jicofo, prosody: allow to set different AUTH_TYPE

pull/1579/head
emrah 1 year ago committed by GitHub
parent dc1994a66a
commit f18acb493d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      docker-compose.yml
  2. 23
      jicofo/rootfs/defaults/jicofo.conf
  3. 23
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  4. 4
      prosody/rootfs/defaults/saslauthd.conf

@ -229,6 +229,7 @@ services:
- LDAP_URL - LDAP_URL
- LDAP_USE_TLS - LDAP_USE_TLS
- MAX_PARTICIPANTS - MAX_PARTICIPANTS
- PROSODY_AUTH_TYPE
- PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL - PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_RATE_LIMITS
@ -285,6 +286,7 @@ services:
- ENABLE_SCTP - ENABLE_SCTP
- ENABLE_AUTO_LOGIN - ENABLE_AUTO_LOGIN
- JICOFO_AUTH_PASSWORD - JICOFO_AUTH_PASSWORD
- JICOFO_AUTH_TYPE
- JICOFO_BRIDGE_REGION_GROUPS - JICOFO_BRIDGE_REGION_GROUPS
- JICOFO_ENABLE_AUTH - JICOFO_ENABLE_AUTH
- JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS

@ -1,13 +1,14 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}}
{{ $JICOFO_ENABLE_AUTH := (.Env.JICOFO_ENABLE_AUTH | default .Env.ENABLE_AUTH) | default "0" | toBool }} {{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}}
{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} {{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}}
{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} {{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}}
{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool }} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}}
{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool }} {{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}}
{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool }} {{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}}
{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool -}}
{{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} {{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}}
{{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} {{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}}
{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
@ -29,7 +30,7 @@ jicofo {
authentication { authentication {
enabled = true enabled = true
// The type of authentication. Supported values are XMPP or JWT. // The type of authentication. Supported values are XMPP or JWT.
{{ if eq $AUTH_TYPE "jwt" }} {{ if eq $JICOFO_AUTH_TYPE "jwt" }}
type = JWT type = JWT
{{ else }} {{ else }}
type = XMPP type = XMPP

@ -1,7 +1,8 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}}
{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
{{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}} {{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}}
{{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}} {{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}}
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} {{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
@ -98,11 +99,11 @@ external_services = {
}; };
{{- end }} {{- end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
{{ end }} {{ end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }}
asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
{{ end }} {{ end }}
@ -125,7 +126,7 @@ VirtualHost "jigasi.meet.jitsi"
VirtualHost "{{ $XMPP_DOMAIN }}" VirtualHost "{{ $XMPP_DOMAIN }}"
{{ if $ENABLE_AUTH }} {{ if $ENABLE_AUTH }}
{{ if eq $AUTH_TYPE "jwt" }} {{ if eq $PROSODY_AUTH_TYPE "jwt" }}
authentication = "{{ $JWT_AUTH_TYPE }}" authentication = "{{ $JWT_AUTH_TYPE }}"
app_id = "{{ .Env.JWT_APP_ID }}" app_id = "{{ .Env.JWT_APP_ID }}"
app_secret = "{{ .Env.JWT_APP_SECRET }}" app_secret = "{{ .Env.JWT_APP_SECRET }}"
@ -134,11 +135,11 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}" asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
{{ end }} {{ end }}
enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }} enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }}
{{ else if eq $AUTH_TYPE "ldap" }} {{ else if eq $PROSODY_AUTH_TYPE "ldap" }}
authentication = "cyrus" authentication = "cyrus"
cyrus_application_name = "xmpp" cyrus_application_name = "xmpp"
allow_unencrypted_plain_auth = true allow_unencrypted_plain_auth = true
{{ else if eq $AUTH_TYPE "matrix" }} {{ else if eq $PROSODY_AUTH_TYPE "matrix" }}
authentication = "matrix_user_verification" authentication = "matrix_user_verification"
app_id = "{{ $MATRIX_UVS_ISSUER }}" app_id = "{{ $MATRIX_UVS_ISSUER }}"
uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}" uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}"
@ -148,7 +149,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
{{ if $MATRIX_UVS_SYNC_POWER_LEVELS }} {{ if $MATRIX_UVS_SYNC_POWER_LEVELS }}
uvs_sync_power_levels = true uvs_sync_power_levels = true
{{ end }} {{ end }}
{{ else if eq $AUTH_TYPE "internal" }} {{ else if eq $PROSODY_AUTH_TYPE "internal" }}
authentication = "internal_hashed" authentication = "internal_hashed"
{{ end }} {{ end }}
{{ else }} {{ else }}
@ -187,7 +188,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
{{ if .Env.XMPP_MODULES }} {{ if .Env.XMPP_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
{{ end }} {{ end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }}
"auth_cyrus"; "auth_cyrus";
{{end}} {{end}}
{{ if $PROSODY_RESERVATION_ENABLED }} {{ if $PROSODY_RESERVATION_ENABLED }}
@ -270,10 +271,10 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
{{ if .Env.XMPP_MUC_MODULES -}} {{ if .Env.XMPP_MUC_MODULES -}}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
{{ end -}} {{ end -}}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") -}} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "jwt") -}}
"{{ $JWT_TOKEN_AUTH_MODULE }}"; "{{ $JWT_TOKEN_AUTH_MODULE }}";
{{ end }} {{ end }}
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}}
"matrix_power_sync"; "matrix_power_sync";
{{ end -}} {{ end -}}
{{ if not $DISABLE_POLLS -}} {{ if not $DISABLE_POLLS -}}

@ -1,6 +1,8 @@
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE }}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }} {{ if eq $PROSODY_AUTH_TYPE "ldap" }}
ldap_servers: {{ .Env.LDAP_URL }} ldap_servers: {{ .Env.LDAP_URL }}
ldap_search_base: {{ .Env.LDAP_BASE }} ldap_search_base: {{ .Env.LDAP_BASE }}
{{ if .Env.LDAP_BINDDN | default "" }} {{ if .Env.LDAP_BINDDN | default "" }}

Loading…
Cancel
Save