mirror of
https://github.com/strukturag/nextcloud-spreed-signaling.git
synced 2024-12-21 19:37:59 +00:00
.. | ||
janus | ||
proxy | ||
server | ||
docker-compose.yml | ||
README.md |
Docker images for nextcloud-spreed-signaling
Signaling server
The image for the signaling server can be retrieved from
strukturag/nextcloud-spreed-signaling:<version>
Replace version
with the tag or commit you want to use.
Configuration
The running container can be configured through different environment variables:
CONFIG
: Optional name of configuration file to use.HTTP_LISTEN
: Address of HTTP listener.HTTPS_LISTEN
: Address of HTTPS listener.HTTPS_CERTIFICATE
: Name of certificate file for the HTTPS listener.HTTPS_KEY
: Name of private key file for the HTTPS listener.HASH_KEY
: Secret value used to generate checksums of sessions (32 or 64 bytes).BLOCK_KEY
: Key for encrypting data in the sessions (16, 24 or 32 bytes).INTERNAL_SHARED_SECRET_KEY
: Shared secret for connections from internal clients.BACKENDS_ALLOWALL
: Allow all backends. Extremly insecure - use only for development!BACKENDS_ALLOWALL_SECRET
: Secret whenBACKENDS_ALLOWALL
is enabled.BACKENDS
: Space-separated list of backend ids.BACKEND_<ID>_URL
: Url of backendID
(whereID
is the uppercase backend id).BACKEND_<ID>_SHARED_SECRET
: Shared secret for backendID
(whereID
is the uppercase backend id).BACKEND_<ID>_SESSION_LIMIT
: Optional session limit for backendID
(whereID
is the uppercase backend id).BACKEND_<ID>_MAX_STREAM_BITRATE
: Optional maximum bitrate for audio/video streams in backendID
(whereID
is the uppercase backend id).BACKEND_<ID>_MAX_SCREEN_BITRATE
: Optional maximum bitrate for screensharing streams in backendID
(whereID
is the uppercase backend id).NATS_URL
: Optional URL of NATS server.ETCD_ENDPOINTS
: Static list of etcd endpoints (if etcd should be used).ETCD_DISCOVERY_SRV
: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).ETCD_DISCOVERY_SERVICE
: Optional service name for DNS SRV configuration of etcd..ETCD_CLIENT_CERTIFICATE
: Filename of certificate for etcd client.ETCD_CLIENT_KEY
: Filename of private key for etcd client.ETCD_CLIENT_CA
: Filename of CA for etcd client.USE_JANUS
: Set to1
if Janus should be used as WebRTC backend.JANUS_URL
: Url to Janus server (ifUSE_JANUS
is set to1
).USE_PROXY
: Set to1
if proxy servers should be used as WebRTC backends.PROXY_TOKEN_ID
: Id of the token to use when connecting to proxy servers.PROXY_TOKEN_KEY
: Private key for the configured token id.PROXY_URLS
: Space-separated list of proxy URLs to connect to.PROXY_DNS_DISCOVERY
: Enable DNS discovery on hostnames of configured static URLs.PROXY_ETCD
: Set to1
if etcd should be used to configure proxy connections.PROXY_KEY_PREFIX
: Key prefix of proxy entries.MAX_STREAM_BITRATE
: Optional global maximum bitrate for audio/video streams.MAX_SCREEN_BITRATE
: Optional global maximum bitrate for screensharing streams.TURN_API_KEY
: API key that Janus will need to send when requesting TURN credentials.TURN_SECRET
: The shared secret to use for generating TURN credentials.TURN_SERVERS
: A comma-separated list of TURN servers to use.GEOIP_LICENSE
: License key to use when downloading the MaxMind GeoIP database.GEOIP_URL
: Optional URL to download a MaxMind GeoIP database from.GEOIP_OVERRIDES
: Optional space-separated list of overrides for GeoIP lookups.CONTINENT_OVERRIDES
: Optional space-separated list of overrides for continent mappings.STATS_IPS
: Comma-separated list of IP addresses that are allowed to access the stats endpoint.TRUSTED_PROXIES
: Comma-separated list of IPs / networks that are trusted proxies.GRPC_LISTEN
: IP and port to listen on for GRPC requests.GRPC_SERVER_CERTIFICATE
: Certificate to use for the GRPC server.GRPC_SERVER_KEY
: Private key to use for the GRPC server.GRPC_SERVER_CA
: CA certificate that is allowed to issue certificates of GRPC servers.GRPC_CLIENT_CERTIFICATE
: Certificate to use for the GRPC client.GRPC_CLIENT_KEY
: Private key to use for the GRPC client.GRPC_CLIENT_CA
: CA certificate that is allowed to issue certificates of GRPC clients.GRPC_TARGETS
: Comma-separated list of GRPC targets to connect to for clustering mode.GRPC_DNS_DISCOVERY
: Enable DNS discovery on hostnames of configured GRPC targets.GRPC_ETCD
: Set to1
if etcd should be used to configure GRPC peers.GRPC_TARGET_PREFIX
: Key prefix of GRPC target entries.SKIP_VERIFY
: Set totrue
to skip certificate validation of backends and proxy servers. This should only be enabled during development, e.g. to work with self-signed certificates.CA_CERTIFICATES_FOLDER
: Folder containing certificates that should be added to the system wide CA trust store during startup. Mount a folder from the host as volume in the container and specify the volume.
Example with two backends:
docker run \
... \
-e BACKENDS="foo bar" \
-e BACKEND_FOO_URL=https://cloud.server1.tld \
-e BACKEND_FOO_SHARED_SECRET=verysecret \
-e BACKEND_BAR_URL=https://cloud.server2.tld \
-e BACKEND_BAR_SHARED_SECRET=moresecret \
...
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in for further details on the different options.
Signaling proxy
The image for the signaling proxy can be retrieved from
strukturag/nextcloud-spreed-signaling:<version>-proxy
Replace version
with the tag or commit you want to use.
Configuration
The running container can be configured through different environment variables:
CONFIG
: Optional name of configuration file to use.HTTP_LISTEN
: Address of HTTP listener.COUNTRY
: Optional ISO 3166 country this proxy is located at.EXTERNAL_HOSTNAME
: The external hostname for remote streams. Will try to autodetect if omitted.TOKEN_ID
: Id of the token to use when connecting remote streams.TOKEN_KEY
: Private key for the configured token id.BANDWIDTH_INCOMING
: Optional incoming target bandwidth (in megabits per second).BANDWIDTH_OUTGOING
: Optional outgoing target bandwidth (in megabits per second).JANUS_URL
: Url to Janus server.MAX_STREAM_BITRATE
: Optional maximum bitrate for audio/video streams.MAX_SCREEN_BITRATE
: Optional maximum bitrate for screensharing streams.STATS_IPS
: Comma-separated list of IP addresses that are allowed to access the stats endpoint.TRUSTED_PROXIES
: Comma-separated list of IPs / networks that are trusted proxies.ETCD_ENDPOINTS
: Static list of etcd endpoints (if etcd should be used).ETCD_DISCOVERY_SRV
: Alternative domain to use for DNS SRV configuration of etcd endpoints (if etcd should be used).ETCD_DISCOVERY_SERVICE
: Optional service name for DNS SRV configuration of etcd..ETCD_CLIENT_CERTIFICATE
: Filename of certificate for etcd client.ETCD_CLIENT_KEY
: Filename of private key for etcd client.ETCD_CLIENT_CA
: Filename of CA for etcd client.TOKENS_ETCD
: Set to1
if etcd should be used to configure tokens.TOKEN_KEY_FORMAT
: Format of key name to retrieve the public key from, "%s" will be replaced with the token id.TOKENS
: Space-separated list of token ids.TOKEN_<ID>_KEY
: Filename of public key for tokenID
(whereID
is the uppercase token id).CA_CERTIFICATES_FOLDER
: Folder containing certificates that should be added to the system wide CA trust store during startup. Mount a folder from the host as volume in the container and specify the volume.
Example with two tokens:
docker run \
... \
-e TOKENS="foo signaling.server1.tld" \
-e TOKEN_FOO_KEY=/path/to/foo.key \
-e TOKEN_SIGNALING_SERVER1_TLD_KEY=/path/to/signaling.server1.tld.key \
...
See https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/proxy.conf.in for further details on the different options.