Polish configuration

author: Quentin Dufour <quentin@dufour.io> 2021-02-01 08:40:59 +0100
committer: Quentin Dufour <quentin@dufour.io> 2021-02-01 08:40:59 +0100
commit: 0a87d26e47646fb0a3e9a9399ea83b39640583b1 (patch)
tree: 66b79c1cd096fd1a0923aa35e93364d393f6b417
parent: cb69a1123cc36c792cb0993ae46c3700a7391a62 (diff)
download: infrastructure-0a87d26e47646fb0a3e9a9399ea83b39640583b1.tar.gz
infrastructure-0a87d26e47646fb0a3e9a9399ea83b39640583b1.zip
7 files changed, 28 insertions, 45 deletions
diff --git a/app/docker-compose.yml b/app/docker-compose.yml
index 2b996e0..35e4972 100644
--- a/app/docker-compose.yml
+++ b/app/docker-compose.yml
@@ -47,8 +47,7 @@ services:
       context: ./jitsi/build/jitsi-meet
       args:
         # https://github.com/jitsi/jitsi-meet
-        PREFIXV: jitsi-meet_
-        VERSION: 5463
+        MEET_TAG: jitsi-meet_5463
     image: superboum/amd64_jitsi_meet:v4
 
   jitsi-conference-focus:
@@ -72,8 +71,7 @@ services:
     build:
       context: ./jitsi/build/jitsi-xmpp
       args:
-        PREFIXV: jitsi-meet_
-        MEET_VERSION: 5463
+        MEET_TAG: jitsi-meet_5463
         PROSODY_VERSION: 0.11.7-1~buster4
     image: superboum/amd64_jitsi_xmpp:v9
 
diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile
index 0e11df9..13e99be 100644
--- a/app/jitsi/build/jitsi-conference-focus/Dockerfile
+++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile
@@ -1,7 +1,8 @@
-FROM fedora:33 AS builder
+FROM debian:buster AS builder
 
 # unzip is required when executing the mvn package command
-RUN dnf install -y java-latest-openjdk-headless maven git unzip
+RUN apt-get update && \
+    apt-get install -y openjdk-11-jdk-headless maven git unzip
 
 ARG JICOFO_TAG
 RUN git clone --depth 1 --branch $JICOFO_TAG https://github.com/jitsi/jicofo
@@ -14,7 +15,7 @@ RUN mvn package -DskipTests -Dassembly.skipAssembly=false
 RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
     mv jicofo-1.1-SNAPSHOT /srv/build
 
-FROM debian:bullseye
+FROM debian:buster
 
 RUN apt-get update && \
     apt-get install -y openjdk-11-jre-headless ca-certificates
diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo
index 344b293..e307e9f 100755
--- a/app/jitsi/build/jitsi-conference-focus/jicofo
+++ b/app/jitsi/build/jitsi-conference-focus/jicofo
@@ -2,15 +2,7 @@
 
 update-ca-certificates -f
 
-if [ -z "${JICOFO_MEMORY}" ]; then
-  echo "You must set the env variable 'JICOFO_MEMORY'. eg. JICOFO_MEMORY=3072m"
-  exit 1
-fi
-
 exec java \
-  -Xmx${JICOFO_MEMORY} \
-  -XX:+HeapDumpOnOutOfMemoryError \
-  -XX:HeapDumpPath=/tmp \
   -Djdk.tls.ephemeralDHKeySize=2048 \
   -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \
   -Dconfig.file=/etc/jitsi/jicofo.conf \
diff --git a/app/jitsi/build/jitsi-meet/Dockerfile b/app/jitsi/build/jitsi-meet/Dockerfile
index b2aac62..b74c04e 100644
--- a/app/jitsi/build/jitsi-meet/Dockerfile
+++ b/app/jitsi/build/jitsi-meet/Dockerfile
@@ -1,18 +1,15 @@
 FROM debian:buster AS builder
 
-ARG PREFIXV
-ARG VERSION
-
 RUN apt-get update && \
     apt-get install -y curl && \
     curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
-    apt-get install -y git nodejs make wget unzip && \
-    wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip
+    apt-get install -y git nodejs make git unzip
+
+ARG MEET_TAG
+RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet
 
-RUN unzip jitsi-meet.zip && \
-    mv jitsi-meet-*${VERSION} jitsi-meet && \
-    cd jitsi-meet && \
-    npm install && \
+WORKDIR jitsi-meet
+RUN npm install && \
     make
 
 FROM debian:buster
diff --git a/app/jitsi/build/jitsi-videobridge/jvb_run b/app/jitsi/build/jitsi-videobridge/jvb_run
index c82712c..7522fae 100755
--- a/app/jitsi/build/jitsi-videobridge/jvb_run
+++ b/app/jitsi/build/jitsi-videobridge/jvb_run
@@ -9,18 +9,9 @@ if [ -z "${JITSI_NAT_PUBLIC_IP}" ]; then
   JITSI_NAT_PUBLIC_IP=$(curl https://ifconfig.me)
 fi
 
-if [ -z "${JVB_MEMORY}" ]; then
-  echo "You must set the env variable 'JVB_MEMORY'. eg: JVB_MEMORY=3072m"
-  exit 1
-fi
-
 echo "NAT config: ${JITSI_NAT_LOCAL_IP} -> ${JITSI_NAT_PUBLIC_IP}"
 
 exec java \
-  -Xmx${JVB_MEMORY} \
-  -XX:+UseConcMarkSweepGC \
-  -XX:+HeapDumpOnOutOfMemoryError \
-  -XX:HeapDumpPath=/tmp \
   -Djdk.tls.ephemeralDHKeySize=2048 \
   -Djava.util.logging.config.file=/usr/share/jvb/lib/logging.properties \
   -Dconfig.file=/etc/jitsi/videobridge.conf \
diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile
index 90aae76..80b89f0 100644
--- a/app/jitsi/build/jitsi-xmpp/Dockerfile
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@@ -1,13 +1,10 @@
 FROM debian:buster as builder
 
-WORKDIR /tmp
-ARG MEET_VERSION
-ARG PREFIXV
 RUN apt-get update && \
-    apt-get install -y wget unzip
-RUN wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${MEET_VERSION}.zip -O meet.zip
-RUN unzip meet.zip && \
-    mv jitsi-meet-* jitsi-meet
+    apt-get install -y git unzip
+
+ARG MEET_TAG
+RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/
 
 FROM debian:buster
 
@@ -30,7 +27,7 @@ RUN mkdir -p /usr/local/share/ca-certificates/ && \
     mkdir -p /var/lib/prosody && \
     chown -R prosody:prosody /var/lib/prosody /run/prosody
 
-COPY --from=builder /tmp/jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/
+COPY --from=builder /jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/
 COPY xmpp_prosody /usr/local/bin/xmpp_prosody
 
 WORKDIR /var/lib/prosody
diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua
index 92a40bf..b5bc0b9 100644
--- a/app/jitsi/integration/prosody/prosody.cfg.lua
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua
@@ -21,12 +21,13 @@ modules_enabled = {
   "websocket";
   --"http_altconnect"; -- not shipped with prosody
 }
+modules_disabled = { "s2s" }
 
 plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
 
 log = {
   --log less on console with warn="*console"; or err="*console" or more with debug="*console"
-  debug="*console";
+  info="*console";
 }
 daemonize = false
 use_libevent = true
@@ -45,10 +46,12 @@ muc_mapper_domain_base = "jitsi.deuxfleurs.fr";
 
 cross_domain_bosh = false;
 consider_bosh_secure = true;
-https_ports = { }; -- Remove this line to prevent listening on port 5284
-component_interface = "0.0.0.0"
-component_ports = { 5347 }
+--component_ports = { 5347 }
+component_ports = { } -- it seems we don't need external components for now...
+https_ports = { } -- we don't need http
 http_ports = { 5280 }
+c2s_ports = { 5222 }
+s2s_ports = { }
 
 
 -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
@@ -111,6 +114,10 @@ Component "internal.auth.jitsi" "muc"
     muc_room_default_public_jids = true
 
 VirtualHost "auth.jitsi"
+    ssl = {
+        key = "/var/lib/prosody/auth.jitsi.key";
+        certificate = "/var/lib/prosody/auth.jitsi.crt";
+    }
     authentication = "internal_plain"
 
 Component "focus.jitsi" "client_proxy"
author	Quentin Dufour <quentin@dufour.io>	2021-02-01 08:40:59 +0100
committer	Quentin Dufour <quentin@dufour.io>	2021-02-01 08:40:59 +0100
commit	0a87d26e47646fb0a3e9a9399ea83b39640583b1 (patch)
tree	66b79c1cd096fd1a0923aa35e93364d393f6b417
parent	cb69a1123cc36c792cb0993ae46c3700a7391a62 (diff)
download	infrastructure-0a87d26e47646fb0a3e9a9399ea83b39640583b1.tar.gz infrastructure-0a87d26e47646fb0a3e9a9399ea83b39640583b1.zip