first commit

docs/behind-nat.md

@@ -0,0 +1,14 @@
+# Note if you use a Firewall / NAT
+Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface.
+
+#### Temporary  way (until next reboot)
+```
+$ ip addr add 144.76.97.34/32 dev ens3
+```
+
+#### Permanent way
+Specific to your linux distribution. Use a search engine of your choice. ;)
+
+## Ports
+Also don't forget to forward all necassary ports listed in https://docs.bigbluebutton.org/admin/configure-firewall.html
+

docs/development.md

@@ -0,0 +1,86 @@
+# bbb-docker Development
+
+## Basics
+normally people start BBB with the pre-built docker images, but for developing you need to build them by yourself. For that you need to ensure that the submodules are also checked out:
+
+```sh
+$ git submodule update --init
+```
+
+
+## Running
+you can run bbb-docker locally without any certificate issues with following `.env` configurations:
+
+```
+DEV_MODE=true
+
+ENABLE_HTTPS_PROXY=true
+#ENABLE_COTURN=true
+#ENABLE_GREENLIGHT=true
+#ENABLE_WEBHOOKS=true
+#ENABLE_PROMETHEUS_EXPORTER=true
+#ENABLE_RECORDING=true
+
+DOMAIN=10.7.7.1
+EXTERNAL_IPv4=10.7.7.1
+STUN_IP=216.93.246.18
+STUN_PORT=3478
+TURN_SERVER=turns:localhost:5349?transport=tcp
+
+TURN_SECRET=SuperTurnSecret
+SHARED_SECRET=SuperSecret
+ETHERPAD_API_KEY=SuperEtherpadKey
+RAILS_SECRET=SuperRailsSecret
+
+# ====================================
+# CUSTOMIZATION
+# ====================================
+
+[... add rest of sample.env here ...]
+```
+
+- regenerate `docker-compose.yml` \
+  `$ ./scripts/generate-compose`
+- build the images \
+  `$ docker-compose build`
+- you can than start it with \
+  `$ docker-compose up -d`
+- view the logs with \
+  `$ docker-compose logs -f`
+- and access the API via \
+  https://mconf.github.io/api-mate/#server=https://10.7.7.1/bigbluebutton/api&sharedSecret=SuperSecret
+    * At some point your browser will warn you about an invalid certificate, but you can press _"Accept the Risk and Continue" / "Proceed to 10.7.7.1 (unsafe)"_
+
+
+## Notes
+- Joining a room via Greenlight currently leads to a "401 session not found" error (see https://github.com/alangecker/bigbluebutton-docker/issues/66). Use the API Mate instead
+
+## Changes
+- After doing some changes you usually must...
+  - recreate `docker-compose.yml` \
+    `$ ./scripts/generate-compose`
+  * rebuild the image(s): \
+    `$ docker-compose build [containername]`
+  * restart changes image(s): \
+    `$ docker-compose up -d`
+
+
+## How to do create a new update for a newer BBB release?
+This always consists out of following steps
+1. **Get an understanding about changes that happened and find out what changes to bbb-docker that require.** \
+    * main source for that are the release notes in https://github.com/bigbluebutton/bigbluebutton/releases
+2. **Apply these changes to this project.** 
+    * Often you only need to update the TAGS in `tags.env`
+      * make sure only to switch to a newer tag if there were changes made avoid creating new (partialy big) images unnecessarily
+    * Also update submodules to the new state. 
+      * List of all submodules `git submodule`
+      * for the main submodules you can use `./scripts/checkout-submodules` to checkout the tags specified in `tags.env`
+      
+3. Test everything (with firefox **and** chromium/chrome)
+    * Audio
+    * Video
+    * Presentation upload
+    * Shared Notes
+4. Create a `CHANGELOG.md` entry
+5. Create a Pull Request
+6. Receive big thanks from @alangecker 

docs/existing-web-server.md

@@ -0,0 +1,82 @@
+# How to integrate into an existing Web server setup
+
+Since the non-dockerized version of BigBlueButton has [many requirements](https://docs.bigbluebutton.org/2.2/install.html#minimum-server-requirements), such as a specific Ubuntu version (16.04) as well as ports 80/443 not being in use by other applications, and considering that [a "clean" server dedicated for BigBlueButton is recommended](https://docs.bigbluebutton.org/2.2/install.html#before-you-install), you may enjoy the benefits of this dockerized version in order to run BigBlueButton on a server that is not completely dedicated to this software, on which a Web server may be already in use.
+
+You could dedicate a virtual host to BigBlueButton, allowing external access to it through a reverse proxy.
+
+> **Note.** The automatic HTTPS Proxy is not needed if you are going to run BigBlueButton behind a reverse proxy; in that case, you should be able to enable SSL for the virtual host you are going to dedicate to BigBlueButton, using your Web server features. Please notice that it will not be possible to install and use the integrated TURN server, since it requires the automatic HTTPS Proxy to be installed; therefore, if a TURN server is required, you should install and configure it by yourself. You can set BigBlueButton to use a TURN server by uncommenting and adjusting `TURN_SERVER` and `TURN_SECRET` in the `.env` file, which is created after completion of the setup script.
+
+## Installation
+1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`.
+2. Now all the required Docker containers should be running. BigBlueButton listens to port 48087. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one.
+
+At this point, choose one of the following sections according to which Web server you're running ([Apache](#integration-with-apache)).
+
+Eventually, BigBlueButton should be publicly accessible on `https://bbb.example.com/`. If you chose to install Greenlight, then the previous URL should allow you to open its home page. The APIs will be accessible through `https://bbb.example.com/bigbluebutton/`.
+
+## Integration with nginx
+1. Add the following directives to the _https_ virtual host `bbb.example.com` 
+```
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+map $remote_addr $endpoint_addr {
+    "~:"    [::1];
+    default    127.0.0.1;
+}
+
+server {
+  listen 443 ssl http2 default_server;
+  listen [::]:443 ssl http2 default_server;
+  server_name bbb.example.com;
+
+  ssl_certificate /etc/letsencrypt/live/bbb.example.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/bbb.example.com/privkey.pem;
+
+  access_log  /var/log/nginx/bigbluebutton.access.log;
+  error_log /var/log/nginx/bigbluebutton.error.log;
+
+  location / {
+    proxy_http_version 1.1;
+    proxy_pass http://$endpoint_addr:48087;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_cache_bypass $http_upgrade;
+  }
+}
+
+```
+2. Restart nginx
+```
+service nginx restart
+```
+
+## Integration with Apache
+1. Make sure that the following Apache modules are in use: `proxy`, `rewrite`, `proxy_http`, `proxy_wstunnel`. On _apache2_, the following command activates these modules,  whenever they are not already enabled:
+```
+sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
+```
+2. Add the following directives to the _https_ virtual host `bbb.example.com`:
+```
+ProxyPreserveHost On
+
+RewriteEngine On
+RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
+RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
+RewriteRule .* ws://127.0.0.1:48087%{REQUEST_URI} [P,QSA,L]
+
+<Location />
+	Require all granted
+	ProxyPass http://127.0.0.1:48087/
+	ProxyPassReverse http://127.0.0.1:48087/
+</Location>
+```
+3. Restart Apache:
+```
+service apache2 restart
+```

docs/network-config.md

@@ -0,0 +1,35 @@
+
+## Network Configuration
+Services as configured.
+|Service | Network | IP address | Other Option |
+--- | --- | --- | --- 
+| bbb-web | bbb-net | 10.7.7.2 |
+| bbb-pads | bbb-net | 10.7.7.18 |
+| html5-backend-{{$i}} | bbb-net | 10.7.7.{{add 100 $i}}| Port {{ add 4000 $i }}
+| html5-frontend-{{$i}}| bbb-net | 10.7.7.{{add 200 $i}}| Port {{ add 4100 $i }}
+| freeswitch| network_mode: host | |
+| nginx | network_mode: host| |    extra_hosts: <br />      - "host.docker.internal:10.7.7.1"<br />      - "core:10.7.7.2"<br />      - "etherpad:10.7.7.4"<br />      - "webrtc-sfu:10.7.7.10"<br />      - "html5:10.7.7.11"
+| etherpad | bbb-net | 10.7.7.4|
+| redis | bbb-net | 10.7.7.5|
+| mongodb | bbb-net | 10.7.7.6|
+| kurento | network-mode: host | |
+| webrtc-sfu | bbb-net |  | network_mode: host
+| fsesl-akka | bbb-net | 10.7.7.14 |
+| apps-akka | bbb-net | 10.7.7.15 |
+| libreoffice | bbb-net | 10.7.7.7 |
+| periodic | bbb-net | 10.7.7.12 |
+| recordings | bbb-net | 10.7.7.16 |
+| webhooks | bbb-net | 10.7.7.17 |
+| https_proxy | bbb-net | |network_mode: host
+| coturn | network_mode: host | |
+| greenlight | | | ports: 10.7.7.1:5000:80
+| prometheus | bbb-net | 10.7.7.33 |
+
+```yml
+networks:  
+  bbb-net:  
+    ipam:  
+      driver: default  
+      config:  
+        - subnet: "10.7.7.0/24"
+```

docs/upgrading.md

@@ -0,0 +1,22 @@
+# How To Upgrade bbb-docker
+
+### Upgrading `v2.3.x` -> `v2.4.x`
+*Breaking change:* The nginx port changes from `8080` to the less common port `48087`, to avoid port conflicts (see [#133](https://github.com/bigbluebutton/docker/issues/133)). If you use an reverse proxy not included in this repo, ensure to update your config accordingly!
+
+apart from that follow the guide below.
+
+### within `v2.4.x` or `v2.3.x`
+#### Backup
+if you use greenlight, create a database backup first
+```bash
+docker exec -t docker_postgres_1 pg_dumpall -c -U postgres > /root/greenlight_`date +%d-%m-%Y"_"%H_%M_%S`.sql
+```
+
+#### Upgrading
+```bash
+# upgrade!
+./scripts/upgrade
+
+# restart updated services
+docker-compose up -d
+```