mirror
/
docker-jitsi-meet
mirror of https://github.com/jitsi/docker-jitsi-meet
2
0
Fork 0
Code Issues Releases Wiki Activity

prosody: visitor mode support (#1611)

Browse Source 
support for visitor mode in prosody, with some fixes for jicofo as well
pull/1613/head
Aaron van Meerten 1 year ago committed by GitHub
parent 7bfc5c1f7a
commit 6bfa8302f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 352 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      docker-compose.yml
  2. 11
      jicofo/rootfs/defaults/jicofo.conf
  3. 18
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  4. 209
      prosody/rootfs/defaults/conf.d/visitors.cfg.lua
  5. 73
      prosody/rootfs/defaults/prosody.cfg.lua
  6. 37
      prosody/rootfs/etc/cont-init.d/10-config

20
docker-compose.yml
Unescape View File

@ -165,8 +165,9 @@ services:
restart: ${RESTART_POLICY:-unless-stopped} restart: ${RESTART_POLICY:-unless-stopped}
expose: expose:
- '${XMPP_PORT:-5222}' - '${XMPP_PORT:-5222}'
- '${PROSODY_S2S_PORT:-5269}'
- '5347' - '5347'
- '5280' - '${PROSODY_HTTP_PORT:-5280}'
volumes: volumes:
- ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/config:/config:Z
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
@ -181,6 +182,8 @@ services:
- ENABLE_IPV6 - ENABLE_IPV6
- ENABLE_LOBBY - ENABLE_LOBBY
- ENABLE_RECORDING - ENABLE_RECORDING
- ENABLE_S2S
- ENABLE_VISITORS
- ENABLE_XMPP_WEBSOCKET - ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS - ENABLE_JAAS_COMPONENTS
- GC_TYPE - GC_TYPE
@ -229,15 +232,23 @@ services:
- LDAP_URL - LDAP_URL
- LDAP_USE_TLS - LDAP_USE_TLS
- MAX_PARTICIPANTS - MAX_PARTICIPANTS
- PROSODY_ADMINS
- PROSODY_AUTH_TYPE - PROSODY_AUTH_TYPE
- PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL - PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_RATE_LIMITS
- PROSODY_ENABLE_S2S
- PROSODY_HTTP_PORT
- PROSODY_MODE
- PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE - PROSODY_RATE_LIMIT_CACHE_SIZE
- PROSODY_S2S_PORT
- PROSODY_TRUSTED_PROXIES
- PROSODY_VISITOR_INDEX
- PROSODY_VISITORS_MUC_PREFIX
- PUBLIC_URL - PUBLIC_URL
- TURN_CREDENTIALS - TURN_CREDENTIALS
- TURN_HOST - TURN_HOST
@ -246,6 +257,10 @@ services:
- TURNS_PORT - TURNS_PORT
- TURN_TRANSPORT - TURN_TRANSPORT
- TZ - TZ
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_PORT
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN - XMPP_GUEST_DOMAIN
@ -257,6 +272,7 @@ services:
- XMPP_INTERNAL_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_PORT - XMPP_PORT
- XMPP_SERVER_S2S_PORT
networks: networks:
meet.jitsi: meet.jitsi:
aliases: aliases:
@ -316,6 +332,7 @@ services:
- JVB_XMPP_SERVER - JVB_XMPP_SERVER
- MAX_BRIDGE_PARTICIPANTS - MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY - OCTO_BRIDGE_SELECTION_STRATEGY
- PROSODY_VISITORS_MUC_PREFIX
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT - SENTRY_ENVIRONMENT
- SENTRY_RELEASE - SENTRY_RELEASE
@ -323,6 +340,7 @@ services:
- VISITORS_MAX_PARTICIPANTS - VISITORS_MAX_PARTICIPANTS
- VISITORS_MAX_VISITORS_PER_NODE - VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_SERVER - VISITORS_XMPP_SERVER
- VISITORS_XMPP_DOMAIN
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN

11
jicofo/rootfs/defaults/jicofo.conf
Unescape View File

@ -19,6 +19,9 @@
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
{{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} {{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
@ -212,8 +215,8 @@ jicofo {
{{ if .Env.VISITORS_MAX_PARTICIPANTS }} {{ if .Env.VISITORS_MAX_PARTICIPANTS }}
max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }} max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }}
{{ end }} {{ end }}
{{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }} {{ if $VISITORS_MAX_VISITORS_PER_NODE }}
max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }} max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }}
{{ end }} {{ end }}
} }
{{ end }} {{ end }}
@ -225,12 +228,12 @@ jicofo {
{{ $SERVER := splitn ":" 2 $element }} {{ $SERVER := splitn ":" 2 $element }}
v{{ $index }} { v{{ $index }} {
enabled = true enabled = true
conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }} conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
hostname = {{ $SERVER._0 }} hostname = {{ $SERVER._0 }}
{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
port = {{ $SERVER._1 | default $DEFAULT_PORT }} port = {{ $SERVER._1 | default $DEFAULT_PORT }}
domain = "{{ $XMPP_AUTH_DOMAIN }}" domain = "{{ $XMPP_AUTH_DOMAIN }}"
xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }} xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
disable-certificate-verification = true disable-certificate-verification = true
} }

18
prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
Unescape View File

@ -1,4 +1,5 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}} {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
@ -208,6 +209,9 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
{{ if $PROSODY_RESERVATION_ENABLED }} {{ if $PROSODY_RESERVATION_ENABLED }}
"reservations"; "reservations";
{{ end }} {{ end }}
{{ if $ENABLE_VISITORS }}
"visitors";
{{ end }}
} }
main_muc = "{{ $XMPP_MUC_DOMAIN }}" main_muc = "{{ $XMPP_MUC_DOMAIN }}"
@ -240,11 +244,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
c2s_require_encryption = false c2s_require_encryption = false
{{ if $ENABLE_VISITORS }}
visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" }
{{ end }}
{{ if $ENABLE_GUEST_DOMAIN }} {{ if $ENABLE_GUEST_DOMAIN }}
VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" VirtualHost "{{ $XMPP_GUEST_DOMAIN }}"
authentication = "jitsi-anonymous" authentication = "jitsi-anonymous"
c2s_require_encryption = false c2s_require_encryption = false
{{ if $ENABLE_VISITORS }}
allow_anonymous_s2s = true
{{ end }}
{{ end }} {{ end }}
VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" VirtualHost "{{ $XMPP_AUTH_DOMAIN }}"
@ -404,3 +416,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component" Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component"
muc_component = "{{ $XMPP_MUC_DOMAIN }}" muc_component = "{{ $XMPP_MUC_DOMAIN }}"
breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}" breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}"
{{ if $ENABLE_VISITORS }}
Component "visitors.{{ $XMPP_DOMAIN }}" "visitors_component"
auto_allow_visitor_promotion = true
{{ end }}

209
prosody/rootfs/defaults/conf.d/visitors.cfg.lua
Unescape View File

@ -0,0 +1,209 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}}
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}}
{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
{{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}}
{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}}
{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}}
{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}}
{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}}
{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}}
{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}}
{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
{{ $SHARD_NAME := .Env.SHARD | default "default" -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}}
{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
{{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
{{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}}
{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}}
{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}}
{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}}
{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}}
{{ $VISITOR_INDEX := .Env.PROSODY_VISITOR_INDEX | default "0" -}}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}}
{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}";
muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}";
http_default_host = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"
{{ if .Env.TURN_CREDENTIALS -}}
external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
{{- end }}
{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}}
external_services = {
{{ if $TURN_HOST -}}
{{- range $idx1, $host := $TURN_HOSTS -}}
{{- range $idx2, $transport := $TURN_TRANSPORTS -}}
{{- if or $idx1 $idx2 -}},{{- end }}
{ type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" }
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $TURNS_HOST -}}
{{- range $idx, $host := $TURNS_HOSTS -}}
{{- if or $TURN_HOST $idx -}},{{- end }}
{ type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
{{- end }}
{{- end }}
};
{{- end }}
main_domain = '{{ $XMPP_DOMAIN }}';
-- https://prosody.im/doc/modules/mod_smacks
smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
-- this is dropped in 0.12
smacks_max_hibernated_sessions = 1;
smacks_max_old_sessions = 1;
unlimited_jids = { "focus@{{ $XMPP_AUTH_DOMAIN }}" }
limits = {
c2s = {
rate = "512kb/s";
};
}
authentication = 'internal_hashed'
storage = 'internal'
consider_websocket_secure = true;
consider_bosh_secure = true;
bosh_max_inactivity = 60;
trusted_proxies = {
{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
"{{ $proxy }}";
{{ end }}
}
-- this is added to make certs_s2soutinjection work
s2sout_override = {
["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room
["{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
["visitors.{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
{{ if $ENABLE_GUEST_DOMAIN -}}
["{{ $XMPP_GUEST_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
{{ end -}}
}
muc_limit_messages_count = 10;
muc_limit_messages_check_token = {{ $LIMIT_MESSAGES_CHECK_TOKEN }};
----------- Virtual hosts -----------
VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}'
authentication = 'jitsi-anonymous'
ssl = {
key = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.key";
certificate = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.crt";
}
modules_enabled = {
'bosh';
'ping';
"external_services";
{{ if $ENABLE_XMPP_WEBSOCKET -}}
"websocket";
"smacks"; -- XEP-0198: Stream Management
{{ end -}}
{{ if .Env.XMPP_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
{{ end }}
}
main_muc = '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}';
shard_name = "{{ $SHARD_NAME }}"
region_name = "{{ $REGION_NAME }}"
release_number = "{{ $RELEASE_NUMBER }}"
VirtualHost '{{ $XMPP_AUTH_DOMAIN}}'
modules_enabled = {
'limits_exception';
'ping';
}
authentication = 'internal_hashed'
Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' 'muc'
storage = 'memory'
muc_room_cache_size = 10000
restrict_room_creation = true
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
'fmuc';
's2s_bidi';
's2s_whitelist';
's2sout_override';
'muc_max_occupants';
"muc_limit_messages";
{{ if $ENABLE_SUBDOMAINS -}}
"muc_domain_mapper";
{{ end -}}
{{ if $ENABLE_RATE_LIMITS -}}
"muc_rate_limit";
"rate_limit";
{{ end -}}
{{ if .Env.XMPP_MUC_MODULES -}}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
{{ end -}}
}
muc_room_default_presence_broadcast = {
visitor = false;
participant = true;
moderator = true;
};
muc_room_locking = false
muc_room_default_public_jids = true
muc_max_occupants = {{ $VISITORS_MAX_VISITORS_PER_NODE}}
muc_access_whitelist = {
"{{ $XMPP_DOMAIN }}";
}
{{ if $ENABLE_RATE_LIMITS -}}
-- Max allowed join/login rate in events per second.
rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
-- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
-- The time in seconds, after which the limit for an IP address is lifted.
rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
-- List of regular expressions for IP addresses that are not limited by this module.
rate_limit_whitelist = {
"127.0.0.1";
{{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}}
"{{ $cidr }}";
{{ end -}}
};
rate_limit_whitelist_jids = {
"{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
"{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"
}
{{ end -}}
-- The size of the cache that saves state for IP addresses
rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
muc_rate_joins = 30;
{{ if .Env.XMPP_MUC_CONFIGURATION -}}
{{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }}
{{ end -}}

73
prosody/rootfs/defaults/prosody.cfg.lua
Unescape View File

@ -1,5 +1,7 @@
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }}
{{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}}
{{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}} {{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}}
{{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}} {{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}}
@ -7,6 +9,20 @@
{{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}} {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}}
{{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}}
{{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}}
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}}
{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}}
{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
-- Prosody Example Configuration File -- Prosody Example Configuration File
-- --
@ -30,8 +46,7 @@
-- for the server. Note that you must create the accounts separately -- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info) -- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" } -- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { } admins = { {{ if .Env.PROSODY_ADMINS }}{{ range $index, $element := $PROSODY_ADMIN_LIST -}}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}{{ end }} }
-- Enable use of libevent for better performance under high load -- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent -- For more information see: http://prosody.im/doc/libevent
--use_libevent = true; --use_libevent = true;
@ -81,7 +96,14 @@ modules_enabled = {
--"watchregistrations"; -- Alert admins of registrations --"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in --"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
{{ if .Env.GLOBAL_MODULES }}
{{ if $ENABLE_S2S -}}
"s2s_bidi";
"certs_s2soutinjection";
"s2sout_override";
"s2s_whitelist";
{{ end -}}
{{ if .Env.GLOBAL_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}"; "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
{{ end }} {{ end }}
}; };
@ -94,7 +116,10 @@ https_ports = { }
modules_disabled = { modules_disabled = {
-- "offline"; -- Store offline messages -- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections -- "c2s"; -- Handle client connections
{{ if not $ENABLE_S2S -}}
"s2s"; -- Handle server-to-server connections "s2s"; -- Handle server-to-server connections
{{ end -}}
}; };
-- Disable account creation by default, for security -- Disable account creation by default, for security
@ -143,6 +168,42 @@ c2s_interfaces = { "*", "::" }
c2s_interfaces = { "*" } c2s_interfaces = { "*" }
{{ end }} {{ end }}
{{ if $ENABLE_S2S -}}
-- set s2s port
s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port
s2s_whitelist = {
{{ if $ENABLE_VISITORS -}}
'{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room
'visitors.{{ $XMPP_DOMAIN }}'; -- needed for sending promotion request to visitors.{{ $XMPP_DOMAIN }} component
'{{ $XMPP_DOMAIN }}'; -- unavailable presences back to main room
{{ end -}}
{{ if $ENABLE_GUEST_DOMAIN -}}
'{{ $XMPP_GUEST_DOMAIN }}';
{{ end -}}
}
{{ end -}}
{{ if $ENABLE_VISITORS -}}
{{ if $.Env.VISITORS_XMPP_SERVER -}}
s2sout_override = {
{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 2 $element }}
{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
["{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
{{ end -}}
};
s2s_whitelist = {
{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
"{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}";
{{ end -}}
};
{{ end -}}
{{ end -}}
-- Force certificate authentication for server-to-server connections? -- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate -- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates. -- with to support encryption AND present valid, trusted certificates.
@ -208,7 +269,7 @@ unbound = {
resolvconf = true resolvconf = true
} }
http_ports = { 5280 } http_ports = { {{ $PROSODY_HTTP_PORT }} }
{{ if $ENABLE_IPV6 }} {{ if $ENABLE_IPV6 }}
http_interfaces = { "*", "::" } http_interfaces = { "*", "::" }
{{ else }} {{ else }}

37
prosody/rootfs/etc/cont-init.d/10-config
Unescape View File

@ -25,10 +25,24 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then
chown -R prosody /prosody-plugins-custom chown -R prosody /prosody-plugins-custom
fi fi
mkdir /config/certs mkdir /config/certs
cp -r /defaults/* /config cp -r /defaults/* /config
if [[ "$PROSODY_MODE" == "visitors" ]]; then
echo "Prosody visitor mode, using alternate config"
PROSODY_SITE_CFG="visitors.cfg.lua"
rm /config/conf.d/jitsi-meet.cfg.lua
# force jicofo into auth domain for visitor-mode prosody
[ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi"
export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN"
else
echo "Prosody normal mode, using default config"
PROSODY_SITE_CFG="jitsi-meet.cfg.lua"
rm /config/conf.d/visitors.cfg.lua
fi
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG
if [[ -z $JICOFO_AUTH_PASSWORD ]]; then if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo auth password must be set' echo 'FATAL ERROR: Jicofo auth password must be set'
@ -45,7 +59,10 @@ fi
[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi [ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
if [[ "$PROSODY_MODE" != "visitors" ]]; then
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
fi
if [[ -z $JVB_AUTH_PASSWORD ]]; then if [[ -z $JVB_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: JVB auth password must be set' echo 'FATAL ERROR: JVB auth password must be set'
@ -87,9 +104,19 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
fi fi
if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then if [[ "$PROSODY_MODE" == "visitors" ]]; then
# echo for using all default values [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0
FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN"
if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then
# echo for using all default values
echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
fi
else
if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
# echo for using all default values
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
fi
fi fi
if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then

Write Preview
Loading…
Cancel
Save