Docker hub repository: edumeet/edumeet
This is "dockerized" version of the eduMEET. (Successor of multiparty meeting fork of mediasoup-demo)
It will setup a production eduMEET instance, and help you with setting up a development environment.
For further (more generic) information take a look at eduMEET repository
- Current stable eduMEET consists of these components:
- edumeet-client
- edumeet-room-server from edumeet-repo /server folder
- Next generation eduMEET:
| Specs | |
|---|---|
| CPU | typical modern CPU (8 cores) |
| RAM | 8 GB |
| HDD | 100GB |
| network | 1 network adapter (1Gb/s) |
| OS | Ubuntu / Debian |
| public IP address (without any NAT) | |
| domain name assigned (for certificates) |
Architecture
In edumeet-docker components are linked together via the edumeet-client docker image.
The edumeet-client docker image uses an nginx proxy to serve most of the other components.
By default it is using the built in docker networking hostnames to connect/link components.
Since some components need the hostname / domain name / IP to function it is included in every config and can be changed depending on the use case.
It also makes certificate renewal easy since on a single domain setup you only need to change the cert in the certs folder.
- "edumeet-management-client:emc"
- "keycloak:kc"
- "edumeet-room-server:io"
- "edumeet-management-server:mgmt"
- "pgadmin:pgadmin"
Edumeet media node currently uses a certificate indepndently and not through the proxy, in a more direct way because it needs host network see the bottom of the repository.
Installation ⬅
sudo apt install jq ackInstall docker V2
https://docs.docker.com/engine/install/debian/#install-using-the-repositoryOptional (add current user to docker group )
sudo groupadd docker
sudo usermod -aG docker $USERgit clone https://github.com/edumeet/edumeet-docker.git
cd edumeet-docker
git checkout <branch>- start
run-me-first.shscript. This script will download newest Dockerfile(s) and config.example.* files from the repository.
./run-me-first.sh
SET DOMAIN NAME (edumeet.example.com): yourdomain.com
The run-me-first.sh will scan for files with the default example domain/localhost occurances that shoud be changed:
configs/app/config.js:11: managementUrl: 'http://localhost:3030',
...
There are automated steps to change the configs:
Do you want to remove tls option from server/config.json (recommended)? [Y/n] y
done
Do you want to set host configuration to domain name from .env file and docker hostname to mgmt in server/config.json (recommended)? [Y/n] y
done
Do you want to set managementUrl to https://edumeet.sth.sze.hu/mgmt from .env file in app/config.js (recommended)? [Y/n] y
done
Do you want to replace edumeet.example.com domain in management-server config files to edumeet.sth.sze.hu in mgmt/default.json (recommended)?[Y/n] y
done
Do you want to update Keycloak dev realm to your domain : edumeet.sth.sze.hu from .env file in kc/dev.json (recommended)? [Y/n] y
done
Do you want to set up edumeet-management-client to https://edumeet.sth.sze.hu/cli from .env file in mgmt-client/config.js (recommended)? [Y/n] y
done
- Additional configuration documentation is located in edumeet-client and edumeet-room-server repositories.
Branch names (for example 4.0) should match for client and server side.
For example want to separe media node(s) to different servers, or remove the included pgadmin interface.
NOTE! Certficates are selfsigned, for a production service you need to set YOUR signed certificate in nginx and server configuration files:
Certificates are now generated with Let's Encrypt by default.
Default certficates are in for applications that are behind proxy but still require one to start:
in edumeet-docker/certs/
Default cert files: ( edumeet-demo-cert.pem and edumeet-demo-key.pem)
KC_HTTPS_CERTIFICATE_FILE, KC_HTTPS_CERTIFICATE_KEY_FILE
and
MN_EXTRA_PARAMS='--cert ./certs/edumeet-demo-cert.pem --key ./certs/edumeet-demo-key.pem'
For proxy certs can be changed in the nginx proxy file:
in configs/proxy/nginx.conf.template :
server_name edumeet.example.com;
ssl_certificate /etc/edumeet/edumeet-demo-cert.pem;
ssl_certificate_key /etc/edumeet/edumeet-demo-key.pem; Run with docker compose
$ sudo docker compose up --detach*without the detach option you will see the logs
To build:
- Change TAG in .env file to your desired name.
- In .env file set to your desired BRANCH.
- Build and run:
$ sudo docker compose build
$ sudo docker compose up -dAuthentication (optional)
Supported types: OIDC, SAML, Local DB (KeyCloak)
- Authentication is optional but if you want to enable it, you should remove defualtroom paremeters from the config.json at configs/server/ and follow these steps:
- visit yourdomain/kc/ and set up your keycloak instance By default there is a dev configuration according to https://github.com/edumeet/edumeet-management-server/wiki/Keycloak-setup-(OAuth-openid-connect)
By default there is one test user in dev realm :
- Username: edumeet
- Password: edumeet
- visit yourdomain/cli/ and set up your management server config
- add a tenant
- add a tenant fqdn / domain
- add authetntication
- Credential is located in keycloak admin console/ / clients / / credentials
- Credential is not generated for default dev.json, change it in KeyCloak
- Logout
- Visit your domain (Login)
- Visit yourdomain/cli/ and as the logged in user create a room ( You will be assigned as a room owner and gain all permissions after login, but you can also set permissions for other users too. )
- Join the room
Firewall ports and recommendations
| Port | protocol | description | network | path | firewall advice |
|---|---|---|---|---|---|
| 80 | tcp | edumeet-client webserver (redirect to 443) | host network | / | |
| 443 | tcp | edumeet-client https webserver and signaling proxy | host network | / | |
| 3000 | edumeet-media-node port | host network | - | should be limited so only the room-server can access it | |
| 3479 | coturn port | host network | - | ||
| 40000-49999 | tcp/udp | edumeet-media-node ports | host network | - |
Architecture (scaling tips)
Media nodes can be selected with GeoIP.
Edumeet-client frontends can run on many different servers.
Management server can host many tenants/domains. The management server database can be clustered.
Keycloak can support a number of Realms.
edumeet-media-node container works in "host" network mode, because bridge mode has the following issue: "Docker hangs when attempting to bind a large number of ports"
Q: I get "Cannot find module erros" regarding config files
A: You are probably having a relative path issue with docker check if you are in the correct directory. (edumeet-docker folder)
Q: Docker-compose started, but some components are restarting.
A: You are probably having a config or permission problem. Try starting with "docker compose" without the detach parameter to see logs.
Or alternatively with:
docker logs -f <edumeet_container_name>
In the .env file there are a few log variables:
SERVER_DEBUG=
MGMT_DEBUG=
MGMT_CLIENT_DEBUG=
MN_DEBUG=
Changing them to * will provide extended logs that can help debugging problems.
Q: KeyCloak won't start
A: KeyCloak is sensitive to permission settings on cert files. Please check
Q: I get network conflicts with docker
A: You will most likely running an old version of docker, that doesn't handle links between containers
Q: I get network problems with room-server and media node within docker when using ufw
A: ufw by default blocks incoming traffic, and thinks that media control port is accessed outside of the network. Firewall can also cause issues with component internal communication.