251 lines
7.7 KiB
YAML
251 lines
7.7 KiB
YAML
version: '3.8'
|
||
|
||
networks:
|
||
urban-lifeline:
|
||
driver: bridge
|
||
name: urban-lifeline
|
||
|
||
services:
|
||
nacos:
|
||
# 保持原有配置不变
|
||
image: nacos/nacos-server:v3.1.0
|
||
container_name: urban-lifeline-nacos
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
ports:
|
||
- "8081:8080"
|
||
- "8848:8848"
|
||
- "9848:9848"
|
||
- "9849:9849"
|
||
environment:
|
||
MODE: standalone
|
||
SPRING_DATASOURCE_PLATFORM: mysql
|
||
MYSQL_SERVICE_HOST: host.docker.internal
|
||
MYSQL_SERVICE_PORT: 3306
|
||
MYSQL_SERVICE_DB_NAME: nacos_config
|
||
MYSQL_SERVICE_USER: root
|
||
MYSQL_SERVICE_PASSWORD: "123456"
|
||
MYSQL_SERVICE_DB_PARAM: allowPublicKeyRetrieval=true&useSSL=false
|
||
JVM_XMS: 512m
|
||
JVM_XMX: 512m
|
||
JVM_XMN: 256m
|
||
NACOS_AUTH_ENABLE: "false"
|
||
NACOS_AUTH_TOKEN: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
|
||
NACOS_AUTH_IDENTITY_KEY: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
|
||
NACOS_AUTH_IDENTITY_VALUE: ZlRkR2ZxR3BvZ1F0a3JxY2V6RUx2cUh1Rkx6V1ZQbE9kUVd1R1VOcWFFS2t3dG5hS0E9PQ==
|
||
volumes:
|
||
- ../../../.data/docker/nacos/data:/home/nacos/data
|
||
- ../../../.data/docker/nacos/logs:/home/nacos/logs
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:8848/nacos/"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 5
|
||
start_period: 60s
|
||
extra_hosts:
|
||
- "host.docker.internal:host-gateway"
|
||
|
||
minio:
|
||
# 保持原有配置不变
|
||
image: minio/minio:latest
|
||
container_name: urban-lifeline-minio
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
ports:
|
||
- "9000:9000"
|
||
- "9001:9001"
|
||
environment:
|
||
MINIO_ROOT_USER: minioadmin
|
||
MINIO_ROOT_PASSWORD: minioadmin123
|
||
MINIO_CONSOLE_ADDRESS: ":9001"
|
||
MINIO_ADDRESS: ":9000"
|
||
TZ: Asia/Shanghai
|
||
volumes:
|
||
- ../../../.data/docker/minio/data:/data
|
||
- ../../../.data/docker/minio/config:/root/.minio
|
||
command: server /data --console-address ":9001"
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
||
interval: 30s
|
||
timeout: 20s
|
||
retries: 3
|
||
start_period: 30s
|
||
|
||
# ====================== Jitsi 核心修改开始 ======================
|
||
jitsi-web:
|
||
# ✅ 保持原有配置不变,无需修改
|
||
image: jitsi/web:stable-9584
|
||
container_name: urban-lifeline-jitsi-web
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
ports:
|
||
- "8280:80"
|
||
- "8443:443"
|
||
environment:
|
||
TZ: Asia/Shanghai
|
||
PUBLIC_URL: https://org.xyzh.yslg.jitsi
|
||
ENABLE_HTTPS: 0
|
||
ENABLE_HTTP_REDIRECT: 0
|
||
DISABLE_HTTPS: 1
|
||
XMPP_DOMAIN: meet.jitsi
|
||
XMPP_AUTH_DOMAIN: auth.meet.jitsi
|
||
XMPP_BOSH_URL_BASE: http://jitsi-prosody:5280
|
||
XMPP_MUC_DOMAIN: muc.meet.jitsi
|
||
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
|
||
XMPP_GUEST_DOMAIN: guest.meet.jitsi
|
||
JICOFO_COMPONENT_SECRET: jicofo-secret
|
||
JICOFO_AUTH_USER: focus
|
||
JVB_AUTH_USER: jvb
|
||
JVB_AUTH_PASSWORD: jvb-password
|
||
ENABLE_AUTH: 1
|
||
ENABLE_GUESTS: 0
|
||
AUTH_TYPE: jwt
|
||
JWT_APP_ID: urbanLifeline
|
||
JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256
|
||
JWT_ACCEPTED_ISSUERS: urbanLifeline
|
||
JWT_ACCEPTED_AUDIENCES: jitsi
|
||
JWT_ASAP_KEYSERVER: https://org.xyzh.yslg.jitsi/
|
||
JWT_ALLOW_EMPTY: 0
|
||
JWT_AUTH_TYPE: token
|
||
JWT_TOKEN_AUTH_MODULE: token_verification
|
||
ENABLE_RECORDING: 0
|
||
ENABLE_TRANSCRIPTIONS: 0
|
||
ENABLE_SUBDOMAINS: 0
|
||
ENABLE_XMPP_WEBSOCKET: 1
|
||
ENABLE_SCTP: 1
|
||
ENABLE_LETSENCRYPT: 0
|
||
LETSENCRYPT_DOMAIN: org.xyzh.yslg.jitsi
|
||
volumes:
|
||
- ../../../.data/docker/jitsi/web:/config
|
||
- ../../../.data/docker/jitsi/web/crontabs:/var/spool/cron/crontabs
|
||
- ../../../.data/docker/jitsi/transcripts:/usr/share/jitsi-meet/transcripts
|
||
depends_on:
|
||
- jitsi-prosody
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:80/"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 60s
|
||
|
||
jitsi-prosody:
|
||
image: jitsi/prosody:stable-9584
|
||
container_name: urban-lifeline-jitsi-prosody
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
expose:
|
||
- "5222"
|
||
- "5347"
|
||
- "5280"
|
||
environment:
|
||
TZ: Asia/Shanghai
|
||
XMPP_DOMAIN: meet.jitsi
|
||
XMPP_AUTH_DOMAIN: auth.meet.jitsi
|
||
XMPP_MUC_DOMAIN: muc.meet.jitsi
|
||
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
|
||
XMPP_GUEST_DOMAIN: guest.meet.jitsi
|
||
JICOFO_COMPONENT_SECRET: jicofo-secret
|
||
JICOFO_AUTH_USER: focus
|
||
JICOFO_AUTH_PASSWORD: focus-password
|
||
JVB_AUTH_USER: jvb
|
||
JVB_AUTH_PASSWORD: jvb-password
|
||
ENABLE_AUTH: 1
|
||
ENABLE_GUESTS: 0
|
||
AUTH_TYPE: jwt
|
||
JWT_APP_ID: urbanLifeline
|
||
JWT_APP_SECRET: urbanLifeline-jitsi-secret-key-2025-production-safe-hs256
|
||
JWT_ACCEPTED_ISSUERS: urbanLifeline
|
||
JWT_ACCEPTED_AUDIENCES: jitsi
|
||
JWT_ALLOW_EMPTY: 0
|
||
JWT_AUTH_TYPE: token
|
||
JWT_TOKEN_AUTH_MODULE: token_verification
|
||
LOG_LEVEL: info
|
||
PUBLIC_URL: https://org.xyzh.yslg.jitsi
|
||
# 🔥 新增1 - Prosody层禁用JWT自动授予主持人权限(JWT模式核心!)
|
||
JWT_DISABLE_AUTO_MODERATOR: true
|
||
volumes:
|
||
- ../../../.data/docker/jitsi/prosody/config:/config
|
||
- ../../../.data/docker/jitsi/prosody/prosody-plugins-custom:/prosody-plugins-custom
|
||
healthcheck:
|
||
test: ["CMD", "prosodyctl", "status"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 90s
|
||
|
||
jitsi-jicofo:
|
||
image: jitsi/jicofo:stable-9584
|
||
container_name: urban-lifeline-jitsi-jicofo
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
environment:
|
||
TZ: Asia/Shanghai
|
||
XMPP_DOMAIN: meet.jitsi
|
||
XMPP_AUTH_DOMAIN: auth.meet.jitsi
|
||
XMPP_MUC_DOMAIN: muc.meet.jitsi
|
||
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
|
||
XMPP_SERVER: jitsi-prosody
|
||
JICOFO_COMPONENT_SECRET: jicofo-secret
|
||
JICOFO_AUTH_USER: focus
|
||
JICOFO_AUTH_PASSWORD: focus-password
|
||
AUTH_TYPE: jwt
|
||
JVB_BREWERY_MUC: jvbbrewery
|
||
JICOFO_ENABLE_HEALTH_CHECKS: true
|
||
# 保留原有配置
|
||
JICOFO_ENABLE_AUTO_OWNER: false
|
||
JICOFO_ENABLE_AUTO_LOGIN: false
|
||
# 🔥 新增2 - 兜底:强制清空初始主持人,杜绝所有自动分配可能
|
||
JICOFO_CONFERENCE_INITIAL_OWNER: ""
|
||
volumes:
|
||
- ../../../.data/docker/jitsi/jicofo:/config
|
||
depends_on:
|
||
- jitsi-prosody
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 90s
|
||
|
||
jitsi-jvb:
|
||
# ✅ 保持原有配置不变,无需修改
|
||
image: jitsi/jvb:stable-9584
|
||
container_name: urban-lifeline-jitsi-jvb
|
||
restart: unless-stopped
|
||
networks:
|
||
- urban-lifeline
|
||
ports:
|
||
- "10000:10000/udp"
|
||
- "4443:4443/tcp"
|
||
environment:
|
||
TZ: Asia/Shanghai
|
||
XMPP_DOMAIN: meet.jitsi
|
||
XMPP_AUTH_DOMAIN: auth.meet.jitsi
|
||
XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
|
||
XMPP_SERVER: jitsi-prosody
|
||
JVB_AUTH_USER: jvb
|
||
JVB_AUTH_PASSWORD: jvb-password
|
||
JVB_BREWERY_MUC: jvbbrewery
|
||
JVB_PORT: 10000
|
||
JVB_STUN_SERVERS: stun.l.google.com:19302,stun1.l.google.com:19302
|
||
DOCKER_HOST_ADDRESS: 192.168.0.253
|
||
JVB_ADVERTISE_IPS: 192.168.0.253
|
||
JVB_ENABLE_APIS: rest,colibri
|
||
JVB_TCP_HARVESTER_DISABLED: "false"
|
||
JVB_TCP_PORT: 4443
|
||
JVB_TCP_MAPPED_PORT: 4443
|
||
volumes:
|
||
- ../../../.data/docker/jitsi/jvb:/config
|
||
depends_on:
|
||
- jitsi-prosody
|
||
healthcheck:
|
||
test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 3
|
||
start_period: 90s |