From cb5a7532822563a303804539cff9518b46c6bb1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 17 May 2022 11:34:53 +0200 Subject: [PATCH] config: simplify configuration Use default values everywhere so they don't need to be specified in the .env file. This makes the default .env file much smaller (the larger config options are documented in the handbook) and should make it easier to port the setup to runtimes other than Docker Compose. --- docker-compose.yml | 5 +- env.example | 238 ------------------ jibri.yml | 1 + jibri/rootfs/defaults/jibri.conf | 33 ++- jibri/rootfs/defaults/logging.properties | 10 +- jicofo/rootfs/defaults/jicofo.conf | 37 +-- jicofo/rootfs/etc/services.d/jicofo/run | 6 + jigasi.yml | 2 +- .../defaults/sip-communicator.properties | 28 ++- jigasi/rootfs/etc/services.d/jigasi/run | 3 +- jvb/rootfs/defaults/jvb.conf | 20 +- .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 81 +++--- prosody/rootfs/defaults/saslauthd.conf | 6 +- prosody/rootfs/etc/cont-init.d/10-config | 19 +- web/rootfs/defaults/meet.conf | 10 +- web/rootfs/defaults/settings-config.js | 4 +- web/rootfs/defaults/system-config.js | 13 +- web/rootfs/etc/services.d/cron/run | 3 +- 18 files changed, 173 insertions(+), 346 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2f237ab..54dd8cd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -157,6 +157,7 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_GUESTS - ENABLE_LOBBY + - ENABLE_RECORDING - ENABLE_XMPP_WEBSOCKET - GLOBAL_CONFIG - GLOBAL_MODULES @@ -217,7 +218,7 @@ services: networks: meet.jitsi: aliases: - - ${XMPP_SERVER} + - ${XMPP_SERVER:-xmpp.meet.jitsi} # Focus component jicofo: @@ -276,7 +277,7 @@ services: image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - - '${JVB_PORT}:${JVB_PORT}/udp' + - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' - '127.0.0.1:8080:8080' volumes: - ${CONFIG}/jvb:/config:Z diff --git a/env.example b/env.example index cf9ee4e..11b06d2 100644 --- a/env.example +++ b/env.example @@ -49,30 +49,6 @@ TZ=UTC # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment #DOCKER_HOST_ADDRESS=192.168.1.1 -# Control whether the lobby feature should be enabled or not -#ENABLE_LOBBY=1 - -# Control whether the A/V moderation should be enabled or not -#ENABLE_AV_MODERATION=1 - -# Show a prejoin page before entering a conference -#ENABLE_PREJOIN_PAGE=0 - -# Enable the welcome page -#ENABLE_WELCOME_PAGE=1 - -# Enable the close page -#ENABLE_CLOSE_PAGE=0 - -# Disable measuring of audio levels -#DISABLE_AUDIO_LEVELS=0 - -# Enable noisy mic detection -#ENABLE_NOISY_MIC_DETECTION=1 - -# Enable breakout rooms -#ENABLE_BREAKOUT_ROOMS=1 - # # Let's Encrypt configuration # @@ -206,219 +182,5 @@ ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background # Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps:// # LDAP_START_TLS=1 - -# Matrix authentication (for more information see the documention of the "Prosody Auth Matrix User Verification" at https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification) -# - -# Base URL to the matrix user verification service (without ending slash) -#MATRIX_UVS_URL=https://uvs.example.com:3000 - -# (optional) The issuer of the auth token to be passed through. Must match what is being set as `iss` in the JWT. Defaut value is "issuer". -#MATRIX_UVS_ISSUER=issuer - -# (optional) user verification service auth token, if authentication enabled -#MATRIX_UVS_AUTH_TOKEN=changeme - -# (optional) Make Matrix room moderators owners of the Prosody room. -#MATRIX_UVS_SYNC_POWER_LEVELS=1 - - -# -# Advanced configuration options (you generally don't need to change these) -# - -# Internal XMPP domain -XMPP_DOMAIN=meet.jitsi - -# Internal XMPP server -XMPP_SERVER=xmpp.meet.jitsi - -# Internal XMPP server c2s port -#XMPP_PORT=5222 - -# Internal XMPP server URL -XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280 - -# Internal XMPP domain for authenticated services -XMPP_AUTH_DOMAIN=auth.meet.jitsi - -# XMPP domain for the MUC -XMPP_MUC_DOMAIN=muc.meet.jitsi - -# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools -XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi - -# XMPP domain for unauthenticated users -XMPP_GUEST_DOMAIN=guest.meet.jitsi - -# Custom Prosody modules for XMPP_DOMAIN (comma separated) -XMPP_MODULES= - -# Custom Prosody modules for MUC component (comma separated) -XMPP_MUC_MODULES= - -# Custom Prosody modules for internal MUC component (comma separated) -XMPP_INTERNAL_MUC_MODULES= - -# MUC for the JVB pool -JVB_BREWERY_MUC=jvbbrewery - -# XMPP user for JVB client connections -JVB_AUTH_USER=jvb - -# STUN servers used to discover the server's public IP -JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443 - -# Media port for the Jitsi Videobridge -JVB_PORT=10000 - -# XMPP user for Jicofo client connections. -# NOTE: this option doesn't currently work due to a bug -JICOFO_AUTH_USER=focus - -# Base URL of Jicofo's reservation REST API -#JICOFO_RESERVATION_REST_BASE_URL=http://reservation.example.com - -# Enable Jicofo's health check REST API (http://:8888/about/health) -#JICOFO_ENABLE_HEALTH_CHECKS=true - -# XMPP user for Jigasi MUC client connections -JIGASI_XMPP_USER=jigasi - -# MUC name for the Jigasi pool -JIGASI_BREWERY_MUC=jigasibrewery - -# Minimum port for media used by Jigasi -JIGASI_PORT_MIN=20000 - -# Maximum port for media used by Jigasi -JIGASI_PORT_MAX=20050 - -# Enable SDES srtp -#JIGASI_ENABLE_SDES_SRTP=1 - -# Keepalive method -#JIGASI_SIP_KEEP_ALIVE_METHOD=OPTIONS - -# Health-check extension -#JIGASI_HEALTH_CHECK_SIP_URI=keepalive - -# Health-check interval -#JIGASI_HEALTH_CHECK_INTERVAL=300000 -# -# Enable Jigasi transcription -#ENABLE_TRANSCRIPTIONS=1 - -# Jigasi will record audio when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_RECORD_AUDIO=true - -# Jigasi will send transcribed text to the chat when transcriber is on [default: false] -#JIGASI_TRANSCRIBER_SEND_TXT=true - -# Jigasi will post an url to the chat with transcription file [default: false] -#JIGASI_TRANSCRIBER_ADVERTISE_URL=true - -# Credentials for connect to Cloud Google API from Jigasi -# Please read https://cloud.google.com/text-to-speech/docs/quickstart-protocol -# section "Before you begin" paragraph 1 to 5 -# Copy the values from the json to the related env vars -#GC_PROJECT_ID= -#GC_PRIVATE_KEY_ID= -#GC_PRIVATE_KEY= -#GC_CLIENT_EMAIL= -#GC_CLIENT_ID= -#GC_CLIENT_CERT_URL= - -# Enable recording -#ENABLE_RECORDING=1 - -# XMPP domain for the jibri recorder -XMPP_RECORDER_DOMAIN=recorder.meet.jitsi - -# XMPP recorder user for Jibri client connections -JIBRI_RECORDER_USER=recorder - -# Directory for recordings inside Jibri container -JIBRI_RECORDING_DIR=/config/recordings - -# The finalizing script. Will run after recording is complete -#JIBRI_FINALIZE_RECORDING_SCRIPT_PATH=/config/finalize.sh - -# XMPP user for Jibri client connections -JIBRI_XMPP_USER=jibri - -# MUC name for the Jibri pool -JIBRI_BREWERY_MUC=jibribrewery - -# MUC connection timeout -JIBRI_PENDING_TIMEOUT=90 - -# When jibri gets a request to start a service for a room, the room -# jid will look like: roomName@optional.prefixes.subdomain.xmpp_domain -# We'll build the url for the call by transforming that into: -# https://xmpp_domain/subdomain/roomName -# So if there are any prefixes in the jid (like jitsi meet, which -# has its participants join a muc at conference.xmpp_domain) then -# list that prefix here so it can be stripped out to generate -# the call url correctly -JIBRI_STRIP_DOMAIN_JID=muc - -# Directory for logs inside Jibri container -JIBRI_LOGS_DIR=/config/logs - -# Configure an external TURN server -# TURN_CREDENTIALS=secret -# TURN_HOST=turnserver.example.com -# TURN_PORT=443 -# TURNS_HOST=turnserver.example.com -# TURNS_PORT=443 - -# Disable HTTPS: handle TLS connections outside of this setup -#DISABLE_HTTPS=1 - -# Enable FLoC -# Opt-In to Federated Learning of Cohorts tracking -#ENABLE_FLOC=0 - -# Redirect HTTP traffic to HTTPS -# Necessary for Let's Encrypt, relies on standard HTTPS port (443) -#ENABLE_HTTP_REDIRECT=1 - -# Send a `strict-transport-security` header to force browsers to use -# a secure and trusted connection. Recommended for production use. -# Defaults to 1 (send the header). -# ENABLE_HSTS=1 - -# Enable IPv6 -# Provides means to disable IPv6 in environments that don't support it (get with the times, people!) -#ENABLE_IPV6=1 - # Container restart policy -# Defaults to unless-stopped RESTART_POLICY=unless-stopped - -# Authenticate using external service or just focus external auth window if there is one already. -# TOKEN_AUTH_URL=https://auth.meet.example.com/{room} - -# Sentry Error Tracking -# Sentry Data Source Name (Endpoint for Sentry project) -# Example: https://public:private@host:port/1 -#JVB_SENTRY_DSN= -#JICOFO_SENTRY_DSN= -#JIGASI_SENTRY_DSN= - -# Optional environment info to filter events -#SENTRY_ENVIRONMENT=production - -# Optional release info to filter events -#SENTRY_RELEASE=1.0.0 - -# Optional properties for shutdown api -#COLIBRI_REST_ENABLED=true -#SHUTDOWN_REST_ENABLED=true - -# Configure toolbar buttons. Add the buttons name separated with comma(no spaces between comma) -#TOOLBAR_BUTTONS= - -# Hide the buttons at pre-join screen. Add the buttons name separated with comma -#HIDE_PREMEETING_BUTTONS= diff --git a/jibri.yml b/jibri.yml index 981219d..df776de 100644 --- a/jibri.yml +++ b/jibri.yml @@ -36,6 +36,7 @@ services: - XMPP_AUTH_DOMAIN - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - XMPP_SERVER - XMPP_PORT diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 58ab863..9ae5e56 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -1,8 +1,19 @@ +{{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}} +{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} {{ $JIBRI_USAGE_TIMEOUT := .Env.JIBRI_USAGE_TIMEOUT | default "0" -}} {{ $JIBRI_RECORDING_RESOLUTION := .Env.JIBRI_RECORDING_RESOLUTION | default "1280x720" -}} +{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} +{{ $JIBRI_STRIP_DOMAIN_JID := .Env.JIBRI_STRIP_DOMAIN_JID | default $XMPP_MUC_DOMAIN_PREFIX -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_TRUST_ALL_CERTS := .Env.XMPP_TRUST_ALL_CERTS | default "true" | toBool -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -36,7 +47,7 @@ jibri { ] // The base XMPP domain - xmpp-domain = "{{ $ENV.XMPP_DOMAIN }}" + xmpp-domain = "{{ $XMPP_DOMAIN }}" {{ if $ENV.PUBLIC_URL -}} // An (optional) base url the Jibri will join if it is set @@ -46,29 +57,29 @@ jibri { // The MUC we'll join to announce our presence for // recording and streaming services control-muc { - domain = "{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }}" - room-name = "{{ $ENV.JIBRI_BREWERY_MUC }}" + domain = "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" + room-name = "{{ $JIBRI_BREWERY_MUC }}" nickname = "{{ $ENV.JIBRI_INSTANCE_ID }}" } - + // The login information for the control MUC control-login { - domain = "{{ $ENV.XMPP_AUTH_DOMAIN }}" + domain = "{{ $XMPP_AUTH_DOMAIN }}" port = "{{ $SERVER._1 | default $XMPP_PORT }}" - username = "{{ $ENV.JIBRI_XMPP_USER }}" + username = "{{ $JIBRI_XMPP_USER }}" password = "{{ $ENV.JIBRI_XMPP_PASSWORD }}" } // The login information the selenium web client will use call-login { - domain = "{{ $ENV.XMPP_RECORDER_DOMAIN }}" - username = "{{ $ENV.JIBRI_RECORDER_USER }}" + domain = "{{ $XMPP_RECORDER_DOMAIN }}" + username = "{{ $JIBRI_RECORDER_USER }}" password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}" } // The value we'll strip from the room JID domain to derive // the call URL - strip-from-room-domain = "{{ $ENV.JIBRI_STRIP_DOMAIN_JID }}." + strip-from-room-domain = "{{ $JIBRI_STRIP_DOMAIN_JID }}." // How long Jibri sessions will be allowed to last before // they are stopped. A value of 0 allows them to go on @@ -84,7 +95,7 @@ jibri { } } recording { - recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR }}" + recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR | default "/config/recordings" }}" {{ if .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH -}} finalize-script = "{{ .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH }}" {{ end -}} diff --git a/jibri/rootfs/defaults/logging.properties b/jibri/rootfs/defaults/logging.properties index fb6eb77..e40314c 100644 --- a/jibri/rootfs/defaults/logging.properties +++ b/jibri/rootfs/defaults/logging.properties @@ -1,27 +1,29 @@ +{{ $JIBRI_LOGS_DIR := .Env.JIBRI_LOGS_DIR | default /config/logs -}} + handlers = java.util.logging.FileHandler, java.util.logging.ConsoleHandler org.jitsi.utils.logging2.JitsiLogFormatter.programname=Jibri java.util.logging.FileHandler.level = FINE -java.util.logging.FileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/log.%g.txt +java.util.logging.FileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/log.%g.txt java.util.logging.FileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter java.util.logging.FileHandler.count = 10 java.util.logging.FileHandler.limit = 10000000 org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.level = FINE -org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/ffmpeg.%g.txt +org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/ffmpeg.%g.txt org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.count = 10 org.jitsi.jibri.capture.ffmpeg.util.FfmpegFileHandler.limit = 10000000 org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.level = FINE -org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/pjsua.%g.txt +org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/pjsua.%g.txt org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.count = 10 org.jitsi.jibri.sipgateway.pjsua.util.PjsuaFileHandler.limit = 10000000 org.jitsi.jibri.selenium.util.BrowserFileHandler.level = FINE -org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = {{ .Env.JIBRI_LOGS_DIR }}/browser.%g.txt +org.jitsi.jibri.selenium.util.BrowserFileHandler.pattern = {{ $JIBRI_LOGS_DIR }}/browser.%g.txt org.jitsi.jibri.selenium.util.BrowserFileHandler.formatter = org.jitsi.utils.logging2.JitsiLogFormatter org.jitsi.jibri.selenium.util.BrowserFileHandler.count = 10 org.jitsi.jibri.selenium.util.BrowserFileHandler.limit = 10000000 diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index b94a99d..a819508 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -4,7 +4,18 @@ {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} +{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} +{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} +{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} +{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default 90 -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} jicofo { {{ if $ENABLE_AUTH }} @@ -22,7 +33,7 @@ jicofo { login-url = "shibboleth:default" logout-url = "shibboleth:default" {{ else }} - login-url = "{{ .Env.XMPP_DOMAIN }}" + login-url = "{{ $XMPP_DOMAIN }}" {{ end }} enable-auto-login={{ $ENABLE_AUTO_LOGIN }} } @@ -54,7 +65,7 @@ jicofo { } {{ end }} - brewery-jid = "{{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" } // Configure the codecs and RTP extensions to be used in the offer sent to clients. codec { @@ -101,19 +112,17 @@ jicofo { {{ if $ENABLE_RECORDING }} jibri { - brewery-jid = "{{ .Env.JIBRI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JIBRI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" {{ if .Env.JIBRI_REQUEST_RETRIES }} num-retries = "{{ .Env.JIBRI_REQUEST_RETRIES }}" {{ end }} - {{ if .Env.JIBRI_PENDING_TIMEOUT }} - pending-timeout = "{{ .Env.JIBRI_PENDING_TIMEOUT }}" - {{ end }} + pending-timeout = "{{ $JIBRI_PENDING_TIMEOUT }}" } {{ end }} - {{ if and .Env.JIGASI_SIP_URI .Env.JIGASI_BREWERY_MUC }} + {{ if and .Env.JIGASI_SIP_URI $JIGASI_BREWERY_MUC }} jigasi { - brewery-jid = "{{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" + brewery-jid = "{{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" } {{ end }} @@ -134,17 +143,17 @@ jicofo { xmpp { client { enabled = true - hostname = "{{ .Env.XMPP_SERVER }}" + hostname = "{{ $XMPP_SERVER }}" port = "{{ $XMPP_PORT }}" - domain = "{{ .Env.XMPP_AUTH_DOMAIN }}" - username = "{{ .Env.JICOFO_AUTH_USER }}" + domain = "{{ $XMPP_AUTH_DOMAIN }}" + username = "{{ $JICOFO_AUTH_USER }}" password = "{{ .Env.JICOFO_AUTH_PASSWORD }}" - conference-muc-jid = "{{ .Env.XMPP_MUC_DOMAIN }}" - client-proxy = "focus.{{ .Env.XMPP_DOMAIN }}" + conference-muc-jid = "{{ $XMPP_MUC_DOMAIN }}" + client-proxy = "focus.{{ $XMPP_DOMAIN }}" disable-certificate-verification = true } {{ if $ENABLE_RECORDING }} - trusted-domains = [ "{{ .Env.XMPP_RECORDER_DOMAIN }}" ] + trusted-domains = [ "{{ $XMPP_RECORDER_DOMAIN }}" ] {{ end }} } diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run index 6288f5a..f9a1b9a 100644 --- a/jicofo/rootfs/etc/services.d/jicofo/run +++ b/jicofo/rootfs/etc/services.d/jicofo/run @@ -1,5 +1,11 @@ #!/usr/bin/with-contenv bash +# Defaults +[ -z "${JICOFO_AUTH_USER}" ] && export JICOFO_AUTH_USER=focus +[ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi +[ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi +[ -z "${XMPP_SERVER}" ] && export XMPP_SERVER=xmpp.meet.jitsi + JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf" DAEMON=/usr/share/jicofo/jicofo.sh DAEMON_DIR=/usr/share/jicofo/ diff --git a/jigasi.yml b/jigasi.yml index 491ca53..90c8c52 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -6,7 +6,7 @@ services: image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' + - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' volumes: - ${CONFIG}/jigasi:/config:Z - ${CONFIG}/transcripts:/tmp/transcripts:Z diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 4dd2ac9..805dd5a 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -1,5 +1,13 @@ +{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} +{{ JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -62,15 +70,15 @@ net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.speex/8000=0 net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.telephone-event/8000=1 net.java.sip.communicator.impl.protocol.sip.acc1.Encodings.ulpfec/90000=0 net.java.sip.communicator.impl.protocol.sip.acc1.OVERRIDE_ENCODINGS=true -net.java.sip.communicator.impl.protocol.sip.acc1.DOMAIN_BASE={{ .Env.XMPP_DOMAIN }} +net.java.sip.communicator.impl.protocol.sip.acc1.DOMAIN_BASE={{ $XMPP_DOMAIN }} # XMPP account used for control {{ range $index, $element := $XMPP_SERVERS -}} {{ $SERVER := splitn ":" 2 $element }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}=acc{{ $index }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.ACCOUNT_UID=Jabber:{{ $ENV.JIGASI_XMPP_USER }}@{{ $ENV.XMPP_AUTH_DOMAIN }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.USER_ID={{ $ENV.JIGASI_XMPP_USER }}@{{ $ENV.XMPP_AUTH_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.ACCOUNT_UID=Jabber:{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.IS_SERVER_OVERRIDDEN=true net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.SERVER_ADDRESS={{ $SERVER._0 }} net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.SERVER_PORT={{ $SERVER._1 | default $XMPP_PORT }} @@ -107,8 +115,8 @@ net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/1 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/32000=0 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.speex/8000=0 net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.Encodings.telephone-event/8000=0 -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.BREWERY={{ $ENV.JIGASI_BREWERY_MUC }}@{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }} -net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.DOMAIN_BASE={{ $ENV.XMPP_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.BREWERY={{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }} +net.java.sip.communicator.impl.protocol.jabber.acc{{ $index }}.DOMAIN_BASE={{ $XMPP_DOMAIN }} {{ end -}} org.jitsi.jigasi.BREWERY_ENABLED=true @@ -117,7 +125,7 @@ org.jitsi.jigasi.HEALTH_CHECK_INTERVAL={{ .Env.JIGASI_HEALTH_CHECK_INTERVAL | de org.jitsi.jigasi.HEALTH_CHECK_TIMEOUT=600000 org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true -org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }} +org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ $XMPP_SERVER }} org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false @@ -126,10 +134,10 @@ org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true {{ if .Env.ENABLE_AUTH | default "0" | toBool }} {{ if .Env.ENABLE_GUESTS | default "0" | toBool }} -org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_GUEST_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_GUEST_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=true {{ else }} -org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false {{ end }} org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }} @@ -161,4 +169,4 @@ org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }} {{ end }} -org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ .Env.XMPP_MUC_DOMAIN }} +org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ $XMPP_MUC_DOMAIN }} diff --git a/jigasi/rootfs/etc/services.d/jigasi/run b/jigasi/rootfs/etc/services.d/jigasi/run index 660753b..8b9eb5d 100644 --- a/jigasi/rootfs/etc/services.d/jigasi/run +++ b/jigasi/rootfs/etc/services.d/jigasi/run @@ -3,7 +3,6 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties" DAEMON=/usr/share/jigasi/jigasi.sh -DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=$JIGASI_PORT_MIN --max-port=$JIGASI_PORT_MAX" +DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=${JIGASI_PORT_MIN:-20000} --max-port=${JIGASI_PORT_MAX:-20050}" exec s6-setuidgid jigasi /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS" - diff --git a/jvb/rootfs/defaults/jvb.conf b/jvb/rootfs/defaults/jvb.conf index a1e418a..c65ac13 100644 --- a/jvb/rootfs/defaults/jvb.conf +++ b/jvb/rootfs/defaults/jvb.conf @@ -1,20 +1,26 @@ {{ $COLIBRI_REST_ENABLED := .Env.COLIBRI_REST_ENABLED | default "false" | toBool }} {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} +{{ $JVB_STUN_SERVERS := .Env.JVB_STUN_SERVERS | default "meet-jit-si-turnrelay.jitsi.net:443" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} +{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} {{ $JVB_MUC_NICKNAME := .Env.JVB_MUC_NICKNAME | default .Env.HOSTNAME -}} {{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}} {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool }} {{ $WS_DOMAIN := .Env.JVB_WS_DOMAIN | default $PUBLIC_URL_DOMAIN -}} {{ $WS_SERVER_ID := .Env.JVB_WS_SERVER_ID | default .Env.JVB_WS_SERVER_ID_FALLBACK -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -{{ $XMPP_SERVERS := splitList "," .Env.XMPP_SERVER -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} videobridge { ice { udp { - port = {{ .Env.JVB_PORT }} + port = {{ .Env.JVB_PORT | default 10000 }} } } apis { @@ -25,10 +31,10 @@ videobridge { shard{{ $index }} { HOSTNAME = "{{ $SERVER._0 }}" PORT = "{{ $SERVER._1 | default $XMPP_PORT }}" - DOMAIN = "{{ $ENV.XMPP_AUTH_DOMAIN }}" - USERNAME = "{{ $ENV.JVB_AUTH_USER }}" + DOMAIN = "{{ $XMPP_AUTH_DOMAIN }}" + USERNAME = "{{ $JVB_AUTH_USER }}" PASSWORD = "{{ $ENV.JVB_AUTH_PASSWORD }}" - MUC_JIDS = "{{ $ENV.JVB_BREWERY_MUC }}@{{ $ENV.XMPP_INTERNAL_MUC_DOMAIN }}" + MUC_JIDS = "{{ $JVB_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" MUC_NICKNAME = "{{ $JVB_MUC_NICKNAME }}" DISABLE_CERTIFICATE_VERIFICATION = true } @@ -78,8 +84,8 @@ ice4j { harvest { mapping { stun { -{{ if .Env.JVB_STUN_SERVERS -}} - addresses = [ "{{ join "\",\"" (splitList "," .Env.JVB_STUN_SERVERS) }}" ] +{{ if $JVB_STUN_SERVERS -}} + addresses = [ "{{ join "\",\"" (splitList "," $JVB_STUN_SERVERS) }}" ] {{ else -}} enabled = false {{ end -}} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 0f2491a..74a4921 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,6 +1,9 @@ {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}} +{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} {{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }} {{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }} {{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }} @@ -14,26 +17,32 @@ {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" }} {{ $TURNS_PORT := .Env.TURNS_PORT | default "443" }} -{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." .Env.XMPP_MUC_DOMAIN)._0 }} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} admins = { - "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}", - "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" + "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}", + "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" } unlimited_jids = { - "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}", - "{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" + "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}", + "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" } plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } -muc_mapper_domain_base = "{{ .Env.XMPP_DOMAIN }}"; +muc_mapper_domain_base = "{{ $XMPP_DOMAIN }}"; muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; -http_default_host = "{{ .Env.XMPP_DOMAIN }}" +http_default_host = "{{ $XMPP_DOMAIN }}" {{ if .Env.TURN_CREDENTIALS }} external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; @@ -64,7 +73,7 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU consider_bosh_secure = true; consider_websocket_secure = true; -VirtualHost "{{ .Env.XMPP_DOMAIN }}" +VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} {{ if eq $AUTH_TYPE "jwt" }} authentication = "{{ $JWT_AUTH_TYPE }}" @@ -95,8 +104,8 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" authentication = "jitsi-anonymous" {{ end }} ssl = { - key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key"; - certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt"; + key = "/config/certs/{{ $XMPP_DOMAIN }}.key"; + certificate = "/config/certs/{{ $XMPP_DOMAIN }}.crt"; } modules_enabled = { "bosh"; @@ -128,54 +137,54 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{end}} } - main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}" + main_muc = "{{ $XMPP_MUC_DOMAIN }}" {{ if $ENABLE_LOBBY }} - lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}" - {{ if .Env.XMPP_RECORDER_DOMAIN }} - muc_lobby_whitelist = { "{{ .Env.XMPP_RECORDER_DOMAIN }}" } + lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" + {{ if $ENABLE_RECORDING }} + muc_lobby_whitelist = { "{{ $XMPP_RECORDER_DOMAIN }}" } {{ end }} {{ end }} {{ if $ENABLE_BREAKOUT_ROOMS }} - breakout_rooms_muc = "breakout.{{ .Env.XMPP_DOMAIN }}" + breakout_rooms_muc = "breakout.{{ $XMPP_DOMAIN }}" {{ end }} - speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}" - conference_duration_component = "conferenceduration.{{ .Env.XMPP_DOMAIN }}" + speakerstats_component = "speakerstats.{{ $XMPP_DOMAIN }}" + conference_duration_component = "conferenceduration.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AV_MODERATION }} - av_moderation_component = "avmoderation.{{ .Env.XMPP_DOMAIN }}" + av_moderation_component = "avmoderation.{{ $XMPP_DOMAIN }}" {{ end }} c2s_require_encryption = false {{ if $ENABLE_GUEST_DOMAIN }} -VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}" +VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "jitsi-anonymous" c2s_require_encryption = false {{ end }} -VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}" +VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" ssl = { - key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key"; - certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt"; + key = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.key"; + certificate = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.crt"; } modules_enabled = { "limits_exception"; } authentication = "internal_hashed" -{{ if .Env.XMPP_RECORDER_DOMAIN }} -VirtualHost "{{ .Env.XMPP_RECORDER_DOMAIN }}" +{{ if $ENABLE_RECORDING }} +VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}" modules_enabled = { "ping"; } authentication = "internal_hashed" {{ end }} -Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc" +Component "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" "muc" storage = "memory" modules_enabled = { "ping"; @@ -187,7 +196,7 @@ Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true -Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc" +Component "{{ $XMPP_MUC_DOMAIN }}" "muc" storage = "memory" modules_enabled = { "muc_meeting_id"; @@ -211,22 +220,22 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true -Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy" - target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" +Component "focus.{{ $XMPP_DOMAIN }}" "client_proxy" + target_address = "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" -Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "speakerstats.{{ $XMPP_DOMAIN }}" "speakerstats_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" -Component "conferenceduration.{{ .Env.XMPP_DOMAIN }}" "conference_duration_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "conferenceduration.{{ $XMPP_DOMAIN }}" "conference_duration_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" {{ if $ENABLE_AV_MODERATION }} -Component "avmoderation.{{ .Env.XMPP_DOMAIN }}" "av_moderation_component" - muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" +Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component" + muc_component = "{{ $XMPP_MUC_DOMAIN }}" {{ end }} {{ if $ENABLE_LOBBY }} -Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc" +Component "lobby.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false @@ -234,7 +243,7 @@ Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc" {{ end }} {{ if $ENABLE_BREAKOUT_ROOMS }} -Component "breakout.{{ .Env.XMPP_DOMAIN }}" "muc" +Component "breakout.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false diff --git a/prosody/rootfs/defaults/saslauthd.conf b/prosody/rootfs/defaults/saslauthd.conf index 79f38d4..543b5eb 100644 --- a/prosody/rootfs/defaults/saslauthd.conf +++ b/prosody/rootfs/defaults/saslauthd.conf @@ -1,3 +1,5 @@ +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} + {{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }} ldap_servers: {{ .Env.LDAP_URL }} ldap_search_base: {{ .Env.LDAP_BASE }} @@ -9,8 +11,8 @@ ldap_filter: {{ .Env.LDAP_FILTER | default "uid=%u" }} ldap_version: {{ .Env.LDAP_VERSION | default "3" }} ldap_auth_method: {{ .Env.LDAP_AUTH_METHOD | default "bind" }} {{ if .Env.LDAP_USE_TLS | default "0" | toBool }} -ldap_tls_key: /config/certs/{{ .Env.XMPP_DOMAIN }}.key -ldap_tls_cert: /config/certs/{{ .Env.XMPP_DOMAIN }}.crt +ldap_tls_key: /config/certs/{{ $XMPP_DOMAIN }}.key +ldap_tls_cert: /config/certs/{{ $XMPP_DOMAIN }}.crt {{ if .Env.LDAP_TLS_CHECK_PEER | default "0" | toBool }} ldap_tls_check_peer: yes ldap_tls_cacert_file: {{ .Env.LDAP_TLS_CACERT_FILE | default "/etc/ssl/certs/ca-certificates.crt" }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 3322fbc..10dfe0c 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -25,6 +25,7 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then chown -R prosody /prosody-plugins-custom fi +mkdir /config/certs cp -r /defaults/* /config tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua @@ -34,6 +35,16 @@ if [[ -z $JICOFO_AUTH_PASSWORD ]]; then exit 1 fi +# Defaults +[ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder +[ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri +[ -z "${JICOFO_AUTH_USER}" ] && export JICOFO_AUTH_USER=focus +[ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi +[ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb +[ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi +[ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi +[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi + prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN @@ -50,7 +61,7 @@ fi prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD -if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then +if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then OLD_JIBRI_XMPP_PASSWORD=passw0rd if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then echo 'FATAL ERROR: Jibri auth password must be changed, check the README' @@ -59,7 +70,7 @@ if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD fi -if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then +if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then OLD_JIBRI_RECORDER_PASSWORD=passw0rd if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' @@ -68,7 +79,7 @@ if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD fi -if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then +if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then OLD_JIGASI_XMPP_PASSWORD=passw0rd if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then echo 'FATAL ERROR: Jigasi auth password must be changed, check the README' @@ -77,8 +88,6 @@ if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi -mkdir -p /config/certs - if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then # echo for using all default values echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index df875ad..f0d4e9f 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,6 +1,8 @@ {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_BOSH_URL_BASE := .Env.XMPP_BOSH_URL_BASE | default "http://xmpp.meet.jitsi:5280" -}} server_name _; @@ -64,21 +66,21 @@ location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) { # BOSH location = /http-bind { - proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/http-bind; + proxy_pass {{ $XMPP_BOSH_URL_BASE }}/http-bind; proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + proxy_set_header Host {{ $XMPP_DOMAIN }}; } {{ if $ENABLE_XMPP_WEBSOCKET }} # xmpp websockets location = /xmpp-websocket { - proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; + proxy_pass {{ $XMPP_BOSH_URL_BASE }}/xmpp-websocket; proxy_http_version 1.1; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + proxy_set_header Host {{ $XMPP_DOMAIN }}; proxy_set_header X-Forwarded-For $remote_addr; tcp_nodelay on; } diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index b300571..4c3a1fc 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -37,8 +37,8 @@ {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} {{ $TESTING_OCTO_PROBABILITY := .Env.TESTING_OCTO_PROBABILITY | default "0" -}} {{ $TESTING_CAP_SCREENSHARE_BITRATE := .Env.TESTING_CAP_SCREENSHARE_BITRATE | default "1" -}} -{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $DISABLE_DEEP_LINKING := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}} {{ $VIDEOQUALITY_ENFORCE_PREFERRED_CODEC := .Env.VIDEOQUALITY_ENFORCE_PREFERRED_CODEC | default "false" | toBool -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index b72edef..b3f3ca1 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -3,12 +3,13 @@ {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} -{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }} +{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}} {{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}} -{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}} -{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} -{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}} -{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." .Env.XMPP_MUC_DOMAIN)._0 -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} // Begin default config overrides. @@ -30,7 +31,7 @@ config.hosts.muc = '{{ $XMPP_MUC_DOMAIN }}'; {{ if $ENABLE_AUTH -}} {{ if $ENABLE_GUESTS -}} // When using authentication, domain for guest users. -config.hosts.anonymousdomain = '{{ .Env.XMPP_GUEST_DOMAIN }}'; +config.hosts.anonymousdomain = '{{ $XMPP_GUEST_DOMAIN }}'; {{ end -}} // Domain for authenticated users. Defaults to . config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; diff --git a/web/rootfs/etc/services.d/cron/run b/web/rootfs/etc/services.d/cron/run index d08f5f2..1b3a4d6 100755 --- a/web/rootfs/etc/services.d/cron/run +++ b/web/rootfs/etc/services.d/cron/run @@ -1,7 +1,6 @@ #!/usr/bin/with-contenv bash -if [[ $DISABLE_HTTPS -ne 1 ]] && \ - [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then +if [[ $DISABLE_HTTPS -ne 1 ]] && [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then exec cron -f else # if cron should not be started,