jitsi · prayagsingh · Oct 6, 2021 · Oct 6, 2021
diff --git a/examples/docker-swarm/README.md b/examples/docker-swarm/README.md
@@ -0,0 +1,41 @@
+## Deploy jitsi using docker-swarm and Traefik
+
+### NOTE: This example was tested by using a individual VM for each of the service.
+
+### STEPS
+
+1. Open below ports in firewall for docker-swarm configuration.
+
+    A. TCP port 2377 for cluster management communications
+
+    B. TCP and UDP port 7946 for communication among nodes
+
+    C. UDP port 4789 for overlay network traffic
+
+2. This setup assumes that you are using 2 or more nodes for deployment.
+
+    A. [Initialize docker-swarm](https://docs.docker.com/engine/reference/commandline/swarm_init/) by running command `docker swarm init --advertise-addr machine_IP` on any of the node(Let's say VM1). `machine_IP` is the PUBLIC or PRIVATE IP of your node(VM1).
+
+    B. [Join](https://docs.docker.com/engine/reference/commandline/swarm_join/) a swarm as a manager using command `docker swarm join-token manager` on node(VM1).
+
+    C. Now join other nodes as well using command `docker swarm join --token TOKEN VM1_IP:2377 --advertise-addr current_VM_IP` where `TOKEN` is value generated in Step 2.A and `current_VM_IP` is the IP of your machine on which you are running this command.
+
+    D. Join node3(VM3) using the same command as 2.C
+
+    E. Verify the setup using command `docker node ls` which will show all the three nodes with role as a manager.
+
+3. Create an Overlay network for jitsi using command `docker network create --attachable --driver overlay jitsi`
+
+4. Now open below ports for jitsi deployment.
+
+    A. Jicofo port `8888 TCP` for internal use only.
+
+    B. Jvb ports `10000 UDP` for everyone, `4096 UDP` and `8080 TCP` for internal use only.
+
+    C. Prosody ports `5222, 5347, 5280 TCP` for internal use only.
+
+    D. Web port `80 TCP` and `443 TCP` for everyone and make sure to enable `ENABLE_HTTP_REDIRECT` in `stack-web.yml` file.
+
+5. Now deploy the jitsi setup files using command `docker stack deploy -c stack-web.yaml -c stack-prosdy.yml -c stack-jicofo.yml -c stack-jvb1.yml jitsi`.
+
+6. Please note that you can restrict which service you want to deploy on which node by uncommenting the `placement` in the files. Make sure you are running service web on the node for which you have added a DNS record.
diff --git a/examples/docker-swarm/stack-jicofo.yml b/examples/docker-swarm/stack-jicofo.yml
@@ -0,0 +1,82 @@
+version: '3.8'
+
+services:
+
+    # Focus component
+    jicofo:
+        image: jitsi/jicofo:latest
+        deploy:
+          replicas: 1
+          update_config:
+            failure_action: rollback
+          restart_policy:
+            condition: on-failure
+            delay: 5s
+            max_attempts: 5
+          #placement:
+          #  constraints:
+          #    - node.hostname == demo2
+
+                #healthcheck:
+                #test: curl 127.0.0.1:8888/about/health || exit 1
+                #interval: 5s
+                #timeout: 5s
+                #retries: 3
+                #start_period: 3s
+        environment:
+            AUTH_TYPE: internal
+            BRIDGE_AVG_PARTICIPANT_STRESS:
+            BRIDGE_STRESS_THRESHOLD:
+            ENABLE_AUTH: 1
+            ENABLE_AUTO_OWNER: "true"
+            # enable/disable video codec
+            ENABLE_CODEC_VP8: "true"
+            ENABLE_CODEC_VP9: "true"
+            ENABLE_CODEC_H264: "true"
+            ENABLE_OCTO: 0
+            ENABLE_RECORDING: 0
+            ENABLE_SCTP: "false"
+            ENABLE_AUTO_LOGIN:
+            JIBRI_BREWERY_MUC: jibribrewery
+            JIBRI_REQUEST_RETRIES:
+            JIBRI_PENDING_TIMEOUT: 90
+            JICOFO_AUTH_USER: focus
+            JICOFO_AUTH_PASSWORD: CHANGE_HERE
+            # Bridge healthcheck
+            JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS: "true"
+            JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT:
+            JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT:
+            # internal healthcheck
+            JICOFO_ENABLE_HEALTH_CHECKS: "true"
+            JICOFO_SHORT_ID: 1
+            JICOFO_RESERVATION_ENABLED:
+            JICOFO_RESERVATION_REST_BASE_URL:
+            JIGASI_BREWERY_MUC: jigasibrewery
+            JIGASI_SIP_URI:
+            JVB_BREWERY_MUC: jvbbrewery
+            # Bridge config
+            MAX_BRIDGE_PARTICIPANTS:
+            OCTO_BRIDGE_SELECTION_STRATEGY: SplitBridgeSelectionStrategy #IntraRegionBridgeSelectionStrategy #SingleBridgeSelectionStrategy
+            SENTRY_DSN: "${JICOFO_SENTRY_DSN:-0}"
+            SENTRY_ENVIRONMENT:
+            SENTRY_RELEASE:
+            TZ: Asia/Kolkata      
+            XMPP_AUTH_DOMAIN: auth.meet.jitsi
+            XMPP_DOMAIN: meet.jitsi
+            XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+            XMPP_SERVER: xmpp.meet.jitsi
+            XMPP_MUC_DOMAIN: muc.meet.jitsi
+        depends_on:
+            - prosody
+        volumes:
+            - ${CONFIG}/jicofo:/config
+        ports:
+            - target: 8888
+              published: 8888
+        networks:
+            jitsi:
+# Custom network so all services can communicate using a FQDN
+networks:
+  jitsi:
+    external: true
+    name: jitsi
diff --git a/examples/docker-swarm/stack-jvb1.yml b/examples/docker-swarm/stack-jvb1.yml
@@ -0,0 +1,89 @@
+version: '3.8'
+
+services:
+    # Video bridge
+    jvb1:
+        image: jitsi/jvb:latest
+        hostname: jvb1
+        ports:
+          - target: 10000
+            published: 10000
+            mode: host
+            protocol: udp
+          - target: 4443
+            published: 4443
+            mode: host
+            protocol: tcp
+          - target: 4096
+            published: 4096
+            mode: host
+            protocol: udp
+          - target: 8080
+            published: 8080
+            mode: host
+            protocol: tcp
+
+        deploy:
+          replicas: 1
+          update_config:
+            parallelism: 1
+            failure_action: rollback
+          restart_policy:
+            condition: on-failure
+            delay: 5s
+            #max_attempts: 5
+          #placement:
+          #  max_replicas_per_node: 1
+          #  constraints:
+          #    - "node.hostname==demo3"
+
+        healthcheck:
+            test: curl 127.0.0.1:8080/about/health || exit 1
+            interval: 6s
+            timeout: 6s
+            retries: 3
+            start_period: 4s
+
+        environment:
+            DOCKER_HOST_ADDRESS:
+            ENABLE_COLIBRI_WEBSOCKET: 1
+            ENABLE_OCTO: 0
+            JVB_AUTH_USER: jvb
+            JVB_AUTH_PASSWORD: CHANGE_HERE
+            JVB_BREWERY_MUC: jvbbrewery
+            JVB_PORT: 10000
+            JVB_TCP_HARVESTER_DISABLED: 0
+            JVB_TCP_PORT: 4443
+            JVB_STUN_SERVERS: meet-jit-si-turnrelay.jitsi.net:443
+            JVB_ENABLE_APIS: rest,colibri
+            JVB_OCTO_BIND_ADDRESS: "0.0.0.0"
+            JVB_OCTO_PUBLIC_ADDRESS: "" #CHANGE_HERE. put the public-ip of an instance
+            JVB_OCTO_BIND_PORT: 4096
+            JVB_OCTO_REGION: 'Region1'
+            JVB_WS_DOMAIN:
+            JVB_WS_SERVER_ID: jvb1
+            JIBRI_BREWERY_MUC: jibribrewery
+            JIBRI_PENDING_TIMEOUT: 90
+            SENTRY_DSN: "${JVB_SENTRY_DSN:-0}"
+            SENTRY_ENVIRONMENT:
+            SENTRY_RELEASE:
+            PUBLIC_URL: "https://meet.jitsi"
+            TZ: Asia/Kolkata
+            XMPP_AUTH_DOMAIN: auth.meet.jitsi
+            XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+            XMPP_SERVER: xmpp.meet.jitsi
+
+        depends_on:
+            - prosody
+        volumes:
+            - ${CONFIG}/jvb:/config
+        networks:
+            jitsi:
+              aliases:
+                - jvb1
+
+# Custom network so all services can communicate using a FQDN
+networks:
+  jitsi:
+    external: true
+    name: jitsi
diff --git a/examples/docker-swarm/stack-prosody.yml b/examples/docker-swarm/stack-prosody.yml
@@ -0,0 +1,108 @@
+version: '3.8'
+
+services:
+    # XMPP server
+    prosody:
+        image: jitsi/prosody:latest
+        hostname: xmpp.meet.jitsi
+        deploy:
+          replicas: 1
+          update_config:
+            failure_action: rollback
+          restart_policy:
+            condition: on-failure
+            delay: 5s
+            max_attempts: 5
+          #placement:
+          #  constraints:
+          #    - node.hostname == demo2
+        environment:
+            AUTH_TYPE: internal #jwt
+            DISABLE_POLLS: 0
+            ENABLE_AUTH: 1
+            ENABLE_BREAKOUT_ROOMS: 0
+            ENABLE_GUESTS:
+            ENABLE_LOBBY:
+            ENABLE_AV_MODERATION: 1
+            ENABLE_SUBDOMAINS: "true"
+            ENABLE_XMPP_WEBSOCKET: 1
+            GLOBAL_CONFIG:
+            GLOBAL_MODULES:
+            JVB_AUTH_USER: jvb
+            JVB_AUTH_PASSWORD: CHANGE_HERE  
+            JICOFO_AUTH_USER: focus
+            JICOFO_AUTH_PASSWORD: CHANGE_HERE
+            JICOFO_COMPONENT_SECRET: CHANGE_HERE
+            JIGASI_XMPP_USER: jigasi
+            JIGASI_XMPP_PASSWORD: CHANGE_HERE
+            JIBRI_BREWERY_MUC: jibribrewery
+            JIBRI_PENDING_TIMEOUT: 90
+            JIBRI_XMPP_USER: jibri
+            JIBRI_XMPP_PASSWORD: CHANGE_HERE
+            JIBRI_RECORDER_USER: recorder
+            JIBRI_RECORDER_PASSWORD: CHANGE_HERE
+            JWT_APP_ID: CHANGE_HERE
+            JWT_APP_SECRET: CHANGE_HERE
+            JWT_ACCEPTED_ISSUERS: my_web_client,my_app_client
+            JWT_ALLOW_EMPTY: 0
+            JWT_AUTH_TYPE: token
+            JWT_TOKEN_AUTH_MODULE: token_verification,token_affiliation #token_moderation
+            JWT_ACCEPTED_AUDIENCES: myserver1,myserver2
+            JWT_ASAP_KEYSERVER:
+            LDAP_AUTH_METHOD:
+            LDAP_URL:
+            LDAP_TLS_CACERT_FILE:
+            LDAP_TLS_CACERT_DIR:
+            LDAP_BINDPW:
+            LDAP_FILTER:
+            LDAP_TLS_CHECK_PEER:
+            LDAP_START_TLS:
+            LDAP_VERSION:
+            LOG_LEVEL: debug
+            PUBLIC_URL: https://meet.jitsi
+            TURN_CREDENTIALS:
+            TURN_HOST:
+            TURNS_HOST:
+            TURN_PORT:
+            TURNS_PORT:
+            TZ: Asia/Kolkata
+            XMPP_DOMAIN: meet.jitsi
+            XMPP_AUTH_DOMAIN: auth.meet.jitsi
+            XMPP_BOSH_URL_BASE: http://xmpp.meet.jitsi:5280
+            XMPP_CROSS_DOMAIN: "true"
+            XMPP_GUEST_DOMAIN: guest.meet.jitsi
+            XMPP_MUC_DOMAIN: muc.meet.jitsi
+            XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+            XMPP_RECORDER_DOMAIN: recorder.meet.jitsi
+            XMPP_MODULES:
+            XMPP_MUC_MODULES:
+            XMPP_INTERNAL_MUC_MODULES:
+        volumes:
+            - ${CONFIG}/prosody:/config
+            - ${CONFIG}/prosody:/etc/prosody
+              #- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom
+        ports:
+            - target: 5222
+              published: 5222
+              #mode: host
+            - target: 5347
+              published: 5347
+              #mode: host
+            - target: 5280
+              published: 5280
+              #mode: host
+        networks:
+          jitsi:
+             aliases:
+               - meet.jitsi
+               - xmpp.meet.jitsi
+               - auth.meet.jitsi
+               - guest.meet.jitsi
+               - muc.meet.jitsi
+               - internal-muc.meet.jitsi
+               - focus.meet.jitsi
+# Custom network so all services can communicate using a FQDN
+networks:
+  jitsi:
+    external: true
+    name: jitsi