jicofo: use a client proxy connection

pull/1000/head
Saúl Ibarra Corretgé 4 years ago
parent d27336bece
commit 953a4d2425
  1. 1
      docker-compose.yml
  2. 3
      env.example
  3. 2
      gen-passwords.sh
  4. 10
      jicofo/rootfs/etc/cont-init.d/10-config
  5. 2
      jicofo/rootfs/etc/services.d/jicofo/run
  6. 4
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  7. 5
      prosody/rootfs/etc/cont-init.d/10-config

@ -188,7 +188,6 @@ services:
- ENABLE_CODEC_H264
- ENABLE_RECORDING
- ENABLE_SCTP
- JICOFO_COMPONENT_SECRET
- JICOFO_AUTH_USER
- JICOFO_AUTH_PASSWORD
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS

@ -9,9 +9,6 @@
# DO NOT reuse passwords
#
# XMPP component password for Jicofo
JICOFO_COMPONENT_SECRET=
# XMPP password for Jicofo client connections
JICOFO_AUTH_PASSWORD=

@ -4,7 +4,6 @@ function generatePassword() {
openssl rand -hex 16
}
JICOFO_COMPONENT_SECRET=$(generatePassword)
JICOFO_AUTH_PASSWORD=$(generatePassword)
JVB_AUTH_PASSWORD=$(generatePassword)
JIGASI_XMPP_PASSWORD=$(generatePassword)
@ -12,7 +11,6 @@ JIBRI_RECORDER_PASSWORD=$(generatePassword)
JIBRI_XMPP_PASSWORD=$(generatePassword)
sed -i.bak \
-e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
-e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
-e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
-e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \

@ -1,13 +1,7 @@
#!/usr/bin/with-contenv bash
if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
exit 1
fi
OLD_JICOFO_COMPONENT_SECRET=s3cr37
if [[ "$JICOFO_COMPONENT_SECRET" == "$OLD_JICOFO_COMPONENT_SECRET" ]]; then
echo 'FATAL ERROR: Jicofo component secret must be changed, check the README'
if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo auth password must be set'
exit 1
fi

@ -3,6 +3,6 @@
JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
DAEMON=/usr/share/jicofo/jicofo.sh
DAEMON_DIR=/usr/share/jicofo/
DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"

@ -166,8 +166,8 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
muc_room_locking = false
muc_room_default_public_jids = true
Component "focus.{{ .Env.XMPP_DOMAIN }}"
component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}"
Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy"
target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component"
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"

@ -29,12 +29,13 @@ cp -r /defaults/* /config
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo auth password must be set'
exit 1
fi
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN
if [[ -z $JVB_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: JVB auth password must be set'

Loading…
Cancel
Save