From 7652807930726bd80f91a6c345eca99dd00f624a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rubisel=20Prieto=20Dupeyr=C3=B3n?= Date: Tue, 31 Mar 2020 05:40:46 -0400 Subject: [PATCH] examples: traefik v2 --- examples/traefik-v2/README.md | 18 +++ examples/traefik-v2/docker-compose.yml | 174 +++++++++++++++++++++++++ 2 files changed, 192 insertions(+) create mode 100644 examples/traefik-v2/README.md create mode 100644 examples/traefik-v2/docker-compose.yml diff --git a/examples/traefik-v2/README.md b/examples/traefik-v2/README.md new file mode 100644 index 0000000..1839b03 --- /dev/null +++ b/examples/traefik-v2/README.md @@ -0,0 +1,18 @@ +# Basic configuration to use with the traefik reverse proxy + +Note: Tested with traefik 2.1.3 + +- When running behind traefik, it's a better practice to remove the port-binds for the web service. +- The provided example uses an external network with the name "web". This is the network which moste likely was created while setting up traefik. +- Look for comments starting with **#traefik:** to see the changes made in docker-compose.yml. +- Traefik obtains Let's Encrypt certificates automatically. + +Uncomment and set DOCKER_HOST_ADDRESS in .env. I'm pretty sure, that this is mandatory for the docker-setup and should be clearer in the original README. Could be the proxying, didn't investigate further. + +## TODO + +Add or rewrite the example with docker-compose extends + +````env +DOCKER_HOST_ADDRESS=1.2.3.4 +```` diff --git a/examples/traefik-v2/docker-compose.yml b/examples/traefik-v2/docker-compose.yml new file mode 100644 index 0000000..afea80a --- /dev/null +++ b/examples/traefik-v2/docker-compose.yml @@ -0,0 +1,174 @@ +version: '3' + +services: + # Frontend + web: + image: jitsi/web + volumes: + - ${CONFIG}/web:/config + - ${CONFIG}/web/letsencrypt:/etc/letsencrypt + - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts + environment: + - ENABLE_AUTH + - ENABLE_GUESTS + - ENABLE_LETSENCRYPT + - ENABLE_HTTP_REDIRECT + - ENABLE_TRANSCRIPTIONS + - DISABLE_HTTPS + - JICOFO_AUTH_USER + - LETSENCRYPT_DOMAIN + - LETSENCRYPT_EMAIL + - PUBLIC_URL + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_BOSH_URL_BASE + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_RECORDER_DOMAIN + - ETHERPAD_URL_BASE + - TZ + - JIBRI_BREWERY_MUC + - JIBRI_PENDING_TIMEOUT + - JIBRI_XMPP_USER + - JIBRI_XMPP_PASSWORD + - JIBRI_RECORDER_USER + - JIBRI_RECORDER_PASSWORD + - ENABLE_RECORDING + networks: + # traefik: change the following line to your external docker network + web: + meet.jitsi: + aliases: + - ${XMPP_DOMAIN} + labels: + traefik.http.middlewares.redirect.redirectscheme.scheme: https + traefik.http.routers.app-http.entrypoints: web + traefik.http.routers.app-http.middlewares: redirect + traefik.http.routers.app-http.rule: 'Host(`your.host.name`)' + traefik.http.routers.app.entrypoints: websecure + traefik.http.routers.app.rule: 'Host(`your.host.name`)' + traefik.http.routers.app.tls: 'true' + traefik.http.routers.app.tls.certresolver: le + traefik.http.services.app.loadbalancer.server.port: 80 + + # XMPP server + prosody: + image: jitsi/prosody + expose: + - '5222' + - '5347' + - '5280' + volumes: + - ${CONFIG}/prosody:/config + environment: + - AUTH_TYPE + - ENABLE_AUTH + - ENABLE_GUESTS + - GLOBAL_MODULES + - GLOBAL_CONFIG + - LDAP_URL + - LDAP_BASE + - LDAP_BINDDN + - LDAP_BINDPW + - LDAP_FILTER + - LDAP_AUTH_METHOD + - LDAP_VERSION + - LDAP_USE_TLS + - LDAP_TLS_CIPHERS + - LDAP_TLS_CHECK_PEER + - LDAP_TLS_CACERT_FILE + - LDAP_TLS_CACERT_DIR + - LDAP_START_TLS + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_GUEST_DOMAIN + - XMPP_MUC_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MODULES + - XMPP_MUC_MODULES + - XMPP_INTERNAL_MUC_MODULES + - XMPP_RECORDER_DOMAIN + - JICOFO_COMPONENT_SECRET + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JIGASI_XMPP_USER + - JIGASI_XMPP_PASSWORD + - JIBRI_XMPP_USER + - JIBRI_XMPP_PASSWORD + - JIBRI_RECORDER_USER + - JIBRI_RECORDER_PASSWORD + - JWT_APP_ID + - JWT_APP_SECRET + - JWT_ACCEPTED_ISSUERS + - JWT_ACCEPTED_AUDIENCES + - JWT_ASAP_KEYSERVER + - JWT_ALLOW_EMPTY + - JWT_AUTH_TYPE + - JWT_TOKEN_AUTH_MODULE + - LOG_LEVEL + - TZ + networks: + meet.jitsi: + aliases: + - ${XMPP_SERVER} + + # Focus component + jicofo: + image: jitsi/jicofo + volumes: + - ${CONFIG}/jicofo:/config + environment: + - ENABLE_AUTH + - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_SERVER + - JICOFO_COMPONENT_SECRET + - JICOFO_AUTH_USER + - JICOFO_AUTH_PASSWORD + - JICOFO_RESERVATION_REST_BASE_URL + - JVB_BREWERY_MUC + - JIGASI_BREWERY_MUC + - JIBRI_BREWERY_MUC + - JIBRI_PENDING_TIMEOUT + - TZ + depends_on: + - prosody + networks: + meet.jitsi: + + # Video bridge + jvb: + image: jitsi/jvb + ports: + - '${JVB_PORT}:${JVB_PORT}/udp' + - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' + volumes: + - ${CONFIG}/jvb:/config + environment: + - DOCKER_HOST_ADDRESS + - XMPP_AUTH_DOMAIN + - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_SERVER + - JVB_AUTH_USER + - JVB_AUTH_PASSWORD + - JVB_BREWERY_MUC + - JVB_PORT + - JVB_TCP_HARVESTER_DISABLED + - JVB_TCP_PORT + - JVB_STUN_SERVERS + - JVB_ENABLE_APIS + - TZ + depends_on: + - prosody + networks: + meet.jitsi: + +# Custom network so all services can communicate using a FQDN +networks: + meet.jitsi: + # traefik: change the following line to your external docker network + web: + external: true