diff --git a/.dockerignore b/.dockerignore index 0b3d8f1..be97538 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,3 @@ /bin -/docker/janus -/Dockerfile +/docker/*/Dockerfile /docker-compose.yml -/vendor diff --git a/.github/workflows/docker-compose.yml b/.github/workflows/docker-compose.yml index debf467..aaad7ae 100644 --- a/.github/workflows/docker-compose.yml +++ b/.github/workflows/docker-compose.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v3 - name: Pull Docker images - run: docker-compose pull + run: docker-compose -f docker/docker-compose.yml pull build: runs-on: ubuntu-latest @@ -29,4 +29,4 @@ jobs: - uses: actions/checkout@v3 - name: Build Docker images - run: docker-compose build + run: docker-compose -f docker/docker-compose.yml build diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c4c488c..275b06f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -7,7 +7,7 @@ on: branches: [ master ] jobs: - build: + server: runs-on: ubuntu-latest steps: @@ -20,3 +20,19 @@ jobs: uses: docker/build-push-action@v3 with: context: . + file: docker/server/Dockerfile + + proxy: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build Docker image + uses: docker/build-push-action@v3 + with: + context: . + file: docker/proxy/Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 83461b3..0000000 --- a/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM golang:1.18 AS builder - -WORKDIR /workdir - -COPY . . -RUN apt-get -y update && apt-get -y install protobuf-compiler -RUN make build - -FROM alpine:3.15 - -ENV CONFIG=/config/server.conf -RUN adduser -D spreedbackend && \ - apk add --no-cache ca-certificates libc6-compat libstdc++ -USER spreedbackend -COPY --from=builder /workdir/bin/signaling /usr/local/signaling -COPY ./server.conf.in /config/server.conf - -CMD ["/bin/sh", "-c", "/usr/local/signaling --config=$CONFIG"] diff --git a/README.md b/README.md index bf958ed..80d848f 100644 --- a/README.md +++ b/README.md @@ -88,13 +88,19 @@ systemctl start signaling.service ### Running with Docker +Official docker containers for the signaling server and -proxy are available on +Docker Hub at https://hub.docker.com/r/strukturag/nextcloud-spreed-signaling + +See the `README.md` in the `docker` subfolder for details. + + #### Docker Compose You will likely have to adjust the Janus command line options depending on the exact network configuration on your server. Refer to [Setup of Janus](#setup-of-janus) and the Janus documentation for how to configure your Janus server. Copy `server.conf.in` to `server.conf` and adjust it to your liking. -If you're using the [docker-compose.yml](docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`. +If you're using the [docker-compose.yml](docker/docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`. ```bash docker-compose build diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..087e83e --- /dev/null +++ b/docker/README.md @@ -0,0 +1,123 @@ +# Docker images for nextcloud-spreed-signaling + +## Signaling server + +The image for the signaling server can be retrieved from + + strukturag/nextcloud-spreed-signaling: + +Replace `version` with the tag or commit you want to use. + + +### Configuration + +The running container can be configured through different environment variables: + +- `CONFIG`: Optional name of configuration file to use. +- `HTTP_LISTEN`: Address of HTTP listener. +- `HTTPS_LISTEN`: Address of HTTPS listener. +- `HTTPS_CERTIFICATE`: Name of certificate file for the HTTPS listener. +- `HTTPS_KEY`: Name of private key file for the HTTPS listener. +- `HASH_KEY`: Secret value used to generate checksums of sessions (32 or 64 bytes). +- `BLOCK_KEY`: Key for encrypting data in the sessions (16, 24 or 32 bytes). +- `INTERNAL_SHARED_SECRET_KEY`: Shared secret for connections from internal clients. +- `BACKENDS`: Space-separated list of backend ids. +- `BACKEND__URL`: Url of backend `ID` (where `ID` is the uppercase backend id). +- `BACKEND__SHARED_SECRET`: Shared secret for backend `ID` (where `ID` is the uppercase backend id). +- `BACKEND__SESSION_LIMIT`: Optional session limit for backend `ID` (where `ID` is the uppercase backend id). +- `BACKEND__MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams in backend `ID` (where `ID` is the uppercase backend id). +- `BACKEND__MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams in backend `ID` (where `ID` is the uppercase backend id). +- `NATS_URL`: Optional URL of NATS server. +- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used). +- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used). +- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd.. +- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client. +- `ETCD_CLIENT_KEY`: Filename of private key for etcd client. +- `ETCD_CLIENT_CA`: Filename of CA for etcd client. +- `USE_JANUS`: Set to `1` if Janus should be used as WebRTC backend. +- `JANUS_URL`: Url to Janus server (if `USE_JANUS` is set to `1`). +- `USE_PROXY`: Set to `1` if proxy servers should be used as WebRTC backends. +- `PROXY_TOKEN_ID`: Id of the token to use when connecting to proxy servers. +- `PROXY_TOKEN_KEY`: Private key for the configured token id. +- `PROXY_URLS`: Space-separated list of proxy URLs to connect to. +- `PROXY_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured static URLs. +- `PROXY_ETCD`: Set to `1` if etcd should be used to configure proxy connections. +- `PROXY_KEY_PREFIX`: Key prefix of proxy entries. +- `MAX_STREAM_BITRATE`: Optional global maximum bitrate for audio/video streams. +- `MAX_SCREEN_BITRATE`: Optional global maximum bitrate for screensharing streams. +- `TURN_API_KEY`: API key that Janus will need to send when requesting TURN credentials. +- `TURN_SECRET`: The shared secret to use for generating TURN credentials. +- `TURN_SERVERS`: A comma-separated list of TURN servers to use. +- `GEOIP_LICENSE`: License key to use when downloading the MaxMind GeoIP database. +- `GEOIP_URL`: Optional URL to download a MaxMind GeoIP database from. +- `GEOIP_OVERRIDES`: Optional spae-separated list of overrides for GeoIP lookups. +- `CONTINENT_OVERRIDES`: Optional spae-separated list of overrides for continent mappings. +- `STATS_IPS`: Comma-separated list of IP addresses that are allowed to access the stats endpoint. +- `GRPC_LISTEN`: IP and port to listen on for GRPC requests. +- `GRPC_SERVER_CERTIFICATE`: Certificate to use for the GRPC server. +- `GRPC_SERVER_KEY`: Private key to use for the GRPC server. +- `GRPC_SERVER_CA`: CA certificate that is allowed to issue certificates of GRPC servers. +- `GRPC_CLIENT_CERTIFICATE`: Certificate to use for the GRPC client. +- `GRPC_CLIENT_KEY`: Private key to use for the GRPC client. +- `GRPC_CLIENT_CA`: CA certificate that is allowed to issue certificates of GRPC clients. +- `GRPC_TARGETS`: Comma-separated list of GRPC targets to connect to for clustering mode. +- `GRPC_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured GRPC targets. +- `GRPC_ETCD`: Set to `1` if etcd should be used to configure GRPC peers. +- `GRPC_TARGET_PREFIX`: Key prefix of GRPC target entries. + +Example with two backends: + + docker run \ + ... \ + -e BACKENDS="foo bar" \ + -e BACKEND_FOO_URL=https://cloud.server1.tld \ + -e BACKEND_FOO_SECRET=verysecret \ + -e BACKEND_BAR_URL=https://cloud.server2.tld \ + -e BACKEND_BAR_SECRET=moresecret \ + ... + +See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in +for further details on the different options. + + +## Signaling proxy + +The image for the signaling proxy can be retrieved from + + strukturag/nextcloud-spreed-signaling:-proxy + +Replace `version` with the tag or commit you want to use. + + +### Configuration + +The running container can be configured through different environment variables: + +- `CONFIG`: Optional name of configuration file to use. +- `HTTP_LISTEN`: Address of HTTP listener. +- `COUNTRY`: Optional ISO 3166 country this proxy is located at. +- `JANUS_URL`: Url to Janus server. +- `MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams. +- `MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams. +- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used). +- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used). +- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd.. +- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client. +- `ETCD_CLIENT_KEY`: Filename of private key for etcd client. +- `ETCD_CLIENT_CA`: Filename of CA for etcd client. +- `TOKENS_ETCD`: Set to `1` if etcd should be used to configure tokens. +- `TOKEN_KEY_FORMAT`: Format of key name to retrieve the public key from, "%s" will be replaced with the token id. +- `TOKENS`: Space-separated list of token ids. +- `TOKEN__KEY`: Filename of public key for token `ID` (where `ID` is the uppercase token id). + +Example with two tokens: + + docker run \ + ... \ + -e TOKENS="foo signaling.server1.tld" \ + -e TOKEN_FOO_KEY=/path/to/foo.key \ + -e TOKEN_SIGNALING_SERVER1_TLD_KEY=/path/to/signaling.server1.tld.key \ + ... + +See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/proxy.conf.in +for further details on the different options. diff --git a/docker-compose.yml b/docker/docker-compose.yml similarity index 92% rename from docker-compose.yml rename to docker/docker-compose.yml index aa9a406..02581de 100644 --- a/docker-compose.yml +++ b/docker/docker-compose.yml @@ -2,7 +2,9 @@ version: '3' services: spreedbackend: - build: . + build: + context: .. + dockerfile: docker/server/Dockerfile volumes: - ./server.conf:/config/server.conf network_mode: host @@ -19,7 +21,7 @@ services: network_mode: host restart: unless-stopped janus: - build: docker/janus + build: janus command: ["janus", "--full-trickle"] network_mode: host restart: unless-stopped diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile new file mode 100644 index 0000000..a9db566 --- /dev/null +++ b/docker/proxy/Dockerfile @@ -0,0 +1,25 @@ +FROM golang:1.19 AS builder + +WORKDIR /workdir + +COPY . . +RUN apt-get -y update && \ + apt-get -y install protobuf-compiler && \ + if [ -d "vendor" ]; then GOPROXY=off make proxy -j$(nproc); else \ + make proxy -j$(nproc); fi + +FROM alpine:3 + +ENV CONFIG=/config/proxy.conf +RUN adduser -D spreedbackend && \ + apk add --no-cache bash ca-certificates libc6-compat libstdc++ + +COPY --from=builder /workdir/bin/proxy /usr/bin/nextcloud-spreed-signaling-proxy +COPY ./proxy.conf.in /config/proxy.conf.in +COPY ./docker/proxy/entrypoint.sh / +RUN chown spreedbackend /config + +USER spreedbackend + +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling-proxy -config $CONFIG"] diff --git a/docker/proxy/entrypoint.sh b/docker/proxy/entrypoint.sh new file mode 100755 index 0000000..9b255b4 --- /dev/null +++ b/docker/proxy/entrypoint.sh @@ -0,0 +1,110 @@ +#!/bin/bash +# +# Standalone signaling server for the Nextcloud Spreed app. +# Copyright (C) 2022 struktur AG +# +# @author Joachim Bauch +# +# @license GNU AGPL version 3 or any later version +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +set -e + +if [ -z "$CONFIG" ]; then + echo "No configuration filename given in CONFIG environment variable" + exit 1 +fi + +if [ ! -f "$CONFIG" ]; then + echo "Preparing signaling proxy configuration in $CONFIG ..." + cp /config/proxy.conf.in "$CONFIG" + + if [ ! -z "$HTTP_LISTEN" ]; then + sed -i "s|#listen = 127.0.0.1:9090|listen = $HTTP_LISTEN|" "$CONFIG" + fi + + if [ ! -z "$COUNTRY" ]; then + sed -i "s|#country =.*|country = $COUNTRY|" "$CONFIG" + fi + + HAS_ETCD= + if [ ! -z "$ETCD_ENDPOINTS" ]; then + sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG" + HAS_ETCD=1 + else + if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then + sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG" + HAS_ETCD=1 + fi + if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then + sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG" + fi + fi + if [ ! -z "$HAS_ETCD" ]; then + if [ ! -z "$ETCD_CLIENT_KEY" ]; then + sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG" + fi + if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then + sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG" + fi + if [ ! -z "$ETCD_CLIENT_CA" ]; then + sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG" + fi + fi + + if [ ! -z "$JANUS_URL" ]; then + sed -i "s|url =.*|url = $JANUS_URL|" "$CONFIG" + else + sed -i "s|url =.*|#url =|" "$CONFIG" + fi + if [ ! -z "$MAX_STREAM_BITRATE" ]; then + sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG" + fi + if [ ! -z "$MAX_SCREEN_BITRATE" ]; then + sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG" + fi + + if [ ! -z "$TOKENS_ETCD" ]; then + if [ -z "$HAS_ETCD" ]; then + echo "No etcd endpoint configured, can't use etcd for proxy tokens" + exit 1 + fi + + sed -i "s|tokentype =.*|tokentype = etcd|" "$CONFIG" + + if [ ! -z "$TOKEN_KEY_FORMAT" ]; then + sed -i "s|#keyformat =.*|keyformat = $TOKEN_KEY_FORMAT|" "$CONFIG" + fi + else + sed -i "s|\[tokens\]|#[tokens]|" "$CONFIG" + echo >> "$CONFIG" + echo "[tokens]" >> "$CONFIG" + for token in $TOKENS; do + declare var="TOKEN_${token^^}_KEY" + var=$(echo $var | sed "s|\.|_|") + if [ ! -z "${!var}" ]; then + echo "$token = ${!var}" >> "$CONFIG" + fi + done + echo >> "$CONFIG" + fi + + if [ ! -z "$STATS_IPS" ]; then + sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG" + fi +fi + +echo "Starting signaling proxy with $CONFIG ..." +exec "$@" diff --git a/docker/server/Dockerfile b/docker/server/Dockerfile new file mode 100644 index 0000000..60584a8 --- /dev/null +++ b/docker/server/Dockerfile @@ -0,0 +1,25 @@ +FROM golang:1.19 AS builder + +WORKDIR /workdir + +COPY . . +RUN apt-get -y update && \ + apt-get -y install protobuf-compiler && \ + if [ -d "vendor" ]; then GOPROXY=off make server -j$(nproc); else \ + make server -j$(nproc); fi + +FROM alpine:3 + +ENV CONFIG=/config/server.conf +RUN adduser -D spreedbackend && \ + apk add --no-cache bash ca-certificates libc6-compat libstdc++ + +COPY --from=builder /workdir/bin/signaling /usr/bin/nextcloud-spreed-signaling +COPY ./server.conf.in /config/server.conf.in +COPY ./docker/server/entrypoint.sh / +RUN chown spreedbackend /config + +USER spreedbackend + +ENTRYPOINT [ "/entrypoint.sh" ] +CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling -config $CONFIG"] diff --git a/docker/server/entrypoint.sh b/docker/server/entrypoint.sh new file mode 100755 index 0000000..24958f2 --- /dev/null +++ b/docker/server/entrypoint.sh @@ -0,0 +1,251 @@ +#!/bin/bash +# +# Standalone signaling server for the Nextcloud Spreed app. +# Copyright (C) 2022 struktur AG +# +# @author Joachim Bauch +# +# @license GNU AGPL version 3 or any later version +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +set -e + +if [ -z "$CONFIG" ]; then + echo "No configuration filename given in CONFIG environment variable" + exit 1 +fi + +if [ ! -f "$CONFIG" ]; then + echo "Preparing signaling server configuration in $CONFIG ..." + cp /config/server.conf.in "$CONFIG" + + if [ ! -z "$HTTP_LISTEN" ]; then + sed -i "s|#listen = 127.0.0.1:8080|listen = $HTTP_LISTEN|" "$CONFIG" + fi + if [ ! -z "$HTTPS_LISTEN" ]; then + sed -i "s|#listen = 127.0.0.1:8443|listen = $HTTPS_LISTEN|" "$CONFIG" + + if [ ! -z "$HTTPS_CERTIFICATE" ]; then + sed -i "s|certificate = /etc/nginx/ssl/server.crt|certificate = $HTTPS_CERTIFICATE|" "$CONFIG" + fi + if [ ! -z "$HTTPS_KEY" ]; then + sed -i "s|key = /etc/nginx/ssl/server.key|key = $HTTPS_KEY|" "$CONFIG" + fi + fi + + if [ ! -z "$HASH_KEY" ]; then + sed -i "s|the-secret-for-session-checksums|$HASH_KEY|" "$CONFIG" + fi + if [ ! -z "$BLOCK_KEY" ]; then + sed -i "s|-encryption-key-|$BLOCK_KEY|" "$CONFIG" + fi + if [ ! -z "$INTERNAL_SHARED_SECRET_KEY" ]; then + sed -i "s|the-shared-secret-for-internal-clients|$INTERNAL_SHARED_SECRET_KEY|" "$CONFIG" + fi + if [ ! -z "$NATS_URL" ]; then + sed -i "s|#url = nats://localhost:4222|url = $NATS_URL|" "$CONFIG" + else + sed -i "s|#url = nats://localhost:4222|url = nats://loopback|" "$CONFIG" + fi + + HAS_ETCD= + if [ ! -z "$ETCD_ENDPOINTS" ]; then + sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG" + HAS_ETCD=1 + else + if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then + sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG" + HAS_ETCD=1 + fi + if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then + sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG" + fi + fi + if [ ! -z "$HAS_ETCD" ]; then + if [ ! -z "$ETCD_CLIENT_KEY" ]; then + sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG" + fi + if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then + sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG" + fi + if [ ! -z "$ETCD_CLIENT_CA" ]; then + sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG" + fi + fi + + if [ ! -z "$USE_JANUS" ]; then + sed -i "s|#type =$|type = janus|" "$CONFIG" + if [ ! -z "$JANUS_URL" ]; then + sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $JANUS_URL|}" "$CONFIG" + fi + elif [ ! -z "$USE_PROXY" ]; then + sed -i "s|#type =$|type = proxy|" "$CONFIG" + + if [ ! -z "$PROXY_ETCD" ]; then + if [ -z "$HAS_ETCD" ]; then + echo "No etcd endpoint configured, can't use etcd for proxy connections" + exit 1 + fi + + sed -i "s|#urltype = static|urltype = etcd|" "$CONFIG" + + if [ ! -z "$PROXY_TOKEN_ID" ]; then + sed -i "s|#token_id =.*|token_id = $PROXY_TOKEN_ID|" "$CONFIG" + fi + if [ ! -z "$PROXY_TOKEN_KEY" ]; then + sed -i "s|#token_key =.*|token_key = $PROXY_TOKEN_KEY|" "$CONFIG" + fi + if [ ! -z "$PROXY_KEY_PREFIX" ]; then + sed -i "s|#keyprefix =.*|keyprefix = $PROXY_KEY_PREFIX|" "$CONFIG" + fi + else + if [ ! -z "$PROXY_URLS" ]; then + sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $PROXY_URLS|}" "$CONFIG" + fi + if [ ! -z "$PROXY_DNS_DISCOVERY" ]; then + sed -i "/or deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG" + fi + fi + fi + + if [ ! -z "$MAX_STREAM_BITRATE" ]; then + sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG" + fi + if [ ! -z "$MAX_SCREEN_BITRATE" ]; then + sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG" + fi + + if [ ! -z "$TURN_API_KEY" ]; then + sed -i "s|the-api-key-for-the-rest-service|$TURN_API_KEY|" "$CONFIG" + fi + if [ ! -z "$TURN_SECRET" ]; then + sed -i "s|6d1c17a7-c736-4e22-b02c-e2955b7ecc64|$TURN_SECRET|" "$CONFIG" + fi + if [ ! -z "$TURN_SERVERS" ]; then + sed -i "s|#servers =.*|servers = $TURN_SERVERS|" "$CONFIG" + fi + + if [ ! -z "$GEOIP_LICENSE" ]; then + sed -i "s|#license =.*|license = $GEOIP_LICENSE|" "$CONFIG" + fi + if [ ! -z "$GEOIP_URL" ]; then + sed -i "/looking up IP addresses/{n;s|#url =$|url = $GEOIP_URL|}" "$CONFIG" + fi + + if [ ! -z "$STATS_IPS" ]; then + sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG" + fi + + if [ ! -z "$GRPC_LISTEN" ]; then + sed -i "s|#listen = 0.0.0.0:9090|listen = $GRPC_LISTEN|" "$CONFIG" + + if [ ! -z "$GRPC_SERVER_CERTIFICATE" ]; then + sed -i "s|#servercertificate =.*|servercertificate = $GRPC_SERVER_CERTIFICATE|" "$CONFIG" + fi + if [ ! -z "$GRPC_SERVER_KEY" ]; then + sed -i "s|#serverkey =.*|serverkey = $GRPC_SERVER_KEY|" "$CONFIG" + fi + if [ ! -z "$GRPC_SERVER_CA" ]; then + sed -i "s|#serverca =.*|serverca = $GRPC_SERVER_CA|" "$CONFIG" + fi + if [ ! -z "$GRPC_CLIENT_CERTIFICATE" ]; then + sed -i "s|#clientcertificate =.*|clientcertificate = $GRPC_CLIENT_CERTIFICATE|" "$CONFIG" + fi + if [ ! -z "$GRPC_CLIENT_KEY" ]; then + sed -i "s|#clientkey = /path/to/grpc-client.key|clientkey = $GRPC_CLIENT_KEY|" "$CONFIG" + fi + if [ ! -z "$GRPC_CLIENT_CA" ]; then + sed -i "s|#clientca =.*|clientca = $GRPC_CLIENT_CA|" "$CONFIG" + fi + if [ ! -z "$GRPC_ETCD" ]; then + if [ -z "$HAS_ETCD" ]; then + echo "No etcd endpoint configured, can't use etcd for GRPC" + exit 1 + fi + + sed -i "s|#targettype =$|targettype = etcd|" "$CONFIG" + + if [ ! -z "$GRPC_TARGET_PREFIX" ]; then + sed -i "s|#targetprefix =.*|targetprefix = $GRPC_TARGET_PREFIX|" "$CONFIG" + fi + else + if [ ! -z "$GRPC_TARGETS" ]; then + sed -i "s|#targets =.*|targets = $GRPC_TARGETS|" "$CONFIG" + + if [ ! -z "$GRPC_DNS_DISCOVERY" ]; then + sed -i "/# deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG" + fi + fi + fi + fi + + if [ ! -z "$GEOIP_OVERRIDES" ]; then + sed -i "s|\[geoip-overrides\]|#[geoip-overrides]|" "$CONFIG" + echo >> "$CONFIG" + echo "[geoip-overrides]" >> "$CONFIG" + for override in $GEOIP_OVERRIDES; do + echo $override >> "$CONFIG" + done + echo >> "$CONFIG" + fi + + if [ ! -z "$CONTINENT_OVERRIDES" ]; then + sed -i "s|\[continent-overrides\]|#[continent-overrides]|" "$CONFIG" + echo >> "$CONFIG" + echo "[continent-overrides]" >> "$CONFIG" + for override in $CONTINENT_OVERRIDES; do + echo $override >> "$CONFIG" + done + echo >> "$CONFIG" + fi + + if [ ! -z "$BACKENDS" ]; then + sed -i "s|#backends = .*|backends = $BACKENDS|" "$CONFIG" + + echo >> "$CONFIG" + for backend in $BACKENDS; do + echo "[$backend]" >> "$CONFIG" + + declare var="BACKEND_${backend^^}_URL" + if [ ! -z "${!var}" ]; then + echo "url = ${!var}" >> "$CONFIG" + fi + + declare var="BACKEND_${backend^^}_SHARED_SECRET" + if [ ! -z "${!var}" ]; then + echo "secret = ${!var}" >> "$CONFIG" + fi + + declare var="BACKEND_${backend^^}_SESSION_LIMIT" + if [ ! -z "${!var}" ]; then + echo "sessionlimit = ${!var}" >> "$CONFIG" + fi + + declare var="BACKEND_${backend^^}_MAX_STREAM_BITRATE" + if [ ! -z "${!var}" ]; then + echo "maxstreambitrate = ${!var}" >> "$CONFIG" + fi + + declare var="BACKEND_${backend^^}_MAX_SCREEN_BITRATE" + if [ ! -z "${!var}" ]; then + echo "maxscreenbitrate = ${!var}" >> "$CONFIG" + fi + echo >> "$CONFIG" + done + fi +fi + +echo "Starting signaling server with $CONFIG ..." +exec "$@"