From c5ce859fde22a720cfee4ecb3cc2b7b42179033b Mon Sep 17 00:00:00 2001 From: Olivier Navas Date: Tue, 2 Jul 2024 10:23:14 +0200 Subject: [PATCH] Changements d'implantation jitsi --- README.md | 11 ++++++++++- defaults/main.yml | 1 + meta/main.yml | 2 +- tasks/main.yml | 21 +++++++++++++-------- templates/docker-compose.yml | 34 +++++++++++++++------------------- 5 files changed, 40 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 4a466a8..48a76e9 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Role : docker_jitsimeet -Installation de jitsimeet sur un serveur docker_host +Installation de jitsimeet sur un serveur docker_host sans traefik ## Variables @@ -23,6 +23,15 @@ docker_jitsimeet_jvb_auth_password: "coller_ici_jvb_auth_password" docker_jitsimeet_jvb_host_address: 10.11.12.13 ``` +## Certificat + +La gestion d'un certificat est désactivée par défaut. +Pour l'activer, fournir les variables suivantes : +```yaml +docker_jitsimeet_letsencrypt_enabled: true +docker_jitsimeet_letsencrypt_email: adresse_pour_letsencrypt@example.com +``` + ## Notes de réunion Pour utiliser un serveur etherpad comme support de notes collectives à la réunion, ajouter les variables suivantes : diff --git a/defaults/main.yml b/defaults/main.yml index d86cc1c..724e116 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,3 +2,4 @@ docker_jitsimeet_etherpad_enabled: false docker_jitsimeet_turnserver_enabled: false docker_jitsimeet_exporter_enabled: false docker_jitsimeet_exporter_port: "9888" +docker_jitsimeet_letsencrypt_enabled: false diff --git a/meta/main.yml b/meta/main.yml index 71c8fc9..c85d72c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: Olivier Navas description: Modèle d'installation Libretic pour jitsimeet - license: GPL-3.0-only + license: MIT min_ansible_version: 2.9 galaxy_tags: [] diff --git a/tasks/main.yml b/tasks/main.yml index 1d82321..70d94dd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,17 +1,22 @@ -- name: docker directory - file: +- name: Docker directory + ansible.builtin.file: path: /opt/{{ docker_jitsimeet_service_id }}/ state: directory -- name: prepare docker-compose.yml - template: +- name: Prepare docker-compose.yml + ansible.builtin.template: src: "{{ item }}" dest: /opt/{{ docker_jitsimeet_service_id }}/ with_items: - docker-compose.yml notify: docker-compose-up - - - - +- name: Check that turn server is accessible + ansible.builtin.wait_for: + host: "{{ docker_jitsimeet_turnserver_fqdn }}" + port: "{{ docker_jitsimeet_turnserver_port }}" + state: started + delay: 0 + timeout: 1 + when: + - docker_jitsimeet_turnserver_enabled is true diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml index 6b9d163..060628b 100644 --- a/templates/docker-compose.yml +++ b/templates/docker-compose.yml @@ -1,30 +1,32 @@ # {{ ansible_managed }} -version: '3.5' - services: # Frontend web: image: jitsi/web:{{ docker_jitsimeet_version }} restart: always + ports: + - 80:80 + - 443:443 volumes: - {{ docker_jitsimeet_data_dir }}/{{ docker_jitsimeet_service_id }}/web:/config - {{ docker_jitsimeet_data_dir }}/{{ docker_jitsimeet_service_id }}/web/crontabs:/var/spool/cron/crontabs - {{ docker_jitsimeet_data_dir }}/{{ docker_jitsimeet_service_id }}/transcripts:/usr/share/jitsi-meet/transcripts environment: +{% if docker_jitsimeet_letsencrypt_enabled %} + - ENABLE_LETSENCRYPT=1 + - LETSENCRYPT_DOMAIN={{ docker_jitsimeet_fqdn }} + - LETSENCRYPT_EMAIL={{ docker_jitsimeet_letsencrypt_email }} +{% endif %} - PUBLIC_URL=https://{{ docker_jitsimeet_fqdn }} + - ENABLE_HTTP_REDIRECT=1 - JICOFO_AUTH_PASSWORD={{ docker_jitsimeet_jicofo_auth_password }} {% if docker_jitsimeet_etherpad_enabled %} - ETHERPAD_PUBLIC_URL={{ docker_jitsimeet_etherpad_public_url }} {% endif %} - labels: - - "traefik.enable=true" - - "traefik.docker.network=traefik" - - "traefik.http.routers.{{ docker_jitsimeet_service_id }}.entrypoints=web" - - "traefik.http.routers.{{ docker_jitsimeet_service_id }}.rule=Host(`{{ docker_jitsimeet_fqdn }}`)" - - "traefik.http.services.{{ docker_jitsimeet_service_id }}.loadbalancer.server.port=80" networks: - - jitsimeet - - traefik + jitsimeet: + depends_on: + - jvb # XMPP server prosody: @@ -63,7 +65,7 @@ services: depends_on: - prosody networks: - - jitsimeet + jitsimeet: # Video bridge jvb: @@ -87,8 +89,7 @@ services: depends_on: - prosody networks: - - jitsimeet - - jitsivideo + jitsimeet: {% if docker_jitsimeet_exporter_enabled %} exporter: @@ -100,13 +101,8 @@ services: depends_on: - jvb networks: - - jitsivideo - - traefik + jitsimeet: {% endif %} networks: - traefik: - external: true jitsimeet: - internal: true - jitsivideo: