diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-28 17:52:41 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-28 17:52:41 +0100 |
commit | 7b57ff72a918ca295e2b00e76da33eec700c6a2a (patch) | |
tree | 6f19d8c5260cadc3535ee3343f662d4217719c23 | |
parent | ebb772e5ba26944ac002c236d33ef164e91c6a7d (diff) | |
download | infrastructure-7b57ff72a918ca295e2b00e76da33eec700c6a2a.tar.gz infrastructure-7b57ff72a918ca295e2b00e76da33eec700c6a2a.zip |
Simplify prosody too
-rw-r--r-- | app/jitsi/build/jitsi-conference-focus/Dockerfile | 1 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-conference-focus/jicofo | 7 | ||||
-rw-r--r-- | app/jitsi/build/jitsi-xmpp/Dockerfile | 10 | ||||
-rw-r--r-- | app/jitsi/build/jitsi-xmpp/external_components.cfg.lua | 2 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_conf | 49 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_gen | 5 | ||||
-rwxr-xr-x | app/jitsi/build/jitsi-xmpp/xmpp_run | 18 | ||||
-rw-r--r-- | app/jitsi/integration/README.md | 8 | ||||
-rw-r--r-- | app/jitsi/integration/dev.env | 10 | ||||
-rw-r--r-- | app/jitsi/integration/jicofo/jicofo.conf (renamed from app/jitsi/integration/jicofo.conf) | 8 | ||||
-rw-r--r-- | app/jitsi/integration/jitsi-certs/.gitignore | 2 | ||||
-rw-r--r-- | app/jitsi/integration/jvb/videobridge.conf (renamed from app/jitsi/integration/videobridge.conf) | 0 | ||||
-rw-r--r-- | app/jitsi/integration/prosody/prosody.cfg.lua | 34 |
13 files changed, 57 insertions, 97 deletions
diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index f78cc78..e67b3de 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -20,5 +20,6 @@ RUN apt-get update && \ COPY --from=builder /srv/build /usr/share/jicofo COPY jicofo /usr/local/bin +ENV JICOFO_SECRET=IAMDEPRECATED CMD ["/usr/local/bin/jicofo"] diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index bfc54f6..31cd9c4 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -16,9 +16,4 @@ exec java \ -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \ -Dconfig.file=/etc/jitsi/jicofo.conf \ -cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \ - org.jitsi.jicofo.Main \ - --host=${JITSI_PROSODY_HOST} \ - --domain=jitsi.deuxfleurs.fr \ - --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ - --user_domain=auth.jitsi.deuxfleurs.fr \ - --user_password=${JITSI_SECRET_JICOFO_USER} + org.jitsi.jicofo.Main diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index f3dcd36..a682984 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -5,9 +5,15 @@ ARG VERSION RUN apt-get update && \ apt-get install -y prosody=${VERSION} -COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua -COPY xmpp_conf /usr/local/bin/xmpp_conf +mkdir -p /usr/local/share/ca-certificates/ +ln -sf \ + /var/lib/prosody/auth.jitsi.crt \ + /usr/local/share/ca-certificates/auth.jitsi.crt + COPY xmpp_gen /usr/local/bin/xmpp_gen COPY xmpp_run /usr/local/bin/xmpp_run +USER prosody +RUN mkdir /run/prosody && touch /run/prosody/prosody.pid +WORKDIR /var/lib/prosody CMD ["/usr/local/bin/xmpp_run"] diff --git a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua deleted file mode 100644 index beaaa87..0000000 --- a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua +++ /dev/null @@ -1,2 +0,0 @@ -component_ports = { 5347 } -component_interface = "0.0.0.0" diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_conf b/app/jitsi/build/jitsi-xmpp/xmpp_conf deleted file mode 100755 index 34b2cb3..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_conf +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -cat >> /etc/hosts <<EOF -${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr -127.0.0.1 `hostname` -EOF - -mkdir -p /etc/prosody/conf.{d,avail}/ -cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF -http_ports = { ${JITSI_PROSODY_BOSH_PORT} } - -VirtualHost "jitsi.deuxfleurs.fr" - authentication = "anonymous" - ssl = { - key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key"; - certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt"; - } - modules_enabled = { - "bosh"; - "pubsub"; - } - c2s_require_encryption = false - -VirtualHost "auth.jitsi.deuxfleurs.fr" - ssl = { - key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key"; - certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt"; - } - authentication = "internal_plain" - admins = { "focus@auth.jitsi.deuxfleurs.fr"} - -Component "conference.jitsi.deuxfleurs.fr" "muc" -Component "internal.auth.jitsi.deuxfleurs.fr" "muc" - storage = "memory" - modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } - -Component "jitsi-videobridge.jitsi.deuxfleurs.fr" - component_secret = "${JITSI_SECRET_VIDEOBRIDGE}" -Component "focus.jitsi.deuxfleurs.fr" - component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}" - -EOF - -ln -sf \ - /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \ - /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua - - diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen index 3a2e04a..a66aad8 100755 --- a/app/jitsi/build/jitsi-xmpp/xmpp_gen +++ b/app/jitsi/build/jitsi-xmpp/xmpp_gen @@ -1,9 +1,4 @@ #!/bin/bash -/usr/local/bin/xmpp_conf - prosodyctl cert generate jitsi.deuxfleurs.fr prosodyctl cert generate auth.jitsi.deuxfleurs.fr - -cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER} -cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER} diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run index 6383b65..81329d2 100755 --- a/app/jitsi/build/jitsi-xmpp/xmpp_run +++ b/app/jitsi/build/jitsi-xmpp/xmpp_run @@ -1,20 +1,4 @@ #!/bin/bash - -/usr/local/bin/xmpp_conf -cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/ -chown -R prosody:prosody /var/lib/prosody - -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \ - /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt - prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE} - -mkdir /run/prosody -touch /run/prosody/prosody.pid -chown -R prosody:prosody /run/prosody - -cd /var/lib/prosody -su - prosody -s /bin/bash -c prosody +exec prosody diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 315b5de..e295745 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -38,6 +38,14 @@ We are particularly interested by: https://github.com/lightbend/config#standard- Using 'application.conf' with classpath does not seem to work. But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works! +Some parameters are also set independently of lightbend hocon config. +They are seen in jicofo entrypoint: +https://github.com/jitsi/jicofo/blob/master/src/main/java/org/jitsi/jicofo/Main.java +Many of these parameters can be in fact read from the HOCON file except one: the `--secret` parameter or the `JICOFO_SECRET` env variable. +But we can see this is a deprecated thing, it has been already removed from master: https://github.com/jitsi/jicofo/commit/c9e5b50a8b4e77f8b8cb8831a4a044a53edfcf48 +For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set +But maybe this value is deprecated: the check is still here but it is not used anymore?! + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/dev.env b/app/jitsi/integration/dev.env deleted file mode 100644 index 1dd2122..0000000 --- a/app/jitsi/integration/dev.env +++ /dev/null @@ -1,10 +0,0 @@ -JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 -JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 -JITSI_SECRET_JICOFO_USER=S3CR3T03 -JITSI_PROSODY_BOSH_PORT=5280 -JITSI_PROSODY_BOSH_HOST=172.17.0.1 -JITSI_PROSODY_HOST=172.17.0.1 -JITSI_CERTS_FOLDER=/certs/ -JITSI_NAT_PUBLIC_IP=37.164.35.154 -JITSI_NAT_LOCAL_IP=192.168.0.231 -JITSI_VIDEO_TCP=8080 diff --git a/app/jitsi/integration/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf index 2351cde..edb87c5 100644 --- a/app/jitsi/integration/jicofo.conf +++ b/app/jitsi/integration/jicofo/jicofo.conf @@ -213,11 +213,11 @@ jicofo { octo { // Whether or not to use Octo. Note that when enabled, its use will be determined by // $jicofo.bridge.selection-strategy. - enabled = true + enabled = false // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured. - #id = 1234 + id = 1 } rest { @@ -239,11 +239,11 @@ jicofo { // The separate XMPP connection used for communication with clients (endpoints). client { enabled = true - hostname = "localhost" + hostname = "jitsi-xmpp" port = 5222 #domain = username = "focus" - #password = + password = "3x@mple01" // How long to wait for a response to a stanza before giving up. reply-timeout = 15 seconds diff --git a/app/jitsi/integration/jitsi-certs/.gitignore b/app/jitsi/integration/jitsi-certs/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/app/jitsi/integration/jitsi-certs/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/app/jitsi/integration/videobridge.conf b/app/jitsi/integration/jvb/videobridge.conf index e9bded0..e9bded0 100644 --- a/app/jitsi/integration/videobridge.conf +++ b/app/jitsi/integration/jvb/videobridge.conf diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua new file mode 100644 index 0000000..edfd820 --- /dev/null +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -0,0 +1,34 @@ +component_ports = { 5347 } +component_interface = "0.0.0.0" +http_ports = { ${JITSI_PROSODY_BOSH_PORT} } +log = { + error="/dev/stderr" + info="/dev/stdout" +} + +VirtualHost "jitsi.deuxfleurs.fr" + authentication = "anonymous" + ssl = { + key = "/var/lib/prosody/jitsi.key"; + certificate = "/var/lib/prosody/jitsi.crt"; + } + modules_enabled = { + "bosh"; + "pubsub"; + } + c2s_require_encryption = false + +VirtualHost "auth.jitsi.deuxfleurs.fr" + ssl = { + key = "/var/lib/prosody/auth.jitsi.key"; + certificate = "/var/lib/prosody/auth.jitsi.crt"; + } + authentication = "internal_plain" + admins = { "focus@auth.jitsi.deuxfleurs.fr"} + +Component "conference.jitsi.deuxfleurs.fr" "muc" +Component "internal.auth.jitsi.deuxfleurs.fr" "muc" + storage = "memory" + modules_enabled = { "ping"; } + admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + |