Merge branch 'dev'

README.md

@@ -365,9 +365,14 @@ If you want to enable the Transcribing function, these options are required:
 Variable | Description | Example
 --- | --- | ---
 `ENABLE_TRANSCRIPTIONS` | Enable Jigasi transcription in a conference | 1
-`GOOGLE_APPLICATION_CREDENTIALS` | Credentials for connect to Cloud Google API from Jigasi. Path located inside the container | /config/key.json
-
-For setting `GOOGLE_APPLICATION_CREDENTIALS` please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
+`GC_PROJECT_ID` | `project_id` from Google Cloud Credetials
+`GC_PRIVATE_KEY_ID` | `private_key_id` from Google Cloud Credetials
+`GC_PRIVATE_KEY` | `private_key` from Google Cloud Credetials
+`GC_CLIENT_EMAIL` | `client_email` from Google Cloud Credetials
+`GC_CLIENT_ID` | `client_id` from Google Cloud Credetials
+`GC_CLIENT_CERT_URL` | `client_x509_cert_url` from Google Cloud Credetials
+
+For setting the Google Cloud Credentials please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
 
 ### Advanced configuration
 

env.example

@@ -15,7 +15,7 @@ HTTPS_PORT=8443
 TZ=Europe/Amsterdam
 
 # Public URL for the web service.
-#PUBLIC_URL="https://meet.example.com"
+#PUBLIC_URL=https://meet.example.com
 
 # IP address of the Docker host. See the "Running on a LAN environment" section
 # in the README.
@@ -246,11 +246,15 @@ JIGASI_PORT_MAX=20050
 # Jigasi post to the chat an url with transcription file. Default false.
 #JIGASI_TRANSCRIBER_ADVERTISE_URL=true
 
-# Credentials for connect to Cloud Google API from Jigasi. Path located inside the container.
-# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol
-# section "Before you begin" from 1 to 5 paragraph. Copy the key on
-# the docker host to ${CONFIG}/jigasi/key.json and to enable this setting:
-#GOOGLE_APPLICATION_CREDENTIALS=/config/key.json
+# Credentials for connect to Cloud Google API from Jigasi
+# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol section "Before you begin" from 1 to 5 paragraph.
+# Copy the values from the json to the related env vars
+#GC_PROJECT_ID=
+#GC_PRIVATE_KEY_ID=
+#GC_PRIVATE_KEY=
+#GC_CLIENT_EMAIL=
+#GC_CLIENT_ID=
+#GC_CLIENT_CERT_URL=
 
 # Enable recording
 #ENABLE_RECORDING=1

examples/kubernetes/README.md

@@ -0,0 +1,26 @@
+# Install guide for kubernetes
+
+This guide will deploy jitsi in the most simple way: as several containers in a single pod. This is enough to start in case your hardware is enough. If you need to scale components to severa instance, you'll have to modify it to use several services and pods.
+
+Create a namespace to deploy jitsi to:
+
+`kubectl create namespace jitsi`
+
+Add the secret with secret values (replace `...` with some random strings):
+
+`kubectl create secret generic jitsi-config --from-literal=JICOFO_COMPONENT_SECRET=... --from-literal=JICOFO_AUTH_PASSWORD=... --from-literal=JVB_AUTH_PASSWORD=... `
+
+Deploy the service to listen for JVB UDP traffic on all cluster nodes port 30300:
+
+`kubectl create -f jvb-service.yaml`
+
+Now we can deploy the rest of the application:
+
+`kubectl create -f deployment.yaml`
+
+To expose the webapp, we can use Ingress (replace the `host` value with your actual hostname):
+
+`kubectl create -f web-service.yaml`
+
+You can either use "https" or "http" service port, depending on whether your ingress allows self-signed certs.
+

examples/kubernetes/deployment.yaml

@@ -0,0 +1,143 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: jitsi
+  name: jitsi
+  namespace: jitsi
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      k8s-app: jitsi
+  template:
+    metadata:
+      labels:
+        k8s-app: jitsi
+    spec:
+      containers:
+        - name: jicofo
+          image: jitsi/jicofo
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: America/Los_Angeles
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+        - name: prosody
+          image: jitsi/prosody
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JICOFO_COMPONENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_COMPONENT_SECRET
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: TZ
+              value: America/Los_Angeles
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: web
+          image: jitsi/web
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: XMPP_BOSH_URL_BASE
+              value: http://127.0.0.1:5280
+            - name: XMPP_MUC_DOMAIN
+              value: muc.meet.jitsi
+            - name: TZ
+              value: America/Los_Angeles
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+        - name: jvb
+          image: jitsi/jvb
+          imagePullPolicy: Always
+          env:
+            - name: XMPP_SERVER
+              value: localhost
+            - name: DOCKER_HOST_ADDRESS
+              value: <Set the address for any node in the cluster here>
+            - name: XMPP_DOMAIN
+              value: meet.jitsi
+            - name: XMPP_AUTH_DOMAIN
+              value: auth.meet.jitsi
+            - name: XMPP_INTERNAL_MUC_DOMAIN
+              value: internal-muc.meet.jitsi
+            - name: JVB_STUN_SERVERS
+              value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
+            - name: JICOFO_AUTH_USER
+              value: focus
+            - name: JVB_TCP_HARVESTER_DISABLED
+              value: "true"
+            - name: JVB_AUTH_USER
+              value: jvb
+            - name: JVB_PORT
+              value: "30300"
+            - name: JVB_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JVB_AUTH_PASSWORD
+            - name: JICOFO_AUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: jitsi-config
+                  key: JICOFO_AUTH_PASSWORD
+            - name: JVB_BREWERY_MUC
+              value: jvbbrewery
+            - name: TZ
+              value: America/Los_Angeles

examples/kubernetes/jvb-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    service: jvb
+  name: jvb-udp
+  namespace: jitsi
+spec:
+  type: NodePort
+  externalTrafficPolicy: Cluster
+  ports:
+  - port: 30300
+    protocol: UDP
+    targetPort: 30300
+    nodePort: 30300
+  selector:
+    k8s-app: jitsi

examples/kubernetes/web-service.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    service: web
+  name: web
+  namespace: jitsi
+spec:
+  ports:
+  - name: "http"
+    port: 80
+    targetPort: 80
+  - name: "https"
+    port: 443
+    targetPort: 443
+  selector:
+    k8s-app: jitsi
+---
+ apiVersion: networking.k8s.io/v1beta1
+ kind: Ingress
+ metadata:
+   name: jitsi
+   namespace: jitsi
+ spec:
+  rules:
+  - host: ...
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: web
+          servicePort: https

jibri.yml

@@ -28,6 +28,8 @@ services:
             - JIBRI_LOGS_DIR
             - DISPLAY=:0
             - TZ
+        depends_on:
+            - jicofo
         networks:
             meet.jitsi:
 

jicofo/rootfs/etc/cont-init.d/10-config

@@ -8,3 +8,4 @@ if [[ ! -f /config/logging.properties ]]; then
     cp /defaults/logging.properties /config
 fi
 
+chown -R jicofo:jitsi /config

jigasi.yml

@@ -34,7 +34,12 @@ services:
             - JIGASI_TRANSCRIBER_ADVERTISE_URL
             - JIGASI_TRANSCRIBER_RECORD_AUDIO
             - JIGASI_TRANSCRIBER_SEND_TXT
-            - GOOGLE_APPLICATION_CREDENTIALS
+            - GC_PROJECT_ID
+            - GC_PRIVATE_KEY_ID
+            - GC_PRIVATE_KEY
+            - GC_CLIENT_EMAIL
+            - GC_CLIENT_ID
+            - GC_CLIENT_CERT_URL
             - TZ
         depends_on:
             - prosody

jigasi/Dockerfile

@@ -1,11 +1,13 @@
 ARG JITSI_REPO=jitsi
 FROM ${JITSI_REPO}/base-java
 
+ENV GOOGLE_APPLICATION_CREDENTIALS /config/key.json
+
 RUN \
 	apt-dpkg-wrap apt-get update && \
-	apt-dpkg-wrap apt-get install -y jigasi && \
+	apt-dpkg-wrap apt-get install -y jigasi jq && \
 	apt-cleanup
 
 COPY rootfs/ /
 
-VOLUME /config
+VOLUME ["/config", "/tmp/transcripts"]

jigasi/rootfs/defaults/sip-communicator.properties

@@ -109,6 +109,12 @@ org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000
 
 org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
 org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }}
+org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
+org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
+org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
+org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
+org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
+org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
 {{ if .Env.ENABLE_AUTH | default "0" | toBool }}
 org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}
 org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }}

jigasi/rootfs/etc/cont-init.d/10-config

@@ -10,3 +10,32 @@ fi
 
 mkdir -pm777 /tmp/transcripts
 chown jigasi:jitsi /tmp/transcripts
+
+# Create Google Cloud Credentials
+if [[ $ENABLE_TRANSCRIPTIONS -eq 1 || $ENABLE_TRANSCRIPTIONS == "true" ]] && [[ ! -f /config/key.json ]]; then
+    if [[ -z $GC_PROJECT_ID || -z $GC_PRIVATE_KEY_ID || -z $GC_PRIVATE_KEY || -z $GC_CLIENT_EMAIL || -z $GC_CLIENT_ID || -z $GC_CLIENT_CERT_URL ]]; then
+        echo 'Transcriptions: One or more environment variables are undefined'
+        exit 1
+    fi
+
+    jq -n \
+        --arg GC_PROJECT_ID "$GC_PROJECT_ID" \
+        --arg GC_PRIVATE_KEY_ID "$GC_PRIVATE_KEY_ID" \
+        --arg GC_PRIVATE_KEY "$GC_PRIVATE_KEY" \
+        --arg GC_CLIENT_EMAIL "$GC_CLIENT_EMAIL" \
+        --arg GC_CLIENT_ID "$GC_CLIENT_ID" \
+        --arg GC_CLIENT_CERT_URL "$GC_CLIENT_CERT_URL" \
+        '{
+            type: "service_account",
+            project_id: $GC_PROJECT_ID,
+            private_key_id: $GC_PRIVATE_KEY_ID,
+            private_key: $GC_PRIVATE_KEY,
+            client_email: $GC_CLIENT_EMAIL,
+            client_id: $GC_CLIENT_ID,
+            auth_uri: "https://accounts.google.com/o/oauth2/auth",
+            token_uri: "https://oauth2.googleapis.com/token",
+            auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs",
+            client_x509_cert_url: $GC_CLIENT_CERT_URL
+        }' \
+        > /config/key.json
+fi

web/Dockerfile

@@ -13,4 +13,4 @@ COPY rootfs/ /
 
 EXPOSE 80 443
 
-VOLUME ["/config", "/etc/letsencrypt"]
+VOLUME ["/config", "/etc/letsencrypt", "/usr/share/jitsi-meet/transcripts"]