Merge pull request #31 from matrix-org/stable-9078-ems.1

Merge Stable-9078
matrix-org · Nov 27, 2023 · 4131d93 · 4131d93
2 parents ca7635a + bb8ae2f
commit 4131d93
Show file tree

Hide file tree

Showing 19 changed files with 595 additions and 51 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,27 @@
+## stable-9078
+
+Based on stable release 9078.
+
+* 3b9afe4 release: build images before comitting the changelog
+* 54d422b jvb: autoscaler sidecar support
+* 9f0658d sample: escape/encapsulate string
+* 5d05ba2 jicofo: support jicofo log file for tailing (#1632)
+* 8555fe1 web: param to control config.hosts.authDomain (#1627)
+* cd1c9fb prosody: remove muc limit messages from visitors (#1626)
+* af50dde prosody: s2s whitelist duplicate param fix (#1625)
+* eb91893 prosody: add ping module to auth domain (#1624)
+* 261caa3 prosody: guest ping module, var for auth type (#1623)
+* 7fb1026 prosody: params for limits (#1622)
+* cf894ce prosody: variables for lobby and breakout modules
+* a827437 prosody: param to link room metadata to main vhost (#1616)
+* 5120595 prosody: var for config in main vhost (#1615)
+* bebd748 web: flag to control sctp bridge channel choice (#1613)
+* 6bfa830 prosody: visitor mode support (#1611)
+* 7bfc5c1 prosody: update version of prosody-plugings package
+* 3a77aac jicofo: support visitors in jicofo configuration (#1610)
+* f860c5d jvb: don’t send Jetty server version
+* 63380fa misc: working on unstable
+
 ## stable-8960-1
 
 Based on stable release 8960-1.

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.5'
 services:
     # Frontend
     web:
-        image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         ports:
             - '${HTTP_PORT}:80'
@@ -54,6 +54,7 @@ services:
             - DYNAMIC_BRANDING_URL
             - ENABLE_AUDIO_PROCESSING
             - ENABLE_AUTH
+            - ENABLE_AUTH_DOMAIN
             - ENABLE_BREAKOUT_ROOMS
             - ENABLE_CALENDAR
             - ENABLE_COLIBRI_WEBSOCKET
@@ -104,6 +105,7 @@ services:
             - HIDE_PREJOIN_DISPLAY_NAME
             - HIDE_PREJOIN_EXTRA_BUTTONS
             - INVITE_SERVICE_URL
+            - JVB_PREFER_SCTP
             - LETSENCRYPT_DOMAIN
             - LETSENCRYPT_EMAIL
             - LETSENCRYPT_USE_STAGING
@@ -161,12 +163,13 @@ services:
 
     # XMPP server
     prosody:
-        image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         expose:
             - '${XMPP_PORT:-5222}'
+            - '${PROSODY_S2S_PORT:-5269}'
             - '5347'
-            - '5280'
+            - '${PROSODY_HTTP_PORT:-5280}'
         volumes:
             - ${CONFIG}/prosody/config:/config:Z
             - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
@@ -181,6 +184,8 @@ services:
             - ENABLE_IPV6
             - ENABLE_LOBBY
             - ENABLE_RECORDING
+            - ENABLE_S2S
+            - ENABLE_VISITORS
             - ENABLE_XMPP_WEBSOCKET
             - ENABLE_JAAS_COMPONENTS
             - GC_TYPE
@@ -229,15 +234,28 @@ services:
             - LDAP_URL
             - LDAP_USE_TLS
             - MAX_PARTICIPANTS
+            - PROSODY_ADMINS
             - PROSODY_AUTH_TYPE
+            - PROSODY_C2S_LIMIT
+            - PROSODY_C2S_REQUIRE_ENCRYPTION
             - PROSODY_RESERVATION_ENABLED
             - PROSODY_RESERVATION_REST_BASE_URL
             - PROSODY_ENABLE_RATE_LIMITS
+            - PROSODY_ENABLE_S2S
+            - PROSODY_GUEST_AUTH_TYPE
+            - PROSODY_HTTP_PORT
+            - PROSODY_LOG_CONFIG
+            - PROSODY_MODE
             - PROSODY_RATE_LIMIT_LOGIN_RATE
             - PROSODY_RATE_LIMIT_SESSION_RATE
             - PROSODY_RATE_LIMIT_TIMEOUT
             - PROSODY_RATE_LIMIT_ALLOW_RANGES
             - PROSODY_RATE_LIMIT_CACHE_SIZE
+            - PROSODY_S2S_LIMIT
+            - PROSODY_S2S_PORT
+            - PROSODY_TRUSTED_PROXIES
+            - PROSODY_VISITOR_INDEX
+            - PROSODY_VISITORS_MUC_PREFIX
             - PUBLIC_URL
             - TURN_CREDENTIALS
             - TURN_HOST
@@ -246,25 +264,33 @@ services:
             - TURNS_PORT
             - TURN_TRANSPORT
             - TZ
+            - VISITORS_MAX_VISITORS_PER_NODE
+            - VISITORS_XMPP_DOMAIN
+            - VISITORS_XMPP_SERVER
+            - VISITORS_XMPP_PORT
+            - XMPP_BREAKOUT_MUC_MODULES
+            - XMPP_CONFIGURATION
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_GUEST_DOMAIN
             - XMPP_MUC_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_LOBBY_MUC_MODULES
             - XMPP_MODULES
             - XMPP_MUC_MODULES
             - XMPP_MUC_CONFIGURATION
             - XMPP_INTERNAL_MUC_MODULES
             - XMPP_RECORDER_DOMAIN
             - XMPP_PORT
+            - XMPP_SERVER_S2S_PORT
         networks:
             meet.jitsi:
                 aliases:
                     - ${XMPP_SERVER:-xmpp.meet.jitsi}
 
     # Focus component
     jicofo:
-        image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         ports:
             - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888'
@@ -284,6 +310,7 @@ services:
             - ENABLE_OCTO
             - ENABLE_RECORDING
             - ENABLE_SCTP
+            - ENABLE_VISITORS
             - ENABLE_AUTO_LOGIN
             - JICOFO_AUTH_LIFETIME
             - JICOFO_AUTH_PASSWORD
@@ -315,10 +342,15 @@ services:
             - JVB_XMPP_SERVER
             - MAX_BRIDGE_PARTICIPANTS
             - OCTO_BRIDGE_SELECTION_STRATEGY
+            - PROSODY_VISITORS_MUC_PREFIX
             - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
             - SENTRY_ENVIRONMENT
             - SENTRY_RELEASE
             - TZ
+            - VISITORS_MAX_PARTICIPANTS
+            - VISITORS_MAX_VISITORS_PER_NODE
+            - VISITORS_XMPP_SERVER
+            - VISITORS_XMPP_DOMAIN
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
@@ -334,14 +366,23 @@ services:
 
     # Video bridge
     jvb:
-        image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         ports:
             - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
             - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
         volumes:
             - ${CONFIG}/jvb:/config:Z
         environment:
+            - AUTOSCALER_SIDECAR_KEY_FILE
+            - AUTOSCALER_SIDECAR_KEY_ID
+            - AUTOSCALER_SIDECAR_GROUP_NAME
+            - AUTOSCALER_SIDECAR_HOST_ID
+            - AUTOSCALER_SIDECAR_INSTANCE_ID
+            - AUTOSCALER_SIDECAR_PORT
+            - AUTOSCALER_SIDECAR_REGION
+            - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
+            - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
             - DOCKER_HOST_ADDRESS
             - ENABLE_COLIBRI_WEBSOCKET
             - ENABLE_JVB_XMPP_SERVER
@@ -352,6 +393,7 @@ services:
             - JVB_AUTH_PASSWORD
             - JVB_BREWERY_MUC
             - JVB_DISABLE_STUN
+            - JVB_INSTANCE_ID
             - JVB_PORT
             - JVB_MUC_NICKNAME
             - JVB_STUN_SERVERS

diff --git a/env.example b/env.example
@@ -74,7 +74,7 @@ TZ=UTC
 #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
 
 # Name your etherpad instance!
-ETHERPAD_TITLE=Video Chat
+ETHERPAD_TITLE="Video Chat"
 
 # The default text of a pad
 ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"

diff --git a/jibri.yml b/jibri.yml
@@ -2,7 +2,7 @@ version: '3.5'
 
 services:
     jibri:
-        image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         volumes:
             - ${CONFIG}/jibri:/config:Z
@@ -27,6 +27,7 @@ services:
             - ENABLE_STATS_D
             - ICE_CONNECTION_TIMEOUT
             - JIBRI_WEBHOOK_SUBSCRIBERS
+            - JIBRI_INSTANCE_ID
             - JIBRI_HTTP_API_EXTERNAL_PORT
             - JIBRI_HTTP_API_INTERNAL_PORT
             - JIBRI_RECORDING_RESOLUTION

diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf
@@ -1,4 +1,5 @@
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}}
+{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
 {{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
 {{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}}
@@ -18,6 +19,12 @@
 {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
 {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
 {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
+{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
+{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
+{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
+{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
+{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
 {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
 {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
 {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
@@ -26,6 +33,7 @@
 {{ $XMPP_REPLY_TIMEOUT := .Env.XMPP_REPLY_TIMEOUT | default "15 seconds" -}}
 {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
 {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
+{{ $ENV := .Env }}
 
 jicofo {
     {{ if $JICOFO_ENABLE_AUTH }}
@@ -59,9 +67,16 @@ jicofo {
       stress-threshold = "{{ .Env.BRIDGE_STRESS_THRESHOLD }}"
       {{ end }}
 
+      {{ if $ENABLE_VISITORS }}
+      selection-strategy = VisitorSelectionStrategy
+      visitor-selection-strategy = RegionBasedBridgeSelectionStrategy
+      participant-selection-strategy = RegionBasedBridgeSelectionStrategy
+      topology-strategy = VisitorTopologyStrategy
+      {{ else }}
       {{ if .Env.OCTO_BRIDGE_SELECTION_STRATEGY }}
       selection-strategy = "{{ .Env.OCTO_BRIDGE_SELECTION_STRATEGY }}"
       {{ end }}
+      {{ end }}
 
       {{ if .Env.JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS }}
       health-checks {
@@ -194,8 +209,39 @@ jicofo {
     sctp {
       enabled = {{ $ENABLE_SCTP }}
     }
+{{ if $ENABLE_VISITORS }}
+    visitors {
+      enabled = true
 
+      {{ if .Env.VISITORS_MAX_PARTICIPANTS }}
+      max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }}
+      {{ end }}
+      {{ if $VISITORS_MAX_VISITORS_PER_NODE }}
+      max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }}
+      {{ end }}
+    }
+{{ end }}
     xmpp {
+      {{ if $ENABLE_VISITORS }}
+      {{ if $.Env.VISITORS_XMPP_SERVER }}
+      visitors {
+        {{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
+        {{ $SERVER := splitn ":" 2 $element }}
+            v{{ $index }} {
+                enabled = true
+                conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
+                hostname = {{ $SERVER._0 }}
+                {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
+                port = {{ $SERVER._1 | default $DEFAULT_PORT }}
+                domain = "{{ $XMPP_AUTH_DOMAIN }}"
+                xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
+                password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
+                disable-certificate-verification = true
+            }
+        {{ end }}
+      }
+      {{ end }}
+      {{ end }}
       client {
         enabled = true
         hostname = "{{ $XMPP_SERVER }}"

diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run
@@ -4,4 +4,8 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dcon
 DAEMON=/usr/share/jicofo/jicofo.sh
 DAEMON_DIR=/usr/share/jicofo/
 
-exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON"
+JICOFO_CMD="exec $DAEMON"
+
+[ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE"
+
+exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD"
diff --git a/jigasi.yml b/jigasi.yml
@@ -3,7 +3,7 @@ version: '3.5'
 services:
     # SIP gateway (audio)
     jigasi:
-        image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-8960-1}
+        image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9078}
         restart: ${RESTART_POLICY:-unless-stopped}
         ports:
             - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp'

diff --git a/jvb/Dockerfile b/jvb/Dockerfile
@@ -9,7 +9,7 @@ LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-mee
 LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
 
 RUN apt-dpkg-wrap apt-get update && \
-    apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 dnsutils && \
+    apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils && \
     apt-cleanup
 
 COPY rootfs/ /

diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config
@@ -0,0 +1,18 @@
+{{ $JVB_COLIBRI_PORT := .Env.JVB_COLIBRI_PORT | default "8080" -}}
+{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}}
+{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}}
+export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }}
+export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }}
+export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }}
+export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh"
+export TERMINATE_SCRIPT="/opt/jitsi/jvb/shutdown.sh"
+export ENABLE_REPORT_STATS=true
+export POLLING_URL="{{ .Env.AUTOSCALER_URL  }}/sidecar/poll"
+export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status"
+export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats"
+export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats"
+export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}"
+export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}"
+export INSTANCE_TYPE="JVB"
+export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}"
+export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}'
diff --git a/jvb/rootfs/defaults/jvb.conf b/jvb/rootfs/defaults/jvb.conf
@@ -91,10 +91,12 @@ videobridge {
     http-servers {
         private {
           host = 0.0.0.0
+          send-server-version = false
         }
         public {
             host = 0.0.0.0
             port = 9090
+            send-server-version = false
         }
     }