diff --git a/README.md b/README.md index 8f22163..ba80392 100644 --- a/README.md +++ b/README.md @@ -365,9 +365,14 @@ If you want to enable the Transcribing function, these options are required: Variable | Description | Example --- | --- | --- `ENABLE_TRANSCRIPTIONS` | Enable Jigasi transcription in a conference | 1 -`GOOGLE_APPLICATION_CREDENTIALS` | Credentials for connect to Cloud Google API from Jigasi. Path located inside the container | /config/key.json +`GC_PROJECT_ID` | `project_id` from Google Cloud Credetials +`GC_PRIVATE_KEY_ID` | `private_key_id` from Google Cloud Credetials +`GC_PRIVATE_KEY` | `private_key` from Google Cloud Credetials +`GC_CLIENT_EMAIL` | `client_email` from Google Cloud Credetials +`GC_CLIENT_ID` | `client_id` from Google Cloud Credetials +`GC_CLIENT_CERT_URL` | `client_x509_cert_url` from Google Cloud Credetials -For setting `GOOGLE_APPLICATION_CREDENTIALS` please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph. +For setting the Google Cloud Credentials please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph. ### Advanced configuration diff --git a/env.example b/env.example index 20733cb..9fe74c5 100644 --- a/env.example +++ b/env.example @@ -15,7 +15,7 @@ HTTPS_PORT=8443 TZ=Europe/Amsterdam # Public URL for the web service. -#PUBLIC_URL="https://meet.example.com" +#PUBLIC_URL=https://meet.example.com # IP address of the Docker host. See the "Running on a LAN environment" section # in the README. @@ -246,11 +246,15 @@ JIGASI_PORT_MAX=20050 # Jigasi post to the chat an url with transcription file. Default false. #JIGASI_TRANSCRIBER_ADVERTISE_URL=true -# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container. -# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" from 1 to 5 paragraph. Copy the key on -# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting: -#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json +# Credentials for connect to Cloud Google API from Jigasi +# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph. +# Copy the values from the json to the related env vars +#GC_PROJECT_ID= +#GC_PRIVATE_KEY_ID= +#GC_PRIVATE_KEY= +#GC_CLIENT_EMAIL= +#GC_CLIENT_ID= +#GC_CLIENT_CERT_URL= # Enable recording #ENABLE_RECORDING=1 diff --git a/examples/kubernetes/README.md b/examples/kubernetes/README.md new file mode 100644 index 0000000..8158dbc --- /dev/null +++ b/examples/kubernetes/README.md @@ -0,0 +1,26 @@ +# Install guide for kubernetes + +This guide will deploy jitsi in the most simple way: as several containers in a single pod. This is enough to start in case your hardware is enough. If you need to scale components to severa instance, you'll have to modify it to use several services and pods. + +Create a namespace to deploy jitsi to: + +`kubectl create namespace jitsi` + +Add the secret with secret values (replace `...` with some random strings): + +`kubectl create secret generic jitsi-config --from-literal=JICOFO_COMPONENT_SECRET=... --from-literal=JICOFO_AUTH_PASSWORD=... --from-literal=JVB_AUTH_PASSWORD=... ` + +Deploy the service to listen for JVB UDP traffic on all cluster nodes port 30300: + +`kubectl create -f jvb-service.yaml` + +Now we can deploy the rest of the application: + +`kubectl create -f deployment.yaml` + +To expose the webapp, we can use Ingress (replace the `host` value with your actual hostname): + +`kubectl create -f web-service.yaml` + +You can either use "https" or "http" service port, depending on whether your ingress allows self-signed certs. + diff --git a/examples/kubernetes/deployment.yaml b/examples/kubernetes/deployment.yaml new file mode 100644 index 0000000..144585f --- /dev/null +++ b/examples/kubernetes/deployment.yaml @@ -0,0 +1,143 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi + namespace: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo + imagePullPolicy: Always + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody + imagePullPolicy: Always + env: + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web + imagePullPolicy: Always + env: + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb + imagePullPolicy: Always + env: + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles diff --git a/examples/kubernetes/jvb-service.yaml b/examples/kubernetes/jvb-service.yaml new file mode 100644 index 0000000..6cf1434 --- /dev/null +++ b/examples/kubernetes/jvb-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp + namespace: jitsi +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/examples/kubernetes/web-service.yaml b/examples/kubernetes/web-service.yaml new file mode 100644 index 0000000..37b07bc --- /dev/null +++ b/examples/kubernetes/web-service.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web + namespace: jitsi +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi +--- + apiVersion: networking.k8s.io/v1beta1 + kind: Ingress + metadata: + name: jitsi + namespace: jitsi + spec: + rules: + - host: ... + http: + paths: + - path: / + backend: + serviceName: web + servicePort: https \ No newline at end of file diff --git a/jibri.yml b/jibri.yml index 2f5a3e7..324f613 100644 --- a/jibri.yml +++ b/jibri.yml @@ -28,6 +28,8 @@ services: - JIBRI_LOGS_DIR - DISPLAY=:0 - TZ + depends_on: + - jicofo networks: meet.jitsi: diff --git a/jicofo/rootfs/etc/cont-init.d/10-config b/jicofo/rootfs/etc/cont-init.d/10-config index 8e7b0f4..b9d96a6 100644 --- a/jicofo/rootfs/etc/cont-init.d/10-config +++ b/jicofo/rootfs/etc/cont-init.d/10-config @@ -8,3 +8,4 @@ if [[ ! -f /config/logging.properties ]]; then cp /defaults/logging.properties /config fi +chown -R jicofo:jitsi /config \ No newline at end of file diff --git a/jigasi.yml b/jigasi.yml index 46f1584..600ef84 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -34,7 +34,12 @@ services: - JIGASI_TRANSCRIBER_ADVERTISE_URL - JIGASI_TRANSCRIBER_RECORD_AUDIO - JIGASI_TRANSCRIBER_SEND_TXT - - GOOGLE_APPLICATION_CREDENTIALS + - GC_PROJECT_ID + - GC_PRIVATE_KEY_ID + - GC_PRIVATE_KEY + - GC_CLIENT_EMAIL + - GC_CLIENT_ID + - GC_CLIENT_CERT_URL - TZ depends_on: - prosody diff --git a/jigasi/Dockerfile b/jigasi/Dockerfile index 482fb06..8d50fac 100644 --- a/jigasi/Dockerfile +++ b/jigasi/Dockerfile @@ -1,11 +1,13 @@ ARG JITSI_REPO=jitsi FROM ${JITSI_REPO}/base-java +ENV GOOGLE_APPLICATION_CREDENTIALS /config/key.json + RUN \ apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y jigasi && \ + apt-dpkg-wrap apt-get install -y jigasi jq && \ apt-cleanup COPY rootfs/ / -VOLUME /config +VOLUME ["/config", "/tmp/transcripts"] diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 3e70206..c1a77b3 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -109,6 +109,12 @@ org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000 org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }} +org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true +org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false +org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false +org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true +org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true +org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true {{ if .Env.ENABLE_AUTH | default "0" | toBool }} org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }} org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }} diff --git a/jigasi/rootfs/etc/cont-init.d/10-config b/jigasi/rootfs/etc/cont-init.d/10-config index bf9d0c6..e34f1a2 100644 --- a/jigasi/rootfs/etc/cont-init.d/10-config +++ b/jigasi/rootfs/etc/cont-init.d/10-config @@ -10,3 +10,32 @@ fi mkdir -pm777 /tmp/transcripts chown jigasi:jitsi /tmp/transcripts + +# Create Google Cloud Credentials +if [[ $ENABLE_TRANSCRIPTIONS -eq 1 || $ENABLE_TRANSCRIPTIONS == "true" ]] && [[ ! -f /config/key.json ]]; then + if [[ -z $GC_PROJECT_ID || -z $GC_PRIVATE_KEY_ID || -z $GC_PRIVATE_KEY || -z $GC_CLIENT_EMAIL || -z $GC_CLIENT_ID || -z $GC_CLIENT_CERT_URL ]]; then + echo 'Transcriptions: One or more environment variables are undefined' + exit 1 + fi + + jq -n \ + --arg GC_PROJECT_ID "$GC_PROJECT_ID" \ + --arg GC_PRIVATE_KEY_ID "$GC_PRIVATE_KEY_ID" \ + --arg GC_PRIVATE_KEY "$GC_PRIVATE_KEY" \ + --arg GC_CLIENT_EMAIL "$GC_CLIENT_EMAIL" \ + --arg GC_CLIENT_ID "$GC_CLIENT_ID" \ + --arg GC_CLIENT_CERT_URL "$GC_CLIENT_CERT_URL" \ + '{ + type: "service_account", + project_id: $GC_PROJECT_ID, + private_key_id: $GC_PRIVATE_KEY_ID, + private_key: $GC_PRIVATE_KEY, + client_email: $GC_CLIENT_EMAIL, + client_id: $GC_CLIENT_ID, + auth_uri: "https://accounts.google.com/o/oauth2/auth", + token_uri: "https://oauth2.googleapis.com/token", + auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs", + client_x509_cert_url: $GC_CLIENT_CERT_URL + }' \ + > /config/key.json +fi diff --git a/web/Dockerfile b/web/Dockerfile index 6d06268..7e6fbae 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -13,4 +13,4 @@ COPY rootfs/ / EXPOSE 80 443 -VOLUME ["/config", "/etc/letsencrypt"] +VOLUME ["/config", "/etc/letsencrypt", "/usr/share/jitsi-meet/transcripts"]