diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-03-22 18:01:54 +0100 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2020-03-22 18:01:54 +0100 |
| commit | cef60898b5db0e314a435121606b04b1ad6ffbdd (patch) | |
| tree | 12d34ff821c0aa473af7fdf4a3ec6e46c3e702e8 | |
| parent | e24522d8285878240ee0d873616bc177313aa7ba (diff) | |
| download | infrastructure-cef60898b5db0e314a435121606b04b1ad6ffbdd.tar.gz infrastructure-cef60898b5db0e314a435121606b04b1ad6ffbdd.zip | |
Rework jitsi-xmpp to support cert gen
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | docker/jitsi/01_gen_certs.yml | 8 | ||||
| -rw-r--r-- | docker/jitsi/02_run.yml | 17 | ||||
| -rw-r--r-- | docker/jitsi/README.md | 13 | ||||
| -rw-r--r-- | docker/jitsi/dev.env | 7 | ||||
| -rw-r--r-- | docker/jitsi/docker-compose.yml | 20 | ||||
| -rw-r--r-- | docker/jitsi/jitsi-certs/.gitignore | 2 | ||||
| -rw-r--r-- | docker/jitsi/jitsi-conference-focus/Dockerfile | 22 | ||||
| -rwxr-xr-x | docker/jitsi/jitsi-conference-focus/jicofo | 8 | ||||
| -rw-r--r-- | docker/jitsi/jitsi-videobridge/Dockerfile | 15 | ||||
| -rw-r--r-- | docker/jitsi/jitsi-xmpp/Dockerfile | 8 | ||||
| -rwxr-xr-x | docker/jitsi/jitsi-xmpp/xmpp_conf (renamed from docker/jitsi/jitsi-xmpp/entrypoint.sh) | 15 | ||||
| -rwxr-xr-x | docker/jitsi/jitsi-xmpp/xmpp_gen | 9 | ||||
| -rwxr-xr-x | docker/jitsi/jitsi-xmpp/xmpp_run | 18 |
14 files changed, 122 insertions, 41 deletions
@@ -1,3 +1,4 @@ *.retry .git_old/ debug/gladdrinfo +*.swp diff --git a/docker/jitsi/01_gen_certs.yml b/docker/jitsi/01_gen_certs.yml new file mode 100644 index 0000000..8c97384 --- /dev/null +++ b/docker/jitsi/01_gen_certs.yml @@ -0,0 +1,8 @@ +version: '3' +services: + jitsi-xmpp: + build: ./jitsi-xmpp + command: ["/usr/local/bin/xmpp_gen"] + volumes: [ './jitsi-certs/:/certs:rw' ] + env_file: [ 'dev.env' ] + diff --git a/docker/jitsi/02_run.yml b/docker/jitsi/02_run.yml new file mode 100644 index 0000000..f2ec9e9 --- /dev/null +++ b/docker/jitsi/02_run.yml @@ -0,0 +1,17 @@ +version: '3' +services: + jitsi-xmpp: + build: ./jitsi-xmpp + ports: + - "5222:5222" + - "5347:5347" + - "5280:5280" + env_file: [ 'dev.env' ] + jitsi-front: + build: ./jitsi-front + ports: + - "80:80" + env_file: [ 'dev.env' ] + jitsi-conference-focus: + build: ./jitsi-conference-focus + env_file: [ 'dev.env' ] diff --git a/docker/jitsi/README.md b/docker/jitsi/README.md index 8ca8ec5..ea90274 100644 --- a/docker/jitsi/README.md +++ b/docker/jitsi/README.md @@ -3,11 +3,18 @@ This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/maste To build images: ``` -docker-compose build +docker-compose -f 02_run.yml build ``` -To run stack: +To gen the certs: ``` -docker-compose up --force-recreate +docker-compose -f 01_gen_certs.yml up --force-recreate +``` + +To run the stack: + + +``` +docker-compose -f 02_run.yml up --force-recreate ``` diff --git a/docker/jitsi/dev.env b/docker/jitsi/dev.env new file mode 100644 index 0000000..6fe8ed1 --- /dev/null +++ b/docker/jitsi/dev.env @@ -0,0 +1,7 @@ +JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 +JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 +JITSI_SECRET_JICOFO_USER=S3CR3T03 +JITSI_PROSODY_BOSH_PORT=5280 +JITSI_PROSODY_BOSH_HOST=172.17.0.1 +JITSI_PROSODY_HOST=172.17.0.1 +JITSI_CERTS_FOLDER=/certs/ diff --git a/docker/jitsi/docker-compose.yml b/docker/jitsi/docker-compose.yml deleted file mode 100644 index 2cc7e62..0000000 --- a/docker/jitsi/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: '2.0' -services: - jitsi-xmpp: - build: ./jitsi-xmpp - ports: - - "5222:5222" - - "5347:5347" - - "5280:5280" - environment: - - JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 - - JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 - - JITSI_SECRET_JICOFO_USER=S3CR3T03 - jitsi-front: - build: ./jitsi-front - ports: - - "80:80" - environment: - - JITSI_PROSODY_BOSH_PORT=5280 - - JITSI_PROSODY_BOSH_HOST=172.17.0.1 - diff --git a/docker/jitsi/jitsi-certs/.gitignore b/docker/jitsi/jitsi-certs/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/docker/jitsi/jitsi-certs/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/docker/jitsi/jitsi-conference-focus/Dockerfile b/docker/jitsi/jitsi-conference-focus/Dockerfile index e69de29..7933ed9 100644 --- a/docker/jitsi/jitsi-conference-focus/Dockerfile +++ b/docker/jitsi/jitsi-conference-focus/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:buster AS builder + +RUN apt-get update && \ + apt-get install -y openjdk-11-jdk maven git unzip && \ + git clone --depth=1 https://github.com/jitsi/jicofo.git && \ + cd jicofo && \ + mvn package -DskipTests -Dassembly.skipAssembly=false + +RUN cd jicofo && \ + unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \ + mv jicofo-1.1-SNAPSHOT /srv/jicofo + + +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y openjdk-11-jdk + +COPY --from=builder /srv/jicofo /srv/jicofo +COPY jicofo /usr/local/bin/jicofo + +CMD ["/usr/local/bin/jicofo"] diff --git a/docker/jitsi/jitsi-conference-focus/jicofo b/docker/jitsi/jitsi-conference-focus/jicofo new file mode 100755 index 0000000..34b5548 --- /dev/null +++ b/docker/jitsi/jitsi-conference-focus/jicofo @@ -0,0 +1,8 @@ +#!/bin/bash + +/srv/jicofo/jicofo.sh \ + --host=${JITSI_PROSODY_HOST} \ + --domain=jitsi.deuxfleurs.fr \ + --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ + --user_domain=auth.jitsi.deuxfleurs.fr \ + --user_password=${JITSI_SECRET_JICOFO_USER} diff --git a/docker/jitsi/jitsi-videobridge/Dockerfile b/docker/jitsi/jitsi-videobridge/Dockerfile index e69de29..7216b8c 100644 --- a/docker/jitsi/jitsi-videobridge/Dockerfile +++ b/docker/jitsi/jitsi-videobridge/Dockerfile @@ -0,0 +1,15 @@ +FROM debian:buster AS builder + +RUN apt-get update && \ + apt-get install -y wget unzip + +ENV VERSION=1132 +RUN wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-${VERSION}.zip -O jvb.zip && \ + unzip jvb.zip && \ + mv jitsi-videobridge-linux-x64-${VERSION} jvb + +FROM debian:buster + +RUN apt-get update && \ + apt-get install -y + diff --git a/docker/jitsi/jitsi-xmpp/Dockerfile b/docker/jitsi/jitsi-xmpp/Dockerfile index 4d71a13..3733d49 100644 --- a/docker/jitsi/jitsi-xmpp/Dockerfile +++ b/docker/jitsi/jitsi-xmpp/Dockerfile @@ -4,6 +4,8 @@ RUN apt-get update && \ apt-get install -y prosody COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua -COPY entrypoint.sh /usr/local/bin/entrypoint -ENTRYPOINT ["/usr/local/bin/entrypoint"] -CMD ["/usr/bin/prosody"] +COPY xmpp_conf /usr/local/bin/xmpp_conf +COPY xmpp_gen /usr/local/bin/xmpp_gen +COPY xmpp_run /usr/local/bin/xmpp_run + +CMD ["/usr/local/bin/xmpp_run"] diff --git a/docker/jitsi/jitsi-xmpp/entrypoint.sh b/docker/jitsi/jitsi-xmpp/xmpp_conf index e6ab4e5..c7534ba 100755 --- a/docker/jitsi/jitsi-xmpp/entrypoint.sh +++ b/docker/jitsi/jitsi-xmpp/xmpp_conf @@ -34,19 +34,4 @@ ln -sf \ /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \ /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua -prosodyctl cert generate jitsi.deuxfleurs.fr -prosodyctl cert generate auth.jitsi.deuxfleurs.fr -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ - /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt - -prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} - -mkdir /run/prosody -touch /run/prosody/prosody.pid -chown -R prosody:prosody /run/prosody - -cd /var/lib/prosody -su - prosody -s /bin/bash -c "$@" diff --git a/docker/jitsi/jitsi-xmpp/xmpp_gen b/docker/jitsi/jitsi-xmpp/xmpp_gen new file mode 100755 index 0000000..3a2e04a --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/xmpp_gen @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf + +prosodyctl cert generate jitsi.deuxfleurs.fr +prosodyctl cert generate auth.jitsi.deuxfleurs.fr + +cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER} +cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER} diff --git a/docker/jitsi/jitsi-xmpp/xmpp_run b/docker/jitsi/jitsi-xmpp/xmpp_run new file mode 100755 index 0000000..ca2b7cf --- /dev/null +++ b/docker/jitsi/jitsi-xmpp/xmpp_run @@ -0,0 +1,18 @@ +#!/bin/bash + +/usr/local/bin/xmpp_conf +cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ + +mkdir -p /usr/local/share/ca-certificates/ +ln -sf \ + /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ + /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt + +prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} + +mkdir /run/prosody +touch /run/prosody/prosody.pid +chown -R prosody:prosody /run/prosody + +cd /var/lib/prosody +su - prosody -s /bin/bash -c prosody |