WIP integration jitsi

2021-01-28 18:55:56 +01:00 · 2021-01-28 18:55:56 +01:00 · 4809e27220
commit 4809e27220
parent 7b57ff72a9
12 changed files with 90 additions and 64 deletions
--- a/app/docker-compose.yml
+++ b/app/docker-compose.yml
@ -74,7 +74,7 @@ services:
      context: ./jitsi/build/jitsi-xmpp
      args:
        VERSION: 0.11.2-1
-    image: superboum/amd64_jitsi_xmpp:v8
+    image: superboum/amd64_jitsi_xmpp:v9

  plume:
    build:
--- a/app/jitsi/build/jitsi-xmpp/Dockerfile
+++ b/app/jitsi/build/jitsi-xmpp/Dockerfile
@ -5,15 +5,16 @@ ARG VERSION
 RUN apt-get update && \
    apt-get install -y prosody=${VERSION}

-mkdir -p /usr/local/share/ca-certificates/
-ln -sf \
-  /var/lib/prosody/auth.jitsi.crt \
-  /usr/local/share/ca-certificates/auth.jitsi.crt
+RUN mkdir -p /usr/local/share/ca-certificates/ && \
+    ln -sf \
+      /var/lib/prosody/certs/auth.jitsi.crt \
+      /usr/local/share/ca-certificates/auth.jitsi.crt && \
+    mkdir /run/prosody && \
+    touch /run/prosody/prosody.pid && \
+    mkdir -p /var/lib/prosody

-COPY xmpp_gen /usr/local/bin/xmpp_gen
-COPY xmpp_run /usr/local/bin/xmpp_run
+COPY xmpp_root /usr/local/bin/xmpp_root
+COPY xmpp_prosody /usr/local/bin/xmpp_prosody

-USER prosody
-RUN mkdir /run/prosody && touch /run/prosody/prosody.pid
 WORKDIR /var/lib/prosody
-CMD ["/usr/local/bin/xmpp_run"]
+CMD ["/usr/local/bin/xmpp_root"]
--- a/app/jitsi/build/jitsi-xmpp/xmpp_gen
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_gen
@ -1,4 +0,0 @@
-#!/bin/bash
-
-prosodyctl cert generate jitsi.deuxfleurs.fr
-prosodyctl cert generate auth.jitsi.deuxfleurs.fr
--- a/app/jitsi/build/jitsi-xmpp/xmpp_prosody
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_prosody
@ -0,0 +1,5 @@
+#!/bin/bash
+chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
+
+cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register
+exec prosody
--- a/app/jitsi/build/jitsi-xmpp/xmpp_root
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_root
@ -0,0 +1,4 @@
+#!/bin/bash
+
+chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
+exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody
--- a/app/jitsi/build/jitsi-xmpp/xmpp_run
+++ b/app/jitsi/build/jitsi-xmpp/xmpp_run
@ -1,4 +0,0 @@
-#!/bin/bash
-prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
-prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
-exec prosody
--- a/app/jitsi/integration/01_gen_certs.yml
+++ b/app/jitsi/integration/01_gen_certs.yml
@ -1,8 +0,0 @@
-version: '3'
-services:
-  jitsi-xmpp:
-    image: superboum/amd64_jitsi_xmpp:v2
-    command: ["/usr/local/bin/xmpp_gen"]
-    volumes: [ './jitsi-certs/:/certs:rw' ]
-    env_file: [ 'dev.env' ]
-
--- a/app/jitsi/integration/02_run.yml
+++ b/app/jitsi/integration/02_run.yml
@ -1,27 +0,0 @@
-version: '3.4'
-services:
-  jitsi-xmpp:
-    image: superboum/amd64_jitsi_xmpp:v3
-    ports:
-      - "5222:5222"
-      - "5347:5347"
-      - "5280:5280"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-meet:
-    image: superboum/amd64_jitsi_meet:v1
-    ports:
-      - "443:443"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-conference-focus:
-    image: superboum/amd64_jitsi_conference_focus:v4
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
-  jitsi-videobridge:
-    image: superboum/amd64_jitsi_videobridge:v14
-    ports:
-      - "8080:8080/tcp"
-      - "10000:10000/udp"
-    env_file: [ 'dev.env' ]
-    volumes: [ './jitsi-certs/:/certs:ro' ]
--- a/app/jitsi/integration/README.md
+++ b/app/jitsi/integration/README.md
@ -46,6 +46,12 @@ But we can see this is a deprecated thing, it has been already removed from mast
 For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
 But maybe this value is deprecated: the check is still here but it is not used anymore?!

+## Generate certs with prosody
+```
+prosodyctl cert generate auth.jitsi
+prosodyctl cert generate jitsi
+```
+
 ## Resources to understand jitsi

  - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)
--- a/app/jitsi/integration/docker-compose.yml
+++ b/app/jitsi/integration/docker-compose.yml
@ -0,0 +1,22 @@
+version: '3.4'
+services:
+  jitsi-xmpp:
+    image: superboum/amd64_jitsi_xmpp:v9
+    volumes:
+      - "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua"
+      - "./prosody/accounts.txt:/etc/prosody/accounts.txt"
+      - "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt"
+      - "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key"
+      - "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt"
+      - "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key"
+  jitsi-meet:
+    image: superboum/amd64_jitsi_meet:v1
+    ports:
+      - "443:443"
+  jitsi-conference-focus:
+    image: superboum/amd64_jitsi_conference_focus:v4
+  jitsi-videobridge:
+    image: superboum/amd64_jitsi_videobridge:v14
+    ports:
+      - "8080:8080/tcp"
+      - "10000:10000/udp"
--- a/app/jitsi/integration/prosody/accounts.txt
+++ b/app/jitsi/integration/prosody/accounts.txt
@ -0,0 +1,2 @@
+focus auth.jitsi xxx
+jvb auth.jitsi yyy
--- a/app/jitsi/integration/prosody/prosody.cfg.lua
+++ b/app/jitsi/integration/prosody/prosody.cfg.lua
@ -1,12 +1,41 @@
-component_ports = { 5347 }
+daemonize = false
+allow_registration = false
+use_libevent = true
 component_interface = "0.0.0.0"
-http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
-log = {
-  error="/dev/stderr"
-  info="/dev/stdout"
+component_ports = { 5347 }
+http_ports = { 5280 }
+
+-- Not sure all modules are required
+modules_enabled = {
+  "roster"; -- Allow users to have a roster. Recommended ;)
+  "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
+  "tls"; -- Add support for secure TLS on c2s/s2s connections
+  "dialback"; -- s2s dialback support
+  "disco"; -- Service discovery
+  "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+  "compression"; -- Stream compression (requires the lua-zlib package installed)
+  "version"; -- Replies to server version requests
+  "uptime"; -- Report how long server has been running
+  "time"; -- Let others know the time here on this server
+  "ping"; -- Replies to XMPP pings with pongs
+  "pep"; -- Enables users to publish their mood, activity, playing music and more
+  -- jitsi
+  "smacks";
+  "carbons";
+  "mam";
+  "lastactivity";
+  "offline";
+  "pubsub";
+  "adhoc";
+  "websocket";
+  "http_altconnect";
 }

-VirtualHost "jitsi.deuxfleurs.fr"
+log = {
+ "*console";
+}
+
+VirtualHost "jitsi"
  authentication = "anonymous"
  ssl = {
    key = "/var/lib/prosody/jitsi.key";
@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr"
  }
  c2s_require_encryption = false

-VirtualHost "auth.jitsi.deuxfleurs.fr"
+VirtualHost "auth.jitsi"
  ssl = {
    key = "/var/lib/prosody/auth.jitsi.key";
    certificate = "/var/lib/prosody/auth.jitsi.crt";
  }
  authentication = "internal_plain"
-  admins = { "focus@auth.jitsi.deuxfleurs.fr"}
+  admins = { "focus@auth.jitsi"}

-Component "conference.jitsi.deuxfleurs.fr" "muc"
-Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+Component "conference.jitsi" "muc"
+Component "internal.auth.jitsi" "muc"
  storage = "memory"
  modules_enabled = { "ping"; }
-  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+  admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }