diff --git a/docker-compose.yml b/docker-compose.yml index 9367b73..e8f1c30 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,6 +24,8 @@ services: - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - COLIBRI_WEBSOCKET_PORT + - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME + - COLIBRI_WEBSOCKET_REGEX - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEFAULT_LANGUAGE @@ -38,6 +40,7 @@ services: - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DISABLE_AUDIO_LEVELS + - DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP - DISABLE_DEEP_LINKING - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS @@ -58,6 +61,7 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX - ENABLE_E2EPING - ENABLE_FILE_RECORDING_SHARING - ENABLE_GUESTS diff --git a/web/Dockerfile b/web/Dockerfile index c8f1be4..5f29e5f 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -12,7 +12,7 @@ ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh /opt COPY rootfs/ / RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web socat curl jq && \ + apt-dpkg-wrap apt-get install -y dnsutils cron nginx-extras jitsi-meet-web socat curl jq && \ mv /usr/share/jitsi-meet/interface_config.js /defaults && \ rm -f /etc/nginx/conf.d/default.conf && \ apt-cleanup diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index 8fc7beb..013a15b 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,5 +1,6 @@ {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $COLIBRI_WEBSOCKET_PORT := .Env.COLIBRI_WEBSOCKET_PORT | default "9090" }} +{{ $COLIBRI_WEBSOCKET_REGEX := .Env.COLIBRI_WEBSOCKET_REGEX | default "jvb" }} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} @@ -69,7 +70,7 @@ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|. {{ if $ENABLE_COLIBRI_WEBSOCKET }} # colibri (JVB) websockets -location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) { +location ~ ^/colibri-ws/({{ $COLIBRI_WEBSOCKET_REGEX }})/(.*) { tcp_nodelay on; proxy_http_version 1.1; diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config index f0e7ab2..318dfa7 100644 --- a/web/rootfs/etc/cont-init.d/10-config +++ b/web/rootfs/etc/cont-init.d/10-config @@ -88,6 +88,25 @@ fi echo "Using Nginx resolver: =$NGINX_RESOLVER=" +# colibri-ws settings +COLIBRI_WEBSOCKET_UNSAFE_REGEX="[a-zA-Z0-9-\._]+" +# use custom websocket regex if provided +if [ -z "$COLIBRI_WEBSOCKET_REGEX" ]; then + # default to the previous unsafe behavior only if flag is set + if [[ "$ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX" == "1" ]]; then + export COLIBRI_WEBSOCKET_REGEX="$COLIBRI_WEBSOCKET_UNSAFE_REGEX" + else + # default value to the JVB IP, works in compose and anywhere a dns lookup of the JVB reveals the correct IP for proxying + [ -z "$COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME" ] && export COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME="jvb" + if [[ "$DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP" == "1" ]]; then + # otherwise value default to the static value in the template 'jvb' + echo "WARNING: DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP is set and no value for COLIBRI_WEBSOCKET_REGEX was provided, using static value 'jvb' for COLIBRI_WEBSOCKET_REGEX" + else + export COLIBRI_WEBSOCKET_REGEX="$(dig +short +search $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME)" + fi + fi +fi + # copy config files tpl /defaults/nginx.conf > /config/nginx/nginx.conf