服务配置修改

docker/jitsi/.env.example

@@ -0,0 +1,62 @@
+# ================================================
+# Jitsi Meet - 环境变量配置
+# 复制此文件为 .env 并修改配置
+# ================================================
+
+# 时区
+TZ=Asia/Shanghai
+
+# 数据目录
+DATA_ROOT=../volumes
+
+# ==================== 镜像版本 ====================
+JITSI_IMAGE_TAG=stable-9584
+
+# ==================== 公网访问 ====================
+# Jitsi 公网访问地址 (必须配置)
+JITSI_PUBLIC_URL=https://meet.example.com
+
+# JVB 公网 IP (必须配置，用于 WebRTC 媒体流)
+JVB_HOST_ADDRESS=192.168.0.253
+
+# ==================== 端口配置 ====================
+# Web 端口
+JITSI_WEB_HTTP_PORT=8280
+JITSI_WEB_HTTPS_PORT=8443
+
+# JVB 端口 (UDP 用于媒体流，TCP 用于备用)
+JVB_PORT=10000
+JVB_TCP_PORT=4443
+
+# ==================== JWT 认证 ====================
+# JWT App ID (与后端服务保持一致)
+JWT_APP_ID=urbanLifeline
+
+# JWT 密钥 (生产环境必须修改!)
+JWT_APP_SECRET=your-jwt-secret-key-change-in-production
+
+# ==================== 功能开关 ====================
+# 是否启用认证 (1=启用, 0=禁用)
+JITSI_ENABLE_AUTH=1
+
+# 是否允许访客 (1=允许, 0=禁止)
+JITSI_ENABLE_GUESTS=0
+
+# 是否启用 HTTPS (容器内)
+JITSI_ENABLE_HTTPS=0
+JITSI_DISABLE_HTTPS=1
+
+# 是否启用录制
+JITSI_ENABLE_RECORDING=0
+
+# 日志级别
+JITSI_LOG_LEVEL=info
+
+# ==================== 组件密码 ====================
+# 内部组件认证密码 (生产环境建议修改)
+JICOFO_COMPONENT_SECRET=jicofo-secret
+JICOFO_AUTH_PASSWORD=focus-password
+JVB_AUTH_PASSWORD=jvb-password
+
+# ==================== STUN 服务器 ====================
+JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302

docker/jitsi/docker-compose.yml

@@ -0,0 +1,198 @@
+# ================================================
+# Jitsi Meet 视频会议服务
+# 
+# 使用方式:
+#   docker compose up -d
+#
+# 环境变量配置:
+#   复制 .env.example 为 .env 并修改
+# ================================================
+
+services:
+  # ====================== Jitsi Web ======================
+  jitsi-web:
+    image: jitsi/web:${JITSI_IMAGE_TAG:-stable-9584}
+    container_name: urban-lifeline-jitsi-web
+    restart: unless-stopped
+    networks:
+      - urban-lifeline
+    ports:
+      - "${JITSI_WEB_HTTP_PORT:-8280}:80"
+      - "${JITSI_WEB_HTTPS_PORT:-8443}:443"
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com}
+      ENABLE_HTTPS: ${JITSI_ENABLE_HTTPS:-0}
+      ENABLE_HTTP_REDIRECT: 0
+      DISABLE_HTTPS: ${JITSI_DISABLE_HTTPS:-1}
+      # XMPP 配置
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_GUEST_DOMAIN: guest.meet.jitsi
+      # 组件认证
+      JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
+      JICOFO_AUTH_USER: focus
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
+      # JWT 认证
+      ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1}
+      ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0}
+      AUTH_TYPE: jwt
+      JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
+      JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production}
+      JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
+      JWT_ACCEPTED_AUDIENCES: jitsi
+      JWT_ALLOW_EMPTY: 0
+      JWT_AUTH_TYPE: token
+      JWT_TOKEN_AUTH_MODULE: token_verification
+      # 功能开关
+      ENABLE_RECORDING: ${JITSI_ENABLE_RECORDING:-0}
+      ENABLE_TRANSCRIPTIONS: 0
+      ENABLE_SUBDOMAINS: 0
+      ENABLE_XMPP_WEBSOCKET: 1
+      ENABLE_SCTP: 1
+    volumes:
+      - ${DATA_ROOT:-../volumes}/jitsi/web:/config
+      - ${DATA_ROOT:-../volumes}/jitsi/transcripts:/usr/share/jitsi-meet/transcripts
+    depends_on:
+      - jitsi-prosody
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+  # ====================== Jitsi Prosody (XMPP) ======================
+  jitsi-prosody:
+    image: jitsi/prosody:${JITSI_IMAGE_TAG:-stable-9584}
+    container_name: urban-lifeline-jitsi-prosody
+    restart: unless-stopped
+    networks:
+      - urban-lifeline
+    expose:
+      - "5222"
+      - "5347"
+      - "5280"
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      PUBLIC_URL: ${JITSI_PUBLIC_URL:-https://meet.example.com}
+      # XMPP 配置
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_GUEST_DOMAIN: guest.meet.jitsi
+      # 组件认证
+      JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password}
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
+      # JWT 认证
+      ENABLE_AUTH: ${JITSI_ENABLE_AUTH:-1}
+      ENABLE_GUESTS: ${JITSI_ENABLE_GUESTS:-0}
+      AUTH_TYPE: jwt
+      JWT_APP_ID: ${JWT_APP_ID:-urbanLifeline}
+      JWT_APP_SECRET: ${JWT_APP_SECRET:-your-jwt-secret-key-change-in-production}
+      JWT_ACCEPTED_ISSUERS: ${JWT_APP_ID:-urbanLifeline}
+      JWT_ACCEPTED_AUDIENCES: jitsi
+      JWT_ALLOW_EMPTY: 0
+      JWT_AUTH_TYPE: token
+      JWT_TOKEN_AUTH_MODULE: token_verification
+      JWT_DISABLE_AUTO_MODERATOR: true
+      LOG_LEVEL: ${JITSI_LOG_LEVEL:-info}
+    volumes:
+      - ${DATA_ROOT:-../volumes}/jitsi/prosody/config:/config
+      - ${DATA_ROOT:-../volumes}/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
+    healthcheck:
+      test: ["CMD", "prosodyctl", "status"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 90s
+
+  # ====================== Jitsi Jicofo (会议焦点) ======================
+  jitsi-jicofo:
+    image: jitsi/jicofo:${JITSI_IMAGE_TAG:-stable-9584}
+    container_name: urban-lifeline-jitsi-jicofo
+    restart: unless-stopped
+    networks:
+      - urban-lifeline
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      # XMPP 配置
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_SERVER: jitsi-prosody
+      # 组件认证
+      JICOFO_COMPONENT_SECRET: ${JICOFO_COMPONENT_SECRET:-jicofo-secret}
+      JICOFO_AUTH_USER: focus
+      JICOFO_AUTH_PASSWORD: ${JICOFO_AUTH_PASSWORD:-focus-password}
+      AUTH_TYPE: jwt
+      JVB_BREWERY_MUC: jvbbrewery
+      # 功能配置
+      JICOFO_ENABLE_HEALTH_CHECKS: true
+      JICOFO_ENABLE_AUTO_OWNER: false
+      JICOFO_ENABLE_AUTO_LOGIN: false
+      JICOFO_CONFERENCE_INITIAL_OWNER: ""
+    volumes:
+      - ${DATA_ROOT:-../volumes}/jitsi/jicofo:/config
+    depends_on:
+      - jitsi-prosody
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 90s
+
+  # ====================== Jitsi JVB (视频桥接) ======================
+  jitsi-jvb:
+    image: jitsi/jvb:${JITSI_IMAGE_TAG:-stable-9584}
+    container_name: urban-lifeline-jitsi-jvb
+    restart: unless-stopped
+    networks:
+      - urban-lifeline
+    ports:
+      - "${JVB_PORT:-10000}:10000/udp"
+      - "${JVB_TCP_PORT:-4443}:4443/tcp"
+    environment:
+      TZ: ${TZ:-Asia/Shanghai}
+      # XMPP 配置
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      XMPP_SERVER: jitsi-prosody
+      # 组件认证
+      JVB_AUTH_USER: jvb
+      JVB_AUTH_PASSWORD: ${JVB_AUTH_PASSWORD:-jvb-password}
+      JVB_BREWERY_MUC: jvbbrewery
+      # 网络配置
+      JVB_PORT: ${JVB_PORT:-10000}
+      JVB_STUN_SERVERS: ${JVB_STUN_SERVERS:-stun.l.google.com:19302,stun1.l.google.com:19302}
+      DOCKER_HOST_ADDRESS: ${JVB_HOST_ADDRESS}
+      JVB_ADVERTISE_IPS: ${JVB_HOST_ADDRESS}
+      JVB_ENABLE_APIS: rest,colibri
+      JVB_TCP_HARVESTER_DISABLED: "false"
+      JVB_TCP_PORT: ${JVB_TCP_PORT:-4443}
+      JVB_TCP_MAPPED_PORT: ${JVB_TCP_PORT:-4443}
+    volumes:
+      - ${DATA_ROOT:-../volumes}/jitsi/jvb:/config
+    depends_on:
+      - jitsi-prosody
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 90s
+
+networks:
+  urban-lifeline:
+    name: urban-lifeline