Category: Administrator Linux

How to Install Immich(v1.99.0) on Docker Portainer with Nginx Proxy Manager

This document presents Docker compose version 3.8 for Immich Latest (1.99.0). I just changed the volume to the correct path because I want them to save in our large storage data and permission user so that any users can’t see our file except root.

I added networks because they’re going to be proxied by Nginx Proxy Manager and own Redis.

version: "3.8"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "immich" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
    networks:
      - nginx
      - personalphotos
    labels:
      - com.centurylinklabs.watchtower.enable=false
    depends_on:
      - redis
      - database
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: [ "start.sh", "microservices" ]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
    networks:
      - personalphotos
    labels:
      - com.centurylinklabs.watchtower.enable=false
    depends_on:
      - redis
      - database

    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - ${MODEL_CACHE}:/cache
    labels:
      - com.centurylinklabs.watchtower.enable=false
    env_file:
      - stack.env
    networks:
      - personalphotos
    restart: always


  redis:
    container_name: immich_redis
    image: redis:6.2-alpine
    env_file:
      - stack.env
    labels:
      - com.centurylinklabs.watchtower.enable=false
    networks:
      - personalphotos
    restart: always

  database:
    container_name: immich_postgres
    image: registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
    labels:
      - com.centurylinklabs.watchtower.enable=false
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    networks:
      - personalphotos
    volumes:
      - ${PGDATA}:/var/lib/postgresql/data

    restart: always
networks:
  nginx:
     external: true
  personalphotos:
     external: true

Here is Environment variables

DB_HOSTNAME=immich_postgres
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE_NAME=immich
TZ=America/Los_Angeles
REDIS_HOSTNAME=immich_redis
UPLOAD_LOCATION=changeyourpath/data
TYPESENSE_API_KEY=Your own create random letter
PUBLIC_LOGIN_PAGE_MESSAGE=
IMMICH_MACHINE_LEARNING_URL=http://immich-machine-learning:3003
MODEL_CACHE=/changeyourpath/model_cache
PGDATA=/changeyourpath/postgresqlbackup
TSDATA=/changeyourpath/tsdata

March 21, 2024

Nextcloud: Server has no maintenance window start time configured. Error.
Nextcloud Version: 28.0.3

There’s a link in the warning message to the documentation
```
You have to add the following line to your config.php:'maintenance_window_start' => 1,
```
Nextcloud Documentation:
https://docs.nextcloud.com/server/28/go.php?to=admin-background-jobs
March 18, 2024

Mailcow : renew Certification with nginx proxy manager

Make a file called “scriptmailssl.sh” and open the nano file editor. Paste these codes and save it!


#!/bin/bash

# This script takes the certs generated by Nginx Proxy Manager
# and copies it to the mailcow docker container.
# Before use, make sure you update the path to your docker data and locate which cert belongs to mailcow

cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/fullchain.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/cert.pem
cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/privkey.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}

chmod +x /home/applegater/docker/scriptmailssl.sh

Add a cronjob every month.

crontab -e

0 1 * */2 * bash /home/applegater/docker/scriptmailssl.sh >/dev/null 2>&1

It’s going to do the job for you every month.

March 18, 2024

Nextcloud 28.03 : annoy error message: 4 errors in the logs since… on Portainer

Delete Nextcoud.log to fix the error, but it will come back again and make sure you fix the error, so it won’t pop up again. This is similar to the engine light.

Follow this command line

After deleting the logs, Checks have now passed.

March 18, 2024
Nextcloud After Update and get this Error Message. I am Use Portainer, Docker.
Error Message:

Go to Portainer Web and log in with your admin account. Then select the correct environment server. Then go to Nextcloud Container to enter the console.

Please make sure you change the user root to www-data, then connect.

Now you can see that you have a terminal on your webgui and fill out this command line.
```
php occ db:add-missing-indices
```
Sucess and now Error gone.

Before:

After
March 18, 2024
SSH – Make Sure Our Server Is Secure And Create A Key For SSH.
If you are looking to remote your server from home, you can, but you cannot simply install OpenSSH with a password, which is very insecure. I strongly recommend using type Ed25519 ssh, which is the most secure and fast access to ssh. I recommend checking out this website. Follow the instructions on the red hat website to protect your Linux Server. These answers are the most accurate. Or here is my config for server ssh I made.

But first, we must generate the ed25519 key for our SSH or SFTP access.
1. Download Putty
2. open program on Windows PC putty gen (Putty Key Generator)
3. select EdDSA then select Ed25519 then generate
4. Please generate some random by moving the mouse over the blank area on puTTygen (Putty Key Generator).
5. After you generate, you can modify key comment and key passphrase
6. Go over your server, type the command to modify authorized_keys – “nano ~/.ssh/authorized_keys” then add your Public Key from your puTTygen (Putty Key Generator) on your Windows pc copy these to Your Linux Server.
7. Save authorized_keys, then restart ssh services.
The server can still be accessed with a password, so we must proceed with the server Linux SSH configuration and generate the file richardprofile.conf or whatevername.conf. The SSH path is /etc/ssh/sshd_config/sshd_config.d/richardprofile.conf.
```
Port 22
PermitEmptyPasswords no
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 60
ClientAliveCountMax 3
```
Save the configuration file and then restart ssh. Currently, you are 100% safe because we will set up fail ban to block certain IP addresses so that our network doesn’t get too busy.

These are great, and I plan to make a banner in ssh soon.
October 30, 2023
Network Experience

I must label every port to facilitate the troubleshooting process for both the Owner and IT team. I can make an Ethernet cable and coax and phone lines.

Anthem Coffee and Tea | Sunrise Village
Modem Internet and Router Business TP link and Modem Phone and 4G Data Internet Backup and Access Point from another room.

Anthem Coffee and Tea Point Ruston – Phone, 4G data backup, Modem, router, switch.

Anthem Coffee and Tea – Old Town – Modem, Phone, Router, 4G, POE for camera. soon cabinet will add.

Anthem Coffee and Tea – DownTown Puyallup before

Anthem Coffee and Tea – Downtown Puyallup This is After

Anthem Coffee and Tea – Edgewood – Network Setup Drive Thru

Anthem Coffee and Tea – Medical Campus Network setup with backup battery

Anthem Coffee and Tea – Downtown Tacoma – Network Setup

Anthem Coffee and Tea – Arioniza Litchfield

Anthem Coffee and Tea – Arioniza Verrado

October 27, 2023
My DNS, both Primary and Secondary, got into DNS amplification attacks.

This attack trigger was found on October 16, 2023, when I received an email that my server was nearly full. This is not a typical occurrence. Therefore, I discovered that my AdGuard Home DNS Server had been compromised, and that a significant number of IP addresses exceeding 20K were targeted specifically in Brazil, Latin, two France Server, London, and more due to their focus on DNS attacks.

I decided to conduct a thorough investigation into the individuals present on our server to obtain CIDRs for clients who have been disallowed. As a result, I was able to successfully disallow 99.9 percent of the clients. It is a better way than to block country IP. Because I don’t see myself as needing to waste my IP that is never used. So this way better to do block CIDR Range whoever owner IP they will be automatic disallow because they’re letting them attack DNS Server on us.

Cisco.com is real, but the content is not.

This is unusual, everything happening at once. This will cause my server to experience a slowdown.

After I added the IP CIDRs to the client that were not allowed, I noticed that my dashboard went back to normal. Again, ~~here is the link for IP addresses.~~ I have been working on these for the past three days, but it appears that they have been stopped. Therefore, I want to help your times and your DNS Server and our to-do better. 🙂

Secondary Server – Dell Server Tower mini – Portainer with AdGuard Home

Primary Server – Dell Server Tower – Portainer with AdGuard home

October 20, 2023
How to build RustDesk on Portainer with Cloudflare domain (Disable proxy needed)?
This version is not PRO. Please note that. Soon, PRO will be coming. I just set up RustDesk pro with WebGui a couple of months ago.

Please listen carefully to the RustDesk warning again. Do not install RustDesk and connect to the phone agents (fake windows, fake apple, fake ATT, fake bank, fake IRS) server. They will trick you and take your personal information.

This solution is significantly less costly than TeamViewer and provides the most efficient solution for my job. It is also significantly less costly than TeamViewer. It allows me to resolve any issues on my employees or family’s computers, which reduces the cost of resolving the issue. Not only that, but it is highly secured. I chose to employ enforced encryption on RustDesk because I’d prefer not to expose it to the public and exploit my RustDesk server.

Written Instruction:
```
version: '3'
services:
  rustdesk-server:
    container_name: rustdesk-server
    ports:
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21117:21117
      - 21118:21118
      - 21119:21119
    image: rustdesk/rustdesk-server-s6:latest
    environment:
      - "RELAY=rustdesk.example.com:21117"
      - "ENCRYPTED_ONLY=1"
      - "DB_URL=/db/db_v2.sqlite3"
      - "KEY_PRIV=YourPrivateKEY"
      - "KEY_PUB=YourPublicKey"
    volumes:
      - /home/applegate/docker/rustdesk/db:/db
    restart: unless-stopped
```
This command line on the ssh terminal generates the key you require.

Command: docker run –rm –entrypoint /usr/bin/rustdesk-utils rustdesk/rustdesk-server-s6:latest genkeypair

Copy and paste the key into your docker-compose environment.

Then, you should deploy the stack. You’ve got your RustDesk up and running, and it’s encrypted, so no one can mess with it.

Video Instructions:
July 13, 2023

How to build Jitsi with nginx proxy manager On Portainer (Zoom alternative)

We use Jitsi for our meetings because it’s fast and secures, and it’s better for certain client numbers than Zoom or Google Meeting. So, we made one and it worked out well.

Please ensure that you are running NGINX and Portainer. If you’re not created them, please follow this instruction.

Let’s install Jitsi.

Portainer site → login admin → stacks → add stacks:

You will need to add any env configuration here, for example hostname or TZ, or any env you can add or modify.

version: '3.5'

services:
    # Frontend
    web:
        image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8719}
        restart: ${RESTART_POLICY:-unless-stopped}
       # ports:
           # - '${HTTP_PORT}:80'
           # - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config:Z
            - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
        environment:
            - AMPLITUDE_ID
            - ANALYTICS_SCRIPT_URLS
            - ANALYTICS_WHITELISTED_EVENTS
            - AUDIO_QUALITY_OPUS_BITRATE
            - AUTO_CAPTION_ON_RECORD
            - BRANDING_DATA_URL
            - CALLSTATS_CUSTOM_SCRIPT_URL
            - CALLSTATS_ID
            - CALLSTATS_SECRET
            - CHROME_EXTENSION_BANNER_JSON
            - COLIBRI_WEBSOCKET_PORT
            - CONFCODE_URL
            - CONFIG_EXTERNAL_CONNECT
            - DEFAULT_LANGUAGE
            - DEPLOYMENTINFO_ENVIRONMENT
            - DEPLOYMENTINFO_ENVIRONMENT_TYPE
            - DEPLOYMENTINFO_REGION
            - DEPLOYMENTINFO_SHARD
            - DEPLOYMENTINFO_USERREGION
            - DESKTOP_SHARING_FRAMERATE_MIN
            - DESKTOP_SHARING_FRAMERATE_MAX
            - DIALIN_NUMBERS_URL
            - DIALOUT_AUTH_URL
            - DIALOUT_CODES_URL
            - DISABLE_AUDIO_LEVELS
            - DISABLE_DEEP_LINKING
            - DISABLE_GRANT_MODERATOR
            - DISABLE_HTTPS
            - DISABLE_KICKOUT
            - DISABLE_LOCAL_RECORDING
            - DISABLE_POLLS
            - DISABLE_PRIVATE_CHAT
            - DISABLE_PROFILE
            - DISABLE_REACTIONS
            - DISABLE_REMOTE_VIDEO_MENU
            - DISABLE_START_FOR_ALL
            - DROPBOX_APPKEY
            - DROPBOX_REDIRECT_URI
            - DYNAMIC_BRANDING_URL
            - ENABLE_AUDIO_PROCESSING
            - ENABLE_AUTH
            - ENABLE_BREAKOUT_ROOMS
            - ENABLE_CALENDAR
            - ENABLE_COLIBRI_WEBSOCKET
            - ENABLE_E2EPING
            - ENABLE_FILE_RECORDING_SHARING
            - ENABLE_GUESTS
            - ENABLE_HSTS
            - ENABLE_HTTP_REDIRECT
            - ENABLE_IPV6
            - ENABLE_LETSENCRYPT
            - ENABLE_LIPSYNC
            - ENABLE_NO_AUDIO_DETECTION
            - ENABLE_NOISY_MIC_DETECTION
            - ENABLE_OCTO
            - ENABLE_OPUS_RED
            - ENABLE_PREJOIN_PAGE
            - ENABLE_P2P
            - ENABLE_WELCOME_PAGE
            - ENABLE_CLOSE_PAGE
            - ENABLE_LIVESTREAMING
            - ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK
            - ENABLE_LIVESTREAMING_HELP_LINK
            - ENABLE_LIVESTREAMING_TERMS_LINK
            - ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING
            - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT
            - ENABLE_LOCAL_RECORDING_SELF_START
            - ENABLE_RECORDING
            - ENABLE_REMB
            - ENABLE_REQUIRE_DISPLAY_NAME
            - ENABLE_SERVICE_RECORDING
            - ENABLE_SIMULCAST
            - ENABLE_STATS_ID
            - ENABLE_STEREO
            - ENABLE_SUBDOMAINS
            - ENABLE_TALK_WHILE_MUTED
            - ENABLE_TCC
            - ENABLE_TRANSCRIPTIONS
            - ENABLE_XMPP_WEBSOCKET
            - ENABLE_JAAS_COMPONENTS
            - ETHERPAD_PUBLIC_URL
            - ETHERPAD_URL_BASE
            - E2EPING_NUM_REQUESTS
            - E2EPING_MAX_CONFERENCE_SIZE
            - E2EPING_MAX_MESSAGE_PER_SECOND
            - GOOGLE_ANALYTICS_ID
            - GOOGLE_API_APP_CLIENT_ID
            - HIDE_PREMEETING_BUTTONS
            - HIDE_PREJOIN_DISPLAY_NAME
            - HIDE_PREJOIN_EXTRA_BUTTONS
            - INVITE_SERVICE_URL
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - LETSENCRYPT_HOST
            - LETSENCRYPT_USE_STAGING
            - MATOMO_ENDPOINT
            - MATOMO_SITE_ID
            - MICROSOFT_API_APP_CLIENT_ID
            - NGINX_RESOLVER
            - NGINX_WORKER_PROCESSES
            - NGINX_WORKER_CONNECTIONS
            - PEOPLE_SEARCH_URL
            - PREFERRED_LANGUAGE
            - PUBLIC_URL
            - P2P_PREFERRED_CODEC
            - RESOLUTION
            - RESOLUTION_MIN
            - RESOLUTION_WIDTH
            - RESOLUTION_WIDTH_MIN
            - START_AUDIO_MUTED
            - START_AUDIO_ONLY
            - START_BITRATE
            - START_SILENT
            - START_WITH_AUDIO_MUTED
            - START_VIDEO_MUTED
            - START_WITH_VIDEO_MUTED
            - TESTING_CAP_SCREENSHARE_BITRATE
            - TESTING_OCTO_PROBABILITY
            - TOKEN_AUTH_URL
            - TOOLBAR_BUTTONS
            - TRANSLATION_LANGUAGES
            - TRANSLATION_LANGUAGES_HEAD
            - TZ
            - USE_APP_LANGUAGE
            - VIDEOQUALITY_BITRATE_H264_LOW
            - VIDEOQUALITY_BITRATE_H264_STANDARD
            - VIDEOQUALITY_BITRATE_H264_HIGH
            - VIDEOQUALITY_BITRATE_VP8_LOW
            - VIDEOQUALITY_BITRATE_VP8_STANDARD
            - VIDEOQUALITY_BITRATE_VP8_HIGH
            - VIDEOQUALITY_BITRATE_VP9_LOW
            - VIDEOQUALITY_BITRATE_VP9_STANDARD
            - VIDEOQUALITY_BITRATE_VP9_HIGH
            - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
            - VIDEOQUALITY_PREFERRED_CODEC
            - VIRTUAL_HOST
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - XMPP_PORT
            - WHITEBOARD_ENABLED
            - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL
            - ENABLE_IPV6=0
        networks:
             meet.jitsi:
             nginx:

    # XMPP server
    prosody:
        image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-8719}
        restart: ${RESTART_POLICY:-unless-stopped}
        expose:
            - '${XMPP_PORT:-5222}'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody/config:/config:Z
            - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
        environment:
            - AUTH_TYPE
            - DISABLE_POLLS
            - ENABLE_AUTH
            - ENABLE_AV_MODERATION
            - ENABLE_BREAKOUT_ROOMS
            - ENABLE_END_CONFERENCE
            - ENABLE_GUESTS
            - ENABLE_LOBBY
            - ENABLE_RECORDING
            - ENABLE_XMPP_WEBSOCKET
            - ENABLE_JAAS_COMPONENTS
            - GC_TYPE
            - GC_INC_TH
            - GC_INC_SPEED
            - GC_INC_STEP_SIZE
            - GC_GEN_MIN_TH
            - GC_GEN_MAX_TH
            - GLOBAL_CONFIG
            - GLOBAL_MODULES
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JICOFO_AUTH_PASSWORD
            - JICOFO_COMPONENT_SECRET
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_ENABLE_DOMAIN_VERIFICATION
            - JWT_TOKEN_AUTH_MODULE
            - MATRIX_UVS_URL
            - MATRIX_UVS_ISSUER
            - MATRIX_UVS_AUTH_TOKEN
            - MATRIX_UVS_SYNC_POWER_LEVELS
            - LOG_LEVEL
            - LDAP_AUTH_METHOD
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_VERSION
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - LDAP_URL
            - LDAP_USE_TLS
            - MAX_PARTICIPANTS
            - PROSODY_RESERVATION_ENABLED
            - PROSODY_RESERVATION_REST_BASE_URL
            - PROSODY_ENABLE_RATE_LIMITS
            - PROSODY_RATE_LIMIT_LOGIN_RATE
            - PROSODY_RATE_LIMIT_SESSION_RATE
            - PROSODY_RATE_LIMIT_TIMEOUT
            - PROSODY_RATE_LIMIT_ALLOW_RANGES
            - PROSODY_RATE_LIMIT_CACHE_SIZE
            - PUBLIC_URL
            - TURN_CREDENTIALS
            - TURN_HOST
            - TURNS_HOST
            - TURN_PORT
            - TURNS_PORT
            - TURN_TRANSPORT
            - TZ=America/Los_Angeles
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_MUC_CONFIGURATION
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - XMPP_PORT
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_SERVER:-xmpp.meet.jitsi}

    # Focus component
    jicofo:
        image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-8719}
        restart: ${RESTART_POLICY:-unless-stopped}
        ports:
            - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888'
        volumes:
            - ${CONFIG}/jicofo:/config:Z
        environment:
            - AUTH_TYPE
            - BRIDGE_AVG_PARTICIPANT_STRESS
            - BRIDGE_STRESS_THRESHOLD
            - ENABLE_AUTH
            - ENABLE_AUTO_OWNER
            - ENABLE_CODEC_VP8
            - ENABLE_CODEC_VP9
            - ENABLE_CODEC_H264
            - ENABLE_CODEC_OPUS_RED
            - ENABLE_JVB_XMPP_SERVER
            - ENABLE_OCTO
            - ENABLE_RECORDING
            - ENABLE_SCTP
            - ENABLE_AUTO_LOGIN
            - JICOFO_AUTH_PASSWORD
            - JICOFO_BRIDGE_REGION_GROUPS
            - JICOFO_ENABLE_AUTH
            - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
            - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT
            - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT
            - JICOFO_CONF_SOURCE_SIGNALING_DELAYS
            - JICOFO_CONF_MAX_AUDIO_SENDERS
            - JICOFO_CONF_MAX_VIDEO_SENDERS
            - JICOFO_CONF_STRIP_SIMULCAST
            - JICOFO_CONF_SSRC_REWRITING
            - JICOFO_ENABLE_HEALTH_CHECKS
            - JICOFO_ENABLE_REST
            - JICOFO_HEALTH_CHECKS_USE_PRESENCE
            - JICOFO_MULTI_STREAM_BACKWARD_COMPAT
            - JICOFO_OCTO_REGION
            - JIBRI_BREWERY_MUC
            - JIBRI_REQUEST_RETRIES
            - JIBRI_PENDING_TIMEOUT
            - JIGASI_BREWERY_MUC
            - JIGASI_SIP_URI
            - JVB_BREWERY_MUC
            - JVB_XMPP_AUTH_DOMAIN
            - JVB_XMPP_INTERNAL_MUC_DOMAIN
            - JVB_XMPP_PORT
            - JVB_XMPP_SERVER
            - MAX_BRIDGE_PARTICIPANTS
            - OCTO_BRIDGE_SELECTION_STRATEGY
            - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
            - SENTRY_ENVIRONMENT
            - SENTRY_RELEASE
            - TZ=America/Los_Angeles
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - XMPP_SERVER
            - XMPP_PORT
        depends_on:
            - prosody
        networks:
            meet.jitsi:

    # Video bridge
    jvb:
        image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-8719}
        restart: ${RESTART_POLICY:-unless-stopped}
        ports:
            - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
            - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
        volumes:
            - ${CONFIG}/jvb:/config:Z
        environment:
            - DOCKER_HOST_ADDRESS
            - ENABLE_COLIBRI_WEBSOCKET
            - ENABLE_JVB_XMPP_SERVER
            - ENABLE_OCTO
            - JVB_ADVERTISE_IPS
            - JVB_ADVERTISE_PRIVATE_CANDIDATES
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_DISABLE_STUN
            - JVB_PORT
            - JVB_MUC_NICKNAME
            - JVB_STUN_SERVERS
            - JVB_OCTO_BIND_ADDRESS
            - JVB_OCTO_REGION
            - JVB_OCTO_RELAY_ID
            - JVB_WS_DOMAIN
            - JVB_WS_SERVER_ID
            - JVB_XMPP_AUTH_DOMAIN
            - JVB_XMPP_INTERNAL_MUC_DOMAIN
            - JVB_XMPP_PORT
            - JVB_XMPP_SERVER
            - PUBLIC_URL
            - SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
            - SENTRY_ENVIRONMENT
            - SENTRY_RELEASE
            - COLIBRI_REST_ENABLED
            - SHUTDOWN_REST_ENABLED
            - TZ=America/Los_Angeles
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - XMPP_PORT
        depends_on:
            - prosody
        networks:
            meet.jitsi:
            nginx:

# Custom network so all services can communicate using a FQDN
networks:
    meet.jitsi:
    nginx:
      external: true

Now we need to use Nginx Proxy Manager to set up a nginx proxy host..

Then open your websites and successful

July 11, 2023