apache config files hinzugefügt, Readme angepasst

README.md

@@ -3,3 +3,6 @@ Dockerfile für das Spreed/Talk High Performance Backend
 Vorsicht: aio-talk-recording setzt per default den pfad (HPB_PATH) auf `https://domain.example/standalone-signaling/`
 
 Wurde das Backend mit aio-talk erstellt ist der Pfad nur `https://domain.example/`
+
+
+Die beiden Apache config Dateien sind für die Proxy Einstellungen für den Signaling bzw. Recording Container.

apache_site_recording.example.tld.proxy.conf

@@ -0,0 +1,30 @@
+<VirtualHost *:443>
+    ServerName recording.example.tld
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
+
+    SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+
+    Protocols h2 http/1.1
+
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/recording_error.log
+    CustomLog ${APACHE_LOG_DIR}/recording_access.log combined
+
+    # Proxy-Einstellungen
+    ProxyPreserveHost On
+    ProxyRequests Off
+
+    <Proxy *>
+        Require all granted
+    </Proxy>
+
+    ProxyPass "/" "http://127.0.0.1:1234/"
+    ProxyPassReverse "/" "http://127.0.0.1:1234/"
+
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+</VirtualHost>

apache_site_signal.example.tld.proxy.conf

@@ -0,0 +1,42 @@
+<VirtualHost *:80>
+    ServerName signal.example.tld
+    Redirect permanent / https://signal.example.tld/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName signal.example.tld
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/example.tld/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/example.tld/privkey.pem
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    # Optional, wenn vorhanden:
+
+    # Protocols h2 http/1.1
+
+
+    # Logs
+    ErrorLog ${APACHE_LOG_DIR}/signal_error.log
+
+    CustomLog ${APACHE_LOG_DIR}/signal_access.log combined
+
+    # Security Header
+    <IfModule mod_headers.c>
+        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    </IfModule>
+
+    # Proxy-Setup
+    ProxyPreserveHost On
+    ProxyRequests Off
+    ProxyAddHeaders On
+
+
+    # Leite alles an den Backend-Dienst weiter und erlaube WebSocket-Upgrades
+    ProxyPass        / http://127.0.0.1:8181/ upgrade=websocket keepalive=On
+    ProxyPassReverse / http://127.0.0.1:8181/
+
+
+    # Weitergereichte Header
+    RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
+    RequestHeader set X-Real-IP        expr=%{REMOTE_ADDR}
+</VirtualHost>

docker-compose.yml

@@ -0,0 +1,36 @@
+services:
+  nc-talk:
+    container_name: talk_hpb
+    image: ghcr.io/nextcloud-releases/aio-talk:latest
+    init: true
+    ports:
+      - 3487:3478/tcp
+      - 3487:3478/udp
+      - 8181:8081/tcp
+
+    environment:
+      - NC_DOMAIN=nextcloud.example.tld
+      - TALK_HOST=signal.example.tld
+      - TURN_SECRET=BBBBBB
+
+      - SIGNALING_SECRET=CCCCCC
+      - TZ=Europe/Berlin
+      - TALK_PORT=3478
+      - INTERNAL_SECRET=AAAAAA
+    restart: unless-stopped
+
+  aio-talk-recording:
+    container_name: talk_record
+    image: nextcloud/aio-talk-recording:latest
+
+    environment:
+      - HPB_DOMAIN=signal.example.tld
+      - HPB_PATH=
+      - NC_DOMAIN=nextcloud.example.tld
+      - RECORDING_SECRET=DDDDDD
+      - INTERNAL_SECRET=AAAAAA
+
+      - TZ=Europe/Berlin
+    ports:
+      - 127.0.0.1:1234:1234
+    restart: unless-stopped