Rework jitsi-xmpp to support cert gen

This commit is contained in:
Quentin 2020-03-22 18:01:54 +01:00
parent e24522d828
commit cef60898b5
14 changed files with 122 additions and 41 deletions

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
*.retry
.git_old/
debug/gladdrinfo
*.swp

View file

@ -0,0 +1,8 @@
version: '3'
services:
jitsi-xmpp:
build: ./jitsi-xmpp
command: ["/usr/local/bin/xmpp_gen"]
volumes: [ './jitsi-certs/:/certs:rw' ]
env_file: [ 'dev.env' ]

17
docker/jitsi/02_run.yml Normal file
View file

@ -0,0 +1,17 @@
version: '3'
services:
jitsi-xmpp:
build: ./jitsi-xmpp
ports:
- "5222:5222"
- "5347:5347"
- "5280:5280"
env_file: [ 'dev.env' ]
jitsi-front:
build: ./jitsi-front
ports:
- "80:80"
env_file: [ 'dev.env' ]
jitsi-conference-focus:
build: ./jitsi-conference-focus
env_file: [ 'dev.env' ]

View file

@ -3,11 +3,18 @@ This installation is inspired by: https://github.com/jitsi/jitsi-meet/blob/maste
To build images:
```
docker-compose build
docker-compose -f 02_run.yml build
```
To run stack:
To gen the certs:
```
docker-compose up --force-recreate
docker-compose -f 01_gen_certs.yml up --force-recreate
```
To run the stack:
```
docker-compose -f 02_run.yml up --force-recreate
```

7
docker/jitsi/dev.env Normal file
View file

@ -0,0 +1,7 @@
JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
JITSI_SECRET_JICOFO_USER=S3CR3T03
JITSI_PROSODY_BOSH_PORT=5280
JITSI_PROSODY_BOSH_HOST=172.17.0.1
JITSI_PROSODY_HOST=172.17.0.1
JITSI_CERTS_FOLDER=/certs/

View file

@ -1,20 +0,0 @@
version: '2.0'
services:
jitsi-xmpp:
build: ./jitsi-xmpp
ports:
- "5222:5222"
- "5347:5347"
- "5280:5280"
environment:
- JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
- JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
- JITSI_SECRET_JICOFO_USER=S3CR3T03
jitsi-front:
build: ./jitsi-front
ports:
- "80:80"
environment:
- JITSI_PROSODY_BOSH_PORT=5280
- JITSI_PROSODY_BOSH_HOST=172.17.0.1

2
docker/jitsi/jitsi-certs/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*
!.gitignore

View file

@ -0,0 +1,22 @@
FROM debian:buster AS builder
RUN apt-get update && \
apt-get install -y openjdk-11-jdk maven git unzip && \
git clone --depth=1 https://github.com/jitsi/jicofo.git && \
cd jicofo && \
mvn package -DskipTests -Dassembly.skipAssembly=false
RUN cd jicofo && \
unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \
mv jicofo-1.1-SNAPSHOT /srv/jicofo
FROM debian:buster
RUN apt-get update && \
apt-get install -y openjdk-11-jdk
COPY --from=builder /srv/jicofo /srv/jicofo
COPY jicofo /usr/local/bin/jicofo
CMD ["/usr/local/bin/jicofo"]

View file

@ -0,0 +1,8 @@
#!/bin/bash
/srv/jicofo/jicofo.sh \
--host=${JITSI_PROSODY_HOST} \
--domain=jitsi.deuxfleurs.fr \
--secret=${JITSI_SECRET_JICOFO_COMPONENT} \
--user_domain=auth.jitsi.deuxfleurs.fr \
--user_password=${JITSI_SECRET_JICOFO_USER}

View file

@ -0,0 +1,15 @@
FROM debian:buster AS builder
RUN apt-get update && \
apt-get install -y wget unzip
ENV VERSION=1132
RUN wget https://download.jitsi.org/jitsi-videobridge/linux/jitsi-videobridge-linux-x64-${VERSION}.zip -O jvb.zip && \
unzip jvb.zip && \
mv jitsi-videobridge-linux-x64-${VERSION} jvb
FROM debian:buster
RUN apt-get update && \
apt-get install -y

View file

@ -4,6 +4,8 @@ RUN apt-get update && \
apt-get install -y prosody
COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
COPY entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint"]
CMD ["/usr/bin/prosody"]
COPY xmpp_conf /usr/local/bin/xmpp_conf
COPY xmpp_gen /usr/local/bin/xmpp_gen
COPY xmpp_run /usr/local/bin/xmpp_run
CMD ["/usr/local/bin/xmpp_run"]

View file

@ -34,19 +34,4 @@ ln -sf \
/etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
/etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
prosodyctl cert generate jitsi.deuxfleurs.fr
prosodyctl cert generate auth.jitsi.deuxfleurs.fr
mkdir -p /usr/local/share/ca-certificates/
ln -sf \
/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
mkdir /run/prosody
touch /run/prosody/prosody.pid
chown -R prosody:prosody /run/prosody
cd /var/lib/prosody
su - prosody -s /bin/bash -c "$@"

View file

@ -0,0 +1,9 @@
#!/bin/bash
/usr/local/bin/xmpp_conf
prosodyctl cert generate jitsi.deuxfleurs.fr
prosodyctl cert generate auth.jitsi.deuxfleurs.fr
cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}

View file

@ -0,0 +1,18 @@
#!/bin/bash
/usr/local/bin/xmpp_conf
cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
mkdir -p /usr/local/share/ca-certificates/
ln -sf \
/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
/usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
mkdir /run/prosody
touch /run/prosody/prosody.pid
chown -R prosody:prosody /run/prosody
cd /var/lib/prosody
su - prosody -s /bin/bash -c prosody