From 7b57ff72a918ca295e2b00e76da33eec700c6a2a Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 17:52:41 +0100 Subject: Simplify prosody too --- app/jitsi/integration/prosody/prosody.cfg.lua | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 app/jitsi/integration/prosody/prosody.cfg.lua (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua new file mode 100644 index 0000000..edfd820 --- /dev/null +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -0,0 +1,34 @@ +component_ports = { 5347 } +component_interface = "0.0.0.0" +http_ports = { ${JITSI_PROSODY_BOSH_PORT} } +log = { + error="/dev/stderr" + info="/dev/stdout" +} + +VirtualHost "jitsi.deuxfleurs.fr" + authentication = "anonymous" + ssl = { + key = "/var/lib/prosody/jitsi.key"; + certificate = "/var/lib/prosody/jitsi.crt"; + } + modules_enabled = { + "bosh"; + "pubsub"; + } + c2s_require_encryption = false + +VirtualHost "auth.jitsi.deuxfleurs.fr" + ssl = { + key = "/var/lib/prosody/auth.jitsi.key"; + certificate = "/var/lib/prosody/auth.jitsi.crt"; + } + authentication = "internal_plain" + admins = { "focus@auth.jitsi.deuxfleurs.fr"} + +Component "conference.jitsi.deuxfleurs.fr" "muc" +Component "internal.auth.jitsi.deuxfleurs.fr" "muc" + storage = "memory" + modules_enabled = { "ping"; } + admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + -- cgit v1.2.3 From 4809e27220d4805bce8f14585f902097f53607ee Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 18:55:56 +0100 Subject: WIP integration jitsi --- app/jitsi/integration/prosody/accounts.txt | 2 ++ app/jitsi/integration/prosody/prosody.cfg.lua | 49 +++++++++++++++++++++------ 2 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 app/jitsi/integration/prosody/accounts.txt (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt new file mode 100644 index 0000000..ef4f2cd --- /dev/null +++ b/app/jitsi/integration/prosody/accounts.txt @@ -0,0 +1,2 @@ +focus auth.jitsi xxx +jvb auth.jitsi yyy diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index edfd820..5f18e2a 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,12 +1,41 @@ -component_ports = { 5347 } +daemonize = false +allow_registration = false +use_libevent = true component_interface = "0.0.0.0" -http_ports = { ${JITSI_PROSODY_BOSH_PORT} } +component_ports = { 5347 } +http_ports = { 5280 } + +-- Not sure all modules are required +modules_enabled = { + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "compression"; -- Stream compression (requires the lua-zlib package installed) + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + -- jitsi + "smacks"; + "carbons"; + "mam"; + "lastactivity"; + "offline"; + "pubsub"; + "adhoc"; + "websocket"; + "http_altconnect"; +} + log = { - error="/dev/stderr" - info="/dev/stdout" + "*console"; } -VirtualHost "jitsi.deuxfleurs.fr" +VirtualHost "jitsi" authentication = "anonymous" ssl = { key = "/var/lib/prosody/jitsi.key"; @@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr" } c2s_require_encryption = false -VirtualHost "auth.jitsi.deuxfleurs.fr" +VirtualHost "auth.jitsi" ssl = { key = "/var/lib/prosody/auth.jitsi.key"; certificate = "/var/lib/prosody/auth.jitsi.crt"; } authentication = "internal_plain" - admins = { "focus@auth.jitsi.deuxfleurs.fr"} + admins = { "focus@auth.jitsi"} -Component "conference.jitsi.deuxfleurs.fr" "muc" -Component "internal.auth.jitsi.deuxfleurs.fr" "muc" +Component "conference.jitsi" "muc" +Component "internal.auth.jitsi" "muc" storage = "memory" modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } -- cgit v1.2.3 From 0e848bb2d0e705e5e0858fe8f2c02a3c9c8f45e5 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 19:28:15 +0100 Subject: Polished prosody --- app/jitsi/integration/prosody/prosody.cfg.lua | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 5f18e2a..2f75d83 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -4,6 +4,7 @@ use_libevent = true component_interface = "0.0.0.0" component_ports = { 5347 } http_ports = { 5280 } +https_ports = {} -- Not sure all modules are required modules_enabled = { @@ -13,14 +14,13 @@ modules_enabled = { "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - "compression"; -- Stream compression (requires the lua-zlib package installed) "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more -- jitsi - "smacks"; + --"smacks"; -- not shipped with prosody "carbons"; "mam"; "lastactivity"; @@ -28,11 +28,12 @@ modules_enabled = { "pubsub"; "adhoc"; "websocket"; - "http_altconnect"; + --"http_altconnect"; -- not shipped with prosody } log = { - "*console"; + --log less on console with warn="*console"; or err="*console" or more with debug="*console" + info="*console"; } VirtualHost "jitsi" -- cgit v1.2.3 From 47bcdaaf0dc6d8caaaa8bd30055420ae90cc73eb Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 21:05:10 +0100 Subject: Rework prosody's configuration --- app/jitsi/integration/prosody/prosody.cfg.lua | 137 +++++++++++++-------- app/jitsi/integration/prosody/prosody.cfg.lua.back | 64 ++++++++++ 2 files changed, 151 insertions(+), 50 deletions(-) create mode 100644 app/jitsi/integration/prosody/prosody.cfg.lua.back (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 2f75d83..da38be9 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,64 +1,101 @@ +plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } daemonize = false -allow_registration = false use_libevent = true + +-- domain mapper options, must at least have domain base set to use the mapper +muc_mapper_domain_base = "jitsi.deuxfleurs.fr"; + +--@FIXME would be great to configure it +--turncredentials_secret = "__turnSecret__"; + +--turncredentials = { +-- { type = "stun", host = "jitmeet.example.com", port = "3478" }, +-- { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" }, +-- { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" } +--}; + +cross_domain_bosh = false; +consider_bosh_secure = true; +https_ports = { }; -- Remove this line to prevent listening on port 5284 component_interface = "0.0.0.0" component_ports = { 5347 } http_ports = { 5280 } -https_ports = {} --- Not sure all modules are required -modules_enabled = { - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - "pep"; -- Enables users to publish their mood, activity, playing music and more - -- jitsi - --"smacks"; -- not shipped with prosody - "carbons"; - "mam"; - "lastactivity"; - "offline"; - "pubsub"; - "adhoc"; - "websocket"; - --"http_altconnect"; -- not shipped with prosody -} -log = { - --log less on console with warn="*console"; or err="*console" or more with debug="*console" - info="*console"; +-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 +ssl = { + protocol = "tlsv1_2+"; + ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" } VirtualHost "jitsi" - authentication = "anonymous" - ssl = { - key = "/var/lib/prosody/jitsi.key"; - certificate = "/var/lib/prosody/jitsi.crt"; - } - modules_enabled = { - "bosh"; - "pubsub"; - } - c2s_require_encryption = false - -VirtualHost "auth.jitsi" - ssl = { - key = "/var/lib/prosody/auth.jitsi.key"; - certificate = "/var/lib/prosody/auth.jitsi.crt"; - } - authentication = "internal_plain" - admins = { "focus@auth.jitsi"} + -- enabled = false -- Remove this line to enable this host + authentication = "anonymous" + -- Properties below are modified by jitsi-meet-tokens package config + -- and authentication above is switched to "token" + --app_id="example_app_id" + --app_secret="example_app_secret" + -- Assign this host a certificate for TLS, otherwise it would use the one + -- set in the global section (if any). + -- Note that old-style SSL on port 5223 only supports one certificate, and will always + -- use the global one. + ssl = { + key = "/var/lib/prosody/jitsi.key"; + certificate = "/var/lib/prosody/jitsi.crt"; + } + speakerstats_component = "speakerstats.jitsi" + conference_duration_component = "conferenceduration.jitsi" + -- we need bosh + modules_enabled = { + "bosh"; + "pubsub"; + "ping"; -- Enable mod_ping + "speakerstats"; + --"turncredentials"; not supported yet + "conference_duration"; + "muc_lobby_rooms"; + } + c2s_require_encryption = false + lobby_muc = "lobby.jitsi" + main_muc = "conference.jitsi" + -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms Component "conference.jitsi" "muc" + storage = "memory" + modules_enabled = { + "muc_meeting_id"; + "muc_domain_mapper"; + --"token_verification"; + } + admins = { "focusUser@auth.jitsi" } + muc_room_locking = false + muc_room_default_public_jids = true + +-- internal muc component Component "internal.auth.jitsi" "muc" - storage = "memory" - modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } + storage = "memory" + modules_enabled = { + "ping"; + } + admins = { "focusUser@auth.jitsi", "jvb@auth.jitsi" } + muc_room_locking = false + muc_room_default_public_jids = true + +VirtualHost "auth.jitsi" + authentication = "internal_plain" + +Component "focus.jitsi" + component_secret = "focusSecret" + +Component "speakerstats.jitsi" "speakerstats_component" + muc_component = "conference.jitsi" + +Component "conferenceduration.jitsi" "conference_duration_component" + muc_component = "conference.jitsi" + +Component "lobby.jitsi" "muc" + storage = "memory" + restrict_room_creation = true + muc_room_locking = false + muc_room_default_public_jids = true diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua.back b/app/jitsi/integration/prosody/prosody.cfg.lua.back new file mode 100644 index 0000000..d03d7c9 --- /dev/null +++ b/app/jitsi/integration/prosody/prosody.cfg.lua.back @@ -0,0 +1,64 @@ +daemonize = false +allow_registration = false +use_libevent = true +component_interface = "0.0.0.0" +component_ports = { 5347 } +http_ports = { 5280 } +https_ports = {} + +-- Not sure all modules are required +modules_enabled = { + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + -- jitsi + --"smacks"; -- not shipped with prosody + "carbons"; + "mam"; + "lastactivity"; + "offline"; + "pubsub"; + "adhoc"; + "websocket"; + --"http_altconnect"; -- not shipped with prosody +} + +log = { + --log less on console with warn="*console"; or err="*console" or more with debug="*console" + debug="*console"; +} + +VirtualHost "jitsi" + authentication = "anonymous" + ssl = { + key = "/var/lib/prosody/jitsi.key"; + certificate = "/var/lib/prosody/jitsi.crt"; + } + modules_enabled = { + "bosh"; + "pubsub"; + } + c2s_require_encryption = false + +VirtualHost "auth.jitsi" + ssl = { + key = "/var/lib/prosody/auth.jitsi.key"; + certificate = "/var/lib/prosody/auth.jitsi.crt"; + } + authentication = "internal_plain" + admins = { "focus@auth.jitsi"} + +Component "conference.jitsi" "muc" +Component "internal.auth.jitsi" "muc" + storage = "memory" + modules_enabled = { "ping"; } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } + -- cgit v1.2.3 From 5b53cf1673d29a7b81d552c69295f3dc7c736635 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 21:47:35 +0100 Subject: Trying to switch on a development version --- app/jitsi/integration/prosody/accounts.txt | 2 -- app/jitsi/integration/prosody/prosody.cfg.lua | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) delete mode 100644 app/jitsi/integration/prosody/accounts.txt (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt deleted file mode 100644 index ef4f2cd..0000000 --- a/app/jitsi/integration/prosody/accounts.txt +++ /dev/null @@ -1,2 +0,0 @@ -focus auth.jitsi xxx -jvb auth.jitsi yyy diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index da38be9..42831ce 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -85,7 +85,7 @@ VirtualHost "auth.jitsi" authentication = "internal_plain" Component "focus.jitsi" - component_secret = "focusSecret" + component_secret = "jicofosecretpass" Component "speakerstats.jitsi" "speakerstats_component" muc_component = "conference.jitsi" -- cgit v1.2.3 From 982efd1b49f7435f7c49c2099aabfc994d3901fb Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 23:02:37 +0100 Subject: Still so broken... --- app/jitsi/integration/prosody/prosody.cfg.lua | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'app/jitsi/integration/prosody') diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 42831ce..215bb5b 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,4 +1,9 @@ plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } + +log = { + --log less on console with warn="*console"; or err="*console" or more with debug="*console" + debug="*console"; +} daemonize = false use_libevent = true @@ -29,7 +34,7 @@ ssl = { } VirtualHost "jitsi" - -- enabled = false -- Remove this line to enable this host + enabled = true -- Remove this line to enable this host authentication = "anonymous" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" @@ -67,7 +72,7 @@ Component "conference.jitsi" "muc" "muc_domain_mapper"; --"token_verification"; } - admins = { "focusUser@auth.jitsi" } + admins = { "focus@auth.jitsi" } muc_room_locking = false muc_room_default_public_jids = true @@ -77,7 +82,7 @@ Component "internal.auth.jitsi" "muc" modules_enabled = { "ping"; } - admins = { "focusUser@auth.jitsi", "jvb@auth.jitsi" } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } muc_room_locking = false muc_room_default_public_jids = true -- cgit v1.2.3