├── Gitea ├── docker-compose.yaml └── env.example ├── Jitsi Meet ├── .env-no-proxy ├── .env-reverse-proxy ├── docker-compose-no-proxy.yaml └── docker-compose-reverse-proxy.yaml ├── Nextcloud ├── docker-compose.yaml └── env.example ├── README.md └── Reverse_Proxy ├── client_max_upload_size.conf ├── docker-compose.yaml └── env.example /Gitea/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | 5 | Gitea: 6 | image: "gitea/gitea:1.14.1" 7 | 8 | environment: 9 | - USER 10 | - USER_UID 11 | - USER_GID 12 | - GITEA__APP_NAME 13 | - GITEA__RUN_MODE 14 | - GITEA__server__LOCAL_ROOT_URL 15 | 16 | volumes: 17 | - "GiteaData:/data" 18 | - "/etc/timezone:/etc/timezone:ro" 19 | - "/etc/localtime:/etc/localtime:ro" 20 | 21 | restart: "on-failure" 22 | networks: 23 | - "net" 24 | 25 | ports: 26 | - "3000:8080" 27 | - "222:22" 28 | 29 | volumes: 30 | GiteaData: 31 | 32 | networks: 33 | net: 34 | external: true 35 | -------------------------------------------------------------------------------- /Gitea/env.example: -------------------------------------------------------------------------------- 1 | USER=git 2 | USER_UID=1000 3 | USER_GID=1000 4 | GITEA__APP_NAME=Gitea 5 | GITEA__RUN_MODE=prod 6 | GITEA__server__DOMAIN=172.104.206.146 7 | GITEA__server__LOCAL_ROOT_URL=http://172.104.206.146:8080 8 | -------------------------------------------------------------------------------- /Jitsi Meet/.env-no-proxy: -------------------------------------------------------------------------------- 1 | # shellcheck disable=SC2034 2 | 3 | # Security 4 | # 5 | # Set these to strong passwords to avoid intruders from impersonating a service account 6 | # The service(s) won't start unless these are specified 7 | # Running ./gen-passwords.sh will update .env with strong passwords 8 | # You may skip the Jigasi and Jibri passwords if you are not using those 9 | # DO NOT reuse passwords 10 | # 11 | 12 | # XMPP component password for Jicofo 13 | JICOFO_COMPONENT_SECRET= 14 | 15 | # XMPP password for Jicofo client connections 16 | JICOFO_AUTH_PASSWORD= 17 | 18 | # XMPP password for JVB client connections 19 | JVB_AUTH_PASSWORD= 20 | 21 | # XMPP password for Jigasi MUC client connections 22 | JIGASI_XMPP_PASSWORD= 23 | 24 | # XMPP recorder password for Jibri client connections 25 | JIBRI_RECORDER_PASSWORD= 26 | 27 | # XMPP password for Jibri client connections 28 | JIBRI_XMPP_PASSWORD= 29 | 30 | 31 | # 32 | # Basic configuration options 33 | # 34 | 35 | # Directory where all configuration will be stored 36 | CONFIG=~/.jitsi-meet-cfg 37 | 38 | # Exposed HTTP port 39 | HTTP_PORT=80 40 | 41 | # Exposed HTTPS port 42 | HTTPS_PORT=443 43 | 44 | # System time zone 45 | TZ=UTC 46 | 47 | # Public URL for the web service (required) 48 | PUBLIC_URL=https://meet.domain.com 49 | 50 | # IP address of the Docker host 51 | # See the "Running behind NAT or on a LAN environment" section in the Handbook: 52 | # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment 53 | #DOCKER_HOST_ADDRESS=192.168.1.1 54 | 55 | # Control whether the lobby feature should be enabled or not 56 | #ENABLE_LOBBY=1 57 | 58 | # Show a prejoin page before entering a conference 59 | #ENABLE_PREJOIN_PAGE=0 60 | 61 | # Enable the welcome page 62 | #ENABLE_WELCOME_PAGE=1 63 | 64 | # Enable the close page 65 | #ENABLE_CLOSE_PAGE=0 66 | 67 | # Disable measuring of audio levels 68 | #DISABLE_AUDIO_LEVELS=0 69 | 70 | # Enable noisy mic detection 71 | #ENABLE_NOISY_MIC_DETECTION=1 72 | 73 | # 74 | # Let's Encrypt configuration 75 | # 76 | 77 | # Enable Let's Encrypt certificate generation 78 | ENABLE_LETSENCRYPT=1 79 | 80 | # Domain for which to generate the certificate 81 | LETSENCRYPT_DOMAIN=meet.domain.com 82 | 83 | # E-Mail for receiving important account notifications (mandatory) 84 | LETSENCRYPT_EMAIL=admin@domain.com 85 | 86 | # Use the staging server (for avoiding rate limits while testing) 87 | #LETSENCRYPT_USE_STAGING=1 88 | 89 | 90 | # 91 | # Etherpad integration (for document sharing) 92 | # 93 | 94 | # Set etherpad-lite URL in docker local network (uncomment to enable) 95 | #ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 96 | 97 | # Set etherpad-lite public URL (uncomment to enable) 98 | #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain 99 | 100 | # Name your etherpad instance! 101 | ETHERPAD_TITLE=Video Chat 102 | 103 | # The default text of a pad 104 | ETHERPAD_DEFAULT_PAD_TEXT=Welcome to Web Chat!\n\n 105 | 106 | # Name of the skin for etherpad 107 | ETHERPAD_SKIN_NAME=colibris 108 | 109 | # Skin variants for etherpad 110 | ETHERPAD_SKIN_VARIANTS=super-light-toolbar super-light-editor light-background full-width-editor 111 | 112 | 113 | # 114 | # Basic Jigasi configuration options (needed for SIP gateway support) 115 | # 116 | 117 | # SIP URI for incoming / outgoing calls 118 | #JIGASI_SIP_URI=test@sip2sip.info 119 | 120 | # Password for the specified SIP account as a clear text 121 | #JIGASI_SIP_PASSWORD=passw0rd 122 | 123 | # SIP server (use the SIP account domain if in doubt) 124 | #JIGASI_SIP_SERVER=sip2sip.info 125 | 126 | # SIP server port 127 | #JIGASI_SIP_PORT=5060 128 | 129 | # SIP server transport 130 | #JIGASI_SIP_TRANSPORT=UDP 131 | 132 | # 133 | # Authentication configuration (see handbook for details) 134 | # 135 | 136 | # Enable authentication 137 | ENABLE_AUTH=1 138 | 139 | # Enable guest access 140 | #ENABLE_GUESTS=1 141 | 142 | # Select authentication type: internal, jwt or ldap 143 | AUTH_TYPE=internal 144 | 145 | # JWT authentication 146 | # 147 | 148 | # Application identifier 149 | #JWT_APP_ID=my_jitsi_app_id 150 | 151 | # Application secret known only to your token 152 | #JWT_APP_SECRET=my_jitsi_app_secret 153 | 154 | # (Optional) Set asap_accepted_issuers as a comma separated list 155 | #JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client 156 | 157 | # (Optional) Set asap_accepted_audiences as a comma separated list 158 | #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 159 | 160 | 161 | # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) 162 | # 163 | 164 | # LDAP url for connection 165 | #LDAP_URL=ldaps://ldap.domain.com/ 166 | 167 | # LDAP base DN. Can be empty 168 | #LDAP_BASE=DC=example,DC=domain,DC=com 169 | 170 | # LDAP user DN. Do not specify this parameter for the anonymous bind 171 | #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com 172 | 173 | # LDAP user password. Do not specify this parameter for the anonymous bind 174 | #LDAP_BINDPW=LdapUserPassw0rd 175 | 176 | # LDAP filter. Tokens example: 177 | # %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail 178 | # %s - %s is replaced by the complete service string 179 | # %r - %r is replaced by the complete realm string 180 | #LDAP_FILTER=(sAMAccountName=%u) 181 | 182 | # LDAP authentication method 183 | #LDAP_AUTH_METHOD=bind 184 | 185 | # LDAP version 186 | #LDAP_VERSION=3 187 | 188 | # LDAP TLS using 189 | #LDAP_USE_TLS=1 190 | 191 | # List of SSL/TLS ciphers to allow 192 | #LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC 193 | 194 | # Require and verify server certificate 195 | #LDAP_TLS_CHECK_PEER=1 196 | 197 | # Path to CA cert file. Used when server certificate verify is enabled 198 | #LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt 199 | 200 | # Path to CA certs directory. Used when server certificate verify is enabled 201 | #LDAP_TLS_CACERT_DIR=/etc/ssl/certs 202 | 203 | # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// 204 | # LDAP_START_TLS=1 205 | 206 | 207 | # 208 | # Advanced configuration options (you generally don't need to change these) 209 | # 210 | 211 | # Internal XMPP domain 212 | XMPP_DOMAIN=meet.jitsi 213 | 214 | # Internal XMPP server 215 | XMPP_SERVER=xmpp.meet.jitsi 216 | 217 | # Internal XMPP server URL 218 | XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 219 | 220 | # Internal XMPP domain for authenticated services 221 | XMPP_AUTH_DOMAIN=auth.meet.jitsi 222 | 223 | # XMPP domain for the MUC 224 | XMPP_MUC_DOMAIN=muc.meet.jitsi 225 | 226 | # XMPP domain for the internal MUC used for jibri, jigasi and jvb pools 227 | XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi 228 | 229 | # XMPP domain for unauthenticated users 230 | XMPP_GUEST_DOMAIN=guest.meet.jitsi 231 | 232 | # Comma separated list of domains for cross domain policy or "true" to allow all 233 | # The PUBLIC_URL is always allowed 234 | #XMPP_CROSS_DOMAIN=true 235 | 236 | # Custom Prosody modules for XMPP_DOMAIN (comma separated) 237 | XMPP_MODULES= 238 | 239 | # Custom Prosody modules for MUC component (comma separated) 240 | XMPP_MUC_MODULES= 241 | 242 | # Custom Prosody modules for internal MUC component (comma separated) 243 | XMPP_INTERNAL_MUC_MODULES= 244 | 245 | # MUC for the JVB pool 246 | JVB_BREWERY_MUC=jvbbrewery 247 | 248 | # XMPP user for JVB client connections 249 | JVB_AUTH_USER=jvb 250 | 251 | # STUN servers used to discover the server's public IP 252 | JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 253 | 254 | # Media port for the Jitsi Videobridge 255 | JVB_PORT=10000 256 | 257 | # TCP Fallback for Jitsi Videobridge for when UDP isn't available 258 | JVB_TCP_HARVESTER_DISABLED=true 259 | JVB_TCP_PORT=4443 260 | JVB_TCP_MAPPED_PORT=4443 261 | 262 | # A comma separated list of APIs to enable when the JVB is started [default: none] 263 | # See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information 264 | #JVB_ENABLE_APIS=rest,colibri 265 | 266 | # XMPP user for Jicofo client connections. 267 | # NOTE: this option doesn't currently work due to a bug 268 | JICOFO_AUTH_USER=focus 269 | 270 | # Base URL of Jicofo's reservation REST API 271 | #JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com 272 | 273 | # Enable Jicofo's health check REST API (http://:8888/about/health) 274 | #JICOFO_ENABLE_HEALTH_CHECKS=true 275 | 276 | # XMPP user for Jigasi MUC client connections 277 | JIGASI_XMPP_USER=jigasi 278 | 279 | # MUC name for the Jigasi pool 280 | JIGASI_BREWERY_MUC=jigasibrewery 281 | 282 | # Minimum port for media used by Jigasi 283 | JIGASI_PORT_MIN=20000 284 | 285 | # Maximum port for media used by Jigasi 286 | JIGASI_PORT_MAX=20050 287 | 288 | # Enable SDES srtp 289 | #JIGASI_ENABLE_SDES_SRTP=1 290 | 291 | # Keepalive method 292 | #JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS 293 | 294 | # Health-check extension 295 | #JIGASI_HEALTH_CHECK_SIP_URI=keepalive 296 | 297 | # Health-check interval 298 | #JIGASI_HEALTH_CHECK_INTERVAL=300000 299 | # 300 | # Enable Jigasi transcription 301 | #ENABLE_TRANSCRIPTIONS=1 302 | 303 | # Jigasi will record audio when transcriber is on [default: false] 304 | #JIGASI_TRANSCRIBER_RECORD_AUDIO=true 305 | 306 | # Jigasi will send transcribed text to the chat when transcriber is on [default: false] 307 | #JIGASI_TRANSCRIBER_SEND_TXT=true 308 | 309 | # Jigasi will post an url to the chat with transcription file [default: false] 310 | #JIGASI_TRANSCRIBER_ADVERTISE_URL=true 311 | 312 | # Credentials for connect to Cloud Google API from Jigasi 313 | # Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol 314 | # section "Before you begin" paragraph 1 to 5 315 | # Copy the values from the json to the related env vars 316 | #GC_PROJECT_ID= 317 | #GC_PRIVATE_KEY_ID= 318 | #GC_PRIVATE_KEY= 319 | #GC_CLIENT_EMAIL= 320 | #GC_CLIENT_ID= 321 | #GC_CLIENT_CERT_URL= 322 | 323 | # Enable recording 324 | #ENABLE_RECORDING=1 325 | 326 | # XMPP domain for the jibri recorder 327 | XMPP_RECORDER_DOMAIN=recorder.meet.jitsi 328 | 329 | # XMPP recorder user for Jibri client connections 330 | JIBRI_RECORDER_USER=recorder 331 | 332 | # Directory for recordings inside Jibri container 333 | JIBRI_RECORDING_DIR=/config/recordings 334 | 335 | # The finalizing script. Will run after recording is complete 336 | #JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh 337 | 338 | # XMPP user for Jibri client connections 339 | JIBRI_XMPP_USER=jibri 340 | 341 | # MUC name for the Jibri pool 342 | JIBRI_BREWERY_MUC=jibribrewery 343 | 344 | # MUC connection timeout 345 | JIBRI_PENDING_TIMEOUT=90 346 | 347 | # When jibri gets a request to start a service for a room, the room 348 | # jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain 349 | # We'll build the url for the call by transforming that into: 350 | # https://xmpp_domain/subdomain/roomName 351 | # So if there are any prefixes in the jid (like jitsi meet, which 352 | # has its participants join a muc at conference.xmpp_domain) then 353 | # list that prefix here so it can be stripped out to generate 354 | # the call url correctly 355 | JIBRI_STRIP_DOMAIN_JID=muc 356 | 357 | # Directory for logs inside Jibri container 358 | JIBRI_LOGS_DIR=/config/logs 359 | 360 | # Disable HTTPS: handle TLS connections outside of this setup 361 | #DISABLE_HTTPS=1 362 | 363 | # Redirect HTTP traffic to HTTPS 364 | # Necessary for Let's Encrypt, relies on standard HTTPS port (443) 365 | ENABLE_HTTP_REDIRECT=1 366 | 367 | # Send a `strict-transport-security` header to force browsers to use 368 | # a secure and trusted connection. Recommended for production use. 369 | # Defaults to 1 (send the header). 370 | ENABLE_HSTS=1 371 | 372 | # Enable IPv6 373 | # Provides means to disable IPv6 in environments that don't support it (get with the times, people!) 374 | #ENABLE_IPV6=1 375 | 376 | # Container restart policy 377 | # Defaults to unless-stopped 378 | RESTART_POLICY=on-failure 379 | 380 | # Authenticate using external service or just focus external auth window if there is one already. 381 | # TOKEN_AUTH_URL=https://auth.meet.example.com/{room} 382 | -------------------------------------------------------------------------------- /Jitsi Meet/.env-reverse-proxy: -------------------------------------------------------------------------------- 1 | # shellcheck disable=SC2034 2 | 3 | # Security 4 | # 5 | # Set these to strong passwords to avoid intruders from impersonating a service account 6 | # The service(s) won't start unless these are specified 7 | # Running ./gen-passwords.sh will update .env with strong passwords 8 | # You may skip the Jigasi and Jibri passwords if you are not using those 9 | # DO NOT reuse passwords 10 | # 11 | 12 | # XMPP component password for Jicofo 13 | JICOFO_COMPONENT_SECRET= 14 | 15 | # XMPP password for Jicofo client connections 16 | JICOFO_AUTH_PASSWORD= 17 | 18 | # XMPP password for JVB client connections 19 | JVB_AUTH_PASSWORD= 20 | 21 | # XMPP password for Jigasi MUC client connections 22 | JIGASI_XMPP_PASSWORD= 23 | 24 | # XMPP recorder password for Jibri client connections 25 | JIBRI_RECORDER_PASSWORD= 26 | 27 | # XMPP password for Jibri client connections 28 | JIBRI_XMPP_PASSWORD= 29 | 30 | 31 | # 32 | # Basic configuration options 33 | # 34 | 35 | # Directory where all configuration will be stored 36 | CONFIG=~/.jitsi-meet-cfg 37 | 38 | # Exposed HTTP port 39 | HTTP_PORT=8000 40 | 41 | # Exposed HTTPS port 42 | HTTPS_PORT=8443 43 | 44 | # System time zone 45 | TZ=UTC 46 | 47 | # Public URL for the web service (required) 48 | PUBLIC_URL=https://meet.domain.com 49 | 50 | # IP address of the Docker host 51 | # See the "Running behind NAT or on a LAN environment" section in the Handbook: 52 | # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment 53 | #DOCKER_HOST_ADDRESS=192.168.1.1 54 | 55 | # Control whether the lobby feature should be enabled or not 56 | #ENABLE_LOBBY=1 57 | 58 | # Show a prejoin page before entering a conference 59 | #ENABLE_PREJOIN_PAGE=0 60 | 61 | # Enable the welcome page 62 | #ENABLE_WELCOME_PAGE=1 63 | 64 | # Enable the close page 65 | #ENABLE_CLOSE_PAGE=0 66 | 67 | # Disable measuring of audio levels 68 | #DISABLE_AUDIO_LEVELS=0 69 | 70 | # Enable noisy mic detection 71 | #ENABLE_NOISY_MIC_DETECTION=1 72 | 73 | # 74 | # Let's Encrypt configuration 75 | # 76 | 77 | # Enable Let's Encrypt certificate generation 78 | #ENABLE_LETSENCRYPT=1 79 | 80 | # Domain for which to generate the certificate 81 | #LETSENCRYPT_DOMAIN=meet.example.com 82 | 83 | # E-Mail for receiving important account notifications (mandatory) 84 | #LETSENCRYPT_EMAIL=alice@atlanta.net 85 | 86 | # Use the staging server (for avoiding rate limits while testing) 87 | #LETSENCRYPT_USE_STAGING=1 88 | 89 | 90 | # 91 | # Etherpad integration (for document sharing) 92 | # 93 | 94 | # Set etherpad-lite URL in docker local network (uncomment to enable) 95 | #ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001 96 | 97 | # Set etherpad-lite public URL (uncomment to enable) 98 | #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain 99 | 100 | # Name your etherpad instance! 101 | ETHERPAD_TITLE=Video Chat 102 | 103 | # The default text of a pad 104 | ETHERPAD_DEFAULT_PAD_TEXT=Welcome to Web Chat!\n\n 105 | 106 | # Name of the skin for etherpad 107 | ETHERPAD_SKIN_NAME=colibris 108 | 109 | # Skin variants for etherpad 110 | ETHERPAD_SKIN_VARIANTS=super-light-toolbar super-light-editor light-background full-width-editor 111 | 112 | 113 | # 114 | # Basic Jigasi configuration options (needed for SIP gateway support) 115 | # 116 | 117 | # SIP URI for incoming / outgoing calls 118 | #JIGASI_SIP_URI=test@sip2sip.info 119 | 120 | # Password for the specified SIP account as a clear text 121 | #JIGASI_SIP_PASSWORD=passw0rd 122 | 123 | # SIP server (use the SIP account domain if in doubt) 124 | #JIGASI_SIP_SERVER=sip2sip.info 125 | 126 | # SIP server port 127 | #JIGASI_SIP_PORT=5060 128 | 129 | # SIP server transport 130 | #JIGASI_SIP_TRANSPORT=UDP 131 | 132 | # 133 | # Authentication configuration (see handbook for details) 134 | # 135 | 136 | # Enable authentication 137 | ENABLE_AUTH=1 138 | 139 | # Enable guest access 140 | #ENABLE_GUESTS=1 141 | 142 | # Select authentication type: internal, jwt or ldap 143 | AUTH_TYPE=internal 144 | 145 | # JWT authentication 146 | # 147 | 148 | # Application identifier 149 | #JWT_APP_ID=my_jitsi_app_id 150 | 151 | # Application secret known only to your token 152 | #JWT_APP_SECRET=my_jitsi_app_secret 153 | 154 | # (Optional) Set asap_accepted_issuers as a comma separated list 155 | #JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client 156 | 157 | # (Optional) Set asap_accepted_audiences as a comma separated list 158 | #JWT_ACCEPTED_AUDIENCES=my_server1,my_server2 159 | 160 | 161 | # LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page) 162 | # 163 | 164 | # LDAP url for connection 165 | #LDAP_URL=ldaps://ldap.domain.com/ 166 | 167 | # LDAP base DN. Can be empty 168 | #LDAP_BASE=DC=example,DC=domain,DC=com 169 | 170 | # LDAP user DN. Do not specify this parameter for the anonymous bind 171 | #LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com 172 | 173 | # LDAP user password. Do not specify this parameter for the anonymous bind 174 | #LDAP_BINDPW=LdapUserPassw0rd 175 | 176 | # LDAP filter. Tokens example: 177 | # %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail 178 | # %s - %s is replaced by the complete service string 179 | # %r - %r is replaced by the complete realm string 180 | #LDAP_FILTER=(sAMAccountName=%u) 181 | 182 | # LDAP authentication method 183 | #LDAP_AUTH_METHOD=bind 184 | 185 | # LDAP version 186 | #LDAP_VERSION=3 187 | 188 | # LDAP TLS using 189 | #LDAP_USE_TLS=1 190 | 191 | # List of SSL/TLS ciphers to allow 192 | #LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC 193 | 194 | # Require and verify server certificate 195 | #LDAP_TLS_CHECK_PEER=1 196 | 197 | # Path to CA cert file. Used when server certificate verify is enabled 198 | #LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt 199 | 200 | # Path to CA certs directory. Used when server certificate verify is enabled 201 | #LDAP_TLS_CACERT_DIR=/etc/ssl/certs 202 | 203 | # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// 204 | # LDAP_START_TLS=1 205 | 206 | 207 | # 208 | # Advanced configuration options (you generally don't need to change these) 209 | # 210 | 211 | # Internal XMPP domain 212 | XMPP_DOMAIN=meet.jitsi 213 | 214 | # Internal XMPP server 215 | XMPP_SERVER=xmpp.meet.jitsi 216 | 217 | # Internal XMPP server URL 218 | XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 219 | 220 | # Internal XMPP domain for authenticated services 221 | XMPP_AUTH_DOMAIN=auth.meet.jitsi 222 | 223 | # XMPP domain for the MUC 224 | XMPP_MUC_DOMAIN=muc.meet.jitsi 225 | 226 | # XMPP domain for the internal MUC used for jibri, jigasi and jvb pools 227 | XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi 228 | 229 | # XMPP domain for unauthenticated users 230 | XMPP_GUEST_DOMAIN=guest.meet.jitsi 231 | 232 | # Comma separated list of domains for cross domain policy or "true" to allow all 233 | # The PUBLIC_URL is always allowed 234 | #XMPP_CROSS_DOMAIN=true 235 | 236 | # Custom Prosody modules for XMPP_DOMAIN (comma separated) 237 | XMPP_MODULES= 238 | 239 | # Custom Prosody modules for MUC component (comma separated) 240 | XMPP_MUC_MODULES= 241 | 242 | # Custom Prosody modules for internal MUC component (comma separated) 243 | XMPP_INTERNAL_MUC_MODULES= 244 | 245 | # MUC for the JVB pool 246 | JVB_BREWERY_MUC=jvbbrewery 247 | 248 | # XMPP user for JVB client connections 249 | JVB_AUTH_USER=jvb 250 | 251 | # STUN servers used to discover the server's public IP 252 | JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 253 | 254 | # Media port for the Jitsi Videobridge 255 | JVB_PORT=10000 256 | 257 | # TCP Fallback for Jitsi Videobridge for when UDP isn't available 258 | JVB_TCP_HARVESTER_DISABLED=true 259 | JVB_TCP_PORT=4443 260 | JVB_TCP_MAPPED_PORT=4443 261 | 262 | # A comma separated list of APIs to enable when the JVB is started [default: none] 263 | # See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/rest.md for more information 264 | #JVB_ENABLE_APIS=rest,colibri 265 | 266 | # XMPP user for Jicofo client connections. 267 | # NOTE: this option doesn't currently work due to a bug 268 | JICOFO_AUTH_USER=focus 269 | 270 | # Base URL of Jicofo's reservation REST API 271 | #JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com 272 | 273 | # Enable Jicofo's health check REST API (http://:8888/about/health) 274 | #JICOFO_ENABLE_HEALTH_CHECKS=true 275 | 276 | # XMPP user for Jigasi MUC client connections 277 | JIGASI_XMPP_USER=jigasi 278 | 279 | # MUC name for the Jigasi pool 280 | JIGASI_BREWERY_MUC=jigasibrewery 281 | 282 | # Minimum port for media used by Jigasi 283 | JIGASI_PORT_MIN=20000 284 | 285 | # Maximum port for media used by Jigasi 286 | JIGASI_PORT_MAX=20050 287 | 288 | # Enable SDES srtp 289 | #JIGASI_ENABLE_SDES_SRTP=1 290 | 291 | # Keepalive method 292 | #JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS 293 | 294 | # Health-check extension 295 | #JIGASI_HEALTH_CHECK_SIP_URI=keepalive 296 | 297 | # Health-check interval 298 | #JIGASI_HEALTH_CHECK_INTERVAL=300000 299 | # 300 | # Enable Jigasi transcription 301 | #ENABLE_TRANSCRIPTIONS=1 302 | 303 | # Jigasi will record audio when transcriber is on [default: false] 304 | #JIGASI_TRANSCRIBER_RECORD_AUDIO=true 305 | 306 | # Jigasi will send transcribed text to the chat when transcriber is on [default: false] 307 | #JIGASI_TRANSCRIBER_SEND_TXT=true 308 | 309 | # Jigasi will post an url to the chat with transcription file [default: false] 310 | #JIGASI_TRANSCRIBER_ADVERTISE_URL=true 311 | 312 | # Credentials for connect to Cloud Google API from Jigasi 313 | # Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol 314 | # section "Before you begin" paragraph 1 to 5 315 | # Copy the values from the json to the related env vars 316 | #GC_PROJECT_ID= 317 | #GC_PRIVATE_KEY_ID= 318 | #GC_PRIVATE_KEY= 319 | #GC_CLIENT_EMAIL= 320 | #GC_CLIENT_ID= 321 | #GC_CLIENT_CERT_URL= 322 | 323 | # Enable recording 324 | #ENABLE_RECORDING=1 325 | 326 | # XMPP domain for the jibri recorder 327 | XMPP_RECORDER_DOMAIN=recorder.meet.jitsi 328 | 329 | # XMPP recorder user for Jibri client connections 330 | JIBRI_RECORDER_USER=recorder 331 | 332 | # Directory for recordings inside Jibri container 333 | JIBRI_RECORDING_DIR=/config/recordings 334 | 335 | # The finalizing script. Will run after recording is complete 336 | #JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh 337 | 338 | # XMPP user for Jibri client connections 339 | JIBRI_XMPP_USER=jibri 340 | 341 | # MUC name for the Jibri pool 342 | JIBRI_BREWERY_MUC=jibribrewery 343 | 344 | # MUC connection timeout 345 | JIBRI_PENDING_TIMEOUT=90 346 | 347 | # When jibri gets a request to start a service for a room, the room 348 | # jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain 349 | # We'll build the url for the call by transforming that into: 350 | # https://xmpp_domain/subdomain/roomName 351 | # So if there are any prefixes in the jid (like jitsi meet, which 352 | # has its participants join a muc at conference.xmpp_domain) then 353 | # list that prefix here so it can be stripped out to generate 354 | # the call url correctly 355 | JIBRI_STRIP_DOMAIN_JID=muc 356 | 357 | # Directory for logs inside Jibri container 358 | JIBRI_LOGS_DIR=/config/logs 359 | 360 | # Disable HTTPS: handle TLS connections outside of this setup 361 | DISABLE_HTTPS=1 362 | 363 | # Redirect HTTP traffic to HTTPS 364 | # Necessary for Let's Encrypt, relies on standard HTTPS port (443) 365 | ENABLE_HTTP_REDIRECT=0 366 | 367 | # Send a `strict-transport-security` header to force browsers to use 368 | # a secure and trusted connection. Recommended for production use. 369 | # Defaults to 1 (send the header). 370 | # ENABLE_HSTS=1 371 | 372 | # Enable IPv6 373 | # Provides means to disable IPv6 in environments that don't support it (get with the times, people!) 374 | #ENABLE_IPV6=1 375 | 376 | # Container restart policy 377 | # Defaults to unless-stopped 378 | RESTART_POLICY=on-failure 379 | 380 | # Authenticate using external service or just focus external auth window if there is one already. 381 | # TOKEN_AUTH_URL=https://auth.meet.example.com/{room} 382 | 383 | VIRTUAL_HOST=meet.domain.com 384 | LETSENCRYPT_HOST=meet.domain.com 385 | -------------------------------------------------------------------------------- /Jitsi Meet/docker-compose-no-proxy.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | # Frontend 5 | web: 6 | image: jitsi/web:latest 7 | restart: ${RESTART_POLICY} 8 | ports: 9 | - '${HTTP_PORT}:80' 10 | - '${HTTPS_PORT}:443' 11 | volumes: 12 | - ${CONFIG}/web:/config:Z 13 | - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z 14 | environment: 15 | - ENABLE_LETSENCRYPT 16 | - ENABLE_HTTP_REDIRECT 17 | - ENABLE_HSTS 18 | - ENABLE_XMPP_WEBSOCKET 19 | - DISABLE_HTTPS 20 | - LETSENCRYPT_DOMAIN 21 | - LETSENCRYPT_EMAIL 22 | - LETSENCRYPT_USE_STAGING 23 | - PUBLIC_URL 24 | - TZ 25 | - AMPLITUDE_ID 26 | - ANALYTICS_SCRIPT_URLS 27 | - ANALYTICS_WHITELISTED_EVENTS 28 | - BRIDGE_CHANNEL 29 | - CALLSTATS_CUSTOM_SCRIPT_URL 30 | - CALLSTATS_ID 31 | - CALLSTATS_SECRET 32 | - CHROME_EXTENSION_BANNER_JSON 33 | - CONFCODE_URL 34 | - CONFIG_EXTERNAL_CONNECT 35 | - DEPLOYMENTINFO_ENVIRONMENT 36 | - DEPLOYMENTINFO_ENVIRONMENT_TYPE 37 | - DEPLOYMENTINFO_USERREGION 38 | - DIALIN_NUMBERS_URL 39 | - DIALOUT_AUTH_URL 40 | - DIALOUT_CODES_URL 41 | - DROPBOX_APPKEY 42 | - DROPBOX_REDIRECT_URI 43 | - DYNAMIC_BRANDING_URL 44 | - ENABLE_AUDIO_PROCESSING 45 | - ENABLE_AUTH 46 | - ENABLE_CALENDAR 47 | - ENABLE_FILE_RECORDING_SERVICE 48 | - ENABLE_FILE_RECORDING_SERVICE_SHARING 49 | - ENABLE_GUESTS 50 | - ENABLE_IPV6 51 | - ENABLE_LIPSYNC 52 | - ENABLE_NO_AUDIO_DETECTION 53 | - ENABLE_P2P 54 | - ENABLE_PREJOIN_PAGE 55 | - ENABLE_WELCOME_PAGE 56 | - ENABLE_CLOSE_PAGE 57 | - ENABLE_RECORDING 58 | - ENABLE_REMB 59 | - ENABLE_REQUIRE_DISPLAY_NAME 60 | - ENABLE_SIMULCAST 61 | - ENABLE_STATS_ID 62 | - ENABLE_STEREO 63 | - ENABLE_SUBDOMAINS 64 | - ENABLE_TALK_WHILE_MUTED 65 | - ENABLE_TCC 66 | - ENABLE_TRANSCRIPTIONS 67 | - ETHERPAD_PUBLIC_URL 68 | - ETHERPAD_URL_BASE 69 | - GOOGLE_ANALYTICS_ID 70 | - GOOGLE_API_APP_CLIENT_ID 71 | - INVITE_SERVICE_URL 72 | - JICOFO_AUTH_USER 73 | - MATOMO_ENDPOINT 74 | - MATOMO_SITE_ID 75 | - MICROSOFT_API_APP_CLIENT_ID 76 | - NGINX_RESOLVER 77 | - NGINX_WORKER_PROCESSES 78 | - NGINX_WORKER_CONNECTIONS 79 | - PEOPLE_SEARCH_URL 80 | - RESOLUTION 81 | - RESOLUTION_MIN 82 | - RESOLUTION_WIDTH 83 | - RESOLUTION_WIDTH_MIN 84 | - START_AUDIO_ONLY 85 | - START_AUDIO_MUTED 86 | - DISABLE_AUDIO_LEVELS 87 | - ENABLE_NOISY_MIC_DETECTION 88 | - START_BITRATE 89 | - DESKTOP_SHARING_FRAMERATE_MIN 90 | - DESKTOP_SHARING_FRAMERATE_MAX 91 | - START_VIDEO_MUTED 92 | - TESTING_CAP_SCREENSHARE_BITRATE 93 | - TESTING_OCTO_PROBABILITY 94 | - XMPP_AUTH_DOMAIN 95 | - XMPP_BOSH_URL_BASE 96 | - XMPP_DOMAIN 97 | - XMPP_GUEST_DOMAIN 98 | - XMPP_MUC_DOMAIN 99 | - XMPP_RECORDER_DOMAIN 100 | - TOKEN_AUTH_URL 101 | networks: 102 | meet.jitsi: 103 | aliases: 104 | - ${XMPP_DOMAIN} 105 | 106 | # XMPP server 107 | prosody: 108 | image: jitsi/prosody:latest 109 | restart: ${RESTART_POLICY} 110 | expose: 111 | - '5222' 112 | - '5347' 113 | - '5280' 114 | volumes: 115 | - ${CONFIG}/prosody/config:/config:Z 116 | - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z 117 | environment: 118 | - AUTH_TYPE 119 | - ENABLE_AUTH 120 | - ENABLE_GUESTS 121 | - ENABLE_LOBBY 122 | - ENABLE_XMPP_WEBSOCKET 123 | - GLOBAL_MODULES 124 | - GLOBAL_CONFIG 125 | - LDAP_URL 126 | - LDAP_BASE 127 | - LDAP_BINDDN 128 | - LDAP_BINDPW 129 | - LDAP_FILTER 130 | - LDAP_AUTH_METHOD 131 | - LDAP_VERSION 132 | - LDAP_USE_TLS 133 | - LDAP_TLS_CIPHERS 134 | - LDAP_TLS_CHECK_PEER 135 | - LDAP_TLS_CACERT_FILE 136 | - LDAP_TLS_CACERT_DIR 137 | - LDAP_START_TLS 138 | - XMPP_DOMAIN 139 | - XMPP_AUTH_DOMAIN 140 | - XMPP_GUEST_DOMAIN 141 | - XMPP_MUC_DOMAIN 142 | - XMPP_INTERNAL_MUC_DOMAIN 143 | - XMPP_MODULES 144 | - XMPP_MUC_MODULES 145 | - XMPP_INTERNAL_MUC_MODULES 146 | - XMPP_RECORDER_DOMAIN 147 | - XMPP_CROSS_DOMAIN 148 | - JICOFO_COMPONENT_SECRET 149 | - JICOFO_AUTH_USER 150 | - JICOFO_AUTH_PASSWORD 151 | - JVB_AUTH_USER 152 | - JVB_AUTH_PASSWORD 153 | - JIGASI_XMPP_USER 154 | - JIGASI_XMPP_PASSWORD 155 | - JIBRI_XMPP_USER 156 | - JIBRI_XMPP_PASSWORD 157 | - JIBRI_RECORDER_USER 158 | - JIBRI_RECORDER_PASSWORD 159 | - JWT_APP_ID 160 | - JWT_APP_SECRET 161 | - JWT_ACCEPTED_ISSUERS 162 | - JWT_ACCEPTED_AUDIENCES 163 | - JWT_ASAP_KEYSERVER 164 | - JWT_ALLOW_EMPTY 165 | - JWT_AUTH_TYPE 166 | - JWT_TOKEN_AUTH_MODULE 167 | - LOG_LEVEL 168 | - PUBLIC_URL 169 | - TZ 170 | networks: 171 | meet.jitsi: 172 | aliases: 173 | - ${XMPP_SERVER} 174 | 175 | # Focus component 176 | jicofo: 177 | image: jitsi/jicofo:latest 178 | restart: ${RESTART_POLICY} 179 | volumes: 180 | - ${CONFIG}/jicofo:/config:Z 181 | environment: 182 | - AUTH_TYPE 183 | - BRIDGE_AVG_PARTICIPANT_STRESS 184 | - BRIDGE_STRESS_THRESHOLD 185 | - ENABLE_AUTH 186 | - ENABLE_AUTO_OWNER 187 | - ENABLE_CODEC_VP8 188 | - ENABLE_CODEC_VP9 189 | - ENABLE_CODEC_H264 190 | - ENABLE_RECORDING 191 | - ENABLE_SCTP 192 | - JICOFO_COMPONENT_SECRET 193 | - JICOFO_AUTH_USER 194 | - JICOFO_AUTH_PASSWORD 195 | - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS 196 | - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT 197 | - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT 198 | - JICOFO_ENABLE_HEALTH_CHECKS 199 | - JICOFO_SHORT_ID 200 | - JICOFO_RESERVATION_ENABLED 201 | - JICOFO_RESERVATION_REST_BASE_URL 202 | - JIBRI_BREWERY_MUC 203 | - JIBRI_REQUEST_RETRIES 204 | - JIBRI_PENDING_TIMEOUT 205 | - JIGASI_BREWERY_MUC 206 | - JIGASI_SIP_URI 207 | - JVB_BREWERY_MUC 208 | - MAX_BRIDGE_PARTICIPANTS 209 | - OCTO_BRIDGE_SELECTION_STRATEGY 210 | - TZ 211 | - XMPP_DOMAIN 212 | - XMPP_AUTH_DOMAIN 213 | - XMPP_INTERNAL_MUC_DOMAIN 214 | - XMPP_MUC_DOMAIN 215 | - XMPP_SERVER 216 | depends_on: 217 | - prosody 218 | networks: 219 | meet.jitsi: 220 | 221 | # Video bridge 222 | jvb: 223 | image: jitsi/jvb:latest 224 | restart: ${RESTART_POLICY} 225 | ports: 226 | - '${JVB_PORT}:${JVB_PORT}/udp' 227 | - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' 228 | volumes: 229 | - ${CONFIG}/jvb:/config:Z 230 | environment: 231 | - DOCKER_HOST_ADDRESS 232 | - XMPP_AUTH_DOMAIN 233 | - XMPP_INTERNAL_MUC_DOMAIN 234 | - XMPP_SERVER 235 | - JVB_AUTH_USER 236 | - JVB_AUTH_PASSWORD 237 | - JVB_BREWERY_MUC 238 | - JVB_PORT 239 | - JVB_TCP_HARVESTER_DISABLED 240 | - JVB_TCP_PORT 241 | - JVB_TCP_MAPPED_PORT 242 | - JVB_STUN_SERVERS 243 | - JVB_ENABLE_APIS 244 | - JVB_WS_DOMAIN 245 | - JVB_WS_SERVER_ID 246 | - PUBLIC_URL 247 | - TZ 248 | depends_on: 249 | - prosody 250 | networks: 251 | meet.jitsi: 252 | aliases: 253 | - jvb.meet.jitsi 254 | 255 | # Custom network so all services can communicate using a FQDN 256 | networks: 257 | meet.jitsi: 258 | -------------------------------------------------------------------------------- /Jitsi Meet/docker-compose-reverse-proxy.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | # Frontend 5 | web: 6 | image: jitsi/web:latest 7 | restart: ${RESTART_POLICY} 8 | volumes: 9 | - ${CONFIG}/web:/config:Z 10 | - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z 11 | environment: 12 | - ENABLE_LETSENCRYPT 13 | - ENABLE_HTTP_REDIRECT 14 | - ENABLE_HSTS 15 | - ENABLE_XMPP_WEBSOCKET 16 | - DISABLE_HTTPS 17 | - LETSENCRYPT_DOMAIN 18 | - LETSENCRYPT_EMAIL 19 | - LETSENCRYPT_USE_STAGING 20 | - PUBLIC_URL 21 | - TZ 22 | - AMPLITUDE_ID 23 | - ANALYTICS_SCRIPT_URLS 24 | - ANALYTICS_WHITELISTED_EVENTS 25 | - BRIDGE_CHANNEL 26 | - CALLSTATS_CUSTOM_SCRIPT_URL 27 | - CALLSTATS_ID 28 | - CALLSTATS_SECRET 29 | - CHROME_EXTENSION_BANNER_JSON 30 | - CONFCODE_URL 31 | - CONFIG_EXTERNAL_CONNECT 32 | - DEPLOYMENTINFO_ENVIRONMENT 33 | - DEPLOYMENTINFO_ENVIRONMENT_TYPE 34 | - DEPLOYMENTINFO_USERREGION 35 | - DIALIN_NUMBERS_URL 36 | - DIALOUT_AUTH_URL 37 | - DIALOUT_CODES_URL 38 | - DROPBOX_APPKEY 39 | - DROPBOX_REDIRECT_URI 40 | - DYNAMIC_BRANDING_URL 41 | - ENABLE_AUDIO_PROCESSING 42 | - ENABLE_AUTH 43 | - ENABLE_CALENDAR 44 | - ENABLE_FILE_RECORDING_SERVICE 45 | - ENABLE_FILE_RECORDING_SERVICE_SHARING 46 | - ENABLE_GUESTS 47 | - ENABLE_IPV6 48 | - ENABLE_LIPSYNC 49 | - ENABLE_NO_AUDIO_DETECTION 50 | - ENABLE_P2P 51 | - ENABLE_PREJOIN_PAGE 52 | - ENABLE_WELCOME_PAGE 53 | - ENABLE_CLOSE_PAGE 54 | - ENABLE_RECORDING 55 | - ENABLE_REMB 56 | - ENABLE_REQUIRE_DISPLAY_NAME 57 | - ENABLE_SIMULCAST 58 | - ENABLE_STATS_ID 59 | - ENABLE_STEREO 60 | - ENABLE_SUBDOMAINS 61 | - ENABLE_TALK_WHILE_MUTED 62 | - ENABLE_TCC 63 | - ENABLE_TRANSCRIPTIONS 64 | - ETHERPAD_PUBLIC_URL 65 | - ETHERPAD_URL_BASE 66 | - GOOGLE_ANALYTICS_ID 67 | - GOOGLE_API_APP_CLIENT_ID 68 | - INVITE_SERVICE_URL 69 | - JICOFO_AUTH_USER 70 | - MATOMO_ENDPOINT 71 | - MATOMO_SITE_ID 72 | - MICROSOFT_API_APP_CLIENT_ID 73 | - NGINX_RESOLVER 74 | - NGINX_WORKER_PROCESSES 75 | - NGINX_WORKER_CONNECTIONS 76 | - PEOPLE_SEARCH_URL 77 | - RESOLUTION 78 | - RESOLUTION_MIN 79 | - RESOLUTION_WIDTH 80 | - RESOLUTION_WIDTH_MIN 81 | - START_AUDIO_ONLY 82 | - START_AUDIO_MUTED 83 | - DISABLE_AUDIO_LEVELS 84 | - ENABLE_NOISY_MIC_DETECTION 85 | - START_BITRATE 86 | - DESKTOP_SHARING_FRAMERATE_MIN 87 | - DESKTOP_SHARING_FRAMERATE_MAX 88 | - START_VIDEO_MUTED 89 | - TESTING_CAP_SCREENSHARE_BITRATE 90 | - TESTING_OCTO_PROBABILITY 91 | - XMPP_AUTH_DOMAIN 92 | - XMPP_BOSH_URL_BASE 93 | - XMPP_DOMAIN 94 | - XMPP_GUEST_DOMAIN 95 | - XMPP_MUC_DOMAIN 96 | - XMPP_RECORDER_DOMAIN 97 | - TOKEN_AUTH_URL 98 | - VIRTUAL_HOST 99 | - LETSENCRYPT_HOST 100 | networks: 101 | net: 102 | meet.jitsi: 103 | aliases: 104 | - ${XMPP_DOMAIN} 105 | 106 | # XMPP server 107 | prosody: 108 | image: jitsi/prosody:latest 109 | restart: ${RESTART_POLICY} 110 | expose: 111 | - '5222' 112 | - '5347' 113 | - '5280' 114 | volumes: 115 | - ${CONFIG}/prosody/config:/config:Z 116 | - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z 117 | environment: 118 | - AUTH_TYPE 119 | - ENABLE_AUTH 120 | - ENABLE_GUESTS 121 | - ENABLE_LOBBY 122 | - ENABLE_XMPP_WEBSOCKET 123 | - GLOBAL_MODULES 124 | - GLOBAL_CONFIG 125 | - LDAP_URL 126 | - LDAP_BASE 127 | - LDAP_BINDDN 128 | - LDAP_BINDPW 129 | - LDAP_FILTER 130 | - LDAP_AUTH_METHOD 131 | - LDAP_VERSION 132 | - LDAP_USE_TLS 133 | - LDAP_TLS_CIPHERS 134 | - LDAP_TLS_CHECK_PEER 135 | - LDAP_TLS_CACERT_FILE 136 | - LDAP_TLS_CACERT_DIR 137 | - LDAP_START_TLS 138 | - XMPP_DOMAIN 139 | - XMPP_AUTH_DOMAIN 140 | - XMPP_GUEST_DOMAIN 141 | - XMPP_MUC_DOMAIN 142 | - XMPP_INTERNAL_MUC_DOMAIN 143 | - XMPP_MODULES 144 | - XMPP_MUC_MODULES 145 | - XMPP_INTERNAL_MUC_MODULES 146 | - XMPP_RECORDER_DOMAIN 147 | - XMPP_CROSS_DOMAIN 148 | - JICOFO_COMPONENT_SECRET 149 | - JICOFO_AUTH_USER 150 | - JICOFO_AUTH_PASSWORD 151 | - JVB_AUTH_USER 152 | - JVB_AUTH_PASSWORD 153 | - JIGASI_XMPP_USER 154 | - JIGASI_XMPP_PASSWORD 155 | - JIBRI_XMPP_USER 156 | - JIBRI_XMPP_PASSWORD 157 | - JIBRI_RECORDER_USER 158 | - JIBRI_RECORDER_PASSWORD 159 | - JWT_APP_ID 160 | - JWT_APP_SECRET 161 | - JWT_ACCEPTED_ISSUERS 162 | - JWT_ACCEPTED_AUDIENCES 163 | - JWT_ASAP_KEYSERVER 164 | - JWT_ALLOW_EMPTY 165 | - JWT_AUTH_TYPE 166 | - JWT_TOKEN_AUTH_MODULE 167 | - LOG_LEVEL 168 | - PUBLIC_URL 169 | - TZ 170 | networks: 171 | meet.jitsi: 172 | aliases: 173 | - ${XMPP_SERVER} 174 | 175 | # Focus component 176 | jicofo: 177 | image: jitsi/jicofo:latest 178 | restart: ${RESTART_POLICY} 179 | volumes: 180 | - ${CONFIG}/jicofo:/config:Z 181 | environment: 182 | - AUTH_TYPE 183 | - BRIDGE_AVG_PARTICIPANT_STRESS 184 | - BRIDGE_STRESS_THRESHOLD 185 | - ENABLE_AUTH 186 | - ENABLE_AUTO_OWNER 187 | - ENABLE_CODEC_VP8 188 | - ENABLE_CODEC_VP9 189 | - ENABLE_CODEC_H264 190 | - ENABLE_RECORDING 191 | - ENABLE_SCTP 192 | - JICOFO_COMPONENT_SECRET 193 | - JICOFO_AUTH_USER 194 | - JICOFO_AUTH_PASSWORD 195 | - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS 196 | - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT 197 | - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT 198 | - JICOFO_ENABLE_HEALTH_CHECKS 199 | - JICOFO_SHORT_ID 200 | - JICOFO_RESERVATION_ENABLED 201 | - JICOFO_RESERVATION_REST_BASE_URL 202 | - JIBRI_BREWERY_MUC 203 | - JIBRI_REQUEST_RETRIES 204 | - JIBRI_PENDING_TIMEOUT 205 | - JIGASI_BREWERY_MUC 206 | - JIGASI_SIP_URI 207 | - JVB_BREWERY_MUC 208 | - MAX_BRIDGE_PARTICIPANTS 209 | - OCTO_BRIDGE_SELECTION_STRATEGY 210 | - TZ 211 | - XMPP_DOMAIN 212 | - XMPP_AUTH_DOMAIN 213 | - XMPP_INTERNAL_MUC_DOMAIN 214 | - XMPP_MUC_DOMAIN 215 | - XMPP_SERVER 216 | depends_on: 217 | - prosody 218 | networks: 219 | meet.jitsi: 220 | 221 | # Video bridge 222 | jvb: 223 | image: jitsi/jvb:latest 224 | restart: ${RESTART_POLICY} 225 | ports: 226 | - '${JVB_PORT}:${JVB_PORT}/udp' 227 | - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' 228 | volumes: 229 | - ${CONFIG}/jvb:/config:Z 230 | environment: 231 | - DOCKER_HOST_ADDRESS 232 | - XMPP_AUTH_DOMAIN 233 | - XMPP_INTERNAL_MUC_DOMAIN 234 | - XMPP_SERVER 235 | - JVB_AUTH_USER 236 | - JVB_AUTH_PASSWORD 237 | - JVB_BREWERY_MUC 238 | - JVB_PORT 239 | - JVB_TCP_HARVESTER_DISABLED 240 | - JVB_TCP_PORT 241 | - JVB_TCP_MAPPED_PORT 242 | - JVB_STUN_SERVERS 243 | - JVB_ENABLE_APIS 244 | - JVB_WS_DOMAIN 245 | - JVB_WS_SERVER_ID 246 | - PUBLIC_URL 247 | - TZ 248 | depends_on: 249 | - prosody 250 | networks: 251 | meet.jitsi: 252 | aliases: 253 | - jvb.meet.jitsi 254 | 255 | # Custom network so all services can communicate using a FQDN 256 | networks: 257 | meet.jitsi: 258 | net: 259 | external: true 260 | -------------------------------------------------------------------------------- /Nextcloud/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | 3 | services: 4 | 5 | NCDatabase: 6 | image: "mariadb:10.5.9" 7 | 8 | volumes: 9 | - "NCMariaDB:/var/lib/mysql" 10 | 11 | environment: 12 | - MYSQL_ROOT_PASSWORD 13 | - MYSQL_RANDOM_ROOT_PASSWORD 14 | - MYSQL_DATABASE 15 | - MYSQL_USER 16 | - MYSQL_PASSWORD 17 | 18 | restart: "on-failure" 19 | networks: ["common"] 20 | 21 | NCFrontend: 22 | image: "nextcloud:21.0.0" 23 | 24 | volumes: 25 | - "NCData:/var/www/html" 26 | 27 | environment: 28 | - LETSENCRYPT_HOST 29 | - VIRTUAL_HOST 30 | - TRUSTED_PROXIES 31 | - OVERWRITEPROTOCOL 32 | - MYSQL_DATABASE 33 | - MYSQL_USER 34 | - MYSQL_PASSWORD 35 | - MYSQL_HOST 36 | - SMTP_HOST 37 | - SMTP_PORT 38 | - SMTP_NAME 39 | - SMTP_PASSWORD 40 | - MAIL_FROM_ADDRESS 41 | - NEXTCLOUD_TRUSTED_DOMAINS 42 | - NEXTCLOUD_ADMIN_USER 43 | - NEXTCLOUD_ADMIN_PASSWORD 44 | 45 | depends_on: 46 | - "NCDatabase" 47 | networks: ["net", "common"] 48 | 49 | volumes: 50 | NCMariaDB: 51 | NCData: 52 | 53 | networks: 54 | net: 55 | external: true 56 | common: 57 | internal: true 58 | -------------------------------------------------------------------------------- /Nextcloud/env.example: -------------------------------------------------------------------------------- 1 | # Database 2 | 3 | #MYSQL_RANDOM_ROOT_PASSWORD=1 4 | #MYSQL_ROOT_PASSWORD= 5 | MYSQL_DATABASE=NC 6 | MYSQL_USER=nextcloud 7 | #MYSQL_PASSWORD= 8 | MYSQL_HOST=NCDatabase 9 | 10 | # Nextcloud 11 | 12 | LETSENCRYPT_HOST=nextcloud.domain.com 13 | VIRTUAL_HOST=nextcloud.domain.com 14 | 15 | #TRUSTED_PROXIES= 16 | OVERWRITEPROTOCOL=https 17 | 18 | #SMTP_HOST= 19 | #SMTP_PORT= 20 | #SMTP_NAME= 21 | #SMTP_PASSWORD= 22 | #MAIL_FROM_ADDRESS= 23 | 24 | NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.domain.com 25 | #NEXTCLOUD_ADMIN_USER= 26 | #NEXTCLOUD_ADMIN_PASSWORD= 27 | 28 | 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Linux Handbook Tutorial Snippets 2 | Repository to share long code snippets for LHB tutorials 3 | -------------------------------------------------------------------------------- /Reverse_Proxy/client_max_upload_size.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 1G; 2 | -------------------------------------------------------------------------------- /Reverse_Proxy/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.3" 2 | 3 | services: 4 | 5 | NginxProxy: 6 | image: "jwilder/nginx-proxy:latest" 7 | 8 | volumes: 9 | - "NPhtml:/usr/share/nginx/html" 10 | - "NPdhparam:/etc/nginx/dhparam" 11 | - "NPvhost:/etc/nginx/vhost.d" 12 | - "NPcerts:/etc/nginx/certs:ro" 13 | - "/var/run/docker.sock:/tmp/docker.sock:ro" 14 | - "./client_max_upload_size.conf:/etc/nginx/conf.d/client_max_upload_size.conf" 15 | 16 | labels: 17 | - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy" 18 | restart: "on-failure" 19 | networks: ["net"] 20 | 21 | ports: 22 | - "80:80" 23 | - "443:443" 24 | 25 | LetsencryptCompanion: 26 | image: "jrcs/letsencrypt-nginx-proxy-companion:latest" 27 | 28 | volumes: 29 | - "LCacme:/etc/acme.sh" 30 | - "NPvhost:/etc/nginx/vhost.d" 31 | - "NPcerts:/etc/nginx/certs" 32 | - "NPhtml:/usr/share/nginx/html" 33 | - "/var/run/docker.sock:/var/run/docker.sock:ro" 34 | 35 | environment: 36 | - DEFAULT_EMAIL 37 | 38 | depends_on: ["NginxProxy"] 39 | restart: "on-failure" 40 | networks: ["net"] 41 | 42 | 43 | volumes: 44 | NPhtml: 45 | NPdhparam: 46 | NPvhost: 47 | NPcerts: 48 | LCacme: 49 | 50 | networks: 51 | net: 52 | external: true 53 | -------------------------------------------------------------------------------- /Reverse_Proxy/env.example: -------------------------------------------------------------------------------- 1 | DEFAULT_EMAIL=admin@domain.com 2 | --------------------------------------------------------------------------------