Skip to content

Latest commit

 

History

History
261 lines (212 loc) · 16.7 KB

README.md

File metadata and controls

261 lines (212 loc) · 16.7 KB
Raw

Using Docker to run Tinode

All images are available at https://hub.docker.com/r/tinode/

  1. Install Docker 1.8 or above. The provided dockerfiles are dependent on Docker networking which may not work with the older Docker.

  2. Create a bridge network. It's used to connect Tinode container with the database container.

    $ docker network create tinode-net

  3. Decide which database backend you want to use: MySQL, PostgreSQL, MongoDB or RethinkDB. Run the selected database container, attaching it to tinode-net network:

    1. MySQL: If you've decided to use MySQL backend, run the official MySQL Docker container:
    $ docker run --name mysql --network tinode-net --restart always --env MYSQL_ALLOW_EMPTY_PASSWORD=yes -d mysql:5.7

    See instructions for more options. MySQL 5.7 or above is required.

    1. PostgreSQL: If you've decided to use PostgreSQL backend, run the official PostgreSQL Docker container:
    $ docker run --name postgres --network tinode-net --restart always --env POSTGRES_PASSWORD=postgres -d postgres:13

    See instructions for more options. PostgresSQL 13 or above is required.

    The name rethinkdb, mysql, mongodb or postgres in the --name assignment is important. It's used by other containers as a database's host name.

    1. MongoDB: If you've decided to use MongoDB backend, run the official MongoDB Docker container and initialise it as single node replica set (you can change "rs0" if you wish):
    $ docker run --name mongodb --network tinode-net --restart always -d mongo:latest --replSet "rs0"
$ docker exec -it mongodb mongosh

# And inside mongo shell:
> rs.initiate( {"_id": "rs0", "members": [ {"_id": 0, "host": "mongodb:27017"} ]} )
> quit()

    See instructions for more options. MongoDB 4.2 or above is required.

    1. RethinkDB: If you've decided to use RethinkDB backend, run the official RethinkDB Docker container:
    $ docker run --name rethinkdb --network tinode-net --restart always -d rethinkdb:2.3

    See instructions for more options.

  4. Run the Tinode container for the appropriate database:

    1. MySQL:
    $ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net tinode/tinode-mysql:latest
    1. PostgreSQL:
    $ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net tinode/tinode-postgres:latest
    1. MongoDB:
    $ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net tinode/tinode-mongodb:latest
    1. RethinkDB:
    $ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net tinode/tinode-rethinkdb:latest

    You can also run Tinode with the tinode/tinode image (which has all of the above DB adapters compiled in). You will need to specify the database adapter via STORE_USE_ADAPTER environment variable. E.g. for mysql, the command line will look like

    $ docker run -p 6060:6060 -d -e STORE_USE_ADAPTER mysql --name tinode-srv --network tinode-net tinode/tinode:latest

    See below for more options.

    The port mapping -p 5678:1234 tells Docker to map container's port 1234 to host's port 5678 making server accessible at http://localhost:5678/. The container will initialize the database with test data on the first run.

    You may replace :latest with a different tag. See all all available tags here:

  5. Test the installation by pointing your browser to http://localhost:6060/.

Optional

External config file

The container comes with a built-in config file which can be customized with values from the environment variables (see Supported environment variables below). If changes are extensive it may be more convenient to replace the built-in config file with a custom one. In that case map the config file located on your host (e.g. /users/jdoe/new_tinode.conf) to container (e.g. /tinode.conf) using Docker volumes --volume /users/jdoe/new_tinode.conf:/tinode.conf then instruct the container to use the new config --env EXT_CONFIG=/tinode.conf:

$ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net \
		--volume /users/jdoe/new_tinode.conf:/tinode.conf \
		--env EXT_CONFIG=/tinode.conf \
		tinode/tinode-mysql:latest

If you set EXT_CONFIG all other environment variables except RESET_DB, FCM_SENDER_ID, FCM_VAPID_KEY are ignored.

Resetting or upgrading the database

The database schema may change from time to time. An error Invalid database version 101. Expected 103 means the schema has changed and needs to be updated, in this case from version 101 to version 103. You need to either reset or upgrade the database to continue:

Shut down the Tinode container and remove it:

$ docker stop tinode-srv && docker rm tinode-srv

then repeat step 4 adding --env RESET_DB=true to reset or --env UPGRADE_DB=true to upgrade.

Also, the database is automatically created if missing.

Enable push notifications

Tinode uses Google Firebase Cloud Messaging (FCM) to send pushes. Follow instructions for obtaining the required FCM credentials.

  • Download and save the FCM service account credentials file.
  • Obtain values for apiKey, messagingSenderId, projectId, appId, messagingVapidKey. Assuming your Firebase credentials file is named myproject-1234-firebase-adminsdk-abc12-abcdef012345.json and it's saved at /Users/jdoe/, web API key is AIRaNdOmX4ULR-X6ranDomzZ2bHdRanDomq2tbQ, Sender ID 141421356237, Project ID myproject-1234, App ID 1:141421356237:web:abc7de1234fab56cd78abc, VAPID key (a.k.a. "Web Push certificates") is 83_Or_So_Random_Looking_Characters, start the container with the following parameters (using MySQL container as an example):
$ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net \
		-v /Users/jdoe:/config \
		--env FCM_CRED_FILE=/config/myproject-1234-firebase-adminsdk-abc12-abcdef012345.json \
		--env FCM_API_KEY=AIRaNdOmX4ULR-X6ranDomzZ2bHdRanDomq2tbQ \
		--env FCM_APP_ID=1:141421356237:web:abc7de1234fab56cd78abc \
		--env FCM_PROJECT_ID=myproject-1234 \
		--env FCM_SENDER_ID=141421356237 \
		--env FCM_VAPID_KEY=83_Or_So_Random_Looking_Characters \
		tinode/tinode-mysql:latest

Configure video calling

Tinode uses WebRTC for video and audio calls. WebRTC needs Interactive Communication Establishment (ICE) TURN(S) and/or STUN servers to traverse NAT, otherwise calls may not work. Tinode does not include TURN(S) or STUN out of the box. You need to obtain and configure your own service. Once you setup your TURN(S) and/or STUN service, save its configuration to a file, for example /Users/jdoe/turn-config.json and provide path to this file when starting the container:

$ docker run -p 6060:6060 -d --name tinode-srv --network tinode-net \
		-v /Users/jdoe:/config \
		--env ICE_SERVERS_FILE=/config/turn-config.json \
		< ... other config parameters ... >
		tinode/tinode-mysql:latest

The config file uses the following format:

[
  {
    "urls": [
      "stun:stun.example.com"
    ]
  },
  {
    "username": "user-name-to-use-for-authentication-with-the-server",
    "credential": "your-password",
    "urls": [
      "turn:turn.example.com:80?transport=udp",
      "turn:turn.example.com:3478?transport=tcp",
      "turns:turn.example.com:443?transport=tcp",
    ]
  }
]

XIRSYS offers a free tier for developers. We are in no way affiliated with XIRSYS. We do not endorse or otherwise take any responsibility for your use of their services.

Run the chatbot

See instructions.

The chatbot password is generated only when the database is initialized or reset. It's saved to /botdata directory in the container. If you want to keep the data available between container changes, such as image upgrades, make sure the /botdata is a mounted volume (i.e. you always launch the container with --volume botdata:/botdata option).

Supported environment variables

You can specify the following environment variables when issuing docker run command:

Variable Type Default Function
ACC_GC_ENABLED bool false Enable/diable automatic deletion of unfinished account registrations.
AUTH_TOKEN_KEY string wfaY2RgF2S1OQI/ZlK+LS​rp1KB2jwAdGAIHQ7JZn+Kc= base64-encoded 32 random bytes used as salt for authentication tokens.
AWS_ACCESS_KEY_ID string AWS Access Key ID when using s3 media handler.
AWS_CORS_ORIGINS string ["*"] Allowed origins (CORS) URL for downloads. Generally use your server URL and its aliases.
AWS_REGION string AWS Region when using s3 media handler
AWS_S3_BUCKET string Name of the AWS S3 bucket when using s3 media handler.
AWS_S3_ENDPOINT string An endpoint URL (hostname only or fully qualified URI) to override the default endpoint; can be of any S3-compatible service, such as minio-api.x.io
AWS_SECRET_ACCESS_KEY string AWS Secret Access Key when using s3 media handler.
CLUSTER_SELF string Node name if the server is running in a Tinode cluster.
DEBUG_EMAIL_VERIFICATION_CODE string Enable dummy email verification code, e.g. 123456. Disabled by default (empty string).
DEFAULT_COUNTRY_CODE string US 2-letter country code to assign to sessions by default when the country isn't specified by the client explicitly and it's impossible to infer it.
EXT_CONFIG string Path to external config file to use instead of the built-in one. If this parameter is used all other variables except RESET_DB, FCM_SENDER_ID, FCM_VAPID_KEY are ignored.
EXT_STATIC_DIR string Path to external directory containing static data (e.g. Tinode Webapp files).
FCM_CRED_FILE string Path to JSON file with FCM server-side service account credentials which will be used to send push notifications.
FCM_API_KEY string Firebase API key; required for receiving push notifications in the web client.
FCM_APP_ID string Firebase web app ID; required for receiving push notifications in the web client.
FCM_PROJECT_ID string Firebase project ID; required for receiving push notifications in the web client.
FCM_SENDER_ID string Firebase FCM sender ID; required for receiving push notifications in the web client.
FCM_VAPID_KEY string Also called 'Web Client certificate' in the FCM console; required by the web client to receive push notifications.
FCM_INCLUDE_ANDROID_NOTIFICATION boolean true If true, pushes a data + notification message, otherwise a data-only message. More info.
FCM_MEASUREMENT_ID string Google Analytics ID of the form G-123ABCD789.
FS_CORS_ORIGINS string ["*"] Cors origins when media is served from the file system. See AWS_CORS_ORIGINS for details.
ICE_SERVERS_FILE string Path to JSON file with configuration of ICE servers to be used for video calls.
MEDIA_HANDLER string fs Handler of large files, either fs or s3.
MYSQL_DSN string 'root@tcp(mysql)/tinode' MySQL DSN.
PLUGIN_PYTHON_CHAT_BOT_ENABLED bool false Enable calling into the plugin provided by Python chatbot.
POSTGRES_DSN string 'postgresql://postgres:postgres@localhost:5432/tinode' PostgreSQL DSN.
RESET_DB bool false Drop and recreate the database.
SAMPLE_DATA string see comment → File with sample data to load. Default data.json when resetting or generating new DB, none when upgrading. Use `` (empty string) to disable.
SMTP_AUTH_MECHANISM string "plain" SMTP authentication mechanism to use; one of "login", "cram-md5", "plain".
SMTP_DOMAINS string White list of email domains; when non-empty, accept registrations with emails from these domains only (email verification).
SMTP_HELO_HOST string see comment → FQDN to use in SMTP HELO/EHLO command; if missing, the hostname from SMTP_HOST_URL is used.
SMTP_HOST_URL string 'http://localhost:6060/' URL of the host where the webapp is running (email verification).
SMTP_LOGIN string Optional login to use for authentication with the SMTP server (email verification).
SMTP_PASSWORD string Optional password to use for authentication with the SMTP server (email verification).
SMTP_PORT number Port number of the SMTP server to use for sending verification emails, e.g. 25 or 587.
SMTP_SENDER string RFC 5322 email address to use in the FROM field of verification emails, e.g. '"John Doe" <jdoe@example.com>'.
SMTP_SERVER string Name of the SMTP server to use for sending verification emails, e.g. smtp.gmail.com. If SMTP_SERVER is not defined, email verification will be disabled.
STORE_USE_ADAPTER string DB adapter name (specify with tinode/tinode container only).
TEL_HOST_URL string 'http://localhost:6060/' URL of the host where the webapp is running for phone verification.
TEL_SENDER string Sender name to pass to SMS sending service.
TLS_CONTACT_ADDRESS string Optional email to use as contact for LetsEncrypt certificates, e.g. jdoe@example.com.
TLS_DOMAIN_NAME string If non-empty, enables TLS (https) and configures domain name of your container, e.g. www.example.com. In order for TLS to work you have to expose your HTTPS port to the Internet and correctly configure DNS. It WILL FAIL with localhost or unroutable IPs.
TNPG_AUTH_TOKEN string Tinode Push Gateway authentication token.
TNPG_ORG string Tinode Push Gateway organization name as registered at https://console.tinode.co
UID_ENCRYPTION_KEY string la6YsO+bNX/+XIkOqc5Svw== base64-encoded 16 random bytes used as an encryption key for user IDs.
UPGRADE_DB bool false Upgrade database schema, if necessary.
WAIT_FOR string If non-empty, waits for the specified database host:port to be available before starting the server.

A convenient way to generate a desired number of random bytes and base64-encode them on Linux and Mac:

$ openssl rand -base64 <desired length>

Metrics Exporter

See monitoring/exporter/README for information on the Exporter. Container is also available as a part of the Tinode docker distribution: tinode/exporter. Run it with

$ docker run -p 6222:6222 -d --name tinode-exporter --network tinode-net \
		--env SERVE_FOR=<prometheus|influxdb> \
		--env TINODE_ADDR=<tinode metrics endpoint> \
		... <monitoring service specific vars> \
		tinode/exporter:latest

Available variables:

Variable Type Default Function
SERVE_FOR string `` Monitoring service: prometheus or influxdb
TINODE_ADDR string http://localhost/stats/expvar/ Tinode metrics path
INFLUXDB_VERSION string 1.7 InfluxDB version (1.7 or 2.0)
INFLUXDB_ORGANIZATION string org InfluxDB organization
INFLUXDB_PUSH_INTERVAL int 60 Exporter metrics push interval in seconds
INFLUXDB_PUSH_ADDRESS string https://mon.tinode.co/intake InfluxDB backend url
INFLUXDB_AUTH_TOKEN string `` InfluxDB auth token
PROM_NAMESPACE string tinode Prometheus namespace
PROM_METRICS_PATH string /metrics Exporter webserver path that Prometheus server scrapes