bbb-webrtc-sfu (and mediasoup) are running in the CFS scheduler which
means it has to compete with (much) lower priority tasks like
presentation conversion, recording processing, [...]
Since it encompasses an RTC application which also handles audio, it
should be _at least_ on the same scheduling policy as FS/bbb-html5 - and
that should be safer now with mediasoup which has a lower footprint
(and generates lower CPU noise overall).
This commit puts bbb-webrtc-sfu in the FIFO scheduling policy (same as
bbb-html5). Also bumps bbb-html5 nice level up to 18 and sets SFU to
nice 19 (so bbb-html5 has some advantage when push comes to shove).
This can be improved further by using per-process priorities in SFU.
Ideally we'd want mediasoup audio workers and mcs-core to be the same
priority as FS (so higher than bbb-html5), but the rest of them
(video/screen workers) to be the same or lower than bbb-html5. For
future reference:
- https://github.com/bigbluebutton/bbb-webrtc-sfu/commit/3e245122dfa155ecb77b536eeadac1e4607cee
- 66d443d204
Files are compressed on build, but gzip_static on isn't set on their
nginx route - so original files are being served, uncompressed.
This commit serves the previously compressed files instead (thus
reducing initial transfer size by ~1 MB).
Someone should look into whether serving compressed version of the rest
of assets makes sense - it probably does.
Still pending: fonts, locales, svgs, everything under resources, ...
docker container and pass them in as environment variables, since we
can't compute them inside the docker container if the source directory
is a git worktree
Audio's callerId depends on the user name and there isn't
an "on-demand" way of fetching that field internally, making callerId
assembly with trusted attributes (server-side generated) impossible in
bbb-webrtc-sfu.
The new extra header (User-Name, mapped to user_name in the proxied
connection) allows fetching the user name field in a cheap way and
consequently provides a cheap+safe way of assembling the callerId.
Alternatives I've considered but discarded:
- a new akka-apps req-resp pair for fetching the user name (+overhead)
- a new akka-apps req-resp pair for generating the callerId (+overhead)
- piggybacking on GetMicrophonePermissionReq/Resp to generate the
callerId (same overhead, but mixing responsabilities)
the redis dependency for `bbb-apps-akka` and `bbb-fsesl-akka` has
already beed added in commit b6777ed9cb so
the override is no longer neccesary.
closes#15192
* fix unit name: the unit name on Ubuntu is `redis-server.service`
* services which need a working redis require both After= and Wants=
See the description in the `systemd.unit` man page.
Etherpad uses the sessionID cookie for authorization. In cluster setups the
host part of the URI which serves the html5 frontend is different from
the hostname part of the URI which serves etherpad. Therefore the
bbb-html5 client can't set a cookie for etherpad which contains the
etherpad sessionID.
This patch uses the `ep_auth_session` etherpad plugin which takes the
`sessionID` as query parameter, sets the cookie in the browser and
redirects the iframe to the pad URI.
docker container and pass them in as environment variables, since we
can't compute them inside the docker container if the source directory
is a git worktree
yq package is now provided in the BigBlueButton support PPA for BBB 2.5,
so we can depend on the package now. Ensure the dependency is specific
to avoid an incompatible yq version 4 from being installed.
Sometimes operators need to tweak the nginx config. They should not
modify config files provided by the packages. Instead they should add
their own config files in `/etc/bigbluebutton/nginx/`. This patch links
the default config provided by packages into this directory.
Since gems are no longer being built during package install, dev
packages are no longer needed. Install the runtime libraries instead.
Drop the libxslt & libxml dependencies, since current nokogiri versions
used bundled copies of those libraries.
Now uses Ubuntu's bundler version to install all dependencies at build time
rather than install time. Gems are also now vendored, and no longer pollute the
operating system.
Since bbb-pads user's name is set internally by akka-apps and bbb-pads internal
credentials exchange. Yet, Etherpad's embedded URL params still work and the user
could use it to ovewrite.
Use nginx rules to block an access attempt that contains the userName argument.
