Au revoir BBB ☹
This commit is contained in:
parent
74f93f2b6c
commit
728e0bf807
102
README.md
102
README.md
|
@ -43,14 +43,19 @@ La distinction services/serveurs :
|
||||||
|
|
||||||
- Un serveur contient un nombre dans son nom :
|
- Un serveur contient un nombre dans son nom :
|
||||||
- deb2.afpy.org,
|
- deb2.afpy.org,
|
||||||
- bbb2.afpy.org,
|
- gitea1.afpy.org,
|
||||||
|
- woodpecker1.afpy.org,
|
||||||
- …
|
- …
|
||||||
- Un service ne contient pas de chiffre dans son nom :
|
- Un service ne contient pas de chiffre dans son nom :
|
||||||
- discuss.afpy.org,
|
|
||||||
- bbb.afpy.org,
|
|
||||||
- www.afpy.org,
|
- www.afpy.org,
|
||||||
|
- git.afpy.org,
|
||||||
|
- woodpecker.afpy.org,
|
||||||
- …
|
- …
|
||||||
|
|
||||||
|
Une machine peut contenir un ou plusieurs services (un s’il est
|
||||||
|
"gros", plusieurs s’ils sont « néglibeables » (comme un site
|
||||||
|
statique).
|
||||||
|
|
||||||
|
|
||||||
## deb2.afpy.org
|
## deb2.afpy.org
|
||||||
|
|
||||||
|
@ -69,95 +74,6 @@ Elle héberge surtout des sites statiques, mais pas que :
|
||||||
- https://munin.afpy.org
|
- https://munin.afpy.org
|
||||||
|
|
||||||
|
|
||||||
## bbb2.afpy.org
|
|
||||||
|
|
||||||
♥ Machine sponsorisée par Gandi ♥
|
|
||||||
|
|
||||||
C’est un VPS `V-R8 4 CPUs · 8 GB RAM`.
|
|
||||||
|
|
||||||
C’est une Ubuntu 18.04 (c’est imposé par BBB).
|
|
||||||
|
|
||||||
Elle n’est **pas** gérée par Ansible, c’est un peu particulier BBB,
|
|
||||||
mais le serveur `turn` l'est, et le playbook `turn.yml` configure
|
|
||||||
quand même un fichier sur BBB.
|
|
||||||
|
|
||||||
D'ailleurs pour tester la configurtion turn/stun:
|
|
||||||
|
|
||||||
https://docs.bigbluebutton.org/administration/turn-server#test-your-turn-server
|
|
||||||
|
|
||||||
J’y ai appliqué un poil de ssh-hardening :
|
|
||||||
|
|
||||||
AuthenticationMethods publickey
|
|
||||||
LogLevel VERBOSE
|
|
||||||
|
|
||||||
Ensuite j’ai [rsync les enregistrements depuis le bbb
|
|
||||||
précédent](https://docs.bigbluebutton.org/2.2/customize.html#transfer-published-recordings-from-another-server).
|
|
||||||
|
|
||||||
Puis j’ai sauvegardé/restauré la DB de greenlight :
|
|
||||||
|
|
||||||
# Sur l’ancienne machine :
|
|
||||||
docker exec greenlight_db_1 /usr/bin/pg_dumpall -U postgres -f /var/lib/postgresql/data/dump.sql
|
|
||||||
|
|
||||||
# Sur la nouvelle machine :
|
|
||||||
# Copier la sauvegarde sur le nouveau serveur :
|
|
||||||
cd ~root/greenlight
|
|
||||||
rsync bbb.afpy.org:/root/greenlight/db/production/dump.sql ./
|
|
||||||
|
|
||||||
docker-compose down
|
|
||||||
rm -fr db
|
|
||||||
# Configurer le même mot de passe dans .env et docker-compose.yml que l’ancienne machine
|
|
||||||
# En profiter pour vérifier le SAFE_HOSTS dans le .env.
|
|
||||||
docker-compose up -d
|
|
||||||
# Attendre un peu avec un top sous les yeux que ça se termine vraiment
|
|
||||||
docker exec greenlight_db_1 /usr/local/bin/psql -U postgres -c "DROP DATABASE greenlight_production;"
|
|
||||||
mv dump.sql db/production/
|
|
||||||
docker exec greenlight_db_1 /usr/local/bin/psql -U postgres -f /var/lib/postgresql/data/dump.sql
|
|
||||||
rm db/production/dump.sql
|
|
||||||
docker-compose down
|
|
||||||
docker-compose up -d # Il va s’occuper de la migration
|
|
||||||
docker-compose logs -f # pour voir si tout va bien
|
|
||||||
|
|
||||||
`rsync` des certificats TLS aussi :
|
|
||||||
|
|
||||||
rsync -vah bbb.afpy.org:/etc/letsencrypt/ /etc/letsencrypt/
|
|
||||||
|
|
||||||
Ça a pris un petit :
|
|
||||||
|
|
||||||
sed s/sd-106563.dedibox.fr/bbb.afpy.org/ /etc/nginx/sites-available/bigbluebutton
|
|
||||||
|
|
||||||
Il faut attendre un moment avec un `top` qui tourne, ruby a tout plein
|
|
||||||
de truc a faire avant de démarrer.
|
|
||||||
|
|
||||||
|
|
||||||
### BBB password reset
|
|
||||||
|
|
||||||
Pour accepter le password reset, BBB doit avoir :
|
|
||||||
|
|
||||||
ALLOW_MAIL_NOTIFICATIONS=true
|
|
||||||
|
|
||||||
dans /root/greenlight/.env
|
|
||||||
|
|
||||||
(Pour relire le `.env`: `cd /root/greenlight; docker-compose down && docker-compose up -d`)
|
|
||||||
|
|
||||||
Pour vérifier la conf :
|
|
||||||
|
|
||||||
docker run --rm --env-file .env bigbluebutton/greenlight:v2 bundle exec rake conf:check
|
|
||||||
|
|
||||||
Il y a des chances que ça ne passe pas, il faut laisser les mails
|
|
||||||
sortir de leur conteneur Docker (par défaut il utilise sendmail DANS
|
|
||||||
le conteneur).
|
|
||||||
|
|
||||||
Il faut configurer le `.env` tel que:
|
|
||||||
|
|
||||||
SMTP_SERVER=172.17.0.1
|
|
||||||
SMTP_PORT=25
|
|
||||||
SMTP_DOMAIN=greenlight.afpy.org
|
|
||||||
SMTP_SENDER=bbb@afpy.org
|
|
||||||
|
|
||||||
Puis vérifier qu’exim et le firewall (attention c’est peut-être `ufw`)
|
|
||||||
les acceptent.
|
|
||||||
|
|
||||||
|
|
||||||
## backup1.afpy.org
|
## backup1.afpy.org
|
||||||
|
|
||||||
♥ Machine sponsorisée par Gandi ♥
|
♥ Machine sponsorisée par Gandi ♥
|
||||||
|
@ -186,7 +102,7 @@ Le script `check-afpy.sh`.
|
||||||
|
|
||||||
BASE=/srv/backups/rsnapshot_afpy
|
BASE=/srv/backups/rsnapshot_afpy
|
||||||
|
|
||||||
for machine in bbb deb git discuss
|
for machine in deb git discuss
|
||||||
do
|
do
|
||||||
echo "# $machine.afpy.org"
|
echo "# $machine.afpy.org"
|
||||||
echo
|
echo
|
||||||
|
|
11
backup.yml
11
backup.yml
|
@ -17,17 +17,6 @@
|
||||||
rsnapshot_name: afpy
|
rsnapshot_name: afpy
|
||||||
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
||||||
rsnapshot_backups:
|
rsnapshot_backups:
|
||||||
- remote: bbb2.afpy.org:/srv/
|
|
||||||
path: bbb.afpy.org/
|
|
||||||
- remote: bbb2.afpy.org:/home/
|
|
||||||
path: bbb.afpy.org/
|
|
||||||
- remote: bbb2.afpy.org:/etc/
|
|
||||||
path: bbb.afpy.org/
|
|
||||||
- remote: bbb2.afpy.org:/root/greenlight/db/
|
|
||||||
path: bbb.afpy.org/
|
|
||||||
- remote: bbb2.afpy.org:/var/bigbluebutton/
|
|
||||||
path: bbb.afpy.org/
|
|
||||||
|
|
||||||
- remote: deb2.afpy.org:/srv/
|
- remote: deb2.afpy.org:/srv/
|
||||||
path: deb.afpy.org/
|
path: deb.afpy.org/
|
||||||
- remote: deb2.afpy.org:/home/
|
- remote: deb2.afpy.org:/home/
|
||||||
|
|
49
bye_bbb.yml
Normal file
49
bye_bbb.yml
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- hosts: webservers
|
||||||
|
tasks:
|
||||||
|
- name: Basic setup
|
||||||
|
include_role: name=common
|
||||||
|
|
||||||
|
- name: Setup bbb parking
|
||||||
|
include_role: name=nginx
|
||||||
|
vars:
|
||||||
|
nginx_owner: bbb
|
||||||
|
nginx_domain: bbb.afpy.org
|
||||||
|
nginx_certificates: ['bbb.afpy.org']
|
||||||
|
nginx_path: /var/www/bbb/
|
||||||
|
nginx_conf: |
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen [::]:80; listen 80;
|
||||||
|
server_name bbb.afpy.org;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen [::]:443 ssl http2; listen 443 ssl http2;
|
||||||
|
server_name bbb.afpy.org;
|
||||||
|
include snippets/letsencrypt-bbb.afpy.org.conf;
|
||||||
|
root /var/www/bbb/;
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
location /b {
|
||||||
|
return 301 /;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Copy bbb redirect file
|
||||||
|
copy:
|
||||||
|
src: bbb.html
|
||||||
|
dest: /var/www/bbb/index.html
|
||||||
|
owner: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Copy bbb redirect style file
|
||||||
|
copy:
|
||||||
|
src: pico.classless.min.css
|
||||||
|
dest: /var/www/bbb/pico.classless.min.css
|
||||||
|
owner: root
|
||||||
|
mode: 0644
|
70
files/bbb.html
Normal file
70
files/bbb.html
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="fr">
|
||||||
|
<head>
|
||||||
|
<title>Au revoir BigBlueButton</title>
|
||||||
|
<meta property="og:title" content="BigBlueButton" />
|
||||||
|
<meta property="og:type" content="website" />
|
||||||
|
<meta property="og:locale" content=fr />
|
||||||
|
<meta property="og:description" content="AFPy’s BigBlueButton was here." />
|
||||||
|
<meta property="og:url" content="https://bbb.afpy.org" />
|
||||||
|
<meta property="og:image" content="https://www.afpy.org/static/images/logo.svg" />
|
||||||
|
<meta name="viewport" content= "width=device-width, initial-scale=1">
|
||||||
|
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@picocss/pico@1/css/pico.classless.min.css">
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<header>
|
||||||
|
<hgroup>
|
||||||
|
<h1>Au revoir BigBlueButton</h1>
|
||||||
|
<p>So Long, and Thanks for All the Fish.</p>
|
||||||
|
</hgroup>
|
||||||
|
<nav>
|
||||||
|
<ul role="listbox">
|
||||||
|
<li><a href="https://www.afpy.org/irc">IRC</a></li>
|
||||||
|
<li><a href="https://www.afpy.org/discord">Discord</a></li>
|
||||||
|
<li><a href="https://www.afpy.org/docs/a-propos">L’asso</a></li>
|
||||||
|
<li><a href="https://git.afpy.org">Git</a></li>
|
||||||
|
<li><a href="https://discuss.afpy.org/upcoming-events">Évènements</a></li>
|
||||||
|
</ul>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<main>
|
||||||
|
<section id="bye">
|
||||||
|
<h2>Fermé depuis le 31 janvier 2024</h2>
|
||||||
|
<p>
|
||||||
|
L’instance BBB de l’AFPy est fermée : elle était trop peu utilisée en
|
||||||
|
regard des ressources (humaines et matérielles) qu’elle utilisait
|
||||||
|
(voir <a href="https://discuss.afpy.org/t/jitsi-ou-big-blue-button/1872">
|
||||||
|
ce thread</a>).
|
||||||
|
</p>
|
||||||
|
</section>
|
||||||
|
<section id="alternatives">
|
||||||
|
<h2>Alternatives</h2>
|
||||||
|
<p>
|
||||||
|
Il existe beaucoup d’autres services de visioconférences,
|
||||||
|
grâce au
|
||||||
|
collectif <a href="https://chatons.org/">CHATONS</a> :
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://meet.evolix.org/">https://meet.evolix.org/</a></li>
|
||||||
|
<li><a href="https://video.le-filament.com">https://video.le-filament.com</a></li>
|
||||||
|
<li><a href="https://conference.facil.services/">https://conference.facil.services/</a></li>
|
||||||
|
<li><a href="https://jitsi.hadoly.fr/">https://jitsi.hadoly.fr/</a></li>
|
||||||
|
<li><a href="https://framatalk.org">https://framatalk.org</a></li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
ainsi que <a href="https://www.chatons.org/search/by-service?service_type_target_id=117">de nombreux autres</a>.
|
||||||
|
</p>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="backups">
|
||||||
|
<h2>Et mes enregistrements ?</h2>
|
||||||
|
<p>
|
||||||
|
Nous avons une sauvegarde du serveur, si vous aviez un
|
||||||
|
enregistrement sur notre BBB, il doit être possible de
|
||||||
|
l’extraire de la sauvegarde (mais on a pas encore essayé),
|
||||||
|
faites-nous signe sur <a href="https://discuss.afpy.org">le
|
||||||
|
forum</a>, pinguez @mdk.
|
||||||
|
</p>
|
||||||
|
</section>
|
||||||
|
</main>
|
||||||
|
</body>
|
||||||
|
</html>
|
5
files/pico.classless.min.css
vendored
Normal file
5
files/pico.classless.min.css
vendored
Normal file
File diff suppressed because one or more lines are too long
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
nft_extra: |
|
|
||||||
tcp dport {3478, 5349} counter accept comment "coturn listening port"
|
|
||||||
udp dport {3478, 5349} counter accept comment "coturn listening port"
|
|
||||||
udp dport 32769-65535 counter accept comment "relay ports range"
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
nft_extra: |
|
|
||||||
udp dport 16384-32768 counter accept comment "FreeSWITCH/HTML5 RTP streams"
|
|
|
@ -19,18 +19,11 @@ deb2.afpy.org
|
||||||
[discourse]
|
[discourse]
|
||||||
discourse1.afpy.org
|
discourse1.afpy.org
|
||||||
|
|
||||||
[turn]
|
|
||||||
turn1.afpy.org
|
|
||||||
|
|
||||||
[dl]
|
[dl]
|
||||||
deb2.afpy.org
|
deb2.afpy.org
|
||||||
|
|
||||||
[bbb]
|
|
||||||
bbb2.afpy.org
|
|
||||||
|
|
||||||
[rsnapshotted]
|
[rsnapshotted]
|
||||||
deb2.afpy.org
|
deb2.afpy.org
|
||||||
bbb2.afpy.org
|
|
||||||
gitea1.afpy.org
|
gitea1.afpy.org
|
||||||
discourse1.afpy.org
|
discourse1.afpy.org
|
||||||
|
|
||||||
|
|
210
turn.yml
210
turn.yml
|
@ -1,210 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- hosts: turn
|
|
||||||
vars:
|
|
||||||
turnserver_secret: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
61643630616332343933343663623032346565636431613332373031663834616662343763353863
|
|
||||||
3165323337616264353335613036396663356666666333310a333530383736376134646332633638
|
|
||||||
37633763623039326364356661616436663136623838343734316633373936353465636538353366
|
|
||||||
6236356562343335370a356530353563353865383635643239666438323365346137626634356533
|
|
||||||
31633538363865323066323166323564633439326538386230323132663032653731303165623132
|
|
||||||
3064313963616432383936626437313566653637313130666430
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Basic setup
|
|
||||||
include_role: name=common
|
|
||||||
|
|
||||||
- name: Install coturn and certbot
|
|
||||||
apt:
|
|
||||||
name: [coturn, certbot]
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Get TLS certificate
|
|
||||||
command: certbot certonly --standalone --preferred-challenges http -d turn.afpy.org -n --agree-tos -m {{ letsencrypt_email | quote }}
|
|
||||||
register: certbot
|
|
||||||
changed_when: '"no action taken." not in certbot.stdout'
|
|
||||||
|
|
||||||
- name: Ensure coturn can read certs
|
|
||||||
file:
|
|
||||||
path: /etc/letsencrypt/renewal-hooks/deploy
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Configure certbot renewal hook for coturn
|
|
||||||
copy:
|
|
||||||
dest: /etc/letsencrypt/renewal-hooks/deploy/coturn
|
|
||||||
mode: 0755
|
|
||||||
content: |
|
|
||||||
#!/bin/bash -e
|
|
||||||
for certfile in fullchain.pem privkey.pem ; do
|
|
||||||
cp -L /etc/letsencrypt/live/turn.afpy.org/"${certfile}" /etc/turnserver/"${certfile}".new
|
|
||||||
chown turnserver:turnserver /etc/turnserver/"${certfile}".new
|
|
||||||
mv /etc/turnserver/"${certfile}".new /etc/turnserver/"${certfile}"
|
|
||||||
done
|
|
||||||
systemctl kill -sUSR2 coturn.service
|
|
||||||
|
|
||||||
- name: Configure turnserver
|
|
||||||
blockinfile:
|
|
||||||
path: /etc/turnserver.conf
|
|
||||||
block: |
|
|
||||||
listening-port=3478
|
|
||||||
tls-listening-port=443
|
|
||||||
|
|
||||||
listening-ip={{ansible_default_ipv4.address}}
|
|
||||||
relay-ip={{ansible_default_ipv4.address}}
|
|
||||||
|
|
||||||
min-port=32769
|
|
||||||
max-port=65535
|
|
||||||
verbose
|
|
||||||
|
|
||||||
fingerprint
|
|
||||||
lt-cred-mech
|
|
||||||
use-auth-secret
|
|
||||||
static-auth-secret={{turnserver_secret}}
|
|
||||||
|
|
||||||
realm=afpy.org
|
|
||||||
|
|
||||||
cert=/etc/turnserver/fullchain.pem
|
|
||||||
pkey=/etc/turnserver/privkey.pem
|
|
||||||
# From https://ssl-config.mozilla.org/ Intermediate, openssl 1.1.0g, 2020-01
|
|
||||||
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
|
||||||
dh-file=/etc/turnserver/dhp.pem
|
|
||||||
|
|
||||||
keep-address-family
|
|
||||||
|
|
||||||
no-cli
|
|
||||||
no-tlsv1
|
|
||||||
no-tlsv1_1
|
|
||||||
|
|
||||||
# Block connections to IP ranges which shouldn't be reachable
|
|
||||||
no-loopback-peers
|
|
||||||
no-multicast-peers
|
|
||||||
|
|
||||||
# Private (LAN) addresses
|
|
||||||
# If you are running BigBlueButton within a LAN, you might need to add an "allow" rule for your address range.
|
|
||||||
# IPv4 Private-Use
|
|
||||||
denied-peer-ip=10.0.0.0-10.255.255.255
|
|
||||||
denied-peer-ip=172.16.0.0-172.31.255.255
|
|
||||||
denied-peer-ip=192.168.0.0-192.168.255.255
|
|
||||||
# Other IPv4 Special-Purpose addresses
|
|
||||||
denied-peer-ip=100.64.0.0-100.127.255.255
|
|
||||||
denied-peer-ip=169.254.0.0-169.254.255.255
|
|
||||||
denied-peer-ip=192.0.0.0-192.0.0.255
|
|
||||||
denied-peer-ip=192.0.2.0-192.0.2.255
|
|
||||||
denied-peer-ip=198.18.0.0-198.19.255.255
|
|
||||||
denied-peer-ip=198.51.100.0-198.51.100.255
|
|
||||||
denied-peer-ip=203.0.113.0-203.0.113.255
|
|
||||||
# IPv6 Unique-Local
|
|
||||||
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
||||||
# IPv6 Link-Local Unicast
|
|
||||||
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
||||||
# Other IPv6 Special-Purpose assignments
|
|
||||||
denied-peer-ip=::ffff:0:0-::ffff:ffff:ffff
|
|
||||||
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
|
|
||||||
denied-peer-ip=64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
|
|
||||||
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
||||||
denied-peer-ip=2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
|
|
||||||
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
||||||
notify: restart coturn
|
|
||||||
|
|
||||||
- name: Create dph.pem file directory
|
|
||||||
file:
|
|
||||||
path: /etc/turnserver
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Create dph.pem file
|
|
||||||
command: openssl dhparam -dsaparam -out /etc/turnserver/dhp.pem 2048
|
|
||||||
args:
|
|
||||||
creates: /etc/turnserver/dhp.pem
|
|
||||||
|
|
||||||
- name: Create coturn service directory
|
|
||||||
file:
|
|
||||||
path: /etc/systemd/system/coturn.service.d
|
|
||||||
state: directory
|
|
||||||
mode: 0755
|
|
||||||
|
|
||||||
- name: Configure coturn service override
|
|
||||||
copy:
|
|
||||||
dest: /etc/systemd/system/coturn.service.d/override.conf
|
|
||||||
content: |
|
|
||||||
[Service]
|
|
||||||
LimitNOFILE=1048576
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
Restart=always
|
|
||||||
notify: restart coturn
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
- name: restart coturn
|
|
||||||
systemd:
|
|
||||||
name: coturn
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: true
|
|
||||||
|
|
||||||
- hosts: bbb
|
|
||||||
tasks:
|
|
||||||
- name: configure turn host
|
|
||||||
notify: restart bbb
|
|
||||||
copy:
|
|
||||||
dest: /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
content: |
|
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!--
|
|
||||||
|
|
||||||
BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
|
|
||||||
|
|
||||||
Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify it under the
|
|
||||||
terms of the GNU Lesser General Public License as published by the Free Software
|
|
||||||
Foundation; either version 3.0 of the License, or (at your option) any later
|
|
||||||
version.
|
|
||||||
|
|
||||||
BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
||||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
|
|
||||||
|
|
||||||
You should have received a copy of the GNU Lesser General Public License along
|
|
||||||
with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
-->
|
|
||||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
||||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
|
||||||
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
|
|
||||||
">
|
|
||||||
|
|
||||||
<bean id="stun0" class="org.bigbluebutton.web.services.turn.StunServer">
|
|
||||||
<constructor-arg index="0" value="stun:turn.afpy.org"/>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
|
|
||||||
<constructor-arg index="0" value="d24028cadb57a2029b6baab40c5a2e92"/>
|
|
||||||
<constructor-arg index="1" value="turn:turn.afpy.org:443?transport=tcp"/>
|
|
||||||
<constructor-arg index="2" value="86400"/>
|
|
||||||
</bean>
|
|
||||||
|
|
||||||
<bean id="stunTurnService" class="org.bigbluebutton.web.services.turn.StunTurnService">
|
|
||||||
<property name="stunServers">
|
|
||||||
<set>
|
|
||||||
<ref bean="stun0" />
|
|
||||||
</set>
|
|
||||||
</property>
|
|
||||||
<property name="turnServers">
|
|
||||||
<set>
|
|
||||||
<ref bean="turn0" />
|
|
||||||
</set>
|
|
||||||
</property>
|
|
||||||
<property name="remoteIceCandidates">
|
|
||||||
<set>
|
|
||||||
</set>
|
|
||||||
</property>
|
|
||||||
</bean>
|
|
||||||
</beans>
|
|
||||||
handlers:
|
|
||||||
- name: restart bbb
|
|
||||||
command: bbb-conf --restart
|
|
Loading…
Reference in New Issue
Block a user