diff --git a/.gitignore b/.gitignore index fba8d37..774e936 100644 --- a/.gitignore +++ b/.gitignore @@ -8,9 +8,10 @@ /data/* !/data/nginx/ !/data/proxy/ -/data/redis/db/* +/data/redis/db* !/data/redis/ -/data/postgres/* +/data/postgres/db* +!/data/postgres/ /tmp* diff --git a/README-dev.md b/README-dev.md index 5d55482..b9009ab 100644 --- a/README-dev.md +++ b/README-dev.md @@ -1,9 +1,84 @@ -- Install a BBB server -- Add a BBB server +## Installation (short version) -# Setup recordings +On an Ubuntu 22.04 as the host machine. -## Configuring the BBB server +### Prerequisites + +This machine needs to be updated and have installed: + +- Git +- [Docker](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04) +- [Docker Compose](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-22-04) +- Certbot + +### Fetching the scripts + +``` +git clone https://github.com/jfederico/scalelite-run +cd scalelite-run +``` + +### Initializing environment variables + +Create a new `.env` file based on the `dotenv` file included. + +``` +cp dotenv .env +``` + +Most required variables are preset by default, the ones that must be set before starting are: + +``` +SECRET_KEY_BASE= +LOADBALANCER_SECRET= +URL_HOST= +``` + +Obtain the value for SECRET_KEY_BASE and LOADBALANCER_SECRET with: + +``` +sed -i "s/SECRET_KEY_BASE=.*/SECRET_KEY_BASE=$(openssl rand -hex 64)/" .env +sed -i "s/LOADBALANCER_SECRET=.*/LOADBALANCER_SECRET=$(openssl rand -hex 24)/" .env +``` + +Set the hostname on URL_HOST (E.g. sl.example.com) + +``` +sed -i "s/URL_HOST=.*/URL_HOST=sl.example.com" .env +``` + +### Generate LetsEncrypt SSL certificates manually + +``` +source ./.env +certbot certonly --manual -d sl.$DOMAIN_NAME --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges=dns --email --server https://acme-v02.api.letsencrypt.org/director +certbot certonly --manual -d redis.$DOMAIN_NAME --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges=dns --email --server https://acme-v02.api.letsencrypt.org/director +``` + +### Starting the app + +Start the services. + +``` +docker-compose up -d +``` + +The database must be initialized. + +``` +docker exec -i scalelite-api bundle exec rake db:setup +``` + +The BBB servers must be added. + +``` +docker exec -i scalelite-api bundle exec rake servers:add[https://bbb25.example.com/bigbluebutton/api,secret] +docker exec -i scalelite-api bundle exec rake servers:enable[bbb25.example.com] +``` + +### Setup recordings + +#### Configuring the BBB server Init the bbb server as explained in the documentation @@ -35,7 +110,7 @@ spool_dir: scalelite-spool:/home//spool ## adapted Accept the key, this is done only once. -## Final touches in your Local Machine +#### Final touches in your Local Machine 1. Make sure your user has rights to write in the `/mnt/scalelite-recordings/var/bigbluebutton/spool/` diff --git a/data/proxy/haproxy/.keep b/data/postgres/.keep similarity index 100% rename from data/proxy/haproxy/.keep rename to data/postgres/.keep diff --git a/data/proxy/haproxy/haproxy.cfg b/data/proxy/haproxy/haproxy.cfg deleted file mode 100644 index 833f6b9..0000000 --- a/data/proxy/haproxy/haproxy.cfg +++ /dev/null @@ -1,10 +0,0 @@ -global - daemon - maxconn 4096 -defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms -frontend http-in - mode http - bind *:80 diff --git a/data/proxy/nginx/sites.template.scalelite-greenlight-local-protected b/data/proxy/nginx/sites.template.scalelite-greenlight-local-protected deleted file mode 100644 index d28d200..0000000 --- a/data/proxy/nginx/sites.template.scalelite-greenlight-local-protected +++ /dev/null @@ -1,153 +0,0 @@ -#### For - -upstream docker-scalelite-api { - server sl.$NGINX_DOMAINNAME:3000; -} - -upstream docker-scalelite-recordings { - server scalelite-recordings:80; -} - -server { - server_name sl.$NGINX_DOMAINNAME; - - listen 80; - listen [::]:80; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - server_name sl.$NGINX_DOMAINNAME; - - listen 443 ssl; - listen [::]:443 ssl; - - ## Configuration for Letsencrypt SSL Certificate - ssl_certificate /etc/letsencrypt/live/sl.$NGINX_DOMAINNAME/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/sl.$NGINX_DOMAINNAME/privkey.pem; - - ## Configuration for SSL Certificate from a CA other than LetsEncrypt - #ssl_certificate /etc/ssl/fullchain.pem; - #ssl_certificate_key /etc/ssl/privkey.pem; - - location /health_check { - proxy_pass http://docker-scalelite-api; - include /etc/nginx/sites-common; - } - - location /static-resource/ { - rewrite /static-resource(/|$)(.*) /$2 break; - proxy_pass http://docker-scalelite-recordings; - include /etc/nginx/sites-common; - internal; - } - - location /playback { - proxy_pass http://docker-scalelite-recordings; - include /etc/nginx/sites-common; - } - - location / { - proxy_pass http://docker-scalelite-api; - include /etc/nginx/sites-common; - } -} - -#### For - -upstream docker-greenlight { - server gl.$NGINX_DOMAINNAME:3080; -} - -server { - server_name gl.$NGINX_DOMAINNAME; - - listen 80; - listen [::]:80; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - server_name gl.$NGINX_DOMAINNAME *.gl.$NGINX_DOMAINNAME; - - listen 443 ssl; - listen [::]:443 ssl; - - ## Configuration for Letsencrypt SSL Certificate - ssl_certificate /etc/letsencrypt/live/gl.$NGINX_DOMAINNAME/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gl.$NGINX_DOMAINNAME/privkey.pem; - - ## Configuration for SSL Certificate from a CA other than LetsEncrypt - #ssl_certificate /etc/ssl/fullchain.pem; - #ssl_certificate_key /etc/ssl/privkey.pem; - - location /health_check { - proxy_pass http://docker-greenlight; - include /etc/nginx/sites-common; - } - - location / { - proxy_pass http://docker-greenlight; - include /etc/nginx/sites-common; - } -} - -#### For - -upstream docker-greenlight-launcher { - server gll.$NGINX_DOMAINNAME:3081; -} - -server { - server_name gll.$NGINX_DOMAINNAME; - - listen 80; - listen [::]:80; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - server_name gll.$NGINX_DOMAINNAME; - - listen 443 ssl; - listen [::]:443 ssl; - - ## Configuration for Letsencrypt SSL Certificate - ssl_certificate /etc/letsencrypt/live/gll.$NGINX_DOMAINNAME/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gll.$NGINX_DOMAINNAME/privkey.pem; - - ## Configuration for SSL Certificate from a CA other than LetsEncrypt - #ssl_certificate /etc/ssl/fullchain.pem; - #ssl_certificate_key /etc/ssl/privkey.pem; - - location /health_check { - proxy_pass http://docker-greenlight; - include /etc/nginx/sites-common; - } - - location / { - proxy_pass http://docker-greenlight-launcher; - include /etc/nginx/sites-common; - } -} diff --git a/data/proxy/nginx/sites.template.scalelite-local b/data/proxy/nginx/sites.template.scalelite-local index 84f7be4..d53d130 100644 --- a/data/proxy/nginx/sites.template.scalelite-local +++ b/data/proxy/nginx/sites.template.scalelite-local @@ -38,22 +38,19 @@ server { #ssl_certificate_key /etc/ssl/privkey.pem; location /health_check { - proxy_pass http://docker-scalelite-api; + proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; } - location /bigbluebutton/api/ { - proxy_pass http://docker-scalelite-api; + location /static-resource/ { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; + internal; } - location /presentation/ { - proxy_pass http://docker-scalelite-recordings; - include /etc/nginx/sites-common; - } - - location /playback/ { - proxy_pass http://docker-scalelite-recordings; + location /playback { + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; } diff --git a/data/proxy/nginx/sites.template.scalelite-local-protected b/data/proxy/nginx/sites.template.scalelite-local-unprotected similarity index 79% rename from data/proxy/nginx/sites.template.scalelite-local-protected rename to data/proxy/nginx/sites.template.scalelite-local-unprotected index d53d130..b6c755e 100644 --- a/data/proxy/nginx/sites.template.scalelite-local-protected +++ b/data/proxy/nginx/sites.template.scalelite-local-unprotected @@ -42,20 +42,23 @@ server { include /etc/nginx/sites-common; } - location /static-resource/ { - rewrite /static-resource(/|$)(.*) /$2 break; - proxy_pass http://docker-scalelite-recordings; + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; - internal; } - location /playback { - proxy_pass http://docker-scalelite-recordings; + location /presentation/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location /playback/ { + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; } location / { - proxy_pass http://docker-scalelite-api; + proxy_pass http://docker-scalelite-api/health_check; include /etc/nginx/sites-common; } } diff --git a/data/proxy/nginx/sites.template.scalelite-proxy b/data/proxy/nginx/sites.template.scalelite-proxy index fc86ea8..5a8403a 100644 --- a/data/proxy/nginx/sites.template.scalelite-proxy +++ b/data/proxy/nginx/sites.template.scalelite-proxy @@ -26,13 +26,8 @@ server { server { server_name $NGINX_HOSTNAME; - listen 443 ssl http2; - listen [::]:443 ssl http2; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; + listen 443 ssl; + listen [::]:443 ssl; ## Configuration for Letsencrypt SSL Certificate ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; @@ -43,22 +38,19 @@ server { #ssl_certificate_key /etc/ssl/privkey.pem; location /health_check { - proxy_pass http://docker-scalelite-api; + proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; } - location /bigbluebutton/api/ { - proxy_pass http://docker-scalelite-api; + location /static-resource/ { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; + internal; } - location /presentation/ { - proxy_pass http://docker-scalelite-recordings; - include /etc/nginx/sites-common; - } - - location /playback/ { - proxy_pass http://docker-scalelite-recordings; + location /playback { + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; } diff --git a/data/proxy/nginx/sites.template.scalelite-proxy-protected b/data/proxy/nginx/sites.template.scalelite-proxy-unprotected similarity index 72% rename from data/proxy/nginx/sites.template.scalelite-proxy-protected rename to data/proxy/nginx/sites.template.scalelite-proxy-unprotected index 5a8403a..f8e4ecf 100644 --- a/data/proxy/nginx/sites.template.scalelite-proxy-protected +++ b/data/proxy/nginx/sites.template.scalelite-proxy-unprotected @@ -38,24 +38,27 @@ server { #ssl_certificate_key /etc/ssl/privkey.pem; location /health_check { - proxy_pass http://docker-scalelite-api; + proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; } - location /static-resource/ { - rewrite /static-resource(/|$)(.*) /$2 break; - proxy_pass http://docker-scalelite-recordings; + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; - internal; } - location /playback { - proxy_pass http://docker-scalelite-recordings; + location /presentation/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location /playback/ { + proxy_pass http://docker-scalelite-recordings; include /etc/nginx/sites-common; } location / { - proxy_pass http://docker-scalelite-api; + proxy_pass http://docker-scalelite-api/health_check; include /etc/nginx/sites-common; } } diff --git a/data/redis/.keep b/data/redis/.keep new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose-dev-gl.yml b/docker-compose-dev-gl.yml deleted file mode 100644 index 6cee08b..0000000 --- a/docker-compose-dev-gl.yml +++ /dev/null @@ -1,219 +0,0 @@ -version: '3' - -volumes: - postgres-data-dev: - driver: local - driver_opts: - type: 'none' - o: 'bind' - device: '${DOCKER_VOL_POSTGRES_DATA}' - redis-data-dev: - driver: local - driver_opts: - type: 'none' - o: 'bind' - device: '${DOCKER_VOL_REDIS_DATA}' - -services: - postgres: - image: postgres:11-alpine - container_name: postgres - restart: unless-stopped - ports: - - "5432:5432" - environment: - - POSTGRES_USER=${POSTGRES_USER:-postgres} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} - volumes: - - postgres-data-dev:/var/lib/postgresql/data - - redis: - image: redis:6.2-alpine - container_name: redis - restart: unless-stopped - ports: - - "6379:6379" - volumes: - - redis-data-dev:/data - - ./data/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf - - ./data/certbot/conf/:/etc/letsencrypt -# command: ["redis-server", "/usr/local/etc/redis/redis.conf"] - command: ["redis-server", "--appendonly", "yes"] - - certbot: - image: certbot/certbot - container_name: certbot - volumes: - - ./log/certbot/:/var/log/letsencrypt - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - - # scalelite-haproxy: - # image: haproxy:alpine - # container_name: scalelite-haproxy - # restart: always - # ports: - # - "80:80" - # - "443:443" - # volumes: - # - ./data/proxy/haproxy/:/usr/local/etc/haproxy - # networks: - # - default - - nginx: - image: nginx:1.18 -# Custom nginx with amazonlinux -# image: blindsidenetwks/nginx:amazonlinux - container_name: nginx - restart: unless-stopped - ports: - - "80:80" - - "443:443" - environment: - - NGINX_DOMAINNAME=${DOMAIN_NAME:-xlab.blindside-dev.com} - volumes: - - ./log/proxy-nginx/:/var/log/nginx - - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template - - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot - depends_on: - - certbot - - scalelite-api - - scalelite-recordings - - greenlight - - greenlight-launcher - command: /bin/bash -c "envsubst '$$NGINX_DOMAINNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'" - - scalelite-recordings: - image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine} - container_name: scalelite-recordings - restart: unless-stopped - volumes: - - ./log/recordings/:/var/log/nginx - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published - depends_on: - - scalelite-api - - scalelite-api: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-api - restart: unless-stopped - env_file: - - .env - environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - RECORDING_DISABLED=${RECORDING_DISABLED-false} - - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} - - PROTECTED_RECORDINGS_ENABLED=${PROTECTED_RECORDINGS_ENABLED-false} - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} - volumes: - - ./log/scalelite-api/:/srv/scalelite/log/ - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - depends_on: - - postgres - - redis - logging: - driver: journald - - scalelite-poller: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-poller - restart: unless-stopped - env_file: - - .env - environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME-false} - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} - volumes: - - ./log/scalelite-poller/:/app/log - command: /bin/sh -c "bin/start-poller" - depends_on: - - scalelite-api - logging: - driver: journald - - scalelite-recording-importer: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-recording-importer - restart: unless-stopped - env_file: - - .env - environment: - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - RECORDING_DISABLED=false - - PROTECTED_RECORDINGS_ENABLED=${PROTECTED_RECORDINGS_ENABLED-false} - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT} - volumes: - - ./log/scalelite-recording-importer/:/app/log - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/spool:/var/bigbluebutton/spool - command: /bin/sh -c "bin/start-recording-importer" - depends_on: - - postgres - - redis - - scalelite-api - logging: - driver: journald - - greenlight: - entrypoint: [bin/start] - image: ${GREENLIGHT_DOCKER_IMAGE:-bigbluebutton/greenlight:latest} - container_name: greenlight - restart: unless-stopped - ports: - - "3180:80" - links: - - postgres - # volumes: - # - greenlight:/usr/src/app - logging: - driver: journald - env_file: ./data/greenlight/.env - environment: - - DOMAINNAME=${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com} - - DATABASE_URL = postgresql://postgres:password@postgres:5432/greenlight_production - - DB_ADAPTER=postgresql - - DB_HOST=postgres - - DB_PORT=5432 - - DB_NAME=greenlight_production - - DB_USERNAME=postgres - - DB_PASSWORD=password - - BN_LAUNCHER_REDIRECT_URI=https://gll.${DOMAIN_NAME:-xlab.blindside-dev.com} - - GL_CALLBACK_URL=https://gl.${DOMAIN_NAME:-xlab.blindside-dev.com} - - GREENLIGHT_SESSION_DOMAIN=${DOMAIN_NAME:-xlab.blindside-dev.com} -# - LOADBALANCER_ENDPOINT=https://lb5.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com}/loadbalancer/ -# - RAILS_LOG_REMOTE_NAME=udp://logs.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com}:1514 -# - RAILS_LOG_REMOTE_TAG=gl.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com}.com -# - REDIS_URL=redis://redis.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com}:6379 -# - SMTP_DOMAIN=${DOMAIN_ROOT:-blindside-dev.com} -# - SMTP_SENDER=no-reply@${DOMAIN_ROOT:-blindside-dev.com} -# - SMTP_SERVER=smtp.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com} -# - URL_HOST=gl.${DOMAIN_SUB:-xlab}.${DOMAIN_ROOT:-blindside-dev.com} - - greenlight-launcher: - entrypoint: [bin/start] - image: ${GREENLIGHT_LAUNCHER_DOCKER_IMAGE:-blindsidenetwks/greenlight-launcher:latest} - container_name: launcher - restart: unless-stopped - ports: - - "3181:3000" - links: - - postgres - logging: - driver: journald - env_file: ./data/greenlight-launcher/.env - environment: - - DOMAINNAME=${DOMAIN_NAME:-xlab.blindside-dev.com} - - DB_ADAPTER=postgresql - - DB_HOST=postgres - - DB_NAME=greenlight_launcher_production - - DB_USERNAME=postgres - - DB_PASSWORD=password - - GL_CALLBACK_URL=https://gl.${DOMAIN_NAME:-xlab.blindside-dev.com} - - GREENLIGHT_HOST=https://gl.${DOMAIN_NAME:-xlab.blindside-dev.com} - - LAUNCHER_HOST=https://gll.${DOMAIN_NAME:-xlab.blindside-dev.com} - # - LOADBALANCER_ENDPOINT=https://lb5.${DOMAIN_NAME:-xlab.blindside-dev.com}/loadbalancer/ diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index e9e16d1..e8df484 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -2,13 +2,11 @@ version: '3' volumes: postgres-data-dev: - driver: local driver_opts: type: 'none' o: 'bind' device: '${DOCKER_VOL_POSTGRES_DATA}' redis-data-dev: - driver: local driver_opts: type: 'none' o: 'bind' @@ -36,34 +34,11 @@ services: volumes: - redis-data-dev:/data - ./data/redis/conf/redis.conf.template:/usr/local/etc/redis/redis.conf.template - - ./data/certbot/conf/:/etc/letsencrypt + - /etc/letsencrypt:/etc/letsencrypt command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes" - certbot: - image: certbot/certbot - container_name: certbot - volumes: - - ./log/certbot/:/var/log/letsencrypt - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - - # scalelite-haproxy: - # image: haproxy:alpine - # container_name: scalelite-haproxy - # restart: always - # ports: - # - "80:80" - # - "443:443" - # volumes: - # - ./data/proxy/haproxy/:/usr/local/etc/haproxy - # networks: - # - default - scalelite-nginx: image: nginx:1.18 -# Custom nginx with amazonlinux -# image: blindsidenetwks/nginx:amazonlinux container_name: scalelite-nginx restart: unless-stopped ports: @@ -75,8 +50,7 @@ services: - ./log/proxy-nginx/:/var/log/nginx - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot + - /etc/letsencrypt:/etc/letsencrypt depends_on: - certbot - scalelite-api @@ -156,9 +130,3 @@ services: - scalelite-api logging: driver: journald - - ubuntu: - image: ubuntu:22.04 - container_name: ubuntu - restart: unless-stopped - command: ["sleep","infinity"] diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml deleted file mode 100644 index 2a8f74e..0000000 --- a/docker-compose-redis.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '3' - -volumes: - redis-data: - -services: - redis: - image: redis:6.2 - container_name: redis - restart: unless-stopped - volumes: - - redis-data:/data - - ./data/redis/conf/redis.conf.template:/usr/local/etc/redis/redis.conf.template - - ./data/certbot/conf/:/etc/letsencrypt - command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes" diff --git a/docker-compose-ssl.yml b/docker-compose-ssl.yml deleted file mode 100644 index 4407083..0000000 --- a/docker-compose-ssl.yml +++ /dev/null @@ -1,125 +0,0 @@ -version: '3' - -volumes: - postgres-data: - redis-data: - -services: - postgres: - image: postgres:11-alpine - container_name: postgres - restart: unless-stopped - environment: - - POSTGRES_USER=${POSTGRES_USER:-postgres} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password} - volumes: - - postgres-data:/var/lib/postgresql/data - - redis: - image: redis:6.2-alpine - container_name: redis - restart: unless-stopped - volumes: - - redis-data:/data - - ./data/redis/conf/redis.conf.template:/usr/local/etc/redis/redis.conf.template - - ./data/certbot/conf/:/etc/letsencrypt - command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes" - - certbot: - image: certbot/certbot:v1.11.0 - container_name: certbot - volumes: - - ./log/certbot/:/var/log/letsencrypt - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" - - scalelite-proxy: - image: nginx:1.18 - container_name: scalelite-proxy - restart: unless-stopped - ports: - - "80:80" - - "443:443" - environment: - - NGINX_HOSTNAME=${URL_HOST:-sl.xlab.blindside-dev.com} - volumes: - - ./log/proxy-nginx/:/var/log/nginx - - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template - - ./data/proxy/nginx/sites-common:/etc/nginx/sites-common - - ./data/certbot/conf/:/etc/letsencrypt - - ./data/certbot/www/:/var/www/certbot - depends_on: - - certbot - - scalelite-api - - scalelite-recordings - command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'" - - scalelite-recordings: - image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine} - container_name: scalelite-recordings - restart: unless-stopped - volumes: - - ./log/recordings/:/var/log/nginx - - ${SCALELITE_RECORDING_DIR:-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published - depends_on: - - scalelite-api - - scalelite-api: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-api - restart: unless-stopped - env_file: - - .env - environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - RECORDING_DISABLED=${RECORDING_DISABLED:-false} - - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME:-false} - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT:-false} - volumes: - - ./log/scalelite-api/:/srv/scalelite/log/ - - ${SCALELITE_RECORDING_DIR:-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - depends_on: - - postgres - - redis - logging: - driver: journald - - scalelite-poller: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-poller - restart: unless-stopped - env_file: - - .env - environment: - - REDIS_URL=${REDIS_URL:-redis://redis:6379} - - SERVER_ID_IS_HOSTNAME=${SERVER_ID_IS_HOSTNAME:-false} - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT:-false} - volumes: - - ./log/scalelite-poller/:/app/log - command: /bin/sh -c "bin/start-poller" - depends_on: - - scalelite-api - logging: - driver: journald - - scalelite-recording-importer: - image: ${SCALELITE_DOCKER_IMAGE:-blindsidenetwks/scalelite:v1.1} - container_name: scalelite-recording-importer - restart: unless-stopped - env_file: - - .env - environment: - - DATABASE_URL=${DATABASE_URL:-postgres://postgres:password@postgres:5432/scalelite?pool=5} - - RECORDING_DISABLED=false - - RAILS_LOG_TO_STDOUT=${RAILS_LOG_TO_STDOUT:-false} - volumes: - - ./log/scalelite-recording-importer/:/app/log - - ${SCALELITE_RECORDING_DIR:-/mnt/scalelite-recordings/var/bigbluebutton}:/var/bigbluebutton - - ${SCALELITE_RECORDING_DIR:-/mnt/scalelite-recordings/var/bigbluebutton}/spool:/var/bigbluebutton/spool - command: /bin/sh -c "bin/start-recording-importer" - depends_on: - - scalelite-api - logging: - driver: journald diff --git a/dotenv b/dotenv index 3e0e10e..405c421 100644 --- a/dotenv +++ b/dotenv @@ -41,8 +41,8 @@ SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-am # RECORDING_IMPORT_UNPUBLISHED=false # ### Optional when using docker-compose-dev.yml -# DOCKER_VOL_POSTGRES_DATA=~/scalelite-run/data/postgres -# DOCKER_VOL_REDIS_DATA=~/scalelite-run/data/redis +# DOCKER_VOL_POSTGRES_DATA=/home/ubuntu/scalelite-run/data/postgres/db +# DOCKER_VOL_REDIS_DATA=data/redis/db # ### Optional for development when using different profiles # DOCKER_PROXY_NGINX_TEMPLATE=scalelite-proxy diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh index 83e8d3b..bc9107d 100755 --- a/init-letsencrypt.sh +++ b/init-letsencrypt.sh @@ -96,7 +96,6 @@ docker-compose run --rm --entrypoint "\ rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot echo - echo "### Requesting Let's Encrypt certificate for $domains ..." #Join $domains to -d args domain_args=""