removed traefik configuration

3 years ago · 95b18063be
parent d5c571ba79
commit 95b18063be
7 changed files with 37 additions and 165 deletions
--- a/examples/docker-swarm/README.md
+++ b/examples/docker-swarm/README.md
@ -24,11 +24,7 @@

    E. Verify the setup using command `docker node ls` which will show all the three nodes with role as a manager.

-3. Create an Overlay network. We have to create two networks here one for jitsi setup and other one is for traefik.
-
-    A. Create network `jitsi` using command `docker network create --attachable --driver overlay jitsi`.
-
-    B. Create network `proxy` using command `docker network create --attachable --driver overlay proxy`.
+3. Create an Overlay network for jitsi using command `docker network create --attachable --driver overlay jitsi`

 4. Now open below ports for jitsi deployment.

@ -38,14 +34,8 @@

    C. Prosody ports `5222, 5347, 5280 TCP` for internal use only.

-    D. Web port `80 TCP` for internal use only.
-
-5. Create a directory `letsencrypt` for Traefik to store the letsencrypt certificate.
-
-6. Now deploy the jitsi setup files using command `docker stack deploy -c stack-web.yaml -c stack-prosdy.yml -c stack-jicofo.yml -c stack-jvb1.yml jitsi`.
-
-7. Deploy the Traefik using command `docker stack deploy -c stack-traefik.yml proxy`.
+    D. Web port `80 TCP` and `443 TCP` for everyone and make sure to enable `ENABLE_HTTP_REDIRECT` in `stack-web.yml` file.

-8. Please note that you can restrict which service you want to deploy on which node by uncommenting the `placement` in the files. Make sure you are running Traefik on the node for which you have added a DNS record.
+5. Now deploy the jitsi setup files using command `docker stack deploy -c stack-web.yaml -c stack-prosdy.yml -c stack-jicofo.yml -c stack-jvb1.yml jitsi`.

-9. Initiallly Traefik will use letsencrypt staging server to issue a certificate to avoid the rate-limit. Once the setup is working fine then you can comment out `--certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory` line in `stack-traefik.yml` file to get the certificate.
+6. Please note that you can restrict which service you want to deploy on which node by uncommenting the `placement` in the files. Make sure you are running service web on the node for which you have added a DNS record.
--- a/examples/docker-swarm/stack-jicofo.yml
+++ b/examples/docker-swarm/stack-jicofo.yml
@ -77,9 +77,6 @@ services:
            jitsi:
 # Custom network so all services can communicate using a FQDN
 networks:
-  proxy:
-    external: true
-    name: proxy
  jitsi:
    external: true
    name: jitsi
--- a/examples/docker-swarm/stack-jvb1.yml
+++ b/examples/docker-swarm/stack-jvb1.yml
@ -84,9 +84,6 @@ services:

 # Custom network so all services can communicate using a FQDN
 networks:
-  proxy:
-    external: true
-    name: proxy
  jitsi:
    external: true
    name: jitsi
--- a/examples/docker-swarm/stack-prosody.yml
+++ b/examples/docker-swarm/stack-prosody.yml
@ -103,9 +103,6 @@ services:
               - focus.meet.jitsi
 # Custom network so all services can communicate using a FQDN
 networks:
-  proxy:
-    external: true
-    name: proxy
  jitsi:
    external: true
    name: jitsi
--- a/examples/docker-swarm/stack-traefik.yml
+++ b/examples/docker-swarm/stack-traefik.yml
@ -1,76 +0,0 @@
-version: '3.8'
-
-services:
-  traefik:
-    image: "traefik:v2.3.2"
-    hostname: "traefik"
-    deploy:
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-        delay: 5s
-        max_attempts: 5
-      #placement:
-      #  constraints:
-      #    - node.hostname == demo2
-      labels:
-        - "traefik.enable=false"
-        - "traefik.docker.network=proxy"
-        - "traefik.http.routers.api.rule=Host(`traefik.example.com`)  && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-        - "traefik.http.routers.api.service=api@internal"
-        ## Middlewares
-        #- "traefik.http.middlewares.auth.basicauth.users=alpha:$$1$$SEjVHN0z$$Apa3.iHJAW2dbAi6OuwDe/"
-        - "traefik.http.routers.api.middlewares=security-headers@file,auth"
-        # enable https for api/dashboard
-        - "traefik.http.routers.api.tls.certresolver=letsencrypt"
-        - "traefik.http.routers.api.entrypoints=websecure"
-        - "traefik.http.routers.api.tls.domains[0].main=traefik.example.com"
-        # tls options from file
-        - "traefik.http.routers.api.tls.options=myoptions@file"
-        # dummy port
-        - "traefik.http.services.dummyservice.loadbalancer.server.port=1111" # In swarm mode, traefik requires a dummy Port
-
-    command:
-      #- --pilot.token=
-      #- --experimental.plugins.my-traefik-plugin-ip2location.modulename=github.com/negasus/traefik-plugin-ip2location
-      #- --experimental.plugins.my-traefik-plugin-ip2location.version=v0.1.0
-      - --api=true
-      - --api.dashboard=true
-      - --providers.file.filename=/etc/traefik/traefik-proxy-config.toml # Using file for reading the dynamic config
-      - --providers.file.watch=true
-      - --providers.docker=true
-      - --providers.docker.endpoint=unix:///var/run/docker.sock
-      - --providers.docker.swarmMode=true
-      - --providers.docker.exposedbydefault=false
-      - --log.level=Info
-      - --accesslog=false
-      - --entryPoints.web.address=:80
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      - --entrypoints.web.http.redirections.entrypoint.permanent=true
-      - --entryPoints.websecure.address=:443
-      - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
-      - --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
-      - --certificatesresolvers.letsencrypt.acme.email=youremail@gmail.com
-      - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-    ports:
-      - target: 80
-        published: 80
-        mode: host
-
-      - target: 443
-        published: 443
-        mode: host
-
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
-      - "./letsencrypt:/letsencrypt"
-      - "./traefik-proxy-config.toml:/etc/traefik/traefik-proxy-config.toml:ro"
-#- "./basicauth:/basicauth:ro"
-    networks:
-      proxy:
-
-networks:
-  proxy:
-    external: true
-    name: proxy
--- a/examples/docker-swarm/stack-web.yml
+++ b/examples/docker-swarm/stack-web.yml
@ -1,11 +1,23 @@
 version: '3.8'

 services:
-    # Frontend
    web:
        image: jitsi/web:latest
        #hostname: meet.jitsi
        environment:
+            AMPLITUDE_ID:
+            ANALYTICS_SCRIPT_URLS:
+            ANALYTICS_WHITELISTED_EVENTS:
+            CALLSTATS_CUSTOM_SCRIPT_URL:
+            CALLSTATS_ID:
+            CALLSTATS_SECRET:
+            CHROME_EXTENSION_BANNER_JSON:
+            CONFCODE_URL:
+            CONFIG_EXTERNAL_CONNECT:
+            DEFAULT_LANGUAGE:
+            DIALIN_NUMBERS_URL:
+            DIALOUT_AUTH_URL:
+            DIALOUT_CODES_URL:
            DISABLE_HTTPS: 1
            DISABLE_POLLS: 0
            DEPLOYMENTINFO_SHARD: shard1
@ -15,17 +27,21 @@ services:
            DEPLOYMENTINFO_USERREGION: Region1
            DISABLE_DEEP_LINKING: "true"
            DISABLE_RTX: "false"
+            DROPBOX_APPKEY:
+            DROPBOX_REDIRECT_URI:
            DYNAMIC_BRANDING_URL: ''
+            ENABLE_AUDIO_PROCESSING:
            ENABLE_AUTH: 1
-            ENABLE_BREAKOUT_ROOMS: 0
            ENABLE_GUESTS:
            ENABLE_RECORDING: 0
-            ENABLE_FILE_RECORDING_SERVICE: "true"
-            ENABLE_CALENDAR: "true"
+            ENABLE_FILE_RECORDING_SERVICE:
+            ENABLE_CALENDAR:
            ENABLE_TRANSCRIPTIONS:
            ENABLE_NO_AUDIO_DETECTION: "true"
            ENABLE_P2P: "false"
            ENABLE_PREJOIN_PAGE: "true"
+            ENABLE_WELCOME_PAGE:
+            ENABLE_CLOSE_PAGE:
            ENABLE_XMPP_WEBSOCKET: 1
            ENABLE_COLIBRI_WEBSOCKET: 1
            ENABLE_FLOC:
@ -33,6 +49,8 @@ services:
            ENABLE_SIMULCAST: "true"
            ENABLE_REMB: "true"
            ENABLE_TCC: "true"
+            ENABLE_LETSENCRYPT:
+            ENABLE_HTTP_REDIRECT:
            ETHERPAD_URL_BASE:
            JICOFO_AUTH_USER: focus
            JIBRI_BREWERY_MUC: jibribrewery
@ -41,6 +59,9 @@ services:
            JIBRI_XMPP_PASSWORD: CHANGE_HERE
            JIBRI_RECORDER_USER: recorder
            JIBRI_RECORDER_PASSWORD: CHANGE_HERE
+            LETSENCRYPT_DOMAIN:
+            LETSENCRYPT_EMAIL:
+            LETSENCRYPT_USE_STAGING:
            NGINX_RESOLVER:
            PUBLIC_URL: https://CHANGE_HERE
            P2P_USE_STUN_TURN:
@ -86,28 +107,18 @@ services:
          #  constraints:
          #    - node.hostname == demo2
          #    - node.role == manager
-
-          labels:
-            - "traefik.enable=true"
-            - "traefik.docker.network=proxy"
-            - "traefik.http.routers.jitsi-secure.entrypoints=websecure"
-            - "traefik.http.routers.jitsi-secure.rule=Host(`meet.jitsi`)"
-            ## Middleware
-            - "traefik.http.routers.jitsi-secure.middlewares=security-headers@file"
-            ## LetsEncrypt
-            - "traefik.http.routers.jitsi-secure.tls=true"
-            - "traefik.http.routers.jitsi-secure.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.jitsi-secure.tls.domains[0].main=meet.jitsi"
-            - "traefik.http.routers.jitsi-secure.tls.options=myoptions@file"
-            ## Service
-            - "traefik.http.routers.jitsi-secure.service=jitsi" #here service name is jitsi
-            - "traefik.http.services.jitsi.loadbalancer.server.port=80"
-            - "traefik.http.services.jitsi.loadbalancer.passhostheader=true"
-
        volumes:
            - ${CONFIG}/web:/config
+            - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
+            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
        ports:
            - target: 80
+              published: 80
+              mode: host
+
+            - target: 443
+              published: 443
+              mode: host
        networks:
          proxy:
          jitsi:
@ -115,9 +126,6 @@ services:
              - meet.jitsi
 # Custom network so all services can communicate using a FQDN
 networks:
-  proxy:
-    external: true
-    name: proxy
  jitsi:
    external: true
    name: jitsi
--- a/examples/docker-swarm/traefik-proxy-config.toml
+++ b/examples/docker-swarm/traefik-proxy-config.toml
@ -1,41 +0,0 @@
-#################
-#### MIDDLEWARES
-#################
-[http.middlewares]
-  [http.middlewares.security-headers.headers]
-    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
-    #accessControlAllowOrigin = "origin-list-or-null"
-    accessControlMaxAge = 100
-    addVaryHeader = true
-    #frameDeny = true
-    sslRedirect = true
-    browserXssFilter = true
-    contentTypeNosniff = true
-    #
-    stsIncludeSubdomains = true
-    stsPreload = true
-    stsSeconds = 31536000
-
-#####################
-#### CUSTOM TLS CERT
-#####################
-[tls]
-  [tls.options]
-    [tls.options.myoptions]
-      minVersion = "VersionTLS12"
-      curvePreferences = ["CurveP521", "CurveP384"]
-      sniStrict = true
-
-      cipherSuites = [
-        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", # tls1.2
-        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        #"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", # 128 bit
-        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
-        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", # tls1.2
-        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        "TLS_FALLBACK_SCSV", # Client is doing version fallback. See RFC 7507.
-        "TLS_AES_256_GCM_SHA384",  # tls1.3
-        "TLS_CHACHA20_POLY1305_SHA256" # tls1.3
-
-      ]