deblan-mirror/nextcloud-spreed-signaling
deblan-mirror/nextcloud-spreed-signaling
1
0
Fork 0
mirror of https://github.com/strukturag/nextcloud-spreed-signaling synced 2024-05-02 14:02:44 +02:00
Code Issues Releases Wiki Activity

Add official docker images.

Browse source
This commit is contained in:
Joachim Bauch 2022-08-05 15:01:19 +02:00
parent 2394c09013
commit b2e8217c1f
No known key found for this signature in database
GPG key ID: 77C1D22D53E15F02
11 changed files with 565 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.dockerignore
View file

@ -1,5 +1,3 @@
/bin /bin
/docker/janus /docker/*/Dockerfile
/Dockerfile
/docker-compose.yml /docker-compose.yml
/vendor

4
.github/workflows/docker-compose.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Pull Docker images - name: Pull Docker images
run: docker-compose pull run: docker-compose -f docker/docker-compose.yml pull
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -29,4 +29,4 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Build Docker images - name: Build Docker images
run: docker-compose build run: docker-compose -f docker/docker-compose.yml build

18
.github/workflows/docker.yml vendored
View file

@ -7,7 +7,7 @@ on:
branches: [ master ] branches: [ master ]
jobs: jobs:
build: server:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -20,3 +20,19 @@ jobs:
uses: docker/build-push-action@v3 uses: docker/build-push-action@v3
with: with:
context: . context: .
file: docker/server/Dockerfile
proxy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build Docker image
uses: docker/build-push-action@v3
with:
context: .
file: docker/proxy/Dockerfile

18
Dockerfile
View file

@ -1,18 +0,0 @@
FROM golang:1.18 AS builder
WORKDIR /workdir
COPY . .
RUN apt-get -y update && apt-get -y install protobuf-compiler
RUN make build
FROM alpine:3.15
ENV CONFIG=/config/server.conf
RUN adduser -D spreedbackend && \
apk add --no-cache ca-certificates libc6-compat libstdc++
USER spreedbackend
COPY --from=builder /workdir/bin/signaling /usr/local/signaling
COPY ./server.conf.in /config/server.conf
CMD ["/bin/sh", "-c", "/usr/local/signaling --config=$CONFIG"]

8
README.md
View file

@ -88,13 +88,19 @@ systemctl start signaling.service
### Running with Docker ### Running with Docker
Official docker containers for the signaling server and -proxy are available on
Docker Hub at https://hub.docker.com/r/strukturag/nextcloud-spreed-signaling
See the `README.md` in the `docker` subfolder for details.
#### Docker Compose #### Docker Compose
You will likely have to adjust the Janus command line options depending on the exact network configuration on your server. Refer to [Setup of Janus](#setup-of-janus) and the Janus documentation for how to configure your Janus server. You will likely have to adjust the Janus command line options depending on the exact network configuration on your server. Refer to [Setup of Janus](#setup-of-janus) and the Janus documentation for how to configure your Janus server.
Copy `server.conf.in` to `server.conf` and adjust it to your liking. Copy `server.conf.in` to `server.conf` and adjust it to your liking.
If you're using the [docker-compose.yml](docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`. If you're using the [docker-compose.yml](docker/docker-compose.yml) configuration as is, the MCU Url must be set to `ws://localhost:8188`, the NATS Url must be set to `nats://localhost:4222`, and TURN Servers must be set to `turn:localhost:3478?transport=udp,turn:localhost:3478?transport=tcp`.
```bash ```bash
docker-compose build docker-compose build

123
docker/README.md Normal file
View file

@ -0,0 +1,123 @@
# Docker images for nextcloud-spreed-signaling
## Signaling server
The image for the signaling server can be retrieved from
strukturag/nextcloud-spreed-signaling:<version>
Replace `version` with the tag or commit you want to use.
### Configuration
The running container can be configured through different environment variables:
- `CONFIG`: Optional name of configuration file to use.
- `HTTP_LISTEN`: Address of HTTP listener.
- `HTTPS_LISTEN`: Address of HTTPS listener.
- `HTTPS_CERTIFICATE`: Name of certificate file for the HTTPS listener.
- `HTTPS_KEY`: Name of private key file for the HTTPS listener.
- `HASH_KEY`: Secret value used to generate checksums of sessions (32 or 64 bytes).
- `BLOCK_KEY`: Key for encrypting data in the sessions (16, 24 or 32 bytes).
- `INTERNAL_SHARED_SECRET_KEY`: Shared secret for connections from internal clients.
- `BACKENDS`: Space-separated list of backend ids.
- `BACKEND_<ID>_URL`: Url of backend `ID` (where `ID` is the uppercase backend id).
- `BACKEND_<ID>_SHARED_SECRET`: Shared secret for backend `ID` (where `ID` is the uppercase backend id).
- `BACKEND_<ID>_SESSION_LIMIT`: Optional session limit for backend `ID` (where `ID` is the uppercase backend id).
- `BACKEND_<ID>_MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams in backend `ID` (where `ID` is the uppercase backend id).
- `BACKEND_<ID>_MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams in backend `ID` (where `ID` is the uppercase backend id).
- `NATS_URL`: Optional URL of NATS server.
- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used).
- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd..
- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client.
- `ETCD_CLIENT_KEY`: Filename of private key for etcd client.
- `ETCD_CLIENT_CA`: Filename of CA for etcd client.
- `USE_JANUS`: Set to `1` if Janus should be used as WebRTC backend.
- `JANUS_URL`: Url to Janus server (if `USE_JANUS` is set to `1`).
- `USE_PROXY`: Set to `1` if proxy servers should be used as WebRTC backends.
- `PROXY_TOKEN_ID`: Id of the token to use when connecting to proxy servers.
- `PROXY_TOKEN_KEY`: Private key for the configured token id.
- `PROXY_URLS`: Space-separated list of proxy URLs to connect to.
- `PROXY_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured static URLs.
- `PROXY_ETCD`: Set to `1` if etcd should be used to configure proxy connections.
- `PROXY_KEY_PREFIX`: Key prefix of proxy entries.
- `MAX_STREAM_BITRATE`: Optional global maximum bitrate for audio/video streams.
- `MAX_SCREEN_BITRATE`: Optional global maximum bitrate for screensharing streams.
- `TURN_API_KEY`: API key that Janus will need to send when requesting TURN credentials.
- `TURN_SECRET`: The shared secret to use for generating TURN credentials.
- `TURN_SERVERS`: A comma-separated list of TURN servers to use.
- `GEOIP_LICENSE`: License key to use when downloading the MaxMind GeoIP database.
- `GEOIP_URL`: Optional URL to download a MaxMind GeoIP database from.
- `GEOIP_OVERRIDES`: Optional spae-separated list of overrides for GeoIP lookups.
- `CONTINENT_OVERRIDES`: Optional spae-separated list of overrides for continent mappings.
- `STATS_IPS`: Comma-separated list of IP addresses that are allowed to access the stats endpoint.
- `GRPC_LISTEN`: IP and port to listen on for GRPC requests.
- `GRPC_SERVER_CERTIFICATE`: Certificate to use for the GRPC server.
- `GRPC_SERVER_KEY`: Private key to use for the GRPC server.
- `GRPC_SERVER_CA`: CA certificate that is allowed to issue certificates of GRPC servers.
- `GRPC_CLIENT_CERTIFICATE`: Certificate to use for the GRPC client.
- `GRPC_CLIENT_KEY`: Private key to use for the GRPC client.
- `GRPC_CLIENT_CA`: CA certificate that is allowed to issue certificates of GRPC clients.
- `GRPC_TARGETS`: Comma-separated list of GRPC targets to connect to for clustering mode.
- `GRPC_DNS_DISCOVERY`: Enable DNS discovery on hostnames of configured GRPC targets.
- `GRPC_ETCD`: Set to `1` if etcd should be used to configure GRPC peers.
- `GRPC_TARGET_PREFIX`: Key prefix of GRPC target entries.
Example with two backends:
docker run \
... \
-e BACKENDS="foo bar" \
-e BACKEND_FOO_URL=https://cloud.server1.tld \
-e BACKEND_FOO_SECRET=verysecret \
-e BACKEND_BAR_URL=https://cloud.server2.tld \
-e BACKEND_BAR_SECRET=moresecret \
...
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in
for further details on the different options.
## Signaling proxy
The image for the signaling proxy can be retrieved from
strukturag/nextcloud-spreed-signaling:<version>-proxy
Replace `version` with the tag or commit you want to use.
### Configuration
The running container can be configured through different environment variables:
- `CONFIG`: Optional name of configuration file to use.
- `HTTP_LISTEN`: Address of HTTP listener.
- `COUNTRY`: Optional ISO 3166 country this proxy is located at.
- `JANUS_URL`: Url to Janus server.
- `MAX_STREAM_BITRATE`: Optional maximum bitrate for audio/video streams.
- `MAX_SCREEN_BITRATE`: Optional maximum bitrate for screensharing streams.
- `ETCD_ENDPOINTS`: Static list of etcd endpoints (if etcd should be used).
- `ETCD_DISCOVERY_SRV`: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
- `ETCD_DISCOVERY_SERVICE`: Optional service name for DNS SRV configuration of etcd..
- `ETCD_CLIENT_CERTIFICATE`: Filename of certificate for etcd client.
- `ETCD_CLIENT_KEY`: Filename of private key for etcd client.
- `ETCD_CLIENT_CA`: Filename of CA for etcd client.
- `TOKENS_ETCD`: Set to `1` if etcd should be used to configure tokens.
- `TOKEN_KEY_FORMAT`: Format of key name to retrieve the public key from, "%s" will be replaced with the token id.
- `TOKENS`: Space-separated list of token ids.
- `TOKEN_<ID>_KEY`: Filename of public key for token `ID` (where `ID` is the uppercase token id).
Example with two tokens:
docker run \
... \
-e TOKENS="foo signaling.server1.tld" \
-e TOKEN_FOO_KEY=/path/to/foo.key \
-e TOKEN_SIGNALING_SERVER1_TLD_KEY=/path/to/signaling.server1.tld.key \
...
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/proxy.conf.in
for further details on the different options.

6
docker-compose.yml → docker/docker-compose.yml
View file

@ -2,7 +2,9 @@ version: '3'
services: services:
spreedbackend: spreedbackend:
build: . build:
context: ..
dockerfile: docker/server/Dockerfile
volumes: volumes:
- ./server.conf:/config/server.conf - ./server.conf:/config/server.conf
network_mode: host network_mode: host
@ -19,7 +21,7 @@ services:
network_mode: host network_mode: host
restart: unless-stopped restart: unless-stopped
janus: janus:
build: docker/janus build: janus
command: ["janus", "--full-trickle"] command: ["janus", "--full-trickle"]
network_mode: host network_mode: host
restart: unless-stopped restart: unless-stopped

25
docker/proxy/Dockerfile Normal file
View file

@ -0,0 +1,25 @@
FROM golang:1.19 AS builder
WORKDIR /workdir
COPY . .
RUN apt-get -y update && \
apt-get -y install protobuf-compiler && \
if [ -d "vendor" ]; then GOPROXY=off make proxy -j$(nproc); else \
make proxy -j$(nproc); fi
FROM alpine:3
ENV CONFIG=/config/proxy.conf
RUN adduser -D spreedbackend && \
apk add --no-cache bash ca-certificates libc6-compat libstdc++
COPY --from=builder /workdir/bin/proxy /usr/bin/nextcloud-spreed-signaling-proxy
COPY ./proxy.conf.in /config/proxy.conf.in
COPY ./docker/proxy/entrypoint.sh /
RUN chown spreedbackend /config
USER spreedbackend
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling-proxy -config $CONFIG"]

110
docker/proxy/entrypoint.sh Executable file
View file

@ -0,0 +1,110 @@
#!/bin/bash
#
# Standalone signaling server for the Nextcloud Spreed app.
# Copyright (C) 2022 struktur AG
#
# @author Joachim Bauch <bauch@struktur.de>
#
# @license GNU AGPL version 3 or any later version
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
if [ -z "$CONFIG" ]; then
echo "No configuration filename given in CONFIG environment variable"
exit 1
fi
if [ ! -f "$CONFIG" ]; then
echo "Preparing signaling proxy configuration in $CONFIG ..."
cp /config/proxy.conf.in "$CONFIG"
if [ ! -z "$HTTP_LISTEN" ]; then
sed -i "s|#listen = 127.0.0.1:9090|listen = $HTTP_LISTEN|" "$CONFIG"
fi
if [ ! -z "$COUNTRY" ]; then
sed -i "s|#country =.*|country = $COUNTRY|" "$CONFIG"
fi
HAS_ETCD=
if [ ! -z "$ETCD_ENDPOINTS" ]; then
sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG"
HAS_ETCD=1
else
if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then
sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG"
HAS_ETCD=1
fi
if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then
sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG"
fi
fi
if [ ! -z "$HAS_ETCD" ]; then
if [ ! -z "$ETCD_CLIENT_KEY" ]; then
sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG"
fi
if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then
sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG"
fi
if [ ! -z "$ETCD_CLIENT_CA" ]; then
sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG"
fi
fi
if [ ! -z "$JANUS_URL" ]; then
sed -i "s|url =.*|url = $JANUS_URL|" "$CONFIG"
else
sed -i "s|url =.*|#url =|" "$CONFIG"
fi
if [ ! -z "$MAX_STREAM_BITRATE" ]; then
sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG"
fi
if [ ! -z "$MAX_SCREEN_BITRATE" ]; then
sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG"
fi
if [ ! -z "$TOKENS_ETCD" ]; then
if [ -z "$HAS_ETCD" ]; then
echo "No etcd endpoint configured, can't use etcd for proxy tokens"
exit 1
fi
sed -i "s|tokentype =.*|tokentype = etcd|" "$CONFIG"
if [ ! -z "$TOKEN_KEY_FORMAT" ]; then
sed -i "s|#keyformat =.*|keyformat = $TOKEN_KEY_FORMAT|" "$CONFIG"
fi
else
sed -i "s|\[tokens\]|#[tokens]|" "$CONFIG"
echo >> "$CONFIG"
echo "[tokens]" >> "$CONFIG"
for token in $TOKENS; do
declare var="TOKEN_${token^^}_KEY"
var=$(echo $var | sed "s|\.|_|")
if [ ! -z "${!var}" ]; then
echo "$token = ${!var}" >> "$CONFIG"
fi
done
echo >> "$CONFIG"
fi
if [ ! -z "$STATS_IPS" ]; then
sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG"
fi
fi
echo "Starting signaling proxy with $CONFIG ..."
exec "$@"

25
docker/server/Dockerfile Normal file
View file

@ -0,0 +1,25 @@
FROM golang:1.19 AS builder
WORKDIR /workdir
COPY . .
RUN apt-get -y update && \
apt-get -y install protobuf-compiler && \
if [ -d "vendor" ]; then GOPROXY=off make server -j$(nproc); else \
make server -j$(nproc); fi
FROM alpine:3
ENV CONFIG=/config/server.conf
RUN adduser -D spreedbackend && \
apk add --no-cache bash ca-certificates libc6-compat libstdc++
COPY --from=builder /workdir/bin/signaling /usr/bin/nextcloud-spreed-signaling
COPY ./server.conf.in /config/server.conf.in
COPY ./docker/server/entrypoint.sh /
RUN chown spreedbackend /config
USER spreedbackend
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["/bin/sh", "-c", "/usr/bin/nextcloud-spreed-signaling -config $CONFIG"]

251
docker/server/entrypoint.sh Executable file
View file

@ -0,0 +1,251 @@
#!/bin/bash
#
# Standalone signaling server for the Nextcloud Spreed app.
# Copyright (C) 2022 struktur AG
#
# @author Joachim Bauch <bauch@struktur.de>
#
# @license GNU AGPL version 3 or any later version
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
if [ -z "$CONFIG" ]; then
echo "No configuration filename given in CONFIG environment variable"
exit 1
fi
if [ ! -f "$CONFIG" ]; then
echo "Preparing signaling server configuration in $CONFIG ..."
cp /config/server.conf.in "$CONFIG"
if [ ! -z "$HTTP_LISTEN" ]; then
sed -i "s|#listen = 127.0.0.1:8080|listen = $HTTP_LISTEN|" "$CONFIG"
fi
if [ ! -z "$HTTPS_LISTEN" ]; then
sed -i "s|#listen = 127.0.0.1:8443|listen = $HTTPS_LISTEN|" "$CONFIG"
if [ ! -z "$HTTPS_CERTIFICATE" ]; then
sed -i "s|certificate = /etc/nginx/ssl/server.crt|certificate = $HTTPS_CERTIFICATE|" "$CONFIG"
fi
if [ ! -z "$HTTPS_KEY" ]; then
sed -i "s|key = /etc/nginx/ssl/server.key|key = $HTTPS_KEY|" "$CONFIG"
fi
fi
if [ ! -z "$HASH_KEY" ]; then
sed -i "s|the-secret-for-session-checksums|$HASH_KEY|" "$CONFIG"
fi
if [ ! -z "$BLOCK_KEY" ]; then
sed -i "s|-encryption-key-|$BLOCK_KEY|" "$CONFIG"
fi
if [ ! -z "$INTERNAL_SHARED_SECRET_KEY" ]; then
sed -i "s|the-shared-secret-for-internal-clients|$INTERNAL_SHARED_SECRET_KEY|" "$CONFIG"
fi
if [ ! -z "$NATS_URL" ]; then
sed -i "s|#url = nats://localhost:4222|url = $NATS_URL|" "$CONFIG"
else
sed -i "s|#url = nats://localhost:4222|url = nats://loopback|" "$CONFIG"
fi
HAS_ETCD=
if [ ! -z "$ETCD_ENDPOINTS" ]; then
sed -i "s|#endpoints =.*|endpoints = $ETCD_ENDPOINTS|" "$CONFIG"
HAS_ETCD=1
else
if [ ! -z "$ETCD_DISCOVERY_SRV" ]; then
sed -i "s|#discoverysrv =.*|discoverysrv = $ETCD_DISCOVERY_SRV|" "$CONFIG"
HAS_ETCD=1
fi
if [ ! -z "$ETCD_DISCOVERY_SERVICE" ]; then
sed -i "s|#discoveryservice =.*|discoveryservice = $ETCD_DISCOVERY_SERVICE|" "$CONFIG"
fi
fi
if [ ! -z "$HAS_ETCD" ]; then
if [ ! -z "$ETCD_CLIENT_KEY" ]; then
sed -i "s|#clientkey = /path/to/etcd-client.key|clientkey = $ETCD_CLIENT_KEY|" "$CONFIG"
fi
if [ ! -z "$ETCD_CLIENT_CERTIFICATE" ]; then
sed -i "s|#clientcert = /path/to/etcd-client.crt|clientcert = $ETCD_CLIENT_CERTIFICATE|" "$CONFIG"
fi
if [ ! -z "$ETCD_CLIENT_CA" ]; then
sed -i "s|#cacert = /path/to/etcd-ca.crt|cacert = $ETCD_CLIENT_CA|" "$CONFIG"
fi
fi
if [ ! -z "$USE_JANUS" ]; then
sed -i "s|#type =$|type = janus|" "$CONFIG"
if [ ! -z "$JANUS_URL" ]; then
sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $JANUS_URL|}" "$CONFIG"
fi
elif [ ! -z "$USE_PROXY" ]; then
sed -i "s|#type =$|type = proxy|" "$CONFIG"
if [ ! -z "$PROXY_ETCD" ]; then
if [ -z "$HAS_ETCD" ]; then
echo "No etcd endpoint configured, can't use etcd for proxy connections"
exit 1
fi
sed -i "s|#urltype = static|urltype = etcd|" "$CONFIG"
if [ ! -z "$PROXY_TOKEN_ID" ]; then
sed -i "s|#token_id =.*|token_id = $PROXY_TOKEN_ID|" "$CONFIG"
fi
if [ ! -z "$PROXY_TOKEN_KEY" ]; then
sed -i "s|#token_key =.*|token_key = $PROXY_TOKEN_KEY|" "$CONFIG"
fi
if [ ! -z "$PROXY_KEY_PREFIX" ]; then
sed -i "s|#keyprefix =.*|keyprefix = $PROXY_KEY_PREFIX|" "$CONFIG"
fi
else
if [ ! -z "$PROXY_URLS" ]; then
sed -i "/proxy URLs to connect to/{n;s|#url =$|url = $PROXY_URLS|}" "$CONFIG"
fi
if [ ! -z "$PROXY_DNS_DISCOVERY" ]; then
sed -i "/or deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG"
fi
fi
fi
if [ ! -z "$MAX_STREAM_BITRATE" ]; then
sed -i "s|#maxstreambitrate =.*|maxstreambitrate = $MAX_STREAM_BITRATE|" "$CONFIG"
fi
if [ ! -z "$MAX_SCREEN_BITRATE" ]; then
sed -i "s|#maxscreenbitrate =.*|maxscreenbitrate = $MAX_SCREEN_BITRATE|" "$CONFIG"
fi
if [ ! -z "$TURN_API_KEY" ]; then
sed -i "s|the-api-key-for-the-rest-service|$TURN_API_KEY|" "$CONFIG"
fi
if [ ! -z "$TURN_SECRET" ]; then
sed -i "s|6d1c17a7-c736-4e22-b02c-e2955b7ecc64|$TURN_SECRET|" "$CONFIG"
fi
if [ ! -z "$TURN_SERVERS" ]; then
sed -i "s|#servers =.*|servers = $TURN_SERVERS|" "$CONFIG"
fi
if [ ! -z "$GEOIP_LICENSE" ]; then
sed -i "s|#license =.*|license = $GEOIP_LICENSE|" "$CONFIG"
fi
if [ ! -z "$GEOIP_URL" ]; then
sed -i "/looking up IP addresses/{n;s|#url =$|url = $GEOIP_URL|}" "$CONFIG"
fi
if [ ! -z "$STATS_IPS" ]; then
sed -i "s|#allowed_ips =.*|allowed_ips = $STATS_IPS|" "$CONFIG"
fi
if [ ! -z "$GRPC_LISTEN" ]; then
sed -i "s|#listen = 0.0.0.0:9090|listen = $GRPC_LISTEN|" "$CONFIG"
if [ ! -z "$GRPC_SERVER_CERTIFICATE" ]; then
sed -i "s|#servercertificate =.*|servercertificate = $GRPC_SERVER_CERTIFICATE|" "$CONFIG"
fi
if [ ! -z "$GRPC_SERVER_KEY" ]; then
sed -i "s|#serverkey =.*|serverkey = $GRPC_SERVER_KEY|" "$CONFIG"
fi
if [ ! -z "$GRPC_SERVER_CA" ]; then
sed -i "s|#serverca =.*|serverca = $GRPC_SERVER_CA|" "$CONFIG"
fi
if [ ! -z "$GRPC_CLIENT_CERTIFICATE" ]; then
sed -i "s|#clientcertificate =.*|clientcertificate = $GRPC_CLIENT_CERTIFICATE|" "$CONFIG"
fi
if [ ! -z "$GRPC_CLIENT_KEY" ]; then
sed -i "s|#clientkey = /path/to/grpc-client.key|clientkey = $GRPC_CLIENT_KEY|" "$CONFIG"
fi
if [ ! -z "$GRPC_CLIENT_CA" ]; then
sed -i "s|#clientca =.*|clientca = $GRPC_CLIENT_CA|" "$CONFIG"
fi
if [ ! -z "$GRPC_ETCD" ]; then
if [ -z "$HAS_ETCD" ]; then
echo "No etcd endpoint configured, can't use etcd for GRPC"
exit 1
fi
sed -i "s|#targettype =$|targettype = etcd|" "$CONFIG"
if [ ! -z "$GRPC_TARGET_PREFIX" ]; then
sed -i "s|#targetprefix =.*|targetprefix = $GRPC_TARGET_PREFIX|" "$CONFIG"
fi
else
if [ ! -z "$GRPC_TARGETS" ]; then
sed -i "s|#targets =.*|targets = $GRPC_TARGETS|" "$CONFIG"
if [ ! -z "$GRPC_DNS_DISCOVERY" ]; then
sed -i "/# deleted as necessary/{n;s|#dnsdiscovery =.*|dnsdiscovery = true|}" "$CONFIG"
fi
fi
fi
fi
if [ ! -z "$GEOIP_OVERRIDES" ]; then
sed -i "s|\[geoip-overrides\]|#[geoip-overrides]|" "$CONFIG"
echo >> "$CONFIG"
echo "[geoip-overrides]" >> "$CONFIG"
for override in $GEOIP_OVERRIDES; do
echo $override >> "$CONFIG"
done
echo >> "$CONFIG"
fi
if [ ! -z "$CONTINENT_OVERRIDES" ]; then
sed -i "s|\[continent-overrides\]|#[continent-overrides]|" "$CONFIG"
echo >> "$CONFIG"
echo "[continent-overrides]" >> "$CONFIG"
for override in $CONTINENT_OVERRIDES; do
echo $override >> "$CONFIG"
done
echo >> "$CONFIG"
fi
if [ ! -z "$BACKENDS" ]; then
sed -i "s|#backends = .*|backends = $BACKENDS|" "$CONFIG"
echo >> "$CONFIG"
for backend in $BACKENDS; do
echo "[$backend]" >> "$CONFIG"
declare var="BACKEND_${backend^^}_URL"
if [ ! -z "${!var}" ]; then
echo "url = ${!var}" >> "$CONFIG"
fi
declare var="BACKEND_${backend^^}_SHARED_SECRET"
if [ ! -z "${!var}" ]; then
echo "secret = ${!var}" >> "$CONFIG"
fi
declare var="BACKEND_${backend^^}_SESSION_LIMIT"
if [ ! -z "${!var}" ]; then
echo "sessionlimit = ${!var}" >> "$CONFIG"
fi
declare var="BACKEND_${backend^^}_MAX_STREAM_BITRATE"
if [ ! -z "${!var}" ]; then
echo "maxstreambitrate = ${!var}" >> "$CONFIG"
fi
declare var="BACKEND_${backend^^}_MAX_SCREEN_BITRATE"
if [ ! -z "${!var}" ]; then
echo "maxscreenbitrate = ${!var}" >> "$CONFIG"
fi
echo >> "$CONFIG"
done
fi
fi
echo "Starting signaling server with $CONFIG ..."
exec "$@"