diff --git a/docker-compose.yml b/docker-compose.yml index a27c553..3429c12 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -165,8 +165,9 @@ services: restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' + - '${PROSODY_S2S_PORT:-5269}' - '5347' - - '5280' + - '${PROSODY_HTTP_PORT:-5280}' volumes: - ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z @@ -181,6 +182,8 @@ services: - ENABLE_IPV6 - ENABLE_LOBBY - ENABLE_RECORDING + - ENABLE_S2S + - ENABLE_VISITORS - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - GC_TYPE @@ -229,15 +232,23 @@ services: - LDAP_URL - LDAP_USE_TLS - MAX_PARTICIPANTS + - PROSODY_ADMINS - PROSODY_AUTH_TYPE - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS + - PROSODY_ENABLE_S2S + - PROSODY_HTTP_PORT + - PROSODY_MODE - PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_CACHE_SIZE + - PROSODY_S2S_PORT + - PROSODY_TRUSTED_PROXIES + - PROSODY_VISITOR_INDEX + - PROSODY_VISITORS_MUC_PREFIX - PUBLIC_URL - TURN_CREDENTIALS - TURN_HOST @@ -246,6 +257,10 @@ services: - TURNS_PORT - TURN_TRANSPORT - TZ + - VISITORS_MAX_VISITORS_PER_NODE + - VISITORS_XMPP_DOMAIN + - VISITORS_XMPP_SERVER + - VISITORS_XMPP_PORT - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN @@ -257,6 +272,7 @@ services: - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - XMPP_PORT + - XMPP_SERVER_S2S_PORT networks: meet.jitsi: aliases: @@ -316,6 +332,7 @@ services: - JVB_XMPP_SERVER - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY + - PROSODY_VISITORS_MUC_PREFIX - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE @@ -323,6 +340,7 @@ services: - VISITORS_MAX_PARTICIPANTS - VISITORS_MAX_VISITORS_PER_NODE - VISITORS_XMPP_SERVER + - VISITORS_XMPP_DOMAIN - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 1546e0e..b8f9abe 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -19,6 +19,9 @@ {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} +{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} {{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} @@ -212,8 +215,8 @@ jicofo { {{ if .Env.VISITORS_MAX_PARTICIPANTS }} max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }} {{ end }} - {{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }} - max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }} + {{ if $VISITORS_MAX_VISITORS_PER_NODE }} + max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }} {{ end }} } {{ end }} @@ -225,12 +228,12 @@ jicofo { {{ $SERVER := splitn ":" 2 $element }} v{{ $index }} { enabled = true - conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }} + conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }} hostname = {{ $SERVER._0 }} {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} port = {{ $SERVER._1 | default $DEFAULT_PORT }} domain = "{{ $XMPP_AUTH_DOMAIN }}" - xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }} + xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }} password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" disable-certificate-verification = true } diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index ec53852..af44b0b 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,4 +1,5 @@ {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} @@ -208,6 +209,9 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $PROSODY_RESERVATION_ENABLED }} "reservations"; {{ end }} + {{ if $ENABLE_VISITORS }} + "visitors"; + {{ end }} } main_muc = "{{ $XMPP_MUC_DOMAIN }}" @@ -240,11 +244,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}" c2s_require_encryption = false + {{ if $ENABLE_VISITORS }} + visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" } + {{ end }} + {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "jitsi-anonymous" c2s_require_encryption = false + {{ if $ENABLE_VISITORS }} + allow_anonymous_s2s = true + {{ end }} + {{ end }} VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" @@ -404,3 +416,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc" Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component" muc_component = "{{ $XMPP_MUC_DOMAIN }}" breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}" + + +{{ if $ENABLE_VISITORS }} +Component "visitors.{{ $XMPP_DOMAIN }}" "visitors_component" + auto_allow_visitor_promotion = true +{{ end }} diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua new file mode 100644 index 0000000..142974b --- /dev/null +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -0,0 +1,209 @@ +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} +{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}} +{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} +{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} +{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} +{{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}} +{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}} +{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}} +{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}} +{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}} +{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}} +{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}} +{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}} +{{ $SHARD_NAME := .Env.SHARD | default "default" -}} +{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}} +{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}} +{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}} +{{ $TURN_HOST := .Env.TURN_HOST | default "" -}} +{{ $TURN_HOSTS := splitList "," $TURN_HOST -}} +{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} +{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}} +{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}} +{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}} +{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}} +{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}} +{{ $VISITOR_INDEX := .Env.PROSODY_VISITOR_INDEX | default "0" -}} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} + +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } + +muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"; +muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; + +http_default_host = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}" + +{{ if .Env.TURN_CREDENTIALS -}} +external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; +{{- end }} + +{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}} +external_services = { + {{ if $TURN_HOST -}} + {{- range $idx1, $host := $TURN_HOSTS -}} + {{- range $idx2, $transport := $TURN_TRANSPORTS -}} + {{- if or $idx1 $idx2 -}},{{- end }} + { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $TURNS_HOST -}} + {{- range $idx, $host := $TURNS_HOSTS -}} + {{- if or $TURN_HOST $idx -}},{{- end }} + { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + {{- end }} + {{- end }} +}; +{{- end }} + +main_domain = '{{ $XMPP_DOMAIN }}'; + +-- https://prosody.im/doc/modules/mod_smacks +smacks_max_unacked_stanzas = 5; +smacks_hibernation_time = 60; +-- this is dropped in 0.12 +smacks_max_hibernated_sessions = 1; +smacks_max_old_sessions = 1; + +unlimited_jids = { "focus@{{ $XMPP_AUTH_DOMAIN }}" } +limits = { + c2s = { + rate = "512kb/s"; + }; +} + +authentication = 'internal_hashed' +storage = 'internal' + +consider_websocket_secure = true; +consider_bosh_secure = true; +bosh_max_inactivity = 60; + +trusted_proxies = { +{{ range $index, $proxy := $TRUSTED_PROXY_LIST }} + "{{ $proxy }}"; +{{ end }} +} + +-- this is added to make certs_s2soutinjection work +s2sout_override = { + ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room + ["{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; + ["visitors.{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; +{{ if $ENABLE_GUEST_DOMAIN -}} + ["{{ $XMPP_GUEST_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; +{{ end -}} +} + +muc_limit_messages_count = 10; +muc_limit_messages_check_token = {{ $LIMIT_MESSAGES_CHECK_TOKEN }}; + +----------- Virtual hosts ----------- +VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' + authentication = 'jitsi-anonymous' + ssl = { + key = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.key"; + certificate = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.crt"; + } + modules_enabled = { + 'bosh'; + 'ping'; + "external_services"; + {{ if $ENABLE_XMPP_WEBSOCKET -}} + "websocket"; + "smacks"; -- XEP-0198: Stream Management + {{ end -}} + {{ if .Env.XMPP_MODULES }} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; + {{ end }} + } + main_muc = '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}'; + shard_name = "{{ $SHARD_NAME }}" + region_name = "{{ $REGION_NAME }}" + release_number = "{{ $RELEASE_NUMBER }}" + + +VirtualHost '{{ $XMPP_AUTH_DOMAIN}}' + modules_enabled = { + 'limits_exception'; + 'ping'; + } + authentication = 'internal_hashed' + +Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' 'muc' + storage = 'memory' + muc_room_cache_size = 10000 + restrict_room_creation = true + modules_enabled = { + "muc_hide_all"; + "muc_meeting_id"; + 'fmuc'; + 's2s_bidi'; + 's2s_whitelist'; + 's2sout_override'; + 'muc_max_occupants'; + "muc_limit_messages"; + {{ if $ENABLE_SUBDOMAINS -}} + "muc_domain_mapper"; + {{ end -}} + {{ if $ENABLE_RATE_LIMITS -}} + "muc_rate_limit"; + "rate_limit"; + {{ end -}} + {{ if .Env.XMPP_MUC_MODULES -}} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; + {{ end -}} + } + muc_room_default_presence_broadcast = { + visitor = false; + participant = true; + moderator = true; + }; + muc_room_locking = false + muc_room_default_public_jids = true + muc_max_occupants = {{ $VISITORS_MAX_VISITORS_PER_NODE}} + muc_access_whitelist = { + "{{ $XMPP_DOMAIN }}"; + } + + {{ if $ENABLE_RATE_LIMITS -}} + -- Max allowed join/login rate in events per second. + rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; + -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. + rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; + -- The time in seconds, after which the limit for an IP address is lifted. + rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; + -- List of regular expressions for IP addresses that are not limited by this module. + rate_limit_whitelist = { + "127.0.0.1"; + {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} + "{{ $cidr }}"; + {{ end -}} + }; + + rate_limit_whitelist_jids = { + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}", + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}" + } + {{ end -}} + + -- The size of the cache that saves state for IP addresses + rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; + + muc_rate_joins = 30; + {{ if .Env.XMPP_MUC_CONFIGURATION -}} + {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} + {{ end -}} diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 7e7561c..5c9e6d0 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -1,5 +1,7 @@ -{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} -{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} +{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} +{{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} {{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}} {{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}} @@ -7,6 +9,20 @@ {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}} {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} +{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} +{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} +{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} +{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} +{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} +{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} +{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -- Prosody Example Configuration File -- @@ -30,8 +46,7 @@ -- for the server. Note that you must create the accounts separately -- (see http://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { } - +admins = { {{ if .Env.PROSODY_ADMINS }}{{ range $index, $element := $PROSODY_ADMIN_LIST -}}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}{{ end }} } -- Enable use of libevent for better performance under high load -- For more information see: http://prosody.im/doc/libevent --use_libevent = true; @@ -81,7 +96,14 @@ modules_enabled = { --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - {{ if .Env.GLOBAL_MODULES }} + + {{ if $ENABLE_S2S -}} + "s2s_bidi"; + "certs_s2soutinjection"; + "s2sout_override"; + "s2s_whitelist"; + {{ end -}} + {{ if .Env.GLOBAL_MODULES }} "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}"; {{ end }} }; @@ -94,7 +116,10 @@ https_ports = { } modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections + + {{ if not $ENABLE_S2S -}} "s2s"; -- Handle server-to-server connections + {{ end -}} }; -- Disable account creation by default, for security @@ -143,6 +168,42 @@ c2s_interfaces = { "*", "::" } c2s_interfaces = { "*" } {{ end }} +{{ if $ENABLE_S2S -}} +-- set s2s port +s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port + +s2s_whitelist = { + {{ if $ENABLE_VISITORS -}} + '{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room + 'visitors.{{ $XMPP_DOMAIN }}'; -- needed for sending promotion request to visitors.{{ $XMPP_DOMAIN }} component + '{{ $XMPP_DOMAIN }}'; -- unavailable presences back to main room + + {{ end -}} + {{ if $ENABLE_GUEST_DOMAIN -}} + '{{ $XMPP_GUEST_DOMAIN }}'; + {{ end -}} +} +{{ end -}} + +{{ if $ENABLE_VISITORS -}} +{{ if $.Env.VISITORS_XMPP_SERVER -}} +s2sout_override = { +{{ range $index, $element := $VISITORS_XMPP_SERVERS -}} +{{ $SERVER := splitn ":" 2 $element }} +{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} + ["{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; + ["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; +{{ end -}} +}; +s2s_whitelist = { +{{ range $index, $element := $VISITORS_XMPP_SERVERS -}} + "{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"; +{{ end -}} +}; +{{ end -}} +{{ end -}} + + -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. @@ -208,7 +269,7 @@ unbound = { resolvconf = true } -http_ports = { 5280 } +http_ports = { {{ $PROSODY_HTTP_PORT }} } {{ if $ENABLE_IPV6 }} http_interfaces = { "*", "::" } {{ else }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 4841717..ce02571 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -25,10 +25,24 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then chown -R prosody /prosody-plugins-custom fi + mkdir /config/certs cp -r /defaults/* /config + +if [[ "$PROSODY_MODE" == "visitors" ]]; then + echo "Prosody visitor mode, using alternate config" + PROSODY_SITE_CFG="visitors.cfg.lua" + rm /config/conf.d/jitsi-meet.cfg.lua + # force jicofo into auth domain for visitor-mode prosody + [ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi" + export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN" +else + echo "Prosody normal mode, using default config" + PROSODY_SITE_CFG="jitsi-meet.cfg.lua" + rm /config/conf.d/visitors.cfg.lua +fi tpl /defaults/prosody.cfg.lua > $PROSODY_CFG -tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua +tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG if [[ -z $JICOFO_AUTH_PASSWORD ]]; then echo 'FATAL ERROR: Jicofo auth password must be set' @@ -45,7 +59,10 @@ fi [ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD -prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN + +if [[ "$PROSODY_MODE" != "visitors" ]]; then + prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN +fi if [[ -z $JVB_AUTH_PASSWORD ]]; then echo 'FATAL ERROR: JVB auth password must be set' @@ -87,9 +104,19 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi -if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then - # echo for using all default values - echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN +if [[ "$PROSODY_MODE" == "visitors" ]]; then + [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi" + [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0 + FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN" + if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then + # echo for using all default values + echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN + fi +else + if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then + # echo for using all default values + echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN + fi fi if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then