diff options
| -rw-r--r-- | .gitignore | 7 | ||||
| -rw-r--r-- | data/proxy/nginx/log/.keep | 0 | ||||
| -rw-r--r-- | data/proxy/nginx/sites.template.scalelite-local | 43 | ||||
| -rw-r--r-- | data/redis/conf/redis.conf | 81 | ||||
| -rw-r--r-- | docker-compose-dev.yml | 59 | ||||
| -rw-r--r-- | docker-compose.yml | 87 | ||||
| -rwxr-xr-x | init-letsencrypt.sh | 2 |
7 files changed, 190 insertions, 89 deletions
@@ -6,11 +6,10 @@ /scalelite/tmp* /data/* -/data/proxy/nginx/log/* -!/data/proxy/nginx/log/.keep -/data/proxy/nginx/sites-enabled/* -!/data/proxy/nginx/sites-enabled/.keep +!/data/nginx/ !/data/proxy/ +/data/redis/db/* +!/data/redis/ /tmp* diff --git a/data/proxy/nginx/log/.keep b/data/proxy/nginx/log/.keep deleted file mode 100644 index e69de29..0000000 --- a/data/proxy/nginx/log/.keep +++ /dev/null diff --git a/data/proxy/nginx/sites.template.scalelite-local b/data/proxy/nginx/sites.template.scalelite-local index e5b8170..dfb5f97 100644 --- a/data/proxy/nginx/sites.template.scalelite-local +++ b/data/proxy/nginx/sites.template.scalelite-local @@ -37,39 +37,28 @@ server { #ssl_certificate /etc/ssl/fullchain.pem; #ssl_certificate_key /etc/ssl/privkey.pem; - location /bigbluebutton/api/ { + location /health_check { proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } - proxy_read_timeout 60s; - proxy_redirect off; - - proxy_set_header Host $http_host; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; } - location / { + location /presentation/ { proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } - proxy_read_timeout 60s; - proxy_redirect off; - - proxy_set_header Host $http_host; - - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_set_header X-Forwarded-Proto $scheme; + location /playback/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + location / { + proxy_pass http://docker-scalelite-api/health_check; + include /etc/nginx/sites-common; } } diff --git a/data/redis/conf/redis.conf b/data/redis/conf/redis.conf new file mode 100644 index 0000000..eb0fe99 --- /dev/null +++ b/data/redis/conf/redis.conf @@ -0,0 +1,81 @@ +bind 0.0.0.0 +protected-mode no +masterauth "redisTLSTest2021@@" +requirepass "redisTLSTest2021@@" +port 0 +tcp-backlog 511 +timeout 300 +tcp-keepalive 300 +daemonize no +supervised no +pidfile /var/run/redis.pid +loglevel notice +#logfile "/var/log/redis/redis.log" +databases 16 +always-show-logo no +stop-writes-on-bgsave-error yes +rdbcompression yes +rdbchecksum yes +# The filename where to dump the DB +dbfilename dump_6479.rdb +replica-serve-stale-data yes +replica-read-only yes +repl-diskless-sync no +repl-diskless-sync-delay 5 +repl-timeout 60 +repl-disable-tcp-nodelay no +replica-priority 100 +maxclients 10000 +# maxmemory-policy noeviction +lazyfree-lazy-eviction no +lazyfree-lazy-expire no +lazyfree-lazy-server-del no +replica-lazy-flush no +appendonly yes +appendfilename "appendonly.aof" +appendfsync everysec +no-appendfsync-on-rewrite no +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb +aof-load-truncated yes +aof-use-rdb-preamble yes +lua-time-limit 5000 +cluster-config-file redis_cluster.conf +cluster-node-timeout 15000 +cluster-enabled yes +# cluster-replica-validity-factor 10 +# cluster-require-full-coverage yes +slowlog-log-slower-than 10000 +slowlog-max-len 128 +latency-monitor-threshold 0 +notify-keyspace-events "" +list-max-ziplist-size -2 +activerehashing yes +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit replica 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 +hz 10 +dynamic-hz yes +rdb-save-incremental-fsync yes +### TLS +tls-port 7379 +tls-cert-file /etc/letsencrypt/archive/sl.jesus.123it.ca/cert3.pem +tls-key-file /etc/letsencrypt/archive/sl.jesus.123it.ca/privkey3.pem +tls-ca-cert-file /etc/letsencrypt/archive/sl.jesus.123it.ca/chain3.pem +tls-auth-clients no + +# tls-auth-clients optional + +tls-replication yes +tls-cluster yes + +# Explicitly specify TLS versions to support. Allowed values are case insensitive +# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or +# any combination. To enable only TLSv1.2 and TLSv1.3, use: +# +tls-protocols "TLSv1.2 TLSv1.3" + +# By default, TLS session caching is enabled to allow faster and less expensive +# reconnections by clients that support it. Use the following directive to disable +# caching. +tls-session-caching no diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index b144f7c..df8b97f 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -25,23 +25,26 @@ services: image: postgres:11-alpine container_name: postgres restart: unless-stopped - volumes: - - postgres-data-dev:/var/lib/postgresql/data ports: - "5432:5432" environment: - POSTGRES_USER=${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} + volumes: + - postgres-data-dev:/var/lib/postgresql/data redis: - image: redis:5.0-alpine - command: ["redis-server", "--appendonly", "yes"] + image: redis:6.2-alpine container_name: redis restart: unless-stopped - volumes: - - redis-data-dev:/data ports: - "6379:6379" + volumes: + - redis-data-dev:/data + - ./data/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf + - ./data/certbot/conf/:/etc/letsencrypt +# command: ["redis-server", "/usr/local/etc/redis/redis.conf"] + command: ["redis-server", "--appendonly", "yes"] certbot: image: certbot/certbot @@ -56,27 +59,25 @@ services: image: nginx:1.18 container_name: scalelite-proxy restart: unless-stopped - volumes: - - ./data/proxy/nginx/log/:/var/log/nginx - - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template - - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot ports: - "80:80" - "443:443" environment: - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com} + volumes: + - ./log/proxy-nginx/:/var/log/nginx + - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template + - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/www/:/var/www/certbot depends_on: - certbot - scalelite-api - scalelite-recordings command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'" - logging: - driver: journald scalelite-recordings: - image: bigbluebutton/bbb-playback-proxy:bionic-23-dev-alpine3.11 + image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-230-alpine} container_name: scalelite-recordings restart: unless-stopped volumes: @@ -86,19 +87,20 @@ services: - scalelite-api scalelite-api: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.0} + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-api restart: unless-stopped - volumes: - - ./log/scalelite/:/app/log - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton + env_file: + - .env environment: - - SECRET_KEY_BASE=${SECRET_KEY_BASE} - - LOADBALANCER_SECRET=${LOADBALANCER_SECRET} - REDIS_URL=${REDIS_URL:-redis://redis:6379} - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - RECORDING_DISABLED=${RECORDING_DISABLED-false} - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} + volumes: + - ./log/scalelite-api/:/srv/scalelite/log/ + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton depends_on: - postgres - redis @@ -106,13 +108,17 @@ services: driver: journald scalelite-poller: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.0} + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-poller restart: unless-stopped + env_file: + - .env environment: - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} + volumes: + - ./log/scalelite-poller/:/app/log command: /bin/sh -c "bin/start-poller" depends_on: - scalelite-api @@ -120,14 +126,17 @@ services: driver: journald scalelite-recording-importer: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.0} + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-recording-importer restart: unless-stopped + env_file: + - .env environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - RECORDING_DISABLED=false + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} volumes: + - ./log/scalelite-recording-importer/:/app/log - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/spool:/var/bigbluebutton/spool command: /bin/sh -c "bin/start-recording-importer" diff --git a/docker-compose.yml b/docker-compose.yml index e8b9b03..e1dad4e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,61 +9,77 @@ services: image: postgres:11-alpine container_name: postgres restart: unless-stopped - volumes: - - postgres-data:/var/lib/postgresql/data environment: - POSTGRES_USER=${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} + volumes: + - postgres-data:/var/lib/postgresql/data redis: - image: redis:5.0-alpine - command: ["redis-server", "--appendonly", "yes"] + image: redis:6.2-alpine container_name: redis restart: unless-stopped volumes: - redis-data:/data + - ./data/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf + - ./data/certbot/conf/:/etc/letsencrypt + command: ["redis-server", "--appendonly", "yes"] certbot: image: certbot/certbot container_name: certbot volumes: - - ./log/certbot:/var/log/letsencrypt - - ./data/certbot/conf:/etc/letsencrypt - - ./data/certbot/www:/var/www/certbot + - ./log/certbot/:/var/log/letsencrypt + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/www/:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - scalelite-nginx: - image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-nginx - container_name: scalelite-nginx + scalelite-proxy: + image: nginx:1.18 + container_name: scalelite-proxy restart: unless-stopped ports: - "80:80" - "443:443" + environment: + - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com} + volumes: + - ./log/proxy-nginx/:/var/log/nginx + - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template + - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/www/:/var/www/certbot + depends_on: + - certbot + - scalelite-api + - scalelite-recordings + command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'" + + scalelite-recordings: + image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-230-alpine} + container_name: scalelite-recordings + restart: unless-stopped volumes: - - ./log/nginx/:/var/log/nginx - - ./data/certbot/conf:/etc/nginx/ssl - - ./data/certbot/www:/var/www/certbot - - ./data/nginx/scalelite:/etc/nginx/conf.d/scalelite + - ./log/recordings/:/var/log/nginx - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published - environment: - - NGINX_SSL=${NGINX_SSL-true} - - URL_HOST=${URL_HOST} depends_on: - scalelite-api scalelite-api: - image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-api + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-api restart: unless-stopped - volumes: - - ./log/scalelite/:/app/log - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton + env_file: + - .env environment: - - SECRET_KEY_BASE=${SECRET_KEY_BASE} - - LOADBALANCER_SECRET=${LOADBALANCER_SECRET} - REDIS_URL=${REDIS_URL:-redis://redis:6379} - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - URL_HOST=${URL_HOST} + - RECORDING_DISABLED=${RECORDING_DISABLED-false} + - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} + volumes: + - ./log/scalelite-api/:/srv/scalelite/log/ + - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton depends_on: - postgres - redis @@ -71,32 +87,39 @@ services: driver: journald scalelite-poller: - image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-poller + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-poller restart: unless-stopped + env_file: + - .env environment: - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} + volumes: + - ./log/scalelite-poller/:/app/log + command: /bin/sh -c "bin/start-poller" depends_on: - - postgres - - redis - scalelite-api logging: driver: journald scalelite-recording-importer: - image: ${SCALELITE_REPO:-blindsidenetwks}/scalelite:${SCALELITE_TAG:-v1}-recording-importer + image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} container_name: scalelite-recording-importer restart: unless-stopped + env_file: + - .env environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} + - RECORDING_DISABLED=false + - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} volumes: + - ./log/scalelite-recording-importer/:/app/log - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/spool:/var/bigbluebutton/spool + command: /bin/sh -c "bin/start-recording-importer" depends_on: - - postgres - - redis - scalelite-api logging: driver: journald diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh index 21df2f0..d796b61 100755 --- a/init-letsencrypt.sh +++ b/init-letsencrypt.sh @@ -13,7 +13,7 @@ fi URL_HOST=$(grep URL_HOST .env | cut -d '=' -f2) echo $URL_HOST -domains=($URL_HOST) +domains=($URL_HOST,redis.$URL_HOST) rsa_key_size=4096 data_path="./data/certbot" email="$LETSENCRYPT_EMAIL" # Adding a valid address is strongly recommended |