- reduce size of the bbb-html5 image

- fix path of the html5 config file to apply METEOR_SETTINGS - remove TLS from coturn, in order to keep the ssl certificate on traefik only - configure stun on bbb-web as well - allow turn domain/address to be different from the server domain
2018-08-09 00:16:46 -03:00 · 2018-08-09 00:16:46 -03:00 · 8e9a75d149
commit 8e9a75d149
parent ec63729747
5 changed files with 30 additions and 22 deletions
--- a/bigbluebutton-html5/Dockerfile
+++ b/bigbluebutton-html5/Dockerfile
@ -18,7 +18,8 @@ USER meteor

 RUN cd /source \
 && meteor npm install \
- && meteor build --directory /app
+ && meteor build --directory /app \
+ && rm -r /source

 ENV NODE_ENV production

--- a/bigbluebutton-html5/docker-entrypoint.sh
+++ b/bigbluebutton-html5/docker-entrypoint.sh
@ -1,5 +1,5 @@
 #!/bin/bash -e

-export METEOR_SETTINGS=` jq "${METEOR_SETTINGS_MODIFIER}" /source/private/config/settings-production.json `
+export METEOR_SETTINGS=` jq "${METEOR_SETTINGS_MODIFIER}" ./programs/server/assets/app/config/settings-production.json `

 node main.js
--- a/bigbluebutton-web/turn-stun-servers.xml.tmpl
+++ b/bigbluebutton-web/turn-stun-servers.xml.tmpl
@ -24,21 +24,27 @@ with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
            http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
            ">

+    <bean id="stun1" class="org.bigbluebutton.web.services.turn.StunServer">
+        <constructor-arg index="0" value="stun:{{ .Env.TURN_DOMAIN }}:3478"/>
+    </bean>
+
    <bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
-        <constructor-arg index="1" value="turn:{{ .Env.SERVER_DOMAIN }}:3478"/>
+        <constructor-arg index="1" value="turn:{{ .Env.TURN_DOMAIN }}:3478"/>
        <constructor-arg index="2" value="86400"/>
    </bean>

    <bean id="turn2" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="{{ .Env.TURN_SECRET }}"/>
-        <constructor-arg index="1" value="turn:{{ .Env.SERVER_DOMAIN }}:5349?transport=tcp"/>
+        <constructor-arg index="1" value="turn:{{ .Env.TURN_DOMAIN }}:3478?transport=tcp"/>
        <constructor-arg index="2" value="86400"/>
    </bean>

    <bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
        <property name="stunServers">
-            <set/>
+            <set>
+                <ref bean="stun1" />
+            </set>
        </property>
        <property name="turnServers">
            <set>
--- a/labs/docker/coturn/turnserver.conf.tmpl
+++ b/labs/docker/coturn/turnserver.conf.tmpl
@ -1,16 +1,9 @@
 listening-port={{ .Env.PORT }}
-tls-listening-port={{ .Env.PORT_TLS}}
 min-port=49152
 max-port=65535
 fingerprint
 lt-cred-mech
 realm={{ .Env.SERVER_DOMAIN }}
-cert={{ .Env.SSL_CERT_PATH }}
-pkey={{ .Env.SSL_KEY_PATH }}
-cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AES256"
-dh-file={{ .Env.SSL_DHPARAM_PATH }}
-no-tlsv1
-no-tlsv1_1
 external-ip={{ .Env.EXTERNAL_IP }}

 {{ if isTrue .Env.ENABLE_REST_API }}
--- a/labs/docker/docker-compose.yml
+++ b/labs/docker/docker-compose.yml
@ -64,22 +64,15 @@ services:
  coturn:
    image: ${TAG_PREFIX}bbb-coturn${TAG_SUFFIX}
    restart: unless-stopped
-    volumes:
-      - ssl-conf:/etc/nginx/ssl
    environment:
-      SERVER_DOMAIN: ${SERVER_DOMAIN}
-      SSL_CERT_PATH: /etc/nginx/ssl/live/${SERVER_DOMAIN}/fullchain.pem
-      SSL_KEY_PATH: /etc/nginx/ssl/live/${SERVER_DOMAIN}/privkey.pem
-      SSL_DHPARAM_PATH: /etc/nginx/ssl/dhp-2048.pem
+      TURN_DOMAIN: ${SERVER_DOMAIN}
      SECRET: ${COTURN_REST_SECRET}
      EXTERNAL_IP: ${EXTERNAL_IP}
      ENABLE_REST_API: 1
      PORT: 3478
-      PORT_TLS: 5349
    ports:
      - 3478:3478/udp
      - 3478:3478/tcp
-      - 5349:5349/tcp

  kurento:
    image: ${TAG_PREFIX}bbb-kurento${TAG_SUFFIX}
@ -119,6 +112,7 @@ services:
    environment:
      SERVER_DOMAIN: ${SERVER_DOMAIN}
      SHARED_SECRET: ${SHARED_SECRET}
+      TURN_DOMAIN: ${SERVER_DOMAIN}
      TURN_SECRET: ${COTURN_REST_SECRET}
    labels:
      - "traefik.backend=bbb-web"
@ -143,12 +137,26 @@ services:
      - 80:80
      - 8080:8080
      - 443:443
-    command: traefik --docker --defaultentrypoints=http
+    command: traefik
+      - --docker
+      - --logLevel=INFO
+      - --acme
+      - --acme.httpchallenge
+      - --acme.httpchallenge.entrypoint=http
+      - --acme.acmelogging
+      - --acme.storage=/etc/traefik/acme/acme.json
+      - --acme.email=felipe@mconf.com
+      - --acme.entrypoint=https
+      - --acme.domains=${SERVER_DOMAIN}
+      - --defaultentrypoints=http,https
+      - --entryPoints='Name:http Address::80 Redirect.EntryPoint:https'
+      - --entryPoints='Name:https Address::443 TLS'
    volumes:
+      - traefik-acme:/etc/traefik/acme/
      - /var/run/docker.sock:/var/run/docker.sock

 volumes:
-  ssl-conf:
+  traefik-acme:
  static:
  bigbluebutton:
  media-audio: