Managing a JackTrip Server
      Back to home
      1. Knowledge Base
      2. Managing a JackTrip Server

      Unmanaged Studio Server - You Already Have a TLS Key and Certificate

      This example assumes that you would like to use an existing TLS key and certificate for your FQDN, and that you are using Docker for container orchestration.

      1. Create a new directory called "studio" and save your PEM-encoded TLS key to a file named "server.key" and your certificate to a file named "server.crt". Note that you need to provide a complete certificate chain so that for example the following command succeeds: 
        openssl verify -untrusted <( { openssl x509 >/dev/null; cat; } < server.crt ) server.crt
      2. Create a new "default.conf.template" file with the following contents: 
        ## Basic Settings
        tcp_nopush on;
        tcp_nodelay on;
        types_hash_max_size 2048;
        proxy_read_timeout 300;
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        gzip off;


        ## SSL Settings
        ssl_certificate /etc/ssl/certs/server.crt;
        ssl_certificate_key /etc/ssl/private/server.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;


        ## Connection upgrade for websockets
        map $http_upgrade $connection_upgrade {
          default upgrade;
          ''      close;
        }


        ## Forward 443/tcp to studio container port 8000
        server {
          listen 443 ssl;
          server_name ${JACKTRIP_STUDIO_HOST};
          location / {
            proxy_pass http://${JACKTRIP_STUDIO_HOST}:8000;
            proxy_buffers 100 128k;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
          }
        }
      3. Create a new "compose.yaml" file with the following contents: 
        services:
          nginx:
            image: nginx
            container_name: nginx
            ports:
              - "443:443"
            environment:
              - JACKTRIP_STUDIO_HOST=REPLACE_WITH_FQDN
            volumes:
              - ./server.key:/etc/ssl/private/server.key:z
              - ./server.crt:/etc/ssl/certs/server.crt:z
              - ./default.conf.template:/etc/nginx/templates/default.conf.template:z
          studio:
            image: jacktrip/studio
            container_name: studio
            privileged: true
            shm_size: '128M'
            cap_add:
              - sys_nice
            ulimits:
              rtprio: 95
            network_mode: host
            environment:
              - JACKTRIP_STUDIO_ID=REPLACE_WITH_STUDIO_ID
              - JACKTRIP_STUDIO_TOKEN=REPLACE_WITH_STUDIO_TOKEN
        Replace "REPLACE_WITH_FQDN" with your server's fully-qualified domain name.
        Replace "REPLACE_WITH_STUDIO_ID" with your JACKTRIP_STUDIO_ID environment variable.
        Replace "REPLACE_WITH_STUDIO_TOKEN" with your JACKTRIP_STUDIO_TOKEN environment variable.
      4. You should now be able to start up your studio server by running: 
        docker-compose up -d

      5. Test to make sure the containers are running and TLS works

        $ docker ps
        CONTAINER ID   IMAGE             COMMAND                  CREATED          STATUS          PORTS                                           NAMES
        8585286181bc   nginx             "/docker-entrypoint.…"   45 seconds ago   Up 45 seconds   80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   nginx
        c90d6fc28a48   jacktrip/studio   "/sbin/init"             45 seconds ago   Up 45 seconds                                                   studio


        $ curl https://REPLACE_WITH_FQDN/ping
        {"status":"OK"}

      6. You are now ready to join your unmanaged studio!

        To stop the server after you are finished, run: 
        docker-compose down