-
Run
yarn installin./messages -
Run
yarn run proto-allin./messages -
Run
yarn installin./front -
Run
./front/templater.sh -
Run
build-front.shin./front -
Copy
./front/distto/var/www/html/play -
Adjust
.env -
Run
docker-compose -f docker-compose.prod.yaml up -
Configure and start nginx with
docker-compose.prod.yaml -
Setup coturn
-
-
Save maxammann/eb7726d2acbb197236f00c8b358e830c to your computer and use it in GitHub Desktop.
README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEBUG_MODE=false | |
| JITSI_URL=<fill_me> | |
| # If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret | |
| JITSI_PRIVATE_MODE=false | |
| JITSI_ISS= | |
| SECRET_JITSI_KEY= | |
| ADMIN_API_TOKEN=<secret> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| DEBUG_MODE="false" \ | |
| JITSI_URL=<secret> \ | |
| JITSI_PRIVATE_MODE="false" \ | |
| API_URL=pusher.world.tuerantuer.org \ | |
| UPLOADER_URL=uploader.world.tuerantuer.org \ | |
| ADMIN_URL=world.tuerantuer.org \ | |
| TURN_SERVER="turn:coturn.world.tuerantuer.org:3478,turns:coturn.world.tuerantuer.org:3443" \ | |
| TURN_USER=workadventure \ | |
| TURN_PASSWORD=<secret> \ | |
| yarn build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| pusher: | |
| image: thecodingmachine/nodejs:12 | |
| command: yarn run prod | |
| environment: | |
| DEBUG: "*" | |
| STARTUP_COMMAND_1: yarn install | |
| SECRET_JITSI_KEY: "$SECRET_JITSI_KEY" | |
| SECRET_KEY: <fill_me> | |
| ADMIN_API_TOKEN: "$ADMIN_API_TOKEN" | |
| API_URL: back:50051 | |
| JITSI_URL: $JITSI_URL | |
| JITSI_ISS: $JITSI_ISS | |
| volumes: | |
| - ./pusher:/usr/src/app | |
| networks: | |
| world: | |
| ipv4_address: 10.1.0.20 | |
| back: | |
| image: thecodingmachine/nodejs:12 | |
| command: yarn run prod | |
| environment: | |
| DEBUG: "*" | |
| STARTUP_COMMAND_1: yarn install | |
| SECRET_KEY: <fill_me> | |
| SECRET_JITSI_KEY: "$SECRET_JITSI_KEY" | |
| ALLOW_ARTILLERY: "true" | |
| ADMIN_API_TOKEN: "$ADMIN_API_TOKEN" | |
| JITSI_URL: $JITSI_URL | |
| JITSI_ISS: $JITSI_ISS | |
| volumes: | |
| - ./back:/usr/src/app | |
| networks: | |
| world: | |
| ipv4_address: 10.1.0.30 | |
| uploader: | |
| image: thecodingmachine/nodejs:12 | |
| command: yarn prod | |
| environment: | |
| DEBUG: "*" | |
| STARTUP_COMMAND_1: yarn install | |
| volumes: | |
| - ./uploader:/usr/src/app | |
| networks: | |
| world: | |
| ipv4_address: 10.1.0.40 | |
| networks: | |
| world: | |
| driver: bridge | |
| ipam: | |
| driver: default | |
| config: | |
| - subnet: 10.1.0.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name world.tuerantuer.org; | |
| root /var/www/html/default; | |
| index index.html; | |
| listen 443 ssl; | |
| <fill_tls_config> | |
| } | |
| server { | |
| server_name maps.world.tuerantuer.org; | |
| root /var/www/html/maps; | |
| index index.html; | |
| listen 443 ssl; | |
| <fill_tls_config> | |
| } | |
| server { | |
| server_name play.world.tuerantuer.org; | |
| root /var/www/html/play; | |
| index index.html; | |
| location / { | |
| try_files $uri $uri/ /index.html; | |
| } | |
| listen 443 ssl; | |
| <fill_tls_config> | |
| } | |
| server { | |
| server_name api.world.tuerantuer.org; | |
| location / { | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://10.1.0.30:8080/; | |
| } | |
| listen 443 ssl; | |
| <fill_tls_config> | |
| } | |
| server { | |
| server_name pusher.world.tuerantuer.org; | |
| location / { | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://10.1.0.20:8080/; | |
| } | |
| listen 443 ssl; | |
| } | |
| server { | |
| server_name uploader.world.tuerantuer.org; | |
| location / { | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://10.1.0.40:8080/; | |
| } | |
| listen 443 ssl; | |
| } | |
| server { | |
| if ($host = world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name world.tuerantuer.org; | |
| return 404; | |
| } | |
| server { | |
| if ($host = play.world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name play.world.tuerantuer.org; | |
| return 404; | |
| } | |
| server { | |
| if ($host = api.world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name api.world.tuerantuer.org; | |
| return 404; | |
| } | |
| server { | |
| if ($host = pusher.world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name pusher.world.tuerantuer.org; | |
| return 404; | |
| } | |
| server { | |
| if ($host = uploader.world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name uploader.world.tuerantuer.org; | |
| return 404; | |
| } | |
| server { | |
| if ($host = maps.world.tuerantuer.org) { | |
| return 301 https://$host$request_uri; | |
| } | |
| listen 80; | |
| server_name maps.world.tuerantuer.org; | |
| return 404; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| listening-port=3478 | |
| tls-listening-port=3443 | |
| # Fingerprints in TURN messages are required for WebRTC | |
| fingerprint | |
| # The long-term credential mechanism is required for WebRTC | |
| lt-cred-mech | |
| user=workadventure:<secret> | |
| realm=coturn.world.tuerantuer.org | |
| # Configure TLS support. | |
| # Adjust these paths to match the locations of your certificate files | |
| cert=/etc/letsencrypt/live/world.tuerantuer.org/fullchain.pem | |
| pkey=/etc/letsencrypt/live/world.tuerantuer.org/privkey.pem | |
| # Limit the allowed ciphers to improve security | |
| # Based on https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS" | |
| # Enable longer DH TLS key to improve security | |
| dh2066 | |
| # All WebRTC-compatible web browsers support TLS 1.2 or later, so disable | |
| # older protocols | |
| no-tlsv1 | |
| no-tlsv1_1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment