diff --git a/docker-compose.yml b/docker-compose.yml index 07df32e..07f6119 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -204,7 +204,6 @@ services: - XMPP_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - - XMPP_CROSS_DOMAIN networks: meet.jitsi: aliases: diff --git a/env.example b/env.example index 4b5f65e..9ee31ac 100644 --- a/env.example +++ b/env.example @@ -248,10 +248,6 @@ XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi # XMPP domain for unauthenticated users XMPP_GUEST_DOMAIN=guest.meet.jitsi -# Comma separated list of domains for cross domain policy or "true" to allow all -# The PUBLIC_URL is always allowed -#XMPP_CROSS_DOMAIN=true - # Custom Prosody modules for XMPP_DOMAIN (comma separated) XMPP_MODULES= diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 43c59b2..c459cbb 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -6,8 +6,8 @@ FROM ${JITSI_REPO}/base:${BASE_TAG} as builder RUN apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y \ build-essential \ - lua5.2 \ - liblua5.2-dev \ + lua5.4 \ + liblua5.4-dev \ libsasl2-dev \ libssl-dev \ libreadline-dev \ @@ -19,7 +19,7 @@ RUN apt-dpkg-wrap apt-get update && \ cd /tmp/luarocks && ./configure && make && make install && cd - && \ luarocks install cyrussasl 1.1.0-1 && \ luarocks install net-url 0.9-1 && \ - luarocks install luajwtjitsi 2.0-0 + luarocks install luajwtjitsi 3.0-0 FROM ${JITSI_REPO}/base:${BASE_TAG} @@ -29,15 +29,14 @@ LABEL org.opencontainers.image.url="https://prosody.im/" LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet" LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" -ENV XMPP_CROSS_DOMAIN="false" - ARG VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN="1.7.0" RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody-debian-packages.key && \ echo "deb http://packages.prosody.im/debian bullseye main" > /etc/apt/sources.list.d/prosody.list && \ apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y \ - prosody-0.11 \ + lua5.4 \ + prosody-0.12 \ libssl1.1 \ libldap-common \ sasl2-bin \ @@ -45,16 +44,13 @@ RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody lua-basexx \ lua-ldap \ lua-sec \ - patch && \ - apt-cleanup && \ - rm -rf /etc/prosody && \ - apt-dpkg-wrap apt-get update && \ + lua-unbound && \ apt-dpkg-wrap apt-get -d install -y jitsi-meet-prosody && \ dpkg -x /var/cache/apt/archives/jitsi-meet-prosody*.deb /tmp/pkg && \ mv /tmp/pkg/usr/share/jitsi-meet/prosody-plugins /prosody-plugins && \ apt-cleanup && \ rm -rf /tmp/pkg /var/cache/apt && \ - patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch && \ + rm -rf /etc/prosody && \ wget https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification/archive/refs/tags/v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz && \ tar -xf v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz && \ mv prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN/mod_auth_matrix_user_verification.lua /prosody-plugins && \ diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index dcfe722..0f2491a 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -62,21 +62,7 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU {{ end }} consider_bosh_secure = true; - --- Deprecated in 0.12 --- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de -{{ $XMPP_CROSS_DOMAINS := $PUBLIC_URL }} -{{ $XMPP_CROSS_DOMAIN := .Env.XMPP_CROSS_DOMAIN | default "" }} -{{ if eq $XMPP_CROSS_DOMAIN "true"}} -cross_domain_websocket = true -cross_domain_bosh = true -{{ else }} -{{ if not (eq $XMPP_CROSS_DOMAIN "false") }} - {{ $XMPP_CROSS_DOMAINS = list $PUBLIC_URL (print "https://" .Env.XMPP_DOMAIN) .Env.XMPP_CROSS_DOMAIN | join "," }} -{{ end }} -cross_domain_websocket = { "{{ join "\",\"" (splitList "," $XMPP_CROSS_DOMAINS) }}" } -cross_domain_bosh = { "{{ join "\",\"" (splitList "," $XMPP_CROSS_DOMAINS) }}" } -{{ end }} +consider_websocket_secure = true; VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index b949e3c..90621c6 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -92,8 +92,6 @@ modules_disabled = { -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; -daemonize = false; - -- Enable rate limits for incoming client and server connections limits = { c2s = { @@ -173,7 +171,8 @@ network_settings = { tcp_backlog = 511; } -component_interface = { "*" } +http_ports = { 5280 } +http_interfaces = { "*", "::" } data_path = "/config/data" diff --git a/prosody/rootfs/etc/services.d/prosody/run b/prosody/rootfs/etc/services.d/prosody/run index e1e3ab6..276ab31 100644 --- a/prosody/rootfs/etc/services.d/prosody/run +++ b/prosody/rootfs/etc/services.d/prosody/run @@ -1,3 +1,2 @@ #!/usr/bin/with-contenv bash -exec s6-setuidgid prosody prosody --config /config/prosody.cfg.lua - +exec s6-setuidgid prosody prosody --config /config/prosody.cfg.lua -F