diff --git a/docker/files/production/default.conf.template b/docker/files/production/default.conf.template new file mode 100644 index 00000000..e477483c --- /dev/null +++ b/docker/files/production/default.conf.template @@ -0,0 +1,50 @@ +upstream meet_backend { + server ${BACKEND_HOST}:8000 fail_timeout=0; +} + +upstream meet_frontend { + server ${FRONTEND_HOST}:8080 fail_timeout=0; +} + +server { + listen 8083; + server_name localhost; + charset utf-8; + + # Disables server version feedback on pages and in headers + server_tokens off; + + proxy_ssl_server_name on; + + location @proxy_to_meet_backend { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_redirect off; + proxy_pass http://meet_backend; + } + + location @proxy_to_meet_frontend { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_redirect off; + proxy_pass http://meet_frontend; + } + + location / { + try_files $uri @proxy_to_meet_frontend; + } + + location /api { + try_files $uri @proxy_to_meet_backend; + } + + location /admin { + try_files $uri @proxy_to_meet_backend; + } + + location /static { + try_files $uri @proxy_to_meet_backend; + } +} \ No newline at end of file diff --git a/docs/examples/compose/compose.yaml b/docs/examples/compose/compose.yaml new file mode 100644 index 00000000..3bed17f9 --- /dev/null +++ b/docs/examples/compose/compose.yaml @@ -0,0 +1,88 @@ +services: + postgresql: + image: postgres:16 + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + interval: 1s + timeout: 2s + retries: 300 + env_file: + - env.d/postgresql + - env.d/common + volumes: + - ./data/databases/backend:/var/lib/postgresql/data/pgdata + + redis: + image: redis:5 + + backend: + image: lasuite/meet-backend:latest + user: ${DOCKER_USER:-1000} + restart: always + env_file: + - env.d/common + - env.d/backend + - env.d/postgresql + healthcheck: + test: ["CMD", "python", "manage.py", "check"] + interval: 15s + timeout: 30s + retries: 20 + start_period: 10s + depends_on: + postgresql: + condition: service_healthy + restart: true + redis: + condition: service_started + livekit: + condition: service_started + + frontend: + image: lasuite/meet-frontend:latest + user: "${DOCKER_USER:-1000}" + entrypoint: + - /docker-entrypoint.sh + command: ["nginx", "-g", "daemon off;"] + env_file: + - env.d/common + # Uncomment and set your values if using our nginx proxy example + # environment: + # - VIRTUAL_HOST=${MEET_HOST} # used by nginx proxy + # - VIRTUAL_PORT=8083 # used by nginx proxy + # - LETSENCRYPT_HOST=${MEET_HOST} # used by lets encrypt to generate TLS certificate + depends_on: + backend: + condition: service_healthy + volumes: + - ./default.conf.template:/etc/nginx/templates/docs.conf.template +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default + + livekit: + image: livekit/livekit-server:latest + command: --config /config.yaml + ports: + - 7881:7881/tcp + - 7882:7882/udp + volumes: + - ./livekit-server.yaml:/config.yaml + # Uncomment and set your values if using our nginx proxy example + # environment: + # - VIRTUAL_HOST=${LIVEKIT_HOST} # used by nginx proxy + # - VIRTUAL_PORT=7880 # used by nginx proxy + # - LETSENCRYPT_HOST=${LIVEKIT_HOST} # used by lets encrypt to generate TLS certificate + depends_on: + redis: + condition: service_started +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default + +# Uncomment if using our nginx proxy example +#networks: +# proxy-tier: +# external: true diff --git a/docs/examples/compose/keycloak/README.md b/docs/examples/compose/keycloak/README.md new file mode 100644 index 00000000..ede23d14 --- /dev/null +++ b/docs/examples/compose/keycloak/README.md @@ -0,0 +1,92 @@ +# Deploy and Configure Keycloak for Meet + +## Installation + +> [!CAUTION] +> We provide those instructions as an example, for production environments, you should follow the [official documentation](https://www.keycloak.org/documentation). + +### Step 1: Prepare your working environment: + +```bash +mkdir keycloak/env.d && cd keycloak +curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/docs/examples/compose/keycloak/compose.yaml +curl -o env.d/kc_postgresql https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/env.d/production.dist/kc_postgresql +curl -o env.d/keycloak https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/env.d/production.dist/keycloak +``` + +### Step 2:. Update `env.d/` files + +The following variables need to be updated with your own values, others can be left as is: + +```env +POSTGRES_PASSWORD= +KC_HOSTNAME=https://id.yourdomain.tld # Change with your own URL +KC_BOOTSTRAP_ADMIN_PASSWORD= +``` + +### Step 3: Expose keycloak instance on https + +> [!NOTE] +> You can skip this section if you already have your own setup. + +To access your Keycloak instance on the public network, it needs to be exposed on a domain with SSL termination. You can use our [example with nginx proxy and Let's Encrypt companion](../nginx-proxy/README.md) for automated creation/renewal of certificates using [acme.sh](http://acme.sh). + +If following our example, uncomment the environment and network sections in compose file and update it with your values. + +```yaml +version: '3' +services: + keycloak: + ... + # Uncomment and set your values if using our nginx proxy example + # environment: + # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy + # - VIRTUAL_PORT=8080 # used by nginx proxy + # - LETSENCRYPT_HOST=id.yourdomain.tld # used by lets encrypt to generate TLS certificate + ... +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default + +# Uncomment if using our nginx proxy example +#networks: +# proxy-tier: +# external: true +``` + +### Step 4: Start the service + +```bash +`docker compose up -d` +``` + +Your keycloak instance is now available on https://doc.yourdomain.tld + +> [!CAUTION] +> Version of the images are set to latest, you should pin it to the desired version to avoid unwanted upgrades when pulling latest image. You can find available versions on [Keycloak registry](https://quay.io/repository/keycloak/keycloak?tab=tags). +``` + +## Creating an OIDC Client for Meet Application + +### Step 1: Create a New Realm + +1. Log in to the Keycloak administration console. +2. Navigate to the realm tab and click on the "Create realm" button. +3. Enter the name of the realm - `meet`. +4. Click "Create". + +#### Step 2: Create a New Client + +1. Navigate to the "Clients" tab. +2. Click on the "Create client" button. +3. Enter the client ID - e.g. `meet`. +4. Enable "Client authentication" option. +6. Set the "Valid redirect URIs" to the URL of your meet application suffixed with `/*` - e.g., "https://meet.example.com/*". +1. Set the "Web Origins" to the URL of your meet application - e.g. `https://meet.example.com`. +1. Click "Save". + +#### Step 3: Get Client Credentials + +1. Go to the "Credentials" tab. +2. Copy the client ID (`meet` in this example) and the client secret. \ No newline at end of file diff --git a/docs/examples/compose/keycloak/compose.yaml b/docs/examples/compose/keycloak/compose.yaml new file mode 100644 index 00000000..c729449d --- /dev/null +++ b/docs/examples/compose/keycloak/compose.yaml @@ -0,0 +1,36 @@ +services: + postgresql: + image: postgres:16 + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + interval: 1s + timeout: 2s + retries: 300 + env_file: + - env.d/kc_postgresql + volumes: + - ./data/keycloak:/var/lib/postgresql/data/pgdata + + keycloak: + image: quay.io/keycloak/keycloak:latest + command: ["start"] + env_file: + - env.d/kc_postgresql + - env.d/keycloak + # Uncomment and set your values if using our nginx proxy example + # environment: + # - VIRTUAL_HOST=id.yourdomain.tld # used by nginx proxy + # - VIRTUAL_PORT=8080 # used by nginx proxy + # - LETSENCRYPT_HOST=id.yourdomain.tld # used by lets encrypt to generate TLS certificate + depends_on: + postgresql: + condition: service_healthy + restart: true +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default +# +#networks: +# proxy-tier: +# external: true \ No newline at end of file diff --git a/docs/examples/compose/nginx-proxy/README.md b/docs/examples/compose/nginx-proxy/README.md new file mode 100644 index 00000000..b661a2a7 --- /dev/null +++ b/docs/examples/compose/nginx-proxy/README.md @@ -0,0 +1,39 @@ +# Nginx proxy with automatic SSL certificates + +> [!CAUTION] +> We provide those instructions as an example, for extended development or production environments, you should follow the [official documentation](https://github.com/nginx-proxy/acme-companion/tree/main/docs). + +Nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped. + +Acme-companion is a lightweight companion container for nginx-proxy. It handles the automated creation, renewal and use of SSL certificates for proxied Docker containers through the ACME protocol. + +## Installation + +### Step 1: Prepare your working environment: + +```bash +mkdir nginx-proxy && cd nginx-proxy +curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/docs/examples/compose/nginx-proxy/compose.yaml +``` + +### Step 2: Edit `DEFAULT_EMAIL` in the compose file. + +Albeit optional, it is recommended to provide a valid default email address through the `DEFAULT_EMAIL` environment variable, so that Let's Encrypt can warn you about expiring certificates and allow you to recover your account. + +### Step 3: Create docker network + +Containers need share the same network for auto-discovery. + +```bash +docker network create proxy-tier +``` + +### Step 4: Start service + +```bash +docker compose up -d +``` + +## Usage + +Once both nginx-proxy and acme-companion containers are up and running, start any container you want proxied with environment variables `VIRTUAL_HOST` and `LETSENCRYPT_HOST` both set to the domain(s) your proxied container is going to use. diff --git a/docs/examples/compose/nginx-proxy/compose.yaml b/docs/examples/compose/nginx-proxy/compose.yaml new file mode 100644 index 00000000..f582f145 --- /dev/null +++ b/docs/examples/compose/nginx-proxy/compose.yaml @@ -0,0 +1,36 @@ +services: + nginx-proxy: + image: nginxproxy/nginx-proxy + container_name: nginx-proxy + ports: + - "80:80" + - "443:443" + volumes: + - html:/usr/share/nginx/html + - certs:/etc/nginx/certs:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + + acme-companion: + image: nginxproxy/acme-companion + container_name: nginx-proxy-acme + environment: + - DEFAULT_EMAIL=mail@yourdomain.tld + volumes_from: + - nginx-proxy + volumes: + - certs:/etc/nginx/certs:rw + - acme:/etc/acme.sh + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy-tier + +networks: + proxy-tier: + external: true + +volumes: + html: + certs: + acme: diff --git a/docs/examples/livekit/server.yaml b/docs/examples/livekit/server.yaml new file mode 100644 index 00000000..b0222e72 --- /dev/null +++ b/docs/examples/livekit/server.yaml @@ -0,0 +1,22 @@ +port: 7880 +redis: + address: redis:6379 +keys: + meet: +# WebRTC configuration +rtc: + # # when set, LiveKit will attempt to use a UDP mux so all UDP traffic goes through + # # listed port(s). To maximize system performance, we recommend using a range of ports + # # greater or equal to the number of vCPUs on the machine. + # # port_range_start & end must not be set for this config to take effect + udp_port: 7882 + # when set, LiveKit enable WebRTC ICE over TCP when UDP isn't available + # this port *cannot* be behind load balancer or TLS, and must be exposed on the node + # WebRTC transports are encrypted and do not require additional encryption + # only 80/443 on public IP are allowed if less than 1024 + tcp_port: 7881 + # use_external_ip should be set to true for most cloud environments where + # the host has a public IP address, but is not exposed to the process. + # LiveKit will attempt to use STUN to discover the true IP, and advertise + # that IP with its clients + use_external_ip: true \ No newline at end of file diff --git a/docs/installation/README.md b/docs/installation/README.md index 75416678..efbe4c7f 100644 --- a/docs/installation/README.md +++ b/docs/installation/README.md @@ -6,12 +6,9 @@ Here are a bunch of resources to help you install the project. La Suite Meet maintainers use only the Kubernetes deployment method in production, so advanced support is available exclusively for this setup. Please follow the instructions provided [here](/docs/installation/kubernetes.md). ## Docker Compose -We understand that not everyone has a Kubernetes cluster available. +We understand that not everyone has a Kubernetes cluster available, please follow the instructions provided [here](/docs/installation/compose.md) to set up a docker compose instance. We also provide [Docker images](https://hub.docker.com/u/lasuite?page=1&search=meet) that can be deployed using Compose. -> [!WARNING] -> Under construction: A PR is in progress to support deploying La Suite Meet via Docker Compose. - ## Other ways to install La Suite Meet Community members have contributed alternative ways to install La Suite Meet 🙏. While maintainers may not provide direct support, we help keep these instructions up to date, and you can reach out to contributors or the community for assistance. diff --git a/docs/installation/compose.md b/docs/installation/compose.md new file mode 100644 index 00000000..dcb50742 --- /dev/null +++ b/docs/installation/compose.md @@ -0,0 +1,227 @@ +# Installation with docker compose + +We provide a sample configuration for running Meet using Docker Compose. Please note that this configuration is experimental, and the official way to deploy Meet in production is to use [k8s](../installation/k8s.md) + +## Requirements + +All services are required to run the minimalist instance of LaSuite Meet. Click the links for ready-to-use configuration examples: + +| Service | Purpose | Example Config | +|-------------------|---------|----------------------------------------------------------| +| **PostgreSQL** | Main database | [compose.yaml](../examples/compose/compose.yaml) | +| **Redis** | Cache & sessions | [compose.yaml](../examples/compose/compose.yaml) | +| **Livekit** | Real-time communication | [compose.yaml](../examples/compose/compose.yaml) | +| **OIDC Provider** | User authentication | [Keycloak setup](../examples/compose/keycloak/README.md) | +| **SMTP Service** | Email notifications | - | + +> [!NOTE] Some advanced features, as Recording and transcription, require additional services (MinIO, email). See `/features` folder for details. + + +## Software Requirements + +Ensure you have Docker Compose(v2) installed on your host server. Follow the official guidelines for a reliable setup: + +Docker Compose is included with Docker Engine: + +- **Docker Engine:** We suggest adhering to the instructions provided by Docker + for [installing Docker Engine](https://docs.docker.com/engine/install/). + +For older versions of Docker Engine that do not include Docker Compose: + +- **Docker Compose:** Install it as per the [official documentation](https://docs.docker.com/compose/install/). + +> [!NOTE] +> `docker-compose` may not be supported. You are advised to use `docker compose` instead. + +## Step 1: Prepare your working environment: + +```bash +mkdir -p meet/env.d && cd meet +curl -o compose.yaml https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/docs/examples/compose/compose.yaml +curl -o .env https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/env.d/production.dist/hosts +curl -o env.d/common https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/env.d/production.dist/common +curl -o env.d/postgresql https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/env.d/production.dist/postgresql +curl -o livekit-server.yaml https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/docs/examples/livekit/server.yaml +curl -o default.conf.template https://raw.githubusercontent.com/suitenumerique/meet/refs/heads/main/docker/files/production/default.conf.template +``` + +## Step 2: Configuration + +Meet configuration is achieved through environment variables. We provide a [detailed description of all variables](../env.md). + +In this example, we assume the following services: + +- OIDC provider on https://id.yourdomain.tld +- Livekit server on https://livekit.yourdomain.tld +- Meet server on https://meet.yourdomain.tld + +**Set your own values in `.env`** + +### OIDC + +Authentication in Meet is managed through Open ID Connect protocol. A functional Identity Provider implementing this protocol is required. + +For guidance, refer to our [Keycloak deployment example](../examples/compose/keycloak/README.md). + +If using Keycloak as your Identity Provider, in `env.d/common` set `OIDC_RP_CLIENT_ID` and `OIDC_RP_CLIENT_SECRET` variables with those of the OIDC client created for Meet. By default we have set `meet` as the realm name, if you have named your realm differently, update the value `REALM_NAME` in `.env` + +For others OIDC providers, update the variables in `env.d/common`. + +### Postgresql + +Meet uses PostgreSQL as its database. Although an external PostgreSQL can be used, our example provides a deployment method. + +If you are using the example provided, you need to generate a secure key for `DB_PASSWORD` and set it in `env.d/postgresql`. + +If you are using an external service or not using our default values, you should update the variables in `env.d/postgresql` + +### Redis + +Meet uses Redis for caching and inter-service communication. While an external Redis can be used, our example provides a deployment method. + +If you are using an external service, you need to set `REDIS_URL` environment variable in `env.d/common`. + +### Livekit + +[LiveKit](https://github.com/livekit/livekit) server is used as the WebRTC SFU (Selective Forwarding Unit) allowing multi-user conferencing. For more information, head to [livekit documentation](https://docs.livekit.io/home/self-hosting/). + +Generate a secure key for `LIVEKIT_API_SECRET` in `env.d/common`. + +We provide a minimal recommanded config for production environment in `livekit-server.yaml`. Set the previously generated API secret key in the config file. + +To view other customization options, see [config-sample.yaml](https://github.com/livekit/livekit/blob/master/config-sample.yaml) + +> [!NOTE] +> In this example, we configured multiplexing on a single UDP port. For better performances, you can configure a range of UDP ports. + +### Meet + +The Meet backend is built on the Django Framework. + +Generate a [secure key](https://docs.djangoproject.com/en/5.2/ref/settings/#secret-key.) for `DJANGO_SECRET_KEY` in `env.d/common`. + +### Mail + +The following environment variables are required in `env.d/common` for the mail service to send invitations : + +```env +DJANGO_EMAIL_HOST= +DJANGO_EMAIL_HOST_USER= +DJANGO_EMAIL_HOST_PASSWORD= +DJANGO_EMAIL_PORT= +DJANGO_EMAIL_FROM= + +#DJANGO_EMAIL_USE_TLS=true # A flag to enable or disable TLS for email sending. +#DJANGO_EMAIL_USE_SSL=true # A flag to enable or disable SSL for email sending. + + +DJANGO_EMAIL_BRAND_NAME= # e.g. "La Suite Numérique" +DJANGO_EMAIL_LOGO_IMG= # e.g. "https://meet.yourdomain.tld/assets/logo-suite-numerique.png" +``` + +## Step 3: Configure your firewall + +If you are using a firewall as it is usually recommended in a production environment you will need to allow the webservice traffic on ports 80 and 443 but also to allow UDP traffic for the WebRTC service. + +The following ports will need to be opened: +- 80/tcp - for TLS issuance +- 443/tcp - for listening on HTTPS and TURN/TLS packets +- 7881/tcp - WebRTC ICE over TCP +- 7882/udp - for WebRTC multiplexing over UDP + +If you are using ufw, enter the follwoing: +``` +ufw allow 80/tcp +ufw allow 443/tcp +ufw allow 443/udp +ufw allow 7881/tcp +ufw allow 7882/udp +ufw enable +``` + +## Step 4: Reverse proxy and SSL/TLS + +> [!WARNING] +> In a production environment, configure SSL/TLS termination to run your instance on https. + +If you have your own certificates and proxy setup, you can skip this part. + +You can follow our [nginx proxy example](../examples/compose/nginx-proxy/README.md) with automatic generation and renewal of certificate with Let's Encrypt. + +You will need to uncomment the environment and network sections in compose file and update it with your values. + +```yaml + frontend: + ... + # Uncomment and set your values if using our nginx proxy example + # environment: + # - VIRTUAL_HOST=${MEET_HOST} # used by nginx proxy + # - VIRTUAL_PORT=8083 # used by nginx proxy + # - LETSENCRYPT_HOST=${MEET_HOST} # used by lets encrypt to generate TLS certificate + ... +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default +... + # environment: + # - VIRTUAL_HOST=${LIVEKIT_HOST} # used by nginx proxy + # - VIRTUAL_PORT=7880 # used by nginx proxy + # - LETSENCRYPT_HOST=${LIVEKIT_HOST} # used by lets encrypt to generate TLS certificate +# Uncomment if using our nginx proxy example +# networks: +# - proxy-tier +# - default +#networks: +# proxy-tier: +# external: true +``` + +## Step 5: Start Meet + +You are ready to start your Meet application ! + +```bash +docker compose up -d +``` +> [!NOTE] +> Version of the images are set to latest, you should pin it to the desired version to avoid unwanted upgrades when pulling latest image. + +## Step 6: Run the database migration and create Django admin user + +```bash +docker compose run --rm backend python manage.py migrate +docker compose run --rm backend python manage.py createsuperuser --email --password +``` + +Replace `` with the email of your admin user and generate a secure password. + +Your Meet instance is now available on the domain you defined, https://meet.yourdomain.tld. + +THe admin interface is available on https://meet.yourdomain.tld/admin with the admin user you just created. + +## How to upgrade your Meet application + +Before running an upgrade you must check the [Upgrade document](../../UPGRADE.md) for specific procedures that might be needed. + +You can also check the [Changelog](../../CHANGELOG.md) for brief summary of the changes. + +### Step 1: Edit the images tag with the desired version + +### Step 2: Pull the images + +```bash +docker compose pull +``` + +### Step 3: Restart your containers + +```bash +docker compose restart +``` + +### Step 4: Run the database migration +Your database schema may need to be updated, run: +```bash +docker compose run --rm backend python manage.py migrate +``` diff --git a/env.d/production.dist/common b/env.d/production.dist/common new file mode 100644 index 00000000..b5acbf73 --- /dev/null +++ b/env.d/production.dist/common @@ -0,0 +1,50 @@ +# Django +DJANGO_ALLOWED_HOSTS=${MEET_HOST} +DJANGO_SECRET_KEY= +DJANGO_SETTINGS_MODULE=meet.settings +DJANGO_CONFIGURATION=Production + +# Python +PYTHONPATH=/app + +# Meet settings + +# Mail +DJANGO_EMAIL_HOST= +DJANGO_EMAIL_HOST_USER= +DJANGO_EMAIL_HOST_PASSWORD= +DJANGO_EMAIL_PORT= +DJANGO_EMAIL_FROM= + +#DJANGO_EMAIL_USE_TLS=true # A flag to enable or disable TLS for email sending. +#DJANGO_EMAIL_USE_SSL=true # A flag to enable or disable SSL for email sending. + +DJANGO_EMAIL_BRAND_NAME="La Suite Numérique" +DJANGO_EMAIL_LOGO_IMG="https://${meet_HOST}/assets/logo-suite-numerique.png" + +# Backend url +MEET_BASE_URL="https://${MEET_HOST}" + +# OIDC +OIDC_OP_JWKS_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/certs +OIDC_OP_AUTHORIZATION_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/auth +OIDC_OP_TOKEN_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/token +OIDC_OP_USER_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/userinfo +OIDC_OP_LOGOUT_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/logout + +OIDC_RP_CLIENT_ID= +OIDC_RP_CLIENT_SECRET= +OIDC_RP_SIGN_ALGO=RS256 +OIDC_RP_SCOPES="openid email" + +LOGIN_REDIRECT_URL=https://${MEET_HOST} +LOGIN_REDIRECT_URL_FAILURE=https://${MEET_HOST} +LOGOUT_REDIRECT_URL=https://${MEET_HOST} + +OIDC_REDIRECT_ALLOWED_HOSTS=["https://${MEET_HOST}"] + +# Livekit Token settings +LIVEKIT_API_SECRET= +LIVEKIT_API_KEY=meet +LIVEKIT_API_URL=https://${LIVEKIT_HOST} +ALLOW_UNREGISTERED_ROOMS=False diff --git a/env.d/production.dist/hosts b/env.d/production.dist/hosts new file mode 100644 index 00000000..af0faeef --- /dev/null +++ b/env.d/production.dist/hosts @@ -0,0 +1,7 @@ +MEET_HOST=meet.domain.tld +KEYCLOAK_HOST=id.domain.tld +LIVEKIT_HOST=livekit.domain.tld +BACKEND_INTERNAL_HOST=backend +FRONTEND_INTERNAL_HOST=frontend +LIVEKIT_INTERNAL_HOST=livekit +REALM_NAME=meet diff --git a/env.d/production.dist/kc_postgresql b/env.d/production.dist/kc_postgresql new file mode 100644 index 00000000..fdb7fb47 --- /dev/null +++ b/env.d/production.dist/kc_postgresql @@ -0,0 +1,13 @@ +# Postgresql db container configuration +POSTGRES_DB=keycloak +POSTGRES_USER=keycloak +POSTGRES_PASSWORD= +PGDATA=/var/lib/postgresql/data/pgdata + +# Keycloak postgresql configuration +KC_DB=postgres +KC_DB_SCHEMA=public +KC_DB_URL_HOST=postgresql +KC_DB_NAME=${POSTGRES_DB} +KC_DB_USER=${POSTGRES_USER} +KC_DB_PASSWORD=${POSTGRES_PASSWORD} diff --git a/env.d/production.dist/keycloak b/env.d/production.dist/keycloak new file mode 100644 index 00000000..18814b4a --- /dev/null +++ b/env.d/production.dist/keycloak @@ -0,0 +1,8 @@ +# Keycloak admin user +KC_BOOTSTRAP_ADMIN_USERNAME=admin +KC_BOOTSTRAP_ADMIN_PASSWORD= + +# Keycloak configuration +KC_HOSTNAME=https://id.yourdomain.tld # Change with your own URL +KC_PROXY_HEADERS=xforwarded # in this example we are running behind an nginx proxy +KC_HTTP_ENABLED=true # in this example we are running behind an nginx proxy diff --git a/env.d/production.dist/postgresql b/env.d/production.dist/postgresql new file mode 100644 index 00000000..ccfe848f --- /dev/null +++ b/env.d/production.dist/postgresql @@ -0,0 +1,11 @@ +# App database configuration +DB_HOST=postgresql +DB_NAME=meet +DB_USER=meet +DB_PASSWORD= +DB_PORT=5432 + +# Postgresql db container configuration +POSTGRES_DB=meet +POSTGRES_USER=meet +POSTGRES_PASSWORD=${DB_PASSWORD}