updates to support recording formats new in 2.5+

.gitignore

@@ -6,12 +6,15 @@
 /scalelite/tmp*
 
 /data/*
+/data/certbot/conf*
+!/data/certbot/
 !/data/nginx/
 !/data/proxy/
 /data/redis/db*
 !/data/redis/
 /data/postgres/db*
 !/data/postgres/
+!/data/keycloak/
 
 /tmp*
 

data/proxy/nginx/sites.template.scalelite-local

@@ -1,7 +1,7 @@
-#### For <$NGINX_HOSTNAME>
+#### For <sl.$NGINX_HOSTNAME>
 
 upstream docker-scalelite-api {
-    server $NGINX_HOSTNAME:3000;
+    server sl.$NGINX_HOSTNAME:3000;
 }
 
 upstream docker-scalelite-recordings {
@@ -9,7 +9,7 @@ upstream docker-scalelite-recordings {
 }
 
 server {
-    server_name $NGINX_HOSTNAME;
+    server_name sl.$NGINX_HOSTNAME;
 
     listen  80;
     listen [::]:80;
@@ -24,14 +24,14 @@ server {
 }
 
 server {
-    server_name $NGINX_HOSTNAME;
+    server_name sl.$NGINX_HOSTNAME;
 
     listen 443 ssl;
     listen [::]:443 ssl;
 
     ## Configuration for Letsencrypt SSL Certificate
-    ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/sl.$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/sl.$NGINX_HOSTNAME/privkey.pem;
 
     ## Configuration for SSL Certificate from a CA other than LetsEncrypt
     #ssl_certificate /etc/ssl/fullchain.pem;
@@ -54,8 +54,61 @@ server {
         include /etc/nginx/sites-common;
     }
 
+    location /recording {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
     location / {
         proxy_pass http://docker-scalelite-api;
         include /etc/nginx/sites-common;
     }
 }
+
+#### For <kc.$NGINX_HOSTNAME>
+
+upstream keycloak-server {
+    server keycloak:8080;
+}
+
+server {
+    server_name kc.$NGINX_HOSTNAME;
+
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443;
+
+    ## Configuration for Letsencrypt SSL Certificate
+    ssl_certificate /etc/letsencrypt/live/kc.$NGINX_HOSTNAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/kc.$NGINX_HOSTNAME/privkey.pem;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        proxy_pass  http://keycloak-server;
+
+        proxy_read_timeout 60s;
+        proxy_redirect off;
+
+        proxy_set_header  Host $http_host;
+
+        proxy_set_header  X-Real-IP $remote_addr;
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_set_header  X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_headers_hash_max_size 512;
+        proxy_headers_hash_bucket_size 128;
+
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+    }
+}

data/proxy/nginx/sites.template.scalelite-local-unprotected

@@ -57,6 +57,11 @@ server {
         include /etc/nginx/sites-common;
     }
 
+    location /recording/ {
+        proxy_pass  http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
     location / {
         proxy_pass http://docker-scalelite-api/health_check;
         include /etc/nginx/sites-common;

data/proxy/nginx/sites.template.scalelite-proxy

@@ -54,6 +54,11 @@ server {
         include /etc/nginx/sites-common;
     }
 
+    location /recording {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
     location / {
         proxy_pass http://docker-scalelite-api;
         include /etc/nginx/sites-common;

data/proxy/nginx/sites.template.scalelite-proxy-unprotected

@@ -57,6 +57,11 @@ server {
         include /etc/nginx/sites-common;
     }
 
+    location /recording {
+        proxy_pass http://docker-scalelite-recordings;
+        include /etc/nginx/sites-common;
+    }
+
     location / {
         proxy_pass http://docker-scalelite-api/health_check;
         include /etc/nginx/sites-common;

docker-compose-dev.yml

@@ -38,14 +38,14 @@ services:
     command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes"
 
   scalelite-nginx:
-    image: nginx:1.18
+    image: nginx:1.24
     container_name: scalelite-nginx
     restart: unless-stopped
     ports:
       - "80:80"
       - "443:443"
     environment:
-      - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com}
+      - NGINX_HOSTNAME=${DOMAIN_NAME:-xlab.blindside-dev.com}
     volumes:
       - ./log/proxy-nginx/:/var/log/nginx
       - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template
@@ -58,9 +58,11 @@ services:
     command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
 
   scalelite-recordings:
-    image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine}
+    image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:focal-260-alpine}
     container_name: scalelite-recordings
     restart: unless-stopped
+    ports:
+      - "8001:80"
     volumes:
       - ./log/recordings/:/var/log/nginx
       - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published
@@ -130,3 +132,34 @@ services:
       - scalelite-api
     logging:
       driver: journald
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:19.0.3-legacy
+    # image: quay.io/keycloak/keycloak:19.0.3
+    # command: "start-dev --auto-build"
+    container_name: keycloak
+    restart: unless-stopped
+    environment:
+      # KEYCLOAK_ADMIN: admin
+      # KEYCLOAK_ADMIN_PASSWORD: adminadmin
+      # KC_DB_URL: postgres
+      # KC_DB: keycloakdb
+      # KC_DB_USERNAME: postgres
+      # KC_DB_PASSWORD: password
+      # KC_HOSTNAME_STRICT: "false"
+      # KC_PROXY: edge
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: adminadmin
+      DB_VENDOR: POSTGRES
+      DB_ADDR: postgres
+      DB_DATABASE: keycloakdb
+      DB_USER: postgres
+      DB_PASSWORD: password
+      PROXY_ADDRESS_FORWARDING: "true"
+    volumes:
+      - ./data/certbot/conf/:/etc/letsencrypt
+      - ./data/certbot/conf/live/kc.${DOMAIN_NAME:-xlab.blindside-dev.com}/cert.pem:/etc/x509/https/tls.crt
+      - ./data/certbot/conf/live/kc.${DOMAIN_NAME:-xlab.blindside-dev.com}/privkey.pem:/etc/x509/https/tls.key
+      - ./data/keycloak/themes/demo:/opt/jboss/keycloak/themes/demo
+    depends_on:
+      - postgres

docker-compose.yml

@@ -35,7 +35,7 @@ services:
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
 
   scalelite-proxy:
-    image: nginx:1.18
+    image: nginx:1.24
     container_name: scalelite-proxy
     restart: unless-stopped
     ports:
@@ -56,7 +56,7 @@ services:
     command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
 
   scalelite-recordings:
-    image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine}
+    image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:focal-260-alpine}
     container_name: scalelite-recordings
     restart: unless-stopped
     volumes:

dotenv

@@ -22,7 +22,7 @@ URL_HOST=
 SCALELITE_DOCKER_IMAGE=blindsidenetwks/scalelite:v1.0
 #
 ### Required when recordings are enabled and using BigBlueButton Playback Proxy to serve the recordings.
-SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-amazonlinux
+SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:focal-260-amazonlinux
 #
 ### Optional for postgres when using docker-compose
 # POSTGRES_USER=