jitsi

.env

@@ -0,0 +1,412 @@
+# shellcheck disable=SC2034
+
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD=284e5595787065de58f350ab54c151be
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD=fef77dc4580183b366dbe65357538716
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD=d41efde399375d50871f28aa9a078b3e
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD=f785cb7d5d9816ff5f9ca781fd544ee8
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD=cdbea33c1a65a55ffb4a080a5cb1a9f7
+
+
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored
+#CONFIG=/data/appl/ok/gitversion/examples-services/tmp-test/jitsi/docker-jitsi-meet-stable-6726/.jitsi-meet-cfg/.jitsi-meet-cfg
+CONFIG=./.jitsi-meet-cfg
+#CONFIG=.jitsi-meet-cfg
+
+# Exposed HTTP port
+HTTP_PORT=9083
+
+# Exposed HTTPS port
+HTTPS_PORT=9043
+
+# System time zone
+TZ=UTC
+
+# Public URL for the web service (required)
+#PUBLIC_URL=https://meet.example.com
+
+# IP address of the Docker host
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
+#DOCKER_HOST_ADDRESS=192.168.1.1
+
+# Control whether the lobby feature should be enabled or not
+#ENABLE_LOBBY=1
+
+# Control whether the A/V moderation should be enabled or not
+#ENABLE_AV_MODERATION=1
+
+# Show a prejoin page before entering a conference
+#ENABLE_PREJOIN_PAGE=0
+
+# Enable the welcome page
+#ENABLE_WELCOME_PAGE=1
+
+# Enable the close page
+#ENABLE_CLOSE_PAGE=0
+
+# Disable measuring of audio levels
+#DISABLE_AUDIO_LEVELS=0
+
+# Enable noisy mic detection
+#ENABLE_NOISY_MIC_DETECTION=1
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation
+#ENABLE_LETSENCRYPT=1
+
+# Domain for which to generate the certificate
+#LETSENCRYPT_DOMAIN=meet.example.com
+
+# E-Mail for receiving important account notifications (mandatory)
+#LETSENCRYPT_EMAIL=alice@atlanta.net
+
+# Use the staging server (for avoiding rate limits while testing)
+#LETSENCRYPT_USE_STAGING=1
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL in docker local network (uncomment to enable)
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+# Set etherpad-lite public URL (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain
+
+# Name your etherpad instance!
+ETHERPAD_TITLE=Video Chat
+
+# The default text of a pad
+ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
+
+# Name of the skin for etherpad
+ETHERPAD_SKIN_NAME=colibris
+
+# Skin variants for etherpad
+ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt)
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+#
+# Authentication configuration (see handbook for details)
+#
+
+# Enable authentication
+#ENABLE_AUTH=1
+
+# Enable guest access
+#ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt or ldap
+#AUTH_TYPE=internal
+
+# JWT authentication
+#
+
+# Application identifier
+#JWT_APP_ID=my_jitsi_app_id
+
+# Application secret known only to your token generator
+#JWT_APP_SECRET=my_jitsi_app_secret
+
+# (Optional) Set asap_accepted_issuers as a comma separated list
+#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
+
+# (Optional) Set asap_accepted_audiences as a comma separated list
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
+# %s - %s is replaced by the complete service string
+# %r - %r is replaced by the complete realm string
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+
+
+#
+# Advanced configuration options (you generally don't need to change these)
+#
+
+# Internal XMPP domain
+XMPP_DOMAIN=meet.jitsi
+
+# Internal XMPP server
+XMPP_SERVER=jitsiprosody.microservice-jitsimeet_meet.jitsi
+
+# Internal XMPP server URL
+XMPP_BOSH_URL_BASE=http://jitsiprosody.microservice-jitsimeet_meet.jitsi:5280
+
+# Internal XMPP domain for authenticated services
+XMPP_AUTH_DOMAIN=auth.meet.jitsi
+
+# XMPP domain for the MUC
+XMPP_MUC_DOMAIN=muc.meet.jitsi
+
+# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+
+# XMPP domain for unauthenticated users
+XMPP_GUEST_DOMAIN=guest.meet.jitsi
+
+# Comma separated list of domains for cross domain policy or "true" to allow all
+# The PUBLIC_URL is always allowed
+#XMPP_CROSS_DOMAIN=true
+
+# Custom Prosody modules for XMPP_DOMAIN (comma separated)
+XMPP_MODULES=
+
+# Custom Prosody modules for MUC component (comma separated)
+XMPP_MUC_MODULES=
+
+# Custom Prosody modules for internal MUC component (comma separated)
+XMPP_INTERNAL_MUC_MODULES=
+
+# MUC for the JVB pool
+JVB_BREWERY_MUC=jvbbrewery
+
+# XMPP user for JVB client connections
+JVB_AUTH_USER=jvb
+
+# STUN servers used to discover the server's public IP
+JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
+
+# Media port for the Jitsi Videobridge
+JVB_PORT=10000
+
+# TCP Fallback for Jitsi Videobridge for when UDP isn't available
+JVB_TCP_HARVESTER_DISABLED=true
+JVB_TCP_PORT=4443
+JVB_TCP_MAPPED_PORT=4443
+
+# XMPP user for Jicofo client connections.
+# NOTE: this option doesn't currently work due to a bug
+JICOFO_AUTH_USER=focus
+
+# Base URL of Jicofo's reservation REST API
+#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
+
+# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
+#JICOFO_ENABLE_HEALTH_CHECKS=true
+
+# XMPP user for Jigasi MUC client connections
+JIGASI_XMPP_USER=jigasi
+
+# MUC name for the Jigasi pool
+JIGASI_BREWERY_MUC=jigasibrewery
+
+# Minimum port for media used by Jigasi
+JIGASI_PORT_MIN=20000
+
+# Maximum port for media used by Jigasi
+JIGASI_PORT_MAX=20050
+
+# Enable SDES srtp
+#JIGASI_ENABLE_SDES_SRTP=1
+
+# Keepalive method
+#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
+
+# Health-check extension
+#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
+
+# Health-check interval
+#JIGASI_HEALTH_CHECK_INTERVAL=300000
+#
+# Enable Jigasi transcription
+#ENABLE_TRANSCRIPTIONS=1
+
+# Jigasi will record audio when transcriber is on [default: false]
+#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
+
+# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
+#JIGASI_TRANSCRIBER_SEND_TXT=true
+
+# Jigasi will post an url to the chat with transcription file [default: false]
+#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
+
+# Credentials for connect to Cloud Google API from Jigasi
+# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
+# section "Before you begin" paragraph 1 to 5
+# Copy the values from the json to the related env vars
+#GC_PROJECT_ID=
+#GC_PRIVATE_KEY_ID=
+#GC_PRIVATE_KEY=
+#GC_CLIENT_EMAIL=
+#GC_CLIENT_ID=
+#GC_CLIENT_CERT_URL=
+
+# Enable recording
+#ENABLE_RECORDING=1
+
+# XMPP domain for the jibri recorder
+XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
+
+# XMPP recorder user for Jibri client connections
+JIBRI_RECORDER_USER=recorder
+
+# Directory for recordings inside Jibri container
+JIBRI_RECORDING_DIR=/config/recordings
+
+# The finalizing script. Will run after recording is complete
+#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
+
+# XMPP user for Jibri client connections
+JIBRI_XMPP_USER=jibri
+
+# MUC name for the Jibri pool
+JIBRI_BREWERY_MUC=jibribrewery
+
+# MUC connection timeout
+JIBRI_PENDING_TIMEOUT=90
+
+# When jibri gets a request to start a service for a room, the room
+# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
+# We'll build the url for the call by transforming that into:
+# https://xmpp_domain/subdomain/roomName
+# So if there are any prefixes in the jid (like jitsi meet, which
+# has its participants join a muc at conference.xmpp_domain) then
+# list that prefix here so it can be stripped out to generate
+# the call url correctly
+JIBRI_STRIP_DOMAIN_JID=muc
+
+# Directory for logs inside Jibri container
+JIBRI_LOGS_DIR=/config/logs
+
+# Configure an external TURN server
+# TURN_CREDENTIALS=secret
+# TURN_HOST=turnserver.example.com
+# TURN_PORT=443
+# TURNS_HOST=turnserver.example.com
+# TURNS_PORT=443
+
+# Disable HTTPS: handle TLS connections outside of this setup
+#DISABLE_HTTPS=1
+
+# Enable FLoC
+# Opt-In to Federated Learning of Cohorts tracking
+#ENABLE_FLOC=0
+
+# Redirect HTTP traffic to HTTPS
+# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
+#ENABLE_HTTP_REDIRECT=1
+
+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+# ENABLE_HSTS=1
+
+# Enable IPv6
+# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
+#ENABLE_IPV6=1
+
+# Container restart policy
+# Defaults to unless-stopped
+RESTART_POLICY=unless-stopped
+
+ENABLE_XMPP_WEBSOCKET=0
+#ENABLE_SCTP=1
+#ENABLE_COLIBRI_WEBSOCKET=0
+#ENABLE_XMPP_WEBSOCKET=0
+
+# Authenticate using external service or just focus external auth window if there is one already.
+# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
+
+# Sentry Error Tracking
+# Sentry Data Source Name (Endpoint for Sentry project)
+# Example: https://public:private@host:port/1
+#JVB_SENTRY_DSN=
+#JICOFO_SENTRY_DSN=
+#JIGASI_SENTRY_DSN=
+
+# Optional environment info to filter events
+#SENTRY_ENVIRONMENT=production
+
+# Optional release info to filter events
+#SENTRY_RELEASE=1.0.0
+
+# Optional properties for shutdown api
+#COLIBRI_REST_ENABLED=true
+#SHUTDOWN_REST_ENABLED=true

check-services.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+
+
+running="$(docker-compose ps --services --filter "status=running")"
+services="$(docker-compose ps --services)"
+if [ "$running" != "$services" ]; then
+	        # Bash specific
+		RUN=$(comm -13 <(sort <<<"$running") <(sort <<<"$services"))
+	    	echo "Following_services_are_not_running:" 
+	    	echo "$RUN" 
+	    else
+    echo "All_services_are_running"
+fi

create-config.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+mkdir -p .jitsi-meet-cfg/{web/crontabs,web/letsencrypt,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}

docker-compose.yml

@@ -0,0 +1,304 @@
+version: '3'
+
+services:
+    # Frontend
+    web:
+        image: jitsi/web:stable-6726
+        restart: ${RESTART_POLICY}
+        container_name: jitsiweb
+        ports:
+            - '${HTTP_PORT}:80'
+            - '${HTTPS_PORT}:443'
+        volumes:
+            - ${CONFIG}/web:/config:Z
+            - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
+            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
+        environment:
+            - AMPLITUDE_ID
+            - ANALYTICS_SCRIPT_URLS
+            - ANALYTICS_WHITELISTED_EVENTS
+            - CALLSTATS_CUSTOM_SCRIPT_URL
+            - CALLSTATS_ID
+            - CALLSTATS_SECRET
+            - CHROME_EXTENSION_BANNER_JSON
+            - CONFCODE_URL
+            - CONFIG_EXTERNAL_CONNECT
+            - DEFAULT_LANGUAGE
+            - DEPLOYMENTINFO_ENVIRONMENT
+            - DEPLOYMENTINFO_ENVIRONMENT_TYPE
+            - DEPLOYMENTINFO_REGION
+            - DEPLOYMENTINFO_SHARD
+            - DEPLOYMENTINFO_USERREGION
+            - DESKTOP_SHARING_FRAMERATE_MIN
+            - DESKTOP_SHARING_FRAMERATE_MAX
+            - DIALIN_NUMBERS_URL
+            - DIALOUT_AUTH_URL
+            - DIALOUT_CODES_URL
+            - DISABLE_AUDIO_LEVELS
+            - DISABLE_DEEP_LINKING
+            - DISABLE_HTTPS
+            - DISABLE_POLLS
+            - DISABLE_REACTIONS
+            - DROPBOX_APPKEY
+            - DROPBOX_REDIRECT_URI
+            - DYNAMIC_BRANDING_URL
+            - ENABLE_AUDIO_PROCESSING
+            - ENABLE_AUTH
+            - ENABLE_BREAKOUT_ROOMS
+            - ENABLE_CALENDAR
+            - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_FILE_RECORDING_SERVICE
+            - ENABLE_FILE_RECORDING_SERVICE_SHARING
+            - ENABLE_FLOC
+            - ENABLE_GUESTS
+            - ENABLE_HSTS
+            - ENABLE_HTTP_REDIRECT
+            - ENABLE_IPV6
+            - ENABLE_LETSENCRYPT
+            - ENABLE_LIPSYNC
+            - ENABLE_NO_AUDIO_DETECTION
+            - ENABLE_NOISY_MIC_DETECTION
+            - ENABLE_PREJOIN_PAGE
+            - ENABLE_P2P
+            - ENABLE_WELCOME_PAGE
+            - ENABLE_CLOSE_PAGE
+            - ENABLE_RECORDING
+            - ENABLE_REMB
+            - ENABLE_REQUIRE_DISPLAY_NAME
+            - ENABLE_SIMULCAST
+            - ENABLE_STATS_ID
+            - ENABLE_STEREO
+            - ENABLE_SUBDOMAINS
+            - ENABLE_TALK_WHILE_MUTED
+            - ENABLE_TCC
+            - ENABLE_TRANSCRIPTIONS
+            - ENABLE_XMPP_WEBSOCKET
+            - ETHERPAD_PUBLIC_URL
+            - ETHERPAD_URL_BASE
+            - GOOGLE_ANALYTICS_ID
+            - GOOGLE_API_APP_CLIENT_ID
+            - INVITE_SERVICE_URL
+            - JICOFO_AUTH_USER
+            - LETSENCRYPT_DOMAIN
+            - LETSENCRYPT_EMAIL
+            - LETSENCRYPT_USE_STAGING
+            - MATOMO_ENDPOINT
+            - MATOMO_SITE_ID
+            - MICROSOFT_API_APP_CLIENT_ID
+            - NGINX_RESOLVER
+            - NGINX_WORKER_PROCESSES
+            - NGINX_WORKER_CONNECTIONS
+            - PEOPLE_SEARCH_URL
+            - PUBLIC_URL
+            - P2P_PREFERRED_CODEC
+            - RESOLUTION
+            - RESOLUTION_MIN
+            - RESOLUTION_WIDTH
+            - RESOLUTION_WIDTH_MIN
+            - START_AUDIO_MUTED
+            - START_AUDIO_ONLY
+            - START_BITRATE
+            - START_SILENT
+            - START_WITH_AUDIO_MUTED
+            - START_VIDEO_MUTED
+            - START_WITH_VIDEO_MUTED
+            - TESTING_CAP_SCREENSHARE_BITRATE
+            - TESTING_OCTO_PROBABILITY
+            - TOKEN_AUTH_URL
+            - TZ
+            - VIDEOQUALITY_BITRATE_H264_LOW
+            - VIDEOQUALITY_BITRATE_H264_STANDARD
+            - VIDEOQUALITY_BITRATE_H264_HIGH
+            - VIDEOQUALITY_BITRATE_VP8_LOW
+            - VIDEOQUALITY_BITRATE_VP8_STANDARD
+            - VIDEOQUALITY_BITRATE_VP8_HIGH
+            - VIDEOQUALITY_BITRATE_VP9_LOW
+            - VIDEOQUALITY_BITRATE_VP9_STANDARD
+            - VIDEOQUALITY_BITRATE_VP9_HIGH
+            - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
+            - VIDEOQUALITY_PREFERRED_CODEC
+            - XMPP_AUTH_DOMAIN
+            - XMPP_BOSH_URL_BASE
+            - XMPP_DOMAIN
+            - XMPP_GUEST_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - XMPP_RECORDER_DOMAIN
+        networks:
+            meet.jitsi:
+
+    # XMPP server
+    prosody:
+        image: jitsi/prosody:stable-6726
+        container_name: jitsiprosody
+        restart: ${RESTART_POLICY}
+#expose:
+#    - '5222'
+#    - '5347'
+#    - '5280'
+        volumes:
+            - ${CONFIG}/prosody/config:/config:Z
+            - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
+        environment:
+            - AUTH_TYPE
+            - DISABLE_POLLS
+            - ENABLE_AUTH
+            - ENABLE_AV_MODERATION
+            - ENABLE_BREAKOUT_ROOMS
+            - ENABLE_GUESTS
+            - ENABLE_LOBBY
+            - ENABLE_XMPP_WEBSOCKET
+            - GLOBAL_CONFIG
+            - GLOBAL_MODULES
+            - JIBRI_RECORDER_USER
+            - JIBRI_RECORDER_PASSWORD
+            - JIBRI_XMPP_USER
+            - JIBRI_XMPP_PASSWORD
+            - JICOFO_AUTH_USER
+            - JICOFO_AUTH_PASSWORD
+            - JICOFO_COMPONENT_SECRET
+            - JIGASI_XMPP_USER
+            - JIGASI_XMPP_PASSWORD
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
+            - JWT_APP_ID
+            - JWT_APP_SECRET
+            - JWT_ACCEPTED_ISSUERS
+            - JWT_ACCEPTED_AUDIENCES
+            - JWT_ASAP_KEYSERVER
+            - JWT_ALLOW_EMPTY
+            - JWT_AUTH_TYPE
+            - JWT_TOKEN_AUTH_MODULE
+            - LOG_LEVEL
+            - LDAP_AUTH_METHOD
+            - LDAP_BASE
+            - LDAP_BINDDN
+            - LDAP_BINDPW
+            - LDAP_FILTER
+            - LDAP_VERSION
+            - LDAP_TLS_CIPHERS
+            - LDAP_TLS_CHECK_PEER
+            - LDAP_TLS_CACERT_FILE
+            - LDAP_TLS_CACERT_DIR
+            - LDAP_START_TLS
+            - LDAP_URL
+            - LDAP_USE_TLS
+            - PUBLIC_URL
+            - TURN_CREDENTIALS
+            - TURN_HOST
+            - TURNS_HOST
+            - TURN_PORT
+            - TURNS_PORT
+            - TZ
+            - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
+            - XMPP_GUEST_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MODULES
+            - XMPP_MUC_MODULES
+            - XMPP_INTERNAL_MUC_MODULES
+            - XMPP_RECORDER_DOMAIN
+            - XMPP_CROSS_DOMAIN
+        networks:
+            meet.jitsi:
+                aliases:
+                    - ${XMPP_SERVER}
+
+    # Focus component
+    jicofo:
+        image: jitsi/jicofo:stable-6726
+        container_name: jitsijicofo
+        restart: ${RESTART_POLICY}
+        volumes:
+            - ${CONFIG}/jicofo:/config:Z
+        environment:
+            - AUTH_TYPE
+            - BRIDGE_AVG_PARTICIPANT_STRESS
+            - BRIDGE_STRESS_THRESHOLD
+            - ENABLE_AUTH
+            - ENABLE_AUTO_OWNER
+            - ENABLE_CODEC_VP8
+            - ENABLE_CODEC_VP9
+            - ENABLE_CODEC_H264
+            - ENABLE_OCTO
+            - ENABLE_RECORDING
+            - ENABLE_SCTP
+            - ENABLE_AUTO_LOGIN
+            - JICOFO_AUTH_USER
+            - JICOFO_AUTH_PASSWORD
+            - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
+            - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
+            - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
+            - JICOFO_ENABLE_HEALTH_CHECKS
+            - JICOFO_SHORT_ID
+            - JICOFO_RESERVATION_ENABLED
+            - JICOFO_RESERVATION_REST_BASE_URL
+            - JIBRI_BREWERY_MUC
+            - JIBRI_REQUEST_RETRIES
+            - JIBRI_PENDING_TIMEOUT
+            - JIGASI_BREWERY_MUC
+            - JIGASI_SIP_URI
+            - JVB_BREWERY_MUC
+            - MAX_BRIDGE_PARTICIPANTS
+            - OCTO_BRIDGE_SELECTION_STRATEGY
+            - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
+            - SENTRY_ENVIRONMENT
+            - SENTRY_RELEASE
+            - TZ
+            - XMPP_DOMAIN
+            - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MUC_DOMAIN
+            - XMPP_SERVER
+        depends_on:
+            - prosody
+        networks:
+            meet.jitsi:
+
+    # Video bridge
+    jvb:
+        image: jitsi/jvb:stable-6726
+        container_name: jitsijvb
+        restart: ${RESTART_POLICY}
+#ports:
+#    - '${JVB_PORT}:${JVB_PORT}/udp'
+#    - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
+        volumes:
+            - ${CONFIG}/jvb:/config:Z
+        environment:
+            - DOCKER_HOST_ADDRESS
+            - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_OCTO
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
+            - JVB_BREWERY_MUC
+            - JVB_PORT
+            - JVB_TCP_HARVESTER_DISABLED
+            - JVB_TCP_PORT
+            - JVB_TCP_MAPPED_PORT
+            - JVB_STUN_SERVERS
+            - JVB_OCTO_BIND_ADDRESS
+            - JVB_OCTO_PUBLIC_ADDRESS
+            - JVB_OCTO_BIND_PORT
+            - JVB_OCTO_REGION
+            - JVB_WS_DOMAIN
+            - JVB_WS_SERVER_ID
+            - PUBLIC_URL
+            - SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
+            - SENTRY_ENVIRONMENT
+            - SENTRY_RELEASE
+            - COLIBRI_REST_ENABLED
+            - SHUTDOWN_REST_ENABLED
+            - TZ
+            - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_SERVER
+        depends_on:
+            - prosody
+        networks:
+            meet.jitsi:
+
+
+# Custom network so all services can communicate using a FQDN
+networks:
+    meet.jitsi:

env

@@ -0,0 +1,412 @@
+# shellcheck disable=SC2034
+
+# Security
+#
+# Set these to strong passwords to avoid intruders from impersonating a service account
+# The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
+# You may skip the Jigasi and Jibri passwords if you are not using those
+# DO NOT reuse passwords
+#
+
+# XMPP password for Jicofo client connections
+JICOFO_AUTH_PASSWORD=284e5595787065de58f350ab54c151be
+
+# XMPP password for JVB client connections
+JVB_AUTH_PASSWORD=fef77dc4580183b366dbe65357538716
+
+# XMPP password for Jigasi MUC client connections
+JIGASI_XMPP_PASSWORD=d41efde399375d50871f28aa9a078b3e
+
+# XMPP recorder password for Jibri client connections
+JIBRI_RECORDER_PASSWORD=f785cb7d5d9816ff5f9ca781fd544ee8
+
+# XMPP password for Jibri client connections
+JIBRI_XMPP_PASSWORD=cdbea33c1a65a55ffb4a080a5cb1a9f7
+
+
+#
+# Basic configuration options
+#
+
+# Directory where all configuration will be stored
+#CONFIG=/data/appl/ok/gitversion/examples-services/tmp-test/jitsi/docker-jitsi-meet-stable-6726/.jitsi-meet-cfg/.jitsi-meet-cfg
+CONFIG=./.jitsi-meet-cfg
+#CONFIG=.jitsi-meet-cfg
+
+# Exposed HTTP port
+HTTP_PORT=9083
+
+# Exposed HTTPS port
+HTTPS_PORT=9043
+
+# System time zone
+TZ=UTC
+
+# Public URL for the web service (required)
+#PUBLIC_URL=https://meet.example.com
+
+# IP address of the Docker host
+# See the "Running behind NAT or on a LAN environment" section in the Handbook:
+# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
+#DOCKER_HOST_ADDRESS=192.168.1.1
+
+# Control whether the lobby feature should be enabled or not
+#ENABLE_LOBBY=1
+
+# Control whether the A/V moderation should be enabled or not
+#ENABLE_AV_MODERATION=1
+
+# Show a prejoin page before entering a conference
+#ENABLE_PREJOIN_PAGE=0
+
+# Enable the welcome page
+#ENABLE_WELCOME_PAGE=1
+
+# Enable the close page
+#ENABLE_CLOSE_PAGE=0
+
+# Disable measuring of audio levels
+#DISABLE_AUDIO_LEVELS=0
+
+# Enable noisy mic detection
+#ENABLE_NOISY_MIC_DETECTION=1
+
+#
+# Let's Encrypt configuration
+#
+
+# Enable Let's Encrypt certificate generation
+#ENABLE_LETSENCRYPT=1
+
+# Domain for which to generate the certificate
+#LETSENCRYPT_DOMAIN=meet.example.com
+
+# E-Mail for receiving important account notifications (mandatory)
+#LETSENCRYPT_EMAIL=alice@atlanta.net
+
+# Use the staging server (for avoiding rate limits while testing)
+#LETSENCRYPT_USE_STAGING=1
+
+
+#
+# Etherpad integration (for document sharing)
+#
+
+# Set etherpad-lite URL in docker local network (uncomment to enable)
+#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
+
+# Set etherpad-lite public URL (uncomment to enable)
+#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain
+
+# Name your etherpad instance!
+ETHERPAD_TITLE=Video Chat
+
+# The default text of a pad
+ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
+
+# Name of the skin for etherpad
+ETHERPAD_SKIN_NAME=colibris
+
+# Skin variants for etherpad
+ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
+
+
+#
+# Basic Jigasi configuration options (needed for SIP gateway support)
+#
+
+# SIP URI for incoming / outgoing calls
+#JIGASI_SIP_URI=test@sip2sip.info
+
+# Password for the specified SIP account as a clear text
+#JIGASI_SIP_PASSWORD=passw0rd
+
+# SIP server (use the SIP account domain if in doubt)
+#JIGASI_SIP_SERVER=sip2sip.info
+
+# SIP server port
+#JIGASI_SIP_PORT=5060
+
+# SIP server transport
+#JIGASI_SIP_TRANSPORT=UDP
+
+#
+# Authentication configuration (see handbook for details)
+#
+
+# Enable authentication
+#ENABLE_AUTH=1
+
+# Enable guest access
+#ENABLE_GUESTS=1
+
+# Select authentication type: internal, jwt or ldap
+#AUTH_TYPE=internal
+
+# JWT authentication
+#
+
+# Application identifier
+#JWT_APP_ID=my_jitsi_app_id
+
+# Application secret known only to your token generator
+#JWT_APP_SECRET=my_jitsi_app_secret
+
+# (Optional) Set asap_accepted_issuers as a comma separated list
+#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
+
+# (Optional) Set asap_accepted_audiences as a comma separated list
+#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
+
+
+# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
+#
+
+# LDAP url for connection
+#LDAP_URL=ldaps://ldap.domain.com/
+
+# LDAP base DN. Can be empty
+#LDAP_BASE=DC=example,DC=domain,DC=com
+
+# LDAP user DN. Do not specify this parameter for the anonymous bind
+#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
+
+# LDAP user password. Do not specify this parameter for the anonymous bind
+#LDAP_BINDPW=LdapUserPassw0rd
+
+# LDAP filter. Tokens example:
+# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
+# %s - %s is replaced by the complete service string
+# %r - %r is replaced by the complete realm string
+#LDAP_FILTER=(sAMAccountName=%u)
+
+# LDAP authentication method
+#LDAP_AUTH_METHOD=bind
+
+# LDAP version
+#LDAP_VERSION=3
+
+# LDAP TLS using
+#LDAP_USE_TLS=1
+
+# List of SSL/TLS ciphers to allow
+#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
+
+# Require and verify server certificate
+#LDAP_TLS_CHECK_PEER=1
+
+# Path to CA cert file. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Path to CA certs directory. Used when server certificate verify is enabled
+#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
+
+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+
+
+#
+# Advanced configuration options (you generally don't need to change these)
+#
+
+# Internal XMPP domain
+XMPP_DOMAIN=meet.jitsi
+
+# Internal XMPP server
+XMPP_SERVER=jitsiprosody.microservice-jitsimeet_meet.jitsi
+
+# Internal XMPP server URL
+XMPP_BOSH_URL_BASE=http://jitsiprosody.microservice-jitsimeet_meet.jitsi:5280
+
+# Internal XMPP domain for authenticated services
+XMPP_AUTH_DOMAIN=auth.meet.jitsi
+
+# XMPP domain for the MUC
+XMPP_MUC_DOMAIN=muc.meet.jitsi
+
+# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+
+# XMPP domain for unauthenticated users
+XMPP_GUEST_DOMAIN=guest.meet.jitsi
+
+# Comma separated list of domains for cross domain policy or "true" to allow all
+# The PUBLIC_URL is always allowed
+#XMPP_CROSS_DOMAIN=true
+
+# Custom Prosody modules for XMPP_DOMAIN (comma separated)
+XMPP_MODULES=
+
+# Custom Prosody modules for MUC component (comma separated)
+XMPP_MUC_MODULES=
+
+# Custom Prosody modules for internal MUC component (comma separated)
+XMPP_INTERNAL_MUC_MODULES=
+
+# MUC for the JVB pool
+JVB_BREWERY_MUC=jvbbrewery
+
+# XMPP user for JVB client connections
+JVB_AUTH_USER=jvb
+
+# STUN servers used to discover the server's public IP
+JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
+
+# Media port for the Jitsi Videobridge
+JVB_PORT=10000
+
+# TCP Fallback for Jitsi Videobridge for when UDP isn't available
+JVB_TCP_HARVESTER_DISABLED=true
+JVB_TCP_PORT=4443
+JVB_TCP_MAPPED_PORT=4443
+
+# XMPP user for Jicofo client connections.
+# NOTE: this option doesn't currently work due to a bug
+JICOFO_AUTH_USER=focus
+
+# Base URL of Jicofo's reservation REST API
+#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com
+
+# Enable Jicofo's health check REST API (http://<jicofo_base_url>:8888/about/health)
+#JICOFO_ENABLE_HEALTH_CHECKS=true
+
+# XMPP user for Jigasi MUC client connections
+JIGASI_XMPP_USER=jigasi
+
+# MUC name for the Jigasi pool
+JIGASI_BREWERY_MUC=jigasibrewery
+
+# Minimum port for media used by Jigasi
+JIGASI_PORT_MIN=20000
+
+# Maximum port for media used by Jigasi
+JIGASI_PORT_MAX=20050
+
+# Enable SDES srtp
+#JIGASI_ENABLE_SDES_SRTP=1
+
+# Keepalive method
+#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS
+
+# Health-check extension
+#JIGASI_HEALTH_CHECK_SIP_URI=keepalive
+
+# Health-check interval
+#JIGASI_HEALTH_CHECK_INTERVAL=300000
+#
+# Enable Jigasi transcription
+#ENABLE_TRANSCRIPTIONS=1
+
+# Jigasi will record audio when transcriber is on [default: false]
+#JIGASI_TRANSCRIBER_RECORD_AUDIO=true
+
+# Jigasi will send transcribed text to the chat when transcriber is on [default: false]
+#JIGASI_TRANSCRIBER_SEND_TXT=true
+
+# Jigasi will post an url to the chat with transcription file [default: false]
+#JIGASI_TRANSCRIBER_ADVERTISE_URL=true
+
+# Credentials for connect to Cloud Google API from Jigasi
+# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
+# section "Before you begin" paragraph 1 to 5
+# Copy the values from the json to the related env vars
+#GC_PROJECT_ID=
+#GC_PRIVATE_KEY_ID=
+#GC_PRIVATE_KEY=
+#GC_CLIENT_EMAIL=
+#GC_CLIENT_ID=
+#GC_CLIENT_CERT_URL=
+
+# Enable recording
+#ENABLE_RECORDING=1
+
+# XMPP domain for the jibri recorder
+XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
+
+# XMPP recorder user for Jibri client connections
+JIBRI_RECORDER_USER=recorder
+
+# Directory for recordings inside Jibri container
+JIBRI_RECORDING_DIR=/config/recordings
+
+# The finalizing script. Will run after recording is complete
+#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh
+
+# XMPP user for Jibri client connections
+JIBRI_XMPP_USER=jibri
+
+# MUC name for the Jibri pool
+JIBRI_BREWERY_MUC=jibribrewery
+
+# MUC connection timeout
+JIBRI_PENDING_TIMEOUT=90
+
+# When jibri gets a request to start a service for a room, the room
+# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain
+# We'll build the url for the call by transforming that into:
+# https://xmpp_domain/subdomain/roomName
+# So if there are any prefixes in the jid (like jitsi meet, which
+# has its participants join a muc at conference.xmpp_domain) then
+# list that prefix here so it can be stripped out to generate
+# the call url correctly
+JIBRI_STRIP_DOMAIN_JID=muc
+
+# Directory for logs inside Jibri container
+JIBRI_LOGS_DIR=/config/logs
+
+# Configure an external TURN server
+# TURN_CREDENTIALS=secret
+# TURN_HOST=turnserver.example.com
+# TURN_PORT=443
+# TURNS_HOST=turnserver.example.com
+# TURNS_PORT=443
+
+# Disable HTTPS: handle TLS connections outside of this setup
+#DISABLE_HTTPS=1
+
+# Enable FLoC
+# Opt-In to Federated Learning of Cohorts tracking
+#ENABLE_FLOC=0
+
+# Redirect HTTP traffic to HTTPS
+# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
+#ENABLE_HTTP_REDIRECT=1
+
+# Send a `strict-transport-security` header to force browsers to use
+# a secure and trusted connection. Recommended for production use.
+# Defaults to 1 (send the header).
+# ENABLE_HSTS=1
+
+# Enable IPv6
+# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
+#ENABLE_IPV6=1
+
+# Container restart policy
+# Defaults to unless-stopped
+RESTART_POLICY=unless-stopped
+
+ENABLE_XMPP_WEBSOCKET=0
+#ENABLE_SCTP=1
+#ENABLE_COLIBRI_WEBSOCKET=0
+#ENABLE_XMPP_WEBSOCKET=0
+
+# Authenticate using external service or just focus external auth window if there is one already.
+# TOKEN_AUTH_URL=https://auth.meet.example.com/{room}
+
+# Sentry Error Tracking
+# Sentry Data Source Name (Endpoint for Sentry project)
+# Example: https://public:private@host:port/1
+#JVB_SENTRY_DSN=
+#JICOFO_SENTRY_DSN=
+#JIGASI_SENTRY_DSN=
+
+# Optional environment info to filter events
+#SENTRY_ENVIRONMENT=production
+
+# Optional release info to filter events
+#SENTRY_RELEASE=1.0.0
+
+# Optional properties for shutdown api
+#COLIBRI_REST_ENABLED=true
+#SHUTDOWN_REST_ENABLED=true

gen-passwords.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+function generatePassword() {
+    openssl rand -hex 16
+}
+
+JICOFO_AUTH_PASSWORD=$(generatePassword)
+JVB_AUTH_PASSWORD=$(generatePassword)
+JIGASI_XMPP_PASSWORD=$(generatePassword)
+JIBRI_RECORDER_PASSWORD=$(generatePassword)
+JIBRI_XMPP_PASSWORD=$(generatePassword)
+
+sed -i.bak \
+    -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
+    -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
+    -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
+    -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
+    -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
+    "$(dirname "$0")/.env"

run.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  TARGET="$(readlink "$SOURCE")"
+  if [[ $TARGET == /* ]]; then
+    SOURCE="$TARGET"
+  else
+    DIR="$( dirname "$SOURCE" )"
+    SOURCE="$DIR/$TARGET" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+  fi
+done
+
+SRPATH="$( dirname "$SOURCE" )"
+SFPATH="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+if [ "$SFPATH" != "$SRPATH" ]; then
+  RDIR=$SRPATH    # relativ path directory
+fi
+
+cwdir=$PWD
+wdir=$SFPATH
+
+
+docker-compose down
+docker-compose rm
+docker container rm jitsiprosody jitsiweb jitsijicofo jitsijvb
+docker-compose pull
+cd $wdir
+cp -f env .env
+./create-config.sh
+./gen-passwords.sh
+cd $cwdir
+docker-compose up -d

stop.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+docker-compose down
+docker-compose rm
+docker container rm jitsiprosody jitsiweb jitsijicofo jitsijvb