diff --git a/.gitignore b/.gitignore index 774e936..4d48cb6 100644 --- a/.gitignore +++ b/.gitignore @@ -6,12 +6,15 @@ /scalelite/tmp* /data/* +/data/certbot/conf* +!/data/certbot/ !/data/nginx/ !/data/proxy/ /data/redis/db* !/data/redis/ /data/postgres/db* !/data/postgres/ +!/data/keycloak/ /tmp* diff --git a/data/certbot/.keep b/data/certbot/.keep new file mode 100644 index 0000000..e69de29 diff --git a/data/proxy/nginx/sites.template.scalelite-local b/data/proxy/nginx/sites.template.scalelite-local index d53d130..1e31f11 100644 --- a/data/proxy/nginx/sites.template.scalelite-local +++ b/data/proxy/nginx/sites.template.scalelite-local @@ -1,7 +1,7 @@ -#### For <$NGINX_HOSTNAME> +#### For upstream docker-scalelite-api { - server $NGINX_HOSTNAME:3000; + server sl.$NGINX_HOSTNAME:3000; } upstream docker-scalelite-recordings { @@ -9,7 +9,7 @@ upstream docker-scalelite-recordings { } server { - server_name $NGINX_HOSTNAME; + server_name sl.$NGINX_HOSTNAME; listen 80; listen [::]:80; @@ -24,14 +24,14 @@ server { } server { - server_name $NGINX_HOSTNAME; + server_name sl.$NGINX_HOSTNAME; listen 443 ssl; listen [::]:443 ssl; ## Configuration for Letsencrypt SSL Certificate - ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + ssl_certificate /etc/letsencrypt/live/sl.$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/sl.$NGINX_HOSTNAME/privkey.pem; ## Configuration for SSL Certificate from a CA other than LetsEncrypt #ssl_certificate /etc/ssl/fullchain.pem; @@ -54,8 +54,61 @@ server { include /etc/nginx/sites-common; } + location /recording { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + location / { proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; } } + +#### For + +upstream keycloak-server { + server keycloak:8080; +} + +server { + server_name kc.$NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/kc.$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/kc.$NGINX_HOSTNAME/privkey.pem; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + proxy_pass http://keycloak-server; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_headers_hash_max_size 512; + proxy_headers_hash_bucket_size 128; + + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + } +} diff --git a/data/proxy/nginx/sites.template.scalelite-local-unprotected b/data/proxy/nginx/sites.template.scalelite-local-unprotected index b6c755e..43da30c 100644 --- a/data/proxy/nginx/sites.template.scalelite-local-unprotected +++ b/data/proxy/nginx/sites.template.scalelite-local-unprotected @@ -57,6 +57,11 @@ server { include /etc/nginx/sites-common; } + location /recording/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + location / { proxy_pass http://docker-scalelite-api/health_check; include /etc/nginx/sites-common; diff --git a/data/proxy/nginx/sites.template.scalelite-proxy b/data/proxy/nginx/sites.template.scalelite-proxy index 5a8403a..a117a1b 100644 --- a/data/proxy/nginx/sites.template.scalelite-proxy +++ b/data/proxy/nginx/sites.template.scalelite-proxy @@ -54,6 +54,11 @@ server { include /etc/nginx/sites-common; } + location /recording { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + location / { proxy_pass http://docker-scalelite-api; include /etc/nginx/sites-common; diff --git a/data/proxy/nginx/sites.template.scalelite-proxy-unprotected b/data/proxy/nginx/sites.template.scalelite-proxy-unprotected index f8e4ecf..57781b1 100644 --- a/data/proxy/nginx/sites.template.scalelite-proxy-unprotected +++ b/data/proxy/nginx/sites.template.scalelite-proxy-unprotected @@ -57,6 +57,11 @@ server { include /etc/nginx/sites-common; } + location /recording { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + location / { proxy_pass http://docker-scalelite-api/health_check; include /etc/nginx/sites-common; diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index e8df484..0a77793 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -38,14 +38,14 @@ services: command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes" scalelite-nginx: - image: nginx:1.18 + image: nginx:1.24 container_name: scalelite-nginx restart: unless-stopped ports: - "80:80" - "443:443" environment: - - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com} + - NGINX_HOSTNAME=${DOMAIN_NAME:-xlab.blindside-dev.com} volumes: - ./log/proxy-nginx/:/var/log/nginx - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template @@ -58,9 +58,11 @@ services: command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'" scalelite-recordings: - image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine} + image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:focal-260-alpine} container_name: scalelite-recordings restart: unless-stopped + ports: + - "8001:80" volumes: - ./log/recordings/:/var/log/nginx - ${SCALELITE_RECORDING_DIR-/mnt/scalelite-recordings/var/bigbluebutton}/published:/var/bigbluebutton/published @@ -130,3 +132,34 @@ services: - scalelite-api logging: driver: journald + + keycloak: + image: quay.io/keycloak/keycloak:19.0.3-legacy + # image: quay.io/keycloak/keycloak:19.0.3 + # command: "start-dev --auto-build" + container_name: keycloak + restart: unless-stopped + environment: + # KEYCLOAK_ADMIN: admin + # KEYCLOAK_ADMIN_PASSWORD: adminadmin + # KC_DB_URL: postgres + # KC_DB: keycloakdb + # KC_DB_USERNAME: postgres + # KC_DB_PASSWORD: password + # KC_HOSTNAME_STRICT: "false" + # KC_PROXY: edge + KEYCLOAK_USER: admin + KEYCLOAK_PASSWORD: adminadmin + DB_VENDOR: POSTGRES + DB_ADDR: postgres + DB_DATABASE: keycloakdb + DB_USER: postgres + DB_PASSWORD: password + PROXY_ADDRESS_FORWARDING: "true" + volumes: + - ./data/certbot/conf/:/etc/letsencrypt + - ./data/certbot/conf/live/kc.${DOMAIN_NAME:-xlab.blindside-dev.com}/cert.pem:/etc/x509/https/tls.crt + - ./data/certbot/conf/live/kc.${DOMAIN_NAME:-xlab.blindside-dev.com}/privkey.pem:/etc/x509/https/tls.key + - ./data/keycloak/themes/demo:/opt/jboss/keycloak/themes/demo + depends_on: + - postgres diff --git a/docker-compose.yml b/docker-compose.yml index 15169fa..9ccefde 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,7 +35,7 @@ services: entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" scalelite-proxy: - image: nginx:1.18 + image: nginx:1.24 container_name: scalelite-proxy restart: unless-stopped ports: @@ -56,7 +56,7 @@ services: command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'" scalelite-recordings: - image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine} + image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:focal-260-alpine} container_name: scalelite-recordings restart: unless-stopped volumes: diff --git a/dotenv b/dotenv index 405c421..a3904fa 100644 --- a/dotenv +++ b/dotenv @@ -22,7 +22,7 @@ URL_HOST= SCALELITE_DOCKER_IMAGE=blindsidenetwks/scalelite:v1.0 # ### Required when recordings are enabled and using BigBlueButton Playback Proxy to serve the recordings. -SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:bionic-230-amazonlinux +SCALELITE_RECORDINGS_DOCKER_IMAGE=bigbluebutton/bbb-playback-proxy:focal-260-amazonlinux # ### Optional for postgres when using docker-compose # POSTGRES_USER=