From a3ca27055d76904be5aa0a0cf3d8ba276c72d78c Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 2 Feb 2023 15:32:40 +0100 Subject: [PATCH] fix integration --- cluster/prod/app/jitsi/integration/README.md | 29 +++++++++++++++++++ .../prod/app/jitsi/integration/meet/config.js | 2 +- .../app/jitsi/integration/meet/nginx.conf | 5 ++-- .../jitsi/integration/prosody/prosody.cfg.lua | 2 ++ 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/cluster/prod/app/jitsi/integration/README.md b/cluster/prod/app/jitsi/integration/README.md index 97a559e..b45cd17 100644 --- a/cluster/prod/app/jitsi/integration/README.md +++ b/cluster/prod/app/jitsi/integration/README.md @@ -47,6 +47,35 @@ But we can see this is a deprecated thing, it has been already removed from mast For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set But maybe this value is deprecated: the check is still here but it is not used anymore?! +## Run the integration suite + +start a maintainance container + +``` +docker run --rm -it -v `pwd`/prosody/certs/:/var/lib/prosody/ -v `pwd`/prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua:ro --user root superboum/amd64_jitsi_xmpp:v11 bash +``` + +then generate certificates from inside this container + +``` +cd /var/lib/prosody/ +chown -R prosody . +prosodyctl cert generate auth.jitsi +prosodyctl cert generate jitsi +``` + +then start the stack + +```bash +docker-compose up +``` + +go to the URL by using a LAN/WAN IP (not localhost) and accept the self signed cert. + +``` +https://192.168.1.143 +``` + ## Generate certs with prosody ``` prosodyctl cert generate auth.jitsi diff --git a/cluster/prod/app/jitsi/integration/meet/config.js b/cluster/prod/app/jitsi/integration/meet/config.js index 04414c3..97c5d4d 100644 --- a/cluster/prod/app/jitsi/integration/meet/config.js +++ b/cluster/prod/app/jitsi/integration/meet/config.js @@ -22,7 +22,7 @@ var config = { }, // BOSH URL. FIXME: use XEP-0156 to discover it. - bosh: '//rayonx.machine.deuxfleurs.fr/http-bind', + bosh: '//192.168.1.143/http-bind', // Websocket URL // websocket: 'wss://jitsi-meet.example.com/xmpp-websocket', diff --git a/cluster/prod/app/jitsi/integration/meet/nginx.conf b/cluster/prod/app/jitsi/integration/meet/nginx.conf index 16a63f9..07841e5 100644 --- a/cluster/prod/app/jitsi/integration/meet/nginx.conf +++ b/cluster/prod/app/jitsi/integration/meet/nginx.conf @@ -63,8 +63,9 @@ http { location /http-bind { proxy_pass http://jitsi-xmpp:5280/http-bind; - proxy_set_header X-Forwarded-For \$remote_addr; - proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For $remote_addr; + #proxy_set_header Host $http_host; + proxy_set_header Host jitsi-bosh; } diff --git a/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua index b5bc0b9..5d993e8 100644 --- a/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/cluster/prod/app/jitsi/integration/prosody/prosody.cfg.lua @@ -50,6 +50,7 @@ consider_bosh_secure = true; component_ports = { } -- it seems we don't need external components for now... https_ports = { } -- we don't need http http_ports = { 5280 } +http_interfaces = { "0.0.0.0", "::" } c2s_ports = { 5222 } s2s_ports = { } @@ -90,6 +91,7 @@ VirtualHost "jitsi" c2s_require_encryption = false lobby_muc = "lobby.jitsi" main_muc = "conference.jitsi" + http_host = "jitsi-bosh" -- muc_lobby_whitelist = { "recorder.jitmeet.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms Component "conference.jitsi" "muc"