From 1c814f002af3aafa76aced040845d6fdeee7953e Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 19 Jan 2021 17:53:53 +0100 Subject: Add CMD_ONCE secret type and fill in/change secret definitions --- app/im/secrets/chat/easybridge/as_token | 1 + app/im/secrets/chat/easybridge/db_pass | 1 + app/im/secrets/chat/easybridge/db_user | 1 + app/im/secrets/chat/easybridge/hs_token | 1 + app/im/secrets/chat/easybridge/web_session_key | 2 ++ app/im/secrets/chat/fb2mx/as_token | 2 +- app/im/secrets/chat/fb2mx/hs_token | 2 +- app/im/secrets/chat/synapse/homeserver.signing.key | 1 + app/im/secrets/chat/synapse/registration_shared_secret | 2 +- app/plume/secrets/plume/pgsql_pw | 2 +- app/secretmgr.py | 9 +++++++-- 11 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 app/im/secrets/chat/easybridge/as_token create mode 100644 app/im/secrets/chat/easybridge/db_pass create mode 100644 app/im/secrets/chat/easybridge/db_user create mode 100644 app/im/secrets/chat/easybridge/hs_token create mode 100644 app/im/secrets/chat/easybridge/web_session_key create mode 100644 app/im/secrets/chat/synapse/homeserver.signing.key (limited to 'app') diff --git a/app/im/secrets/chat/easybridge/as_token b/app/im/secrets/chat/easybridge/as_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/app/im/secrets/chat/easybridge/as_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/app/im/secrets/chat/easybridge/db_pass b/app/im/secrets/chat/easybridge/db_pass new file mode 100644 index 0000000..7e1f94b --- /dev/null +++ b/app/im/secrets/chat/easybridge/db_pass @@ -0,0 +1 @@ +SERVICE_PASSWORD easybridge diff --git a/app/im/secrets/chat/easybridge/db_user b/app/im/secrets/chat/easybridge/db_user new file mode 100644 index 0000000..436267c --- /dev/null +++ b/app/im/secrets/chat/easybridge/db_user @@ -0,0 +1 @@ +CONST easybridge diff --git a/app/im/secrets/chat/easybridge/hs_token b/app/im/secrets/chat/easybridge/hs_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/app/im/secrets/chat/easybridge/hs_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/app/im/secrets/chat/easybridge/web_session_key b/app/im/secrets/chat/easybridge/web_session_key new file mode 100644 index 0000000..614bed7 --- /dev/null +++ b/app/im/secrets/chat/easybridge/web_session_key @@ -0,0 +1,2 @@ +CMD openssl rand -hex 32 + diff --git a/app/im/secrets/chat/fb2mx/as_token b/app/im/secrets/chat/fb2mx/as_token index 20b76d4..5fa4e3c 100644 --- a/app/im/secrets/chat/fb2mx/as_token +++ b/app/im/secrets/chat/fb2mx/as_token @@ -1 +1 @@ -USER fb2mx API server token +CMD openssl rand -hex 32 diff --git a/app/im/secrets/chat/fb2mx/hs_token b/app/im/secrets/chat/fb2mx/hs_token index 8808f8f..5fa4e3c 100644 --- a/app/im/secrets/chat/fb2mx/hs_token +++ b/app/im/secrets/chat/fb2mx/hs_token @@ -1 +1 @@ -USER fb2mx homeserver token +CMD openssl rand -hex 32 diff --git a/app/im/secrets/chat/synapse/homeserver.signing.key b/app/im/secrets/chat/synapse/homeserver.signing.key new file mode 100644 index 0000000..099bd18 --- /dev/null +++ b/app/im/secrets/chat/synapse/homeserver.signing.key @@ -0,0 +1 @@ +USER Synapse homeserver ed25519 signing key diff --git a/app/im/secrets/chat/synapse/registration_shared_secret b/app/im/secrets/chat/synapse/registration_shared_secret index 395cccc..b82f191 100644 --- a/app/im/secrets/chat/synapse/registration_shared_secret +++ b/app/im/secrets/chat/synapse/registration_shared_secret @@ -1 +1 @@ -USER Shared secret for homeserver registrations (?) +CMD head -c 32 /dev/urandom | base64 diff --git a/app/plume/secrets/plume/pgsql_pw b/app/plume/secrets/plume/pgsql_pw index 978be54..0f831bb 100644 --- a/app/plume/secrets/plume/pgsql_pw +++ b/app/plume/secrets/plume/pgsql_pw @@ -1 +1 @@ -CMD openssl rand -base64 32 +SERVICE_PASSWORD plume diff --git a/app/secretmgr.py b/app/secretmgr.py index 6af6d13..5cf55dc 100755 --- a/app/secretmgr.py +++ b/app/secretmgr.py @@ -43,6 +43,9 @@ USER_LONG CMD (a secret that is generated by running this command) +CMD_ONCE +(same, but value is not changed when doing a regen) + CONST (the secret has a constant value set here) @@ -81,6 +84,7 @@ consul_server = consul.Consul() USER = "USER" USER_LONG = "USER_LONG" CMD = "CMD" +CMD_ONCE = "CMD_ONCE" CONST = "CONST" CONST_LONG = "CONST_LONG" SERVICE_DN = "SERVICE_DN" @@ -108,7 +112,7 @@ def read_secret(key, file_path): secret = {"type": stype, "key": key} if stype in [USER, USER_LONG]: secret["desc"] = " ".join(l0[1:]) - elif stype == CMD: + elif stype in [CMD, CMD_ONCE]: secret["cmd"] = " ".join(l0[1:]) elif stype == CONST: secret["value"] = " ".join(l0[1:]) @@ -151,6 +155,7 @@ def get_secrets_services(secrets): if svc not in services: services[svc] = { "dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX), + "desc": "(not provided)", "pass": None, "dn_at": [], "pass_at": [], @@ -289,7 +294,7 @@ def gen_secrets_base(secrets, regen): consul_server.kv.put(key, secret["value"]) print(bcolors.OKCYAN, "Value set.", bcolors.ENDC) - if secret["type"] == CMD: + if secret["type"] == CMD or (secret["type"] == CMD_ONCE and data is None): print("----") print(key) print("Executing command:", secret["cmd"]) -- cgit v1.2.3 From a2eec38de4acb0a58f22dddc161facf44910085a Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 19 Jan 2021 18:02:00 +0100 Subject: Add a few missing secrets --- app/backup/secrets/backup/id_ed25519 | 1 + app/backup/secrets/backup/id_ed25519.pub | 1 + app/backup/secrets/backup/target_ssh_dir | 1 + app/backup/secrets/backup/target_ssh_fingerprint | 1 + app/backup/secrets/backup/target_ssh_host | 1 + app/backup/secrets/backup/target_ssh_port | 1 + app/backup/secrets/backup/target_ssh_user | 1 + app/garage/secrets/garage/garage-ca.crt | 1 + app/garage/secrets/garage/garage-ca.key | 1 + app/garage/secrets/garage/garage.crt | 1 + app/garage/secrets/garage/garage.key | 1 + 11 files changed, 11 insertions(+) create mode 100644 app/backup/secrets/backup/id_ed25519 create mode 100644 app/backup/secrets/backup/id_ed25519.pub create mode 100644 app/backup/secrets/backup/target_ssh_dir create mode 100644 app/backup/secrets/backup/target_ssh_fingerprint create mode 100644 app/backup/secrets/backup/target_ssh_host create mode 100644 app/backup/secrets/backup/target_ssh_port create mode 100644 app/backup/secrets/backup/target_ssh_user create mode 100644 app/garage/secrets/garage/garage-ca.crt create mode 100644 app/garage/secrets/garage/garage-ca.key create mode 100644 app/garage/secrets/garage/garage.crt create mode 100644 app/garage/secrets/garage/garage.key (limited to 'app') diff --git a/app/backup/secrets/backup/id_ed25519 b/app/backup/secrets/backup/id_ed25519 new file mode 100644 index 0000000..9d7fd46 --- /dev/null +++ b/app/backup/secrets/backup/id_ed25519 @@ -0,0 +1 @@ +USER_LONG Private ed25519 key of the container doing the backup diff --git a/app/backup/secrets/backup/id_ed25519.pub b/app/backup/secrets/backup/id_ed25519.pub new file mode 100644 index 0000000..0a2ab35 --- /dev/null +++ b/app/backup/secrets/backup/id_ed25519.pub @@ -0,0 +1 @@ +USER Public ed25519 key of the container doing the backup (this key must be in authorized_keys on the backup target host) diff --git a/app/backup/secrets/backup/target_ssh_dir b/app/backup/secrets/backup/target_ssh_dir new file mode 100644 index 0000000..3b2a4da --- /dev/null +++ b/app/backup/secrets/backup/target_ssh_dir @@ -0,0 +1 @@ +USER Directory where to store backups on target host diff --git a/app/backup/secrets/backup/target_ssh_fingerprint b/app/backup/secrets/backup/target_ssh_fingerprint new file mode 100644 index 0000000..608f3ec --- /dev/null +++ b/app/backup/secrets/backup/target_ssh_fingerprint @@ -0,0 +1 @@ +USER SSH fingerprint of the target machine (format: copy here the corresponding line from your known_hosts file) diff --git a/app/backup/secrets/backup/target_ssh_host b/app/backup/secrets/backup/target_ssh_host new file mode 100644 index 0000000..6268f87 --- /dev/null +++ b/app/backup/secrets/backup/target_ssh_host @@ -0,0 +1 @@ +USER Hostname of the backup target host diff --git a/app/backup/secrets/backup/target_ssh_port b/app/backup/secrets/backup/target_ssh_port new file mode 100644 index 0000000..309dd38 --- /dev/null +++ b/app/backup/secrets/backup/target_ssh_port @@ -0,0 +1 @@ +USER SSH port number to connect to the target host diff --git a/app/backup/secrets/backup/target_ssh_user b/app/backup/secrets/backup/target_ssh_user new file mode 100644 index 0000000..98b3046 --- /dev/null +++ b/app/backup/secrets/backup/target_ssh_user @@ -0,0 +1 @@ +USER SSH username to log in as on the target host diff --git a/app/garage/secrets/garage/garage-ca.crt b/app/garage/secrets/garage/garage-ca.crt new file mode 100644 index 0000000..8488ab6 --- /dev/null +++ b/app/garage/secrets/garage/garage-ca.crt @@ -0,0 +1 @@ +USER_LONG garage-ca.crt (generated with Garage's genkeys.sh script) diff --git a/app/garage/secrets/garage/garage-ca.key b/app/garage/secrets/garage/garage-ca.key new file mode 100644 index 0000000..ca3e90c --- /dev/null +++ b/app/garage/secrets/garage/garage-ca.key @@ -0,0 +1 @@ +USER_LONG garage-ca.key (generated with Garage's genkeys.sh script) diff --git a/app/garage/secrets/garage/garage.crt b/app/garage/secrets/garage/garage.crt new file mode 100644 index 0000000..6044ab8 --- /dev/null +++ b/app/garage/secrets/garage/garage.crt @@ -0,0 +1 @@ +USER_LONG garage.crt (generated with Garage's genkeys.sh script) diff --git a/app/garage/secrets/garage/garage.key b/app/garage/secrets/garage/garage.key new file mode 100644 index 0000000..db3cb0e --- /dev/null +++ b/app/garage/secrets/garage/garage.key @@ -0,0 +1 @@ +USER_LONG garage.key (generated with Garage's genkeys.sh script) -- cgit v1.2.3 From d3a3867180cbbbf4fb3a5545cc537f5316db16e7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 10:51:25 +0100 Subject: Public IP changed --- app/jitsi/config/global_env.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app') diff --git a/app/jitsi/config/global_env.tpl b/app/jitsi/config/global_env.tpl index 836a131..d78975d 100644 --- a/app/jitsi/config/global_env.tpl +++ b/app/jitsi/config/global_env.tpl @@ -5,6 +5,6 @@ JITSI_PROSODY_BOSH_PORT={{ env "NOMAD_PORT_bosh_port" }} JITSI_PROSODY_BOSH_HOST=127.0.0.1 JITSI_PROSODY_HOST=127.0.0.1 JITSI_CERTS_FOLDER=/secrets/certs/ -JITSI_NAT_PUBLIC_IP=82.253.205.190 +JITSI_NAT_PUBLIC_IP=78.197.205.190 JITSI_NAT_LOCAL_IP={{ env "NOMAD_IP_video1_port" }} NGINX_PORT={{ env "NOMAD_PORT_https_port" }} -- cgit v1.2.3 From bd9c854a12626e99737b25193b4fc3f11282af5e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 11:35:54 +0100 Subject: change port due to a strange bug --- app/jitsi/deploy/jitsi.hcl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/jitsi/deploy/jitsi.hcl b/app/jitsi/deploy/jitsi.hcl index 852e1e6..1e625bb 100644 --- a/app/jitsi/deploy/jitsi.hcl +++ b/app/jitsi/deploy/jitsi.hcl @@ -14,7 +14,7 @@ job "jitsi" { port "ext_port" { static = 5347 } port "xmpp_port" { static = 5222 } port "https_port" { } - port "video1_port" { static = 8080 } + port "video1_port" { static = 8081 } port "video2_port" { static = 10000 } } @@ -189,7 +189,7 @@ job "jitsi" { env { #JITSI_DEBUG = 1 - JITSI_VIDEO_TCP = 8080 + JITSI_VIDEO_TCP = 8081 VIDEOBRIDGE_MAX_MEMORY = "1450m" } @@ -205,7 +205,7 @@ job "jitsi" { } service { - tags = [ "jitsi", "(diplonat (tcp_port 8080))" ] + tags = [ "jitsi", "(diplonat (tcp_port 8081))" ] port = "video1_port" address_mode = "host" name = "jitsi-videobridge-video1" -- cgit v1.2.3 From 5dfca7a713ce8322de9b0dbaa55aabb70b6ea585 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 12:53:23 +0100 Subject: fix naming --- app/jitsi/integratio/01_gen_certs.yml | 8 -------- app/jitsi/integratio/02_run.yml | 27 --------------------------- app/jitsi/integratio/README.md | 26 -------------------------- app/jitsi/integratio/dev.env | 10 ---------- app/jitsi/integratio/jitsi-certs/.gitignore | 2 -- app/jitsi/integration/01_gen_certs.yml | 8 ++++++++ app/jitsi/integration/02_run.yml | 27 +++++++++++++++++++++++++++ app/jitsi/integration/README.md | 26 ++++++++++++++++++++++++++ app/jitsi/integration/dev.env | 10 ++++++++++ app/jitsi/integration/jitsi-certs/.gitignore | 2 ++ 10 files changed, 73 insertions(+), 73 deletions(-) delete mode 100644 app/jitsi/integratio/01_gen_certs.yml delete mode 100644 app/jitsi/integratio/02_run.yml delete mode 100644 app/jitsi/integratio/README.md delete mode 100644 app/jitsi/integratio/dev.env delete mode 100644 app/jitsi/integratio/jitsi-certs/.gitignore create mode 100644 app/jitsi/integration/01_gen_certs.yml create mode 100644 app/jitsi/integration/02_run.yml create mode 100644 app/jitsi/integration/README.md create mode 100644 app/jitsi/integration/dev.env create mode 100644 app/jitsi/integration/jitsi-certs/.gitignore (limited to 'app') diff --git a/app/jitsi/integratio/01_gen_certs.yml b/app/jitsi/integratio/01_gen_certs.yml deleted file mode 100644 index bf73291..0000000 --- a/app/jitsi/integratio/01_gen_certs.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v2 - command: ["/usr/local/bin/xmpp_gen"] - volumes: [ './jitsi-certs/:/certs:rw' ] - env_file: [ 'dev.env' ] - diff --git a/app/jitsi/integratio/02_run.yml b/app/jitsi/integratio/02_run.yml deleted file mode 100644 index 73eefad..0000000 --- a/app/jitsi/integratio/02_run.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '3.4' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v3 - ports: - - "5222:5222" - - "5347:5347" - - "5280:5280" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-meet: - image: superboum/amd64_jitsi_meet:v1 - ports: - - "443:443" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-conference-focus: - image: superboum/amd64_jitsi_conference_focus:v4 - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-videobridge: - image: superboum/amd64_jitsi_videobridge:v14 - ports: - - "8080:8080/tcp" - - "10000:10000/udp" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] diff --git a/app/jitsi/integratio/README.md b/app/jitsi/integratio/README.md deleted file mode 100644 index 70b59fc..0000000 --- a/app/jitsi/integratio/README.md +++ /dev/null @@ -1,26 +0,0 @@ -This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md - -To build images: - -``` -docker-compose -f 02_run.yml build -``` - -To gen the certs: - -``` -docker-compose -f 01_gen_certs.yml up --force-recreate -``` - -To run the stack: - - -``` -docker-compose -f 02_run.yml up --force-recreate -``` - -To push the stack on the docker registry: - -``` -docker-compose -f 02_run.yml push -``` diff --git a/app/jitsi/integratio/dev.env b/app/jitsi/integratio/dev.env deleted file mode 100644 index 1dd2122..0000000 --- a/app/jitsi/integratio/dev.env +++ /dev/null @@ -1,10 +0,0 @@ -JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 -JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 -JITSI_SECRET_JICOFO_USER=S3CR3T03 -JITSI_PROSODY_BOSH_PORT=5280 -JITSI_PROSODY_BOSH_HOST=172.17.0.1 -JITSI_PROSODY_HOST=172.17.0.1 -JITSI_CERTS_FOLDER=/certs/ -JITSI_NAT_PUBLIC_IP=37.164.35.154 -JITSI_NAT_LOCAL_IP=192.168.0.231 -JITSI_VIDEO_TCP=8080 diff --git a/app/jitsi/integratio/jitsi-certs/.gitignore b/app/jitsi/integratio/jitsi-certs/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/app/jitsi/integratio/jitsi-certs/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/app/jitsi/integration/01_gen_certs.yml b/app/jitsi/integration/01_gen_certs.yml new file mode 100644 index 0000000..bf73291 --- /dev/null +++ b/app/jitsi/integration/01_gen_certs.yml @@ -0,0 +1,8 @@ +version: '3' +services: + jitsi-xmpp: + image: superboum/amd64_jitsi_xmpp:v2 + command: ["/usr/local/bin/xmpp_gen"] + volumes: [ './jitsi-certs/:/certs:rw' ] + env_file: [ 'dev.env' ] + diff --git a/app/jitsi/integration/02_run.yml b/app/jitsi/integration/02_run.yml new file mode 100644 index 0000000..73eefad --- /dev/null +++ b/app/jitsi/integration/02_run.yml @@ -0,0 +1,27 @@ +version: '3.4' +services: + jitsi-xmpp: + image: superboum/amd64_jitsi_xmpp:v3 + ports: + - "5222:5222" + - "5347:5347" + - "5280:5280" + env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] + jitsi-meet: + image: superboum/amd64_jitsi_meet:v1 + ports: + - "443:443" + env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] + jitsi-conference-focus: + image: superboum/amd64_jitsi_conference_focus:v4 + env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] + jitsi-videobridge: + image: superboum/amd64_jitsi_videobridge:v14 + ports: + - "8080:8080/tcp" + - "10000:10000/udp" + env_file: [ 'dev.env' ] + volumes: [ './jitsi-certs/:/certs:ro' ] diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md new file mode 100644 index 0000000..70b59fc --- /dev/null +++ b/app/jitsi/integration/README.md @@ -0,0 +1,26 @@ +This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md + +To build images: + +``` +docker-compose -f 02_run.yml build +``` + +To gen the certs: + +``` +docker-compose -f 01_gen_certs.yml up --force-recreate +``` + +To run the stack: + + +``` +docker-compose -f 02_run.yml up --force-recreate +``` + +To push the stack on the docker registry: + +``` +docker-compose -f 02_run.yml push +``` diff --git a/app/jitsi/integration/dev.env b/app/jitsi/integration/dev.env new file mode 100644 index 0000000..1dd2122 --- /dev/null +++ b/app/jitsi/integration/dev.env @@ -0,0 +1,10 @@ +JITSI_SECRET_VIDEOBRIDGE=S3CR3T01 +JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02 +JITSI_SECRET_JICOFO_USER=S3CR3T03 +JITSI_PROSODY_BOSH_PORT=5280 +JITSI_PROSODY_BOSH_HOST=172.17.0.1 +JITSI_PROSODY_HOST=172.17.0.1 +JITSI_CERTS_FOLDER=/certs/ +JITSI_NAT_PUBLIC_IP=37.164.35.154 +JITSI_NAT_LOCAL_IP=192.168.0.231 +JITSI_VIDEO_TCP=8080 diff --git a/app/jitsi/integration/jitsi-certs/.gitignore b/app/jitsi/integration/jitsi-certs/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/app/jitsi/integration/jitsi-certs/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore -- cgit v1.2.3 From 031f31e91eb3f934032d581989844c8e341042a9 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 15:44:42 +0100 Subject: WIP modernize jitsi conf --- app/docker-compose.yml | 4 +- app/jitsi/build/jitsi-conference-focus/Dockerfile | 7 +- app/jitsi/build/jitsi-conference-focus/jicofo | 9 +- .../sip-communicator.properties | 2 - app/jitsi/integration/README.md | 29 +-- app/jitsi/integration/jicofo.conf | 273 ++++++++++++++++++++ app/jitsi/integration/videobridge.conf | 279 +++++++++++++++++++++ 7 files changed, 570 insertions(+), 33 deletions(-) delete mode 100644 app/jitsi/build/jitsi-conference-focus/sip-communicator.properties create mode 100644 app/jitsi/integration/jicofo.conf create mode 100644 app/jitsi/integration/videobridge.conf (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index df7fee4..d734c20 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -58,7 +58,7 @@ services: # https://github.com/jitsi/jicofo PREFIXV: stable/jitsi-meet_ VERSION: 5390 - image: superboum/amd64_jitsi_conference_focus:v6 + image: superboum/amd64_jitsi_conference_focus:v7 jitsi-videobridge: build: @@ -67,7 +67,7 @@ services: # https://github.com/jitsi/jitsi-videobridge PREFIXV: stable/jitsi-meet_ VERSION: 5390 - image: superboum/amd64_jitsi_videobridge:v16 + image: superboum/amd64_jitsi_videobridge:v17 jitsi-xmpp: build: diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index e2c459c..f78cc78 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -18,10 +18,7 @@ FROM debian:buster RUN apt-get update && \ apt-get install -y openjdk-11-jre-headless ca-certificates -ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi" - -COPY --from=builder /srv/build /srv/jicofo -COPY jicofo /usr/local/bin/jicofo -COPY sip-communicator.properties /root/.sip-communicator/sip-communicator.properties +COPY --from=builder /srv/build /usr/share/jicofo +COPY jicofo /usr/local/bin CMD ["/usr/local/bin/jicofo"] diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index 2bc6e3f..1c1f77d 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -8,7 +8,14 @@ ${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-v 127.0.0.1 `hostname` EOF -/srv/jicofo/jicofo.sh \ +exec java \ + -Xmx400m \ + -XX:+HeapDumpOnOutOfMemoryError \ + -XX:HeapDumpPath=/tmp \ + -Djdk.tls.ephemeralDHKeySize=2048 \ + -Djava.util.logging.config.file=/srv/jicofo/lib/logging.properties \ + -cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \ + org.jitsi.jicofo.Main \ --host=${JITSI_PROSODY_HOST} \ --domain=jitsi.deuxfleurs.fr \ --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ diff --git a/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties b/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties deleted file mode 100644 index 53c32e2..0000000 --- a/app/jitsi/build/jitsi-conference-focus/sip-communicator.properties +++ /dev/null @@ -1,2 +0,0 @@ -org.jitsi.jicofo.SHORT_ID=1 -org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 70b59fc..8d81150 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -1,26 +1,9 @@ -This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md +Extract conf templates: -To build images: +```bash +sudo docker-compose run jitsi-conference-focus bash -c \ + 'apt-get update && apt-get install -y unzip && unzip /srv/jicofo/jicofo.jar && cat reference.conf' -``` -docker-compose -f 02_run.yml build -``` - -To gen the certs: - -``` -docker-compose -f 01_gen_certs.yml up --force-recreate -``` - -To run the stack: - - -``` -docker-compose -f 02_run.yml up --force-recreate -``` - -To push the stack on the docker registry: - -``` -docker-compose -f 02_run.yml push +sudo docker-compose run jitsi-videobridge bash -c \ + 'apt-get update && apt-get install -y unzip && unzip /srv/jvb/jitsi-videobridge.jar && cat reference.conf' ``` diff --git a/app/jitsi/integration/jicofo.conf b/app/jitsi/integration/jicofo.conf new file mode 100644 index 0000000..ecf45fc --- /dev/null +++ b/app/jitsi/integration/jicofo.conf @@ -0,0 +1,273 @@ +jicofo { + // Authentication with external services + authentication { + enabled = false + // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default). + type = SHIBBOLETH + + // The pattern of authentication URL. See ShibbolethAuthAuthority for more information. + # login-url = + + # logout-url = + + authentication-lifetime = 24 hours + enable-auto-login = true + } + // Configuration related to jitsi-videobridge + bridge { + // The maximum number of participants in a single conference to put on one bridge (use -1 for no maximum). + max-bridge-participants = -1 + // The assumed maximum packet rate that a bridge can handle. + max-bridge-packet-rate = 50000 + // The assumed average packet rate per participant. + average-participant-packet-rate-pps = 500 + // The assumed average stress per participant. + average-participant-stress = 0.01 + // The assumed time that an endpoint takes to start contributing fully to the load on a bridge. To avoid allocating + // a burst of endpoints to the same bridge, the bridge stress is adjusted by adding the number of new endpoints + // in the last [participant-rampup-time] multiplied by [average-participant-stress]. + participant-rampup-interval = 20 seconds + // The stress level above which a bridge is considered overstressed. + stress-threshold = 0.8 + // The amount of to wait before retrying using a failed bridge. + failure-reset-threshold = 1 minute + // The bridge selection strategy. The built-in strategies are: + // SingleBridgeSelectionStrategy: Use the least loaded bridge, do not split a conference between bridges (Octo). + // SplitBridgeSelectionStrategy: Use a separate bridge for each participant (for testing). + // RegionBasedBridgeSelectionStrategy: Attempt to put each participant in a bridge in their local region (i.e. use + // Octo for geo-location). + // IntraRegionBridgeSelectionStrategy: Use additional bridges when a bridge becomes overloaded (i.e. use Octo for + // load balancing). + // + // Additionally, you can use the fully qualified class name for custom BridgeSelectionStrategy implementations. + selection-strategy = SingleBridgeSelectionStrategy + health-checks { + // Whether jicofo should perform periodic health checks to the connected bridges. + enabled = true + // The interval at which to perform health checks. + interval = 10 seconds + // When a health checks times out, jicofo will retry and only consider it fail after the retry fails. This + // configures the delay between the original health check timing out and the second health check being sent. + // It is a duration and defaults to half the [interval]. + # retry-delay = 5 seconds + } + + // The JID of the MUC to be used as a brewery for bridge instances. + brewery-jid = jvbbrewery@example.com + } + // Configure the codecs and RTP extensions to be used in the offer sent to clients. + codec { + video { + vp8 { + enabled = true + pt = 100 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 96 + } + vp9 { + enabled = true + pt = 101 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 97 + } + h264 { + enabled = true + pt = 107 + // Payload type for the associated RTX stream. Set to -1 to disable RTX. + rtx-pt = 99 + } + } + + audio { + isac-16000 { + enabled = true + pt = 103 + } + isac-32000 { + enabled = true + pt = 104 + } + opus { + enabled = true + pt = 111 + minptime = 10 + use-inband-fec = true + red { + enabled = false + pt = 112 + } + } + telephone-event { + enabled = true + pt = 126 + } + } + + // RTP header extensions + rtp-extensions { + audio-level { + enabled = true + id = 1 + } + tof { + // TOF is currently disabled, because we don't support it in the bridge + // (and currently clients seem to not use it when abs-send-time is + // available). + enabled = false + id = 2 + } + abs-send-time { + enabled = true + id = 3 + } + rid { + enabled = false + id = 4 + } + tcc { + enabled = true + id = 5 + } + video-content-type { + enabled = false + id = 7 + } + framemarking { + enabled = false + id = 9 + } + } + } + + conference { + // Whether to automatically grant the 'owner' role to the first participant in the conference (and subsequently to + // the next in line when the current owner leaves). + enable-auto-owner = true + + // How long to wait for the initial participant in a conference. + initial-timeout = 15 seconds + + // Whether jicofo should inject a random SSRC for endpoints which don't advertise any SSRCs. This is a temporary + // workaround for an issue with signaling endpoints for Octo. + inject-ssrc-for-recv-only-endpoints = false + + max-ssrcs-per-user = 20 + + // How long a participant's media session will be kept alive once it remains the only participant in the room. + single-participant-timeout = 20 seconds + + // The minimum number of participants required for the conference to be started. + min-participants = 2 + + // Experimental. + enable-lip-sync = false + + shared-document { + // If `true` the shared document uses a random name. Otherwise, it uses the conference name. + use-random-name = false + } + } + + // Configuration for the internal health checks performed by jicofo. + health { + // Whether to perform health checks. + enabled = false + + // The interval between health checks. If set to 0, periodic health checks will not be performed. + interval = 10 seconds + + # The timeout for a health check + timeout = 30 seconds + + # If performing a health check takes longer than this, it is considered unsuccessful. + max-check-duration = 20 seconds + + # The prefix to use when creating MUC rooms for the purpose of health checks. + room-name-prefix = "__jicofo-health-check" + } + + jibri { + // The JID of the MUC to be used as a brewery for jibri instances for streaming. + # brewery-jid = "jibribrewery@example.com" + + // How many times to retry a given Jibri request before giving up. Set to -1 to allow infinite retries. + num-retries = 5 + + // How long to wait for Jibri to start recording from the time it accepts a START request. + pending-timeout = 90 seconds + } + + jibri-sip { + // The JID of the MUC to be used as a brewery for jibri instances for SIP. + # brewery-jid = "jibrisipbrewery@example.com" + } + + jigasi { + // The JID of the MUC to be used as a brewery for jigasi instances. + # brewery-jid = "jigasibrewery@example.com" + } + + // The region in which the machine is running. + #local-region="us-east-1" + + octo { + // Whether or not to use Octo. Note that when enabled, its use will be determined by + // $jicofo.bridge.selection-strategy. + enabled = true + + // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of + // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured. + #id = 1234 + } + + rest { + port = 8888 + tls-port = 8843 + } + + sctp { + // Whether to allocate SCTP channels on the bridge (only when the client advertises support, and SCTP is + // enabled in the per-conference configuration). + enabled = true + } + + task-pools { + shared-pool-max-threads = 1500 + } + + xmpp { + // The separate XMPP connection used for communication with clients (endpoints). + client { + enabled = true + hostname = "localhost" + port = 5222 + #domain = + username = "focus" + #password = + + // How long to wait for a response to a stanza before giving up. + reply-timeout = 15 seconds + + // The JID/domain of the MUC service used for conferencing. + # conference-muc-jid = conference.example.com + + // A flag to suppress the TLS certificate verification. + disable-certificate-verification = false + } + // The separate XMPP connection used for internal services (currently only jitsi-videobridge). + service { + enabled = false + hostname = "localhost" + port = 6222 + #domain = + #username = + #password = + + // How long to wait for a response to a stanza before giving up. + reply-timeout = 15 seconds + + // A flag to suppress the TLS certificate verification. + disable-certificate-verification = false + } + } +} diff --git a/app/jitsi/integration/videobridge.conf b/app/jitsi/integration/videobridge.conf new file mode 100644 index 0000000..2e2548b --- /dev/null +++ b/app/jitsi/integration/videobridge.conf @@ -0,0 +1,279 @@ +videobridge { + entity-expiration { + # If an entity has no activity after this timeout, it is expired + timeout=1 minute + + # The interval at which the videobridge will check for expired entities + check-interval=${videobridge.entity-expiration.timeout} + } + health { + # The interval between health checks + interval=10 seconds + + # The timeout for a health check + timeout=30 seconds + + # If performing a health check takes longer than this, it is considered unsuccessful. + max-check-duration=3 seconds + + # Whether or not health check failures should be 'sticky' + # (i.e. once the bridge becomes unhealthy, it will never + # go back to a healthy state) + sticky-failures=false + } + ep-connection-status { + # How long we'll wait for an endpoint to *start* sending + # data before we consider it 'inactive' + first-transfer-timeout=15 seconds + + # How long an endpoint can be 'inactive' before it will + # be considered disconnected + max-inactivity-limit=3 seconds + + # How often we check endpoint's connectivity status + check-interval=500 milliseconds + } + cc { + bwe-change-threshold=0.15 + thumbnail-max-height-px=180 + onstage-ideal-height-px=1080 + onstage-preferred-height-px=360 + onstage-preferred-framerate=30 + enable-onstage-video-suspend=false + trust-bwe=true + + # How often we check to send probing data + padding-period=15ms + + # How often we'll force recalculations of forwarded + # streams + max-time-between-calculations = 15 seconds + + # A JVB-wide last-n value, observed by all endpoints. Endpoints + # will take the minimum of their setting and this one (-1 implies + # no last-n limit) + jvb-last-n = -1 + } + # The APIs by which the JVB can be controlled + apis { + xmpp-client { + # The interval at which presence is published in the configured MUCs. + presence-interval = ${videobridge.stats.interval} + + configs { + # example-connection-id { + # For the properties which should be + # filled out here, see MucClientConfiguration + # } + } + } + # The COLIBRI REST API + rest { + enabled = false + } + jvb-api { + enabled = false + } + } + # Configuration of the different REST APIs. + # Note that the COLIBRI REST API is configured under videobridge.apis.rest instead. + rest { + debug { + enabled = true + } + health { + enabled = true + } + shutdown { + # Note that the shutdown API requires the COLIBRI API to also be enabled. + enabled = false + } + version { + enabled = true + } + } + http-servers { + # The HTTP server which hosts services intended for 'public' use + # (e.g. websockets for the bridge channel connection) + public { + # See JettyBundleActivatorConfig in Jicoco for values + port = -1 + tls-port = -1 + } + # The HTTP server which hosts services intended for 'private' use + # (e.g. health or debug stats) + private { + # See JettyBundleActivatorConfig in Jicoco for values + host = 127.0.0.1 + } + } + octo { + # Whether or not Octo is enabled + enabled=false + + # A string denoting the 'region' of this JVB. This region + # will be used by Jicofo in the selection of a bridge for + # a client by comparing it to the client's region. + # Must be set when 'enabled' is true + #region="us-west-1" + + # The address on which the Octo relay should bind + # Must be set when 'enabled' is true + #bind-address=198.51.100.1 + + # The port to which the Octo relay should bind + bind-port=4096 + + # The address which controls the public address which + # will be part of the Octo relayId + #public-address=198.51.100.1 + + # The size of the incoming octo queue. This queue is per-remote-endpoint, + # so it matches what we use for local endpoints + recv-queue-size=1024 + + # The size of the outgoing octo queue. This is a per-originating-endpoint + # queue, so assuming all packets are routed (as they currently are for Octo) + # it should be the same size as the transceiver recv queue in + # jitsi-media-transform. Repeating the description from there: + # Assuming 300pps for high-definition, 200pps for standard-definition, + # 100pps for low-definition and 50pps for audio, this queue is fed + # 650pps, so its size in terms of millis is 1024/650*1000 ~= 1575ms. + send-queue-size=1024 + } + load-management { + # Whether or not the reducer will be enabled to take actions to mitigate load + reducer-enabled = false + load-measurements { + packet-rate { + # The packet rate at which we'll consider the bridge overloaded + load-threshold = 50000 + # The packet rate at which we'll consider the bridge 'underloaded' enough + # to start recovery + recovery-threshold = 40000 + } + } + load-reducers { + last-n { + # The factor by which we'll reduce the current last-n when trying to reduce load + reduction-scale = .75 + # The factor by which we'll increase the current last-n when trying to recover + recover-scale = 1.25 + # The minimum time in between runs of the last-n reducer to reduce or recover from + # load + impact-time = 1 minute + # The lowest value we'll set for last-n + minimum-last-n-value = 0 + # The highest last-n value we'll enforce. Once the enforced last-n exceeds this value + # we'll remove the limit entirely + maximum-enforced-last-n-value = 40 + } + } + } + sctp { + # Whether SCTP data channels are enabled. + enabled=true + } + stats { + # Whether periodic collection of statistics is enabled or not. When enabled they are accessible through the REST + # API (at `/colibri/stats`), and are available to other modules (e.g. to be pushed to callstats or in a MUC). + enabled = false + + # The interval at which stats are gathered. + interval = 5 seconds + + # Configuration related to pushing statistics to callstats.io. + callstats { + # An integer application ID (use 0 to disable pushing stats to callstats). + app-id = 0 + + # The shared secred to authentication with callstats.io. + //app-secret = "s3cret" + + # ID of the key that was used to generate token. + //key-id = "abcd" + + # The path to private key file. + //key-path = "/etc/jitsi/videobridge/ecpriv.jwk" + + # The ID of the server instance to be used when reporting to callstats. + bridge-id = "jitsi" + + # TODO: document + //conference-id-prefix = "abcd" + + # The interval at which statististics will be published to callstats. This affects both per-conference and global + # statistics. + # Note that this value will be overriden if a "callstatsio" transport is defined in the parent "stats" section. + interval = ${videobridge.stats.interval} + } + } + websockets { + enabled=false + server-id="default-id" + + # Optional, even when 'enabled' is set to true + # tls=true + # Must be set when enabled = true + #domain="some-domain" + } + ice { + tcp { + # Whether ICE/TCP is enabled. + enabled = false + + # The port to bind to for ICE/TCP. + port = 443 + + # An optional additional port to advertise. + # mapped-port = 8443 + # Whether to use "ssltcp" or plain "tcp". + ssltcp = true + } + + udp { + # The port for ICE/UDP. + port = 10000 + } + + # An optional prefix to include in STUN username fragments generated by the bridge. + #ufrag-prefix = "jvb-123:" + + # Which candidate pairs to keep alive. The accepted values are defined in ice4j's KeepAliveStrategy: + # "selected_and_tcp", "selected_only", or "all_succeeded". + keep-alive-strategy = "selected_and_tcp" + + # Whether to use the "component socket" feature of ice4j. + use-component-socket = true + + # Whether to attempt DNS resolution for remote candidates that contain a non-literal address. When set to 'false' + # such candidates will be ignored. + resolve-remote-candidates = false + + # The nomination strategy to use for ICE. THe accepted values are defined in ice4j's NominationStrategy: + # "NominateFirstValid", "NominateHighestPriority", "NominateFirstHostOrReflexiveValid", or "NominateBestRTT". + nomination-strategy = "NominateFirstValid" + } + + transport { + send { + # The size of the dtls-transport outgoing queue. This is a per-participant + # queue. Packets from the egress end-up in this queue right before + # transmission by the outgoing srtp pipeline (which mainly consists of the + # packet sender). + # + # Its size needs to be of the same order of magnitude as the rtp sender + # queue. In a 100 participant call, assuming 300pps for the on-stage and + # 100pps for low-definition, last-n 20 and 2 participants talking, so + # 2*50pps for audio, this queue is fed 300+19*100+2*50 = 2300pps, so its + # size in terms of millis is 1024/2300*1000 ~= 445ms. + queue-size=1024 + } + } + + version { + // Wheather to announe the jitsi-videobridge version to clients in the ServerHello message. + announce = false + } +} + -- cgit v1.2.3 From 3e7dc8b49dabe1c3613b2bd5063920585efb5c2e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 15:54:17 +0100 Subject: Fix conf links --- app/jitsi/integration/README.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'app') diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 8d81150..b4c4354 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -1,9 +1,4 @@ -Extract conf templates: +Base conf: -```bash -sudo docker-compose run jitsi-conference-focus bash -c \ - 'apt-get update && apt-get install -y unzip && unzip /srv/jicofo/jicofo.jar && cat reference.conf' - -sudo docker-compose run jitsi-videobridge bash -c \ - 'apt-get update && apt-get install -y unzip && unzip /srv/jvb/jitsi-videobridge.jar && cat reference.conf' -``` + - [videobridge.conf](https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf) + - [jicofo.conf](https://github.com/jitsi/jicofo/blob/master/src/main/resources/reference.conf) -- cgit v1.2.3 From 6adb551db44dad3043a12cbccda5a09f43051d93 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 20 Jan 2021 16:02:58 +0100 Subject: More info in README --- app/jitsi/integration/README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'app') diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index b4c4354..725a9dc 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -1,4 +1,32 @@ +## About Jitsi + +Several server components: + - prosody XMPP (ext) + - jitsi videobridge aka JVB + - jitsi conference focus aka jicofo aka focus + - jitsi meet + - octo + - jigasi + - jibri + - etc. + +Some libs: + - libjitsi + - jicoco + - jitsi-utils + - etc. + +Client components: + - jitsi meet electron + - jitsi android/ios + - etc. + +## Conf + Base conf: - [videobridge.conf](https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf) - [jicofo.conf](https://github.com/jitsi/jicofo/blob/master/src/main/resources/reference.conf) + +the following is used in videobridge.conf: +[jicoco/MucClientConfiguration](https://github.com/jitsi/jicoco/blob/master/jicoco/src/main/java/org/jitsi/xmpp/mucclient/MucClientConfiguration.java) -- cgit v1.2.3 From 07765e84561a87a02e4a82a8ea6212f0ffe3b1e3 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 21 Jan 2021 10:11:43 +0100 Subject: Add resources --- app/jitsi/integration/README.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'app') diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 725a9dc..261f71d 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -30,3 +30,8 @@ Base conf: the following is used in videobridge.conf: [jicoco/MucClientConfiguration](https://github.com/jitsi/jicoco/blob/master/jicoco/src/main/java/org/jitsi/xmpp/mucclient/MucClientConfiguration.java) + +## Resources to understand jitsi + + - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) + - [videobridge/debian/postinst](https://github.com/jitsi/jitsi-videobridge/blob/master/debian/postinst) -- cgit v1.2.3 From ebb772e5ba26944ac002c236d33ef164e91c6a7d Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 17:02:10 +0100 Subject: Fix ansible inventory + Fix jicofo's hocon conf + fix jicofo's dockerfile --- app/jitsi/build/jitsi-conference-focus/jicofo | 3 ++- app/jitsi/integration/README.md | 7 +++++++ app/jitsi/integration/jicofo.conf | 2 +- app/jitsi/integration/videobridge.conf | 4 ++-- 4 files changed, 12 insertions(+), 4 deletions(-) (limited to 'app') diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index 1c1f77d..bfc54f6 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -13,7 +13,8 @@ exec java \ -XX:+HeapDumpOnOutOfMemoryError \ -XX:HeapDumpPath=/tmp \ -Djdk.tls.ephemeralDHKeySize=2048 \ - -Djava.util.logging.config.file=/srv/jicofo/lib/logging.properties \ + -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \ + -Dconfig.file=/etc/jitsi/jicofo.conf \ -cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \ org.jitsi.jicofo.Main \ --host=${JITSI_PROSODY_HOST} \ diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index 261f71d..315b5de 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -31,6 +31,13 @@ Base conf: the following is used in videobridge.conf: [jicoco/MucClientConfiguration](https://github.com/jitsi/jicoco/blob/master/jicoco/src/main/java/org/jitsi/xmpp/mucclient/MucClientConfiguration.java) +How the new configuration is read in jicoco: +https://github.com/jitsi/jicoco/blob/master/jicoco-config/src/main/kotlin/org/jitsi/config/JitsiConfig.kt#L83-L91 +They use this library: https://github.com/lightbend/config +We are particularly interested by: https://github.com/lightbend/config#standard-behavior +Using 'application.conf' with classpath does not seem to work. +But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works! + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/jicofo.conf b/app/jitsi/integration/jicofo.conf index ecf45fc..2351cde 100644 --- a/app/jitsi/integration/jicofo.conf +++ b/app/jitsi/integration/jicofo.conf @@ -53,7 +53,7 @@ jicofo { } // The JID of the MUC to be used as a brewery for bridge instances. - brewery-jid = jvbbrewery@example.com + brewery-jid = "jvbbrewery@example.com" } // Configure the codecs and RTP extensions to be used in the offer sent to clients. codec { diff --git a/app/jitsi/integration/videobridge.conf b/app/jitsi/integration/videobridge.conf index 2e2548b..e9bded0 100644 --- a/app/jitsi/integration/videobridge.conf +++ b/app/jitsi/integration/videobridge.conf @@ -220,10 +220,10 @@ videobridge { ice { tcp { # Whether ICE/TCP is enabled. - enabled = false + enabled = true # The port to bind to for ICE/TCP. - port = 443 + port = 8080 # An optional additional port to advertise. # mapped-port = 8443 -- cgit v1.2.3 From 7b57ff72a918ca295e2b00e76da33eec700c6a2a Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 17:52:41 +0100 Subject: Simplify prosody too --- app/jitsi/build/jitsi-conference-focus/Dockerfile | 1 + app/jitsi/build/jitsi-conference-focus/jicofo | 7 +- app/jitsi/build/jitsi-xmpp/Dockerfile | 10 +- .../build/jitsi-xmpp/external_components.cfg.lua | 2 - app/jitsi/build/jitsi-xmpp/xmpp_conf | 49 ---- app/jitsi/build/jitsi-xmpp/xmpp_gen | 5 - app/jitsi/build/jitsi-xmpp/xmpp_run | 18 +- app/jitsi/integration/README.md | 8 + app/jitsi/integration/dev.env | 10 - app/jitsi/integration/jicofo.conf | 273 -------------------- app/jitsi/integration/jicofo/jicofo.conf | 273 ++++++++++++++++++++ app/jitsi/integration/jitsi-certs/.gitignore | 2 - app/jitsi/integration/jvb/videobridge.conf | 279 +++++++++++++++++++++ app/jitsi/integration/prosody/prosody.cfg.lua | 34 +++ app/jitsi/integration/videobridge.conf | 279 --------------------- 15 files changed, 605 insertions(+), 645 deletions(-) delete mode 100644 app/jitsi/build/jitsi-xmpp/external_components.cfg.lua delete mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_conf delete mode 100644 app/jitsi/integration/dev.env delete mode 100644 app/jitsi/integration/jicofo.conf create mode 100644 app/jitsi/integration/jicofo/jicofo.conf delete mode 100644 app/jitsi/integration/jitsi-certs/.gitignore create mode 100644 app/jitsi/integration/jvb/videobridge.conf create mode 100644 app/jitsi/integration/prosody/prosody.cfg.lua delete mode 100644 app/jitsi/integration/videobridge.conf (limited to 'app') diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index f78cc78..e67b3de 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -20,5 +20,6 @@ RUN apt-get update && \ COPY --from=builder /srv/build /usr/share/jicofo COPY jicofo /usr/local/bin +ENV JICOFO_SECRET=IAMDEPRECATED CMD ["/usr/local/bin/jicofo"] diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index bfc54f6..31cd9c4 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -16,9 +16,4 @@ exec java \ -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \ -Dconfig.file=/etc/jitsi/jicofo.conf \ -cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \ - org.jitsi.jicofo.Main \ - --host=${JITSI_PROSODY_HOST} \ - --domain=jitsi.deuxfleurs.fr \ - --secret=${JITSI_SECRET_JICOFO_COMPONENT} \ - --user_domain=auth.jitsi.deuxfleurs.fr \ - --user_password=${JITSI_SECRET_JICOFO_USER} + org.jitsi.jicofo.Main diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index f3dcd36..a682984 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -5,9 +5,15 @@ ARG VERSION RUN apt-get update && \ apt-get install -y prosody=${VERSION} -COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua -COPY xmpp_conf /usr/local/bin/xmpp_conf +mkdir -p /usr/local/share/ca-certificates/ +ln -sf \ + /var/lib/prosody/auth.jitsi.crt \ + /usr/local/share/ca-certificates/auth.jitsi.crt + COPY xmpp_gen /usr/local/bin/xmpp_gen COPY xmpp_run /usr/local/bin/xmpp_run +USER prosody +RUN mkdir /run/prosody && touch /run/prosody/prosody.pid +WORKDIR /var/lib/prosody CMD ["/usr/local/bin/xmpp_run"] diff --git a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua b/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua deleted file mode 100644 index beaaa87..0000000 --- a/app/jitsi/build/jitsi-xmpp/external_components.cfg.lua +++ /dev/null @@ -1,2 +0,0 @@ -component_ports = { 5347 } -component_interface = "0.0.0.0" diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_conf b/app/jitsi/build/jitsi-xmpp/xmpp_conf deleted file mode 100755 index 34b2cb3..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_conf +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -cat >> /etc/hosts < /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua < Date: Thu, 28 Jan 2021 18:55:56 +0100 Subject: WIP integration jitsi --- app/docker-compose.yml | 2 +- app/jitsi/build/jitsi-xmpp/Dockerfile | 19 ++++++----- app/jitsi/build/jitsi-xmpp/xmpp_gen | 4 --- app/jitsi/build/jitsi-xmpp/xmpp_prosody | 5 +++ app/jitsi/build/jitsi-xmpp/xmpp_root | 4 +++ app/jitsi/build/jitsi-xmpp/xmpp_run | 4 --- app/jitsi/integration/01_gen_certs.yml | 8 ----- app/jitsi/integration/02_run.yml | 27 --------------- app/jitsi/integration/README.md | 6 ++++ app/jitsi/integration/docker-compose.yml | 22 ++++++++++++ app/jitsi/integration/prosody/accounts.txt | 2 ++ app/jitsi/integration/prosody/prosody.cfg.lua | 49 +++++++++++++++++++++------ 12 files changed, 89 insertions(+), 63 deletions(-) delete mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_gen create mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_prosody create mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_root delete mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_run delete mode 100644 app/jitsi/integration/01_gen_certs.yml delete mode 100644 app/jitsi/integration/02_run.yml create mode 100644 app/jitsi/integration/docker-compose.yml create mode 100644 app/jitsi/integration/prosody/accounts.txt (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index d734c20..d8a6ab2 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -74,7 +74,7 @@ services: context: ./jitsi/build/jitsi-xmpp args: VERSION: 0.11.2-1 - image: superboum/amd64_jitsi_xmpp:v8 + image: superboum/amd64_jitsi_xmpp:v9 plume: build: diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index a682984..b32953a 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -5,15 +5,16 @@ ARG VERSION RUN apt-get update && \ apt-get install -y prosody=${VERSION} -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.crt \ - /usr/local/share/ca-certificates/auth.jitsi.crt +RUN mkdir -p /usr/local/share/ca-certificates/ && \ + ln -sf \ + /var/lib/prosody/certs/auth.jitsi.crt \ + /usr/local/share/ca-certificates/auth.jitsi.crt && \ + mkdir /run/prosody && \ + touch /run/prosody/prosody.pid && \ + mkdir -p /var/lib/prosody -COPY xmpp_gen /usr/local/bin/xmpp_gen -COPY xmpp_run /usr/local/bin/xmpp_run +COPY xmpp_root /usr/local/bin/xmpp_root +COPY xmpp_prosody /usr/local/bin/xmpp_prosody -USER prosody -RUN mkdir /run/prosody && touch /run/prosody/prosody.pid WORKDIR /var/lib/prosody -CMD ["/usr/local/bin/xmpp_run"] +CMD ["/usr/local/bin/xmpp_root"] diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen deleted file mode 100755 index a66aad8..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_gen +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -prosodyctl cert generate jitsi.deuxfleurs.fr -prosodyctl cert generate auth.jitsi.deuxfleurs.fr diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_prosody b/app/jitsi/build/jitsi-xmpp/xmpp_prosody new file mode 100755 index 0000000..1101302 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody @@ -0,0 +1,5 @@ +#!/bin/bash +chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody + +cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register +exec prosody diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_root b/app/jitsi/build/jitsi-xmpp/xmpp_root new file mode 100755 index 0000000..293915f --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_root @@ -0,0 +1,4 @@ +#!/bin/bash + +chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody +exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run deleted file mode 100755 index 81329d2..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_run +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} -prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE} -exec prosody diff --git a/app/jitsi/integration/01_gen_certs.yml b/app/jitsi/integration/01_gen_certs.yml deleted file mode 100644 index bf73291..0000000 --- a/app/jitsi/integration/01_gen_certs.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v2 - command: ["/usr/local/bin/xmpp_gen"] - volumes: [ './jitsi-certs/:/certs:rw' ] - env_file: [ 'dev.env' ] - diff --git a/app/jitsi/integration/02_run.yml b/app/jitsi/integration/02_run.yml deleted file mode 100644 index 73eefad..0000000 --- a/app/jitsi/integration/02_run.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '3.4' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v3 - ports: - - "5222:5222" - - "5347:5347" - - "5280:5280" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-meet: - image: superboum/amd64_jitsi_meet:v1 - ports: - - "443:443" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-conference-focus: - image: superboum/amd64_jitsi_conference_focus:v4 - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-videobridge: - image: superboum/amd64_jitsi_videobridge:v14 - ports: - - "8080:8080/tcp" - - "10000:10000/udp" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index e295745..d2d25c1 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -46,6 +46,12 @@ But we can see this is a deprecated thing, it has been already removed from mast For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set But maybe this value is deprecated: the check is still here but it is not used anymore?! +## Generate certs with prosody +``` +prosodyctl cert generate auth.jitsi +prosodyctl cert generate jitsi +``` + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml new file mode 100644 index 0000000..0a4012a --- /dev/null +++ b/app/jitsi/integration/docker-compose.yml @@ -0,0 +1,22 @@ +version: '3.4' +services: + jitsi-xmpp: + image: superboum/amd64_jitsi_xmpp:v9 + volumes: + - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua" + - "./prosody/accounts.txt:/etc/prosody/accounts.txt" + - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt" + - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key" + - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt" + - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key" + jitsi-meet: + image: superboum/amd64_jitsi_meet:v1 + ports: + - "443:443" + jitsi-conference-focus: + image: superboum/amd64_jitsi_conference_focus:v4 + jitsi-videobridge: + image: superboum/amd64_jitsi_videobridge:v14 + ports: + - "8080:8080/tcp" + - "10000:10000/udp" diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt new file mode 100644 index 0000000..ef4f2cd --- /dev/null +++ b/app/jitsi/integration/prosody/accounts.txt @@ -0,0 +1,2 @@ +focus auth.jitsi xxx +jvb auth.jitsi yyy diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index edfd820..5f18e2a 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,12 +1,41 @@ -component_ports = { 5347 } +daemonize = false +allow_registration = false +use_libevent = true component_interface = "0.0.0.0" -http_ports = { ${JITSI_PROSODY_BOSH_PORT} } +component_ports = { 5347 } +http_ports = { 5280 } + +-- Not sure all modules are required +modules_enabled = { + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "compression"; -- Stream compression (requires the lua-zlib package installed) + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + -- jitsi + "smacks"; + "carbons"; + "mam"; + "lastactivity"; + "offline"; + "pubsub"; + "adhoc"; + "websocket"; + "http_altconnect"; +} + log = { - error="/dev/stderr" - info="/dev/stdout" + "*console"; } -VirtualHost "jitsi.deuxfleurs.fr" +VirtualHost "jitsi" authentication = "anonymous" ssl = { key = "/var/lib/prosody/jitsi.key"; @@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr" } c2s_require_encryption = false -VirtualHost "auth.jitsi.deuxfleurs.fr" +VirtualHost "auth.jitsi" ssl = { key = "/var/lib/prosody/auth.jitsi.key"; certificate = "/var/lib/prosody/auth.jitsi.crt"; } authentication = "internal_plain" - admins = { "focus@auth.jitsi.deuxfleurs.fr"} + admins = { "focus@auth.jitsi"} -Component "conference.jitsi.deuxfleurs.fr" "muc" -Component "internal.auth.jitsi.deuxfleurs.fr" "muc" +Component "conference.jitsi" "muc" +Component "internal.auth.jitsi" "muc" storage = "memory" modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } -- cgit v1.2.3 From 0e848bb2d0e705e5e0858fe8f2c02a3c9c8f45e5 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 19:28:15 +0100 Subject: Polished prosody --- app/docker-compose.yml | 2 +- app/jitsi/build/jitsi-xmpp/Dockerfile | 15 +++++++++++---- app/jitsi/build/jitsi-xmpp/xmpp_prosody | 2 -- app/jitsi/build/jitsi-xmpp/xmpp_root | 4 ---- app/jitsi/integration/README.md | 4 ++++ app/jitsi/integration/docker-compose.yml | 12 ++++++------ app/jitsi/integration/jicofo/jicofo.conf | 4 ++-- app/jitsi/integration/prosody/prosody.cfg.lua | 9 +++++---- 8 files changed, 29 insertions(+), 23 deletions(-) delete mode 100755 app/jitsi/build/jitsi-xmpp/xmpp_root (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index d8a6ab2..14a62b8 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -73,7 +73,7 @@ services: build: context: ./jitsi/build/jitsi-xmpp args: - VERSION: 0.11.2-1 + VERSION: 0.11.7-1~buster4 image: superboum/amd64_jitsi_xmpp:v9 plume: diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index b32953a..6357cc6 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -3,7 +3,13 @@ FROM debian:buster ARG VERSION RUN apt-get update && \ - apt-get install -y prosody=${VERSION} + apt-get install -y wget gnupg2 && \ + echo deb http://packages.prosody.im/debian buster main \ + | tee -a /etc/apt/sources.list && \ + wget https://prosody.im/files/prosody-debian-packages.key -O - \ + | apt-key add - && \ + apt-get update && \ + apt-get install -y prosody=${VERSION} lua-event RUN mkdir -p /usr/local/share/ca-certificates/ && \ ln -sf \ @@ -11,10 +17,11 @@ RUN mkdir -p /usr/local/share/ca-certificates/ && \ /usr/local/share/ca-certificates/auth.jitsi.crt && \ mkdir /run/prosody && \ touch /run/prosody/prosody.pid && \ - mkdir -p /var/lib/prosody + mkdir -p /var/lib/prosody && \ + chown -R prosody:prosody /var/lib/prosody /run/prosody -COPY xmpp_root /usr/local/bin/xmpp_root COPY xmpp_prosody /usr/local/bin/xmpp_prosody WORKDIR /var/lib/prosody -CMD ["/usr/local/bin/xmpp_root"] +USER prosody +CMD ["/usr/local/bin/xmpp_prosody"] diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_prosody b/app/jitsi/build/jitsi-xmpp/xmpp_prosody index 1101302..4ae73f4 100755 --- a/app/jitsi/build/jitsi-xmpp/xmpp_prosody +++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody @@ -1,5 +1,3 @@ #!/bin/bash -chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody - cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register exec prosody diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_root b/app/jitsi/build/jitsi-xmpp/xmpp_root deleted file mode 100755 index 293915f..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_root +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody -exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index d2d25c1..7f334af 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -52,6 +52,10 @@ prosodyctl cert generate auth.jitsi prosodyctl cert generate jitsi ``` +## An example prosody configuration file + +https://github.com/jitsi/jitsi-meet/blob/master/doc/example-config-files/prosody.cfg.lua.example + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml index 0a4012a..64cd82d 100644 --- a/app/jitsi/integration/docker-compose.yml +++ b/app/jitsi/integration/docker-compose.yml @@ -3,12 +3,12 @@ services: jitsi-xmpp: image: superboum/amd64_jitsi_xmpp:v9 volumes: - - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua" - - "./prosody/accounts.txt:/etc/prosody/accounts.txt" - - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt" - - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key" - - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt" - - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key" + - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua:ro" + - "./prosody/accounts.txt:/etc/prosody/accounts.txt:ro" + - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt:ro" + - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key:ro" + - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt:ro" + - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key:ro" jitsi-meet: image: superboum/amd64_jitsi_meet:v1 ports: diff --git a/app/jitsi/integration/jicofo/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf index edb87c5..203cd15 100644 --- a/app/jitsi/integration/jicofo/jicofo.conf +++ b/app/jitsi/integration/jicofo/jicofo.conf @@ -241,9 +241,9 @@ jicofo { enabled = true hostname = "jitsi-xmpp" port = 5222 - #domain = + domain = "auth.jitsi" username = "focus" - password = "3x@mple01" + password = "xxx" // How long to wait for a response to a stanza before giving up. reply-timeout = 15 seconds diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 5f18e2a..2f75d83 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -4,6 +4,7 @@ use_libevent = true component_interface = "0.0.0.0" component_ports = { 5347 } http_ports = { 5280 } +https_ports = {} -- Not sure all modules are required modules_enabled = { @@ -13,14 +14,13 @@ modules_enabled = { "dialback"; -- s2s dialback support "disco"; -- Service discovery "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. - "compression"; -- Stream compression (requires the lua-zlib package installed) "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more -- jitsi - "smacks"; + --"smacks"; -- not shipped with prosody "carbons"; "mam"; "lastactivity"; @@ -28,11 +28,12 @@ modules_enabled = { "pubsub"; "adhoc"; "websocket"; - "http_altconnect"; + --"http_altconnect"; -- not shipped with prosody } log = { - "*console"; + --log less on console with warn="*console"; or err="*console" or more with debug="*console" + info="*console"; } VirtualHost "jitsi" -- cgit v1.2.3 From 47bcdaaf0dc6d8caaaa8bd30055420ae90cc73eb Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 21:05:10 +0100 Subject: Rework prosody's configuration --- app/docker-compose.yml | 3 +- app/jitsi/build/jitsi-conference-focus/jicofo | 6 - app/jitsi/build/jitsi-xmpp/Dockerfile | 16 ++- app/jitsi/integration/README.md | 6 + app/jitsi/integration/docker-compose.yml | 23 ++-- app/jitsi/integration/jicofo/jicofo.conf | 14 +-- app/jitsi/integration/prosody/prosody.cfg.lua | 137 +++++++++++++-------- app/jitsi/integration/prosody/prosody.cfg.lua.back | 64 ++++++++++ 8 files changed, 192 insertions(+), 77 deletions(-) create mode 100644 app/jitsi/integration/prosody/prosody.cfg.lua.back (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index 14a62b8..3bab916 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -73,7 +73,8 @@ services: build: context: ./jitsi/build/jitsi-xmpp args: - VERSION: 0.11.7-1~buster4 + MEET_VERSION: 5390 + PROSODY_VERSION: 0.11.7-1~buster4 image: superboum/amd64_jitsi_xmpp:v9 plume: diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index 31cd9c4..2225e98 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -1,13 +1,7 @@ #!/bin/bash -cp ${JITSI_CERTS_FOLDER}/auth.jitsi.deuxfleurs.fr.crt /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt update-ca-certificates -f -cat >> /etc/hosts < Date: Thu, 28 Jan 2021 21:47:35 +0100 Subject: Trying to switch on a development version --- app/docker-compose.yml | 10 +++++----- app/jitsi/build/jitsi-conference-focus/Dockerfile | 5 ++--- app/jitsi/build/jitsi-xmpp/xmpp_prosody | 8 +++++++- app/jitsi/integration/docker-compose.yml | 14 +++++++++++++- app/jitsi/integration/jicofo/jicofo.conf | 6 +++--- app/jitsi/integration/prosody/accounts.txt | 2 -- app/jitsi/integration/prosody/prosody.cfg.lua | 2 +- 7 files changed, 31 insertions(+), 16 deletions(-) delete mode 100644 app/jitsi/integration/prosody/accounts.txt (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index 3bab916..72e6955 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -48,8 +48,8 @@ services: args: # https://github.com/jitsi/jitsi-meet PREFIXV: stable/jitsi-meet_ - VERSION: 5390 - image: superboum/amd64_jitsi_meet:v3 + VERSION: 5463 + image: superboum/amd64_jitsi_meet:v4 jitsi-conference-focus: build: @@ -57,7 +57,7 @@ services: args: # https://github.com/jitsi/jicofo PREFIXV: stable/jitsi-meet_ - VERSION: 5390 + VERSION: 5463 image: superboum/amd64_jitsi_conference_focus:v7 jitsi-videobridge: @@ -66,14 +66,14 @@ services: args: # https://github.com/jitsi/jitsi-videobridge PREFIXV: stable/jitsi-meet_ - VERSION: 5390 + VERSION: 5463 image: superboum/amd64_jitsi_videobridge:v17 jitsi-xmpp: build: context: ./jitsi/build/jitsi-xmpp args: - MEET_VERSION: 5390 + MEET_VERSION: 5463 PROSODY_VERSION: 0.11.7-1~buster4 image: superboum/amd64_jitsi_xmpp:v9 diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index e67b3de..525bffb 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -3,9 +3,9 @@ FROM debian:buster AS builder ARG PREFIXV ARG VERSION RUN apt-get update && \ - apt-get install -y openjdk-11-jdk maven wget unzip && \ - wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip + apt-get install -y openjdk-11-jdk-headless maven wget unzip +RUN wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip RUN unzip jicofo.zip && \ mv jicofo*${VERSION} jicofo && \ cd jicofo && \ @@ -20,6 +20,5 @@ RUN apt-get update && \ COPY --from=builder /srv/build /usr/share/jicofo COPY jicofo /usr/local/bin -ENV JICOFO_SECRET=IAMDEPRECATED CMD ["/usr/local/bin/jicofo"] diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_prosody b/app/jitsi/build/jitsi-xmpp/xmpp_prosody index 4ae73f4..af179e5 100755 --- a/app/jitsi/build/jitsi-xmpp/xmpp_prosody +++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody @@ -1,3 +1,9 @@ #!/bin/bash -cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register +prosodyctl register focus auth.jitsi ${JICOFO_AUTH_PASSWORD} +prosodyctl register jvb auth.jitsi ${JVB_AUTH_PASSWORD} + +# copied from jitsi-meet.postinst +# Make sure the focus@auth user's roster includes the proxy component (this is idempotent) +prosodyctl mod_roster_command subscribe focus.jitsi focus@auth.jitsi + exec prosody diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml index 70bb41a..3aa3954 100644 --- a/app/jitsi/integration/docker-compose.yml +++ b/app/jitsi/integration/docker-compose.yml @@ -4,16 +4,28 @@ services: image: superboum/amd64_jitsi_xmpp:v9 volumes: - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua:ro" - - "./prosody/accounts.txt:/etc/prosody/accounts.txt:ro" - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt:ro" - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key:ro" - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt:ro" - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key:ro" + environment: + - JICOFO_AUTH_PASSWORD=jicofopass + - JVB_AUTH_PASSWORD=jvbpass + jitsi-conference-focus: image: superboum/amd64_jitsi_conference_focus:v7 volumes: - "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro" - "./jicofo/jicofo.conf:/etc/jitsi/jicofo.conf:ro" +# environment: +# - JDOMAIN=jitsi +# - JHOST=jitsi-xmpp +# - JPORT=5347 +# - JSUBDOMAIN=focus +# - JICOFO_SECRET=jicofosecretpass +# - JUSERDOMAIN=auth.jitsi +# - JUSERNAME=focus@auth.jitsi +# - JICOFO_AUTH_PASSWORD=jicofopass # jitsi-meet: # image: superboum/amd64_jitsi_meet:v1 # ports: diff --git a/app/jitsi/integration/jicofo/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf index c4fe5e4..477d37e 100644 --- a/app/jitsi/integration/jicofo/jicofo.conf +++ b/app/jitsi/integration/jicofo/jicofo.conf @@ -242,8 +242,8 @@ jicofo { hostname = "jitsi-xmpp" port = 5222 domain = "auth.jitsi" - username = "focus" - password = "xxx" + username = "focus@auth.jitsi" + password = "jicofopass" // How long to wait for a response to a stanza before giving up. reply-timeout = 15 seconds @@ -261,7 +261,7 @@ jicofo { port = 5222 domain = "auth.jitsi" username = "focus" - password = "xxx" + password = "jicofopass" // How long to wait for a response to a stanza before giving up. reply-timeout = 15 seconds diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt deleted file mode 100644 index ef4f2cd..0000000 --- a/app/jitsi/integration/prosody/accounts.txt +++ /dev/null @@ -1,2 +0,0 @@ -focus auth.jitsi xxx -jvb auth.jitsi yyy diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index da38be9..42831ce 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -85,7 +85,7 @@ VirtualHost "auth.jitsi" authentication = "internal_plain" Component "focus.jitsi" - component_secret = "focusSecret" + component_secret = "jicofosecretpass" Component "speakerstats.jitsi" "speakerstats_component" muc_component = "conference.jitsi" -- cgit v1.2.3 From 982efd1b49f7435f7c49c2099aabfc994d3901fb Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 28 Jan 2021 23:02:37 +0100 Subject: Still so broken... --- app/docker-compose.yml | 5 +++-- app/jitsi/build/jitsi-conference-focus/Dockerfile | 9 ++++----- app/jitsi/build/jitsi-xmpp/Dockerfile | 9 +++++---- app/jitsi/integration/docker-compose.yml | 18 +++++++++--------- app/jitsi/integration/jicofo/jicofo.conf | 4 ++-- app/jitsi/integration/prosody/prosody.cfg.lua | 11 ++++++++--- 6 files changed, 31 insertions(+), 25 deletions(-) (limited to 'app') diff --git a/app/docker-compose.yml b/app/docker-compose.yml index 72e6955..717e8ce 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -56,7 +56,7 @@ services: context: ./jitsi/build/jitsi-conference-focus args: # https://github.com/jitsi/jicofo - PREFIXV: stable/jitsi-meet_ + PREFIXV: jitsi-meet_ VERSION: 5463 image: superboum/amd64_jitsi_conference_focus:v7 @@ -65,7 +65,7 @@ services: context: ./jitsi/build/jitsi-videobridge args: # https://github.com/jitsi/jitsi-videobridge - PREFIXV: stable/jitsi-meet_ + PREFIXV: jitsi-meet_ VERSION: 5463 image: superboum/amd64_jitsi_videobridge:v17 @@ -73,6 +73,7 @@ services: build: context: ./jitsi/build/jitsi-xmpp args: + PREFIXV: jitsi-meet_ MEET_VERSION: 5463 PROSODY_VERSION: 0.11.7-1~buster4 image: superboum/amd64_jitsi_xmpp:v9 diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index 525bffb..db50746 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -1,10 +1,9 @@ -FROM debian:buster AS builder +FROM fedora:33 AS builder + +RUN dnf install -y java-latest-openjdk-headless maven wget unzip ARG PREFIXV ARG VERSION -RUN apt-get update && \ - apt-get install -y openjdk-11-jdk-headless maven wget unzip - RUN wget https://github.com/jitsi/jicofo/archive/${PREFIXV}${VERSION}.zip -O jicofo.zip RUN unzip jicofo.zip && \ mv jicofo*${VERSION} jicofo && \ @@ -13,7 +12,7 @@ RUN unzip jicofo.zip && \ unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \ mv jicofo-1.1-SNAPSHOT /srv/build -FROM debian:buster +FROM debian:bullseye RUN apt-get update && \ apt-get install -y openjdk-11-jre-headless ca-certificates diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index e3a8f8f..90aae76 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -1,11 +1,12 @@ FROM debian:buster as builder -ARG MEET_VERSION WORKDIR /tmp +ARG MEET_VERSION +ARG PREFIXV RUN apt-get update && \ - apt-get install -y wget unzip && \ - wget https://github.com/jitsi/jitsi-meet/archive/stable/jitsi-meet_${MEET_VERSION}.zip -O meet.zip && \ - unzip meet.zip && \ + apt-get install -y wget unzip +RUN wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${MEET_VERSION}.zip -O meet.zip +RUN unzip meet.zip && \ mv jitsi-meet-* jitsi-meet FROM debian:buster diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml index 3aa3954..2f8141a 100644 --- a/app/jitsi/integration/docker-compose.yml +++ b/app/jitsi/integration/docker-compose.yml @@ -17,15 +17,15 @@ services: volumes: - "./prosody/certs/auth.jitsi.crt:/usr/local/share/ca-certificates/auth.jitsi.crt:ro" - "./jicofo/jicofo.conf:/etc/jitsi/jicofo.conf:ro" -# environment: -# - JDOMAIN=jitsi -# - JHOST=jitsi-xmpp -# - JPORT=5347 -# - JSUBDOMAIN=focus -# - JICOFO_SECRET=jicofosecretpass -# - JUSERDOMAIN=auth.jitsi -# - JUSERNAME=focus@auth.jitsi -# - JICOFO_AUTH_PASSWORD=jicofopass + environment: + - JDOMAIN=jitsi + - JHOST=jitsi-xmpp + - JPORT=5347 + - JSUBDOMAIN=focus + - JICOFO_SECRET=jicofosecretpass + - JUSERDOMAIN=auth.jitsi + - JUSERNAME=focus + - JICOFO_AUTH_PASSWORD=jicofopass # jitsi-meet: # image: superboum/amd64_jitsi_meet:v1 # ports: diff --git a/app/jitsi/integration/jicofo/jicofo.conf b/app/jitsi/integration/jicofo/jicofo.conf index 477d37e..4ef175f 100644 --- a/app/jitsi/integration/jicofo/jicofo.conf +++ b/app/jitsi/integration/jicofo/jicofo.conf @@ -242,14 +242,14 @@ jicofo { hostname = "jitsi-xmpp" port = 5222 domain = "auth.jitsi" - username = "focus@auth.jitsi" + username = "focus" password = "jicofopass" // How long to wait for a response to a stanza before giving up. reply-timeout = 15 seconds // The JID/domain of the MUC service used for conferencing. - # conference-muc-jid = conference.example.com + conference-muc-jid = conference.jitsi // A flag to suppress the TLS certificate verification. disable-certificate-verification = false diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 42831ce..215bb5b 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,4 +1,9 @@ plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } + +log = { + --log less on console with warn="*console"; or err="*console" or more with debug="*console" + debug="*console"; +} daemonize = false use_libevent = true @@ -29,7 +34,7 @@ ssl = { } VirtualHost "jitsi" - -- enabled = false -- Remove this line to enable this host + enabled = true -- Remove this line to enable this host authentication = "anonymous" -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" @@ -67,7 +72,7 @@ Component "conference.jitsi" "muc" "muc_domain_mapper"; --"token_verification"; } - admins = { "focusUser@auth.jitsi" } + admins = { "focus@auth.jitsi" } muc_room_locking = false muc_room_default_public_jids = true @@ -77,7 +82,7 @@ Component "internal.auth.jitsi" "muc" modules_enabled = { "ping"; } - admins = { "focusUser@auth.jitsi", "jvb@auth.jitsi" } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" } muc_room_locking = false muc_room_default_public_jids = true -- cgit v1.2.3