First commit

Dockerfile

@@ -0,0 +1,39 @@
+FROM alpine@sha256:b276d875eeed9c7d3f1cfa7edb06b22ed22b14219a7d67c52c56612330348239
+
+# Set environment variables
+ENV MUMBLE_VERSION=1.3.3
+
+# Copy project files into container
+COPY ./config /etc/murmur
+COPY ./docker-entrypoint.sh /usr/local/bin/
+
+RUN apk --no-cache add \
+        pwgen \
+        libressl \
+        qt5-qtbase-mysql \
+    && adduser -SDH murmur \
+    && mkdir -p \
+        /data \
+        /opt \
+        /var/run/murmur \
+    && chown -R murmur:nobody \
+        /data \
+        /etc/murmur \
+        /var/run/murmur \
+    && wget \
+        https://github.com/mumble-voip/mumble/releases/download/${MUMBLE_VERSION}/murmur-static_x86-${MUMBLE_VERSION}.tar.bz2 -O - |\
+        bzcat -f |\
+        tar -x -C /opt -f - \
+    && mv /opt/murmur* /opt/murmur
+
+# Exposed port should always match what is set in /murmur/murmur.ini
+EXPOSE 64738/tcp 64738/udp
+
+# Set the working directory
+WORKDIR /etc/murmur
+
+# Add the data volume for data persistence
+VOLUME ["/data/"]
+
+# Configure runtime container and start murmur
+ENTRYPOINT ["docker-entrypoint.sh"]

README.md

@@ -1,2 +1,175 @@
-# mumble-docker
-Docker support for Mumble
+**Mumble** is a VOIP application which allows users to talk to each other via
+the same server. It uses a client-server architecture, and encrypts all
+communication to ensure user privacy. **Murmur** is the name of the server
+component within the Mumble project.[Learn More][mumble-wiki].
+
+`mumble-voip/mumble-server` enables you to easily run multiple (lightweight) murmur
+instances on the same host.
+
+## Getting started
+
+This guide assumes that you already have [Docker][docker-install-docs]
+installed.
+
+### Pull the official image
+
+An image is available from the [Docker Hub][docker-hub-repo-url] registry, built
+automatically from this repository. It's easy to get started:
+
+```text
+docker pull mumble-voip/mumble-server[:tag]
+```
+
+You don't _need_ to specify a tag, but it's a good idea to so that you don't
+pull `latest` and risk getting different versions on different hosts. Versions
+are kept in line with the [releases from mumble-voip/mumble][vendor-releases].
+
+The examples throughout this document assume we are not using a tag for the sake
+of brevity. If you pull the image with a tag other than `latest`, you will need
+to use that tag number when running the image via `docker run`.
+
+### Create a container
+
+Now that you have the image pulled, it's time to get a container up and running.
+
+```text
+docker run -d \
+    -p 64738:64738/tcp \
+    -p 64738:64738/udp \
+    --name mumble-server-001 \
+    mumble-voip/mumble-server[:tag]
+```
+
+You should now be able to open up the Mumble client, and connect to the server
+running at `127.0.0.1:64738`.
+
+### Configuration options
+
+The following variables can be passed into the container (when you execute
+`docker run`) to change various configuration options.
+
+For example:
+
+```text
+docker run -d \
+    -p 64738:64738/tcp \
+    -p 64738:64738/udp
+    -e MUMBLE_SERVERPASSWORD='superSecretPasswordHere' \
+    --name mumble-server-001 \
+    mumble-voip/mumble-server[:tag]
+```
+
+Here is a list of all options supported through environment variables:
+
+| Environment Variable | Default Value |
+| -------------------- | ------------- |
+| [`MUMBLE_ALLOWHTML`][mdoc-allowhtml] | `true`|
+| [`MUMBLE_ALLOWPING`][mdoc-allowping] | `true`|
+| [`MUMBLE_AUTOBANATTEMPTS`][mdoc-group-autoban] | `10`    |
+| [`MUMBLE_AUTOBANTIMEFRAME`][mdoc-group-autoban] | `120` |
+| [`MUMBLE_AUTOBANTIME`][mdoc-group-autoban] | `300` |
+| [`MUMBLE_BANDWIDTH`][mdoc-bandwidth] | `7200`|
+| [`MUMBLE_CHANNELNAME`][mdoc-group-channelusername] | `[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+` |
+| [`MUMBLE_DATABASE`][mdoc-group-database] | `/data/murmur.sqlite` |
+| [`MUMBLE_DB_DRIVER`][mdoc-group-database] | `QSQLITE` |
+| [`MUMBLE_DB_USERNAME`][mdoc-group-database] | `---` |
+| [`MUMBLE_DB_PASSWORD`][mdoc-group-database] | `---` |
+| [`MUMBLE_DEFAULTCHANNEL`][mdoc-defaultchannel] | `---` |
+| [`MUMBLE_ENABLESSL`](#ssl-certificates-murmurinissl) | `0` |
+| [`MUMBLE_ICE`][mdoc-ice] | `tcp -h 127.0.0.1 -p 6502` |
+| [`MUMBLE_ICESECRETREAD`][mdoc-group-icesecret] | `---` |
+| [`MUMBLE_ICESECRETWRITE`][mdoc-group-icesecret] | `---` |
+| [`MUMBLE_IMAGEMESSAGELENGTH`][mdoc-imagemessagelength] |`131072` |
+| [`MUMBLE_KDFITERATIONS`][mdoc-kdfIterations] | `-1`|
+| [`MUMBLE_LEGACYPASSWORDHASH`][mdoc-legacyPasswordHash] | `false` |
+| [`MUMBLE_MESSAGEBURST`][mdoc-ratelimit] | `5` |
+| [`MUMBLE_MESSAGELIMIT`][mdoc-ratelimit] | `1` |
+| [`MUMBLE_OBFUSCATE`][mdoc-obfuscate] | `false` |
+| [`MUMBLE_OPUSTHRESHOLD`][mdoc-opusthreshold] | `100` |
+| [`MUMBLE_REGISTERHOSTNAME`][mdoc-registerHostname] | `---` |
+| [`MUMBLE_REGISTERNAME`][mdoc-registerName] | `---`|
+| [`MUMBLE_REGISTERPASSWORD`][mdoc-registerPassword] | `---` |
+| [`MUMBLE_REGISTERURL`][mdoc-registerUrl] | `---` |
+| [`MUMBLE_REMEMBERCHANNEL`][mdoc-rememberchannel] | `true`|
+| [`MUMBLE_SENDVERSION`][mdoc-sendversion] | `false`|
+| [`MUMBLE_SERVERPASSWORD`][mdoc-serverpassword] | `---` |
+| [`MUMBLE_SSLCIPHERS`](#ssl-certificates-murmurinissl) | `---` |
+| [`MUMBLE_SSLPASSPHRASE`](#ssl-certificates-murmurinissl) | `---` |
+| [`MUMBLE_SUGGESTPOSITIONAL`][mdoc-suggestPositional] | `---` |
+| [`MUMBLE_SUGGESTPUSHTOTALK`][mdoc-suggestPushToTalk] | `---` |
+| [`MUMBLE_SUGGESTVERSION`][mdoc-suggestVersion] | `false` |
+| [`MUMBLE_TEXTMESSAGELENGTH`][mdoc-textmessagelength] | `5000`|
+| [`MUMBLE_TIMEOUT`][mdoc-timeout] | `30`|
+| [`MUMBLE_USERNAME`][mdoc-group-channelusername] | `[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+` |
+| [`MUMBLE_USERS`][mdoc-users] | `100` |
+| [`MUMBLE_USERSPERCHANNEL`][mdoc-usersperchannel] | `0` |
+| [`MUMBLE_WELCOMETEXT`][mdoc-welcometext] | `<br />Welcome...` |
+| `SUPERUSER_PASSWORD` | If not defined, a password will be auto-generated. |
+
+### Custom welcome text ([Murmur.ini::welcometext][mdoc-welcometext])
+
+If the environnement variable `MUMBLE_WELCOMETEXT` will produce to big config for you, 
+you can customize the welcome text with a separate file.
+Add the contents to `welcometext` and mount that
+into the container at `/data/welcometext`. Double quote characters (`"`) are
+escaped automatically, but you may want to confirm that your message was parsed
+correctly.
+
+### Custom configuration file
+If you want to use a fully set murmur configuration file, 
+you can mount the file into the container at `/data/murmur.ini`
+You cannot have both environment variables AND config file. The config file override everything.
+
+### SSL Certificates ([Murmur.ini::SSL][mdoc-sslcertkey])
+
+The server will generate its own SSL certificates when the daemon is started. If
+you wish to provide your own certificates and ciphers instead, you can do so by
+following the instructions below.
+
+If `MUMBLE_ENABLESSL` is set to `1`, custom SSL is enabled, as long as you have
+mounted a certificate and key at the following locations:
+
+- SSL certificate should be mounted at `/data/cert.pem`
+
+  - If your certificate is signed by an authority that uses a sub-signed or
+    "intermediate" certificate, you should either bundle that with your
+    certificate, or mount it in separately at `/data/intermediate.pem` - this
+    will be automatically detected.
+
+- SSL key should be mounted at `/data/key.pem`
+
+  - If the key has a passphrase, you should define the environment variable
+    `MUMBLE_SSLPASSPHRASE` with the passphrase. This variable does not have any
+    effect if you have not mounted a key *and* enabled SSL.
+
+- Set your preferred cipher suite using `MUMBLE_SSLCIPHERS`
+
+  - This option chooses the cipher suites to make available for use in SSL/TLS.
+    See the [official documentation][mdoc-sslCiphers] for more information.
+
+### Logging in as SuperUser
+
+If the environment variable `SUPERUSER_PASSWORD` is not defined when creating
+the container, a password will be automatically generated. To view the password
+for any container at any time, look at the container's logs. As an example, to
+view the SuperUser password is for an instance running in a container named
+`mumble-server-001`:
+
+```text
+$ docker logs mumble-server-001 2>&1 | grep SUPERUSER_PASSWORD
+> SUPERUSER_PASSWORD: <value>
+```
+
+
+### Numbered tags
+
+For a full list of tags, please see the [tags page][tags] on Docker Hub.
+
+Numbered tags follow the pattern:
+
+```
+<MUMBLE_VERSION>-<RELEASE>
+  │                └─ the release number specific to this repository
+  │
+  └──── the version of mumble for this release
+```

config/ice.ini

@@ -0,0 +1,5 @@
+# ICE CONFIGURATION
+########################################
+[Ice]
+Ice.Warn.UnknownProperties=1
+Ice.MessageSizeMax=65536

config/murmur.ini

@@ -0,0 +1,102 @@
+# MURMUR SETTINGS
+# https://github.com/mumble-voip/mumble/blob/master/scripts/murmur.ini
+###############################################################################
+#
+# The settings below are what the contributors to the docker-murmur
+# project recommend. They have been organized in the same order as the
+# official documentation (URL above), however, it is important to note
+# that some settings may not be present in this file due to the
+# nature of the project running in a container.
+#
+# This file should be used to determine what the current settings
+# for a container is, as well as updating the settings via RPC.
+# It is NOT recommended to edit settings or add new settings here. Instead,
+# create a ticket at the url below:
+#
+# https://github.com/mumble-voip/mumble-docker/issues
+#
+###############################################################################
+
+# DATABASE CONFIGURATION
+########################################
+database=/data/murmur.sqlite
+dbDriver=QSQLITE
+#dbUsername=
+#dbPassword=
+#dbHost=
+
+
+# RPC CONFIGURATION
+########################################
+#ice="tcp -h 127.0.0.1 -p 6502"
+#icesecretread=
+#icesecretwrite=
+
+# SECURITY CONFIGURATION
+########################################
+#autobanAttempts=10
+#autobanTimeframe=120
+#autobanTime=300
+#serverpassword=
+uname=murmur
+#obfuscate=false
+#sendversion=false
+#legacyPasswordHash=false
+#kdfIterations=-1
+#allowping=true
+
+# PROCESS ADMINISTRIVIA
+########################################
+logfile=
+logdays=-1
+pidfile=/var/run/murmur/murmur.pid
+
+# CONNECTIVITY
+########################################
+#port=64738
+#host=0.0.0.0
+#bandwidth=72000
+#timeout=30
+
+# SSL SETTINGS
+########################################
+#certrequired=false
+#sslCert=
+#sslKey=
+#sslPassPhrase=
+#sslCA=
+#sslCiphers=
+#sslDHParams=
+
+# USERS AND CHANNELS
+########################################
+users=100
+#usersperchannel=0
+#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+
+#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
+#channelnestinglimit=10
+#defaultchannel=
+#rememberchannel=true
+#textmessagelength=5000
+#imagemessagelength=131072
+#allowhtml=false
+#opusthreshold=100
+#messageburst=5
+#messagelimit=1
+
+# SERVER REGISTRATION
+########################################
+#registerName=
+#registerPassword=
+#registerUrl=
+#registerHostname=
+
+# MISCELLANEOUS
+########################################
+#suggestVersion=
+#suggestPositional=
+#suggestPushToTalk=
+
+# WELCOME MESSAGE
+########################################
+welcometext="<br />Welcome to this server running <b>sudoforge/mumble-server</b>. <br />Enjoy your stay!<br />"

docker-entrypoint.sh

@@ -0,0 +1,108 @@
+#!/usr/bin/env sh
+set -e
+
+CONFIGFILE="/etc/murmur/murmur.ini"
+ICEFILE="/etc/murmur/ice.ini"
+WELCOMEFILE="/data/welcometext"
+CUSTOM_CONFIG_FILE="/data/murmur.ini"
+
+setVal() {
+    if [ -n "${1}" ] && [ -n "${2}" ]; then
+        echo "update setting: ${1} with: ${2}"
+        tmp=$(echo $2 | sed 's,\\,\\\\,g') # Double every \ for next sed
+        sed -i -E 's#;?('"${1}"'=).*#\1'"${tmp}"'#' "${CONFIGFILE}"
+    fi
+}
+
+setVal database "${MUMBLE_DATABASE}"
+setVal dbDriver "${MUMBLE_DB_DRIVER}"
+setVal dbUsername "${MUMBLE_DB_USERNAME}"
+setVal dbPassword "${MUMBLE_DB_PASSWORD}"
+setVal dbHost "${MUMBLE_DB_HOST}"
+setVal ice "${MUMBLE_ICE}"
+setVal icesecretread "${MUMBLE_ICESECRETREAD}"
+setVal icesecretwrite "${MUMBLE_ICESECRETWRITE}"
+setVal autobanAttempts "${MUMBLE_AUTOBANATTEMPTS}"
+setVal autobanTimeframe "${MUMBLE_AUTOBANTIMEFRAME}"
+setVal autobanTime "${MUMBLE_AUTOBANTIME}"
+setVal serverpassword "${MUMBLE_SERVERPASSWORD}"
+setVal obfuscate "${MUMBLE_OBFUSCATE}"
+setVal sendversion "${MUMBLE_SENDVERSION}"
+setVal legacyPasswordHash "${MUMBLE_LEGACYPASSWORDHASH}"
+setVal kdfIterations "${MUMBLE_KDFITERATIONS}"
+setVal allowping "${MUMBLE_ALLOWPING}"
+setVal bandwidth "${MUMBLE_BANDWIDTH}"
+setVal timeout "${MUMBLE_TIMEOUT}"
+setVal certrequired "${MUMBLE_CERTREQUIRED}"
+setVal users "${MUMBLE_USERS}"
+setVal usersperchannel "${MUMBLE_USERSPERCHANNEL}"
+setVal username "${MUMBLE_USERNAME}"
+setVal channelname "${MUMBLE_CHANNELNAME}"
+setVal channelnestinglimit "${MUMBLE_CHANNELNESTINGLIMIT}"
+setVal defaultchannel "${MUMBLE_DEFAULTCHANNEL}"
+setVal rememberchannel "${MUMBLE_REMEMBERCHANNEL}"
+setVal textmessagelength "${MUMBLE_TEXTMESSAGELENGTH}"
+setVal imagemessagelength "${MUMBLE_IMAGEMESSAGELENGTH}"
+setVal allowhtml "${MUMBLE_ALLOWHTML}"
+setVal opusthreshold "${MUMBLE_OPUSTHRESHOLD}"
+setVal messagelimit "${MUMBLE_MESSAGELIMIT}"
+setVal messageburst "${MUMBLE_MESSAGEBURST}"
+setVal registerHostname "${MUMBLE_REGISTERHOSTNAME}"
+setVal registerPassword "${MUMBLE_REGISTERPASSWORD}"
+setVal registerUrl "${MUMBLE_REGISTERURL}"
+setVal registerName "${MUMBLE_REGISTERNAME}"
+setVal suggestVersion "${MUMBLE_SUGGESTVERSION}"
+setVal suggestPositional "${MUMBLE_SUGGESTPOSITIONAL}"
+setVal suggestPushToTalk "${MUMBLE_SUGGESTPUSHTOTALK}"
+setVal welcometext "${MUMBLE_WELCOMETEXT}"
+
+
+if [ -n "${MUMBLE_ENABLESSL}" ] && [ "${MUMBLE_ENABLESSL}" -eq 1 ]; then
+    SSL_CERTFILE=${MUMBLE_CERTFILE:-/data/cert.pem}
+    SSL_KEYFILE=${MUMBLE_KEYFILE:-/data/key.pem}
+    SSL_CAFILE=${MUMBLE_CAFILE:-/data/intermediate.pem}
+    SSL_DHFILE=${MUMBLE_DHFILE:-/data/dh.pem}
+
+    if [ -f "${SSL_CERTFILE}" ]; then
+        setVal sslCert "${SSL_CERTFILE}"
+    fi
+
+    if [ -f "${SSL_KEYFILE}" ]; then
+        setVal sslKey "${SSL_KEYFILE}"
+        setVal sslPassPhrase "${MUMBLE_SSLPASSPHRASE}"
+    fi
+
+    if [ -f "${SSL_CAFILE}" ]; then
+        setVal sslCA "${SSL_CAFILE}"
+    fi
+
+    if [ -f "${SSL_DHFILE}" ]; then
+        setVal sslDHParams "${SSL_DHFILE}"
+    fi
+
+    setVal sslCiphers "${MUMBLE_SSLCIPHERS}"
+fi
+
+if [ -f "${WELCOMEFILE}" ]; then
+    parsedContent=$(sed -E 's/"/\\"/g' "${WELCOMEFILE}")
+    setVal welcometext "\"$parsedContent\""
+fi
+
+if ! grep -q '\[Ice\]' "${CONFIGFILE}"; then
+    echo "" >> "${CONFIGFILE}"
+    cat "${ICEFILE}" >> "${CONFIGFILE}"
+fi
+
+chown -R murmur:nobody /data/
+
+if [ -f "${CUSTOM_CONFIG_FILE}" ]; then
+    CONFIGFILE="${CUSTOM_CONFIG_FILE}"
+fi
+
+# Run murmur if not in debug mode
+if [ -z "$DEBUG" ] || [ "$DEBUG" -ne 1 ]; then
+    exec /opt/murmur/murmur.x86 -fg -ini "${CONFIGFILE}"
+else
+    exec /opt/murmur/murmur.x86 -fg -ini "${CONFIGFILE}" -v
+fi
+