Skip to content

Instantly share code, notes, and snippets.

@maxammann
Last active January 29, 2021 00:06
Show Gist options
  • Save maxammann/eb7726d2acbb197236f00c8b358e830c to your computer and use it in GitHub Desktop.
Save maxammann/eb7726d2acbb197236f00c8b358e830c to your computer and use it in GitHub Desktop.
README.md
DEBUG_MODE=false
JITSI_URL=<fill_me>
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
JITSI_PRIVATE_MODE=false
JITSI_ISS=
SECRET_JITSI_KEY=
ADMIN_API_TOKEN=<secret>
  1. Run yarn install in ./messages

  2. Run yarn run proto-all in ./messages

  3. Run yarn install in ./front

  4. Run ./front/templater.sh

  5. Run build-front.sh in ./front

  6. Copy ./front/dist to /var/www/html/play

  7. Adjust .env

  8. Run docker-compose -f docker-compose.prod.yaml up

  9. Configure and start nginx with docker-compose.prod.yaml

  10. Setup coturn

#!/bin/bash
DEBUG_MODE="false" \
JITSI_URL=<secret> \
JITSI_PRIVATE_MODE="false" \
API_URL=pusher.world.tuerantuer.org \
UPLOADER_URL=uploader.world.tuerantuer.org \
ADMIN_URL=world.tuerantuer.org \
TURN_SERVER="turn:coturn.world.tuerantuer.org:3478,turns:coturn.world.tuerantuer.org:3443" \
TURN_USER=workadventure \
TURN_PASSWORD=<secret> \
yarn build
version: "3"
services:
pusher:
image: thecodingmachine/nodejs:12
command: yarn run prod
environment:
DEBUG: "*"
STARTUP_COMMAND_1: yarn install
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
SECRET_KEY: <fill_me>
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
API_URL: back:50051
JITSI_URL: $JITSI_URL
JITSI_ISS: $JITSI_ISS
volumes:
- ./pusher:/usr/src/app
networks:
world:
ipv4_address: 10.1.0.20
back:
image: thecodingmachine/nodejs:12
command: yarn run prod
environment:
DEBUG: "*"
STARTUP_COMMAND_1: yarn install
SECRET_KEY: <fill_me>
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
ALLOW_ARTILLERY: "true"
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
JITSI_URL: $JITSI_URL
JITSI_ISS: $JITSI_ISS
volumes:
- ./back:/usr/src/app
networks:
world:
ipv4_address: 10.1.0.30
uploader:
image: thecodingmachine/nodejs:12
command: yarn prod
environment:
DEBUG: "*"
STARTUP_COMMAND_1: yarn install
volumes:
- ./uploader:/usr/src/app
networks:
world:
ipv4_address: 10.1.0.40
networks:
world:
driver: bridge
ipam:
driver: default
config:
- subnet: 10.1.0.0/24
server {
server_name world.tuerantuer.org;
root /var/www/html/default;
index index.html;
listen 443 ssl;
<fill_tls_config>
}
server {
server_name maps.world.tuerantuer.org;
root /var/www/html/maps;
index index.html;
listen 443 ssl;
<fill_tls_config>
}
server {
server_name play.world.tuerantuer.org;
root /var/www/html/play;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
listen 443 ssl;
<fill_tls_config>
}
server {
server_name api.world.tuerantuer.org;
location / {
proxy_set_header Host $http_host;
proxy_pass http://10.1.0.30:8080/;
}
listen 443 ssl;
<fill_tls_config>
}
server {
server_name pusher.world.tuerantuer.org;
location / {
proxy_set_header Host $http_host;
proxy_pass http://10.1.0.20:8080/;
}
listen 443 ssl;
}
server {
server_name uploader.world.tuerantuer.org;
location / {
proxy_set_header Host $http_host;
proxy_pass http://10.1.0.40:8080/;
}
listen 443 ssl;
}
server {
if ($host = world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name world.tuerantuer.org;
return 404;
}
server {
if ($host = play.world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name play.world.tuerantuer.org;
return 404;
}
server {
if ($host = api.world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name api.world.tuerantuer.org;
return 404;
}
server {
if ($host = pusher.world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name pusher.world.tuerantuer.org;
return 404;
}
server {
if ($host = uploader.world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name uploader.world.tuerantuer.org;
return 404;
}
server {
if ($host = maps.world.tuerantuer.org) {
return 301 https://$host$request_uri;
}
listen 80;
server_name maps.world.tuerantuer.org;
return 404;
}
listening-port=3478
tls-listening-port=3443
# Fingerprints in TURN messages are required for WebRTC
fingerprint
# The long-term credential mechanism is required for WebRTC
lt-cred-mech
user=workadventure:<secret>
realm=coturn.world.tuerantuer.org
# Configure TLS support.
# Adjust these paths to match the locations of your certificate files
cert=/etc/letsencrypt/live/world.tuerantuer.org/fullchain.pem
pkey=/etc/letsencrypt/live/world.tuerantuer.org/privkey.pem
# Limit the allowed ciphers to improve security
# Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
# Enable longer DH TLS key to improve security
dh2066
# All WebRTC-compatible web browsers support TLS 1.2 or later, so disable
# older protocols
no-tlsv1
no-tlsv1_1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment