Simplify prosody too

app/jitsi/build/jitsi-conference-focus/Dockerfile

@@ -20,5 +20,6 @@ RUN apt-get update && \
 
 COPY --from=builder /srv/build /usr/share/jicofo
 COPY jicofo /usr/local/bin
+ENV JICOFO_SECRET=IAMDEPRECATED
 
 CMD ["/usr/local/bin/jicofo"]

app/jitsi/build/jitsi-conference-focus/jicofo

@@ -16,9 +16,4 @@ exec java \
   -Djava.util.logging.config.file=/usr/share/jicofo/lib/logging.properties \
   -Dconfig.file=/etc/jitsi/jicofo.conf \
   -cp "/usr/share/jicofo/*:/usr/share/jicofo/lib/*" \
-  org.jitsi.jicofo.Main \
+  org.jitsi.jicofo.Main
-  --host=${JITSI_PROSODY_HOST} \
-  --domain=jitsi.deuxfleurs.fr \
-  --secret=${JITSI_SECRET_JICOFO_COMPONENT} \
-  --user_domain=auth.jitsi.deuxfleurs.fr \
-  --user_password=${JITSI_SECRET_JICOFO_USER}

app/jitsi/build/jitsi-xmpp/Dockerfile

@@ -5,9 +5,15 @@ ARG VERSION
 RUN apt-get update && \
     apt-get install -y prosody=${VERSION}
 
-COPY external_components.cfg.lua /etc/prosody/conf.d/external_components.cfg.lua
+mkdir -p /usr/local/share/ca-certificates/
-COPY xmpp_conf /usr/local/bin/xmpp_conf
+ln -sf \
+  /var/lib/prosody/auth.jitsi.crt \
+  /usr/local/share/ca-certificates/auth.jitsi.crt
+
 COPY xmpp_gen /usr/local/bin/xmpp_gen
 COPY xmpp_run /usr/local/bin/xmpp_run
 
+USER prosody
+RUN mkdir /run/prosody && touch /run/prosody/prosody.pid
+WORKDIR /var/lib/prosody
 CMD ["/usr/local/bin/xmpp_run"]

app/jitsi/build/jitsi-xmpp/external_components.cfg.lua

@@ -1,2 +0,0 @@
-component_ports = { 5347 }
-component_interface = "0.0.0.0"

app/jitsi/build/jitsi-xmpp/xmpp_conf

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-cat >> /etc/hosts <<EOF
-${JITSI_PROSODY_HOST} jitsi.deuxfleurs.fr conference.jitsi.deuxfleurs.fr jitsi-videobridge.jitsi.deuxfleurs.fr focus.jitsi.deuxfleurs.fr auth.jitsi.deuxfleurs.fr
-127.0.0.1 `hostname`
-EOF
-
-mkdir -p /etc/prosody/conf.{d,avail}/
-cat > /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua <<EOF
-http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
-
-VirtualHost "jitsi.deuxfleurs.fr"
-  authentication = "anonymous"
-  ssl = {
-    key = "/var/lib/prosody/jitsi.deuxfleurs.fr.key";
-    certificate = "/var/lib/prosody/jitsi.deuxfleurs.fr.crt";
-  }
-  modules_enabled = {
-    "bosh";
-    "pubsub";
-  }
-  c2s_require_encryption = false
-
-VirtualHost "auth.jitsi.deuxfleurs.fr"
-  ssl = {
-    key = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.key";
-    certificate = "/var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt";
-  }
-  authentication = "internal_plain"
-  admins = { "focus@auth.jitsi.deuxfleurs.fr"}
-
-Component "conference.jitsi.deuxfleurs.fr" "muc"
-Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
-  storage = "memory"
-  modules_enabled = { "ping"; }
-  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
-
-Component "jitsi-videobridge.jitsi.deuxfleurs.fr"
-    component_secret = "${JITSI_SECRET_VIDEOBRIDGE}"
-Component "focus.jitsi.deuxfleurs.fr"
-    component_secret = "${JITSI_SECRET_JICOFO_COMPONENT}"
-
-EOF
-
-ln -sf \
-  /etc/prosody/conf.avail/jitsi.deuxfleurs.fr.cfg.lua \
-  /etc/prosody/conf.d/jitsi.deuxfleurs.fr.cfg.lua
-
-

app/jitsi/build/jitsi-xmpp/xmpp_gen

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-/usr/local/bin/xmpp_conf
-
 prosodyctl cert generate jitsi.deuxfleurs.fr
 prosodyctl cert generate auth.jitsi.deuxfleurs.fr
-
-cp /var/lib/prosody/*.crt ${JITSI_CERTS_FOLDER}
-cp /var/lib/prosody/*.key ${JITSI_CERTS_FOLDER}

app/jitsi/build/jitsi-xmpp/xmpp_run

@@ -1,20 +1,4 @@
 #!/bin/bash
-
-/usr/local/bin/xmpp_conf
-cp ${JITSI_CERTS_FOLDER}/* /var/lib/prosody/
-chown -R prosody:prosody /var/lib/prosody
-
-mkdir -p /usr/local/share/ca-certificates/
-ln -sf \
-  /var/lib/prosody/auth.jitsi.deuxfleurs.fr.crt \
-  /usr/local/share/ca-certificates/auth.jitsi.deuxfleurs.fr.crt
-
 prosodyctl register focus auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_JICOFO_USER}
 prosodyctl register jvb auth.jitsi.deuxfleurs.fr ${JITSI_SECRET_VIDEOBRIDGE}
-
+exec prosody
-mkdir /run/prosody
-touch /run/prosody/prosody.pid
-chown -R prosody:prosody /run/prosody
-
-cd /var/lib/prosody
-su - prosody -s /bin/bash -c prosody

app/jitsi/integration/README.md

@@ -38,6 +38,14 @@ We are particularly interested by: https://github.com/lightbend/config#standard-
 Using 'application.conf' with classpath does not seem to work.
 But, specifying the file path as `-Dconfig.file=/etc/jitsi/jicofo.conf` works!
 
+Some parameters are also set independently of lightbend hocon config.
+They are seen in jicofo entrypoint:
+https://github.com/jitsi/jicofo/blob/master/src/main/java/org/jitsi/jicofo/Main.java
+Many of these parameters can be in fact read from the HOCON file except one: the `--secret` parameter or the `JICOFO_SECRET` env variable.
+But we can see this is a deprecated thing, it has been already removed from master: https://github.com/jitsi/jicofo/commit/c9e5b50a8b4e77f8b8cb8831a4a044a53edfcf48
+For now (as per v5390) we will keep `JICOFO_SECRET` environment variable but will assume no other environment variable is set
+But maybe this value is deprecated: the check is still here but it is not used anymore?!
+
 ## Resources to understand jitsi
 
   - [jicofo/debian/postinst](https://github.com/jitsi/jicofo/blob/master/debian/postinst)

app/jitsi/integration/dev.env

@@ -1,10 +0,0 @@
-JITSI_SECRET_VIDEOBRIDGE=S3CR3T01
-JITSI_SECRET_JICOFO_COMPONENT=S3CR3T02
-JITSI_SECRET_JICOFO_USER=S3CR3T03
-JITSI_PROSODY_BOSH_PORT=5280
-JITSI_PROSODY_BOSH_HOST=172.17.0.1
-JITSI_PROSODY_HOST=172.17.0.1
-JITSI_CERTS_FOLDER=/certs/
-JITSI_NAT_PUBLIC_IP=37.164.35.154
-JITSI_NAT_LOCAL_IP=192.168.0.231
-JITSI_VIDEO_TCP=8080

app/jitsi/integration/jicofo/jicofo.conf

@@ -213,11 +213,11 @@ jicofo {
   octo {
     // Whether or not to use Octo. Note that when enabled, its use will be determined by
     // $jicofo.bridge.selection-strategy.
-    enabled = true
+    enabled = false
 
     // An identifier of the Jicofo instance, used for the purpose of generating conference IDs unique across a set of
     // Jicofo instances. Valid values are [1, 65535]. The value 0 is used when none is explicitly configured.
-    #id = 1234
+    id = 1
   }
 
   rest {
@@ -239,11 +239,11 @@ jicofo {
     // The separate XMPP connection used for communication with clients (endpoints).
     client {
       enabled = true
-      hostname = "localhost"
+      hostname = "jitsi-xmpp"
       port = 5222
       #domain =
       username = "focus"
-      #password =
+      password = "3x@mple01"
 
       // How long to wait for a response to a stanza before giving up.
       reply-timeout = 15 seconds

app/jitsi/integration/jitsi-certs/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

app/jitsi/integration/prosody/prosody.cfg.lua

@@ -0,0 +1,34 @@
+component_ports = { 5347 }
+component_interface = "0.0.0.0"
+http_ports = { ${JITSI_PROSODY_BOSH_PORT} }
+log = {
+  error="/dev/stderr"
+  info="/dev/stdout"
+}
+
+VirtualHost "jitsi.deuxfleurs.fr"
+  authentication = "anonymous"
+  ssl = {
+    key = "/var/lib/prosody/jitsi.key";
+    certificate = "/var/lib/prosody/jitsi.crt";
+  }
+  modules_enabled = {
+    "bosh";
+    "pubsub";
+  }
+  c2s_require_encryption = false
+
+VirtualHost "auth.jitsi.deuxfleurs.fr"
+  ssl = {
+    key = "/var/lib/prosody/auth.jitsi.key";
+    certificate = "/var/lib/prosody/auth.jitsi.crt";
+  }
+  authentication = "internal_plain"
+  admins = { "focus@auth.jitsi.deuxfleurs.fr"}
+
+Component "conference.jitsi.deuxfleurs.fr" "muc"
+Component "internal.auth.jitsi.deuxfleurs.fr" "muc"
+  storage = "memory"
+  modules_enabled = { "ping"; }
+  admins = { "focus@auth.jitsi.deuxfleurs.fr", "jvb@auth.jitsi.deuxfleurs.fr" }
+