There's no need to have Jicofo involved in authentication
when JWT authentication type is configured in Prosody in which case
Prosody plugins are validating the token when user tries to enter
a MUC.
This mechanism was initially designed for 'internal' Prosody
XMPP authentication with guest access. In this mode only admin users
are allowed to create MUC rooms and Jicofo is an admin. In this flow,
a user first joins from domain with authentication enabled and it
will receive a session ID from Jicofo. Now the client will store this
session ID in the local storage and use it next time when coming back
to Jitsi Meet to make Jicofo create a MUC room for him/her.
https://jitsi.github.io/handbook/docs/devops-guide/secure-domain
The EXT_JWT mode was an experiment at some point, but now should
probably be removed. It may come handy only in case where there is
no JWT verification in Prosody and all users connect as anonymous and
MUC creation is only allowed to Jicofo.
If the lobby is enabled and ENABLE_AUTH and ENABLE_GUESTS is true, and
therefore the guest.$XMPP_DOMAIN domain is to be defined, the lobby config
should be placed in the guest domain.
NAT_HARVESTER_LOCAL_ADDRESS needs to bet set to the local IP that is actually
used to communicate with clients.
In Docker containers "hostname -I" returns the IPs of all interfaces. The order
of the IPs depends on the interface create order.
Docker makes no guarantees about the interface order and in my tests it is
random.
As a result NAT_HARVESTER_LOCAL_ADDRESS is sometimes set to the IP of the
internal meet.jitsi interface.
Fix this by setting it to the source IP used for routing to $DOCKER_HOST_ADDRESS
Adds 2803 kB disk space for iproute2 and dependencies.
Partly addresses #338
* a81ad73 prosody: add support for lobby
* baed605 web: fix removing closed captions button if transcription is enabled
* edecacd etherpad: add ability to use a external server
* a7563d4 jvb: use JVB_TCP_PORT for exposing the port
* b235ea1 prosody: disable s2s module
* 1d428a8 prosody: use a 2-stage build
* 613c26c misc: working on latest
* 4d72ee3 release: stable-4627-1
* 22b7063 examples: update Traefik v1 example
* 1381b08 prosody: fix installing dependdencies
* 2900c11 misc: add extra line to tag message
* c57a84b misc: working on latest
The example docker-compose.yml for Traefik v1 is an old version; added SELinux for volumes, added environment variables, prosody changed volumes, support for container restart configuration.
* a79fc0c misc: add release script
* 0f0adc8 compose: add image tag to compose files
* 0177765 misc: fix config volumes to work with SELinux
* eae3f5c jibri: chrome/driver 78 as a stopgap
* 78df6a4 doc: delete unnecessary dot
* 4426ed8 jibri: fix case when /dev/snd is not bound (https://github.com/jitsi/docker-jitsi-meet/issues/240#issuecomment-610422404)
* 125775a web: fix WASM MIME type
* e70975e web: enable GZIP compression for more file types
* 774aba5 misc: set ddefault timezone to UTC
* 3c3fc19 prosody: enable speaker stats and conferene duration modules
* f911df2 jvb: set JVB_TCP_MAPPED_PORT default value
* 1205170 jvb: allow `TCP_HARVESTER_MAPPED_PORT` to be configured
* f7796a1 prosody: add volume /prosody-plugins-custom to docker-compose
* d44230e prosody: use hashed xmpp auth