prosody: brewery mode for jvb/jicofo discovery muc

* prosody: brewery mode for jvb/jicofo discovery muc

* do not include c2s limits in brewery mode
pull/1696/head
Aaron van Meerten 10 months ago committed by GitHub
parent 52eef2eb23
commit 46b98b5a7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 36
      prosody/rootfs/defaults/conf.d/brewery.cfg.lua
  2. 14
      prosody/rootfs/defaults/prosody.cfg.lua
  3. 13
      prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw
  4. 23
      prosody/rootfs/etc/cont-init.d/10-config

@ -0,0 +1,36 @@
{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}}
{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
{{ $SHARD_NAME := .Env.SHARD | default "default" -}}
{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
admins = {
"focus@{{ $JVB_XMPP_AUTH_DOMAIN }}",
"{{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}"
}
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
VirtualHost "{{ $JVB_XMPP_AUTH_DOMAIN }}"
modules_enabled = {
"ping";
}
authentication = "internal_hashed"
ssl = {
key = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.key";
certificate = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.crt";
}
Component "{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
modules_enabled = {
"ping",
"muc_hide_all";
"muc_filter_access";
}
storage = "memory"
muc_room_cache_size = 10000
muc_filter_whitelist="{{ $JVB_XMPP_AUTH_DOMAIN }}"
muc_room_locking = false
muc_room_default_public_jids = true

@ -99,7 +99,10 @@ modules_enabled = {
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
{{ if eq .Env.PROSODY_MODE "brewery" -}}
"firewall"; -- Enable firewalling
"secure_interfaces";
{{ end -}}
{{ if $ENABLE_S2S -}}
"s2s_bidi";
"certs_s2soutinjection";
@ -114,6 +117,13 @@ modules_enabled = {
component_ports = { }
https_ports = { }
{{ if eq .Env.PROSODY_MODE "brewery" -}}
firewall_scripts = {
"/config/rules.d/jvb_muc_presence_filter.pfw";
};
{{ end -}}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
@ -129,6 +139,7 @@ modules_disabled = {
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false;
{{ if ne .Env.PROSODY_MODE "brewery" -}}
-- Enable rate limits for incoming client and server connections
limits = {
{{ if ne $PROSODY_C2S_LIMIT "" }}
@ -142,6 +153,7 @@ limits = {
};
{{ end }}
}
{{ end -}}
--Prosody garbage collector settings
--For more information see https://prosody.im/doc/advanced_gc

@ -0,0 +1,13 @@
{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
# Drop all presence from a jvb in a MUC to a jvb
FROM: {{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}
TO: {{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}
KIND: presence
# Seems safer to allow all "unavailable" to pass
TYPE: available
# Allow self-presence (code=110)
NOT INSPECT: {http://jabber.org/protocol/muc#user}x/status@code=110
DROP.

@ -29,17 +29,35 @@ fi
mkdir /config/certs
cp -r /defaults/* /config
[ -z "$PROSODY_MODE" ] && PROSODY_MODE="client"
if [[ "$PROSODY_MODE" == "visitors" ]]; then
echo "Prosody visitor mode, using alternate config"
PROSODY_SITE_CFG="visitors.cfg.lua"
rm /config/conf.d/jitsi-meet.cfg.lua
rm /config/conf.d/brewery.cfg.lua
# force jicofo into auth domain for visitor-mode prosody
[ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi"
export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN"
elif [[ "$PROSODY_MODE" == "brewery" ]]; then
echo "Prosody brewery mode, using alternate config"
PROSODY_SITE_CFG="brewery.cfg.lua"
rm /config/conf.d/jitsi-meet.cfg.lua
rm /config/conf.d/visitors.cfg.lua
# force jicofo into auth domain for brewer prosody
[ -z "$JVB_XMPP_AUTH_DOMAIN" ] && JVB_XMPP_AUTH_DOMAIN="auth.meet.jitsi"
# ensure proper certs are generated
export XMPP_AUTH_DOMAIN="$JVB_XMPP_AUTH_DOMAIN"
# brewery mode requires C2S encryption
export C2S_REQUIRE_ENCRYPTION="true"
mkdir -p /config/rules.d
tpl /defaults/rules.d/jvb_muc_presence_filter.pfw > /config/rules.d/jvb_muc_presence_filter.pfw
else
echo "Prosody normal mode, using default config"
PROSODY_SITE_CFG="jitsi-meet.cfg.lua"
rm /config/conf.d/visitors.cfg.lua
rm /config/conf.d/brewery.cfg.lua
fi
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG
@ -60,7 +78,8 @@ fi
prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
if [[ "$PROSODY_MODE" != "visitors" ]]; then
# if we are in client mode, we need to subscribe the focus user to the focus component proxy
if [[ "$PROSODY_MODE" == "client" ]]; then
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
fi
@ -112,6 +131,8 @@ if [[ "$PROSODY_MODE" == "visitors" ]]; then
# echo for using all default values
echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
fi
elif [[ "$PROSODY_MODE" == "brewery" ]]; then
echo "No need to generate certs for main XMPP domain in brewery mode"
else
if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
# echo for using all default values

Loading…
Cancel
Save