容器镜像配置
openwrt
compose
version: '3'
services:
openwrt:
image: sulinggg/openwrt:x86_64
privileged: true
restart: always
networks:
openwrt:
ipv4_address: 192.168.101.39
volumes:
- ./network.conf:/etc/config/network
- ./var:/var
command: /sbin/init
networks:
openwrt:
external: true
网卡
ip link set enp3s0 promisc on
docker network create -d macvlan --subnet=192.168.22.1/24 --gateway=192.168.22.1 -o parent=enp3s0 wrtnet
Pandoc
docker run --rm -v "./data:/data" --user `id -u`:`id -g` pandoc/latex README.md -o README.pdf
certbot
dns txt记录认证
certbot certonly --preferred-challenges dns -d "*.donjuan.lecturify.net" --manual
sudo docker run -v ./letsencrypt:/etc/letsencrypt --rm -it docker.nju.edu.cn/certbot/certbot certonly --preferred-challenges dns -d "*.donjuan.lecturify.net" --manual
matrix conduit
conduit
docker-compose
version: '3' services: homeserver: container_name: conduit image: docker.nju.edu.cn/matrixconduit/matrix-conduit:latest # network_mode: host networks: conduit: ports: - 8008:8008 volumes: - ./data:/data environment: CONDUIT_SERVER_NAME: matrix.donjuan.lecturify.net # EDIT THIS CONDUIT_DATABASE_PATH: /data CONDUIT_DATABASE_BACKEND: rocksdb CONDUIT_PORT: 8008 CONDUIT_MAX_REQUEST_SIZE: 20_000_000_0 # in bytes, ~200 MB CONDUIT_ALLOW_REGISTRATION: 'true' CONDUIT_ALLOW_FEDERATION: 'true' CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true' CONDUIT_TRUSTED_SERVERS: '["mozilla.org"]' #CONDUIT_MAX_CONCURRENT_REQUESTS: 100 #CONDUIT_LOG: warn,rocket=off,_=off,sled=off CONDUIT_ADDRESS: 0.0.0.0 CONDUIT_CONFIG: '' # Ignore this CONDUIT_TURN_URIS: '["turn:matrix.donjuan.lecturify.net:5349?transport=udp", "turn:matrix.donjuan.lecturify.net:5349?transport=tcp"]' CONDUIT_TURN_SECRET: "conduit6666" coturn: container_name: coturn image: docker.nju.edu.cn/coturn/coturn network_mode: host volumes: - ./coturn.conf:/etc/coturn/turnserver.conf - ../letsencrypt/live/donjuan.lecturify.net/fullchain.pem:/etc/ssl/certs/cert.pem:ro - ../letsencrypt/live/donjuan.lecturify.net/privkey.pem:/etc/ssl/private/privkey.pem:ro heisenbridge: container_name: heisenbridge image: docker.nju.edu.cn/hif1/heisenbridge command: "-c /data/config http://conduit:8008" networks: conduit: volumes: - ./heisenbridge_data:/data element-web: container_name: element image: docker.io/vectorim/element-web volumes: - ./element_config:/app/config.json ports: - 8777:80 sysdent: container_name: sysdent image: docker.nju.edu.cn/matrixdotorg/sydent volumes: - ./sysdentdata:/data network_mode: host telegram: container_name: telegram shm_size: 64mb image: dock.mau.dev/mautrix/telegram volumes: - ./telegram:/data networks: - conduit - postgres email: container_name: matrix_mail shm_size: 64mb image: jojii/matrix_email_bridge volumes: - ./mail:/app/data networks: conduit: networks: conduit: postgres: external: true
heisenbridge
生成heisenbridgedata/config
docker run --rm -v ./heisenbridge_data:/data docker.nju.edu.cn/hif1/heisenbridge -l heisenbridge --generate-compat -c /data/config http://conduit:8008
coturn
coturn.conf
use-auth-secret static-auth-secret=your secret realm=matrix.donjuan.lecturify.net
element-web
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://www.donjuan.lecturify.net:8448",
"server_name": "donjuanplatinum"
},
"m.identity_server": {
"base_url": "https://www.donjuan.lecturify.net:8901"
}
},
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"default_country_code": "GB",
"show_labs_settings": false,
"features": {},
"default_federate": true,
"default_theme": "dark",
"room_directory": {
"servers": ["mozilla.org","poa.st"]
},
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"setting_defaults": {
"breadcrumbs": true
},
"jitsi": {
"preferred_domain": "meet.element.io"
},
"element_call": {
"url": "https://call.element.io",
"participant_limit": 8,
"brand": "Element Call"
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}
mautrix-telegram
mail
{
"allowed_servers": [
"matrix.donjuan.lecturify.net"
],
"defaultmailcheckinterval": 30,
"htmldefault": false,
"markdownenabledbydefault": true,
"matrixaccesstoken": "",
"matrixserver": "http://conduit:8008",
"matrixuserid": "@mail:matrix.donjuan.lecturify.net"
}
生成样例配置文件
docker run --rm -v ./telegram:/data dock.mau.dev/mautrix/telegram
编辑
生成registry文件
@telegrambot:
matrix-qq
compose
compose
version: "3" services: matrix-qq: hostname: matrix-qq container_name: matrix-qq image: docker.nju.edu.cn/lxduo/matrix-qq:latest restart: unless-stopped volumes: - ./matrix-qq:/data networks: - postgresql_psql - conduit_conduit ports: - 17777:17777 networks: postgresql_psql: external: true conduit_conduit: external: true修改config.yaml
config
matrix-qq/config.yaml
# Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. address: http://homeserver:8008 # The domain of the homeserver (for MXIDs, etc). domain: matrix.donjuan.lecturify.net # Set to null to disable using the websocket. When not using the websocket, make sure hostname and port are set in the appservice section. websocket_proxy: # How often should the websocket be pinged? Pinging will be disabled if this is zero. ping_interval_seconds: 0 # What software is the homeserver running? # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. software: standard # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's connection state changes. # The bridge will use the appservice as_token to authorize requests. status_endpoint: null # Endpoint for reporting per-message status. message_send_checkpoint_endpoint: null # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? async_media: false # Application service host/registration related details. # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. address: http://matrix-qq:17777 # The hostname and port where this appservice should listen. hostname: 0.0.0.0 port: 17777 # Database config. database: # The database type. "sqlite3" and "postgres" are supported. type: postgres # The database URI. # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql uri: postgres://postgres:postgresspassword@postgres/matrixqq?sslmode=disable # Maximum number of connections. Mostly relevant for Postgres. max_open_conns: 20 max_idle_conns: 2 # Maximum connection idle time and lifetime before they're closed. Disabled if null. # Parsed with https://pkg.go.dev/time#ParseDuration max_conn_idle_time: null max_conn_lifetime: null # The unique ID of this appservice. id: qq # Appservice bot details. bot: # Username of the appservice bot. username: qqbot # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. displayname: QQ bridge bot avatar: mxc://avatar url # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). # You should disable bridge -> sync_with_custom_puppets when this is enabled. ephemeral_events: true # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: "token" hs_token: "token" # QQ config qq: # QQ client protocol (1: AndroidPhone, 2: AndroidWatch, 3: MacOS, 4: QiDian, 5: IPad, 6: AndroidPad) protocol: 2 # Sign Server (https://github.com/fuqiuluo/unidbg-fetch-qsign) sign_server: "http://192.168.101.75:8901" # Bridge config bridge: # Proxy for homeserver connection. hs_proxy: # Localpart template of MXIDs for QQ users. username_template: _qq_{{.}} # Displayname template for QQ users. displayname_template: "{{if .Name}}{{.Name}}{{else}}{{.Uin}}{{end}} (QQ)" # Should the bridge create a space for each logged-in user and add bridged rooms to it? # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time. personal_filtering_spaces: true # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. message_status_events: false # Whether the bridge should send error notices via m.notice events when a message fails to bridge. message_error_notices: true portal_message_buffer: 128 # Enable redaction allow_redaction: false # Should puppet avatars be fetched from the server even if an avatar is already set? user_avatar_sync: true # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. sync_with_custom_puppets: false # Should the bridge update the m.direct account data event when double puppeting is enabled. # Note that updating the m.direct event is not atomic (except with mautrix-asmux) # and is therefore prone to race conditions. sync_direct_chat_list: false # When double puppeting is enabled, users can use `!wa toggle` to change whether # presence is bridged. These settings set the default values. # Existing users won't be affected when these are changed. default_bridge_presence: false # Send the presence as "available" to QQ when users start typing on a portal. # This works as a workaround for homeservers that do not support presence, and allows # users to see when the qq user on the other side is typing during a conversation. send_presence_on_typing: true # Servers to always allow double puppeting from double_puppet_server_map: matrix.donjuan.lecturify.net: https://matrix.donjuan.lecturify.net:8448 # Allow using double puppeting from any server with a valid client .well-known file. double_puppet_allow_discovery: false # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth # # If set, double puppeting will be enabled automatically for local users # instead of users having to find an access token and run `login-matrix` # manually. login_shared_secret_map: example.com: foobar # Should the bridge explicitly set the avatar and room name for private chat portal rooms? private_chat_portal_meta: false # Should group members be synced in parallel? This makes member sync faster parallel_member_sync: false # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # This field will automatically be changed back to false after it, except if the config file is not writable. resend_bridge_info: false # When using double puppeting, should muted chats be muted in Matrix? mute_bridging: false # Allow invite permission for user. User can invite any bots to room with qq # users (private chat and groups) allow_user_invite: false # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. federate_rooms: true # Should the bridge never send alerts to the bridge management room? # These are mostly things like the user being logged out. disable_bridge_alerts: false # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration # Null means there's no enforced timeout. message_handling_timeout: # Send an error message after this timeout, but keep waiting for the response until the deadline. # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. # If the message is older than this when it reaches the bridge, the message won't be handled at all. error_after: null # Drop messages after this timeout. They may still go through if the message got sent to the servers. # This is counted from the time the bridge starts handling the message. deadline: 120s # The prefix for commands. Only required in non-management rooms. command_prefix: "!qq" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. management_room_text: # Sent when joining a room. welcome: "Hello, I'm a QQ bridge bot." # Sent when joining a management room and the user is already logged in. welcome_connected: "Use `help` for help." # Sent when joining a management room and the user is not logged in. welcome_unconnected: "Use `help` for help or `login` to log in." # Optional extra text sent when joining a management room. additional_help: "" # End-to-bridge encryption support options. # # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. encryption: # Allow encryption, work in group chat rooms with e2ee enabled allow: true # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. # It is recommended to also set private_chat_portal_meta to true when using this. default: false # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. appservice: false # Require encryption, drop any unencrypted messages. require: false # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # You must use a client that supports requesting keys from other users to use this feature. allow_key_sharing: false # What level of device verification should be required from users? # # Valid levels: # unverified - Send keys to all device in the room. # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. # Note that creating user signatures from the bridge bot is not currently possible. # verified - Require manual per-device verification # (currently only possible by modifying the `trust` column in the `crypto_device` database table). verification_levels: # Minimum level for which the bridge should send keys to when bridging messages from QQ to Matrix. receive: unverified # Minimum level that the bridge should accept for incoming Matrix messages. send: unverified # Minimum level that the bridge should require for accepting key requests. share: cross-signed-tofu # Options for Megolm room key rotation. These options allow you to # configure the m.room.encryption event content. See: # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for # more information about that event. rotation: # Enable custom Megolm room key rotation settings. Note that these # settings will only apply to rooms created after this option is # set. enable_custom: false # The maximum number of milliseconds a session should be used # before changing it. The Matrix spec recommends 604800000 (a week) # as the default. milliseconds: 604800000 # The maximum number of messages that should be sent with a given a # session before changing it. The Matrix spec recommends 100 as the # default. messages: 100 # Permissions for using the bridge. # Permitted values: # user - Access to use the bridge to chat with a QQ account. # admin - User level and some additional administration tools # Permitted keys: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user permissions: "matrix.donjuan.lecturify.net": admin "@donjuan:matrix.donjuan.lecturify.net": admin # Logging config. logging: # The directory for log files. Will be created if not found. directory: ./logs # Available variables: .Date for the file date and .Index for different log files on the same day. # Set this to null to disable logging to file. file_name_format: "{{.Date}}-{{.Index}}.log" # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants file_date_format: "2006-01-02" # Log file permissions. file_mode: 0o600 # Timestamp format for log entries in the Go time format. timestamp_format: "Jan _2, 2006 15:04:05" # Minimum severity for log messages printed to stdout/stderr. This doesn't affect the log file. # Options: debug, info, warn, error, fatal print_level: debugregis
生成register.yaml
docker run --rm -v `pwd`/matrix-qq:/data:z lxduo/matrix-qq:latest
生成后appservice注册homeserver
unidbg
compose
version: '2' services: qsign: image: ghcr.nju.edu.cn/fuqiuluo/unidbg-fetch-qsign environment: TZ: Asia/Shanghai restart: always ports: # 按需调整端口映射 - 8901:8080
blessing-skin
.env
APP_DEBUG=false
APP_ENV=production
APP_FALLBACK_LOCALE=en
DB_CONNECTION=sqlite
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=/app/database.db
DB_USERNAME=username
DB_PASSWORD=secret
DB_PREFIX=
# Hash Algorithm for Passwords
#
# Available values:
# - BCRYPT, ARGON2I, PHP_PASSWORD_HASH
# - MD5, SALTED2MD5
# - SHA256, SALTED2SHA256
# - SHA512, SALTED2SHA512
#
# New sites are *highly* recommended to use BCRYPT.
#
PWD_METHOD=BCRYPT
APP_KEY=base64:5RbZBYJGqz3EOOuJNyahHydzqFLRk1Od+Sak6HBvs6o=
MAIL_MAILER=smtp
MAIL_HOST=
MAIL_PORT=465
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_ENCRYPTION=
MAIL_FROM_ADDRESS=
MAIL_FROM_NAME=
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_CONNECTION=sync
REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
PLUGINS_DIR=/app/plugins
PLUGINS_URL=null
docker-compose.yml
version: '3'
services:
skin:
container_name: bs
image: docker.nju.edu.cn/donjuanplatinum/blessing-skin-server
network_mode: host
volumes:
- ./app:/app
- ./storage:/app/storage
environment:
- DB_DATABASE=/app/database.db
- PLUGINS_DIR=/app/plugins
trojan
docker-compose
version: '3'
services:
trojan:
container_name: trojan
image: trojangfw/trojan
network_mode: host
volumes:
- ./config.json:/config/config.json
- ../letsencrypt/live/donjuan.lecturify.net:/etc/certs
config.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 8777,
"password": [
"password1",
"password2"
],
"log_level": 1,
"ssl": {
"cert": "/etc/certs/fullchain.pem",
"key": "/etc/certs/privkey.pem",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
"cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"alpn_port_override": {
"h2": 81
},
"reuse_session": true,
"session_ticket": false,
"session_timeout": 600,
"plain_http_response": "",
"curves": "",
"dhparam": ""
},
"tcp": {
"prefer_ipv4": false,
"no_delay": true,
"keep_alive": true,
"reuse_port": false,
"fast_open": false,
"fast_open_qlen": 20
},
"mysql": {
"enabled": false,
"server_addr": "127.0.0.1",
"server_port": 3306,
"database": "trojan",
"username": "trojan",
"password": "",
"key": "",
"cert": "",
"ca": ""
}
}
注意!
在cloudflare下的ssl/tls ssl/tls加密设置为完全 严格
gitea
docker-compose
version: '3'
services:
gitea:
container_name: gitea
image: docker.nju.edu.cn/gitea/gitea
# network_mode: host
networks:
postgres:
ports:
- 3000:3000
- 2222:2222
volumes:
- ./data:/data
- ./config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
act_runner:
container_name: act_runner
image: docker.nju.edu.cn/gitea/act_runner
networks:
postgres:
volumes:
- ./config.yaml:/config.yaml
- ./act_data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
CONFIG_FILE=/config.yaml
networks:
postgres:
external: true
actrunner
创建配置文件
docker run --entrypoint="" --rm -it docker.nju.edu.cn/gitea/act_runner:latest act_runner generate-config > config.yaml
配置文件
# Example configuration file, it's safe to copy this as the default config file without any modification. # You don't have to copy this file to your instance, # just run `./act_runner generate-config > config.yaml` to generate a config file. log: # The level of logging, can be trace, debug, info, warn, error, fatal level: info runner: # Where to store the registration result. file: .runner # Execute how many tasks concurrently at the same time. capacity: 1 # Extra environment variables to run jobs. envs: A_TEST_ENV_NAME_1: a_test_env_value_1 A_TEST_ENV_NAME_2: a_test_env_value_2 # Extra environment variables to run jobs from a file. # It will be ignored if it's empty or the file doesn't exist. env_file: .env # The timeout for a job to be finished. # Please note that the Gitea instance also has a timeout (3h by default) for the job. # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. timeout: 3h # Whether skip verifying the TLS certificate of the Gitea instance. insecure: false # The timeout for fetching the job from the Gitea instance. fetch_timeout: 5s # The interval for fetching the job from the Gitea instance. fetch_interval: 2s # The labels of a runner are used to determine which jobs the runner can run, and how to run them. # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" # Find more images provided by Gitea at https://gitea.com/gitea/runner-images . # If it's empty when registering, it will ask for inputting labels. # If it's empty when execute `daemon`, will use labels in `.runner` file. labels: - "ubuntu-latest:docker://localhost/donjuan" - "donjuan:docker://git.donjuan.lecturify.net/donjuan/donjuan-workflow:latest" cache: # Enable cache server to use actions/cache. enabled: true # The directory to store the cache data. # If it's empty, the cache data will be stored in $HOME/.cache/actcache. dir: "" # The host of the cache server. # It's not for the address to listen, but the address to connect from job containers. # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. host: "" # The port of the cache server. # 0 means to use a random available port. port: 0 # The external cache server URL. Valid only when enable is true. # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. # The URL should generally end with "/". external_server: "" container: # Specifies the network to which the container will connect. # Could be host, bridge or the name of a custom network. # If it's empty, act_runner will create a network automatically. network: "" # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in -Docker). privileged: false # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). options: # The parent directory of a job's working directory. # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. # If the path starts with '/', the '/' will be trimmed. # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir # If it's empty, /workspace will be used. workdir_parent: # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/ gobwas/glob # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you shou ld change the config to: # valid_volumes: # - data # - /src/*.json # If you want to allow any volume, please use the following configuration: # valid_volumes: # - '**' valid_volumes: [] # overrides the docker client host with the specified one. # If it's empty, act_runner will find an available docker host automatically. # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. docker_host: "" # Pull docker image(s) even if already present force_pull: false # Rebuild docker image(s) even if already present force_rebuild: false host: # The parent directory of a job's working directory. # If it's empty, $HOME/.cache/act/ will be used. workdir_parent:注册act
docker exec -it act_runner bash act_runner --config /config.yaml register # token为giteaweb的actions配置中的runner token
启动act
act_runner --config /config.yaml daemon
gitea
备份与恢复
备份
docker exec -it gitea bash su git # 以app.ini中指定的用户登录 gitea dump
也可以使用数据库进行备份
pg_dump -U $USER $DATABASE > gitea-db.sql
恢复
# 在容器中打开 bash 会话 docker exec --user git -it gitea bash # 在容器内解压您的备份文件 unzip gitea-dump-1610949662.zip cd gitea-dump-1610949662 # 恢复 Gitea 数据 mv data/* /data/gitea # 恢复仓库本身 mv repos/* /data/git/gitea-repositories/ # 调整文件权限 chown -R git:git /data # mysql mysql --default-character-set=utf8mb4 -u$USER -p$PASS $DATABASE <gitea-db.sql # sqlite3 sqlite3 $DATABASE_PATH <gitea-db.sql # postgres psql -U $USER -d $DATABASE < gitea-db.sql # 重新生成 Git 钩子 /usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks
postgres
docker-compose.yml
# Use postgres/example user/password credentials
version: '3.9'
services:
db:
image: postgres
restart: always
container_name: postgres
network:
postgres:
# set shared memory limit when using docker-compose
shm_size: 128mb
# or set shared memory limit when deploy via swarm stack
#volumes:
# - type: tmpfs
# target: /dev/shm
# tmpfs:
# size: 134217728 # 128*2^20 bytes = 128Mb
volumes:
- ./data:/var/lib/postgresql/data
environment:
POSTGRES_USER: user
POSTGRES_PASSWORD: example
networks:
postgres:
external: true
overleaf
clone
git clone https://github.com/overleaf/toolkit
cd toolkit
./bin/init
./bin/up
archlinux
docker-compose.yml
version: '3'
services:
gitea:
container_name: archlinux
image: archlinux
network_mode: host
volumes:
- ./mirrorlist:/etc/pacman.d/mirrorlist
tty: true
stdin_open: true
frp
compose
version: '3.3'
services:
frps:
network_mode: host
volumes:
- ./frps.ini:/etc/frp/frps.ini
container_name: frps
image: docker.nju.edu.cn/snowdreamtech/frps
frps.ini
[common]
bind_port = 6000
vhost_http_port = 6001
vhost_https_port = 6002
dashboard_addr = 0.0.0.0
dashboard_port = 6500
dashboard_user = user
dashboard_pwd = password
subdomain_host = frp.yourdomain
token = yourtoken
rustdesk
key在data下的ided25519.pub
compose
version: '3'
services:
hbbs:
container_name: hbbs
image: docker.m.daocloud.io/rustdesk/rustdesk-server:latest
command: hbbs
volumes:
- ./data:/root
network_mode: "host"
restart: unless-stopped
hbbr:
container_name: hbbr
image: docker.m.daocloud.io/rustdesk/rustdesk-server:latest
command: hbbr
volumes:
- ./data:/root
network_mode: "host"
restart: unless-stopped
data/ided25519.pub
steamcmd
docker run -it -v $PWD:/data steamcmd/steamcmd:latest +login anonymous +force_install_dir /data +app_update 740 +quit
mariadb
compose
cli
创建数据库
create database 'database';
创建用户
create user 'user';
修改密码
set password for 'user' = PASSWORD('password');授予权限
GRANT ALL PRIVILEGES ON 'database' TO 'user'; flush privileges;
mail-server
compose
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
# hostname: mail.example.com
domainname: donplat.top
# env_file: mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
# To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- /etc/letsencrypt/:/etc/letsencrypt
environment:
- SSL_TYPE=manual
- SSL_CERT_PATH=/etc/letsencrypt/live/donplat.top-0001/fullchain.pem
- SSL_KEY_PATH=/etc/letsencrypt/live/donplat.top-0001/privkey.pem
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
cap_add:
- NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
添加用户
setup email add donjuan@donplat.top password
配置dkim
setup config dkim
生成于/tmp/docker-mailserver/opendkim/
设置dns记录 type: TXT name: mail._domainkey data: 文件内容()
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQMMqhb1S52Rg7VFS3EC6JQIMxNDdiBmOKZvY5fiVtD3Z+yd9ZV+V8e4IARVoMXWcJWSR6xkloitzfrRtJRwOYvmrcgugOalkmM0V4Gy/2aXeamuiBuUc4esDQEI3egmtAsHcVY1XCoYfs+9VqoHEq3vdr3UQ8zP/l+FP5UfcaJFCK/ZllqcO2P1GjIDVSHLdPpRHbMP/tU1a9mNZ"
"5QMZBJ/JuJK/s+2bp8gpxKn8rh1akSQjlynlV9NI+7J3CC7CUf3bGvoXIrb37C/lpJehS39KNtcGdaRufKauSfqx/7SxA0zyZC+r13f7ASbMaQFzm+/RRusTqozY/p/MsWx8QIDAQAB"
) ; # 生成的文件
data区域的内容: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQMMqhb1S52Rg7VFS3EC6JQIMxNDdiBmOKZvY5fiVtD3Z+yd9ZV+V8e4IARVoMXWcJWSR6xkloitzfrRtJRwOYvmrcgugOalkmM0V4Gy/2aXeamuiBuUc4esDQEI3egmtAsHcVY1XCoYfs+9VqoHEq3vdr3UQ8zP/l+FP5UfcaJFCK/ZllqcO2P1GjIDVSHLdPpRHbMP/tU1a9mNZ5QMZBJ/JuJK/s+2bp8gpxKn8rh1akSQjlynlV9NI+7J3CC7CUf3bGvoXIrb37C/lpJehS39KNtcGdaRufKauSfqx/7SxA0zyZC+r13f7ASbMaQFzm+/RRusTqozY/p/MsWx8QIDAQAB
用户配置文件docker-data/dms/config/postfix-accounts.cf
v2raya
cli
podman run -itd --name v2raya --restart=always --security-opt no-new-privileges --cap-drop all --network host --memory=500M --volume .:/etc/v2raya:z docker.io/mzz2017/v2raya
Jitsi
开源的会议
.env
# shellcheck disable=SC2034
################################################################################
################################################################################
# Welcome to the Jitsi Meet Docker setup!
#
# This sample .env file contains some basic options to get you started.
# The full options reference can be found here:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
################################################################################
################################################################################
#
# Basic configuration options
#
# Directory where all configuration will be stored
CONFIG=~/.jitsi-meet-cfg
# Exposed HTTP port (will redirect to HTTPS port)
HTTP_PORT=8000
# Exposed HTTPS port
HTTPS_PORT=8443
# System time zone
TZ=UTC
# Public URL for the web service (required)
# Keep in mind that if you use a non-standard HTTPS port, it has to appear in the public URL
#PUBLIC_URL=https://meet.example.com:${HTTPS_PORT}
# Media IP addresses to advertise by the JVB
# This setting deprecates DOCKER_HOST_ADDRESS, and supports a comma separated list of IPs
# See the "Running behind NAT or on a LAN environment" section in the Handbook:
# https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
#JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
#
# Memory limits for Java components
#
#JICOFO_MAX_MEMORY=3072m
#VIDEOBRIDGE_MAX_MEMORY=3072m
#
# JaaS Components (beta)
# https://jaas.8x8.vc
#
# Enable JaaS Components (hosted Jigasi)
# NOTE: if Let's Encrypt is enabled a JaaS account will be automatically created, using the provided email in LETSENCRYPT_EMAIL
#ENABLE_JAAS_COMPONENTS=0
#
# Let's Encrypt configuration
#
# Enable Let's Encrypt certificate generation
#ENABLE_LETSENCRYPT=1
# Domain for which to generate the certificate
#LETSENCRYPT_DOMAIN=meet.example.com
# E-Mail for receiving important account notifications (mandatory)
#LETSENCRYPT_EMAIL=alice@atlanta.net
# Use the staging server (for avoiding rate limits while testing)
#LETSENCRYPT_USE_STAGING=1
# Set ACME server. Default is zerossl, you can peek one at https://github.com/acmesh-official/acme.sh/wiki/Server
#LETSENCRYPT_ACME_SERVER="letsencrypt"
#
# Etherpad integration (for document sharing)
#
# Set the etherpad-lite URL in the docker local network (uncomment to enable)
#ETHERPAD_URL_BASE=http://etherpad.meet.jitsi:9001
# Set etherpad-lite public URL, including /p/ pad path fragment (uncomment to enable)
#ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
#
# Whiteboard integration
#
# Set the excalidraw-backend URL in the docker local network (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_URL_BASE=http://whiteboard.meet.jitsi
# Set the excalidraw-backend public URL (uncomment to enable)
#WHITEBOARD_COLLAB_SERVER_PUBLIC_URL=https://whiteboard.meet.my.domain
#
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account as a clear text
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
#JIGASI_SIP_SERVER=sip2sip.info
# SIP server port
#JIGASI_SIP_PORT=5060
# SIP server transport
#JIGASI_SIP_TRANSPORT=UDP
#
# Authentication configuration (see handbook for details)
#
# Enable authentication (will ask for login and password to join the meeting)
#ENABLE_AUTH=1
# Enable guest access (if authentication is enabled, this allows for users to be held in lobby until registered user lets them in)
#ENABLE_GUESTS=1
# Select authentication type: internal, jwt, ldap or matrix
#AUTH_TYPE=internal
# JWT authentication
#
# Application identifier
#JWT_APP_ID=my_jitsi_app_id
# Application secret known only to your token generator
#JWT_APP_SECRET=my_jitsi_app_secret
# (Optional) Set asap_accepted_issuers as a comma separated list
#JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client
# (Optional) Set asap_accepted_audiences as a comma separated list
#JWT_ACCEPTED_AUDIENCES=my_server1,my_server2
# LDAP authentication (for more information see the Cyrus SASL saslauthd.conf man page)
#
# LDAP url for connection
#LDAP_URL=ldaps://ldap.domain.com/
# LDAP base DN. Can be empty
#LDAP_BASE=DC=example,DC=domain,DC=com
# LDAP user DN. Do not specify this parameter for the anonymous bind
#LDAP_BINDDN=CN=binduser,OU=users,DC=example,DC=domain,DC=com
# LDAP user password. Do not specify this parameter for the anonymous bind
#LDAP_BINDPW=LdapUserPassw0rd
# LDAP filter. Tokens example:
# %1-9 - if the input key is user@mail.domain.com, then %1 is com, %2 is domain and %3 is mail
# %s - %s is replaced by the complete service string
# %r - %r is replaced by the complete realm string
#LDAP_FILTER=(sAMAccountName=%u)
# LDAP authentication method
#LDAP_AUTH_METHOD=bind
# LDAP version
#LDAP_VERSION=3
# LDAP TLS using
#LDAP_USE_TLS=1
# List of SSL/TLS ciphers to allow
#LDAP_TLS_CIPHERS=SECURE256:SECURE128:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
# Require and verify server certificate
#LDAP_TLS_CHECK_PEER=1
# Path to CA cert file. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Path to CA certs directory. Used when server certificate verify is enabled
#LDAP_TLS_CACERT_DIR=/etc/ssl/certs
# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
# LDAP_START_TLS=1
#
# Security
#
# Set these to strong passwords to avoid intruders from impersonating a service account
# The service(s) won't start unless these are specified
# Running ./gen-passwords.sh will update .env with strong passwords
# You may skip the Jigasi and Jibri passwords if you are not using those
# DO NOT reuse passwords
#
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=
# XMPP password for JVB client connections
JVB_AUTH_PASSWORD=
# XMPP password for Jigasi MUC client connections
JIGASI_XMPP_PASSWORD=
# XMPP password for Jigasi transcriber client connections
JIGASI_TRANSCRIBER_PASSWORD=
# XMPP recorder password for Jibri client connections
JIBRI_RECORDER_PASSWORD=
# XMPP password for Jibri client connections
JIBRI_XMPP_PASSWORD=
#
# Docker Compose options
#
# Container restart policy
#RESTART_POLICY=unless-stopped
# Jitsi image version (useful for local development)
#JITSI_IMAGE_VERSION=latest
mkdir -p ~/.jitsi-meet-cfg/{web,transcripts,prosody/config,prosody/prosody-plugins-custom,jicofo,jvb,jigasi,jibri}
mkdir "~/.jitsi-meet-cfg/$_"
compose
services:
# Frontend
web:
image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${HTTP_PORT}:80'
- '${HTTPS_PORT}:443'
volumes:
- ${CONFIG}/web:/config:Z
- ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
- ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
- ${CONFIG}/web/load-test:/usr/share/jitsi-meet/load-test:Z
labels:
service: "jitsi-web"
environment:
- AMPLITUDE_ID
- ANALYTICS_SCRIPT_URLS
- ANALYTICS_WHITELISTED_EVENTS
- AUDIO_QUALITY_OPUS_BITRATE
- AUTO_CAPTION_ON_RECORD
- BRANDING_DATA_URL
- BWE_ESTIMATOR_ENGINE
- BOSH_RELATIVE
- CHROME_EXTENSION_BANNER_JSON
- CODEC_ORDER_JVB
- CODEC_ORDER_JVB_MOBILE
- CODEC_ORDER_P2P
- CODEC_ORDER_P2P_MOBILE
- COLIBRI_WEBSOCKET_PORT
- COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME
- COLIBRI_WEBSOCKET_REGEX
- CONFCODE_URL
- CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN
- DEFAULT_LANGUAGE
- DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE
- DEPLOYMENTINFO_REGION
- DEPLOYMENTINFO_SHARD
- DESKTOP_SHARING_FRAMERATE_AUTO
- DESKTOP_SHARING_FRAMERATE_MIN
- DESKTOP_SHARING_FRAMERATE_MAX
- DIALIN_NUMBERS_URL
- DIALOUT_AUTH_URL
- DIALOUT_CODES_URL
- DISABLE_AUDIO_LEVELS
- DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP
- DISABLE_DEEP_LINKING
- DISABLE_GRANT_MODERATOR
- DISABLE_HTTPS
- DISABLE_KICKOUT
- DISABLE_LOCAL_RECORDING
- DISABLE_POLLS
- DISABLE_PRIVATE_CHAT
- DISABLE_PROFILE
- DISABLE_REACTIONS
- DISABLE_REMOTE_VIDEO_MENU
- DISABLE_START_FOR_ALL
- DROPBOX_APPKEY
- DROPBOX_REDIRECT_URI
- DYNAMIC_BRANDING_URL
- ENABLE_ADAPTIVE_MODE
- ENABLE_AUDIO_PROCESSING
- ENABLE_AUTOMATIC_GAIN_CONTROL
- ENABLE_AUTH
- ENABLE_AUTH_DOMAIN
- ENABLE_BREAKOUT_ROOMS
- ENABLE_CALENDAR
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX
- ENABLE_E2EPING
- ENABLE_FILE_RECORDING_SHARING
- ENABLE_GUESTS
- ENABLE_HSTS
- ENABLE_HTTP_REDIRECT
- ENABLE_IPV6
- ENABLE_LETSENCRYPT
- ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE
- ENABLE_P2P
- ENABLE_WELCOME_PAGE
- ENABLE_CLOSE_PAGE
- ENABLE_LIVESTREAMING
- ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK
- ENABLE_LIVESTREAMING_HELP_LINK
- ENABLE_LIVESTREAMING_TERMS_LINK
- ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING
- ENABLE_LOAD_TEST_CLIENT
- ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
- ENABLE_LOCAL_RECORDING_SELF_START
- ENABLE_RECORDING
- ENABLE_REMB
- ENABLE_REQUIRE_DISPLAY_NAME
- ENABLE_SERVICE_RECORDING
- ENABLE_SIMULCAST
- ENABLE_STATS_ID
- ENABLE_STEREO
- ENABLE_SUBDOMAINS
- ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC
- ENABLE_TRANSCRIPTIONS
- ENABLE_VLA
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE
- E2EPING_NUM_REQUESTS
- E2EPING_MAX_CONFERENCE_SIZE
- E2EPING_MAX_MESSAGE_PER_SECOND
- GOOGLE_ANALYTICS_ID
- GOOGLE_API_APP_CLIENT_ID
- HIDE_PREMEETING_BUTTONS
- HIDE_PREJOIN_DISPLAY_NAME
- HIDE_PREJOIN_EXTRA_BUTTONS
- INVITE_SERVICE_URL
- JVB_PREFER_SCTP
- LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL
- LETSENCRYPT_USE_STAGING
- LETSENCRYPT_ACME_SERVER
- MATOMO_ENDPOINT
- MATOMO_SITE_ID
- MICROSOFT_API_APP_CLIENT_ID
- NGINX_KEEPALIVE_TIMEOUT
- NGINX_RESOLVER
- NGINX_WORKER_PROCESSES
- NGINX_WORKER_CONNECTIONS
- PEOPLE_SEARCH_URL
- PREFERRED_LANGUAGE
- PUBLIC_URL
- P2P_PREFERRED_CODEC
- P2P_STUN_SERVERS
- RESOLUTION
- RESOLUTION_MIN
- RESOLUTION_WIDTH
- RESOLUTION_WIDTH_MIN
- START_AUDIO_MUTED
- START_AUDIO_ONLY
- START_SILENT
- START_WITH_AUDIO_MUTED
- START_VIDEO_MUTED
- START_WITH_VIDEO_MUTED
- TOKEN_AUTH_URL
- TOOLBAR_BUTTONS
- TRANSLATION_LANGUAGES
- TRANSLATION_LANGUAGES_HEAD
- TZ
- USE_APP_LANGUAGE
- VIDEOQUALITY_BITRATE_H264_LOW
- VIDEOQUALITY_BITRATE_H264_STANDARD
- VIDEOQUALITY_BITRATE_H264_HIGH
- VIDEOQUALITY_BITRATE_H264_FULL
- VIDEOQUALITY_BITRATE_H264_ULTRA
- VIDEOQUALITY_BITRATE_H264_SS_HIGH
- VIDEOQUALITY_BITRATE_VP8_LOW
- VIDEOQUALITY_BITRATE_VP8_STANDARD
- VIDEOQUALITY_BITRATE_VP8_HIGH
- VIDEOQUALITY_BITRATE_VP8_FULL
- VIDEOQUALITY_BITRATE_VP8_ULTRA
- VIDEOQUALITY_BITRATE_VP8_SS_HIGH
- VIDEOQUALITY_BITRATE_VP9_LOW
- VIDEOQUALITY_BITRATE_VP9_STANDARD
- VIDEOQUALITY_BITRATE_VP9_HIGH
- VIDEOQUALITY_BITRATE_VP9_FULL
- VIDEOQUALITY_BITRATE_VP9_ULTRA
- VIDEOQUALITY_BITRATE_VP9_SS_HIGH
- VIDEOQUALITY_BITRATE_AV1_LOW
- VIDEOQUALITY_BITRATE_AV1_STANDARD
- VIDEOQUALITY_BITRATE_AV1_HIGH
- VIDEOQUALITY_BITRATE_AV1_FULL
- VIDEOQUALITY_BITRATE_AV1_ULTRA
- VIDEOQUALITY_BITRATE_AV1_SS_HIGH
- VIDEOQUALITY_PREFERRED_CODEC
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE
- XMPP_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_HIDDEN_DOMAIN
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
- WHITEBOARD_COLLAB_SERVER_URL_BASE
networks:
meet.jitsi:
depends_on:
- jvb
# XMPP server
prosody:
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable}
restart: ${RESTART_POLICY:-unless-stopped}
expose:
- '${XMPP_PORT:-5222}'
- '${PROSODY_S2S_PORT:-5269}'
- '5347'
- '${PROSODY_HTTP_PORT:-5280}'
labels:
service: "jitsi-prosody"
volumes:
- ${CONFIG}/prosody/config:/config:Z
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- AUTH_TYPE
- DISABLE_POLLS
- ENABLE_AUTH
- ENABLE_AV_MODERATION
- ENABLE_BREAKOUT_ROOMS
- ENABLE_END_CONFERENCE
- ENABLE_GUESTS
- ENABLE_IPV6
- ENABLE_LOBBY
- ENABLE_RECORDING
- ENABLE_S2S
- ENABLE_TRANSCRIPTIONS
- ENABLE_VISITORS
- ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS
- GC_TYPE
- GC_INC_TH
- GC_INC_SPEED
- GC_INC_STEP_SIZE
- GC_GEN_MIN_TH
- GC_GEN_MAX_TH
- GLOBAL_CONFIG
- GLOBAL_MODULES
- JIBRI_RECORDER_USER
- JIBRI_RECORDER_PASSWORD
- JIBRI_SIP_BREWERY_MUC
- JIBRI_XMPP_USER
- JIBRI_XMPP_PASSWORD
- JICOFO_AUTH_PASSWORD
- JICOFO_COMPONENT_SECRET
- JIGASI_TRANSCRIBER_PASSWORD
- JIGASI_TRANSCRIBER_USER
- JIGASI_XMPP_USER
- JIGASI_XMPP_PASSWORD
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JWT_APP_ID
- JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_ENABLE_DOMAIN_VERIFICATION
- JWT_SIGN_TYPE
- JWT_TOKEN_AUTH_MODULE
- MATRIX_UVS_URL
- MATRIX_UVS_ISSUER
- MATRIX_UVS_AUTH_TOKEN
- MATRIX_UVS_SYNC_POWER_LEVELS
- MATRIX_LOBBY_BYPASS
- LOG_LEVEL
- LDAP_AUTH_METHOD
- LDAP_BASE
- LDAP_BINDDN
- LDAP_BINDPW
- LDAP_FILTER
- LDAP_VERSION
- LDAP_TLS_CIPHERS
- LDAP_TLS_CHECK_PEER
- LDAP_TLS_CACERT_FILE
- LDAP_TLS_CACERT_DIR
- LDAP_START_TLS
- LDAP_URL
- LDAP_USE_TLS
- MAX_PARTICIPANTS
- PROSODY_ADMINS
- PROSODY_AUTH_TYPE
- PROSODY_C2S_LIMIT
- PROSODY_C2S_REQUIRE_ENCRYPTION
- PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_DISABLE_C2S_LIMIT
- PROSODY_DISABLE_S2S_LIMIT
- PROSODY_ENABLE_FILTER_MESSAGES
- PROSODY_ENABLE_RATE_LIMITS
- PROSODY_ENABLE_RECORDING_METADATA
- PROSODY_ENABLE_STANZA_COUNTS
- PROSODY_ENABLE_S2S
- PROSODY_ENABLE_METRICS
- PROSODY_GUEST_AUTH_TYPE
- PROSODY_HTTP_PORT
- PROSODY_LOG_CONFIG
- PROSODY_METRICS_ALLOWED_CIDR
- PROSODY_MODE
- PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE
- PROSODY_S2S_LIMIT
- PROSODY_S2S_PORT
- PROSODY_TRUSTED_PROXIES
- PROSODY_VISITOR_INDEX
- PROSODY_VISITORS_MUC_PREFIX
- PROSODY_VISITORS_S2S_VHOSTS
- PUBLIC_URL
- STUN_HOST
- STUN_PORT
- TURN_CREDENTIALS
- TURN_USERNAME
- TURN_PASSWORD
- TURN_HOST
- TURNS_HOST
- TURN_PORT
- TURNS_PORT
- TURN_TRANSPORT
- TURN_TTL
- TZ
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_PORT
- XMPP_BREAKOUT_MUC_MODULES
- XMPP_CONFIGURATION
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_LOBBY_MUC_MODULES
- XMPP_MODULES
- XMPP_MUC_MODULES
- XMPP_MUC_CONFIGURATION
- XMPP_INTERNAL_MUC_MODULES
- XMPP_HIDDEN_DOMAIN
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- XMPP_SERVER_S2S_PORT
- XMPP_SPEAKERSTATS_MODULES
networks:
meet.jitsi:
aliases:
- ${XMPP_SERVER:-xmpp.meet.jitsi}
# Focus component
jicofo:
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888'
volumes:
- ${CONFIG}/jicofo:/config:Z
labels:
service: "jitsi-jicofo"
environment:
- AUTH_TYPE
- BRIDGE_AVG_PARTICIPANT_STRESS
- BRIDGE_STRESS_THRESHOLD
- ENABLE_AUTH
- ENABLE_AUTO_OWNER
- ENABLE_MODERATOR_CHECKS
- ENABLE_CODEC_VP8
- ENABLE_CODEC_VP9
- ENABLE_CODEC_AV1
- ENABLE_CODEC_H264
- ENABLE_CODEC_OPUS_RED
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- ENABLE_OCTO_SCTP
- ENABLE_RECORDING
- ENABLE_SCTP
- ENABLE_SHARED_DOCUMENT_RANDOM_NAME
- ENABLE_TRANSCRIPTIONS
- ENABLE_VISITORS
- ENABLE_AUTO_LOGIN
- JICOFO_AUTH_LIFETIME
- JICOFO_AUTH_PASSWORD
- JICOFO_AUTH_TYPE
- JICOFO_BRIDGE_REGION_GROUPS
- JICOFO_ENABLE_AUTH
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
- JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
- JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
- JICOFO_CONF_SOURCE_SIGNALING_DELAYS
- JICOFO_CONF_MAX_AUDIO_SENDERS
- JICOFO_CONF_MAX_VIDEO_SENDERS
- JICOFO_CONF_STRIP_SIMULCAST
- JICOFO_CONF_SSRC_REWRITING
- JICOFO_ENABLE_HEALTH_CHECKS
- JICOFO_ENABLE_ICE_FAILURE_DETECTION
- JICOFO_ENABLE_LOAD_REDISTRIBUTION
- JICOFO_ENABLE_REST
- JICOFO_HEALTH_CHECKS_USE_PRESENCE
- JICOFO_ICE_FAILURE_INTERVAL
- JICOFO_ICE_FAILURE_MIN_ENDPOINTS
- JICOFO_ICE_FAILURE_THRESHOLD
- JICOFO_MAX_MEMORY
- JICOFO_MULTI_STREAM_BACKWARD_COMPAT
- JICOFO_OCTO_REGION
- JICOFO_RESTART_REQUEST_MAX
- JICOFO_RESTART_REQUEST_INTERVAL
- JICOFO_TRUSTED_DOMAINS
- JIBRI_BREWERY_MUC
- JIBRI_REQUEST_RETRIES
- JIBRI_PENDING_TIMEOUT
- JIGASI_BREWERY_MUC
- JIGASI_SIP_URI
- JIGASI_TRUSTED_DOMAINS
- JVB_BREWERY_MUC
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY
- PROSODY_VISITORS_MUC_PREFIX
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- TZ
- VISITORS_MAX_PARTICIPANTS
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_AUTH_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_DOMAIN
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_HIDDEN_DOMAIN
- XMPP_SERVER
- XMPP_PORT
- XMPP_RECORDER_DOMAIN
- MAX_SSRCS_PER_USER
- MAX_SSRC_GROUPS_PER_USER
depends_on:
- prosody
networks:
meet.jitsi:
# Video bridge
jvb:
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable}
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
- '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
volumes:
- ${CONFIG}/jvb:/config:Z
labels:
service: "jitsi-jvb"
environment:
- AUTOSCALER_SIDECAR_KEY_FILE
- AUTOSCALER_SIDECAR_KEY_ID
- AUTOSCALER_SIDECAR_GROUP_NAME
- AUTOSCALER_SIDECAR_HOST_ID
- AUTOSCALER_SIDECAR_INSTANCE_ID
- AUTOSCALER_SIDECAR_PORT
- AUTOSCALER_SIDECAR_REGION
- AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
- AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
- DISABLE_AWS_HARVESTER
- DOCKER_HOST_ADDRESS
- ENABLE_COLIBRI_WEBSOCKET
- ENABLE_JVB_XMPP_SERVER
- ENABLE_OCTO
- ENABLE_SCTP
- JVB_ADVERTISE_IPS
- JVB_ADVERTISE_PRIVATE_CANDIDATES
- JVB_AUTH_USER
- JVB_AUTH_PASSWORD
- JVB_BREWERY_MUC
- JVB_CC_TRUST_BWE
- JVB_DISABLE_STUN
- JVB_DISABLE_XMPP
- JVB_INSTANCE_ID
- JVB_PORT
- JVB_MUC_NICKNAME
- JVB_STUN_SERVERS
- JVB_LOG_FILE
- JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_REQUIRE_VALID_ADDRESS
- JVB_USE_USRSCTP
- JVB_WS_DOMAIN
- JVB_WS_SERVER_ID
- JVB_WS_TLS
- JVB_XMPP_AUTH_DOMAIN
- JVB_XMPP_INTERNAL_MUC_DOMAIN
- JVB_XMPP_PORT
- JVB_XMPP_SERVER
- PUBLIC_URL
- SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT
- SENTRY_RELEASE
- COLIBRI_REST_ENABLED
- SHUTDOWN_REST_ENABLED
- TZ
- VIDEOBRIDGE_MAX_MEMORY
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER
- XMPP_PORT
depends_on:
- prosody
networks:
meet.jitsi:
# Custom network so all services can communicate using a FQDN
networks:
meet.jitsi:
nginx
compose
version: '3.8'
services:
nginx:
image: nginx:alpine
container_name: nginx
network_mode: host
volumes:
- ./nginx/conf:/etc/nginx/conf.d
- ./nginx/certs:/etc/nginx/certs
- /etc/letsencrypt:/etc/letsencrypt
restart: always
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 10s
timeout: 5s
retries: 3