archive
/
strukturag_nextcloud-spreed-signaling
mirror of https://github.com/strukturag/nextcloud-spreed-signaling.git
0
0
Fork 0
Code Issues Projects Releases Wiki Activity
strukturag_nextcloud-spreed.../docker
History
Joachim Bauch 9d313608cf
docker: Add helper scripts to gracefully stop / wait for proxy. 		2024-02-28 22:52:54 +01:00
..
janus build(deps): Bump alpine from 3.18 to 3.19 in /docker/janus 2024-02-27 14:44:11 +00:00
proxy docker: Add helper scripts to gracefully stop / wait for proxy. 2024-02-28 22:52:54 +01:00
server Fix issues found by shellcheck. 2024-02-28 22:31:08 +01:00
README.md docker: Fix typo in readme. 2024-02-07 08:41:05 +01:00
docker-compose.yml Set "platforms" when building with docker-compose. 2023-01-17 11:59:38 +01:00

README.md

Docker images for nextcloud-spreed-signaling

Signaling server

The image for the signaling server can be retrieved from

strukturag/nextcloud-spreed-signaling:<version>

Replace version with the tag or commit you want to use.

Configuration

The running container can be configured through different environment variables:

  • CONFIG: Optional name of configuration file to use.
  • HTTP_LISTEN: Address of HTTP listener.
  • HTTPS_LISTEN: Address of HTTPS listener.
  • HTTPS_CERTIFICATE: Name of certificate file for the HTTPS listener.
  • HTTPS_KEY: Name of private key file for the HTTPS listener.
  • HASH_KEY: Secret value used to generate checksums of sessions (32 or 64 bytes).
  • BLOCK_KEY: Key for encrypting data in the sessions (16, 24 or 32 bytes).
  • INTERNAL_SHARED_SECRET_KEY: Shared secret for connections from internal clients.
  • BACKENDS_ALLOWALL: Allow all backends. Extremly insecure - use only for development!
  • BACKENDS_ALLOWALL_SECRET: Secret when BACKENDS_ALLOWALL is enabled.
  • BACKENDS: Space-separated list of backend ids.
  • BACKEND_<ID>_URL: Url of backend ID (where ID is the uppercase backend id).
  • BACKEND_<ID>_SHARED_SECRET: Shared secret for backend ID (where ID is the uppercase backend id).
  • BACKEND_<ID>_SESSION_LIMIT: Optional session limit for backend ID (where ID is the uppercase backend id).
  • BACKEND_<ID>_MAX_STREAM_BITRATE: Optional maximum bitrate for audio/video streams in backend ID (where ID is the uppercase backend id).
  • BACKEND_<ID>_MAX_SCREEN_BITRATE: Optional maximum bitrate for screensharing streams in backend ID (where ID is the uppercase backend id).
  • NATS_URL: Optional URL of NATS server.
  • ETCD_ENDPOINTS: Static list of etcd endpoints (if etcd should be used).
  • ETCD_DISCOVERY_SRV: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
  • ETCD_DISCOVERY_SERVICE: Optional service name for DNS SRV configuration of etcd..
  • ETCD_CLIENT_CERTIFICATE: Filename of certificate for etcd client.
  • ETCD_CLIENT_KEY: Filename of private key for etcd client.
  • ETCD_CLIENT_CA: Filename of CA for etcd client.
  • USE_JANUS: Set to 1 if Janus should be used as WebRTC backend.
  • JANUS_URL: Url to Janus server (if USE_JANUS is set to 1).
  • USE_PROXY: Set to 1 if proxy servers should be used as WebRTC backends.
  • PROXY_TOKEN_ID: Id of the token to use when connecting to proxy servers.
  • PROXY_TOKEN_KEY: Private key for the configured token id.
  • PROXY_URLS: Space-separated list of proxy URLs to connect to.
  • PROXY_DNS_DISCOVERY: Enable DNS discovery on hostnames of configured static URLs.
  • PROXY_ETCD: Set to 1 if etcd should be used to configure proxy connections.
  • PROXY_KEY_PREFIX: Key prefix of proxy entries.
  • MAX_STREAM_BITRATE: Optional global maximum bitrate for audio/video streams.
  • MAX_SCREEN_BITRATE: Optional global maximum bitrate for screensharing streams.
  • TURN_API_KEY: API key that Janus will need to send when requesting TURN credentials.
  • TURN_SECRET: The shared secret to use for generating TURN credentials.
  • TURN_SERVERS: A comma-separated list of TURN servers to use.
  • GEOIP_LICENSE: License key to use when downloading the MaxMind GeoIP database.
  • GEOIP_URL: Optional URL to download a MaxMind GeoIP database from.
  • GEOIP_OVERRIDES: Optional space-separated list of overrides for GeoIP lookups.
  • CONTINENT_OVERRIDES: Optional space-separated list of overrides for continent mappings.
  • STATS_IPS: Comma-separated list of IP addresses that are allowed to access the stats endpoint.
  • GRPC_LISTEN: IP and port to listen on for GRPC requests.
  • GRPC_SERVER_CERTIFICATE: Certificate to use for the GRPC server.
  • GRPC_SERVER_KEY: Private key to use for the GRPC server.
  • GRPC_SERVER_CA: CA certificate that is allowed to issue certificates of GRPC servers.
  • GRPC_CLIENT_CERTIFICATE: Certificate to use for the GRPC client.
  • GRPC_CLIENT_KEY: Private key to use for the GRPC client.
  • GRPC_CLIENT_CA: CA certificate that is allowed to issue certificates of GRPC clients.
  • GRPC_TARGETS: Comma-separated list of GRPC targets to connect to for clustering mode.
  • GRPC_DNS_DISCOVERY: Enable DNS discovery on hostnames of configured GRPC targets.
  • GRPC_ETCD: Set to 1 if etcd should be used to configure GRPC peers.
  • GRPC_TARGET_PREFIX: Key prefix of GRPC target entries.
  • SKIP_VERIFY: Set to true to skip certificate validation of backends and proxy servers. This should only be enabled during development, e.g. to work with self-signed certificates.

Example with two backends:

docker run \
  ... \
  -e BACKENDS="foo bar" \
  -e BACKEND_FOO_URL=https://cloud.server1.tld \
  -e BACKEND_FOO_SHARED_SECRET=verysecret \
  -e BACKEND_BAR_URL=https://cloud.server2.tld \
  -e BACKEND_BAR_SHARED_SECRET=moresecret \
  ...

See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in for further details on the different options.

Signaling proxy

The image for the signaling proxy can be retrieved from

strukturag/nextcloud-spreed-signaling:<version>-proxy

Replace version with the tag or commit you want to use.

Configuration

The running container can be configured through different environment variables:

  • CONFIG: Optional name of configuration file to use.
  • HTTP_LISTEN: Address of HTTP listener.
  • COUNTRY: Optional ISO 3166 country this proxy is located at.
  • JANUS_URL: Url to Janus server.
  • MAX_STREAM_BITRATE: Optional maximum bitrate for audio/video streams.
  • MAX_SCREEN_BITRATE: Optional maximum bitrate for screensharing streams.
  • ETCD_ENDPOINTS: Static list of etcd endpoints (if etcd should be used).
  • ETCD_DISCOVERY_SRV: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).
  • ETCD_DISCOVERY_SERVICE: Optional service name for DNS SRV configuration of etcd..
  • ETCD_CLIENT_CERTIFICATE: Filename of certificate for etcd client.
  • ETCD_CLIENT_KEY: Filename of private key for etcd client.
  • ETCD_CLIENT_CA: Filename of CA for etcd client.
  • TOKENS_ETCD: Set to 1 if etcd should be used to configure tokens.
  • TOKEN_KEY_FORMAT: Format of key name to retrieve the public key from, "%s" will be replaced with the token id.
  • TOKENS: Space-separated list of token ids.
  • TOKEN_<ID>_KEY: Filename of public key for token ID (where ID is the uppercase token id).

Example with two tokens:

docker run \
  ... \
  -e TOKENS="foo signaling.server1.tld" \
  -e TOKEN_FOO_KEY=/path/to/foo.key \
  -e TOKEN_SIGNALING_SERVER1_TLD_KEY=/path/to/signaling.server1.tld.key \
  ...

See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/proxy.conf.in for further details on the different options.