web,prosody: add XMPP WebSocket / Stream Management support

pull/808/head
Jan-Otto Kröpke 5 years ago committed by Saúl Ibarra Corretgé
parent 130eb551a7
commit d747bfbe6b
  1. 5
      docker-compose.yml
  2. 3
      env.example
  3. 31
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  4. 9
      prosody/rootfs/defaults/prosody.cfg.lua
  5. 17
      web/rootfs/defaults/meet.conf
  6. 14
      web/rootfs/defaults/system-config.js

@ -15,6 +15,7 @@ services:
environment: environment:
- ENABLE_LETSENCRYPT - ENABLE_LETSENCRYPT
- ENABLE_HTTP_REDIRECT - ENABLE_HTTP_REDIRECT
- ENABLE_XMPP_WEBSOCKET
- DISABLE_HTTPS - DISABLE_HTTPS
- LETSENCRYPT_DOMAIN - LETSENCRYPT_DOMAIN
- LETSENCRYPT_EMAIL - LETSENCRYPT_EMAIL
@ -30,7 +31,6 @@ services:
- CALLSTATS_SECRET - CALLSTATS_SECRET
- CHROME_EXTENSION_BANNER_JSON - CHROME_EXTENSION_BANNER_JSON
- CONFCODE_URL - CONFCODE_URL
- CONFIG_BOSH_HOST
- CONFIG_EXTERNAL_CONNECT - CONFIG_EXTERNAL_CONNECT
- DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT
- DEPLOYMENTINFO_ENVIRONMENT_TYPE - DEPLOYMENTINFO_ENVIRONMENT_TYPE
@ -61,7 +61,6 @@ services:
- ENABLE_TALK_WHILE_MUTED - ENABLE_TALK_WHILE_MUTED
- ENABLE_TCC - ENABLE_TCC
- ENABLE_TRANSCRIPTIONS - ENABLE_TRANSCRIPTIONS
- ENABLE_WEBSOCKETS
- ETHERPAD_PUBLIC_URL - ETHERPAD_PUBLIC_URL
- ETHERPAD_URL_BASE - ETHERPAD_URL_BASE
- GOOGLE_ANALYTICS_ID - GOOGLE_ANALYTICS_ID
@ -110,6 +109,7 @@ services:
- ENABLE_AUTH - ENABLE_AUTH
- ENABLE_GUESTS - ENABLE_GUESTS
- ENABLE_LOBBY - ENABLE_LOBBY
- ENABLE_XMPP_WEBSOCKET
- GLOBAL_MODULES - GLOBAL_MODULES
- GLOBAL_CONFIG - GLOBAL_CONFIG
- LDAP_URL - LDAP_URL
@ -154,6 +154,7 @@ services:
- JWT_AUTH_TYPE - JWT_AUTH_TYPE
- JWT_TOKEN_AUTH_MODULE - JWT_TOKEN_AUTH_MODULE
- LOG_LEVEL - LOG_LEVEL
- PUBLIC_URL
- TZ - TZ
networks: networks:
meet.jitsi: meet.jitsi:

@ -329,6 +329,9 @@ JIBRI_LOGS_DIR=/config/logs
# Necessary for Let's Encrypt, relies on standard HTTPS port (443) # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1 #ENABLE_HTTP_REDIRECT=1
# Enabled XMPP traffic over WebSocket (PUBLIC_URL must be defined!)
#ENABLE_XMPP_WEBSOCKET=1
# Container restart policy # Container restart policy
# Defaults to unless-stopped # Defaults to unless-stopped
RESTART_POLICY=unless-stopped RESTART_POLICY=unless-stopped

@ -15,6 +15,9 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }} {{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
{{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "0" | toBool }} {{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "0" | toBool }}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }}
{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
{{ end }} {{ end }}
@ -23,6 +26,13 @@ asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSU
asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
{{ end }} {{ end }}
{{ if $ENABLE_XMPP_WEBSOCKET }}
-- Deprecated in 0.12
-- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de
cross_domain_websocket = { "{{ $PUBLIC_URL }}" };
consider_bosh_secure = true;
{{ end }}
VirtualHost "{{ .Env.XMPP_DOMAIN }}" VirtualHost "{{ .Env.XMPP_DOMAIN }}"
{{ if $ENABLE_AUTH }} {{ if $ENABLE_AUTH }}
{{ if eq $AUTH_TYPE "jwt" }} {{ if eq $AUTH_TYPE "jwt" }}
@ -42,7 +52,15 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
authentication = "internal_hashed" authentication = "internal_hashed"
{{ end }} {{ end }}
{{ else }} {{ else }}
-- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339
{{ if $ENABLE_XMPP_WEBSOCKET }}
authentication = "token"
{{ else }}
authentication = "anonymous" authentication = "anonymous"
{{ end }}
app_id = ""
app_secret = ""
allow_empty_token = true
{{ end }} {{ end }}
ssl = { ssl = {
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key"; key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
@ -50,6 +68,10 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
} }
modules_enabled = { modules_enabled = {
"bosh"; "bosh";
{{ if $ENABLE_XMPP_WEBSOCKET }}
"websocket";
"smacks"; -- XEP-0198: Stream Management
{{ end }}
"pubsub"; "pubsub";
"ping"; "ping";
"speakerstats"; "speakerstats";
@ -80,7 +102,16 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
{{ if $ENABLE_GUEST_DOMAIN }} {{ if $ENABLE_GUEST_DOMAIN }}
VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}" VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
-- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339
{{ if $ENABLE_XMPP_WEBSOCKET }}
authentication = "token"
{{ else }}
authentication = "anonymous" authentication = "anonymous"
{{ end }}
app_id = ""
app_secret = ""
allow_empty_token = true
c2s_require_encryption = false c2s_require_encryption = false
{{ if $ENABLE_LOBBY }} {{ if $ENABLE_LOBBY }}

@ -43,7 +43,7 @@ modules_enabled = {
-- Not essential, but recommended -- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.) "private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards "vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact -- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists --"privacy"; -- Support privacy lists
--"compression"; -- Stream compression (Debian: requires lua-zlib module to work) --"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
@ -59,7 +59,7 @@ modules_enabled = {
-- Admin interfaces -- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582 --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules -- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP --"http_files"; -- Serve static files from a directory over HTTP
@ -166,4 +166,9 @@ component_interface = { "*" }
data_path = "/config/data" data_path = "/config/data"
smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
smacks_max_hibernated_sessions = 1;
smacks_max_old_sessions = 1;
Include "conf.d/*.cfg.lua" Include "conf.d/*.cfg.lua"

@ -1,3 +1,5 @@
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }}
server_name _; server_name _;
client_max_body_size 0; client_max_body_size 0;
@ -50,6 +52,21 @@ location = /http-bind {
proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
} }
{{ if $ENABLE_XMPP_WEBSOCKET }}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
proxy_set_header X-Forwarded-For $remote_addr;
tcp_nodelay on;
}
{{ end }}
location ~ ^/([^/?&:'"]+)$ { location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path; try_files $uri @root_path;
} }

@ -1,10 +1,10 @@
{{ $CONFIG_BOSH_HOST := .Env.CONFIG_BOSH_HOST | default "" -}}
{{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}} {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}}
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}}
{{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}}
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "false" | toBool -}}
{{ $ENABLE_WEBSOCKETS := .Env.ENABLE_WEBSOCKETS | default "false" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "false" | toBool -}}
{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }} {{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }}
{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}} {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}}
@ -36,15 +36,15 @@ config.hosts.anonymousdomain = '{{ .Env.XMPP_GUEST_DOMAIN }}';
config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; config.hosts.authdomain = '{{ $XMPP_DOMAIN }}';
{{ end -}} {{ end -}}
config.bosh = '{{ if $CONFIG_BOSH_HOST }}https://{{ $CONFIG_BOSH_HOST }}{{ end }}/http-bind'; config.bosh = '/http-bind';
{{ if $ENABLE_WEBSOCKETS -}} {{ if $ENABLE_XMPP_WEBSOCKET -}}
config.websocket = 'wss://{{ if $CONFIG_BOSH_HOST }}{{ $CONFIG_BOSH_HOST }}{{end}}/xmpp-websocket'; config.websocket = 'wss://{{ $PUBLIC_URL_DOMAIN }}/xmpp-websocket';
{{ end -}} {{ end -}}
{{ if $CONFIG_EXTERNAL_CONNECT -}} {{ if $CONFIG_EXTERNAL_CONNECT -}}
{{ if $ENABLE_SUBDOMAINS -}} {{ if $ENABLE_SUBDOMAINS -}}
config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/<!--# echo var="subdir" default="" -->http-pre-bind'; config.externalConnectUrl = '/<!--# echo var="subdir" default="" -->http-pre-bind';
{{ else -}} {{ else -}}
config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/http-pre-bind'; config.externalConnectUrl = '/http-pre-bind';
{{ end -}} {{ end -}}
{{ end -}} {{ end -}}

Loading…
Cancel
Save