Merge pull request #122 from jitsi/token-parameter-additions

prosody: new variables for prosody
pull/140/head
Saúl Ibarra Corretgé 5 years ago committed by GitHub
commit 5408e9e383
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 7
      README.md
  2. 7
      docker-compose.yml
  3. 16
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  4. 11
      prosody/rootfs/defaults/prosody.cfg.lua
  5. 1
      prosody/rootfs/etc/cont-init.d/10-config

@ -185,6 +185,10 @@ Variable | Description | Example
`JWT_APP_SECRET` | Application secret known only to your token | my_jitsi_app_secret `JWT_APP_SECRET` | Application secret known only to your token | my_jitsi_app_secret
`JWT_ACCEPTED_ISSUERS` | (Optional) Set asap_accepted_issuers as a comma separated list | my_web_client,my_app_client `JWT_ACCEPTED_ISSUERS` | (Optional) Set asap_accepted_issuers as a comma separated list | my_web_client,my_app_client
`JWT_ACCEPTED_AUDIENCES` | (Optional) Set asap_accepted_audiences as a comma separated list | my_server1,my_server2 `JWT_ACCEPTED_AUDIENCES` | (Optional) Set asap_accepted_audiences as a comma separated list | my_server1,my_server2
`JWT_ASAP_KEYSERVER` | (Optional) Set asap_keyserver to a url where public keys can be found | https://example.com/asap
`JWT_ALLOW_EMPTY` | (Optional) Allow anonymous users with no JWT while validating JWTs when provided | 0
`JWT_AUTH_TYPE` | (Optional) Controls which module is used for processing incoming JWTs | token
`JWT_TOKEN_AUTH_MODULE` | (Optional) Controls which module is used for validating JWTs | token_verification
This can be tested using the [jwt.io] debugger. Use the following samople payload: This can be tested using the [jwt.io] debugger. Use the following samople payload:
@ -242,6 +246,8 @@ Variable | Description | Default value
`XMPP_MODULES` | Custom Prosody modules for XMPP_DOMAIN (comma separated) | mod_info,mod_alert `XMPP_MODULES` | Custom Prosody modules for XMPP_DOMAIN (comma separated) | mod_info,mod_alert
`XMPP_MUC_MODULES` | Custom Prosody modules for MUC component (comma separated) | mod_info,mod_alert `XMPP_MUC_MODULES` | Custom Prosody modules for MUC component (comma separated) | mod_info,mod_alert
`XMPP_INTERNAL_MUC_MODULES` | Custom Prosody modules for internal MUC component (comma separated) | mod_info,mod_alert `XMPP_INTERNAL_MUC_MODULES` | Custom Prosody modules for internal MUC component (comma separated) | mod_info,mod_alert
`GLOBAL_MODULES` | Custom prosodule modules to load in global configuration (comma separated) | mod_statistics,mod_alert
`GLOBAL_CONFIG` | Custom configuration string with escaped newlines | foo = bar;\nkey = val;
`JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37 `JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37
`JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus `JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus
`JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | passw0rd `JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | passw0rd
@ -267,6 +273,7 @@ Variable | Description | Default value
`JIGASI_TRANSCRIBER_ADVERTISE_URL` | Jigasi post to the chat an url with transcription file | true `JIGASI_TRANSCRIBER_ADVERTISE_URL` | Jigasi post to the chat an url with transcription file | true
`DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1 `DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1
`ENABLE_HTTP_REDIRECT` | Redirects HTTP traffic to HTTPS | 1 `ENABLE_HTTP_REDIRECT` | Redirects HTTP traffic to HTTPS | 1
`LOG_LEVEL` | Controls which logs are output from prosody and associated modules | info
### Running behind NAT or on a LAN environment ### Running behind NAT or on a LAN environment

@ -45,6 +45,8 @@ services:
- AUTH_TYPE - AUTH_TYPE
- ENABLE_AUTH - ENABLE_AUTH
- ENABLE_GUESTS - ENABLE_GUESTS
- GLOBAL_MODULES
- GLOBAL_CONFIG
- LDAP_URL - LDAP_URL
- LDAP_BASE - LDAP_BASE
- LDAP_BINDDN - LDAP_BINDDN
@ -76,6 +78,11 @@ services:
- JWT_APP_SECRET - JWT_APP_SECRET
- JWT_ACCEPTED_ISSUERS - JWT_ACCEPTED_ISSUERS
- JWT_ACCEPTED_AUDIENCES - JWT_ACCEPTED_AUDIENCES
- JWT_ASAP_KEYSERVER
- JWT_ALLOW_EMPTY
- JWT_AUTH_TYPE
- JWT_TOKEN_AUTH_MODULE
- LOG_LEVEL
- TZ - TZ
networks: networks:
meet.jitsi: meet.jitsi:

@ -4,6 +4,10 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }}
{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
@ -16,11 +20,15 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU
VirtualHost "{{ .Env.XMPP_DOMAIN }}" VirtualHost "{{ .Env.XMPP_DOMAIN }}"
{{ if $ENABLE_AUTH }} {{ if $ENABLE_AUTH }}
{{ if eq $AUTH_TYPE "jwt" }} {{ if eq $AUTH_TYPE "jwt" }}
authentication = "token" authentication = "{{ $JWT_AUTH_TYPE }}"
app_id = "{{ .Env.JWT_APP_ID }}" app_id = "{{ .Env.JWT_APP_ID }}"
app_secret = "{{ .Env.JWT_APP_SECRET }}" app_secret = "{{ .Env.JWT_APP_SECRET }}"
allow_empty_token = false allow_empty_token = {{ if $JWT_ALLOW_EMPTY }}true{{ else }}false{{ end }}
{{ else if eq $AUTH_TYPE "ldap" }} {{ if $JWT_ASAP_KEYSERVER }}
asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
{{ end }}
{{ else if eq $AUTH_TYPE "ldap" }}
authentication = "cyrus" authentication = "cyrus"
cyrus_application_name = "xmpp" cyrus_application_name = "xmpp"
allow_unencrypted_plain_auth = true allow_unencrypted_plain_auth = true
@ -78,7 +86,7 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
{{ end }} {{ end }}
{{ if eq $AUTH_TYPE "jwt" }} {{ if eq $AUTH_TYPE "jwt" }}
"token_verification"; "{{ $JWT_TOKEN_AUTH_MODULE }}";
{{ end }} {{ end }}
} }

@ -1,3 +1,5 @@
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
-- Prosody Example Configuration File -- Prosody Example Configuration File
-- --
-- Information on configuring Prosody can be found on our -- Information on configuring Prosody can be found on our
@ -70,6 +72,9 @@ modules_enabled = {
--"watchregistrations"; -- Alert admins of registrations --"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in --"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
{{ if .Env.GLOBAL_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
{{ end }}
}; };
https_ports = { } https_ports = { }
@ -143,9 +148,13 @@ authentication = "internal_plain"
-- Logs info and higher to /var/log -- Logs info and higher to /var/log
-- Logs errors to syslog also -- Logs errors to syslog also
log = { log = {
{ levels = {min = "info"}, to = "console"}; { levels = {min = "{{ $LOG_LEVEL }}"}, to = "console"};
} }
{{ if .Env.GLOBAL_CONFIG }}
{{ join "\n" (splitList "\\n" .Env.GLOBAL_CONFIG) }}
{{ end }}
component_interface = { "*" } component_interface = { "*" }
data_path = "/config/data" data_path = "/config/data"

@ -31,6 +31,7 @@ fi
if [[ ! -f $PROSODY_CFG ]]; then if [[ ! -f $PROSODY_CFG ]]; then
cp -r /defaults/* /config cp -r /defaults/* /config
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD

Loading…
Cancel
Save