mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-08 00:42:25 +02:00
Add official docker images.
This commit is contained in:
parent
2394c09013
commit
b2e8217c1f
|
@ -1,5 +1,3 @@
|
||||||
/bin
|
/bin
|
||||||
/docker/janus
|
/docker/*/Dockerfile
|
||||||
/Dockerfile
|
|
||||||
/docker-compose.yml
|
/docker-compose.yml
|
||||||
/vendor
|
|
||||||
|
|
4
.github/workflows/docker-compose.yml
vendored
4
.github/workflows/docker-compose.yml
vendored
|
@ -20,7 +20,7 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Pull Docker images
|
- name: Pull Docker images
|
||||||
run: docker-compose pull
|
run: docker-compose -f docker/docker-compose.yml pull
|
||||||
|
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
@ -29,4 +29,4 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Build Docker images
|
- name: Build Docker images
|
||||||
run: docker-compose build
|
run: docker-compose -f docker/docker-compose.yml build
|
||||||
|
|
18
.github/workflows/docker.yml
vendored
18
.github/workflows/docker.yml
vendored
|
@ -7,7 +7,7 @@ on:
|
||||||
branches: [ master ]
|
branches: [ master ]
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
server:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
@ -20,3 +20,19 @@ jobs:
|
||||||
uses: docker/build-push-action@v3
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
|
file: docker/server/Dockerfile
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
|
||||||
|
- name: Build Docker image
|
||||||
|
uses: docker/build-push-action@v3
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: docker/proxy/Dockerfile
|
||||||
|
|
18
Dockerfile
18
Dockerfile
|
@ -1,18 +0,0 @@
|
||||||
FROM golang:1.18 AS builder
|
|
||||||
|
|
||||||
WORKDIR /workdir
|
|
||||||
|
|
||||||
COPY . .
|
|
||||||
RUN apt-get -y update && apt-get -y install protobuf-compiler
|
|
||||||
RUN make build
|
|
||||||
|
|
||||||
FROM alpine:3.15
|
|
||||||
|
|
||||||
ENV CONFIG=/config/server.conf
|
|
||||||
RUN adduser -D spreedbackend && \
|
|
||||||
apk add --no-cache ca-certificates libc6-compat libstdc++
|
|
||||||
USER spreedbackend
|
|
||||||
COPY --from=builder /workdir/bin/signaling /usr/local/signaling
|
|
||||||
COPY ./server.conf.in /config/server.conf
|
|
||||||
|
|
||||||
CMD ["/bin/sh", "-c", "/usr/local/signaling --config=$CONFIG"]
|
|
|
@ -88,13 +88,19 @@ systemctl start signaling.service
|
||||||
|
|
||||||
### Running with Docker
|
### Running with Docker
|
||||||
|
|
||||||
|
Official docker containers for the signaling server and -proxy are available on
|
||||||
|
Docker Hub at https://hub.docker.com/r/strukturag/nextcloud-spreed-signaling
|
||||||
|
|
||||||
|
See the `README.md` in the `docker` subfolder for details.
|
||||||
|
|
||||||
|
|
||||||
#### Docker Compose
|
#### Docker Compose
|
||||||
|
|
||||||
You will likely have to adjust the Janus command line options depending on the exact network configuration on your server. Refer to [Setup of Janus](#setup-of-janus) and the Janus documentation for how to configure your Janus server.
|
You will likely have to adjust the Janus command line options depending on the exact network configuration on your server. Refer to [Setup of Janus](#setup-of-janus) and the Janus documentation for how to configure your Janus server.
|
||||||
|
|
||||||
Copy `server.conf.in` to `server.conf` and adjust it to your liking.
|
Copy `server.conf.in` to `server.conf` and adjust it to your liking.
|
||||||
|
|
||||||
If you're using the [docker-compose.yml](docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`.
|
If you're using the [docker-compose.yml](docker/docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker-compose build
|
docker-compose build
|
||||||
|
|
123
docker/README.md
Normal file
123
docker/README.md
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
# Docker images for nextcloud-spreed-signaling
|
||||||
|
|
||||||
|
## Signaling server
|
||||||
|
|
||||||
|
The image for the signaling server can be retrieved from
|
||||||
|
|
||||||
|
strukturag/nextcloud-spreed-signaling:<version>
|
||||||
|
|
||||||
|
Replace `version` with the tag or commit you want to use.
|
||||||
|
|
||||||
|
|
||||||
|
### Configuration
|
||||||
|
|
||||||
|
The running container can be configured through different environment variables:
|
||||||
|
|
||||||
|
- `CONFIG`: Optional name of configuration file to use.
|
||||||
|
- `HTTP_LISTEN`: Address of HTTP listener.
|
||||||
|
- `HTTPS_LISTEN`: Address of HTTPS listener.
|
||||||
|
- `HTTPS_CERTIFICATE`: Name of certificate file for the HTTPS listener.
|
||||||
|
- `HTTPS_KEY`: Name of private key file for the HTTPS listener.
|
||||||
|
- `HASH_KEY`: Secret value used to generate checksums of sessions (32 or 64 bytes).
|
||||||
|
- `BLOCK_KEY`: Key for encrypting data in the sessions (16, 24 or 32 bytes).
|
||||||
|
- `INTERNAL_SHARED_SECRET_KEY`: Shared secret for connections from internal clients.
|
||||||
|
- `BACKENDS`: Space-separated list of backend ids.
|
||||||
|
- `BACKEND_<ID>_URL`: Url of backend `ID` (where `ID` is the uppercase backend id).
|
||||||
|
- `BACKEND_<ID>_SHARED_SECRET`: Shared secret for backend `ID` (where `ID` is the uppercase backend id).
|
||||||
|
- `BACKEND_<ID>_SESSION_LIMIT`: Optional session limit for backend `ID` (where `ID` is the uppercase backend id).
|
||||||
|
- `BACKEND_<ID>_MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams in backend `ID` (where `ID` is the uppercase backend id).
|
||||||
|
- `BACKEND_<ID>_MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams in backend `ID` (where `ID` is the uppercase backend id).
|
||||||
|
- `NATS_URL`: Optional URL of NATS server.
|
||||||
|
- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used).
|
||||||
|
- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
|
||||||
|
- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd..
|
||||||
|
- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client.
|
||||||
|
- `ETCD_CLIENT_KEY`: Filename of private key for etcd client.
|
||||||
|
- `ETCD_CLIENT_CA`: Filename of CA for etcd client.
|
||||||
|
- `USE_JANUS`: Set to `1` if Janus should be used as WebRTC backend.
|
||||||
|
- `JANUS_URL`: Url to Janus server (if `USE_JANUS` is set to `1`).
|
||||||
|
- `USE_PROXY`: Set to `1` if proxy servers should be used as WebRTC backends.
|
||||||
|
- `PROXY_TOKEN_ID`: Id of the token to use when connecting to proxy servers.
|
||||||
|
- `PROXY_TOKEN_KEY`: Private key for the configured token id.
|
||||||
|
- `PROXY_URLS`: Space-separated list of proxy URLs to connect to.
|
||||||
|
- `PROXY_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured static URLs.
|
||||||
|
- `PROXY_ETCD`: Set to `1` if etcd should be used to configure proxy connections.
|
||||||
|
- `PROXY_KEY_PREFIX`: Key prefix of proxy entries.
|
||||||
|
- `MAX_STREAM_BITRATE`: Optional global maximum bitrate for audio/video streams.
|
||||||
|
- `MAX_SCREEN_BITRATE`: Optional global maximum bitrate for screensharing streams.
|
||||||
|
- `TURN_API_KEY`: API key that Janus will need to send when requesting TURN credentials.
|
||||||
|
- `TURN_SECRET`: The shared secret to use for generating TURN credentials.
|
||||||
|
- `TURN_SERVERS`: A comma-separated list of TURN servers to use.
|
||||||
|
- `GEOIP_LICENSE`: License key to use when downloading the MaxMind GeoIP database.
|
||||||
|
- `GEOIP_URL`: Optional URL to download a MaxMind GeoIP database from.
|
||||||
|
- `GEOIP_OVERRIDES`: Optional spae-separated list of overrides for GeoIP lookups.
|
||||||
|
- `CONTINENT_OVERRIDES`: Optional spae-separated list of overrides for continent mappings.
|
||||||
|
- `STATS_IPS`: Comma-separated list of IP addresses that are allowed to access the stats endpoint.
|
||||||
|
- `GRPC_LISTEN`: IP and port to listen on for GRPC requests.
|
||||||
|
- `GRPC_SERVER_CERTIFICATE`: Certificate to use for the GRPC server.
|
||||||
|
- `GRPC_SERVER_KEY`: Private key to use for the GRPC server.
|
||||||
|
- `GRPC_SERVER_CA`: CA certificate that is allowed to issue certificates of GRPC servers.
|
||||||
|
- `GRPC_CLIENT_CERTIFICATE`: Certificate to use for the GRPC client.
|
||||||
|
- `GRPC_CLIENT_KEY`: Private key to use for the GRPC client.
|
||||||
|
- `GRPC_CLIENT_CA`: CA certificate that is allowed to issue certificates of GRPC clients.
|
||||||
|
- `GRPC_TARGETS`: Comma-separated list of GRPC targets to connect to for clustering mode.
|
||||||
|
- `GRPC_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured GRPC targets.
|
||||||
|
- `GRPC_ETCD`: Set to `1` if etcd should be used to configure GRPC peers.
|
||||||
|
- `GRPC_TARGET_PREFIX`: Key prefix of GRPC target entries.
|
||||||
|
|
||||||
|
Example with two backends:
|
||||||
|
|
||||||
|
docker run \
|
||||||
|
... \
|
||||||
|
-e BACKENDS="foo bar" \
|
||||||
|
-e BACKEND_FOO_URL=https://cloud.server1.tld \
|
||||||
|
-e BACKEND_FOO_SECRET=verysecret \
|
||||||
|
-e BACKEND_BAR_URL=https://cloud.server2.tld \
|
||||||
|
-e BACKEND_BAR_SECRET=moresecret \
|
||||||
|
...
|
||||||
|
|
||||||
|
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in
|
||||||
|
for further details on the different options.
|
||||||
|
|
||||||
|
|
||||||
|
## Signaling proxy
|
||||||
|
|
||||||
|
The image for the signaling proxy can be retrieved from
|
||||||
|
|
||||||
|
strukturag/nextcloud-spreed-signaling:<version>-proxy
|
||||||
|
|
||||||
|
Replace `version` with the tag or commit you want to use.
|
||||||
|
|
||||||
|
|
||||||
|
### Configuration
|
||||||
|
|
||||||
|
The running container can be configured through different environment variables:
|
||||||
|
|
||||||
|
- `CONFIG`: Optional name of configuration file to use.
|
||||||
|
- `HTTP_LISTEN`: Address of HTTP listener.
|
||||||
|
- `COUNTRY`: Optional ISO 3166 country this proxy is located at.
|
||||||
|
- `JANUS_URL`: Url to Janus server.
|
||||||
|
- `MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams.
|
||||||
|
- `MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams.
|
||||||
|
- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used).
|
||||||
|
- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
|
||||||
|
- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd..
|
||||||
|
- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client.
|
||||||
|
- `ETCD_CLIENT_KEY`: Filename of private key for etcd client.
|
||||||
|
- `ETCD_CLIENT_CA`: Filename of CA for etcd client.
|
||||||
|
- `TOKENS_ETCD`: Set to `1` if etcd should be used to configure tokens.
|
||||||
|
- `TOKEN_KEY_FORMAT`: Format of key name to retrieve the public key from, "%s" will be replaced with the token id.
|
||||||
|
- `TOKENS`: Space-separated list of token ids.
|
||||||
|
- `TOKEN_<ID>_KEY`: Filename of public key for token `ID` (where `ID` is the uppercase token id).
|
||||||
|
|
||||||
|
Example with two tokens:
|
||||||
|
|
||||||
|
docker run \
|
||||||
|
... \
|
||||||
|
-e TOKENS="foo signaling.server1.tld" \
|
||||||
|
-e TOKEN_FOO_KEY=/path/to/foo.key \
|
||||||
|
-e TOKEN_SIGNALING_SERVER1_TLD_KEY=/path/to/signaling.server1.tld.key \
|
||||||
|
...
|
||||||
|
|
||||||
|
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/proxy.conf.in
|
||||||
|
for further details on the different options.
|
|
@ -2,7 +2,9 @@ version: '3'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
spreedbackend:
|
spreedbackend:
|
||||||
build: .
|
build:
|
||||||
|
context: ..
|
||||||
|
dockerfile: docker/server/Dockerfile
|
||||||
volumes:
|
volumes:
|
||||||
- ./server.conf:/config/server.conf
|
- ./server.conf:/config/server.conf
|
||||||
network_mode: host
|
network_mode: host
|
||||||
|
@ -19,7 +21,7 @@ services:
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
janus:
|
janus:
|
||||||
build: docker/janus
|
build: janus
|
||||||
command: ["janus", "--full-trickle"]
|
command: ["janus", "--full-trickle"]
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
25
docker/proxy/Dockerfile
Normal file
25
docker/proxy/Dockerfile
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
FROM golang:1.19 AS builder
|
||||||
|
|
||||||
|
WORKDIR /workdir
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
RUN apt-get -y update && \
|
||||||
|
apt-get -y install protobuf-compiler && \
|
||||||
|
if [ -d "vendor" ]; then GOPROXY=off make proxy -j$(nproc); else \
|
||||||
|
make proxy -j$(nproc); fi
|
||||||
|
|
||||||
|
FROM alpine:3
|
||||||
|
|
||||||
|
ENV CONFIG=/config/proxy.conf
|
||||||
|
RUN adduser -D spreedbackend && \
|
||||||
|
apk add --no-cache bash ca-certificates libc6-compat libstdc++
|
||||||
|
|
||||||
|
COPY --from=builder /workdir/bin/proxy /usr/bin/nextcloud-spreed-signaling-proxy
|
||||||
|
COPY ./proxy.conf.in /config/proxy.conf.in
|
||||||
|
COPY ./docker/proxy/entrypoint.sh /
|
||||||
|
RUN chown spreedbackend /config
|
||||||
|
|
||||||
|
USER spreedbackend
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||||
|
CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling-proxy -config $CONFIG"]
|
110
docker/proxy/entrypoint.sh
Executable file
110
docker/proxy/entrypoint.sh
Executable file
|
@ -0,0 +1,110 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Standalone signaling server for the Nextcloud Spreed app.
|
||||||
|
# Copyright (C) 2022 struktur AG
|
||||||
|
#
|
||||||
|
# @author Joachim Bauch <bauch@struktur.de>
|
||||||
|
#
|
||||||
|
# @license GNU AGPL version 3 or any later version
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z "$CONFIG" ]; then
|
||||||
|
echo "No configuration filename given in CONFIG environment variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "$CONFIG" ]; then
|
||||||
|
echo "Preparing signaling proxy configuration in $CONFIG ..."
|
||||||
|
cp /config/proxy.conf.in "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$HTTP_LISTEN" ]; then
|
||||||
|
sed -i "s|#listen = 127.0.0.1:9090|listen = $HTTP_LISTEN|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$COUNTRY" ]; then
|
||||||
|
sed -i "s|#country =.*|country = $COUNTRY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
HAS_ETCD=
|
||||||
|
if [ ! -z "$ETCD_ENDPOINTS" ]; then
|
||||||
|
sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG"
|
||||||
|
HAS_ETCD=1
|
||||||
|
else
|
||||||
|
if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then
|
||||||
|
sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG"
|
||||||
|
HAS_ETCD=1
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then
|
||||||
|
sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ! -z "$HAS_ETCD" ]; then
|
||||||
|
if [ ! -z "$ETCD_CLIENT_KEY" ]; then
|
||||||
|
sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then
|
||||||
|
sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_CLIENT_CA" ]; then
|
||||||
|
sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$JANUS_URL" ]; then
|
||||||
|
sed -i "s|url =.*|url = $JANUS_URL|" "$CONFIG"
|
||||||
|
else
|
||||||
|
sed -i "s|url =.*|#url =|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$MAX_STREAM_BITRATE" ]; then
|
||||||
|
sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$MAX_SCREEN_BITRATE" ]; then
|
||||||
|
sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$TOKENS_ETCD" ]; then
|
||||||
|
if [ -z "$HAS_ETCD" ]; then
|
||||||
|
echo "No etcd endpoint configured, can't use etcd for proxy tokens"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i "s|tokentype =.*|tokentype = etcd|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$TOKEN_KEY_FORMAT" ]; then
|
||||||
|
sed -i "s|#keyformat =.*|keyformat = $TOKEN_KEY_FORMAT|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
sed -i "s|\[tokens\]|#[tokens]|" "$CONFIG"
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
echo "[tokens]" >> "$CONFIG"
|
||||||
|
for token in $TOKENS; do
|
||||||
|
declare var="TOKEN_${token^^}_KEY"
|
||||||
|
var=$(echo $var | sed "s|\.|_|")
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "$token = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$STATS_IPS" ]; then
|
||||||
|
sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting signaling proxy with $CONFIG ..."
|
||||||
|
exec "$@"
|
25
docker/server/Dockerfile
Normal file
25
docker/server/Dockerfile
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
FROM golang:1.19 AS builder
|
||||||
|
|
||||||
|
WORKDIR /workdir
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
RUN apt-get -y update && \
|
||||||
|
apt-get -y install protobuf-compiler && \
|
||||||
|
if [ -d "vendor" ]; then GOPROXY=off make server -j$(nproc); else \
|
||||||
|
make server -j$(nproc); fi
|
||||||
|
|
||||||
|
FROM alpine:3
|
||||||
|
|
||||||
|
ENV CONFIG=/config/server.conf
|
||||||
|
RUN adduser -D spreedbackend && \
|
||||||
|
apk add --no-cache bash ca-certificates libc6-compat libstdc++
|
||||||
|
|
||||||
|
COPY --from=builder /workdir/bin/signaling /usr/bin/nextcloud-spreed-signaling
|
||||||
|
COPY ./server.conf.in /config/server.conf.in
|
||||||
|
COPY ./docker/server/entrypoint.sh /
|
||||||
|
RUN chown spreedbackend /config
|
||||||
|
|
||||||
|
USER spreedbackend
|
||||||
|
|
||||||
|
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||||
|
CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling -config $CONFIG"]
|
251
docker/server/entrypoint.sh
Executable file
251
docker/server/entrypoint.sh
Executable file
|
@ -0,0 +1,251 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Standalone signaling server for the Nextcloud Spreed app.
|
||||||
|
# Copyright (C) 2022 struktur AG
|
||||||
|
#
|
||||||
|
# @author Joachim Bauch <bauch@struktur.de>
|
||||||
|
#
|
||||||
|
# @license GNU AGPL version 3 or any later version
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ -z "$CONFIG" ]; then
|
||||||
|
echo "No configuration filename given in CONFIG environment variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "$CONFIG" ]; then
|
||||||
|
echo "Preparing signaling server configuration in $CONFIG ..."
|
||||||
|
cp /config/server.conf.in "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$HTTP_LISTEN" ]; then
|
||||||
|
sed -i "s|#listen = 127.0.0.1:8080|listen = $HTTP_LISTEN|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$HTTPS_LISTEN" ]; then
|
||||||
|
sed -i "s|#listen = 127.0.0.1:8443|listen = $HTTPS_LISTEN|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$HTTPS_CERTIFICATE" ]; then
|
||||||
|
sed -i "s|certificate = /etc/nginx/ssl/server.crt|certificate = $HTTPS_CERTIFICATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$HTTPS_KEY" ]; then
|
||||||
|
sed -i "s|key = /etc/nginx/ssl/server.key|key = $HTTPS_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$HASH_KEY" ]; then
|
||||||
|
sed -i "s|the-secret-for-session-checksums|$HASH_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$BLOCK_KEY" ]; then
|
||||||
|
sed -i "s|-encryption-key-|$BLOCK_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$INTERNAL_SHARED_SECRET_KEY" ]; then
|
||||||
|
sed -i "s|the-shared-secret-for-internal-clients|$INTERNAL_SHARED_SECRET_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$NATS_URL" ]; then
|
||||||
|
sed -i "s|#url = nats://localhost:4222|url = $NATS_URL|" "$CONFIG"
|
||||||
|
else
|
||||||
|
sed -i "s|#url = nats://localhost:4222|url = nats://loopback|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
HAS_ETCD=
|
||||||
|
if [ ! -z "$ETCD_ENDPOINTS" ]; then
|
||||||
|
sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG"
|
||||||
|
HAS_ETCD=1
|
||||||
|
else
|
||||||
|
if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then
|
||||||
|
sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG"
|
||||||
|
HAS_ETCD=1
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then
|
||||||
|
sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ ! -z "$HAS_ETCD" ]; then
|
||||||
|
if [ ! -z "$ETCD_CLIENT_KEY" ]; then
|
||||||
|
sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then
|
||||||
|
sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$ETCD_CLIENT_CA" ]; then
|
||||||
|
sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$USE_JANUS" ]; then
|
||||||
|
sed -i "s|#type =$|type = janus|" "$CONFIG"
|
||||||
|
if [ ! -z "$JANUS_URL" ]; then
|
||||||
|
sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $JANUS_URL|}" "$CONFIG"
|
||||||
|
fi
|
||||||
|
elif [ ! -z "$USE_PROXY" ]; then
|
||||||
|
sed -i "s|#type =$|type = proxy|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$PROXY_ETCD" ]; then
|
||||||
|
if [ -z "$HAS_ETCD" ]; then
|
||||||
|
echo "No etcd endpoint configured, can't use etcd for proxy connections"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i "s|#urltype = static|urltype = etcd|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$PROXY_TOKEN_ID" ]; then
|
||||||
|
sed -i "s|#token_id =.*|token_id = $PROXY_TOKEN_ID|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$PROXY_TOKEN_KEY" ]; then
|
||||||
|
sed -i "s|#token_key =.*|token_key = $PROXY_TOKEN_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$PROXY_KEY_PREFIX" ]; then
|
||||||
|
sed -i "s|#keyprefix =.*|keyprefix = $PROXY_KEY_PREFIX|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ ! -z "$PROXY_URLS" ]; then
|
||||||
|
sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $PROXY_URLS|}" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$PROXY_DNS_DISCOVERY" ]; then
|
||||||
|
sed -i "/or deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$MAX_STREAM_BITRATE" ]; then
|
||||||
|
sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$MAX_SCREEN_BITRATE" ]; then
|
||||||
|
sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$TURN_API_KEY" ]; then
|
||||||
|
sed -i "s|the-api-key-for-the-rest-service|$TURN_API_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$TURN_SECRET" ]; then
|
||||||
|
sed -i "s|6d1c17a7-c736-4e22-b02c-e2955b7ecc64|$TURN_SECRET|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$TURN_SERVERS" ]; then
|
||||||
|
sed -i "s|#servers =.*|servers = $TURN_SERVERS|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$GEOIP_LICENSE" ]; then
|
||||||
|
sed -i "s|#license =.*|license = $GEOIP_LICENSE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GEOIP_URL" ]; then
|
||||||
|
sed -i "/looking up IP addresses/{n;s|#url =$|url = $GEOIP_URL|}" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$STATS_IPS" ]; then
|
||||||
|
sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$GRPC_LISTEN" ]; then
|
||||||
|
sed -i "s|#listen = 0.0.0.0:9090|listen = $GRPC_LISTEN|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$GRPC_SERVER_CERTIFICATE" ]; then
|
||||||
|
sed -i "s|#servercertificate =.*|servercertificate = $GRPC_SERVER_CERTIFICATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_SERVER_KEY" ]; then
|
||||||
|
sed -i "s|#serverkey =.*|serverkey = $GRPC_SERVER_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_SERVER_CA" ]; then
|
||||||
|
sed -i "s|#serverca =.*|serverca = $GRPC_SERVER_CA|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_CLIENT_CERTIFICATE" ]; then
|
||||||
|
sed -i "s|#clientcertificate =.*|clientcertificate = $GRPC_CLIENT_CERTIFICATE|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_CLIENT_KEY" ]; then
|
||||||
|
sed -i "s|#clientkey = /path/to/grpc-client.key|clientkey = $GRPC_CLIENT_KEY|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_CLIENT_CA" ]; then
|
||||||
|
sed -i "s|#clientca =.*|clientca = $GRPC_CLIENT_CA|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$GRPC_ETCD" ]; then
|
||||||
|
if [ -z "$HAS_ETCD" ]; then
|
||||||
|
echo "No etcd endpoint configured, can't use etcd for GRPC"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -i "s|#targettype =$|targettype = etcd|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$GRPC_TARGET_PREFIX" ]; then
|
||||||
|
sed -i "s|#targetprefix =.*|targetprefix = $GRPC_TARGET_PREFIX|" "$CONFIG"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ ! -z "$GRPC_TARGETS" ]; then
|
||||||
|
sed -i "s|#targets =.*|targets = $GRPC_TARGETS|" "$CONFIG"
|
||||||
|
|
||||||
|
if [ ! -z "$GRPC_DNS_DISCOVERY" ]; then
|
||||||
|
sed -i "/# deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$GEOIP_OVERRIDES" ]; then
|
||||||
|
sed -i "s|\[geoip-overrides\]|#[geoip-overrides]|" "$CONFIG"
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
echo "[geoip-overrides]" >> "$CONFIG"
|
||||||
|
for override in $GEOIP_OVERRIDES; do
|
||||||
|
echo $override >> "$CONFIG"
|
||||||
|
done
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$CONTINENT_OVERRIDES" ]; then
|
||||||
|
sed -i "s|\[continent-overrides\]|#[continent-overrides]|" "$CONFIG"
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
echo "[continent-overrides]" >> "$CONFIG"
|
||||||
|
for override in $CONTINENT_OVERRIDES; do
|
||||||
|
echo $override >> "$CONFIG"
|
||||||
|
done
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$BACKENDS" ]; then
|
||||||
|
sed -i "s|#backends = .*|backends = $BACKENDS|" "$CONFIG"
|
||||||
|
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
for backend in $BACKENDS; do
|
||||||
|
echo "[$backend]" >> "$CONFIG"
|
||||||
|
|
||||||
|
declare var="BACKEND_${backend^^}_URL"
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "url = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare var="BACKEND_${backend^^}_SHARED_SECRET"
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "secret = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare var="BACKEND_${backend^^}_SESSION_LIMIT"
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "sessionlimit = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare var="BACKEND_${backend^^}_MAX_STREAM_BITRATE"
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "maxstreambitrate = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
|
||||||
|
declare var="BACKEND_${backend^^}_MAX_SCREEN_BITRATE"
|
||||||
|
if [ ! -z "${!var}" ]; then
|
||||||
|
echo "maxscreenbitrate = ${!var}" >> "$CONFIG"
|
||||||
|
fi
|
||||||
|
echo >> "$CONFIG"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting signaling server with $CONFIG ..."
|
||||||
|
exec "$@"
|
Loading…
Reference in a new issue