From 4eb55758fe0bf888392fd1cd3f030d680134f99b Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 22 Jan 2024 15:00:55 -0600 Subject: [PATCH] prosody: c2s encryption flag from environment * prosody: c2s encryption flag from environment --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 5 +++-- prosody/rootfs/etc/cont-init.d/10-config | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 9b37751..91fe458 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,3 +1,4 @@ +{{ $C2S_REQUIRE_ENCRYPTION := .Env.PROSODY_C2S_REQUIRE_ENCRYPTION | default "1" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} @@ -256,7 +257,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" av_moderation_component = "avmoderation.{{ $XMPP_DOMAIN }}" {{ end }} - c2s_require_encryption = false + c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }} {{ if $ENABLE_VISITORS -}} visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" } @@ -276,7 +277,7 @@ VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" {{ end }} } - c2s_require_encryption = false + c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }} {{ if $ENABLE_VISITORS }} allow_anonymous_s2s = true {{ end }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 2f3b138..e9ebc0e 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -49,7 +49,7 @@ elif [[ "$PROSODY_MODE" == "brewery" ]]; then # ensure proper certs are generated export XMPP_AUTH_DOMAIN="$JVB_XMPP_AUTH_DOMAIN" # brewery mode requires C2S encryption - export C2S_REQUIRE_ENCRYPTION="true" + export PROSODY_C2S_REQUIRE_ENCRYPTION="true" mkdir -p /config/rules.d tpl /defaults/rules.d/jvb_muc_presence_filter.pfw > /config/rules.d/jvb_muc_presence_filter.pfw