Merge branch 'feature/docker' into develop

.github/workflows/main.yml

@@ -6,14 +6,16 @@ on:
     branches: [ develop ]
   pull_request:
     branches: [ develop ]
+  schedule:
+    - cron: '3 19 * * 1' # run Mondays at 11:03am pacific during Standard Time, 12:03pm during Daylight Saving Time
 
 jobs:
   taskcat:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
+          persist-credentials: false
       - name: install
         run: make update-common
       - name: build
@@ -23,7 +25,7 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.OE_PATTERNS_TASKCAT_DEV_GITHUB_AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.OE_PATTERNS_TASKCAT_DEV_GITHUB_AWS_SECRET_ACCESS_KEY }}
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: taskcat_outputs

CHANGELOG.md

@@ -1,4 +1,9 @@
 # Unreleased
+------------
+* Upgrading to docker-based deployment
+* Adding CustomDotEnvParameterArn parameter
+* Adding CustomConfigJsParameterArn parameter
+* Adding CustomInterfaceConfigJsParameterArn parameter
 
 3.0.0
 -----

Dockerfile

@@ -1,4 +1,4 @@
-FROM ordinaryexperts/aws-marketplace-patterns-devenv:2.3.2
+FROM ordinaryexperts/aws-marketplace-patterns-devenv:2.5.3
 
 # install dependencies
 RUN mkdir -p /tmp/code/cdk/jitsi

Makefile

@@ -1,25 +1,19 @@
 -include common.mk
 
 update-common:
-	wget -O common.mk https://raw.githubusercontent.com/ordinaryexperts/aws-marketplace-utilities/1.4.0/common.mk
+	wget -O common.mk https://raw.githubusercontent.com/ordinaryexperts/aws-marketplace-utilities/1.6.0/common.mk
 
 deploy: build
-	docker-compose run -w /code/cdk --rm devenv cdk deploy \
+	docker compose run -w /code/cdk --rm devenv cdk deploy \
 	--require-approval never \
-	--parameters AsgReprovisionString=20230729.1 \
-	--parameters IngressCidrBlock=0.0.0.0/0 \
-	--parameters JitsiHostname=oe-patterns-jitsi-${USER}.dev.patterns.ordinaryexperts.com \
-	--parameters JitsiInterfaceAppName="Ordinary Experts Meet" \
-	--parameters JitsiInterfaceDefaultRemoteDisplayName="Ordinary Expert" \
-	--parameters JitsiInterfaceNativeAppName="Ordinary Experts Meet (native)" \
-	--parameters JitsiInterfaceShowBrandWatermark=true \
-	--parameters JitsiInterfaceShowWatermarkForGuests=true \
-	--parameters JitsiInterfaceBrandWatermark=https://ordinaryexperts.com/img/logos/oe-logo-white-transparent-background-900x600.png \
-	--parameters JitsiInterfaceBrandWatermarkLink=https://ordinaryexperts.com \
-	--parameters JitsiInterfaceWatermark=https://ordinaryexperts.com/img/logos/oe-logo-white-transparent-background-900x600.png \
-	--parameters JitsiInterfaceWatermarkLink=https://ordinaryexperts.com \
-	--parameters [email protected] \
-	--parameters Route53HostedZoneName=dev.patterns.ordinaryexperts.com \
+	--parameters AlbCertificateArn=arn:aws:acm:us-east-1:992593896645:certificate/943928d7-bfce-469c-b1bf-11561024580e \
+	--parameters AlbIngressCidr=0.0.0.0/0 \
+	--parameters AsgReprovisionString=20241123.1 \
+	--parameters CustomDotEnvParameterArn=arn:aws:ssm:us-east-1:992593896645:parameter/oe-patterns-jitsi-dylan-custom-dot-env:4 \
+	--parameters CustomConfigJsParameterArn=arn:aws:ssm:us-east-1:992593896645:parameter/oe-patterns-jitsi-dylan-custom-config-js:1 \
+	--parameters CustomInterfaceConfigJsParameterArn=arn:aws:ssm:us-east-1:992593896645:parameter/oe-patterns-jitsi-dylan-custom-interface-config-js:1 \
+	--parameters DnsHostname=jitsi-${USER}.dev.patterns.ordinaryexperts.com \
+	--parameters DnsRoute53HostedZoneName=dev.patterns.ordinaryexperts.com \
 	--parameters VpcId=vpc-00425deda4c835455 \
 	--parameters VpcPrivateSubnet1Id=subnet-030c94b9795c6cb96 \
 	--parameters VpcPrivateSubnet2Id=subnet-079290412ce63c4d5 \

README.md

@@ -1,10 +1,10 @@
 ![Ordinary Experts Logo](https://ordinaryexperts.com/img/logo.png)
 
-# Jitsi on AWS Pattern
+# Jitsi Meet on AWS Pattern
 
-The Ordinary Experts Jitsi Pattern is an open-source AWS CloudFormation template that offers an easy-to-install AWS infrastructure solution for quickly deploying a Jitsi service, using AWS best practices.
+The Ordinary Experts Jitsi Pattern is an open-source AWS CloudFormation template that offers an easy-to-install AWS infrastructure solution for quickly deploying a Jitsi Meet service, using AWS best practices.
 
-[Jitsi](https://jitsi.org/) is a set of free and open-source projects which allow easy building deployment of secure video conferencing solutions.
+[Jitsi Meet](https://jitsi.org/) is a set of free and open-source projects which allow easy building deployment of secure video conferencing solutions.
 
 ## Product Setup
 
@@ -13,47 +13,43 @@ The Ordinary Experts Jitsi Pattern is an open-source AWS CloudFormation template
 For this pattern to work, you must first:
 
 1. Have an AWS Route 53 Hosted Zone configured and delegated
-1. Have at least 1 available EIP (or at least 2 available EIPs if not using your own VPC)
 
 After that you can just launch the CloudFormation stack and fill out the required parameters.
 
 See the [Ordinary Experts AWS Marketplace Product Page](https://ordinaryexperts.com/products/jitsi-pattern/) for a more detailed walkthrough with screenshots.
 
 ## Technical Details
 
-* Ubuntu 18.04.4 LTS
-* Apache 2.4.29
-* Jitsi version 2.0.6726-1
+* Ubuntu 22.04.4 LTS
+* Jitsi version stable-9823
 
-The AWS stack uses Amazon Elastic Compute Cloud (Amazon EC2), Amazon Virtual Public Cloud (Amazon VPC), Amazon CloudWatch and Amazon Route 53.
+The AWS stack uses Amazon Elastic Compute Cloud (Amazon EC2), Amazon Network Load Balancer (NLB) and Application Load Balancer (ALB), Amazon Virtual Public Cloud (Amazon VPC), Amazon CloudWatch, Amazon S3, Amazon Secrets Manager, Amazon Systems Manager Parameter Store, and Amazon Route 53.
 
-While our solution manages its EC2 instance via an AWS AutoScaling Group to take advantage of the support for multiple availability zone configuration, it DOES NOT support load balancing or automatically scaling Jitsi application servers. Such a setup requires a custom load balancing setup and may be included in a future release of this product.
+The template places an EC2 instance in a private subnet of the VPC, and deploys an NLB (for UDP and passing HTTP/S to ALB) and ALB (for HTTP/S) and secures port access to 80, 443, 10000, and 20000-20040 via an EC2 Security Group. Users can optionally have the template create a brand new VPC, or specify an existing VPC ID in their AWS account into which to deploy, including subnet identification parameters. Users are also able to lock down public access of the service to an ingress CIDR Block, in case they want to restrict access to a range of IP addresses (such as corporate VPN IPs).
 
-The template places a single EC2 instance in a public subnet of the VPC and secures port access to 80, 443, 4443 and 1000 via an EC2 Security Group. Users can optionally have the template create a brand new VPC, or specify an existing VPC ID in their AWS account into which to deploy, including subnet identification parameters. Users are also able to lock down public access of the service to an ingress CIDR Block, in case they want to restrict access to a range of IP addresses (such as corporate VPN IPs).
+Users provide an AWS Route 53 Hosted Zone Name and the stack will automatically manage a DNS record for the provided hostname parameter to point to the NLB.  SSL is done by specifying an ACM certificate ARN.
 
-Optionally, users can provide an AWS Route 53 Hosted Zone Name and the stack will automatically manage a DNS record for the provided hostname parameter. This is the recommended setup. The AWS CloudFormation stack provides and EC2 Elastic IP address as an output, whose IP address should be pointed to by the DNS record input as the 'Jitsi Hostname' parameter.
+There are three files that control the configuration of Jitsi, according to the [self-hosting guide](https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker), `.env`, `custom-config.js`, and `custom-interface_config.js`.
 
-**IMPORTANT**: As part of the Jitsi installation process, a [LetsEncrypt](https://letsencrypt.org/) certificate is generated, and the install process will try to validate the certificate programmatically every 12 minutes until it is successful. The installation will not be complete until DNS is pointing to the hostname supplied by parameter, and a certificate request has been successfully made.
+The `.env` file contains core settings for Jitsi. This file is automatically generated by the Ordinary Experts Pattern and contains secret configuration among other runtime configuration.
 
-Configuration of the Jitsi interface is possible via a number of parameters to the stack. Our solution automatically modifies `/usr/share/jitsi-meet/interface_config.js` to accommodate these customizations. Configuration of additional options is possible by modifying this file directly on the stack's application server. Please consult the Jitsi documentation for further reading on the configuration options. Options are subject to change with new releases of Jitsi and be aware that a manual upgrade of the Jitsi package on the EC2 instance will be overwritten upon new deployments.
+In order to add custom configuration to the `.env` file, create an SSM Parameter Secret String with the configuration you would like appended to the `.env` file, then specify the ARN of this SSM Parameter Secret String as the `CustomDotEnvParameterArn` CloudFormation parameter. When the stack provisions the EC2 instance, it will check this parameter and append any configuration to the `.env` file.
 
-Direct access to the EC2 instance for maintenance and customizations is possible through AWS Systems Manager Agent which is running as a service on the instance. For access, locate the EC2 instance in the AWS console dashboard, select it and click the "Connect" button, selecting the "Session Manager" option.
+For example, to enable server-side recording, put this into the value of the parameter referenced by `CustomDotEnvParameterArn`:
 
-Regions supported by Ordinary Experts' stack:
+```
+ENABLE_RECORDING=1
+```
 
-| Fully Supported | Unsupported |
-| -------------- | ----------- |
-| <ul><li>us-east-1 (N. Virginia)</li><li>us-east-2 (Ohio)</li><li>us-west-1 (N. California)</li><li>us-west-2 (Oregon)</li><li>ca-central-1 (Central)</li><li>eu-central-1 (Frankfurt)</li><li>eu-north-1 (Stockholm)</li><li>eu-west-1 (Ireland)</li><li>eu-west-2 (London)</li><li>eu-west-3 (Paris)</li><li>ap-northeast-1 (Tokyo)</li><li>ap-northeast-2 (Seoul)</li><li>ap-south-1 (Mumbai)</li><li>ap-southeast-1 (Singapore)</li><li>ap-southeast-2 (Sydney)</li><li>sa-east-1 (Sao Paolo)</li></ul> | <ul><li>eu-south-1 (Milan)</li><li>ap-east-1 (Hong Kong)</li><li>me-south-1 (Bahrain)</li><li>af-south-1 (Cape Town)</li></ul> |
+Likewise, to create an `custom-config.js` or `custom-interface_config.js` file, specify the `CustomConfigJsParameterArn` and / or the `CustomInterfaceConfigJsParameterArn`, where these ARNs point to SSM Parameter Secret Strings with values that will be used to create the `custom-config.js` and `interface_custom-config.js` files.
 
-Optional configurations include the following:
+We recommend adding the version of the SSM Parameter Secret String to the end of the SSM Parameter ARN in this format: `thearn:1` where 1 is the version of the SSM Parameter Secret String. This allows you to make a change to the contents of one of the SSM Parameters, then increment the version number in the ARN in the CloudFormation parameters, then re-deploy the stack. If there happens to be an issue with the configuration you just added, CloudFormation will roll-back to the previous version.
 
-* Contain your Jisti infrastructure in a new VPC, or provide this CloudFormation stack with an existing VPC id and subnets.
-* Manage DNS automatically by supplying an AWS Route 53 Hosted Zone to the stack.
-* Jitsi interface configuration via a number of parameters to the stack.
+Direct access to the EC2 instance for maintenance and customizations is possible through AWS Systems Manager Agent which is running as a service on the instance. For access, locate the EC2 instance in the AWS console dashboard, select it and click the "Connect" button, selecting the "Session Manager" option.
 
 ## Jitsi Stack Infrastructure
 
-![Topology Diagram](https://ordinaryexperts.com/img/services/oe_jitsi_patterns_topology_diagram.png)
+![Topology Diagram](oe_jitsi_patterns_topology_diagram.png)
 
 ## Developer Setup