Migrate jitsi + WIP backup doc

10 files changed, 142 insertions, 61 deletions

diff --git a/app/docker-compose.yml b/app/docker-compose.yml
index 499636c..a1f0722 100644
--- a/app/docker-compose.yml
+++ b/app/docker-compose.yml
@@ -50,16 +50,16 @@ services:
       context: ./jitsi/build/jitsi-meet
       args:
         # https://github.com/jitsi/jitsi-meet
-        MEET_TAG: jitsi-meet_5463
-    image: superboum/amd64_jitsi_meet:v4
+        MEET_TAG: stable/jitsi-meet_6826
+    image: superboum/amd64_jitsi_meet:v5
 
   jitsi-conference-focus:
     build:
       context: ./jitsi/build/jitsi-conference-focus
       args:
         # https://github.com/jitsi/jicofo
-        JICOFO_TAG: jitsi-meet_5463
-    image: superboum/amd64_jitsi_conference_focus:v8
+        JICOFO_TAG: stable/jitsi-meet_6826
+    image: superboum/amd64_jitsi_conference_focus:v9
 
   jitsi-videobridge:
     build:
@@ -67,16 +67,16 @@ services:
       args:
         # https://github.com/jitsi/jitsi-videobridge
         # note: JVB is not tagged with non-stable tags
-        JVB_TAG: stable/jitsi-meet_5390
-    image: superboum/amd64_jitsi_videobridge:v18
+        JVB_TAG: stable/jitsi-meet_6826
+    image: superboum/amd64_jitsi_videobridge:v19
 
   jitsi-xmpp:
     build:
       context: ./jitsi/build/jitsi-xmpp
       args:
-        MEET_TAG: jitsi-meet_5463
-        PROSODY_VERSION: 0.11.7-1~buster4
-    image: superboum/amd64_jitsi_xmpp:v9
+        MEET_TAG: stable/jitsi-meet_6826
+        PROSODY_VERSION: 0.11.12-1
+    image: superboum/amd64_jitsi_xmpp:v10
 
   plume:
     build:
diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile
index 13e99be..241c61b 100644
--- a/app/jitsi/build/jitsi-conference-focus/Dockerfile
+++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:buster AS builder
+FROM debian:bookworm AS builder
 
 # unzip is required when executing the mvn package command
 RUN apt-get update && \
@@ -15,7 +15,7 @@ RUN mvn package -DskipTests -Dassembly.skipAssembly=false
 RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
     mv jicofo-1.1-SNAPSHOT /srv/build
 
-FROM debian:buster
+FROM debian:bookworm
 
 RUN apt-get update && \
     apt-get install -y openjdk-11-jre-headless ca-certificates
diff --git a/app/jitsi/build/jitsi-meet/Dockerfile b/app/jitsi/build/jitsi-meet/Dockerfile
index b74c04e..d8c7cf8 100644
--- a/app/jitsi/build/jitsi-meet/Dockerfile
+++ b/app/jitsi/build/jitsi-meet/Dockerfile
@@ -1,8 +1,8 @@
-FROM debian:buster AS builder
+FROM debian:bookworm AS builder
 
 RUN apt-get update && \
     apt-get install -y curl && \
-    curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
+    curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
     apt-get install -y git nodejs make git unzip
 
 ARG MEET_TAG
@@ -12,7 +12,7 @@ WORKDIR jitsi-meet
 RUN npm install && \
     make
 
-FROM debian:buster
+FROM debian:bookworm
 
 COPY --from=builder /jitsi-meet /srv/jitsi-meet
 RUN apt-get update && \
diff --git a/app/jitsi/build/jitsi-videobridge/0001-Disable-legacy-parameters.patch b/app/jitsi/build/jitsi-videobridge/0001-Disable-legacy-parameters.patch
deleted file mode 100644
index 69b83c0..0000000
--- a/app/jitsi/build/jitsi-videobridge/0001-Disable-legacy-parameters.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b327e580ab83110cdb52bc1d11687a096b8fc1df Mon Sep 17 00:00:00 2001
-From: Quentin Dufour <quentin@dufour.io>
-Date: Mon, 1 Feb 2021 07:16:50 +0100
-Subject: [PATCH] Disable legacy parameters
-
----
- jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
-index df71f480..8f0ef9a5 100644
---- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
-+++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
-@@ -62,14 +62,6 @@ fun main(args: Array<String>) {
-     //  to be passed.
-     System.setProperty("org.eclipse.jetty.util.log.class", "org.eclipse.jetty.util.log.JavaUtilLog")
- 
--    // Before initializing the application programming interfaces (APIs) of
--    // Jitsi Videobridge, set any System properties which they use and which
--    // may be specified by the command-line arguments.
--    System.setProperty(
--        Videobridge.REST_API_PNAME,
--        cmdLine.getOptionValue("--apis").contains(Videobridge.REST_API).toString()
--    )
--
-     // Reload the Typesafe config used by ice4j, because the original was initialized before the new system
-     // properties were set.
-     JitsiConfig.reloadNewConfig()
--- 
-2.25.1
-
diff --git a/app/jitsi/build/jitsi-videobridge/0001-Remove-deprecated-argument.patch b/app/jitsi/build/jitsi-videobridge/0001-Remove-deprecated-argument.patch
new file mode 100644
index 0000000..575d93f
--- /dev/null
+++ b/app/jitsi/build/jitsi-videobridge/0001-Remove-deprecated-argument.patch
@@ -0,0 +1,40 @@
+From 01507442620e5a57624c921b508eac7d572440d0 Mon Sep 17 00:00:00 2001
+From: Quentin Dufour <quentin@deuxfleurs.fr>
+Date: Tue, 25 Jan 2022 14:46:22 +0100
+Subject: [PATCH] Remove deprecated argument
+
+---
+ .../main/kotlin/org/jitsi/videobridge/Main.kt   | 17 -----------------
+ 1 file changed, 17 deletions(-)
+
+diff --git a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
+index 4f6cb78..3db00f2 100644
+--- a/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
++++ b/jvb/src/main/kotlin/org/jitsi/videobridge/Main.kt
+@@ -52,23 +52,6 @@ import org.jitsi.videobridge.websocket.singleton as webSocketServiceSingleton
+ fun main(args: Array<String>) {
+     val logger = LoggerImpl("org.jitsi.videobridge.Main")
+ 
+-    // We only support command line arguments for backward compatibility. The --apis options is the last one supported,
+-    // and it is only used to enable/disable the REST API (XMPP is only controlled through the config files).
+-    // TODO: fully remove support for --apis
+-    CmdLine().apply {
+-        parse(args)
+-        getOptionValue("--apis")?.let {
+-            logger.warn(
+-                "A deprecated command line argument (--apis) is present. Please use the config file to control the " +
+-                    "REST API instead (see rest.md). Support for --apis will be removed in a future version."
+-            )
+-            System.setProperty(
+-                Videobridge.REST_API_PNAME,
+-                it.contains(Videobridge.REST_API).toString()
+-            )
+-        }
+-    }
+-
+     setupMetaconfigLogger()
+ 
+     setSystemPropertyDefaults()
+-- 
+2.33.1
+
diff --git a/app/jitsi/build/jitsi-videobridge/Dockerfile b/app/jitsi/build/jitsi-videobridge/Dockerfile
index 2a32946..254f220 100644
--- a/app/jitsi/build/jitsi-videobridge/Dockerfile
+++ b/app/jitsi/build/jitsi-videobridge/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:buster AS builder
+FROM debian:bookworm AS builder
 
 RUN apt-get update && \
     apt-get install -y git unzip maven openjdk-11-jdk-headless
@@ -8,12 +8,12 @@ RUN git clone --depth 1 --branch ${JVB_TAG} https://github.com/jitsi/jitsi-video
 
 WORKDIR jitsi-videobridge
 COPY *.patch .
-RUN git apply 0001-Disable-legacy-parameters.patch
+RUN git apply 0001-Remove-deprecated-argument.patch
 RUN mvn package  -DskipTests
 RUN unzip jvb/target/jitsi-videobridge*.zip && \
     mv jitsi-videobridge-*-SNAPSHOT build
 
-FROM debian:buster
+FROM debian:bookworm
 
 RUN apt-get update && \
     apt-get install -y openjdk-11-jre-headless curl
diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile
index 80b89f0..a060fda 100644
--- a/app/jitsi/build/jitsi-xmpp/Dockerfile
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:buster as builder
+FROM debian:bookworm as builder
 
 RUN apt-get update && \
     apt-get install -y git unzip
@@ -6,7 +6,7 @@ RUN apt-get update && \
 ARG MEET_TAG
 RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
 
-FROM debian:buster
+FROM debian:bookworm
 
 ARG PROSODY_VERSION
 RUN apt-get update && \
diff --git a/app/jitsi/config/nginx.conf b/app/jitsi/config/nginx.conf
index aecf4ce..32cc3c1 100644
--- a/app/jitsi/config/nginx.conf
+++ b/app/jitsi/config/nginx.conf
@@ -1,5 +1,5 @@
 # some doc: https://www.nginx.com/resources/wiki/start/topics/examples/full/
-error_log  /dev/stderr;
+error_log  /dev/stderr info;
 
 events {}
 
@@ -39,8 +39,10 @@ http {
 
   # inspired by https://raw.githubusercontent.com/jitsi/docker-jitsi-meet/master/web/rootfs/defaults/meet.conf
   server {
-    listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
-    listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+    #listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+    #listen [::]:{{ env "NOMAD_PORT_https_port" }} ssl http2 default_server;
+    listen 0.0.0.0:{{ env "NOMAD_PORT_https_port" }} default_server;
+    listen [::]:{{ env "NOMAD_PORT_https_port" }} default_server;
     client_max_body_size 0;
     server_name _;
 
@@ -48,8 +50,8 @@ http {
     ssi on;
     ssi_types application/x-javascript application/javascript;
 
-    ssl_certificate /etc/nginx/jitsi.crt;
-    ssl_certificate_key /etc/nginx/jitsi.key;
+    #ssl_certificate /etc/nginx/jitsi.crt;
+    #ssl_certificate_key /etc/nginx/jitsi.key;
     root /srv/jitsi-meet;
     index index.html;
     error_page 404 /static/404.html;
@@ -90,7 +92,7 @@ http {
         add_header 'Access-Control-Allow-Origin' '*';
         proxy_pass      http://{{ env "NOMAD_ADDR_bosh_port" }}/http-bind;
         proxy_set_header X-Forwarded-For \$remote_addr;
-        proxy_set_header Host \$http_host;
+        #proxy_set_header Host \$http_host;
     }
 
     # not used yet VVV
diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl
index c2e8173..47b8dfc 100644
--- a/app/jitsi/deploy/jitsi.hcl
+++ b/app/jitsi/deploy/jitsi.hcl
@@ -21,7 +21,7 @@ job "jitsi" {
     task "xmpp" {
       driver = "docker"
       config {
-        image = "superboum/amd64_jitsi_xmpp:v9"
+        image = "superboum/amd64_jitsi_xmpp:v10"
         ports = [ "bosh_port", "xmpp_port" ]
         network_mode = "host"
         volumes = [
@@ -102,7 +102,7 @@ EOF
     task "front" {
       driver = "docker"
       config {
-        image = "superboum/amd64_jitsi_meet:v4"
+        image = "superboum/amd64_jitsi_meet:v5"
         network_mode = "host"
         ports = [ "https_port" ]
         volumes = [
@@ -145,7 +145,7 @@ EOF
           "traefik.frontend.entryPoints=https",
           "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
           "traefik.protocol=https",
-          "tricot-https jitsi.deuxfleurs.fr",
+          "tricot jitsi.deuxfleurs.fr",
         ]
         port = "https_port"
         address_mode = "host"
@@ -167,7 +167,7 @@ EOF
     task "jicofo" {
       driver = "docker"
       config {
-        image = "superboum/amd64_jitsi_conference_focus:v8"
+        image = "superboum/amd64_jitsi_conference_focus:v9"
         network_mode = "host"
         volumes = [
           "secrets/certs/jitsi.crt:/usr/local/share/ca-certificates/jitsi.crt",
@@ -201,7 +201,7 @@ EOF
     task "videobridge" {
       driver = "docker"
       config {
-        image = "superboum/amd64_jitsi_videobridge:v18"
+        image = "superboum/amd64_jitsi_videobridge:v19"
         network_mode = "host"
         ports = [ "video_port" ] 
         ulimit {
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md
new file mode 100644
index 0000000..9e1fb62
--- /dev/null
+++ b/op_guide/backup_minio/README.md
@@ -0,0 +1,70 @@
+Add the admin account as `deuxfleurs` to your `~/.mc/config` file
+
+You need to choose some names/identifiers:
+
+```bash
+export BUCKET_NAME=example
+export NEW_ACCESS_KEY_ID=hello
+
+export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60)
+export POLICY_NAME="policy-$BUCKET_NAME"
+```
+
+Create a new bucket:
+
+```bash
+mc mb deuxfleurs/$BUCKET_NAME
+```
+
+Create a new user:
+
+```bash
+mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
+```
+
+Add this new user to your `~/.mc/config.json` file
+
+---
+
+Create a policy for this bucket and save it as json:
+
+```bash
+cat > /tmp/policy.json <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket"
+            ],
+            "Resource": [
+                "arn:aws:s3:::${BUCKET_NAME}"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::${BUCKET_NAME}/*"
+            ]
+        }
+    ]
+}
+```
+
+Register it:
+
+```bash
+mc admin policy add deuxfleurs $POLICY_NAME /tmp/policy.json
+```
+
+Set it to your user:
+
+```bash
+mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
+```
+
+