├── base
├── rootfs
│ ├── etc
│ │ ├── cont-finish.d
│ │ │ └── .gitkeep
│ │ ├── cont-init.d
│ │ │ ├── .gitkeep
│ │ │ └── 01-set-timezone
│ │ ├── fix-attrs.d
│ │ │ └── .gitkeep
│ │ ├── services.d
│ │ │ └── .gitkeep
│ │ └── apt
│ │ │ └── apt.conf.d
│ │ │ └── 99local
│ └── usr
│ │ └── bin
│ │ ├── apt-cleanup
│ │ └── apt-dpkg-wrap
└── Dockerfile
├── jibri
├── rootfs
│ ├── home
│ │ └── jibri
│ │ │ └── .config
│ │ │ └── pulse
│ │ │ ├── client.conf
│ │ │ ├── daemon.conf
│ │ │ └── default.pa
│ ├── etc
│ │ ├── fix-attrs.d
│ │ │ └── 10-jibri
│ │ ├── chromium
│ │ │ └── policies
│ │ │ │ └── managed
│ │ │ │ └── managed_policies.json
│ │ ├── opt
│ │ │ └── chrome
│ │ │ │ └── policies
│ │ │ │ └── managed
│ │ │ │ └── managed_policies.json
│ │ ├── services.d
│ │ │ ├── 30-pulse
│ │ │ │ └── run
│ │ │ ├── 20-icewm
│ │ │ │ └── run
│ │ │ ├── 10-xorg
│ │ │ │ └── run
│ │ │ ├── 40-jibri
│ │ │ │ ├── finish
│ │ │ │ └── run
│ │ │ └── 50-autoscaler-sidecar
│ │ │ │ └── run
│ │ ├── pulse
│ │ │ └── default.pa
│ │ └── cont-init.d
│ │ │ └── 10-config
│ ├── opt
│ │ └── jitsi
│ │ │ └── shutdown.sh
│ ├── defaults
│ │ ├── autoscaler-sidecar.config
│ │ ├── logging.properties
│ │ ├── xmpp.conf
│ │ ├── jibri.conf
│ │ └── xorg-video-dummy.conf
│ └── usr
│ │ └── bin
│ │ └── install-chrome.sh
└── Dockerfile
├── prosody
├── rootfs
│ ├── etc
│ │ ├── sasl
│ │ │ └── xmpp.conf
│ │ ├── services.d
│ │ │ ├── prosody
│ │ │ │ └── run
│ │ │ └── 10-saslauthd
│ │ │ │ └── run
│ │ └── cont-init.d
│ │ │ └── 10-config
│ ├── usr
│ │ └── local
│ │ │ └── bin
│ │ │ └── healthcheck.sh
│ └── defaults
│ │ ├── rules.d
│ │ └── jvb_muc_presence_filter.pfw
│ │ ├── saslauthd.conf
│ │ └── conf.d
│ │ ├── brewery.cfg.lua
│ │ └── visitors.cfg.lua
└── Dockerfile
├── .gitignore
├── resources
├── jitsi-docker.png
└── docker-jitsi-meet.png
├── web
├── rootfs
│ ├── etc
│ │ ├── services.d
│ │ │ ├── nginx
│ │ │ │ └── run
│ │ │ ├── cron
│ │ │ │ └── run
│ │ │ └── jaas-account
│ │ │ │ └── run
│ │ └── cont-init.d
│ │ │ └── 10-config
│ └── defaults
│ │ ├── ffdhe2048.txt
│ │ ├── default
│ │ ├── ssl.conf
│ │ ├── nginx.conf
│ │ ├── system-config.js
│ │ └── meet.conf
└── Dockerfile
├── jvb
├── rootfs
│ ├── usr
│ │ └── local
│ │ │ └── bin
│ │ │ └── healthcheck.sh
│ ├── etc
│ │ ├── services.d
│ │ │ ├── jvb
│ │ │ │ ├── finish
│ │ │ │ └── run
│ │ │ └── 50-autoscaler-sidecar
│ │ │ │ └── run
│ │ └── cont-init.d
│ │ │ └── 10-config
│ ├── opt
│ │ └── jitsi
│ │ │ └── shutdown.sh
│ └── defaults
│ │ ├── logging.properties
│ │ ├── autoscaler-sidecar.config
│ │ └── jvb.conf
└── Dockerfile
├── jicofo
├── rootfs
│ ├── usr
│ │ └── local
│ │ │ └── bin
│ │ │ └── healthcheck.sh
│ ├── etc
│ │ ├── services.d
│ │ │ └── jicofo
│ │ │ │ └── run
│ │ └── cont-init.d
│ │ │ └── 10-config
│ └── defaults
│ │ └── logging.properties
└── Dockerfile
├── jigasi
├── rootfs
│ ├── usr
│ │ └── local
│ │ │ └── bin
│ │ │ └── healthcheck.sh
│ ├── etc
│ │ ├── services.d
│ │ │ ├── jigasi
│ │ │ │ ├── finish
│ │ │ │ └── run
│ │ │ └── 50-autoscaler-sidecar
│ │ │ │ └── run
│ │ └── cont-init.d
│ │ │ └── 10-config
│ ├── opt
│ │ └── jitsi
│ │ │ └── shutdown.sh
│ └── defaults
│ │ ├── logging.properties
│ │ ├── autoscaler-sidecar.config
│ │ ├── sip-communicator.properties
│ │ ├── transcriber-sip-communicator.properties
│ │ ├── xmpp-sip-communicator.properties
│ │ └── sipserver-sip-communicator.properties
└── Dockerfile
├── prometheus
├── prometheus.yml
└── README.md
├── log-analyser
├── grafana-provisioning
│ ├── datasources
│ │ └── datasource_loki.yml
│ └── dashboards
│ │ ├── dashboards.yml
│ │ ├── jitsi-all.json
│ │ ├── jvb.json
│ │ ├── jitsi-web.json
│ │ └── prosody.json
├── loki
│ └── conf
│ │ └── loki-config.yaml
├── otel-collector-config.yaml
└── README.md
├── examples
└── README.md
├── whiteboard.yml
├── prometheus.yml
├── grafana.yml
├── .github
├── stale.yml
└── workflows
│ └── ci.yml
├── etherpad.yml
├── base-java
└── Dockerfile
├── log-analyser.yml
├── gen-passwords.sh
├── README.md
├── release.sh
├── Makefile
├── jibri.yml
├── jigasi.yml
├── transcriber.yml
├── env.example
└── LICENSE
/base/rootfs/etc/cont-finish.d/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/base/rootfs/etc/cont-init.d/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/base/rootfs/etc/fix-attrs.d/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/base/rootfs/etc/services.d/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/jibri/rootfs/home/jibri/.config/pulse/client.conf:
--------------------------------------------------------------------------------
1 | autospawn = no
2 |
--------------------------------------------------------------------------------
/base/rootfs/usr/bin/apt-cleanup:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | rm -rf /var/lib/apt/lists/
4 |
--------------------------------------------------------------------------------
/prosody/rootfs/etc/sasl/xmpp.conf:
--------------------------------------------------------------------------------
1 | pwcheck_method: saslauthd
2 | mech_list: PLAIN
3 |
--------------------------------------------------------------------------------
/base/rootfs/etc/apt/apt.conf.d/99local:
--------------------------------------------------------------------------------
1 | APT::Install-Recommends "false";
2 | APT::Install-Suggests "false";
3 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.swp
2 | .env*
3 | docker-compose.override.yml
4 | log-analyser/grafana
5 | **/.DS_Store
6 | **/.idea
7 |
--------------------------------------------------------------------------------
/resources/jitsi-docker.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daimoc/docker-jitsi-meet/master/resources/jitsi-docker.png
--------------------------------------------------------------------------------
/web/rootfs/etc/services.d/nginx/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | exec nginx -c /config/nginx/nginx.conf
4 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/fix-attrs.d/10-jibri:
--------------------------------------------------------------------------------
1 | /home/jibri/.config true jibri 0640 0750
2 | /home/jibri false jibri 0640 0750
3 |
--------------------------------------------------------------------------------
/jvb/rootfs/usr/local/bin/healthcheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | curl --fail-with-body http://127.0.0.1:8080/about/health
4 |
--------------------------------------------------------------------------------
/prosody/rootfs/usr/local/bin/healthcheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | curl --fail-with-body http://127.0.0.1:5280/health
4 |
--------------------------------------------------------------------------------
/jicofo/rootfs/usr/local/bin/healthcheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | curl --fail-with-body http://127.0.0.1:8888/about/health
4 |
--------------------------------------------------------------------------------
/jigasi/rootfs/usr/local/bin/healthcheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | curl --fail-with-body http://127.0.0.1:8788/about/health
4 |
--------------------------------------------------------------------------------
/resources/docker-jitsi-meet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/daimoc/docker-jitsi-meet/master/resources/docker-jitsi-meet.png
--------------------------------------------------------------------------------
/jibri/rootfs/etc/chromium/policies/managed/managed_policies.json:
--------------------------------------------------------------------------------
1 | {
2 | "CommandLineFlagSecurityWarningsEnabled": false
3 | }
4 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/opt/chrome/policies/managed/managed_policies.json:
--------------------------------------------------------------------------------
1 | {
2 | "CommandLineFlagSecurityWarningsEnabled": false
3 | }
4 |
--------------------------------------------------------------------------------
/prosody/rootfs/etc/services.d/prosody/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 | exec s6-setuidgid prosody prosody --config /config/prosody.cfg.lua -F
3 |
--------------------------------------------------------------------------------
/base/rootfs/usr/bin/apt-dpkg-wrap:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | export LC_ALL=C
4 | export DEBIAN_FRONTEND=noninteractive
5 |
6 | bin=$1
7 | shift
8 | exec "$bin" "$@"
9 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/30-pulse/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | HOME=/home/jibri
4 | exec s6-setuidgid jibri /bin/bash -c "exec /usr/bin/pulseaudio"
5 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/20-icewm/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | DAEMON="/usr/bin/icewm-session"
4 | exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
5 |
6 |
--------------------------------------------------------------------------------
/prometheus/prometheus.yml:
--------------------------------------------------------------------------------
1 | scrape_configs:
2 | - job_name: "prometheus"
3 | scrape_interval: 5s
4 | static_configs:
5 | - targets: ["prosody:5280","jvb:8080","jicofo:8888","otel:9464"]
6 |
--------------------------------------------------------------------------------
/log-analyser/grafana-provisioning/datasources/datasource_loki.yml:
--------------------------------------------------------------------------------
1 | apiVersion: 1
2 |
3 | datasources:
4 | - name: Loki
5 | isDefault: true
6 | type: loki
7 | access: proxy
8 | url: http://loki:3100
9 | editable: true
--------------------------------------------------------------------------------
/examples/README.md:
--------------------------------------------------------------------------------
1 | # Community Examples
2 |
3 | This folder used to contain community maintained example configurations for
4 | Kubernetes and Traefik. They have now been migrated to the [jitsi-contrib](https://github.com/jitsi-contrib)
5 | organization.
6 |
--------------------------------------------------------------------------------
/log-analyser/grafana-provisioning/dashboards/dashboards.yml:
--------------------------------------------------------------------------------
1 | apiVersion: 1
2 |
3 | providers:
4 | - name: 'default'
5 | orgId: 1
6 | folder: ''
7 | type: file
8 | disableDeletion: false
9 | editable: true
10 | options:
11 | path: /etc/grafana/provisioning/dashboards
12 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/10-xorg/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | DAEMON="/usr/bin/Xorg -nocursor -noreset +extension RANDR +extension RENDER -logfile /tmp/xorg.log -config /etc/jitsi/jibri/xorg-video-dummy.conf ${DISPLAY}"
4 | exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
5 |
6 |
--------------------------------------------------------------------------------
/jibri/rootfs/home/jibri/.config/pulse/daemon.conf:
--------------------------------------------------------------------------------
1 | daemonize = no
2 | high-priority = no
3 | realtime-scheduling = yes
4 | realtime-priority = 5
5 | exit-idle-time = -1
6 | flat-volumes = no
7 | deferred-volume-safety-margin-usec = 1
8 | log-level = info
9 | log-target = file:/config/logs/pulse.log
10 |
--------------------------------------------------------------------------------
/jibri/rootfs/home/jibri/.config/pulse/default.pa:
--------------------------------------------------------------------------------
1 | .include /etc/pulse/default.pa
2 |
3 | # Load the virtual sink and set it as default
4 | load-module module-virtual-sink sink_name=jibri-loop
5 | set-default-sink jibri-loop
6 |
7 | # set the monitor of the jibri-loop sink to be the default source
8 | set-default-source jibri-loop.monitor
9 |
--------------------------------------------------------------------------------
/web/rootfs/etc/services.d/cron/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [[ $DISABLE_HTTPS -ne 1 ]] && [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
4 | exec cron -f
5 | else
6 | # if cron should not be started,
7 | # prevent s6 from restarting this script again and again
8 | s6-svc -O /var/run/s6/services/cron
9 | fi
10 |
--------------------------------------------------------------------------------
/jvb/rootfs/etc/services.d/jvb/finish:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | # When the jvb is shutdown (or gracefully shutdown), it exits with code 0.
4 | # In this case, we don't want S6 to restart the service. We want to stop all
5 | # services and shutdown the container.
6 |
7 | if [[ $1 -eq 0 ]]; then
8 | /opt/jitsi/shutdown.sh
9 | fi
10 |
--------------------------------------------------------------------------------
/whiteboard.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | whiteboard:
5 | image: jitsi/excalidraw-backend:21
6 | restart: ${RESTART_POLICY:-unless-stopped}
7 | depends_on:
8 | - web
9 | networks:
10 | meet.jitsi:
11 | aliases:
12 | - whiteboard.meet.jitsi
13 |
--------------------------------------------------------------------------------
/base/rootfs/etc/cont-init.d/01-set-timezone:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [[ ! -z "$TZ" ]]; then
4 | if [[ -f /usr/share/zoneinfo/$TZ ]]; then
5 | ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
6 | echo "$TZ" > /etc/timezone
7 | else
8 | echo "WARNING: $TZ is not a valid time zone."
9 | fi
10 | fi
11 |
--------------------------------------------------------------------------------
/jvb/rootfs/opt/jitsi/shutdown.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [ -n "$AUTOSCALER_URL" ]; then
4 | # notify the sidecar of imminent shutdown
5 | PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
6 | curl -d '{}' -v 0:$PORT/hook/v1/shutdown
7 | sleep 10
8 | fi
9 |
10 | # shutdown everything
11 | s6-svscanctl -t /var/run/s6/services
12 |
--------------------------------------------------------------------------------
/jigasi/rootfs/etc/services.d/jigasi/finish:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | # When the jigasi is shutdown (or gracefully shutdown), it exits with code 0.
4 | # In this case, we don't want S6 to restart the service. We want to stop all
5 | # services and shutdown the container.
6 |
7 | if [[ $1 -eq 0 ]]; then
8 | /opt/jitsi/shutdown.sh
9 | fi
10 |
--------------------------------------------------------------------------------
/jigasi/rootfs/opt/jitsi/shutdown.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [ -n "$AUTOSCALER_URL" ]; then
4 | # notify the sidecar of imminent shutdown
5 | PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
6 | curl -d '{}' -v 0:$PORT/hook/v1/shutdown
7 | sleep 10
8 | fi
9 |
10 | # shutdown everything
11 | s6-svscanctl -t /var/run/s6/services
12 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/40-jibri/finish:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | # When jibri is shutdown (or gracefully shutdown), it exits with code 255.
4 | # In this case, we don't want S6 to restart the service. We want to stop all
5 | # services and shutdown the container.
6 |
7 | if [[ $1 -eq 255 ]]; then
8 | s6-svscanctl -t /var/run/s6/services
9 | fi
10 |
--------------------------------------------------------------------------------
/prometheus.yml:
--------------------------------------------------------------------------------
1 | services:
2 | prometheus:
3 | image: prom/prometheus
4 | container_name: prometheus
5 | command:
6 | - "--config.file=/etc/prometheus/prometheus.yml"
7 | ports:
8 | - 9090:9090
9 | restart: ${RESTART_POLICY:-unless-stopped}
10 | volumes:
11 | - ./prometheus:/etc/prometheus
12 | networks:
13 | meet.jitsi:
--------------------------------------------------------------------------------
/jibri/rootfs/opt/jitsi/shutdown.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 | # notify the sidecar of imminent shutdown
3 | PORT=${AUTOSCALER_SIDECAR_PORT:-6000}
4 | curl -d '{}' -v 0:$PORT/hook/v1/shutdown
5 | sleep 10
6 |
7 | # signal jibri to shutdown via rest api
8 | /opt/jitsi/jibri/shutdown.sh
9 |
10 | # shutdown everything else
11 | s6-svscanctl -t /var/run/s6/services
12 |
--------------------------------------------------------------------------------
/prosody/rootfs/etc/services.d/10-saslauthd/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 | if [[ -f /etc/saslauthd.conf ]]; then
3 | exec s6-setuidgid root saslauthd -a ldap -O /etc/saslauthd.conf -c -m /var/run/saslauthd -n 5 -d
4 | else
5 | # if saslauthd should not be started,
6 | # prevent s6 from restarting this script again and again
7 | s6-svc -O /var/run/s6/services/10-saslauthd
8 | fi
9 |
--------------------------------------------------------------------------------
/web/rootfs/defaults/ffdhe2048.txt:
--------------------------------------------------------------------------------
1 | -----BEGIN DH PARAMETERS-----
2 | MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
3 | +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
4 | 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
5 | YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
6 | 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
7 | ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
8 | -----END DH PARAMETERS-----
--------------------------------------------------------------------------------
/jicofo/rootfs/etc/services.d/jicofo/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
4 | DAEMON=/usr/share/jicofo/jicofo.sh
5 | DAEMON_DIR=/usr/share/jicofo/
6 |
7 | JICOFO_CMD="exec $DAEMON"
8 |
9 | [ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE"
10 |
11 | exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD"
12 |
--------------------------------------------------------------------------------
/jvb/rootfs/defaults/logging.properties:
--------------------------------------------------------------------------------
1 | {{ if .Env.SENTRY_DSN | toBool }}
2 | handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
3 | {{ else }}
4 | handlers= java.util.logging.ConsoleHandler
5 | {{ end }}
6 |
7 | java.util.logging.ConsoleHandler.level = ALL
8 | java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
9 | org.jitsi.utils.logging2.JitsiLogFormatter.programname=JVB
10 |
11 | .level=INFO
12 | io.sentry.jul.SentryHandler.level=WARNING
13 |
--------------------------------------------------------------------------------
/jvb/rootfs/etc/services.d/jvb/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | export JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jvb.conf"
4 |
5 | DAEMON=/usr/share/jitsi-videobridge/jvb.sh
6 |
7 | JVB_CMD="exec $DAEMON"
8 | [ -n "$JVB_LOG_FILE" ] && JVB_CMD="$JVB_CMD 2>&1 | tee $JVB_LOG_FILE"
9 |
10 | exec s6-setuidgid jvb /bin/bash -c "$JVB_CMD"
11 |
--------------------------------------------------------------------------------
/grafana.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | # Grafana: used for visualization of metrics and log data through customizable dashboards.
5 | grafana:
6 | image: grafana/grafana:10.2.0
7 | environment:
8 | - GF_ANALYTICS_REPORTING_ENABLED=false
9 | volumes:
10 | - ./log-analyser/grafana:/var/lib/grafana
11 | - ./log-analyser/grafana-provisioning/dashboards/:/etc/grafana/provisioning/dashboards/
12 | ports:
13 | - "3000:3000"
14 | networks:
15 | meet.jitsi:
16 |
--------------------------------------------------------------------------------
/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
4 | DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
5 | exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
6 | else
7 | # if autoscaler-sidecar should not be started,
8 | # prevent s6 from restarting this script again and again
9 | s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
10 | fi
11 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
4 | DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
5 | exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
6 | else
7 | # if autoscaler-sidecar should not be started,
8 | # prevent s6 from restarting this script again and again
9 | s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
10 | fi
11 |
--------------------------------------------------------------------------------
/jigasi/rootfs/etc/services.d/50-autoscaler-sidecar/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
4 | DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
5 | exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON"
6 | else
7 | # if autoscaler-sidecar should not be started,
8 | # prevent s6 from restarting this script again and again
9 | s6-svc -O /var/run/s6/services/50-autoscaler-sidecar
10 | fi
11 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/services.d/40-jibri/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | # we have to set it, otherwise chrome won't find ~/.asoundrc file
4 | HOME=/home/jibri
5 |
6 | DAEMON=/opt/jitsi/jibri/launch.sh
7 | CHROME_BIN_PATH="$(which google-chrome)"
8 | [ $? -ne 0 ] && CHROME_BIN_PATH="$(which chromium)"
9 | # pre-warm google chrome before jibri launches to ensure fast chrome launch during recordings
10 | [ -n "$CHROME_BIN_PATH" ] && s6-setuidgid jibri $CHROME_BIN_PATH --timeout=1000 --headless about:blank
11 | exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
12 |
13 |
--------------------------------------------------------------------------------
/jigasi/rootfs/etc/services.d/jigasi/run:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties"
4 |
5 | DAEMON=/usr/share/jigasi/jigasi.sh
6 | DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=${JIGASI_PORT_MIN:-20000} --max-port=${JIGASI_PORT_MAX:-20050}"
7 |
8 | JIGASI_CMD="JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
9 | [ -n "$JIGASI_LOG_FILE" ] && JIGASI_CMD="$JIGASI_CMD 2>&1 | tee $JIGASI_LOG_FILE"
10 |
11 | exec s6-setuidgid jigasi /bin/bash -c "$JIGASI_CMD"
12 |
--------------------------------------------------------------------------------
/jicofo/rootfs/defaults/logging.properties:
--------------------------------------------------------------------------------
1 | {{ if .Env.SENTRY_DSN | toBool }}
2 | handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
3 | {{ else }}
4 | handlers= java.util.logging.ConsoleHandler
5 | {{ end }}
6 |
7 | java.util.logging.ConsoleHandler.level = ALL
8 | java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
9 | org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jicofo
10 |
11 | .level=INFO
12 | io.sentry.jul.SentryHandler.level=WARNING
13 |
14 | # Enable debug packets logging
15 | #org.jitsi.impl.protocol.xmpp.level=FINE
16 |
--------------------------------------------------------------------------------
/web/rootfs/defaults/default:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80 default_server;
3 |
4 | {{ if .Env.ENABLE_IPV6 | default "1" | toBool }}
5 | listen [::]:80 default_server;
6 | {{ end }}
7 |
8 | {{ if .Env.ENABLE_HTTP_REDIRECT | default "0" | toBool }}
9 | return 301 https://$host$request_uri;
10 | {{ else }}
11 | include /config/nginx/meet.conf;
12 | {{ end }}
13 | }
14 |
15 | {{ if not (.Env.DISABLE_HTTPS | default "0" | toBool) }}
16 | server {
17 | listen 443 ssl http2;
18 |
19 | {{ if .Env.ENABLE_IPV6 | default "1" | toBool }}
20 | listen [::]:443 ssl http2;
21 | {{ end }}
22 |
23 | include /config/nginx/ssl.conf;
24 | include /config/nginx/meet.conf;
25 | }
26 | {{ end }}
27 |
--------------------------------------------------------------------------------
/.github/stale.yml:
--------------------------------------------------------------------------------
1 | # Number of days of inactivity before an issue becomes stale
2 | daysUntilStale: 60
3 | # Number of days of inactivity before a stale issue is closed
4 | daysUntilClose: 7
5 | # Issues with these labels will never be considered stale
6 | exemptLabels:
7 | - confirmed
8 | staleLabel: wontfix
9 | # Comment to post when marking an issue as stale. Set to `false` to disable
10 | markComment: >
11 | This issue has been automatically marked as stale because it has not had
12 | recent activity. It will be closed if no further activity occurs. Thank you
13 | for your contributions.
14 | # Comment to post when closing a stale issue. Set to `false` to disable
15 | closeComment: false
16 |
--------------------------------------------------------------------------------
/etherpad.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | # Etherpad: real-time collaborative document editing
5 | etherpad:
6 | image: etherpad/etherpad:2.0.3
7 | restart: ${RESTART_POLICY:-unless-stopped}
8 | environment:
9 | - TITLE=${ETHERPAD_TITLE:-""}
10 | - DEFAULT_PAD_TEXT=${ETHERPAD_DEFAULT_PAD_TEXT:-""}
11 | - SKIN_NAME=${ETHERPAD_SKIN_NAME:-colibris}
12 | - SKIN_VARIANTS=${ETHERPAD_SKIN_VARIANTS:-"super-light-toolbar super-light-editor light-background full-width-editor"}
13 | - SUPPRESS_ERRORS_IN_PAD_TEXT=true
14 | networks:
15 | meet.jitsi:
16 | aliases:
17 | - etherpad.meet.jitsi
18 |
--------------------------------------------------------------------------------
/jicofo/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base-java:${BASE_TAG}
4 |
5 | LABEL org.opencontainers.image.title="Jitsi Conference Focus (jicofo)"
6 | LABEL org.opencontainers.image.description="Server-side focus component that manages media sessions and acts as load balancer."
7 | LABEL org.opencontainers.image.url="https://github.com/jitsi/jicofo"
8 | LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
9 | LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
10 |
11 | RUN apt-dpkg-wrap apt-get update && \
12 | apt-dpkg-wrap apt-get install -y jicofo && \
13 | apt-cleanup
14 |
15 | COPY rootfs/ /
16 |
17 | VOLUME /config
18 |
--------------------------------------------------------------------------------
/base-java/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base:${BASE_TAG}
4 |
5 | RUN mkdir -p /usr/share/man/man1 && \
6 | mkdir -p /etc/apt/keyrings/ && \
7 | apt-dpkg-wrap apt-get update && \
8 | apt-dpkg-wrap apt-get install -y unzip ca-certificates curl gnupg && \
9 | curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
10 | echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
11 | apt-dpkg-wrap apt-get update && \
12 | apt-dpkg-wrap apt-get install -y nodejs openjdk-17-jre-headless openjdk-17-jdk-headless && \
13 | apt-cleanup
14 |
--------------------------------------------------------------------------------
/prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw:
--------------------------------------------------------------------------------
1 | {{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
2 | {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
3 | {{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
4 | {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
5 | # Drop all presence from a jvb in a MUC to a jvb
6 | FROM: {{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}
7 | TO: {{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}
8 | KIND: presence
9 | # Seems safer to allow all "unavailable" to pass
10 | TYPE: available
11 | # Allow self-presence (code=110)
12 | NOT INSPECT: {http://jabber.org/protocol/muc#user}x/status@code=110
13 | DROP.
14 |
--------------------------------------------------------------------------------
/jigasi/rootfs/defaults/logging.properties:
--------------------------------------------------------------------------------
1 | {{ if .Env.SENTRY_DSN | toBool }}
2 | handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
3 | {{ else }}
4 | handlers=java.util.logging.ConsoleHandler
5 | {{ end }}
6 |
7 | java.util.logging.ConsoleHandler.level = ALL
8 | java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
9 |
10 | .level=INFO
11 | net.sf.level=SEVERE
12 | net.java.sip.communicator.plugin.reconnectplugin.level=FINE
13 | org.ice4j.level=SEVERE
14 | org.jitsi.impl.neomedia.level=SEVERE
15 | io.sentry.jul.SentryHandler.level=WARNING
16 |
17 | # Do not worry about missing strings
18 | net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE
19 |
20 | #net.java.sip.communicator.service.protocol.level=ALL
21 |
--------------------------------------------------------------------------------
/jvb/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base-java:${BASE_TAG}
4 |
5 | LABEL org.opencontainers.image.title="Jitsi Videobridge (jvb)"
6 | LABEL org.opencontainers.image.description="WebRTC compatible server designed to route video streams amongst participants in a conference."
7 | LABEL org.opencontainers.image.url="https://jitsi.org/jitsi-videobridge/"
8 | LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
9 | LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
10 |
11 | RUN apt-dpkg-wrap apt-get update && \
12 | apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils libpcap0.8 && \
13 | apt-cleanup
14 |
15 | COPY rootfs/ /
16 |
17 | VOLUME /config
18 |
--------------------------------------------------------------------------------
/jigasi/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base-java:${BASE_TAG}
4 |
5 | LABEL org.opencontainers.image.title="Jitsi Gateway to SIP (jigasi)"
6 | LABEL org.opencontainers.image.description="Server-side application that allows regular SIP clients to join conferences."
7 | LABEL org.opencontainers.image.url="https://github.com/jitsi/jigasi"
8 | LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
9 | LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
10 |
11 | ENV GOOGLE_APPLICATION_CREDENTIALS /config/key.json
12 |
13 | RUN apt-dpkg-wrap apt-get update && \
14 | apt-dpkg-wrap apt-get install -y jigasi jq jitsi-autoscaler-sidecar && \
15 | apt-cleanup
16 |
17 | COPY rootfs/ /
18 |
19 | VOLUME ["/config", "/tmp/transcripts"]
20 |
--------------------------------------------------------------------------------
/jicofo/rootfs/etc/cont-init.d/10-config:
--------------------------------------------------------------------------------
1 | #!/usr/bin/with-contenv bash
2 |
3 | export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jicofo | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"
4 |
5 | if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
6 | echo 'FATAL ERROR: Jicofo auth password must be set'
7 | exit 1
8 | fi
9 |
10 | OLD_JICOFO_AUTH_PASSWORD=passw0rd
11 | if [[ "$JICOFO_AUTH_PASSWORD" == "$OLD_JICOFO_AUTH_PASSWORD" ]]; then
12 | echo 'FATAL ERROR: Jicofo auth password must be changed, check the README'
13 | exit 1
14 | fi
15 |
16 | # maintain backward compatibility with older variable
17 | [ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
18 |
19 | tpl /defaults/logging.properties > /config/logging.properties
20 | tpl /defaults/jicofo.conf > /config/jicofo.conf
21 |
22 | chown -R jicofo:jitsi /config
23 |
--------------------------------------------------------------------------------
/log-analyser.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | # Log Analyser: used for setting up a log analysis system for visualization, log collection and log processing.
5 |
6 | loki:
7 | container_name: loki
8 | image: grafana/loki:3.0.0
9 | command: -config.file=/conf/loki-config.yaml
10 | volumes:
11 | - ./log-analyser/loki/data:/data
12 | - ./log-analyser/loki/conf:/conf
13 | ports:
14 | - "3100:3100"
15 | networks:
16 | meet.jitsi:
17 |
18 | otel-collector:
19 | container_name: otel
20 | image: otel/opentelemetry-collector-contrib
21 | user: "0" # required for reading docker container logs
22 | volumes:
23 | - ./log-analyser/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
24 | - ./log-analyser/jitsi-logs/:/tmp/jitsi-logs/
25 | - /var/lib/docker/containers:/var/lib/docker/containers:ro
26 | - /var/run/docker.sock:/var/run/docker.sock
27 | networks:
28 | meet.jitsi:
29 |
--------------------------------------------------------------------------------
/gen-passwords.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | function generatePassword() {
4 | openssl rand -hex 16
5 | }
6 |
7 | JICOFO_AUTH_PASSWORD=$(generatePassword)
8 | JVB_AUTH_PASSWORD=$(generatePassword)
9 | JIGASI_XMPP_PASSWORD=$(generatePassword)
10 | JIBRI_RECORDER_PASSWORD=$(generatePassword)
11 | JIBRI_XMPP_PASSWORD=$(generatePassword)
12 | JIGASI_TRANSCRIBER_PASSWORD=$(generatePassword)
13 |
14 | sed -i.bak \
15 | -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
16 | -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
17 | -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
18 | -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
19 | -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
20 | -e "s#JIGASI_TRANSCRIBER_PASSWORD=.*#JIGASI_TRANSCRIBER_PASSWORD=${JIGASI_TRANSCRIBER_PASSWORD}#g" \
21 | "$(dirname "$0")/.env"
22 |
--------------------------------------------------------------------------------
/web/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base:${BASE_TAG}
4 |
5 | LABEL org.opencontainers.image.title="Jitsi Meet"
6 | LABEL org.opencontainers.image.description="WebRTC compatible JavaScript application that uses Jitsi Videobridge to provide high quality, scalable video conferences."
7 | LABEL org.opencontainers.image.url="https://jitsi.org/jitsi-meet/"
8 | LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
9 | LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
10 |
11 | ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/3.0.7/acme.sh /opt
12 | COPY rootfs/ /
13 |
14 | RUN apt-dpkg-wrap apt-get update && \
15 | apt-dpkg-wrap apt-get install -y dnsutils cron nginx-extras jitsi-meet-web socat curl jq && \
16 | mv /usr/share/jitsi-meet/interface_config.js /defaults && \
17 | rm -f /etc/nginx/conf.d/default.conf && \
18 | apt-cleanup
19 |
20 | EXPOSE 80 443
21 |
22 | VOLUME ["/config", "/usr/share/jitsi-meet/transcripts"]
23 |
--------------------------------------------------------------------------------
/prosody/rootfs/defaults/saslauthd.conf:
--------------------------------------------------------------------------------
1 | {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
2 | {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE }}
3 | {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
4 |
5 | {{ if eq $PROSODY_AUTH_TYPE "ldap" }}
6 | ldap_servers: {{ .Env.LDAP_URL }}
7 | ldap_search_base: {{ .Env.LDAP_BASE }}
8 | {{ if .Env.LDAP_BINDDN | default "" }}
9 | ldap_bind_dn: {{ .Env.LDAP_BINDDN }}
10 | ldap_bind_pw: {{ .Env.LDAP_BINDPW }}
11 | {{ end }}
12 | ldap_filter: {{ .Env.LDAP_FILTER | default "uid=%u" }}
13 | ldap_version: {{ .Env.LDAP_VERSION | default "3" }}
14 | ldap_auth_method: {{ .Env.LDAP_AUTH_METHOD | default "bind" }}
15 | {{ if .Env.LDAP_USE_TLS | default "0" | toBool }}
16 | ldap_tls_key: /config/certs/{{ $XMPP_DOMAIN }}.key
17 | ldap_tls_cert: /config/certs/{{ $XMPP_DOMAIN }}.crt
18 | {{ if .Env.LDAP_TLS_CHECK_PEER | default "0" | toBool }}
19 | ldap_tls_check_peer: yes
20 | ldap_tls_cacert_file: {{ .Env.LDAP_TLS_CACERT_FILE | default "/etc/ssl/certs/ca-certificates.crt" }}
21 | ldap_tls_cacert_dir: {{ .Env.LDAP_TLS_CACERT_DIR | default "/etc/ssl/certs" }}
22 | {{ end }}
23 | {{ if .Env.LDAP_TLS_CIPHERS }}
24 | ldap_tls_ciphers: {{ .Env.LDAP_TLS_CIPHERS }}
25 | {{ end }}
26 | {{ end }}
27 | {{ end }}
28 | {{ if .Env.LDAP_START_TLS | default "0" | toBool }}
29 | ldap_start_tls: yes
30 | {{ end }}
31 |
--------------------------------------------------------------------------------
/web/rootfs/defaults/ssl.conf:
--------------------------------------------------------------------------------
1 | # session settings
2 | ssl_session_timeout 1d;
3 | ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
4 | ssl_session_tickets off;
5 |
6 | # ssl certs
7 | {{ if .Env.ENABLE_LETSENCRYPT | default "0" | toBool }}
8 | ssl_certificate /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem;
9 | ssl_certificate_key /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem;
10 | {{ else }}
11 | ssl_certificate /config/keys/cert.crt;
12 | ssl_certificate_key /config/keys/cert.key;
13 | {{ end }}
14 |
15 | # protocols
16 | # Mozilla Guideline v5.6, nginx 1.14.2, OpenSSL 1.1.1d, intermediate configuration, no OCSP
17 | # https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6
18 | ssl_protocols TLSv1.2 TLSv1.3;
19 | ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
20 | ssl_prefer_server_ciphers off;
21 |
22 | # Diffie-Hellman parameter for DHE cipher suites
23 | ssl_dhparam /defaults/ffdhe2048.txt;
24 |
25 | # HSTS (ngx_http_headers_module is required) (63072000 seconds)
26 | {{ if .Env.ENABLE_HSTS | default "1" | toBool }}
27 | add_header Strict-Transport-Security "max-age=63072000" always;
28 | {{ end }}
29 |
--------------------------------------------------------------------------------
/prosody/rootfs/defaults/conf.d/brewery.cfg.lua:
--------------------------------------------------------------------------------
1 | {{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}}
2 | {{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
3 | {{ $SHARD_NAME := .Env.SHARD | default "default" -}}
4 | {{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
5 | {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
6 | {{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
7 |
8 | admins = {
9 | "focus@{{ $JVB_XMPP_AUTH_DOMAIN }}",
10 | "{{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}"
11 | }
12 |
13 | plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" }
14 |
15 | VirtualHost "{{ $JVB_XMPP_AUTH_DOMAIN }}"
16 | modules_enabled = {
17 | "smacks";
18 | }
19 | authentication = "internal_hashed"
20 | ssl = {
21 | key = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.key";
22 | certificate = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.crt";
23 | }
24 | smacks_hibernation_time = 15;
25 |
26 | Component "{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
27 | modules_enabled = {
28 | "muc_hide_all";
29 | "muc_filter_access";
30 | }
31 | storage = "memory"
32 | muc_room_cache_size = 10000
33 | muc_filter_whitelist="{{ $JVB_XMPP_AUTH_DOMAIN }}"
34 | muc_room_locking = false
35 | muc_room_default_public_jids = true
36 |
37 |
--------------------------------------------------------------------------------
/log-analyser/loki/conf/loki-config.yaml:
--------------------------------------------------------------------------------
1 | limits_config:
2 | allow_structured_metadata: true
3 |
4 | auth_enabled: false
5 |
6 | server:
7 | http_listen_port: 3100
8 | grpc_listen_port: 9096
9 |
10 | common:
11 | instance_addr: 127.0.0.1
12 | path_prefix: /tmp/loki
13 | storage:
14 | filesystem:
15 | chunks_directory: /tmp/loki/chunks
16 | rules_directory: /tmp/loki/rules
17 | replication_factor: 1
18 | ring:
19 | kvstore:
20 | store: inmemory
21 |
22 | query_range:
23 | results_cache:
24 | cache:
25 | embedded_cache:
26 | enabled: true
27 | max_size_mb: 100
28 |
29 | schema_config:
30 | configs:
31 | - from: 2020-10-24
32 | store: tsdb
33 | object_store: filesystem
34 | schema: v13
35 | index:
36 | prefix: index_
37 | period: 24h
38 |
39 |
40 | # By default, Loki will send anonymous, but uniquely-identifiable usage and configuration
41 | # analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/
42 | #
43 | # Statistics help us better understand how Loki is used, and they show us performance
44 | # levels for most users. This helps us prioritize features and documentation.
45 | # For more information on what's sent, look at
46 | # https://github.com/grafana/loki/blob/main/pkg/analytics/stats.go
47 | # Refer to the buildReport method to see what goes into a report.
48 | #
49 | # If you would like to disable reporting, uncomment the following lines:
50 | #analytics:
51 | # reporting_enabled: false
52 |
--------------------------------------------------------------------------------
/jigasi/rootfs/defaults/autoscaler-sidecar.config:
--------------------------------------------------------------------------------
1 | {{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
2 | {{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
3 | {{ $JIGASI_STATS_PORT := .Env.JIGASI_STATS_PORT | default "8788" -}}
4 | export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
5 | export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
6 | export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
7 | export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jigasi/graceful_shutdown.sh"
8 | export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
9 | export ENABLE_REPORT_STATS=true
10 | export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll"
11 | export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
12 | export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
13 | export STATS_RETRIEVE_URL="http://localhost:{{ $JIGASI_STATS_PORT }}/about/stats"
14 | export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
15 | export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
16 | export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
17 | export INSTANCE_TYPE="jigasi"
18 | export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
19 | export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JIGASI_INSTANCE_ID }}","version":"{{ .Env.JIGASI_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'
20 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Jitsi Meet on Docker
2 |
3 | 
4 |
5 | [Jitsi](https://jitsi.org/) is a set of Open Source projects that allows you to easily build and deploy secure videoconferencing solutions.
6 |
7 | [Jitsi Meet](https://jitsi.org/jitsi-meet/) is a fully encrypted, 100% Open Source video conferencing solution that you can use all day, every day, for free — with no account needed.
8 |
9 | This repository contains the necessary tools to run a Jitsi Meet stack on [Docker](https://www.docker.com) using [Docker Compose](https://docs.docker.com/compose/).
10 |
11 | All our images are published on [DockerHub](https://hub.docker.com/u/jitsi/).
12 |
13 | ## Supported architectures
14 |
15 | Starting with `stable-7439` the published images are available for `amd64` and `arm64`.
16 |
17 | ## Tags
18 |
19 | These are the currently published tags for all our images:
20 |
21 | Tag | Description
22 | -- | --
23 | `stable` | Points to the latest stable release
24 | `stable-NNNN-X` | A stable release
25 | `unstable` | Points to the latest unstable release
26 | `unstable-YYYY-MM-DD` | Daily unstable release
27 | `latest` | Deprecated, no longer updated (will be removed)
28 |
29 | ## Installation
30 |
31 | The installation manual is available [here](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker).
32 |
33 | ### Kubernetes
34 |
35 | If you plan to install the jitsi-meet stack on a Kubernetes cluster you can find tools and tutorials in the project [Jitsi on Kubernetes](https://github.com/jitsi-contrib/jitsi-kubernetes).
36 |
37 | ## TODO
38 |
39 | * Builtin TURN server.
40 |
--------------------------------------------------------------------------------
/web/rootfs/defaults/nginx.conf:
--------------------------------------------------------------------------------
1 | user www-data;
2 | worker_processes {{ .Env.NGINX_WORKER_PROCESSES | default "4" }};
3 | pid /run/nginx.pid;
4 | include /etc/nginx/modules-enabled/*.conf;
5 |
6 | events {
7 | worker_connections {{ .Env.NGINX_WORKER_CONNECTIONS | default "768" }};
8 | # multi_accept on;
9 | }
10 |
11 | http {
12 |
13 | ##
14 | # Basic Settings
15 | ##
16 |
17 | sendfile on;
18 | tcp_nopush on;
19 | tcp_nodelay on;
20 | keepalive_timeout {{ .Env.NGINX_KEEPALIVE_TIMEOUT | default "65" }};
21 | types_hash_max_size 2048;
22 | server_tokens off;
23 |
24 | # server_names_hash_bucket_size 64;
25 | # server_name_in_redirect off;
26 |
27 | client_max_body_size 0;
28 |
29 | {{ if .Env.NGINX_RESOLVER }}
30 | resolver {{ .Env.NGINX_RESOLVER }};
31 | {{ end -}}
32 |
33 | include /etc/nginx/mime.types;
34 | types {
35 | # add support for the wav MIME type that is requried to playback wav files in Firefox.
36 | audio/wav wav;
37 | }
38 | default_type application/octet-stream;
39 |
40 | ##
41 | # Logging Settings
42 | ##
43 |
44 | access_log /dev/stdout;
45 | error_log /dev/stderr;
46 |
47 | ##
48 | # Gzip Settings
49 | ##
50 |
51 | gzip on;
52 | gzip_types text/plain text/css application/javascript application/json;
53 | gzip_vary on;
54 | gzip_min_length 860;
55 |
56 | ##
57 | # Connection header for WebSocket reverse proxy
58 | ##
59 | map $http_upgrade $connection_upgrade {
60 | default upgrade;
61 | '' close;
62 | }
63 |
64 | ##
65 | # Virtual Host Configs
66 | ##
67 | include /config/nginx/site-confs/*;
68 | }
69 |
70 |
71 | daemon off;
72 |
--------------------------------------------------------------------------------
/jibri/rootfs/defaults/autoscaler-sidecar.config:
--------------------------------------------------------------------------------
1 | {{ $JIBRI_HTTP_API_EXTERNAL_PORT := .Env.JIBRI_HTTP_API_EXTERNAL_PORT | default "2222" -}}
2 | {{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
3 | {{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
4 | export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
5 | export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
6 | export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
7 | export GRACEFUL_SHUTDOWN_SCRIPT="/opt/jitsi/jibri/wait_graceful_shutdown.sh"
8 | export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
9 | export ENABLE_REPORT_STATS=true
10 | export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll"
11 | export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
12 | export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
13 | export STATS_RETRIEVE_URL="http://localhost:{{ $JIBRI_HTTP_API_EXTERNAL_PORT }}/jibri/api/v1.0/health"
14 | export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
15 | export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
16 | export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
17 | export INSTANCE_TYPE="jibri"
18 | export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
19 | export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JIBRI_INSTANCE_ID }}","version":"{{ .Env.JIBRI_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'
20 |
--------------------------------------------------------------------------------
/jvb/rootfs/defaults/autoscaler-sidecar.config:
--------------------------------------------------------------------------------
1 | {{ $JVB_COLIBRI_PORT := .Env.JVB_COLIBRI_PORT | default "8080" -}}
2 | {{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
3 | {{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
4 | export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
5 | export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
6 | export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
7 | export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh"
8 | export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh"
9 | export ENABLE_REPORT_STATS=true
10 | export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll"
11 | export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
12 | export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown"
13 | export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats"
14 | export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
15 | export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
16 | export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
17 | export INSTANCE_TYPE="JVB"
18 | export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
19 | export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","publicIp":"{{ .Env.JVB_ADVERTISE_IPS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'
20 |
--------------------------------------------------------------------------------
/release.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | # Don't start a release if the tree is dirty
6 | #
7 |
8 | if [[ ! -z $(git status -s) ]]; then
9 | echo "Git tree is not clean, aborting release!"
10 | exit 1
11 | fi
12 |
13 | # Get version and branch (we only do stable for now)
14 | #
15 |
16 | V="$1"
17 | RELEASE="${2:-stable}"
18 |
19 | if [[ -z $V ]]; then
20 | echo "A version must be specified!"
21 | exit 1
22 | fi
23 |
24 | VERSION="${RELEASE}-${V}"
25 | echo "Releasing ${VERSION}"
26 |
27 | if git rev-parse "${VERSION}" >/dev/null 2>&1; then
28 | echo "Tag for such version already exists!"
29 | exit 1
30 | fi
31 |
32 | # Prepare changelog
33 | #
34 |
35 | LAST_VERSION=$(git describe --tags --abbrev=0)
36 | CHANGES=$(git log --oneline --no-decorate --no-merges ${LAST_VERSION}..HEAD --pretty=format:"%x2a%x20%h%x20%s")
37 |
38 | echo "Changelog:"
39 | echo "$CHANGES"
40 |
41 | # Tag Docker images and push them to DockerHub
42 | #
43 |
44 | JITSI_BUILD=${VERSION} JITSI_RELEASE=${RELEASE} make release
45 |
46 | # Changelog
47 | #
48 |
49 | echo -e "## ${VERSION}\n\nBased on ${RELEASE} release ${V}.\n\n${CHANGES}\n" > tmp
50 | cat CHANGELOG.md >> tmp
51 | mv tmp CHANGELOG.md
52 |
53 | # Set specific image tags in compose files
54 | #
55 |
56 | sed -i "" -e "s/unstable/${VERSION}/" *.yml
57 |
58 | # Commit all changes and tag the repo
59 | #
60 |
61 | git commit -a -m "release: ${VERSION}" -m "${CHANGES}"
62 | git tag -a "${VERSION}" -m "release" -m "${CHANGES}"
63 |
64 | # Revert back to "unstable" for development
65 | #
66 |
67 | sed -i "" -e "s/${VERSION}/unstable/" *.yml
68 |
69 | git commit -a -m "misc: working on unstable"
70 |
71 | # Push all changes and tags
72 | #
73 |
74 | git push
75 | git push --tags
76 |
--------------------------------------------------------------------------------
/jibri/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG JITSI_REPO=jitsi
2 | ARG BASE_TAG=latest
3 | FROM ${JITSI_REPO}/base-java:${BASE_TAG}
4 |
5 | LABEL org.opencontainers.image.title="Jitsi Broadcasting Infrastructure (jibri)"
6 | LABEL org.opencontainers.image.description="Components for recording and/or streaming a conference."
7 | LABEL org.opencontainers.image.url="https://github.com/jitsi/jibri"
8 | LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet"
9 | LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
10 |
11 | ARG USE_CHROMIUM=0
12 | #ARG CHROME_RELEASE=latest
13 | # https://googlechromelabs.github.io/chrome-for-testing/
14 | ARG CHROME_RELEASE=130.0.6723.116
15 |
16 | COPY rootfs/ /
17 |
18 | RUN apt-dpkg-wrap apt-get update && \
19 | apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" \
20 | jibri \
21 | libgl1-mesa-dri \
22 | procps \
23 | jitsi-upload-integrations \
24 | jitsi-autoscaler-sidecar \
25 | jq \
26 | pulseaudio \
27 | dbus \
28 | dbus-x11 \
29 | rtkit \
30 | unzip \
31 | fonts-noto \
32 | fonts-noto-cjk \
33 | libcap2-bin && \
34 | /usr/bin/install-chrome.sh && \
35 | apt-cleanup && \
36 | adduser jibri rtkit && \
37 | dpkgArch="$(dpkg --print-architecture)" && \
38 | case "${dpkgArch##*-}" in \
39 | "amd64") SC_ARCH=x86_64 ;; \
40 | "arm64") SC_ARCH=aarch64 ;; \
41 | *) echo "unsupported architecture"; exit 1 ;; \
42 | esac && \
43 | wget -qO /usr/bin/shm-check https://github.com/saghul/shm-check/releases/download/v1.0.0/shm-check-${SC_ARCH} && \
44 | chmod +x /usr/bin/shm-check
45 |
46 | VOLUME /config
47 |
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | FORCE_REBUILD ?= 0
2 | JITSI_RELEASE ?= stable
3 | JITSI_BUILD ?= unstable
4 | JITSI_REPO ?= jitsi
5 |
6 | JITSI_SERVICES := base base-java web prosody jicofo jvb jigasi jibri
7 |
8 | BUILD_ARGS := \
9 | --build-arg JITSI_REPO=$(JITSI_REPO) \
10 | --build-arg JITSI_RELEASE=$(JITSI_RELEASE)
11 |
12 | ifeq ($(FORCE_REBUILD), 1)
13 | BUILD_ARGS := $(BUILD_ARGS) --no-cache
14 | endif
15 |
16 |
17 | all: build-all
18 |
19 | release:
20 | @$(foreach SERVICE, $(JITSI_SERVICES), $(MAKE) --no-print-directory JITSI_SERVICE=$(SERVICE) buildx;)
21 |
22 | buildx:
23 | docker buildx build \
24 | --platform linux/amd64,linux/arm64 \
25 | --progress=plain \
26 | $(BUILD_ARGS) --build-arg BASE_TAG=$(JITSI_BUILD) \
27 | --pull --push \
28 | --tag $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD) \
29 | --tag $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_RELEASE) \
30 | $(JITSI_SERVICE)
31 |
32 | $(addprefix buildx_,$(JITSI_SERVICES)):
33 | $(MAKE) --no-print-directory JITSI_SERVICE=$(patsubst buildx_%,%,$@) buildx
34 |
35 | build:
36 | docker build \
37 | $(BUILD_ARGS) \
38 | --progress plain \
39 | --tag $(JITSI_REPO)/$(JITSI_SERVICE) \
40 | $(JITSI_SERVICE)
41 |
42 | $(addprefix build_,$(JITSI_SERVICES)):
43 | $(MAKE) --no-print-directory JITSI_SERVICE=$(patsubst build_%,%,$@) build
44 |
45 | tag:
46 | docker tag $(JITSI_REPO)/$(JITSI_SERVICE) $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD)
47 |
48 | push:
49 | docker push $(JITSI_REPO)/$(JITSI_SERVICE):$(JITSI_BUILD)
50 |
51 | %-all:
52 | @$(foreach SERVICE, $(JITSI_SERVICES), $(MAKE) --no-print-directory JITSI_SERVICE=$(SERVICE) $(subst -all,;,$@))
53 |
54 | clean:
55 | docker-compose stop
56 | docker-compose rm
57 | docker network prune
58 |
59 | prepare:
60 | FORCE_REBUILD=1 $(MAKE)
61 |
62 | .PHONY: all build tag push clean prepare release $(addprefix build_,$(JITSI_SERVICES))
63 |
--------------------------------------------------------------------------------
/base/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM docker.io/library/debian:bookworm-slim
2 |
3 | ARG JITSI_RELEASE=stable
4 | ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
5 |
6 | COPY rootfs /
7 |
8 | RUN \
9 | dpkgArch="$(dpkg --print-architecture)" && \
10 | case "${dpkgArch##*-}" in \
11 | "amd64") TPL_ARCH=amd64; S6_ARCH=amd64 ;; \
12 | "arm64") TPL_ARCH=arm64; S6_ARCH=aarch64 ;; \
13 | *) echo "unsupported architecture"; exit 1 ;; \
14 | esac && \
15 | apt-dpkg-wrap apt-get update && \
16 | apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg wget curl && \
17 | wget -qO /usr/bin/tpl https://github.com/jitsi/tpl/releases/download/v1.4.0/tpl-linux-${TPL_ARCH} && \
18 | # Workaround S6 bug when /bin is a symlink
19 | wget -qO /tmp/s6.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-${S6_ARCH}.tar.gz && \
20 | mkdir /tmp/s6 && \
21 | tar xfz /tmp/s6.tar.gz -C /tmp/s6 && \
22 | tar hxfz /tmp/s6.tar.gz -C / && \
23 | rm -f /usr/bin/execlineb && \
24 | cp /tmp/s6/bin/execlineb /usr/bin/ && \
25 | rm -rf /tmp/s6* && \
26 | wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmour > /etc/apt/trusted.gpg.d/jitsi.gpg && \
27 | echo "deb https://download.jitsi.org $JITSI_RELEASE/" > /etc/apt/sources.list.d/jitsi.list && \
28 | echo "deb http://ftp.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list && \
29 | apt-dpkg-wrap apt-get update && \
30 | apt-dpkg-wrap apt-get dist-upgrade -y && \
31 | apt-cleanup && \
32 | chmod +x /usr/bin/tpl
33 |
34 | RUN [ "$JITSI_RELEASE" = "unstable" ] && \
35 | apt-dpkg-wrap apt-get update && \
36 | apt-dpkg-wrap apt-get install -y jq procps curl vim iputils-ping net-tools && \
37 | apt-cleanup || \
38 | true
39 |
40 | ENTRYPOINT [ "/init" ]
41 |
--------------------------------------------------------------------------------
/jibri/rootfs/defaults/logging.properties:
--------------------------------------------------------------------------------
1 | handlers = java.util.logging.FileHandler, java.util.logging.ConsoleHandler
2 |
3 | org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jibri
4 |
5 | java.util.logging.FileHandler.level = FINE
6 | java.util.logging.FileHandler.pattern = /config/logs/log.%g.txt
7 | java.util.logging.FileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
8 | java.util.logging.FileHandler.count = 10
9 | java.util.logging.FileHandler.limit = 10000000
10 |
11 | org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.level = FINE
12 | org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = /config/logs/ffmpeg.%g.txt
13 | org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
14 | org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.count = 10
15 | org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.limit = 10000000
16 |
17 | org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.level = FINE
18 | org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = /config/logs/pjsua.%g.txt
19 | org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
20 | org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.count = 10
21 | org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.limit = 10000000
22 |
23 | org.jitsi.jibri.selenium.util.BrowserFileHandler.level = FINE
24 | org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = /config/logs/browser.%g.txt
25 | org.jitsi.jibri.selenium.util.BrowserFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
26 | org.jitsi.jibri.selenium.util.BrowserFileHandler.count = 10
27 | org.jitsi.jibri.selenium.util.BrowserFileHandler.limit = 10000000
28 |
29 | java.util.logging.ConsoleHandler.level = FINE
30 | java.util.logging.ConsoleHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter
31 |
32 | org.jitsi.level = FINE
33 | org.glassfish.level = INFO
34 |
--------------------------------------------------------------------------------
/jibri/rootfs/usr/bin/install-chrome.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -o pipefail -xeu
4 |
5 | dpkgArch="$(dpkg --print-architecture)"
6 |
7 | if [ "${USE_CHROMIUM}" = 1 -o "${dpkgArch##*-}" = "arm64" ]; then
8 | echo "Using Debian's Chromium"
9 | apt-dpkg-wrap apt-get install -y chromium chromium-driver chromium-sandbox
10 | chromium --version
11 | else
12 | if [ "${CHROME_RELEASE}" = "latest" ]; then
13 | wget -qO - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmour > /etc/apt/trusted.gpg.d/google.gpg
14 | echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
15 | apt-dpkg-wrap apt-get update
16 | apt-dpkg-wrap apt-get install -y google-chrome-stable
17 | else
18 | CHROME_DEB="/tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb"
19 | curl -4so ${CHROME_DEB} "http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb"
20 | apt-dpkg-wrap apt-get install -y ${CHROME_DEB}
21 | rm -f ${CHROME_DEB}
22 | fi
23 |
24 | google-chrome --version
25 |
26 | BASE_URL=https://googlechromelabs.github.io/chrome-for-testing
27 |
28 | if [ "${CHROME_RELEASE}" = "latest" ]; then
29 | CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_STABLE)"
30 | else
31 | CHROMEDRIVER_MAJOR_RELEASE=$(echo $CHROME_RELEASE | cut -d. -f1)
32 | CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_${CHROMEDRIVER_MAJOR_RELEASE})"
33 | fi
34 |
35 | CHROMEDRIVER_ZIP="/tmp/chromedriver_linux64.zip"
36 | curl -4Lso ${CHROMEDRIVER_ZIP} "https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_RELEASE}/linux64/chromedriver-linux64.zip"
37 | unzip ${CHROMEDRIVER_ZIP} -d /tmp/
38 | mv /tmp/chromedriver-linux64/chromedriver /usr/bin/
39 | chmod +x /usr/bin/chromedriver
40 | rm -rf /tmp/chromedriver*
41 | fi
42 |
43 | chromedriver --version
44 |
--------------------------------------------------------------------------------
/prometheus/README.md:
--------------------------------------------------------------------------------
1 | # Prometheus Scraping & Grafana Dashboard for Jitsi
2 |
3 | ## Overview
4 |
5 | This project aims to integrate **Prometheus** and **Grafana** with Jitsi to monitor and visualize performance metrics.
6 |
7 | ## Features
8 |
9 | - **Prometheus Integration**: Collects metrics from Jitsi containers.
10 | - **Grafana Dashboards**: Visualizes the metrics for easy analysis.
11 |
12 | ## Installation
13 |
14 | ### Prerequisites
15 |
16 | - Docker
17 | - Docker Compose
18 |
19 | ### Steps
20 |
21 | 1. **Setup Jitsi with Docker Compose**
22 |
23 | Follow the [Jitsi Docker](https://github.com/jitsi/docker-jitsi-meet) setup instructions.
24 | Also, you could follow Self - Hosting guide of Jitsi Meet: [Jitsi handbook](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker/)
25 |
26 | 2. **Configure Prometheus**
27 |
28 | Edit `/prometheus/prometheus.yml` with any **Port / Container name** changes are there to scrape metrics from Jitsi containers:
29 |
30 | ```yaml
31 | scrape_configs:
32 | - job_name: "jitsi"
33 | static_configs:
34 | - targets: ["prosody:5280", "jvb:8080", "jicofo:8888", "otel:9464"]
35 | ```
36 |
37 | 3. **Run Docker Compose**
38 |
39 | The following command turns up the Jitsi Meet:
40 |
41 | ```bash
42 | docker-compose up -d
43 | ```
44 |
45 | If you want to add the Prometheus and Grafana for monitoring purpose. Use the following command:
46 |
47 | ```bash
48 | docker-compose -f docker-compose.yml -f prometheus.yml -f grafana.yml up -d
49 | ```
50 |
51 | To monitor Docker Engine we need to enable **Open Telemetry** service, which can be turned up from `log-analyser.yml`. Use the following command:
52 |
53 | ```bash
54 | docker-compose -f docker-compose.yml -f prometheus.yml -f grafana.yml -f log-analyser.yml up -d
55 | ```
56 |
57 | ## Usage
58 |
59 | 1. **View the Prometheus Targets**
60 |
61 | Open [http://localhost:9090](http://localhost:9090) in your browser.
62 |
63 | 2. **Access Grafana Dashboard**
64 |
65 | Open [http://localhost:3000](http://localhost:3000) in your browser.
66 |
67 | 3. **Import Dashboard**
68 |
69 | Import the provided JSON file in Grafana to visualize Jitsi metrics.
70 |
71 | ## Contributer
72 |
73 | [@24kushang](https://github.com/24kushang).
74 |
--------------------------------------------------------------------------------
/jibri.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | jibri:
5 | image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable}
6 | restart: ${RESTART_POLICY:-unless-stopped}
7 | volumes:
8 | - ${CONFIG}/jibri:/config:Z
9 | shm_size: '2gb'
10 | cap_add:
11 | - SYS_ADMIN
12 | environment:
13 | - AUTOSCALER_SIDECAR_KEY_FILE
14 | - AUTOSCALER_SIDECAR_KEY_ID
15 | - AUTOSCALER_SIDECAR_GROUP_NAME
16 | - AUTOSCALER_SIDECAR_HOST_ID
17 | - AUTOSCALER_SIDECAR_INSTANCE_ID
18 | - AUTOSCALER_SIDECAR_PORT
19 | - AUTOSCALER_SIDECAR_REGION
20 | - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
21 | - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
22 | - AUTOSCALER_URL
23 | - CHROMIUM_FLAGS
24 | - DISPLAY=:0
25 | - ENABLE_STATS_D
26 | - IGNORE_CERTIFICATE_ERRORS
27 | - JIBRI_WEBHOOK_SUBSCRIBERS
28 | - JIBRI_INSTANCE_ID
29 | - JIBRI_ENABLE_PROMETHEUS
30 | - JIBRI_HTTP_API_EXTERNAL_PORT
31 | - JIBRI_HTTP_API_INTERNAL_PORT
32 | - JIBRI_RECORDING_RESOLUTION
33 | - JIBRI_RECORDING_VIDEO_ENCODE_PRESET
34 | - JIBRI_RECORDING_CONSTANT_RATE_FACTOR
35 | - JIBRI_RECORDING_FRAMERATE
36 | - JIBRI_RECORDING_QUEUE_SIZE
37 | - JIBRI_RECORDING_STREAMING_MAX_BITRATE
38 | - JIBRI_USAGE_TIMEOUT
39 | - JIBRI_XMPP_USER
40 | - JIBRI_XMPP_PASSWORD
41 | - JIBRI_XORG_HORIZ_SYNC
42 | - JIBRI_XORG_VERT_REFRESH
43 | - JIBRI_BREWERY_MUC
44 | - JIBRI_RECORDER_USER
45 | - JIBRI_RECORDER_PASSWORD
46 | - JIBRI_RECORDING_DIR
47 | - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH
48 | - JIBRI_STRIP_DOMAIN_JID
49 | - JIBRI_STATSD_HOST
50 | - JIBRI_STATSD_PORT
51 | - LOCAL_ADDRESS
52 | - PUBLIC_URL
53 | - TZ
54 | - XMPP_AUTH_DOMAIN
55 | - XMPP_DOMAIN
56 | - XMPP_INTERNAL_MUC_DOMAIN
57 | - XMPP_MUC_DOMAIN
58 | - XMPP_HIDDEN_DOMAIN
59 | - XMPP_SERVER
60 | - XMPP_PORT
61 | - XMPP_RECORDER_DOMAIN
62 | - XMPP_TRUST_ALL_CERTS
63 | depends_on:
64 | - jicofo
65 | networks:
66 | meet.jitsi:
67 |
--------------------------------------------------------------------------------
/jibri/rootfs/etc/pulse/default.pa:
--------------------------------------------------------------------------------
1 | #!/usr/bin/pulseaudio -nF
2 | #
3 | # This file is part of PulseAudio.
4 | #
5 | # PulseAudio is free software; you can redistribute it and/or modify it
6 | # under the terms of the GNU Lesser General Public License as published by
7 | # the Free Software Foundation; either version 2 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # PulseAudio is distributed in the hope that it will be useful, but
11 | # WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | # General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU Lesser General Public License
16 | # along with PulseAudio; if not, see .
17 |
18 | # This startup script is used only if PulseAudio is started per-user
19 | # (i.e. not in system mode)
20 |
21 | # Customized for Jibri
22 |
23 | .fail
24 |
25 | ### Automatically restore the volume of streams and devices
26 | load-module module-device-restore
27 | load-module module-stream-restore
28 | load-module module-card-restore
29 |
30 | ### Automatically augment property information from .desktop files
31 | ### stored in /usr/share/application
32 | load-module module-augment-properties
33 |
34 | ### Should be after module-*-restore but before module-*-detect
35 | load-module module-switch-on-port-available
36 |
37 | ### Load several protocols
38 | load-module module-native-protocol-unix
39 |
40 | ### Automatically restore the default sink/source when changed by the user
41 | ### during runtime
42 | ### NOTE: This should be loaded as early as possible so that subsequent modules
43 | ### that look up the default sink/source get the right value
44 | load-module module-default-device-restore
45 |
46 | ### Make sure we always have a sink around, even if it is a null sink.
47 | load-module module-always-sink
48 |
49 | ### Honour intended role device property
50 | load-module module-intended-roles
51 |
52 | ### Automatically suspend sinks/sources that become idle for too long
53 | load-module module-suspend-on-idle
54 |
55 | ### If autoexit on idle is enabled we want to make sure we only quit
56 | ### when no local session needs us anymore.
57 | #.ifexists module-console-kit.so
58 | #load-module module-console-kit
59 | #.endif
60 | #.ifexists module-systemd-login.so
61 | #load-module module-systemd-login
62 | #.endif
63 |
64 | ### Enable positioned event sounds
65 | load-module module-position-event-sounds
66 |
--------------------------------------------------------------------------------
/jigasi.yml:
--------------------------------------------------------------------------------
1 | version: '3.5'
2 |
3 | services:
4 | # SIP gateway (audio)
5 | jigasi:
6 | image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable}
7 | restart: ${RESTART_POLICY:-unless-stopped}
8 | ports:
9 | - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp'
10 | volumes:
11 | - ${CONFIG}/jigasi:/config:Z
12 | environment:
13 | - AUTOSCALER_SIDECAR_KEY_FILE
14 | - AUTOSCALER_SIDECAR_KEY_ID
15 | - AUTOSCALER_SIDECAR_GROUP_NAME
16 | - AUTOSCALER_SIDECAR_HOST_ID
17 | - AUTOSCALER_SIDECAR_INSTANCE_ID
18 | - AUTOSCALER_SIDECAR_PORT
19 | - AUTOSCALER_SIDECAR_REGION
20 | - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
21 | - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
22 | - AUTOSCALER_URL
23 | - BOSH_URL_PATTERN
24 | - ENABLE_AUTH
25 | - ENABLE_GUESTS
26 | - ENABLE_VISITORS
27 | - XMPP_AUTH_DOMAIN
28 | - XMPP_GUEST_DOMAIN
29 | - XMPP_MUC_DOMAIN
30 | - XMPP_INTERNAL_MUC_DOMAIN
31 | - XMPP_SERVER
32 | - XMPP_PORT
33 | - XMPP_DOMAIN
34 | - PUBLIC_URL
35 | - JIGASI_CONFIGURATION
36 | - JIGASI_DISABLE_SIP
37 | - JIGASI_JVB_TIMEOUT
38 | - JIGASI_LOCAL_REGION
39 | - JIGASI_LOG_FILE
40 | - JIGASI_MODE=sip
41 | - JIGASI_SIP_URI
42 | - JIGASI_SIP_PASSWORD
43 | - JIGASI_SIP_SERVER
44 | - JIGASI_SIP_PORT
45 | - JIGASI_SIP_TRANSPORT
46 | - JIGASI_SIP_DEFAULT_ROOM
47 | - JIGASI_XMPP_USER
48 | - JIGASI_XMPP_PASSWORD
49 | - JIGASI_BREWERY_MUC
50 | - JIGASI_PORT_MIN
51 | - JIGASI_PORT_MAX
52 | - JIGASI_HEALTH_CHECK_SIP_URI
53 | - JIGASI_HEALTH_CHECK_INTERVAL
54 | - JIGASI_SIP_KEEP_ALIVE_METHOD
55 | - JIGASI_ENABLE_SDES_SRTP
56 | - JIGASI_VISITORS_QUEUE_SERVICE_URL
57 | - JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_PATH
58 | - JIGASI_VISITORS_QUEUE_SERVICE_PRIVATE_KEY_ID
59 | - SHUTDOWN_REST_ENABLED
60 | - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}"
61 | - SENTRY_ENVIRONMENT
62 | - SENTRY_RELEASE
63 | - TZ
64 | - USE_TRANSLATOR_IN_CONFERENCE
65 | depends_on:
66 | - prosody
67 | networks:
68 | meet.jitsi:
69 |
--------------------------------------------------------------------------------
/web/rootfs/defaults/system-config.js:
--------------------------------------------------------------------------------
1 | {{ $CONFIG_PREFIX := .Env.WEB_CONFIG_PREFIX | default "// Jitsi Meet configuration.\n" -}}
2 | {{ $BOSH_RELATIVE := .Env.BOSH_RELATIVE | default "false" | toBool -}}
3 | {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}}
4 | {{ $ENABLE_AUTH_DOMAIN := .Env.ENABLE_AUTH_DOMAIN | default "true" | toBool -}}
5 | {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}}
6 | {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
7 | {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}}
8 | {{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
9 | {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
10 | {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
11 | {{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
12 | {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
13 | {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
14 | {{ $JVB_PREFER_SCTP := .Env.JVB_PREFER_SCTP | default "1" | toBool -}}
15 |
16 | {{ join "\n" (splitList "\\n" $CONFIG_PREFIX) }}
17 | var config = {};
18 |
19 | config.hosts = {};
20 | config.hosts.domain = '{{ $XMPP_DOMAIN }}';
21 |
22 | {{ if $ENABLE_SUBDOMAINS -}}
23 | var subdir = '';
24 | var subdomain = '';
25 | if (subdir.startsWith('