From 0a87d26e47646fb0a3e9a9399ea83b39640583b1 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 1 Feb 2021 08:40:59 +0100 Subject: [PATCH] Polish configuration --- app/docker-compose.yml | 6 ++---- app/jitsi/build/jitsi-conference-focus/Dockerfile | 7 ++++--- app/jitsi/build/jitsi-conference-focus/jicofo | 8 -------- app/jitsi/build/jitsi-meet/Dockerfile | 15 ++++++--------- app/jitsi/build/jitsi-videobridge/jvb_run | 9 --------- app/jitsi/build/jitsi-xmpp/Dockerfile | 13 +++++-------- app/jitsi/integration/prosody/prosody.cfg.lua | 15 +++++++++++---- 7 files changed, 28 insertions(+), 45 deletions(-) diff --git a/app/docker-compose.yml b/app/docker-compose.yml index 2b996e0..35e4972 100644 --- a/app/docker-compose.yml +++ b/app/docker-compose.yml @@ -47,8 +47,7 @@ services: context: ./jitsi/build/jitsi-meet args: # https://github.com/jitsi/jitsi-meet - PREFIXV: jitsi-meet_ - VERSION: 5463 + MEET_TAG: jitsi-meet_5463 image: superboum/amd64_jitsi_meet:v4 jitsi-conference-focus: @@ -72,8 +71,7 @@ services: build: context: ./jitsi/build/jitsi-xmpp args: - PREFIXV: jitsi-meet_ - MEET_VERSION: 5463 + MEET_TAG: jitsi-meet_5463 PROSODY_VERSION: 0.11.7-1~buster4 image: superboum/amd64_jitsi_xmpp:v9 diff --git a/app/jitsi/build/jitsi-conference-focus/Dockerfile b/app/jitsi/build/jitsi-conference-focus/Dockerfile index 0e11df9..13e99be 100644 --- a/app/jitsi/build/jitsi-conference-focus/Dockerfile +++ b/app/jitsi/build/jitsi-conference-focus/Dockerfile @@ -1,7 +1,8 @@ -FROM fedora:33 AS builder +FROM debian:buster AS builder # unzip is required when executing the mvn package command -RUN dnf install -y java-latest-openjdk-headless maven git unzip +RUN apt-get update && \ + apt-get install -y openjdk-11-jdk-headless maven git unzip ARG JICOFO_TAG RUN git clone --depth 1 --branch $JICOFO_TAG https://github.com/jitsi/jicofo @@ -14,7 +15,7 @@ RUN mvn package -DskipTests -Dassembly.skipAssembly=false RUN unzip target/jicofo-1.1-SNAPSHOT-archive.zip && \ mv jicofo-1.1-SNAPSHOT /srv/build -FROM debian:bullseye +FROM debian:buster RUN apt-get update && \ apt-get install -y openjdk-11-jre-headless ca-certificates diff --git a/app/jitsi/build/jitsi-conference-focus/jicofo b/app/jitsi/build/jitsi-conference-focus/jicofo index 344b293..e307e9f 100755 --- a/app/jitsi/build/jitsi-conference-focus/jicofo +++ b/app/jitsi/build/jitsi-conference-focus/jicofo @@ -2,15 +2,7 @@ update-ca-certificates -f -if [ -z "${JICOFO_MEMORY}" ]; then - echo "You must set the env variable 'JICOFO_MEMORY'. eg. JICOFO_MEMORY=3072m" - exit 1 -fi - exec java \ - -Xmx${JICOFO_MEMORY} \ - -XX:+HeapDumpOnOutOfMemoryError \ - -XX:HeapDumpPath=/tmp \ -Djdk.tls.ephemeralDHKeySize=2048 \ -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \ -Dconfig.file=/etc/jitsi/jicofo.conf \ diff --git a/app/jitsi/build/jitsi-meet/Dockerfile b/app/jitsi/build/jitsi-meet/Dockerfile index b2aac62..b74c04e 100644 --- a/app/jitsi/build/jitsi-meet/Dockerfile +++ b/app/jitsi/build/jitsi-meet/Dockerfile @@ -1,18 +1,15 @@ FROM debian:buster AS builder -ARG PREFIXV -ARG VERSION - RUN apt-get update && \ apt-get install -y curl && \ curl -sL https://deb.nodesource.com/setup_14.x | bash - && \ - apt-get install -y git nodejs make wget unzip && \ - wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${VERSION}.zip -O jitsi-meet.zip + apt-get install -y git nodejs make git unzip -RUN unzip jitsi-meet.zip && \ - mv jitsi-meet-*${VERSION} jitsi-meet && \ - cd jitsi-meet && \ - npm install && \ +ARG MEET_TAG +RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet + +WORKDIR jitsi-meet +RUN npm install && \ make FROM debian:buster diff --git a/app/jitsi/build/jitsi-videobridge/jvb_run b/app/jitsi/build/jitsi-videobridge/jvb_run index c82712c..7522fae 100755 --- a/app/jitsi/build/jitsi-videobridge/jvb_run +++ b/app/jitsi/build/jitsi-videobridge/jvb_run @@ -9,18 +9,9 @@ if [ -z "${JITSI_NAT_PUBLIC_IP}" ]; then JITSI_NAT_PUBLIC_IP=$(curl https://ifconfig.me) fi -if [ -z "${JVB_MEMORY}" ]; then - echo "You must set the env variable 'JVB_MEMORY'. eg: JVB_MEMORY=3072m" - exit 1 -fi - echo "NAT config: ${JITSI_NAT_LOCAL_IP} -> ${JITSI_NAT_PUBLIC_IP}" exec java \ - -Xmx${JVB_MEMORY} \ - -XX:+UseConcMarkSweepGC \ - -XX:+HeapDumpOnOutOfMemoryError \ - -XX:HeapDumpPath=/tmp \ -Djdk.tls.ephemeralDHKeySize=2048 \ -Djava.util.logging.config.file=/usr/share/jvb/lib/logging.properties \ -Dconfig.file=/etc/jitsi/videobridge.conf \ diff --git a/app/jitsi/build/jitsi-xmpp/Dockerfile b/app/jitsi/build/jitsi-xmpp/Dockerfile index 90aae76..80b89f0 100644 --- a/app/jitsi/build/jitsi-xmpp/Dockerfile +++ b/app/jitsi/build/jitsi-xmpp/Dockerfile @@ -1,13 +1,10 @@ FROM debian:buster as builder -WORKDIR /tmp -ARG MEET_VERSION -ARG PREFIXV RUN apt-get update && \ - apt-get install -y wget unzip -RUN wget https://github.com/jitsi/jitsi-meet/archive/${PREFIXV}${MEET_VERSION}.zip -O meet.zip -RUN unzip meet.zip && \ - mv jitsi-meet-* jitsi-meet + apt-get install -y git unzip + +ARG MEET_TAG +RUN git clone --depth 1 --branch ${MEET_TAG} https://github.com/jitsi/jitsi-meet/ FROM debian:buster @@ -30,7 +27,7 @@ RUN mkdir -p /usr/local/share/ca-certificates/ && \ mkdir -p /var/lib/prosody && \ chown -R prosody:prosody /var/lib/prosody /run/prosody -COPY --from=builder /tmp/jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/ +COPY --from=builder /jitsi-meet/resources/prosody-plugins /usr/share/jitsi-meet/prosody-plugins/ COPY xmpp_prosody /usr/local/bin/xmpp_prosody WORKDIR /var/lib/prosody diff --git a/app/jitsi/integration/prosody/prosody.cfg.lua b/app/jitsi/integration/prosody/prosody.cfg.lua index 92a40bf..b5bc0b9 100644 --- a/app/jitsi/integration/prosody/prosody.cfg.lua +++ b/app/jitsi/integration/prosody/prosody.cfg.lua @@ -21,12 +21,13 @@ modules_enabled = { "websocket"; --"http_altconnect"; -- not shipped with prosody } +modules_disabled = { "s2s" } plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } log = { --log less on console with warn="*console"; or err="*console" or more with debug="*console" - debug="*console"; + info="*console"; } daemonize = false use_libevent = true @@ -45,10 +46,12 @@ muc_mapper_domain_base = "jitsi.deuxfleurs.fr"; cross_domain_bosh = false; consider_bosh_secure = true; -https_ports = { }; -- Remove this line to prevent listening on port 5284 -component_interface = "0.0.0.0" -component_ports = { 5347 } +--component_ports = { 5347 } +component_ports = { } -- it seems we don't need external components for now... +https_ports = { } -- we don't need http http_ports = { 5280 } +c2s_ports = { 5222 } +s2s_ports = { } -- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 @@ -111,6 +114,10 @@ Component "internal.auth.jitsi" "muc" muc_room_default_public_jids = true VirtualHost "auth.jitsi" + ssl = { + key = "/var/lib/prosody/auth.jitsi.key"; + certificate = "/var/lib/prosody/auth.jitsi.crt"; + } authentication = "internal_plain" Component "focus.jitsi" "client_proxy"