diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8dd1e7a6..f24fc84f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,13 @@
# Changelog
## Unreleased
+- update to 3.0.19 @alangecker [#377](https://github.com/bigbluebutton/docker/pull/377)
+- Add restart policy to HAProxy container @timoschwarzer [#373](https://github.com/bigbluebutton/docker/pull/373)
+- Add enable switches for Collabora and Coturn + make Collabora URL configurable @kevinveenbirkenbach [#372](https://github.com/bigbluebutton/docker/pull/372)
+- Add missing volume mounts for coturn and redis
+ @matthijskooijman [#370](https://github.com/bigbluebutton/docker/pull/370)
+- Stop using network_mode: host for nginx and haproxy @ matthijskooijman
+ [#369](https://github.com/bigbluebutton/docker/pull/369)
## Release v3.0.4 (2025-03-27)
- update to 3.0.4 @tibroc [#347](https://github.com/bigbluebutton/docker/pull/347
diff --git a/README.md b/README.md
index 1b658ae8..bca0ccec 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
# 📦 BigBlueButton 3.0 Docker
-Version: 3.0.4 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
+Version: 3.0.19 | [Changelog](CHANGELOG.md) | [Issues](https://github.com/bigbluebutton/docker/issues) | [Upgrading](docs/upgrading.md) | [Development](docs/development.md)
## Features
- Easy installation
diff --git a/docker-compose.tmpl.yml b/docker-compose.tmpl.yml
index 7f8acd19..4f9523b4 100644
--- a/docker-compose.tmpl.yml
+++ b/docker-compose.tmpl.yml
@@ -35,7 +35,9 @@ services:
- redis
- etherpad
- bbb-pads
+ {{ if isTrue .Env.ENABLE_COLLABORA }}
- collabora
+ {{ end }}
healthcheck:
test: wget --no-proxy --no-verbose --tries=1 --spider http://10.7.7.2:8090/bigbluebutton/api || exit 1
start_period: 2m
@@ -52,6 +54,7 @@ services:
TURN_EXT_SERVER: ${TURN_EXT_SERVER:-}
TURN_EXT_SECRET: ${TURN_EXT_SECRET:-}
ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
+ COLLABORA_URL: ${COLLABORA_URL:-https://collabora:9980/cool}
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
- ./data/freeswitch-meetings:/var/freeswitch/meetings
@@ -116,7 +119,7 @@ services:
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
TAG_BBB: {{ .Env.TAG_BBB }}
- image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.25
+ image: alangecker/bbb-docker-nginx:{{ .Env.TAG_BBB }}-{{ .Env.TAG_PLAYBACK }}-1.29
restart: unless-stopped
volumes:
- ./data/bigbluebutton:/var/bigbluebutton
@@ -126,9 +129,22 @@ services:
# overwrite html5 config
- ./mod/nginx/bbb-html5.dev.nginx:/etc/nginx/bbb/bbb-html5.nginx:ro
{{ end }}
+ ports:
+ # make sure nginx ports are also still available under the
+ # IPs 127.0.0.1 & 10.7.7.1 for backwards compatibility with exiting setup
+ # Warning: deprecated! this gets removed at some point
+ # Use 10.7.7.34 for new setups
+ - "127.0.0.1:48082:48082"
+ - "127.0.0.1:48081:48081"
+ - "127.0.0.1:48087:48087"
+ - "10.7.7.1:48082:48082"
+ - "10.7.7.1:48081:48081"
+ - "10.7.7.1:48087:48087"
+ networks:
+ bbb-net:
+ ipv4_address: 10.7.7.34
tmpfs:
- /tmp
- network_mode: host
extra_hosts:
- "host.docker.internal:10.7.7.1"
- "bbb-web:10.7.7.2"
@@ -145,14 +161,17 @@ services:
- plugin=./repos/bbb-etherpad-plugin
- skin=./repos/bbb-etherpad-skin
args:
- TAG_ETHERPAD: "2.2.7"
- image: alangecker/bbb-docker-etherpad:2.2.7-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
+ TAG_ETHERPAD: "2.4.2"
+ image: alangecker/bbb-docker-etherpad:2.4.2-s{{ .Env.COMMIT_ETHERPAD_SKIN }}-p{{ .Env.COMMIT_ETHERPAD_PLUGIN }}
restart: unless-stopped
depends_on:
- redis
+ {{ if isTrue .Env.ENABLE_COLLABORA }}
- collabora
+ {{ end }}
environment:
ETHERPAD_API_KEY: ${ETHERPAD_API_KEY}
+ COLLABORA_URL: ${COLLABORA_URL:-https://collabora:9980/cool}
networks:
bbb-net:
ipv4_address: 10.7.7.4
@@ -197,7 +216,7 @@ services:
- /tmp
redis:
- image: redis:7.2-alpine
+ image: redis:8.4-alpine
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
@@ -207,6 +226,8 @@ services:
networks:
bbb-net:
ipv4_address: 10.7.7.5
+ volumes:
+ - ./data/redis:/data
webrtc-sfu:
build:
@@ -290,7 +311,7 @@ services:
- src=./repos/bigbluebutton/bbb-graphql-server
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
- GRAPHQL_ENGINE_TAG: v2.45.0
+ GRAPHQL_ENGINE_TAG: v2.48.1
image: alangecker/bbb-docker-graphql-server:{{ .Env.TAG_BBB }}
depends_on:
- postgres
@@ -353,8 +374,6 @@ services:
networks:
bbb-net:
ipv4_address: 10.7.7.32
- extra_hosts:
- - "nginx:10.7.7.1"
{{ if isTrue .Env.DEV_MODE }}
user: ${BBB_DEV_UID}:${BBB_DEV_GID}
@@ -366,6 +385,7 @@ services:
- ./.cache/go-build:/.cache/go-build:rw
{{ end }}
+{{ if isTrue .Env.ENABLE_COLLABORA }}
collabora:
image: collabora/code:latest
restart: unless-stopped
@@ -377,7 +397,7 @@ services:
# disable logging (way to verbose)
logging:
driver: none
-
+{{ end }}
periodic:
build: mod/periodic
@@ -409,7 +429,7 @@ services:
- bbb-conf=./repos/bigbluebutton/bigbluebutton-config
args:
BBB_BUILD_TAG: {{ .Env.BBB_BUILD_TAG }}
- TAG_BBB_PRESENTATION_VIDEO: "5.0.0-beta.2"
+ TAG_BBB_PRESENTATION_VIDEO: "5.0.0"
image: alangecker/bbb-docker-recordings:{{ .Env.TAG_BBB }}
restart: unless-stopped
depends_on:
@@ -470,7 +490,8 @@ services:
haproxy:
build: mod/haproxy
- image: alangecker/bbb-haproxy:2.8.10
+ image: alangecker/bbb-haproxy:3.0.9
+ restart: unless-stopped
volumes:
- ./data/haproxy/letsencrypt:/etc/letsencrypt
- ./mod/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg
@@ -479,12 +500,18 @@ services:
- IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
- CERT1=${DOMAIN}
- EMAIL=${LETSENCRYPT_EMAIL}
- network_mode: host
+ ports:
+ - 80:80
+ - 443:443
+ networks:
+ bbb-net:
+ ipv4_address: 10.7.7.35
{{end}}
+{{ if isTrue .Env.ENABLE_COTURN }}
# coturn
coturn:
- image: coturn/coturn:4.6-alpine
+ image: coturn/coturn:4.8-alpine
restart: unless-stopped
command:
- "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
@@ -495,13 +522,14 @@ services:
- "--relay-ip=${EXTERNAL_IPv6:-::1}"
volumes:
- ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
+ - ./data/coturn:/var/lib/coturn
network_mode: host
-
+{{end}}
{{ if isTrue .Env.ENABLE_GREENLIGHT }}
# greenlight
greenlight:
- image: bigbluebutton/greenlight:v3.5.0
+ image: bigbluebutton/greenlight:v3.6.3
restart: unless-stopped
env_file: .env
depends_on:
@@ -512,7 +540,7 @@ services:
DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight
REDIS_URL: redis://redis:6379
{{ if $ignore_tls_cert_errors }}
- BIGBLUEBUTTON_ENDPOINT: http://10.7.7.1:48083/bigbluebutton/api
+ BIGBLUEBUTTON_ENDPOINT: http://10.7.7.34:48083/bigbluebutton/api
{{else}}
BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
{{end}}
@@ -551,7 +579,7 @@ services:
image: greenstatic/bigbluebutton-exporter:latest
restart: unless-stopped
environment:
- API_BASE_URL: http://10.7.7.1:48087/bigbluebutton/api/
+ API_BASE_URL: http://10.7.7.34:48087/bigbluebutton/api/
API_SECRET: ${SHARED_SECRET}
RECORDINGS_METRICS_READ_FROM_DISK: "${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false}"
networks:
diff --git a/docs/existing-web-server.md b/docs/existing-web-server.md
index adf2ff82..4ca3f09a 100644
--- a/docs/existing-web-server.md
+++ b/docs/existing-web-server.md
@@ -8,7 +8,17 @@ You could dedicate a virtual host to BigBlueButton, allowing external access to
## Installation
1. Install BigBlueButton Docker [as explained above](#install). While running the setup script, please choose `n` when you're asked the following question: `Should an automatic HTTPS Proxy be included? (y/n)`.
-2. Now all the required Docker containers should be running. BigBlueButton listens to port 48087. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one.
+2. Now all the required Docker containers should be running. BigBlueButton listens to port 48087 (among others, but 48087 is intended for external reverse proxies). By default, the port is only opened on the internal bbb-net network created by docker-compose, so either your reverse proxy should run within the same docker-compose file or otherwise have access to the network, or the port should be made available on the host system by adding something like:
+ ```
+ ports:
+ - "127.0.0.1:48087:48087
+ - "[::1]:48087:48087
+ ```
+ In the `nginx` container config in `docker-compose.yml`.
+
+ The rest of this document assumes you did the latter.
+
+3. Create a virtual host by which BigBlueButton will be publicly accessible (in this case, let's assume the following server name for the virtual host: `bbb.example.com`). Enable SSL for the new _https_ virtual host. Make sure that the SSL certificate you will be using is signed by a CA (Certificate Authority). You could generate an SSL certificate for free using Let's Encrypt. It is suggested to add some directives to the _http_ virtual host `bbb.example.com` to redirect all requests to the _https_ one.
At this point, choose one of the following sections according to which Web server you're running ([Apache](#integration-with-apache)).
diff --git a/docs/network-config.md b/docs/network-config.md
index 32891837..cc0d757a 100644
--- a/docs/network-config.md
+++ b/docs/network-config.md
@@ -1,30 +1,33 @@
## Network Configuration
Services as configured.
-|Service | Network | IP address | Other Option |
+
+|Service | Network | IP address |
--- | --- | --- | ---
+| html5-dev | network_mode: host | |
| bbb-web | bbb-net | 10.7.7.2 |
+| freeswitch| bbb-net | 10.7.7.10 |
+| nginx | bbb-net | 10.7.7.34 |
+| etherpad | bbb-net | 10.7.7.4 |
| bbb-pads | bbb-net | 10.7.7.18 |
-| html5-backend-{{$i}} | bbb-net | 10.7.7.{{add 100 $i}}| Port {{ add 4000 $i }}
-| html5-frontend-{{$i}}| bbb-net | 10.7.7.{{add 200 $i}}| Port {{ add 4100 $i }}
-| freeswitch| network_mode: host | |
-| nginx | network_mode: host| | extra_hosts:
- "host.docker.internal:10.7.7.1"
- "core:10.7.7.2"
- "etherpad:10.7.7.4"
- "webrtc-sfu:10.7.7.10"
- "html5:10.7.7.11"
-| etherpad | bbb-net | 10.7.7.4|
-| redis | bbb-net | 10.7.7.5|
-| mongodb | bbb-net | 10.7.7.6|
-| kurento | network-mode: host | |
-| webrtc-sfu | bbb-net | | network_mode: host
+| bbb-export-annotations | bbb-net | 10.7.7.19 |
+| redis | bbb-net | 10.7.7.5 |
+| webrtc-sfu | network_mode: host | |
| fsesl-akka | bbb-net | 10.7.7.14 |
| apps-akka | bbb-net | 10.7.7.15 |
-| libreoffice | bbb-net | 10.7.7.7 |
+| bbb-graphql-server | bbb-net | 10.7.7.31 |
+| bbb-graphql-actions | bbb-net | 10.7.7.30 |
+| bbb-graphql-middleware | bbb-net | 10.7.7.32 |
+| collabora | bbb-net | 10.7.7.20 |
| periodic | bbb-net | 10.7.7.12 |
| recordings | bbb-net | 10.7.7.16 |
+| bbb-webrtc-recorder | network_mode: host | |
| webhooks | bbb-net | 10.7.7.17 |
-| https_proxy | bbb-net | |network_mode: host
+| haproxy | bbb-net | 10.7.7.35 |
| coturn | network_mode: host | |
-| greenlight | | | ports: 10.7.7.1:5000:80
-| prometheus | bbb-net | 10.7.7.33 |
-| bbb-export-annotations | bbb-net | 10.7.7.19 |
+| greenlight | bbb-net | 10.7.7.21 |
+| postgres | bbb-net | 10.7.7.22 |
+| prometheus-exporter | bbb-net | 10.7.7.33 |
```yml
networks:
diff --git a/mod/bbb-export-annotations/config/settings.json b/mod/bbb-export-annotations/config/settings.json
index 7fe69f48..294c3be7 100644
--- a/mod/bbb-export-annotations/config/settings.json
+++ b/mod/bbb-export-annotations/config/settings.json
@@ -32,9 +32,9 @@
}
},
"fonts": {
- "draw": "/usr/local/share/fonts/CaveatBrush-Regular-2015-09-23.ttf",
- "sans": "/usr/local/share/fonts/CrimsonPro[wght]-1.003.ttf",
- "serif": "/usr/local/share/fonts/SourceSansPro-Regular-2.045.ttf",
- "mono": "/usr/local/share/fonts/SourceCodePro-Regular-2.038.ttf"
+ "draw": "/usr/local/share/fonts/Shantell_Sans-Tldrawish.woff2",
+ "sans": "/usr/local/share/fonts/IBMPlexSans-Medium.woff2",
+ "serif": "/usr/local/share/fonts/IBMPlexSerif-Medium.woff2",
+ "mono": "/usr/local/share/fonts/IBMPlexMono-Medium.woff2"
}
}
\ No newline at end of file
diff --git a/mod/bbb-graphql-server/entrypoint.sh b/mod/bbb-graphql-server/entrypoint.sh
index 096d49cd..f14e2f49 100755
--- a/mod/bbb-graphql-server/entrypoint.sh
+++ b/mod/bbb-graphql-server/entrypoint.sh
@@ -11,9 +11,9 @@ export HASURA_GRAPHQL_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWO
export HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/hasura_app
export HASURA_GRAPHQL_LOG_LEVEL=warn
export HASURA_GRAPHQL_ENABLE_CONSOLE=false
-export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=250
+export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=333
export HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
-export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=100
+export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL=150
export HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE=1000
export HASURA_GRAPHQL_SERVER_PORT=8085
export HASURA_GRAPHQL_ENABLE_TELEMETRY=false
diff --git a/mod/bbb-pads/Dockerfile b/mod/bbb-pads/Dockerfile
index fa6762c3..e3663665 100644
--- a/mod/bbb-pads/Dockerfile
+++ b/mod/bbb-pads/Dockerfile
@@ -1,7 +1,7 @@
FROM node:22-bookworm-slim AS builder
COPY --from=src / /bbb-pads
-RUN cd /bbb-pads && rm -r .git && npm install --production
+RUN cd /bbb-pads && npm install --production
RUN chmod 777 /bbb-pads/config
diff --git a/mod/bbb-web/Dockerfile b/mod/bbb-web/Dockerfile
index e5fefa59..5a080759 100644
--- a/mod/bbb-web/Dockerfile
+++ b/mod/bbb-web/Dockerfile
@@ -16,10 +16,12 @@ RUN cd /bbb-common-web && ./deploy.sh
COPY --from=src-web / /bbb-web
# compile bbb-web
-RUN cd /bbb-web && grails assemble
+RUN cd /bbb-web && sh ./gradlew assemble
# compile pres-checker
-RUN cd /bbb-web/pres-checker && gradle resolveDeps
+RUN cd /bbb-web/pres-checker && gradle jar
+RUN mkdir -p /bbb-web/pres-checker/lib && find /bbb-web/pres-checker && \
+ cp /bbb-web/pres-checker/build/libs/bbb-pres-check-0.0.1.jar /bbb-web/pres-checker/lib
# extract .war
RUN unzip -q /bbb-web/build/libs/bigbluebutton-0.10.0.war -d /dist
@@ -32,10 +34,10 @@ FROM alangecker/bbb-docker-base-java
RUN mkdir -p /usr/share/bigbluebutton/blank \
&& cd /usr/share/bigbluebutton/blank \
&& wget \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-svg.svg \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-thumb.png \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-presentation.pdf \
- https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v2.4.0/bigbluebutton-config/slides/blank-png.png \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v3.0.19/bigbluebutton-config/slides/blank-svg.svg \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v3.0.19/bigbluebutton-config/slides/blank-thumb.png \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v3.0.19/bigbluebutton-config/slides/blank-presentation.pdf \
+ https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v3.0.19/bigbluebutton-config/slides/blank-png.png \
&& sed -i 's///g' /etc/ImageMagick-6/policy.xml \
&& sed -i '/potrace/d' /etc/ImageMagick-6/delegates.xml
@@ -53,5 +55,6 @@ COPY bbb-web.properties /etc/bigbluebutton/bbb-web.properties.tmpl
COPY turn-stun-servers.xml /etc/bigbluebutton/turn-stun-servers.xml.tmpl
COPY logback.xml /usr/share/bbb-web/WEB-INF/classes/logback.xml
COPY office-convert.sh /usr/share/bbb-libreoffice-conversion/convert.sh
+COPY run-in-systemd.sh /usr/share/bbb-web/run-in-systemd.sh
ENTRYPOINT ["/entrypoint.sh"]
diff --git a/mod/bbb-web/bbb-web.properties b/mod/bbb-web/bbb-web.properties
index 7dc9d15e..7c653cdc 100644
--- a/mod/bbb-web/bbb-web.properties
+++ b/mod/bbb-web/bbb-web.properties
@@ -14,9 +14,7 @@ securitySalt={{ .Env.SHARED_SECRET }}
redisHost=redis
{{ if isTrue .Env.IGNORE_TLS_CERT_ERRORS }}
-beans.presentationService.defaultUploadedPresentation=https://test27.bigbluebutton.org/default.pdf
-# fetch presentations without HTTPS
-presentationBaseURL=http://{{ .Env.DOMAIN }}/bigbluebutton/presentation
+beans.presentationService.defaultUploadedPresentation=https://raw.githubusercontent.com/bigbluebutton/bigbluebutton/v3.0.19/bigbluebutton-config/assets/default.pdf
{{else}}
beans.presentationService.defaultUploadedPresentation=${bigbluebutton.web.serverURL}/default.pdf
{{end}}
diff --git a/mod/bbb-web/entrypoint.sh b/mod/bbb-web/entrypoint.sh
index 7c9506b5..f9182f23 100755
--- a/mod/bbb-web/entrypoint.sh
+++ b/mod/bbb-web/entrypoint.sh
@@ -26,6 +26,6 @@ cd /usr/share/bbb-web/
dockerize \
-template /etc/bigbluebutton/bbb-web.properties.tmpl:/etc/bigbluebutton/bbb-web.properties \
-template /etc/bigbluebutton/turn-stun-servers.xml.tmpl:/etc/bigbluebutton/turn-stun-servers.xml \
- gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.WarLauncher
+ gosu bigbluebutton java -Dgrails.env=prod -Dserver.address=0.0.0.0 -Dserver.port=8090 -Dspring.main.allow-circular-references=true -Xms384m -Xmx384m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/bigbluebutton/diagnostics -cp WEB-INF/lib/*:/:WEB-INF/classes/:. org.springframework.boot.loader.launch.WarLauncher
diff --git a/mod/bbb-web/office-convert.sh b/mod/bbb-web/office-convert.sh
index f896bfc5..ee88b34f 100755
--- a/mod/bbb-web/office-convert.sh
+++ b/mod/bbb-web/office-convert.sh
@@ -31,6 +31,6 @@ timeoutSecs="${timeoutSecs:0:3}"
# The timeout is important.
-timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
+timeout $(printf %03d $timeoutSecs)s curl -F "data=@${source}" -k $COLLABORA_URL/convert-to/$convertTo > "${dest}"
exit 0
diff --git a/mod/bbb-web/run-in-systemd.sh b/mod/bbb-web/run-in-systemd.sh
new file mode 100755
index 00000000..79018d10
--- /dev/null
+++ b/mod/bbb-web/run-in-systemd.sh
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+# bbb-web requires a script under /usr/share/bbb-web/run-in-systemd.sh to run certain tasks
+# this is used for sandboxing, which is in our case a bit more difficult, because
+# we run it without systemd in an unprivileged container, with currently no extra sandboxing capabilities
+
+# TODO: exploring better ways! (e. g. firejail)
+
+timeout_secs="$1"; shift
+exec timeout "${timeout_secs}" "$@"
\ No newline at end of file
diff --git a/mod/bbb-webrtc-recorder/Dockerfile b/mod/bbb-webrtc-recorder/Dockerfile
index d7d7e4bc..61fd2521 100644
--- a/mod/bbb-webrtc-recorder/Dockerfile
+++ b/mod/bbb-webrtc-recorder/Dockerfile
@@ -1,5 +1,5 @@
# Build stage
-FROM golang:1.23 as builder
+FROM golang:1.25 as builder
ARG APP_VERSION=devel
ARG GOMOD=github.com/bigbluebutton/bbb-webrtc-recorder
diff --git a/mod/etherpad/Dockerfile b/mod/etherpad/Dockerfile
index 705867cd..1633561d 100644
--- a/mod/etherpad/Dockerfile
+++ b/mod/etherpad/Dockerfile
@@ -8,7 +8,7 @@ RUN apk add git curl
USER etherpad
RUN pnpm run plugins i \
- ep_disable_chat@0.0.10 \
+ ep_disable_chat@0.0.13 \
ep_auth_session@1.1.1 \
--github \
mconf/ep_cursortrace#56fb8c2b211cdda4fc8715ec99e1cb7b7d9eb851 \
diff --git a/mod/etherpad/etherpad-export.sh b/mod/etherpad/etherpad-export.sh
index 6bf6e672..0ebd7331 100755
--- a/mod/etherpad/etherpad-export.sh
+++ b/mod/etherpad/etherpad-export.sh
@@ -4,6 +4,6 @@ dest="$(echo $8 | sed -E -e 's/html|odt/'$7'/')"
convertTo="$7"
-curl -v -F "data=@${src}" -k https://collabora:9980/cool/convert-to/$convertTo > "${dest}"
+curl -v -F "data=@${src}" -k $COLLABORA_URL/convert-to/$convertTo > "${dest}"
exit 0
\ No newline at end of file
diff --git a/mod/haproxy/haproxy.cfg b/mod/haproxy/haproxy.cfg
index a66c2dd8..eb95d569 100644
--- a/mod/haproxy/haproxy.cfg
+++ b/mod/haproxy/haproxy.cfg
@@ -73,8 +73,8 @@ backend turn
backend nginx
mode tcp
- server localhost 10.7.7.1:48081 send-proxy check
+ server localhost 10.7.7.34:48081 send-proxy check
backend nginx-http2
mode tcp
- server localhost 10.7.7.1:48082 send-proxy check
+ server localhost 10.7.7.34:48082 send-proxy check
diff --git a/mod/nginx/Dockerfile b/mod/nginx/Dockerfile
index 0bf0ab38..47fc2be6 100644
--- a/mod/nginx/Dockerfile
+++ b/mod/nginx/Dockerfile
@@ -11,7 +11,24 @@ RUN cd /bbb-playback && npm install && npm run-script build
FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder-html5
COPY --from=src-html5 / /source
RUN cd /source && CI=true npm ci
-RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build
+RUN cd /source && DISABLE_ESLINT_PLUGIN=true npm run build-safari && npm run build
+RUN cd /source/dist && \
+ HASH=$(ls | grep -Eo 'bundle\.[a-f0-9]{20}\.js' | head -n 1 | grep -Eo '[a-f0-9]{20}') && \
+ if [ -z "$HASH" ]; then \
+ echo "Bundle hash not found."; \
+ else \
+ for FILE in *.safari.js *.safari.js.map; do \
+ if [[ "$FILE" == *"$HASH"* ]]; then \
+ continue; \
+ fi; \
+ PREFIX="${FILE%%.safari.js*}"; \
+ SUFFIX="${FILE#*.safari.js}"; \
+ NEW_NAME="${PREFIX}.${HASH}.safari.js${SUFFIX}"; \
+ echo "Renaming $FILE → $NEW_NAME"; \
+ mv "$FILE" "$NEW_NAME"; \
+ done; \
+ fi
+
RUN find /source/dist -name '*.js' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.css' -exec gzip -k -f -9 '{}' \; \
&& find /source/dist -name '*.wasm' -exec gzip -k -f -9 '{}' \;
@@ -21,7 +38,7 @@ RUN sed -i "s/VERSION/$BBB_BUILD_TAG/g" /source/dist/index.html && \
# --------------------
-FROM nginx:1.27-alpine
+FROM nginx:1.29-alpine
COPY --from=builder-learning-dashboard /bbb-learning-dashboard/build /www/learning-analytics-dashboard/
COPY --from=builder-playback /bbb-playback/build /www/playback/presentation/2.3
diff --git a/mod/nginx/bbb/bbb-html5.nginx b/mod/nginx/bbb/bbb-html5.nginx
index e62c0470..fc73a84a 100644
--- a/mod/nginx/bbb/bbb-html5.nginx
+++ b/mod/nginx/bbb/bbb-html5.nginx
@@ -11,3 +11,11 @@ location /html5client/locales {
autoindex on;
autoindex_format json;
}
+
+location /html5client/wasm {
+ types {
+ application/wasm wasm;
+ }
+ gzip_static on;
+ alias /usr/share/bigbluebutton/html5-client/wasm;
+}
\ No newline at end of file
diff --git a/mod/nginx/bbb/graphql.nginx b/mod/nginx/bbb/graphql.nginx
index 526ce5ff..be1f8cdf 100644
--- a/mod/nginx/bbb/graphql.nginx
+++ b/mod/nginx/bbb/graphql.nginx
@@ -8,7 +8,9 @@ location /graphql {
proxy_pass http://bbb-graphql-middleware:8378; #Graphql Middleware
}
-#Set cache system for client settings
+#DEPRECATED:
+#This endpoint is being replaced by /api/rest/meetingStaticData (which contain clientSettings and more)
+#It will be removed in BBB 3.1
location /api/rest/clientSettings {
auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
auth_request_set $meeting_id $sent_http_meeting_id;
@@ -18,13 +20,44 @@ location /api/rest/clientSettings {
proxy_cache_use_stale updating;
proxy_cache_valid 24h;
proxy_cache_lock on;
+ proxy_cache_lock_timeout 5s; # how long other requests may wait for the first one holding the cache lock
+ proxy_cache_lock_age 10s; # consider the lock stale after this time (prevents a stuck lock if upstream hangs)
+ # proxy_cache_background_update on; # optional: serve stale while refreshing the cache in background
+
+ add_header X-Cached $upstream_cache_status;
+
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ proxy_connect_timeout 3s; # max time to establish TCP connection to Hasura
+ proxy_send_timeout 15s; # max time to send the request to Hasura
+ proxy_read_timeout 30s; # max time to wait for Hasura’s response
+ proxy_set_header Host $host;
+ proxy_pass http://bbb-graphql-server:8085; #Hasura
+}
+
+#Set cache system for meeting static data
+location /api/rest/meetingStaticData {
+ auth_request /bigbluebutton/connection/checkGraphqlAuthorization;
+ auth_request_set $meeting_id $sent_http_meeting_id;
+
+ proxy_cache client_settings_cache;
+ proxy_cache_key "$uri|$meeting_id";
+ proxy_cache_use_stale updating;
+ proxy_cache_valid 24h;
+ proxy_cache_lock on;
+ proxy_cache_lock_timeout 5s; # how long other requests may wait for the first one holding the cache lock
+ proxy_cache_lock_age 10s; # consider the lock stale after this time (prevents a stuck lock if upstream hangs)
+ # proxy_cache_background_update on; # optional: serve stale while refreshing the cache in background
+
add_header X-Cached $upstream_cache_status;
proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
+ proxy_set_header Connection "";
+ proxy_connect_timeout 3s; # max time to establish TCP connection to Hasura
+ proxy_send_timeout 15s; # max time to send the request to Hasura
+ proxy_read_timeout 30s; # max time to wait for Hasura’s response
proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:8185; #Hasura
+ proxy_pass http://bbb-graphql-server:8085; #Hasura
}
location /api/rest/userMetadata {
@@ -32,8 +65,7 @@ location /api/rest/userMetadata {
auth_request_set $meeting_id $sent_http_meeting_id;
proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
+ proxy_set_header Connection "";
proxy_set_header Host $host;
- proxy_pass http://127.0.0.1:8185; #Hasura
+ proxy_pass http://bbb-graphql-server:8085; #Hasura
}
diff --git a/mod/nginx/bbb/web.nginx b/mod/nginx/bbb/web.nginx
index 5849527d..d854219e 100755
--- a/mod/nginx/bbb/web.nginx
+++ b/mod/nginx/bbb/web.nginx
@@ -164,10 +164,14 @@
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
add_header Pragma "no-cache";
add_header Expires "0";
+ add_header X-Server-Epoch-Msec $msec;
+ add_header X-Request-Id $request_id;
+
# this Header is required for cluster setups as the ping check is a
# CORS request. No cookies are required so we can just allow anyone
# to use this endpoint.
add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Expose-Headers' 'X-Server-Epoch-Msec,X-Request-Id';
return 200 "";
}
diff --git a/mod/nginx/bigbluebutton b/mod/nginx/bigbluebutton
index 58c5b20f..a7ff2f02 100644
--- a/mod/nginx/bigbluebutton
+++ b/mod/nginx/bigbluebutton
@@ -70,8 +70,7 @@ upstream hasura {
# server 127.0.0.1:8086;
}
server {
- listen 10.7.7.1:8185;
- listen 127.0.0.1:8185;
+ listen 8185;
root /var/www/html;
diff --git a/mod/nginx/nginx.conf b/mod/nginx/nginx.conf
index 270b9eae..fbc8cdc4 100644
--- a/mod/nginx/nginx.conf
+++ b/mod/nginx/nginx.conf
@@ -40,13 +40,13 @@ http {
listen 48083 http2;
location /bigbluebutton/api/join {
- return 301 https://10.7.7.1$request_uri;
+ return 301 https://10.7.7.35$request_uri;
}
location /bigbluebutton/api {
proxy_pass http://127.0.0.1:48087;
}
location / {
- return 301 https://10.7.7.1$request_uri;
+ return 301 https://10.7.7.35$request_uri;
}
}
diff --git a/mod/recordings/Dockerfile b/mod/recordings/Dockerfile
index 828aa1dc..cd6fe872 100644
--- a/mod/recordings/Dockerfile
+++ b/mod/recordings/Dockerfile
@@ -1,5 +1,19 @@
+ARG BBB_BUILD_TAG
+FROM bigbluebutton/bbb-build:$BBB_BUILD_TAG AS builder
-FROM ruby:3.0-slim-bullseye
+# compile and install mkclean
+RUN cd /tmp \
+ && wget https://sourceforge.net/projects/matroska/files/mkclean/mkclean-0.8.10.tar.bz2/download -O mkclean-0.8.10.tar.bz2 \
+ && tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
+ && cd /tmp/mkclean-0.8.10 \
+ && sed -i 's/\r//g' ./mkclean/configure.compiled \
+ && ./mkclean/configure.compiled \
+ && make -C mkclean \
+ && cp ./release/gcc_linux_x64/mkclean /usr/bin/mkclean \
+ && rm -r /tmp/mkclean-*
+
+
+FROM ruby:3.2-slim-trixie
# install apt dependencies
RUN apt-get update && apt-get install -y \
@@ -36,16 +50,7 @@ ENV LC_ALL en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8
-# compile and install mkclean
-RUN cd /tmp \
- && wget https://phoenixnap.dl.sourceforge.net/project/matroska/mkclean/mkclean-0.8.10.tar.bz2 \
- && tar -xf /tmp/mkclean-0.8.10.tar.bz2 \
- && cd /tmp/mkclean-0.8.10 \
- && sed -i 's/\r//g' ./mkclean/configure.compiled \
- && ./mkclean/configure.compiled \
- && make -C mkclean \
- && cp ./release/gcc_linux_x64/mkclean /usr/bin/mkclean \
- && rm -r /tmp/mkclean-*
+COPY --from=builder /usr/bin/mkclean /usr/bin/mkclean
# add dockerize
ENV DOCKERIZE_VERSION v0.6.1
@@ -78,7 +83,7 @@ COPY --from=presentation /scripts /usr/local/bigbluebutton/core/scripts/
# install ruby dependencies
RUN cd /usr/local/bigbluebutton/core \
&& gem install builder \
- && gem install bundler --no-document \
+ && gem install bundler -v 2.4.22 --no-document \
&& bundle config set --local deployment true \
&& bundle install \
&& bundle clean \
@@ -102,17 +107,13 @@ RUN cd /usr/bin \
&& sed -i 's/systemctl.*//' /usr/bin/bbb-record \
&& echo "BIGBLUEBUTTON_RELEASE=$TAG_RECORDINGS" > /etc/bigbluebutton/bigbluebutton-release
-# create user
-# the ID should match the one creating the files in `core`
-RUN groupadd -g 998 bigbluebutton && useradd -m -u 998 -g bigbluebutton bigbluebutton
-
# change owner
# https://github.com/alangecker/bigbluebutton-docker/issues/63
RUN chown -R 998:998 /usr/local/bigbluebutton
ARG TAG_BBB_PRESENTATION_VIDEO
RUN cd /tmp/ && \
- wget -q -O bbb-presentation-video.zip "https://github.com/bigbluebutton/bbb-presentation-video/releases/download/${TAG_BBB_PRESENTATION_VIDEO}/ubuntu-20.04.zip" && \
+ wget -q -O bbb-presentation-video.zip "https://github.com/bigbluebutton/bbb-presentation-video/releases/download/${TAG_BBB_PRESENTATION_VIDEO}/ubuntu-22.04.zip" && \
unzip -o bbb-presentation-video.zip -d bbb-presentation-video && \
dpkg -i bbb-presentation-video/bbb-presentation-video*.deb && \
rm -rf /tmp/*
diff --git a/mod/recordings/entrypoint.sh b/mod/recordings/entrypoint.sh
index a62b229c..2a70f42c 100755
--- a/mod/recordings/entrypoint.sh
+++ b/mod/recordings/entrypoint.sh
@@ -5,7 +5,7 @@ touch /var/log/bigbluebutton/bbb-web.log
touch /var/log/bigbluebutton/sanity.log
touch /var/log/bigbluebutton/post_publish.log
mkdir -p /var/log/bigbluebutton/presentation
-chown -R bigbluebutton:bigbluebutton /var/log/bigbluebutton
+chown -R 998:998 /var/log/bigbluebutton
dockerize \
-template /etc/bigbluebutton/recording/recording.yml.tmpl:/etc/bigbluebutton/recording/recording.yml \
diff --git a/mod/recordings/supervisord.conf b/mod/recordings/supervisord.conf
index 22e456d3..168999d2 100644
--- a/mod/recordings/supervisord.conf
+++ b/mod/recordings/supervisord.conf
@@ -4,8 +4,8 @@ user=root
[program:rasque_workers]
command=bundle exec rake -f Rakefile resque:workers
directory=/usr/local/bigbluebutton/core/scripts
-environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",HOME="/home/bigbluebutton"
-user=bigbluebutton
+environment=QUEUE="rap:archive,rap:publish,rap:process,rap:sanity,rap:captions,rap:events",COUNT="1",HOME="/tmp"
+user=998
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
@@ -15,8 +15,8 @@ stderr_logfile_maxbytes=0
[program:rap_starter]
command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-starter.rb
directory=/usr/local/bigbluebutton/core/scripts
-environment=HOME="/home/bigbluebutton"
-user=bigbluebutton
+environment=HOME="/tmp"
+user=998
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
@@ -26,8 +26,8 @@ stderr_logfile_maxbytes=0
[program:rap_caption_inbox]
command=bundle exec ruby /usr/local/bigbluebutton/core/scripts/rap-caption-inbox.rb
directory=/usr/local/bigbluebutton/core/scripts
-environment=HOME="/home/bigbluebutton"
-user=bigbluebutton
+environment=HOME="/tmp"
+user=998
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
stderr_logfile=/dev/fd/2
diff --git a/repos/bbb-pads b/repos/bbb-pads
index 724d55c2..e11eeda5 160000
--- a/repos/bbb-pads
+++ b/repos/bbb-pads
@@ -1 +1 @@
-Subproject commit 724d55c26b1c94ea22a85b0c7e064f57b54875cb
+Subproject commit e11eeda573d62d8e35f5733ef151b5ad9b7d595c
diff --git a/repos/bbb-playback b/repos/bbb-playback
index a2e4676d..317cae1e 160000
--- a/repos/bbb-playback
+++ b/repos/bbb-playback
@@ -1 +1 @@
-Subproject commit a2e4676d567da3ef0e7bfb18a6815298dd020def
+Subproject commit 317cae1e83dcde3f5057d0af71890e42b51bd3ff
diff --git a/repos/bbb-webhooks b/repos/bbb-webhooks
index 7ed5fdb4..31e1bb70 160000
--- a/repos/bbb-webhooks
+++ b/repos/bbb-webhooks
@@ -1 +1 @@
-Subproject commit 7ed5fdb4178f8148f1863342827ab42522e12cae
+Subproject commit 31e1bb70e06c42be9b386a074f109dc9c7dd947d
diff --git a/repos/bbb-webrtc-recorder b/repos/bbb-webrtc-recorder
index 95ab45f4..2570fd79 160000
--- a/repos/bbb-webrtc-recorder
+++ b/repos/bbb-webrtc-recorder
@@ -1 +1 @@
-Subproject commit 95ab45f4c7ce29909b217d94ceb33bbbcb5b5508
+Subproject commit 2570fd79b79bce872a19847f60559870173b6258
diff --git a/repos/bbb-webrtc-sfu b/repos/bbb-webrtc-sfu
index e5a4bab5..70b6a29f 160000
--- a/repos/bbb-webrtc-sfu
+++ b/repos/bbb-webrtc-sfu
@@ -1 +1 @@
-Subproject commit e5a4bab5bd2cbd006ef2f144d27bd4ae28cfb953
+Subproject commit 70b6a29f045a8ffb6c49d6e9d155899f8cd1c2d2
diff --git a/repos/bigbluebutton b/repos/bigbluebutton
index ef2dda43..69f45aa1 160000
--- a/repos/bigbluebutton
+++ b/repos/bigbluebutton
@@ -1 +1 @@
-Subproject commit ef2dda435ebf190fc7573293a2099f902a22f1f2
+Subproject commit 69f45aa1b963dc7d80179d0155acc670aec5c4fc
diff --git a/repos/tags b/repos/tags
index e8b18b09..f2adc554 100644
--- a/repos/tags
+++ b/repos/tags
@@ -5,10 +5,10 @@
repos/bbb-etherpad-plugin 88f3f6b
repos/bbb-etherpad-skin 8328b77
-repos/bbb-pads v1.5.3
-repos/bbb-playback v5.3.1
-repos/bbb-webhooks v3.3.1
-repos/bbb-webrtc-recorder v0.8.0
-repos/bbb-webrtc-sfu v2.17.0-beta.6
-repos/bigbluebutton v3.0.4
+repos/bbb-pads v1.5.6
+repos/bbb-playback v5.4.3
+repos/bbb-webhooks v3.4.0
+repos/bbb-webrtc-recorder v0.13.1
+repos/bbb-webrtc-sfu v2.21.2
+repos/bigbluebutton v3.0.19
repos/freeswitch v1.10.12
diff --git a/sample.env b/sample.env
index 99b654ec..1cc1fc21 100644
--- a/sample.env
+++ b/sample.env
@@ -12,6 +12,20 @@ LETSENCRYPT_EMAIL=test@example.net
# https://docs.bigbluebutton.org/greenlight/gl-overview.html
ENABLE_GREENLIGHT=true
+
+# Collabora
+# Enable Collabora service
+# Deactivate if you use an external coturn server
+# https://www.collaboraonline.com/
+ENABLE_COLLABORA=true
+COLLABORA_URL=https://collabora:9980/cool
+
+# Coturn
+# Enable Coturn service
+# Deactivate if you use an external coturn server
+# https://github.com/coturn/coturn
+ENABLE_COTURN=true
+
# Enable Webhooks
# used by some integrations
#ENABLE_WEBHOOKS=true
diff --git a/scripts/generate-compose b/scripts/generate-compose
index 81a546fc..24fafb63 100755
--- a/scripts/generate-compose
+++ b/scripts/generate-compose
@@ -36,7 +36,7 @@ function get_tag {
}
# https://hub.docker.com/r/bigbluebutton/bbb-build
-BBB_BUILD_TAG=v3.0.x-release--2025-02-06-143818
+BBB_BUILD_TAG=v3.0.x-release--2025-10-30-133835
docker run \
--rm \
@@ -59,6 +59,8 @@ docker run \
-e ENABLE_HTTPS_PROXY=${ENABLE_HTTPS_PROXY:-false} \
-e ENABLE_WEBHOOKS=${ENABLE_WEBHOOKS:-false} \
-e ENABLE_GREENLIGHT=${ENABLE_GREENLIGHT:-false} \
+ -e ENABLE_COTURN=${ENABLE_COTURN:-true} \
+ -e ENABLE_COLLABORA=${ENABLE_COLLABORA:-true} \
-e ENABLE_PROMETHEUS_EXPORTER=${ENABLE_PROMETHEUS_EXPORTER:-false} \
-e ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION=${ENABLE_PROMETHEUS_EXPORTER_OPTIMIZATION:-false} \
jwilder/dockerize -template /docker-compose.tmpl.yml \
diff --git a/scripts/publish b/scripts/publish
index 601b787c..6d9ed66c 100755
--- a/scripts/publish
+++ b/scripts/publish
@@ -4,7 +4,7 @@ set -e
cd "$(dirname "$0")/.."
# load .env
-. functions.sh
+. scripts/functions.sh
load_env
if [ -z "$ENABLE_WEBHOOKS" ]; then
@@ -21,8 +21,8 @@ fi
# generate compose file
./scripts/generate-compose
-# ensure submodules are matching tags.env
-./scripts/checkout-submodules
+# ensure submodules are correctly checked out
+git submodule update
# build and push java base image
docker build -t alangecker/bbb-docker-base-java:latest mod/base-java
@@ -33,16 +33,20 @@ docker compose build
# push images
docker push alangecker/bbb-docker-base-java:latest
docker compose push \
- html5-backend-1 \
- bbb-web \
- freeswitch \
apps-akka \
+ bbb-export-annotations \
+ bbb-graphql-actions \
+ bbb-graphql-middleware \
+ bbb-graphql-server \
bbb-pads \
+ bbb-web \
+ bbb-webrtc-recorder \
etherpad \
fsesl-akka \
- jodconverter \
+ haproxy \
nginx \
periodic \
recordings \
webhooks \
- webrtc-sfu
+ webrtc-sfu \
+ freeswitch