Skip to content
English
Customer portal
Go to JackTrip Labs
  • There are no suggestions because the search field is empty.

Unmanaged Studio Server - You Already Have a TLS Key and Certificate

This example assumes that you would like to use an existing TLS key and certificate for your FQDN, and that you are using Docker for container orchestration.

  1. Create a new directory called "studio" and save your PEM-encoded TLS key to a file named "server.key" and your certificate to a file named "server.crt". Note that you need to provide a complete certificate chain so that for example the following command succeeds: 
    openssl verify -untrusted <( { openssl x509 >/dev/null; cat; } < server.crt ) server.crt
  2. Create a new "default.conf.template" file with the following contents: 
    ## Basic Settings
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    gzip off;


    ## SSL Settings
    ssl_certificate /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/private/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;


    ## Connection upgrade for websockets
    map $http_upgrade $connection_upgrade {
      default upgrade;
      ''      close;
    }


    ## Forward 443/tcp to studio container port 8000
    server {
      listen 443 ssl;
      server_name ${JACKTRIP_STUDIO_HOST};
      location / {
        proxy_pass http://${JACKTRIP_STUDIO_HOST}:8000;
        proxy_buffers 100 128k;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
      }
    }
  3. Create a new "compose.yaml" file with the following contents: 
    services:
      nginx:
        image: nginx
        container_name: nginx
        ports:
          - "443:443"
        environment:
          - JACKTRIP_STUDIO_HOST=REPLACE_WITH_FQDN
        volumes:
          - ./server.key:/etc/ssl/private/server.key:z
          - ./server.crt:/etc/ssl/certs/server.crt:z
          - ./default.conf.template:/etc/nginx/templates/default.conf.template:z
      studio:
        image: jacktrip/studio
        container_name: studio
        privileged: true
        shm_size: '384M'
        cap_add:
          - sys_nice
        ulimits:
          rtprio: 95
        network_mode: host
        environment:
          - JACKTRIP_STUDIO_ID=REPLACE_WITH_STUDIO_ID
          - JACKTRIP_STUDIO_TOKEN=REPLACE_WITH_STUDIO_TOKEN
    Replace "REPLACE_WITH_FQDN" with your server's fully-qualified domain name.
    Replace "REPLACE_WITH_STUDIO_ID" with your JACKTRIP_STUDIO_ID environment variable.
    Replace "REPLACE_WITH_STUDIO_TOKEN" with your JACKTRIP_STUDIO_TOKEN environment variable.
  4. You should now be able to start up your studio server by running: 
    docker-compose up -d

  5. Test to make sure the containers are running and TLS works

    $ docker ps
    CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                                           NAMES
    8585286181bc   nginx             "/docker-entrypoint.…"   45 seconds ago   Up 45 seconds   80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginx
    c90d6fc28a48   jacktrip/studio   "/sbin/init"             45 seconds ago   Up 45 seconds                                                   studio


    $ curl https://REPLACE_WITH_FQDN/ping
    {"status":"OK"}

  6. You are now ready to join your unmanaged studio!

    To stop the server after you are finished, run: 
    docker-compose down