Finally it seems to work

2020-09-13 11:46:14 +02:00 · 2020-09-13 11:46:14 +02:00 · da034dabfc
parent 744fa8b8c9
commit da034dabfc
9 changed files with 55 additions and 34 deletions
--- a/app/build/docker-compose.yml
+++ b/app/build/docker-compose.yml
@ -44,7 +44,7 @@ services:
        # https://github.com/jitsi/jicofo
        PREFIXV: stable/jitsi-meet_
        VERSION: 4966
-    image: superboum/amd64_jitsi_conference_focus:v3
+    image: superboum/amd64_jitsi_conference_focus:v4

  jitsi-videobridge:
    build:
@ -53,11 +53,11 @@ services:
        # https://github.com/jitsi/jitsi-videobridge
        PREFIXV: stable/jitsi-meet_
        VERSION: 4966
-    image: superboum/amd64_jitsi_videobridge:v13
+    image: superboum/amd64_jitsi_videobridge:v14

  jitsi-xmpp:
    build:
      context: ./jitsi-xmpp
      args:
        VERSION: fake-1
-    image: superboum/amd64_jitsi_xmpp:v2
+    image: superboum/amd64_jitsi_xmpp:v3
--- a/app/build/jitsi-conference-focus/Dockerfile
+++ b/app/build/jitsi-conference-focus/Dockerfile
@ -16,7 +16,9 @@ RUN unzip jicofo.zip && \
 FROM debian:buster

 RUN apt-get update && \
-    apt-get install -y openjdk-11-jdk ca-certificates
+    apt-get install -y openjdk-11-jre-headless ca-certificates
+
+ENV JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/root -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=.sip-communicator -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi"

 COPY --from=builder /srv/build /srv/jicofo
 COPY jicofo /usr/local/bin/jicofo
--- a/app/build/jitsi-conference-focus/sip-communicator.properties
+++ b/app/build/jitsi-conference-focus/sip-communicator.properties
@ -1 +1,2 @@
 org.jitsi.jicofo.SHORT_ID=1
+org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
--- a/app/build/jitsi-videobridge/jvb_run
+++ b/app/build/jitsi-videobridge/jvb_run
@ -8,9 +8,24 @@ EOF
 mkdir -p /root/.sip-communicator

 cat > /root/.sip-communicator/sip-communicator.properties <<EOF
+# Enable broadcasting stats/presence in a MUC
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+
+# Connect to the first XMPP server
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD=${JITSI_SECRET_VIDEOBRIDGE}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC=JvbBrewery@internal.auth.jitsi.deuxfleurs.fr
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=singleton
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+# Do we need it? @FIXME
 org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
-# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
-# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
+
+# NAT things, two times just in case...
 org.ice4j.ice.harvest.TCP_HARVESTER_PORT=${JITSI_VIDEO_TCP}
 org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${JITSI_NAT_LOCAL_IP}
 org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${JITSI_NAT_PUBLIC_IP}
--- a/app/build/jitsi-xmpp/xmpp_conf
+++ b/app/build/jitsi-xmpp/xmpp_conf
@ -8,31 +8,36 @@ EOF
 mkdir -p /etc/prosody/conf.{d,avail}/
 cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
 VirtualHost "jitsi.deuxfleurs.fr"
-    authentication = "anonymous"
-    ssl = {
-        key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
-        certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
-    }
-    modules_enabled = {
-        "bosh";
-        "pubsub";
-    }
-    c2s_require_encryption = false
+  authentication = "anonymous"
+  ssl = {
+    key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
+    certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
+  }
+  modules_enabled = {
+    "bosh";
+    "pubsub";
+  }
+  c2s_require_encryption = false

 VirtualHost "auth.jitsi.deuxfleurs.fr"
-    ssl = {
-        key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
-        certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
-    }
-    authentication = "internal_plain"
-
-admins = { "focus@auth.jitsi.deuxfleurs.fr" }
+  ssl = {
+    key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
+    certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
+  }
+  authentication = "internal_plain"
+  admins = { "focus@auth.jitsi.deuxfleurs.fr"}

 Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+  storage = "memory"
+  modules_enabled = { "ping"; }
+  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+
 Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
    component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
 Component "focus.jitsi.deuxfleurs.fr"
    component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
+
 EOF

 ln -sf \
--- a/app/build/jitsi-xmpp/xmpp_run
+++ b/app/build/jitsi-xmpp/xmpp_run
@ -10,6 +10,7 @@ ln -sf \
  /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt

 prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
+prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}

 mkdir /run/prosody
 touch /run/prosody/prosody.pid
--- a/app/integration/jitsi/01_gen_certs.yml
+++ b/app/integration/jitsi/01_gen_certs.yml
@ -1,7 +1,7 @@
 version: '3'
 services:
  jitsi-xmpp:
-    image: ./jitsi-xmpp:v2
+    image: superboum/amd64_jitsi_xmpp:v2
    command: ["/usr/local/bin/xmpp_gen"]
    volumes: [ './jitsi-certs/:/certs:rw' ]
    env_file: [ 'dev.env' ]
--- a/app/integration/jitsi/02_run.yml
+++ b/app/integration/jitsi/02_run.yml
@ -1,8 +1,7 @@
 version: '3.4'
 services:
  jitsi-xmpp:
-    image: superboum/amd64_jitsi_xmpp:v2
-    network_mode: host
+    image: superboum/amd64_jitsi_xmpp:v3
    ports:
      - "5222:5222"
      - "5347:5347"
@ -16,15 +15,13 @@ services:
    env_file: [ 'dev.env' ]
    volumes: [ './jitsi-certs/:/certs:ro' ]
  jitsi-conference-focus:
-    image: superboum/amd64_jitsi_conference_focus:v3
+    image: superboum/amd64_jitsi_conference_focus:v4
    env_file: [ 'dev.env' ]
    volumes: [ './jitsi-certs/:/certs:ro' ]
  jitsi-videobridge:
-    image: superboum/amd64_jitsi_videobridge:v11
-    network_mode: host
+    image: superboum/amd64_jitsi_videobridge:v14
    ports:
      - "8080:8080/tcp"
      - "10000:10000/udp"
    env_file: [ 'dev.env' ]
    volumes: [ './jitsi-certs/:/certs:ro' ]
-    
--- a/app/integration/jitsi/dev.env
+++ b/app/integration/jitsi/dev.env
@ -2,9 +2,9 @@ JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
 JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
 JITSI_SECRET_JICOFO_USER=S3CR3T03
 JITSI_PROSODY_BOSH_PORT=5280
-JITSI_PROSODY_BOSH_HOST=127.0.0.1
-JITSI_PROSODY_HOST=127.0.0.1
+JITSI_PROSODY_BOSH_HOST=172.17.0.1
+JITSI_PROSODY_HOST=172.17.0.1
 JITSI_CERTS_FOLDER=/certs/
-JITSI_NAT_PUBLIC_IP=77.204.7.239
-JITSI_NAT_LOCAL_IP=192.168.0.18
+JITSI_NAT_PUBLIC_IP=37.164.35.154
+JITSI_NAT_LOCAL_IP=192.168.0.231
 JITSI_VIDEO_TCP=8080