WIP integration jitsi

This commit is contained in:
Quentin 2021-01-28 18:55:56 +01:00
parent 7b57ff72a9
commit 4809e27220
12 changed files with 90 additions and 64 deletions

View file

@ -74,7 +74,7 @@ services:
context: ./jitsi/build/jitsi-xmpp
args:
VERSION: 0.11.2-1
image: superboum/amd64_jitsi_xmpp:v8
image: superboum/amd64_jitsi_xmpp:v9
plume:
build:

View file

@ -5,15 +5,16 @@ ARG VERSION
RUN apt-get update && \
apt-get install -y prosody=${VERSION}
mkdir -p /usr/local/share/ca-certificates/
RUN mkdir -p /usr/local/share/ca-certificates/ && \
ln -sf \
/var/lib/prosody/auth.jitsi.crt \
/usr/local/share/ca-certificates/auth.jitsi.crt
/var/lib/prosody/certs/auth.jitsi.crt \
/usr/local/share/ca-certificates/auth.jitsi.crt && \
mkdir /run/prosody && \
touch /run/prosody/prosody.pid && \
mkdir -p /var/lib/prosody
COPY xmpp_gen /usr/local/bin/xmpp_gen
COPY xmpp_run /usr/local/bin/xmpp_run
COPY xmpp_root /usr/local/bin/xmpp_root
COPY xmpp_prosody /usr/local/bin/xmpp_prosody
USER prosody
RUN mkdir /run/prosody && touch /run/prosody/prosody.pid
WORKDIR /var/lib/prosody
CMD ["/usr/local/bin/xmpp_run"]
CMD ["/usr/local/bin/xmpp_root"]

View file

@ -1,4 +0,0 @@
#!/bin/bash
prosodyctl cert generate jitsi.deuxfleurs.fr
prosodyctl cert generate auth.jitsi.deuxfleurs.fr

View file

@ -0,0 +1,5 @@
#!/bin/bash
chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
cat /etc/prosody/accounts.txt | xargs -n3 prosodyctl register
exec prosody

View file

@ -0,0 +1,4 @@
#!/bin/bash
chown -R prosody:prosody /var/lib/prosody /etc/prosody /run/prosody
exec su -s /bin/bash -c /usr/local/bin/xmpp_prosody - prosody

View file

@ -1,4 +0,0 @@
#!/bin/bash
prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
exec prosody

View file

@ -1,8 +0,0 @@
version: '3'
services:
jitsi-xmpp:
image: superboum/amd64_jitsi_xmpp:v2
command: ["/usr/local/bin/xmpp_gen"]
volumes: [ './jitsi-certs/:/certs:rw' ]
env_file: [ 'dev.env' ]

View file

@ -1,27 +0,0 @@
version: '3.4'
services:
jitsi-xmpp:
image: superboum/amd64_jitsi_xmpp:v3
ports:
- "5222:5222"
- "5347:5347"
- "5280:5280"
env_file: [ 'dev.env' ]
volumes: [ './jitsi-certs/:/certs:ro' ]
jitsi-meet:
image: superboum/amd64_jitsi_meet:v1
ports:
- "443:443"
env_file: [ 'dev.env' ]
volumes: [ './jitsi-certs/:/certs:ro' ]
jitsi-conference-focus:
image: superboum/amd64_jitsi_conference_focus:v4
env_file: [ 'dev.env' ]
volumes: [ './jitsi-certs/:/certs:ro' ]
jitsi-videobridge:
image: superboum/amd64_jitsi_videobridge:v14
ports:
- "8080:8080/tcp"
- "10000:10000/udp"
env_file: [ 'dev.env' ]
volumes: [ './jitsi-certs/:/certs:ro' ]

View file

@ -46,6 +46,12 @@ But we can see this is a deprecated thing, it has been already removed from mast
For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
But maybe this value is deprecated: the check is still here but it is not used anymore?!
## Generate certs with prosody
```
prosodyctl cert generate auth.jitsi
prosodyctl cert generate jitsi
```
## Resources to understand jitsi
- [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)

View file

@ -0,0 +1,22 @@
version: '3.4'
services:
jitsi-xmpp:
image: superboum/amd64_jitsi_xmpp:v9
volumes:
- "./prosody/prosody.cfg.lua:/etc/prosody/prosody.cfg.lua"
- "./prosody/accounts.txt:/etc/prosody/accounts.txt"
- "./prosody/certs/jitsi.crt:/var/lib/prosody/jitsi.crt"
- "./prosody/certs/jitsi.key:/var/lib/prosody/jitsi.key"
- "./prosody/certs/auth.jitsi.crt:/var/lib/prosody/auth.jitsi.crt"
- "./prosody/certs/auth.jitsi.key:/var/lib/prosody/auth.jitsi.key"
jitsi-meet:
image: superboum/amd64_jitsi_meet:v1
ports:
- "443:443"
jitsi-conference-focus:
image: superboum/amd64_jitsi_conference_focus:v4
jitsi-videobridge:
image: superboum/amd64_jitsi_videobridge:v14
ports:
- "8080:8080/tcp"
- "10000:10000/udp"

View file

@ -0,0 +1,2 @@
focus auth.jitsi xxx
jvb auth.jitsi yyy

View file

@ -1,12 +1,41 @@
component_ports = { 5347 }
daemonize = false
allow_registration = false
use_libevent = true
component_interface = "0.0.0.0"
http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
log = {
error="/dev/stderr"
info="/dev/stdout"
component_ports = { 5347 }
http_ports = { 5280 }
-- Not sure all modules are required
modules_enabled = {
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
"compression"; -- Stream compression (requires the lua-zlib package installed)
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
-- jitsi
"smacks";
"carbons";
"mam";
"lastactivity";
"offline";
"pubsub";
"adhoc";
"websocket";
"http_altconnect";
}
VirtualHost "jitsi.deuxfleurs.fr"
log = {
"*console";
}
VirtualHost "jitsi"
authentication = "anonymous"
ssl = {
key = "/var/lib/prosody/jitsi.key";
@ -18,17 +47,17 @@ VirtualHost "jitsi.deuxfleurs.fr"
}
c2s_require_encryption = false
VirtualHost "auth.jitsi.deuxfleurs.fr"
VirtualHost "auth.jitsi"
ssl = {
key = "/var/lib/prosody/auth.jitsi.key";
certificate = "/var/lib/prosody/auth.jitsi.crt";
}
authentication = "internal_plain"
admins = { "focus@auth.jitsi.deuxfleurs.fr"}
admins = { "focus@auth.jitsi"}
Component "conference.jitsi.deuxfleurs.fr" "muc"
Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
Component "conference.jitsi" "muc"
Component "internal.auth.jitsi" "muc"
storage = "memory"
modules_enabled = { "ping"; }
admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
admins = { "focus@auth.jitsi", "jvb@auth.jitsi" }