diff --git a/app/docker-compose.yml b/app/docker-compose.yml index d734c20..d8a6ab2 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -74,7 +74,7 @@ services: context: ./jitsi/build/jitsi-xmpp args: VERSION: 0.11.2-1 - image: superboum/amd64_jitsi_xmpp:v8 + image: superboum/amd64_jitsi_xmpp:v9 plume: build: diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index a682984..b32953a 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -5,15 +5,16 @@ ARG VERSION RUN apt-get update && \ apt-get install -y prosody=${VERSION} -mkdir -p /usr/local/share/ca-certificates/ -ln -sf \ - /var/lib/prosody/auth.jitsi.crt \ - /usr/local/share/ca-certificates/auth.jitsi.crt +RUN mkdir -p /usr/local/share/ca-certificates/ && \ + ln -sf \ + /var/lib/prosody/certs/auth.jitsi.crt \ + /usr/local/share/ca-certificates/auth.jitsi.crt && \ + mkdir /run/prosody && \ + touch /run/prosody/prosody.pid && \ + mkdir -p /var/lib/prosody -COPY xmpp_gen /usr/local/bin/xmpp_gen -COPY xmpp_run /usr/local/bin/xmpp_run +COPY xmpp_root /usr/local/bin/xmpp_root +COPY xmpp_prosody /usr/local/bin/xmpp_prosody -USER prosody -RUN mkdir /run/prosody && touch /run/prosody/prosody.pid WORKDIR /var/lib/prosody -CMD ["/usr/local/bin/xmpp_run"] +CMD ["/usr/local/bin/xmpp_root"] diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_gen b/app/jitsi/build/jitsi-xmpp/xmpp_gen deleted file mode 100755 index a66aad8..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_gen +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -prosodyctl cert generate jitsi.deuxfleurs.fr -prosodyctl cert generate auth.jitsi.deuxfleurs.fr diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_prosody b/app/jitsi/build/jitsi-xmpp/xmpp_prosody new file mode 100755 index 0000000..1101302 --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody @@ -0,0 +1,5 @@ +#!/bin/bash +chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody + +cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register +exec prosody diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_root b/app/jitsi/build/jitsi-xmpp/xmpp_root new file mode 100755 index 0000000..293915f --- /dev/null +++ b/app/jitsi/build/jitsi-xmpp/xmpp_root @@ -0,0 +1,4 @@ +#!/bin/bash + +chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody +exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody diff --git a/app/jitsi/build/jitsi-xmpp/xmpp_run b/app/jitsi/build/jitsi-xmpp/xmpp_run deleted file mode 100755 index 81329d2..0000000 --- a/app/jitsi/build/jitsi-xmpp/xmpp_run +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER} -prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE} -exec prosody diff --git a/app/jitsi/integration/01_gen_certs.yml b/app/jitsi/integration/01_gen_certs.yml deleted file mode 100644 index bf73291..0000000 --- a/app/jitsi/integration/01_gen_certs.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v2 - command: ["/usr/local/bin/xmpp_gen"] - volumes: [ './jitsi-certs/:/certs:rw' ] - env_file: [ 'dev.env' ] - diff --git a/app/jitsi/integration/02_run.yml b/app/jitsi/integration/02_run.yml deleted file mode 100644 index 73eefad..0000000 --- a/app/jitsi/integration/02_run.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '3.4' -services: - jitsi-xmpp: - image: superboum/amd64_jitsi_xmpp:v3 - ports: - - "5222:5222" - - "5347:5347" - - "5280:5280" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-meet: - image: superboum/amd64_jitsi_meet:v1 - ports: - - "443:443" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-conference-focus: - image: superboum/amd64_jitsi_conference_focus:v4 - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] - jitsi-videobridge: - image: superboum/amd64_jitsi_videobridge:v14 - ports: - - "8080:8080/tcp" - - "10000:10000/udp" - env_file: [ 'dev.env' ] - volumes: [ './jitsi-certs/:/certs:ro' ] diff --git a/app/jitsi/integration/README.md b/app/jitsi/integration/README.md index e295745..d2d25c1 100644 --- a/app/jitsi/integration/README.md +++ b/app/jitsi/integration/README.md @@ -46,6 +46,12 @@ But we can see this is a deprecated thing, it has been already removed from mast For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set But maybe this value is deprecated: the check is still here but it is not used anymore?! +## Generate certs with prosody +``` +prosodyctl cert generate auth.jitsi +prosodyctl cert generate jitsi +``` + ## Resources to understand jitsi - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst) diff --git a/app/jitsi/integration/docker-compose.yml b/app/jitsi/integration/docker-compose.yml new file mode 100644 index 0000000..0a4012a --- /dev/null +++ b/app/jitsi/integration/docker-compose.yml @@ -0,0 +1,22 @@ +version: '3.4' +services: + jitsi-xmpp: + image: superboum/amd64_jitsi_xmpp:v9 + volumes: + - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua" + - "./prosody/accounts.txt:/etc/prosody/accounts.txt" + - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt" + - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key" + - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt" + - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key" + jitsi-meet: + image: superboum/amd64_jitsi_meet:v1 + ports: + - "443:443" + jitsi-conference-focus: + image: superboum/amd64_jitsi_conference_focus:v4 + jitsi-videobridge: + image: superboum/amd64_jitsi_videobridge:v14 + ports: + - "8080:8080/tcp" + - "10000:10000/udp" diff --git a/app/jitsi/integration/prosody/accounts.txt b/app/jitsi/integration/prosody/accounts.txt new file mode 100644 index 0000000..ef4f2cd --- /dev/null +++ b/app/jitsi/integration/prosody/accounts.txt @@ -0,0 +1,2 @@ +focus auth.jitsi xxx +jvb auth.jitsi yyy diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index edfd820..5f18e2a 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -1,12 +1,41 @@ -component_ports = { 5347 } +daemonize = false +allow_registration = false +use_libevent = true component_interface = "0.0.0.0" -http_ports = { ${JITSI_PROSODY_BOSH_PORT} } -log = { - error="/dev/stderr" - info="/dev/stdout" +component_ports = { 5347 } +http_ports = { 5280 } + +-- Not sure all modules are required +modules_enabled = { + "roster"; -- Allow users to have a roster. Recommended ;) + "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. + "tls"; -- Add support for secure TLS on c2s/s2s connections + "dialback"; -- s2s dialback support + "disco"; -- Service discovery + "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + "compression"; -- Stream compression (requires the lua-zlib package installed) + "version"; -- Replies to server version requests + "uptime"; -- Report how long server has been running + "time"; -- Let others know the time here on this server + "ping"; -- Replies to XMPP pings with pongs + "pep"; -- Enables users to publish their mood, activity, playing music and more + -- jitsi + "smacks"; + "carbons"; + "mam"; + "lastactivity"; + "offline"; + "pubsub"; + "adhoc"; + "websocket"; + "http_altconnect"; } -VirtualHost "jitsi.deuxfleurs.fr" +log = { + "*console"; +} + +VirtualHost "jitsi" authentication = "anonymous" ssl = { key = "/var/lib/prosody/jitsi.key"; @@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr" } c2s_require_encryption = false -VirtualHost "auth.jitsi.deuxfleurs.fr" +VirtualHost "auth.jitsi" ssl = { key = "/var/lib/prosody/auth.jitsi.key"; certificate = "/var/lib/prosody/auth.jitsi.crt"; } authentication = "internal_plain" - admins = { "focus@auth.jitsi.deuxfleurs.fr"} + admins = { "focus@auth.jitsi"} -Component "conference.jitsi.deuxfleurs.fr" "muc" -Component "internal.auth.jitsi.deuxfleurs.fr" "muc" +Component "conference.jitsi" "muc" +Component "internal.auth.jitsi" "muc" storage = "memory" modules_enabled = { "ping"; } - admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" } + admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }