ]; then \
apt-get update && \
bash -c "wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -"; \
echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi.list; \
apt-get update && \
apt-get -y install nginx openjdk-9-jre-headless ca-certificates-java authbind certbot python-certbot-nginx; \
echo "$JITSI_DOMAIN" | apt-get -y install jitsi-videobridge; \
echo "1" | apt-get -y install jitsi-meet-web-config; \
SIP_PASS=`echo $RANDOM$RANDOM | md5sum | awk '{ print $1 }'`; \
echo "sipuser #?!a9dklkldsjk" | apt-get -y install jitsi-meet jigasi prosody-modules; \
wget https://raw.githubusercontent.com/otalk/mod_turncredentials/master/mod_turncredentials.lua -O /usr/lib/prosody/modules/mod_turncredentials.lua; \
#
GETIP=`curl ifconfig.me/ip`; \
echo "***$GETIP***"; \
echo "org.jitsi.videobridge.TCP_HARVESTER_PORT=4443" >>/etc/jitsi/videobridge/sip-communicator.properties; \
echo "org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT=$JITSI_PORT" >>/etc/jitsi/videobridge/sip-communicator.properties; \
echo "org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=" >>/etc/jitsi/videobridge/sip-communicator.properties; \
echo "org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${PUBLIC_IP:=$GETIP}" >>/etc/jitsi/videobridge/sip-communicator.properties; \
echo "org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true" >>/etc/jitsi/videobridge/sip-communicator.properties; \
echo "org.jitsi.videobridge.ENABLE_REST_COLIBRI=false" >>/etc/jitsi/videobridge/sip-communicator.properties; \
#sed -i 's/^JVB_OPTS=.*$/JVB_OPTS="--apis=rest,xmpp"/' /etc/jitsi/videobridge/config; \
#
sed -i "s/\/\/ openBridgeChannel.*/openBridgeChannel: 'websocket',\nuseRtcpMux: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
sed -i "s/enableWelcomePage: .*$/enableWelcomePage: false,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
sed -i "s/\/\/ defaultLanguage.*/defaultLanguage: 'fr',/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
sed -i "s/\/\/ disableThirdPartyRequests.*/disableThirdPartyRequests: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
#sed -i "s/\/\/ startWithVideoMuted:.*/startWithVideoMuted: true,/" /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
#
sed -i '/location = \/http-bind {/a \\tproxy_set_header Upgrade $http_upgrade;\n\tproxy_set_header Connection "Upgrade";' /etc/nginx/sites-enabled/$JITSI_DOMAIN.conf; \
fi
RUN if [ "$JITSI_DOMAIN" != "" ] && [ "$COTURN_DOMAIN" != "" ]; then \
sed -i '/ modules_enabled/a "turncredentials";' /etc/prosody/conf.d/$JITSI_DOMAIN.cfg.lua; \
sed -i '/ p2p:/i \\tuseStunTurn: true,' /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
sed -i '/ p2p:/a \\tuseStunTurn: true,' /etc/jitsi/meet/$JITSI_DOMAIN-config.js; \
echo "turncredentials_secret = \"$COTURN_SECRET\";" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo "turncredentials_host = \"$COTURN_DOMAIN\";" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo "turncredentials_port = 443;" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo "turncredentials_ttl = 86400;" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo "turncredentials = {" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo " { type = \"stun\", host = \"$COTURN_DOMAIN\" }," >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo " { type = \"turn\", host = \"$COTURN_DOMAIN\", port = 443}," >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo " { type = \"turns\", host = \"$COTURN_DOMAIN\", port = $COTURN_PORT, transport = \"tcp\" }" >>/etc/prosody/conf.d/prosody.cfg.lua; \
echo "}" >>/etc/prosody/conf.d/prosody.cfg.lua; \
fi
RUN if [ "$COTURN_INSTALLSERVER" != "false" ]; then \
GETIP=`curl ifconfig.me/ip`; \
apt-get update && \
apt-get -y install coturn certbot; \
sed -i 's/#TURNSERVER/TURNSERVER/' /etc/default/coturn; \
GETIP=`curl ifconfig.me/ip`; \
echo "realm=$GETIP\n" \
"server-name=$GETIP\n" \
"cert=/etc/letsencrypt/live/$COTURN_DOMAIN/cert.pem\n" \
"pkey=/etc/letsencrypt/live/$COTURN_DOMAIN/privkey.pem\n" \
"dh-file=$DHPARAM\n" \
"fingerprint\n" \
"listening-ip=LOCAL_IP\n" \
"external-ip=$GETIP/LOCAL_IP\n" \
"listening-port=$COTURN_PORT\n" \
#"min-port=10000\n" \
#"max-port=20000\n" \
"log-file=/var/log/turnserver.log\n" \
"verbose\n" \
"static-auth-secret=$COTURN_SECRET\n" \
"use-auth-secret\n" \
"lt-cred-mech\n" \
"stale-nonce\n" \
"cipher-list=\"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5\"\n" \
"user=jitsi:jitsi\n" \
"no-loopback-peers\n" \
"no-multicast-peers\n" \
| sed 's/^ *//;s/ *$//' >>/etc/turnserver.conf; \
fi;
CMD LOCAL_IP=`hostname -I | cut -d " " -f1`; \
#
if [ "$COTURN_INSTALLSERVER" != "false" ]; then \
if [ ! -f "$DHPARAM" ]; then openssl dhparam -out "$DHPARAM" 2048; fi; \
#echo "upstream turn_https {\n server localhost:444;\n}\nserver {\n listen 443 ssl;\n\n server_name $COTURN_DOMAIN;\n ssl_certificate /etc/letsencrypt/live/$COTURN_DOMAIN/cert.pem;\n ssl_certificate_key /etc/letsencrypt/live/$COTURN_DOMAIN/privkey.pem;\n\n location / {\n proxy_pass https://turn_https;\n }\n}\n" >>/etc/nginx/sites-enabled/coturn.conf; \
sed -i "s/LOCAL_IP/$LOCAL_IP/" /etc/turnserver.conf; \
echo "COTURN: $COTURN_LETSENCRYPT;$COTURN_DOMAIN"; \
if [ "$COTURN_LETSENCRYPT" != "false" ] && [ ! -d "/etc/letsencrypt/live/$COTURN_DOMAIN" ]; then \
certbot certonly --standalone --preferred-challenges http -d "$COTURN_DOMAIN" --agree-tos --email "$CERTBOT_MAIL" --non-interactive; \
fi; \
service coturn start; \
fi; \
#
if [ "$JITSI_DOMAIN" != "" ]; then \
sed -i "s/^\(org\.ice4j\.ice.harvest\.NAT_HARVESTER_LOCAL_ADDRESS\).*$/\1=$LOCAL_IP/" /etc/jitsi/videobridge/sip-communicator.properties; \
service nginx start; \
service prosody start; \
service jicofo start; \
service jitsi-videobridge start; \
service jigasi start; \
echo "*$JITSI_DOMAIN;$CERTBOT_MAIL*"; \
if [ "$JITSI_LETSENCRYPT" != "false" ] && [ ! -d "/etc/letsencrypt/live/$JITSI_DOMAIN" ]; then \
certbot certonly --webroot --agree-tos -w "/usr/share/jitsi-meet/" -d "$JITSI_DOMAIN" -m "$CERTBOT_MAIL" --non-interactive; \
fi; \
ln -sf /etc/letsencrypt/live/$JITSI_DOMAIN/fullchain.pem /etc/jitsi/meet/$JITSI_DOMAIN.crt; \
ln -sf /etc/letsencrypt/live/$JITSI_DOMAIN/privkey.pem /etc/jitsi/meet/$JITSI_DOMAIN.key; \
service nginx reload; \
fi; \
service cron start; \
sleep infinity;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment