From 5679578d808e33e0eb2ffbcff67e8b643992b177 Mon Sep 17 00:00:00 2001 From: Paul Tiedtke Date: Fri, 20 Nov 2020 01:33:20 +0100 Subject: [PATCH] prosody: add env var to config cross domain settings --- docker-compose.yml | 1 + env.example | 4 ++++ prosody/Dockerfile | 2 ++ prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 15 ++++++++++++--- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0df3426..f53bb7b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -135,6 +135,7 @@ services: - XMPP_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN + - XMPP_CROSS_DOMAIN - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD diff --git a/env.example b/env.example index 6216b49..96c3115 100644 --- a/env.example +++ b/env.example @@ -217,6 +217,10 @@ XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi # XMPP domain for unauthenticated users XMPP_GUEST_DOMAIN=guest.meet.jitsi +# Comma separated list of domains for cross domain policy or "true" to allow all +# The PUBLIC_URL is always allowed +#XMPP_CROSS_DOMAIN=true + # Custom Prosody modules for XMPP_DOMAIN (comma separated) XMPP_MODULES= diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 53e9771..c2da8ea 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -18,6 +18,8 @@ RUN \ FROM ${JITSI_REPO}/base +ENV XMPP_CROSS_DOMAIN="false" + RUN \ wget -q https://prosody.im/files/prosody-debian-packages.key -O - | gpg --enarmor > /etc/apt/trusted.gpg.d/prosody.asc \ && echo "deb http://packages.prosody.im/debian buster main" > /etc/apt/sources.list.d/prosody.list \ diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 252eb27..c339f61 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -26,11 +26,20 @@ asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSU asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } {{ end }} -{{ if $ENABLE_XMPP_WEBSOCKET }} +consider_bosh_secure = true; + -- Deprecated in 0.12 -- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de -cross_domain_websocket = { "{{ $PUBLIC_URL }}" }; -consider_bosh_secure = true; +{{ $XMPP_CROSS_DOMAINS := $PUBLIC_URL }} +{{ if eq .Env.XMPP_CROSS_DOMAIN "true"}} +cross_domain_websocket = true +cross_domain_bosh = true +{{ else }} +{{ if and .Env.XMPP_CROSS_DOMAIN (not (eq .Env.XMPP_CROSS_DOMAIN "false" )) }} + {{ $XMPP_CROSS_DOMAINS = list $PUBLIC_URL .Env.XMPP_CROSS_DOMAIN | join "," }} +{{ end }} +cross_domain_websocket = { "{{ join "\",\"" (splitList "," $XMPP_CROSS_DOMAINS) }}" } +cross_domain_bosh = { "{{ join "\",\"" (splitList "," $XMPP_CROSS_DOMAINS) }}" } {{ end }} VirtualHost "{{ .Env.XMPP_DOMAIN }}"