diff --git a/docker-compose.yml b/docker-compose.yml index 2f237ab..54dd8cd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -157,6 +157,7 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_GUESTS - ENABLE_LOBBY + - ENABLE_RECORDING - ENABLE_XMPP_WEBSOCKET - GLOBAL_CONFIG - GLOBAL_MODULES @@ -217,7 +218,7 @@ services: networks: meet.jitsi: aliases: - - ${XMPP_SERVER} + - ${XMPP_SERVER:-xmpp.meet.jitsi} # Focus component jicofo: @@ -276,7 +277,7 @@ services: image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - - '${JVB_PORT}:${JVB_PORT}/udp' + - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' - '127.0.0.1:8080:8080' volumes: - ${CONFIG}/jvb:/config:Z diff --git a/env.example b/env.example index cf9ee4e..11b06d2 100644 --- a/env.example +++ b/env.example @@ -49,30 +49,6 @@ TZ=UTC # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment #DOCKER_HOST_ADDRESS=192.168.1.1 -# Control whether the lobby feature should be enabled or not -#ENABLE_LOBBY=1 - -# Control whether the A/V moderation should be enabled or not -#ENABLE_AV_MODERATION=1 - -# Show a prejoin page before entering a conference -#ENABLE_PREJOIN_PAGE=0 - -# Enable the welcome page -#ENABLE_WELCOME_PAGE=1 - -# Enable the close page -#ENABLE_CLOSE_PAGE=0 - -# Disable measuring of audio levels -#DISABLE_AUDIO_LEVELS=0 - -# Enable noisy mic detection -#ENABLE_NOISY_MIC_DETECTION=1 - -# Enable breakout rooms -#ENABLE_BREAKOUT_ROOMS=1 - # # Let's Encrypt configuration # @@ -206,219 +182,5 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// # LDAP_START_TLS=1 - -# Matrix authentication (for more information see the documention of the "Prosody Auth Matrix User Verification" at https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification) -# - -# Base URL to the matrix user verification service (without ending slash) -#MATRIX_UVS_URL=https://uvs.example.com:3000 - -# (optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. Defaut value is "issuer". -#MATRIX_UVS_ISSUER=issuer - -# (optional) user verification service auth token, if authentication enabled -#MATRIX_UVS_AUTH_TOKEN=changeme - -# (optional) Make Matrix room moderators owners of the Prosody room. -#MATRIX_UVS_SYNC_POWER_LEVELS=1 - - -# -# Advanced configuration options (you generally don't need to change these) -# - -# Internal XMPP domain -XMPP_DOMAIN=meet.jitsi - -# Internal XMPP server -XMPP_SERVER=xmpp.meet.jitsi - -# Internal XMPP server c2s port -#XMPP_PORT=5222 - -# Internal XMPP server URL -XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 - -# Internal XMPP domain for authenticated services -XMPP_AUTH_DOMAIN=auth.meet.jitsi - -# XMPP domain for the MUC -XMPP_MUC_DOMAIN=muc.meet.jitsi - -# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools -XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi - -# XMPP domain for unauthenticated users -XMPP_GUEST_DOMAIN=guest.meet.jitsi - -# Custom Prosody modules for XMPP_DOMAIN (comma separated) -XMPP_MODULES= - -# Custom Prosody modules for MUC component (comma separated) -XMPP_MUC_MODULES= - -# Custom Prosody modules for internal MUC component (comma separated) -XMPP_INTERNAL_MUC_MODULES= - -# MUC for the JVB pool -JVB_BREWERY_MUC=jvbbrewery - -# XMPP user for JVB client connections -JVB_AUTH_USER=jvb - -# STUN servers used to discover the server's public IP -JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 - -# Media port for the Jitsi Videobridge -JVB_PORT=10000 - -# XMPP user for Jicofo client connections. -# NOTE: this option doesn't currently work due to a bug -JICOFO_AUTH_USER=focus - -# Base URL of Jicofo's reservation REST API -#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com - -# Enable Jicofo's health check REST API (http://:8888/about/health) -#JICOFO_ENABLE_HEALTH_CHECKS=true - -# XMPP user for Jigasi MUC client connections -JIGASI_XMPP_USER=jigasi - -# MUC name for the Jigasi pool -JIGASI_BREWERY_MUC=jigasibrewery - -# Minimum port for media used by Jigasi -JIGASI_PORT_MIN=20000 - -# Maximum port for media used by Jigasi -JIGASI_PORT_MAX=20050 - -# Enable SDES srtp -#JIGASI_ENABLE_SDES_SRTP=1 - -# Keepalive method -#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS - -# Health-check extension -#JIGASI_HEALTH_CHECK_SIP_URI=keepalive - -# Health-check interval -#JIGASI_HEALTH_CHECK_INTERVAL=300000 -# -# Enable Jigasi transcription -#ENABLE_TRANSCRIPTIONS=1 - -# Jigasi will record audio when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_RECORD_AUDIO=true - -# Jigasi will send transcribed text to the chat when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_SEND_TXT=true - -# Jigasi will post an url to the chat with transcription file [default: false] -#JIGASI_TRANSCRIBER_ADVERTISE_URL=true - -# Credentials for connect to Cloud Google API from Jigasi -# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" paragraph 1 to 5 -# Copy the values from the json to the related env vars -#GC_PROJECT_ID= -#GC_PRIVATE_KEY_ID= -#GC_PRIVATE_KEY= -#GC_CLIENT_EMAIL= -#GC_CLIENT_ID= -#GC_CLIENT_CERT_URL= - -# Enable recording -#ENABLE_RECORDING=1 - -# XMPP domain for the jibri recorder -XMPP_RECORDER_DOMAIN=recorder.meet.jitsi - -# XMPP recorder user for Jibri client connections -JIBRI_RECORDER_USER=recorder - -# Directory for recordings inside Jibri container -JIBRI_RECORDING_DIR=/config/recordings - -# The finalizing script. Will run after recording is complete -#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh - -# XMPP user for Jibri client connections -JIBRI_XMPP_USER=jibri - -# MUC name for the Jibri pool -JIBRI_BREWERY_MUC=jibribrewery - -# MUC connection timeout -JIBRI_PENDING_TIMEOUT=90 - -# When jibri gets a request to start a service for a room, the room -# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain -# We'll build the url for the call by transforming that into: -# https://xmpp_domain/subdomain/roomName -# So if there are any prefixes in the jid (like jitsi meet, which -# has its participants join a muc at conference.xmpp_domain) then -# list that prefix here so it can be stripped out to generate -# the call url correctly -JIBRI_STRIP_DOMAIN_JID=muc - -# Directory for logs inside Jibri container -JIBRI_LOGS_DIR=/config/logs - -# Configure an external TURN server -# TURN_CREDENTIALS=secret -# TURN_HOST=turnserver.example.com -# TURN_PORT=443 -# TURNS_HOST=turnserver.example.com -# TURNS_PORT=443 - -# Disable HTTPS: handle TLS connections outside of this setup -#DISABLE_HTTPS=1 - -# Enable FLoC -# Opt-In to Federated Learning of Cohorts tracking -#ENABLE_FLOC=0 - -# Redirect HTTP traffic to HTTPS -# Necessary for Let's Encrypt, relies on standard HTTPS port (443) -#ENABLE_HTTP_REDIRECT=1 - -# Send a `strict-transport-security` header to force browsers to use -# a secure and trusted connection. Recommended for production use. -# Defaults to 1 (send the header). -# ENABLE_HSTS=1 - -# Enable IPv6 -# Provides means to disable IPv6 in environments that don't support it (get with the times, people!) -#ENABLE_IPV6=1 - # Container restart policy -# Defaults to unless-stopped RESTART_POLICY=unless-stopped - -# Authenticate using external service or just focus external auth window if there is one already. -# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} - -# Sentry Error Tracking -# Sentry Data Source Name (Endpoint for Sentry project) -# Example: https://public:private@host:port/1 -#JVB_SENTRY_DSN= -#JICOFO_SENTRY_DSN= -#JIGASI_SENTRY_DSN= - -# Optional environment info to filter events -#SENTRY_ENVIRONMENT=production - -# Optional release info to filter events -#SENTRY_RELEASE=1.0.0 - -# Optional properties for shutdown api -#COLIBRI_REST_ENABLED=true -#SHUTDOWN_REST_ENABLED=true - -# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma) -#TOOLBAR_BUTTONS= - -# Hide the buttons at pre-join screen. Add the buttons name separated with comma -#HIDE_PREMEETING_BUTTONS= diff --git a/jibri.yml b/jibri.yml index 981219d..df776de 100644 --- a/jibri.yml +++ b/jibri.yml @@ -36,6 +36,7 @@ services: - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER - XMPP_PORT diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 58ab863..9ae5e56 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -1,8 +1,19 @@ +{{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}} +{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} {{ $JIBRI_USAGE_TIMEOUT := .Env.JIBRI_USAGE_TIMEOUT | default "0" -}} {{ $JIBRI_RECORDING_RESOLUTION := .Env.JIBRI_RECORDING_RESOLUTION | default "1280x720" -}} +{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} +{{ $JIBRI_STRIP_DOMAIN_JID := .Env.JIBRI_STRIP_DOMAIN_JID | default $XMPP_MUC_DOMAIN_PREFIX -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_TRUST_ALL_CERTS := .Env.XMPP_TRUST_ALL_CERTS | default "true" | toBool -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -36,7 +47,7 @@ jibri { ] // The base XMPP domain - xmpp-domain = "{{ $ENV.XMPP_DOMAIN }}" + xmpp-domain = "{{ $XMPP_DOMAIN }}" {{ if $ENV.PUBLIC_URL -}} // An (optional) base url the Jibri will join if it is set @@ -46,29 +57,29 @@ jibri { // The MUC we'll join to announce our presence for // recording and streaming services control-muc { - domain = "{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }}" - room-name = "{{ $ENV.JIBRI_BREWERY_MUC }}" + domain = "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" + room-name = "{{ $JIBRI_BREWERY_MUC }}" nickname = "{{ $ENV.JIBRI_INSTANCE_ID }}" } - + // The login information for the control MUC control-login { - domain = "{{ $ENV.XMPP_AUTH_DOMAIN }}" + domain = "{{ $XMPP_AUTH_DOMAIN }}" port = "{{ $SERVER._1 | default $XMPP_PORT }}" - username = "{{ $ENV.JIBRI_XMPP_USER }}" + username = "{{ $JIBRI_XMPP_USER }}" password = "{{ $ENV.JIBRI_XMPP_PASSWORD }}" } // The login information the selenium web client will use call-login { - domain = "{{ $ENV.XMPP_RECORDER_DOMAIN }}" - username = "{{ $ENV.JIBRI_RECORDER_USER }}" + domain = "{{ $XMPP_RECORDER_DOMAIN }}" + username = "{{ $JIBRI_RECORDER_USER }}" password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}" } // The value we'll strip from the room JID domain to derive // the call URL - strip-from-room-domain = "{{ $ENV.JIBRI_STRIP_DOMAIN_JID }}." + strip-from-room-domain = "{{ $JIBRI_STRIP_DOMAIN_JID }}." // How long Jibri sessions will be allowed to last before // they are stopped. A value of 0 allows them to go on @@ -84,7 +95,7 @@ jibri { } } recording { - recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR }}" + recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR | default "/config/recordings" }}" {{ if .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH -}} finalize-script = "{{ .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH }}" {{ end -}} diff --git a/jibri/rootfs/defaults/logging.properties b/jibri/rootfs/defaults/logging.properties index fb6eb77..e40314c 100644 --- a/jibri/rootfs/defaults/logging.properties +++ b/jibri/rootfs/defaults/logging.properties @@ -1,27 +1,29 @@ +{{ $JIBRI_LOGS_DIR := .Env.JIBRI_LOGS_DIR | default /config/logs -}} + handlers = java.util.logging.FileHandler, java.util.logging.ConsoleHandler org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jibri java.util.logging.FileHandler.level = FINE -java.util.logging.FileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/log.%g.txt +java.util.logging.FileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/log.%g.txt java.util.logging.FileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter java.util.logging.FileHandler.count = 10 java.util.logging.FileHandler.limit = 10000000 org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.level = FINE -org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/ffmpeg.%g.txt +org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/ffmpeg.%g.txt org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.count = 10 org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.limit = 10000000 org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.level = FINE -org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/pjsua.%g.txt +org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/pjsua.%g.txt org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.count = 10 org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.limit = 10000000 org.jitsi.jibri.selenium.util.BrowserFileHandler.level = FINE -org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/browser.%g.txt +org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/browser.%g.txt org.jitsi.jibri.selenium.util.BrowserFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.selenium.util.BrowserFileHandler.count = 10 org.jitsi.jibri.selenium.util.BrowserFileHandler.limit = 10000000 diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index b94a99d..a819508 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -4,7 +4,18 @@ {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} +{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} +{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} +{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} +{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default 90 -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} jicofo { {{ if $ENABLE_AUTH }} @@ -22,7 +33,7 @@ jicofo { login-url = "shibboleth:default" logout-url = "shibboleth:default" {{ else }} - login-url = "{{ .Env.XMPP_DOMAIN }}" + login-url = "{{ $XMPP_DOMAIN }}" {{ end }} enable-auto-login={{ $ENABLE_AUTO_LOGIN }} } @@ -54,7 +65,7 @@ jicofo { } {{ end }} - brewery-jid = "{{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" } // Configure the codecs and RTP extensions to be used in the offer sent to clients. codec { @@ -101,19 +112,17 @@ jicofo { {{ if $ENABLE_RECORDING }} jibri { - brewery-jid = "{{ .Env.JIBRI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JIBRI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" {{ if .Env.JIBRI_REQUEST_RETRIES }} num-retries = "{{ .Env.JIBRI_REQUEST_RETRIES }}" {{ end }} - {{ if .Env.JIBRI_PENDING_TIMEOUT }} - pending-timeout = "{{ .Env.JIBRI_PENDING_TIMEOUT }}" - {{ end }} + pending-timeout = "{{ $JIBRI_PENDING_TIMEOUT }}" } {{ end }} - {{ if and .Env.JIGASI_SIP_URI .Env.JIGASI_BREWERY_MUC }} + {{ if and .Env.JIGASI_SIP_URI $JIGASI_BREWERY_MUC }} jigasi { - brewery-jid = "{{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" } {{ end }} @@ -134,17 +143,17 @@ jicofo { xmpp { client { enabled = true - hostname = "{{ .Env.XMPP_SERVER }}" + hostname = "{{ $XMPP_SERVER }}" port = "{{ $XMPP_PORT }}" - domain = "{{ .Env.XMPP_AUTH_DOMAIN }}" - username = "{{ .Env.JICOFO_AUTH_USER }}" + domain = "{{ $XMPP_AUTH_DOMAIN }}" + username = "{{ $JICOFO_AUTH_USER }}" password = "{{ .Env.JICOFO_AUTH_PASSWORD }}" - conference-muc-jid = "{{ .Env.XMPP_MUC_DOMAIN }}" - client-proxy = "focus.{{ .Env.XMPP_DOMAIN }}" + conference-muc-jid = "{{ $XMPP_MUC_DOMAIN }}" + client-proxy = "focus.{{ $XMPP_DOMAIN }}" disable-certificate-verification = true } {{ if $ENABLE_RECORDING }} - trusted-domains = [ "{{ .Env.XMPP_RECORDER_DOMAIN }}" ] + trusted-domains = [ "{{ $XMPP_RECORDER_DOMAIN }}" ] {{ end }} } diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run index 6288f5a..f9a1b9a 100644 --- a/jicofo/rootfs/etc/services.d/jicofo/run +++ b/jicofo/rootfs/etc/services.d/jicofo/run @@ -1,5 +1,11 @@ #!/usr/bin/with-contenv bash +# Defaults +[ -z "${JICOFO_AUTH_USER}" ] && export JICOFO_AUTH_USER=focus +[ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi +[ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi +[ -z "${XMPP_SERVER}" ] && export XMPP_SERVER=xmpp.meet.jitsi + JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf" DAEMON=/usr/share/jicofo/jicofo.sh DAEMON_DIR=/usr/share/jicofo/ diff --git a/jigasi.yml b/jigasi.yml index 491ca53..90c8c52 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -6,7 +6,7 @@ services: image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' + - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' volumes: - ${CONFIG}/jigasi:/config:Z - ${CONFIG}/transcripts:/tmp/transcripts:Z diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 4dd2ac9..805dd5a 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -1,5 +1,13 @@ +{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} +{{ JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -62,15 +70,15 @@ net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.speex/8000=0 net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.telephone-event/8000=1 net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.ulpfec/90000=0 net.java.sip.communicator.impl.protocol.sip.acc1.OVERRIDE_ENCODINGS=true -net.java.sip.communicator.impl.protocol.sip.acc1.DOMAIN_BASE={{ .Env.XMPP_DOMAIN }} +net.java.sip.communicator.impl.protocol.sip.acc1.DOMAIN_BASE={{ $XMPP_DOMAIN }} # XMPP account used for control {{ range $index, $element := $XMPP_SERVERS -}} {{ $SERVER := splitn ":" 2 $element }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}=acc{{ $index }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.ACCOUNT_UID=Jabber:{{ $ENV.JIGASI_XMPP_USER }}@{{ $ENV.XMPP_AUTH_DOMAIN }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.USER_ID={{ $ENV.JIGASI_XMPP_USER }}@{{ $ENV.XMPP_AUTH_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.ACCOUNT_UID=Jabber:{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.IS_SERVER_OVERRIDDEN=true net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.SERVER_ADDRESS={{ $SERVER._0 }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.SERVER_PORT={{ $SERVER._1 | default $XMPP_PORT }} @@ -107,8 +115,8 @@ net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/1 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/32000=0 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/8000=0 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.telephone-event/8000=0 -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.BREWERY={{ $ENV.JIGASI_BREWERY_MUC }}@{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.DOMAIN_BASE={{ $ENV.XMPP_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.BREWERY={{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.DOMAIN_BASE={{ $XMPP_DOMAIN }} {{ end -}} org.jitsi.jigasi.BREWERY_ENABLED=true @@ -117,7 +125,7 @@ org.jitsi.jigasi.HEALTH_CHECK_INTERVAL={{ .Env.JIGASI_HEALTH_CHECK_INTERVAL | de org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000 org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true -org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }} +org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ $XMPP_SERVER }} org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false @@ -126,10 +134,10 @@ org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true {{ if .Env.ENABLE_AUTH | default "0" | toBool }} {{ if .Env.ENABLE_GUESTS | default "0" | toBool }} -org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_GUEST_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_GUEST_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=true {{ else }} -org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false {{ end }} org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }} @@ -161,4 +169,4 @@ org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }} {{ end }} -org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ .Env.XMPP_MUC_DOMAIN }} +org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ $XMPP_MUC_DOMAIN }} diff --git a/jigasi/rootfs/etc/services.d/jigasi/run b/jigasi/rootfs/etc/services.d/jigasi/run index 660753b..8b9eb5d 100644 --- a/jigasi/rootfs/etc/services.d/jigasi/run +++ b/jigasi/rootfs/etc/services.d/jigasi/run @@ -3,7 +3,6 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties" DAEMON=/usr/share/jigasi/jigasi.sh -DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=$JIGASI_PORT_MIN --max-port=$JIGASI_PORT_MAX" +DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=${JIGASI_PORT_MIN:-20000} --max-port=${JIGASI_PORT_MAX:-20050}" exec s6-setuidgid jigasi /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS" - diff --git a/jvb/rootfs/defaults/jvb.conf b/jvb/rootfs/defaults/jvb.conf index a1e418a..c65ac13 100644 --- a/jvb/rootfs/defaults/jvb.conf +++ b/jvb/rootfs/defaults/jvb.conf @@ -1,20 +1,26 @@ {{ $COLIBRI_REST_ENABLED := .Env.COLIBRI_REST_ENABLED | default "false" | toBool }} {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} +{{ $JVB_STUN_SERVERS := .Env.JVB_STUN_SERVERS | default "meet-jit-si-turnrelay.jitsi.net:443" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} +{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} {{ $JVB_MUC_NICKNAME := .Env.JVB_MUC_NICKNAME | default .Env.HOSTNAME -}} {{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}} {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool }} {{ $WS_DOMAIN := .Env.JVB_WS_DOMAIN | default $PUBLIC_URL_DOMAIN -}} {{ $WS_SERVER_ID := .Env.JVB_WS_SERVER_ID | default .Env.JVB_WS_SERVER_ID_FALLBACK -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} videobridge { ice { udp { - port = {{ .Env.JVB_PORT }} + port = {{ .Env.JVB_PORT | default 10000 }} } } apis { @@ -25,10 +31,10 @@ videobridge { shard{{ $index }} { HOSTNAME = "{{ $SERVER._0 }}" PORT = "{{ $SERVER._1 | default $XMPP_PORT }}" - DOMAIN = "{{ $ENV.XMPP_AUTH_DOMAIN }}" - USERNAME = "{{ $ENV.JVB_AUTH_USER }}" + DOMAIN = "{{ $XMPP_AUTH_DOMAIN }}" + USERNAME = "{{ $JVB_AUTH_USER }}" PASSWORD = "{{ $ENV.JVB_AUTH_PASSWORD }}" - MUC_JIDS = "{{ $ENV.JVB_BREWERY_MUC }}@{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }}" + MUC_JIDS = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" MUC_NICKNAME = "{{ $JVB_MUC_NICKNAME }}" DISABLE_CERTIFICATE_VERIFICATION = true } @@ -78,8 +84,8 @@ ice4j { harvest { mapping { stun { -{{ if .Env.JVB_STUN_SERVERS -}} - addresses = [ "{{ join "\",\"" (splitList "," .Env.JVB_STUN_SERVERS) }}" ] +{{ if $JVB_STUN_SERVERS -}} + addresses = [ "{{ join "\",\"" (splitList "," $JVB_STUN_SERVERS) }}" ] {{ else -}} enabled = false {{ end -}} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 0f2491a..74a4921 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,6 +1,9 @@ {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}} +{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} {{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }} {{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }} {{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }} @@ -14,26 +17,32 @@ {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" }} {{ $TURNS_PORT := .Env.TURNS_PORT | default "443" }} -{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." .Env.XMPP_MUC_DOMAIN)._0 }} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} admins = { - "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}", - "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" + "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}", + "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" } unlimited_jids = { - "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}", - "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" + "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}", + "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" } plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } -muc_mapper_domain_base = "{{ .Env.XMPP_DOMAIN }}"; +muc_mapper_domain_base = "{{ $XMPP_DOMAIN }}"; muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; -http_default_host = "{{ .Env.XMPP_DOMAIN }}" +http_default_host = "{{ $XMPP_DOMAIN }}" {{ if .Env.TURN_CREDENTIALS }} external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; @@ -64,7 +73,7 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU consider_bosh_secure = true; consider_websocket_secure = true; -VirtualHost "{{ .Env.XMPP_DOMAIN }}" +VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} {{ if eq $AUTH_TYPE "jwt" }} authentication = "{{ $JWT_AUTH_TYPE }}" @@ -95,8 +104,8 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" authentication = "jitsi-anonymous" {{ end }} ssl = { - key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key"; - certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt"; + key = "/config/certs/{{ $XMPP_DOMAIN }}.key"; + certificate = "/config/certs/{{ $XMPP_DOMAIN }}.crt"; } modules_enabled = { "bosh"; @@ -128,54 +137,54 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{end}} } - main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}" + main_muc = "{{ $XMPP_MUC_DOMAIN }}" {{ if $ENABLE_LOBBY }} - lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}" - {{ if .Env.XMPP_RECORDER_DOMAIN }} - muc_lobby_whitelist = { "{{ .Env.XMPP_RECORDER_DOMAIN }}" } + lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" + {{ if $ENABLE_RECORDING }} + muc_lobby_whitelist = { "{{ $XMPP_RECORDER_DOMAIN }}" } {{ end }} {{ end }} {{ if $ENABLE_BREAKOUT_ROOMS }} - breakout_rooms_muc = "breakout.{{ .Env.XMPP_DOMAIN }}" + breakout_rooms_muc = "breakout.{{ $XMPP_DOMAIN }}" {{ end }} - speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}" - conference_duration_component = "conferenceduration.{{ .Env.XMPP_DOMAIN }}" + speakerstats_component = "speakerstats.{{ $XMPP_DOMAIN }}" + conference_duration_component = "conferenceduration.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AV_MODERATION }} - av_moderation_component = "avmoderation.{{ .Env.XMPP_DOMAIN }}" + av_moderation_component = "avmoderation.{{ $XMPP_DOMAIN }}" {{ end }} c2s_require_encryption = false {{ if $ENABLE_GUEST_DOMAIN }} -VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}" +VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "jitsi-anonymous" c2s_require_encryption = false {{ end }} -VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}" +VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" ssl = { - key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key"; - certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt"; + key = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.key"; + certificate = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.crt"; } modules_enabled = { "limits_exception"; } authentication = "internal_hashed" -{{ if .Env.XMPP_RECORDER_DOMAIN }} -VirtualHost "{{ .Env.XMPP_RECORDER_DOMAIN }}" +{{ if $ENABLE_RECORDING }} +VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}" modules_enabled = { "ping"; } authentication = "internal_hashed" {{ end }} -Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc" +Component "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" "muc" storage = "memory" modules_enabled = { "ping"; @@ -187,7 +196,7 @@ Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true -Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc" +Component "{{ $XMPP_MUC_DOMAIN }}" "muc" storage = "memory" modules_enabled = { "muc_meeting_id"; @@ -211,22 +220,22 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true -Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy" - target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" +Component "focus.{{ $XMPP_DOMAIN }}" "client_proxy" + target_address = "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" -Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "speakerstats.{{ $XMPP_DOMAIN }}" "speakerstats_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" -Component "conferenceduration.{{ .Env.XMPP_DOMAIN }}" "conference_duration_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "conferenceduration.{{ $XMPP_DOMAIN }}" "conference_duration_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" {{ if $ENABLE_AV_MODERATION }} -Component "avmoderation.{{ .Env.XMPP_DOMAIN }}" "av_moderation_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" {{ end }} {{ if $ENABLE_LOBBY }} -Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc" +Component "lobby.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false @@ -234,7 +243,7 @@ Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc" {{ end }} {{ if $ENABLE_BREAKOUT_ROOMS }} -Component "breakout.{{ .Env.XMPP_DOMAIN }}" "muc" +Component "breakout.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false diff --git a/prosody/rootfs/defaults/saslauthd.conf b/prosody/rootfs/defaults/saslauthd.conf index 79f38d4..543b5eb 100644 --- a/prosody/rootfs/defaults/saslauthd.conf +++ b/prosody/rootfs/defaults/saslauthd.conf @@ -1,3 +1,5 @@ +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} + {{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }} ldap_servers: {{ .Env.LDAP_URL }} ldap_search_base: {{ .Env.LDAP_BASE }} @@ -9,8 +11,8 @@ ldap_filter: {{ .Env.LDAP_FILTER | default "uid=%u" }} ldap_version: {{ .Env.LDAP_VERSION | default "3" }} ldap_auth_method: {{ .Env.LDAP_AUTH_METHOD | default "bind" }} {{ if .Env.LDAP_USE_TLS | default "0" | toBool }} -ldap_tls_key: /config/certs/{{ .Env.XMPP_DOMAIN }}.key -ldap_tls_cert: /config/certs/{{ .Env.XMPP_DOMAIN }}.crt +ldap_tls_key: /config/certs/{{ $XMPP_DOMAIN }}.key +ldap_tls_cert: /config/certs/{{ $XMPP_DOMAIN }}.crt {{ if .Env.LDAP_TLS_CHECK_PEER | default "0" | toBool }} ldap_tls_check_peer: yes ldap_tls_cacert_file: {{ .Env.LDAP_TLS_CACERT_FILE | default "/etc/ssl/certs/ca-certificates.crt" }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 3322fbc..10dfe0c 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -25,6 +25,7 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then chown -R prosody /prosody-plugins-custom fi +mkdir /config/certs cp -r /defaults/* /config tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua @@ -34,6 +35,16 @@ if [[ -z $JICOFO_AUTH_PASSWORD ]]; then exit 1 fi +# Defaults +[ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder +[ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri +[ -z "${JICOFO_AUTH_USER}" ] && export JICOFO_AUTH_USER=focus +[ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi +[ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb +[ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi +[ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi +[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi + prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN @@ -50,7 +61,7 @@ fi prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD -if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then +if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then OLD_JIBRI_XMPP_PASSWORD=passw0rd if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then echo 'FATAL ERROR: Jibri auth password must be changed, check the README' @@ -59,7 +70,7 @@ if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD fi -if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then +if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then OLD_JIBRI_RECORDER_PASSWORD=passw0rd if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' @@ -68,7 +79,7 @@ if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD fi -if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then +if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then OLD_JIGASI_XMPP_PASSWORD=passw0rd if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then echo 'FATAL ERROR: Jigasi auth password must be changed, check the README' @@ -77,8 +88,6 @@ if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi -mkdir -p /config/certs - if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then # echo for using all default values echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index df875ad..f0d4e9f 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,6 +1,8 @@ {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_BOSH_URL_BASE := .Env.XMPP_BOSH_URL_BASE | default "http://xmpp.meet.jitsi:5280" -}} server_name _; @@ -64,21 +66,21 @@ location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { # BOSH location = /http-bind { - proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/http-bind; + proxy_pass {{ $XMPP_BOSH_URL_BASE }}/http-bind; proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + proxy_set_header Host {{ $XMPP_DOMAIN }}; } {{ if $ENABLE_XMPP_WEBSOCKET }} # xmpp websockets location = /xmpp-websocket { - proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; + proxy_pass {{ $XMPP_BOSH_URL_BASE }}/xmpp-websocket; proxy_http_version 1.1; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + proxy_set_header Host {{ $XMPP_DOMAIN }}; proxy_set_header X-Forwarded-For $remote_addr; tcp_nodelay on; } diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index b300571..4c3a1fc 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -37,8 +37,8 @@ {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} {{ $TESTING_OCTO_PROBABILITY := .Env.TESTING_OCTO_PROBABILITY | default "0" -}} {{ $TESTING_CAP_SCREENSHARE_BITRATE := .Env.TESTING_CAP_SCREENSHARE_BITRATE | default "1" -}} -{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $DISABLE_DEEP_LINKING := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}} {{ $VIDEOQUALITY_ENFORCE_PREFERRED_CODEC := .Env.VIDEOQUALITY_ENFORCE_PREFERRED_CODEC | default "false" | toBool -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index b72edef..b3f3ca1 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -3,12 +3,13 @@ {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} -{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} {{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}} -{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}} -{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} -{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}} -{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." .Env.XMPP_MUC_DOMAIN)._0 -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} // Begin default config overrides. @@ -30,7 +31,7 @@ config.hosts.muc = '{{ $XMPP_MUC_DOMAIN }}'; {{ if $ENABLE_AUTH -}} {{ if $ENABLE_GUESTS -}} // When using authentication, domain for guest users. -config.hosts.anonymousdomain = '{{ .Env.XMPP_GUEST_DOMAIN }}'; +config.hosts.anonymousdomain = '{{ $XMPP_GUEST_DOMAIN }}'; {{ end -}} // Domain for authenticated users. Defaults to . config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; diff --git a/web/rootfs/etc/services.d/cron/run b/web/rootfs/etc/services.d/cron/run index d08f5f2..1b3a4d6 100755 --- a/web/rootfs/etc/services.d/cron/run +++ b/web/rootfs/etc/services.d/cron/run @@ -1,7 +1,6 @@ #!/usr/bin/with-contenv bash -if [[ $DISABLE_HTTPS -ne 1 ]] && \ - [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then +if [[ $DISABLE_HTTPS -ne 1 ]] && [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then exec cron -f else # if cron should not be started,