From 63380faf4f5c5635387ba0a66cdccce77c5ce668 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 22 Sep 2023 11:02:11 +0200 Subject: [PATCH 01/27] misc: working on unstable --- docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2cc3bd6d45..003d8837d6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -161,7 +161,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -264,7 +264,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -333,7 +333,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index 733ffa7c1f..97d2e4c7e0 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index dcdeb7d90e..210d5916cc 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-8960-1} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From f860c5d20fb3878df2c936ed4478999b9b449c5b Mon Sep 17 00:00:00 2001 From: viakom-choppe <145684816+viakom-choppe@users.noreply.github.com> Date: Tue, 26 Sep 2023 08:18:43 +0200 Subject: [PATCH 02/27] =?UTF-8?q?jvb:=20don=E2=80=99t=20send=20Jetty=20ser?= =?UTF-8?q?ver=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jvb/rootfs/defaults/jvb.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jvb/rootfs/defaults/jvb.conf b/jvb/rootfs/defaults/jvb.conf index 02357ca399..34663ad5c6 100644 --- a/jvb/rootfs/defaults/jvb.conf +++ b/jvb/rootfs/defaults/jvb.conf @@ -89,10 +89,12 @@ videobridge { http-servers { private { host = 0.0.0.0 + send-server-version = false } public { host = 0.0.0.0 port = 9090 + send-server-version = false } } From 3a77aace5684ff6939c0f6334d0c7b9c58139fef Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Wed, 27 Sep 2023 08:37:21 -0500 Subject: [PATCH 03/27] jicofo: support visitors in jicofo configuration (#1610) --- docker-compose.yml | 4 +++ jicofo/rootfs/defaults/jicofo.conf | 43 ++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 003d8837d6..a27c553440 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -284,6 +284,7 @@ services: - ENABLE_OCTO - ENABLE_RECORDING - ENABLE_SCTP + - ENABLE_VISITORS - ENABLE_AUTO_LOGIN - JICOFO_AUTH_LIFETIME - JICOFO_AUTH_PASSWORD @@ -319,6 +320,9 @@ services: - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ + - VISITORS_MAX_PARTICIPANTS + - VISITORS_MAX_VISITORS_PER_NODE + - VISITORS_XMPP_SERVER - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index c5c8b3bd14..1546e0eddc 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -1,4 +1,5 @@ {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}} +{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} {{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}} @@ -18,6 +19,9 @@ {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} +{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} +{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} +{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} @@ -25,6 +29,7 @@ {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $ENV := .Env }} jicofo { {{ if $JICOFO_ENABLE_AUTH }} @@ -58,9 +63,16 @@ jicofo { stress-threshold = "{{ .Env.BRIDGE_STRESS_THRESHOLD }}" {{ end }} + {{ if $ENABLE_VISITORS }} + selection-strategy = VisitorSelectionStrategy + visitor-selection-strategy = RegionBasedBridgeSelectionStrategy + participant-selection-strategy = RegionBasedBridgeSelectionStrategy + topology-strategy = VisitorTopologyStrategy + {{ else }} {{ if .Env.OCTO_BRIDGE_SELECTION_STRATEGY }} selection-strategy = "{{ .Env.OCTO_BRIDGE_SELECTION_STRATEGY }}" {{ end }} + {{ end }} {{ if .Env.JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS }} health-checks { @@ -193,8 +205,39 @@ jicofo { sctp { enabled = {{ $ENABLE_SCTP }} } +{{ if $ENABLE_VISITORS }} + visitors { + enabled = true + {{ if .Env.VISITORS_MAX_PARTICIPANTS }} + max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }} + {{ end }} + {{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }} + max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }} + {{ end }} + } +{{ end }} xmpp { + {{ if $ENABLE_VISITORS }} + {{ if $.Env.VISITORS_XMPP_SERVER }} + visitors { + {{ range $index, $element := $VISITORS_XMPP_SERVERS -}} + {{ $SERVER := splitn ":" 2 $element }} + v{{ $index }} { + enabled = true + conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }} + hostname = {{ $SERVER._0 }} + {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} + port = {{ $SERVER._1 | default $DEFAULT_PORT }} + domain = "{{ $XMPP_AUTH_DOMAIN }}" + xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }} + password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" + disable-certificate-verification = true + } + {{ end }} + } + {{ end }} + {{ end }} client { enabled = true hostname = "{{ $XMPP_SERVER }}" From 7bfc5c1f7af4d1dea287f33ba1e9eb235cd1117a Mon Sep 17 00:00:00 2001 From: emrah Date: Fri, 29 Sep 2023 13:10:55 +0300 Subject: [PATCH 04/27] prosody: update version of prosody-plugings package --- prosody/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 762c4f2878..b00a4b1011 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -27,7 +27,7 @@ LABEL org.opencontainers.image.url="https://prosody.im/" LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet" LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" -ARG VERSION_JITSI_CONTRIB_PROSODY_PLUGINS="20230803" +ARG VERSION_JITSI_CONTRIB_PROSODY_PLUGINS="20230929" ARG VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN="1.8.0" RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody-debian-packages.key && \ From 6bfa8302f1b0c261204458f6f0deaa4aaecfab83 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 29 Sep 2023 08:03:53 -0500 Subject: [PATCH 05/27] prosody: visitor mode support (#1611) support for visitor mode in prosody, with some fixes for jicofo as well --- docker-compose.yml | 20 +- jicofo/rootfs/defaults/jicofo.conf | 11 +- .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 18 ++ .../rootfs/defaults/conf.d/visitors.cfg.lua | 209 ++++++++++++++++++ prosody/rootfs/defaults/prosody.cfg.lua | 73 +++++- prosody/rootfs/etc/cont-init.d/10-config | 37 +++- 6 files changed, 352 insertions(+), 16 deletions(-) create mode 100644 prosody/rootfs/defaults/conf.d/visitors.cfg.lua diff --git a/docker-compose.yml b/docker-compose.yml index a27c553440..3429c121bf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -165,8 +165,9 @@ services: restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' + - '${PROSODY_S2S_PORT:-5269}' - '5347' - - '5280' + - '${PROSODY_HTTP_PORT:-5280}' volumes: - ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z @@ -181,6 +182,8 @@ services: - ENABLE_IPV6 - ENABLE_LOBBY - ENABLE_RECORDING + - ENABLE_S2S + - ENABLE_VISITORS - ENABLE_XMPP_WEBSOCKET - ENABLE_JAAS_COMPONENTS - GC_TYPE @@ -229,15 +232,23 @@ services: - LDAP_URL - LDAP_USE_TLS - MAX_PARTICIPANTS + - PROSODY_ADMINS - PROSODY_AUTH_TYPE - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS + - PROSODY_ENABLE_S2S + - PROSODY_HTTP_PORT + - PROSODY_MODE - PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_CACHE_SIZE + - PROSODY_S2S_PORT + - PROSODY_TRUSTED_PROXIES + - PROSODY_VISITOR_INDEX + - PROSODY_VISITORS_MUC_PREFIX - PUBLIC_URL - TURN_CREDENTIALS - TURN_HOST @@ -246,6 +257,10 @@ services: - TURNS_PORT - TURN_TRANSPORT - TZ + - VISITORS_MAX_VISITORS_PER_NODE + - VISITORS_XMPP_DOMAIN + - VISITORS_XMPP_SERVER + - VISITORS_XMPP_PORT - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN @@ -257,6 +272,7 @@ services: - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - XMPP_PORT + - XMPP_SERVER_S2S_PORT networks: meet.jitsi: aliases: @@ -316,6 +332,7 @@ services: - JVB_XMPP_SERVER - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY + - PROSODY_VISITORS_MUC_PREFIX - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE @@ -323,6 +340,7 @@ services: - VISITORS_MAX_PARTICIPANTS - VISITORS_MAX_VISITORS_PER_NODE - VISITORS_XMPP_SERVER + - VISITORS_XMPP_DOMAIN - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 1546e0eddc..b8f9abe879 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -19,6 +19,9 @@ {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} +{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} {{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} @@ -212,8 +215,8 @@ jicofo { {{ if .Env.VISITORS_MAX_PARTICIPANTS }} max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }} {{ end }} - {{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }} - max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }} + {{ if $VISITORS_MAX_VISITORS_PER_NODE }} + max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }} {{ end }} } {{ end }} @@ -225,12 +228,12 @@ jicofo { {{ $SERVER := splitn ":" 2 $element }} v{{ $index }} { enabled = true - conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }} + conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }} hostname = {{ $SERVER._0 }} {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} port = {{ $SERVER._1 | default $DEFAULT_PORT }} domain = "{{ $XMPP_AUTH_DOMAIN }}" - xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }} + xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }} password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" disable-certificate-verification = true } diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index ec53852409..af44b0b8e5 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,4 +1,5 @@ {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} @@ -208,6 +209,9 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $PROSODY_RESERVATION_ENABLED }} "reservations"; {{ end }} + {{ if $ENABLE_VISITORS }} + "visitors"; + {{ end }} } main_muc = "{{ $XMPP_MUC_DOMAIN }}" @@ -240,11 +244,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}" c2s_require_encryption = false + {{ if $ENABLE_VISITORS }} + visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" } + {{ end }} + {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "jitsi-anonymous" c2s_require_encryption = false + {{ if $ENABLE_VISITORS }} + allow_anonymous_s2s = true + {{ end }} + {{ end }} VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" @@ -404,3 +416,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc" Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component" muc_component = "{{ $XMPP_MUC_DOMAIN }}" breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}" + + +{{ if $ENABLE_VISITORS }} +Component "visitors.{{ $XMPP_DOMAIN }}" "visitors_component" + auto_allow_visitor_promotion = true +{{ end }} diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua new file mode 100644 index 0000000000..142974b9e5 --- /dev/null +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -0,0 +1,209 @@ +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} +{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}} +{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} +{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} +{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} +{{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}} +{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}} +{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}} +{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}} +{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}} +{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}} +{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}} +{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}} +{{ $SHARD_NAME := .Env.SHARD | default "default" -}} +{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}} +{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}} +{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}} +{{ $TURN_HOST := .Env.TURN_HOST | default "" -}} +{{ $TURN_HOSTS := splitList "," $TURN_HOST -}} +{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} +{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}} +{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}} +{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}} +{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}} +{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}} +{{ $VISITOR_INDEX := .Env.PROSODY_VISITOR_INDEX | default "0" -}} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}} +{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} + +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } + +muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"; +muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; + +http_default_host = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}" + +{{ if .Env.TURN_CREDENTIALS -}} +external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; +{{- end }} + +{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}} +external_services = { + {{ if $TURN_HOST -}} + {{- range $idx1, $host := $TURN_HOSTS -}} + {{- range $idx2, $transport := $TURN_TRANSPORTS -}} + {{- if or $idx1 $idx2 -}},{{- end }} + { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $TURNS_HOST -}} + {{- range $idx, $host := $TURNS_HOSTS -}} + {{- if or $TURN_HOST $idx -}},{{- end }} + { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + {{- end }} + {{- end }} +}; +{{- end }} + +main_domain = '{{ $XMPP_DOMAIN }}'; + +-- https://prosody.im/doc/modules/mod_smacks +smacks_max_unacked_stanzas = 5; +smacks_hibernation_time = 60; +-- this is dropped in 0.12 +smacks_max_hibernated_sessions = 1; +smacks_max_old_sessions = 1; + +unlimited_jids = { "focus@{{ $XMPP_AUTH_DOMAIN }}" } +limits = { + c2s = { + rate = "512kb/s"; + }; +} + +authentication = 'internal_hashed' +storage = 'internal' + +consider_websocket_secure = true; +consider_bosh_secure = true; +bosh_max_inactivity = 60; + +trusted_proxies = { +{{ range $index, $proxy := $TRUSTED_PROXY_LIST }} + "{{ $proxy }}"; +{{ end }} +} + +-- this is added to make certs_s2soutinjection work +s2sout_override = { + ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room + ["{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; + ["visitors.{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; +{{ if $ENABLE_GUEST_DOMAIN -}} + ["{{ $XMPP_GUEST_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; +{{ end -}} +} + +muc_limit_messages_count = 10; +muc_limit_messages_check_token = {{ $LIMIT_MESSAGES_CHECK_TOKEN }}; + +----------- Virtual hosts ----------- +VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' + authentication = 'jitsi-anonymous' + ssl = { + key = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.key"; + certificate = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.crt"; + } + modules_enabled = { + 'bosh'; + 'ping'; + "external_services"; + {{ if $ENABLE_XMPP_WEBSOCKET -}} + "websocket"; + "smacks"; -- XEP-0198: Stream Management + {{ end -}} + {{ if .Env.XMPP_MODULES }} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; + {{ end }} + } + main_muc = '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}'; + shard_name = "{{ $SHARD_NAME }}" + region_name = "{{ $REGION_NAME }}" + release_number = "{{ $RELEASE_NUMBER }}" + + +VirtualHost '{{ $XMPP_AUTH_DOMAIN}}' + modules_enabled = { + 'limits_exception'; + 'ping'; + } + authentication = 'internal_hashed' + +Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' 'muc' + storage = 'memory' + muc_room_cache_size = 10000 + restrict_room_creation = true + modules_enabled = { + "muc_hide_all"; + "muc_meeting_id"; + 'fmuc'; + 's2s_bidi'; + 's2s_whitelist'; + 's2sout_override'; + 'muc_max_occupants'; + "muc_limit_messages"; + {{ if $ENABLE_SUBDOMAINS -}} + "muc_domain_mapper"; + {{ end -}} + {{ if $ENABLE_RATE_LIMITS -}} + "muc_rate_limit"; + "rate_limit"; + {{ end -}} + {{ if .Env.XMPP_MUC_MODULES -}} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; + {{ end -}} + } + muc_room_default_presence_broadcast = { + visitor = false; + participant = true; + moderator = true; + }; + muc_room_locking = false + muc_room_default_public_jids = true + muc_max_occupants = {{ $VISITORS_MAX_VISITORS_PER_NODE}} + muc_access_whitelist = { + "{{ $XMPP_DOMAIN }}"; + } + + {{ if $ENABLE_RATE_LIMITS -}} + -- Max allowed join/login rate in events per second. + rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; + -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. + rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; + -- The time in seconds, after which the limit for an IP address is lifted. + rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; + -- List of regular expressions for IP addresses that are not limited by this module. + rate_limit_whitelist = { + "127.0.0.1"; + {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} + "{{ $cidr }}"; + {{ end -}} + }; + + rate_limit_whitelist_jids = { + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}", + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}" + } + {{ end -}} + + -- The size of the cache that saves state for IP addresses + rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; + + muc_rate_joins = 30; + {{ if .Env.XMPP_MUC_CONFIGURATION -}} + {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} + {{ end -}} diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 7e7561c2cb..5c9e6d03a9 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -1,5 +1,7 @@ -{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} -{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} +{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} +{{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} {{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}} {{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}} @@ -7,6 +9,20 @@ {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}} {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} +{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} +{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} +{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} +{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} +{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} +{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} +{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} +{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} -- Prosody Example Configuration File -- @@ -30,8 +46,7 @@ -- for the server. Note that you must create the accounts separately -- (see http://prosody.im/doc/creating_accounts for info) -- Example: admins = { "user1@example.com", "user2@example.net" } -admins = { } - +admins = { {{ if .Env.PROSODY_ADMINS }}{{ range $index, $element := $PROSODY_ADMIN_LIST -}}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}{{ end }} } -- Enable use of libevent for better performance under high load -- For more information see: http://prosody.im/doc/libevent --use_libevent = true; @@ -81,7 +96,14 @@ modules_enabled = { --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - {{ if .Env.GLOBAL_MODULES }} + + {{ if $ENABLE_S2S -}} + "s2s_bidi"; + "certs_s2soutinjection"; + "s2sout_override"; + "s2s_whitelist"; + {{ end -}} + {{ if .Env.GLOBAL_MODULES }} "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}"; {{ end }} }; @@ -94,7 +116,10 @@ https_ports = { } modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections + + {{ if not $ENABLE_S2S -}} "s2s"; -- Handle server-to-server connections + {{ end -}} }; -- Disable account creation by default, for security @@ -143,6 +168,42 @@ c2s_interfaces = { "*", "::" } c2s_interfaces = { "*" } {{ end }} +{{ if $ENABLE_S2S -}} +-- set s2s port +s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port + +s2s_whitelist = { + {{ if $ENABLE_VISITORS -}} + '{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room + 'visitors.{{ $XMPP_DOMAIN }}'; -- needed for sending promotion request to visitors.{{ $XMPP_DOMAIN }} component + '{{ $XMPP_DOMAIN }}'; -- unavailable presences back to main room + + {{ end -}} + {{ if $ENABLE_GUEST_DOMAIN -}} + '{{ $XMPP_GUEST_DOMAIN }}'; + {{ end -}} +} +{{ end -}} + +{{ if $ENABLE_VISITORS -}} +{{ if $.Env.VISITORS_XMPP_SERVER -}} +s2sout_override = { +{{ range $index, $element := $VISITORS_XMPP_SERVERS -}} +{{ $SERVER := splitn ":" 2 $element }} +{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} + ["{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; + ["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; +{{ end -}} +}; +s2s_whitelist = { +{{ range $index, $element := $VISITORS_XMPP_SERVERS -}} + "{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"; +{{ end -}} +}; +{{ end -}} +{{ end -}} + + -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. @@ -208,7 +269,7 @@ unbound = { resolvconf = true } -http_ports = { 5280 } +http_ports = { {{ $PROSODY_HTTP_PORT }} } {{ if $ENABLE_IPV6 }} http_interfaces = { "*", "::" } {{ else }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 4841717537..ce02571577 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -25,10 +25,24 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then chown -R prosody /prosody-plugins-custom fi + mkdir /config/certs cp -r /defaults/* /config + +if [[ "$PROSODY_MODE" == "visitors" ]]; then + echo "Prosody visitor mode, using alternate config" + PROSODY_SITE_CFG="visitors.cfg.lua" + rm /config/conf.d/jitsi-meet.cfg.lua + # force jicofo into auth domain for visitor-mode prosody + [ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi" + export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN" +else + echo "Prosody normal mode, using default config" + PROSODY_SITE_CFG="jitsi-meet.cfg.lua" + rm /config/conf.d/visitors.cfg.lua +fi tpl /defaults/prosody.cfg.lua > $PROSODY_CFG -tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua +tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG if [[ -z $JICOFO_AUTH_PASSWORD ]]; then echo 'FATAL ERROR: Jicofo auth password must be set' @@ -45,7 +59,10 @@ fi [ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD -prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN + +if [[ "$PROSODY_MODE" != "visitors" ]]; then + prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN +fi if [[ -z $JVB_AUTH_PASSWORD ]]; then echo 'FATAL ERROR: JVB auth password must be set' @@ -87,9 +104,19 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi -if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then - # echo for using all default values - echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN +if [[ "$PROSODY_MODE" == "visitors" ]]; then + [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi" + [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0 + FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN" + if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then + # echo for using all default values + echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN + fi +else + if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then + # echo for using all default values + echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN + fi fi if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then From bebd74871243169ce297653bfd94db917b825334 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 29 Sep 2023 08:48:50 -0500 Subject: [PATCH 06/27] web: flag to control sctp bridge channel choice (#1613) --- docker-compose.yml | 1 + web/rootfs/defaults/system-config.js | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3429c121bf..f56e52ccb7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -104,6 +104,7 @@ services: - HIDE_PREJOIN_DISPLAY_NAME - HIDE_PREJOIN_EXTRA_BUTTONS - INVITE_SERVICE_URL + - JVB_PREFER_SCTP - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - LETSENCRYPT_USE_STAGING diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index d65f75d6ca..f79f56b7d4 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -9,7 +9,7 @@ {{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} - +{{ $JVB_PREFER_SCTP := .Env.JVB_PREFER_SCTP | default "false" | toBool -}} // Jitsi Meet configuration. var config = {}; @@ -58,3 +58,8 @@ config.externalConnectUrl = '/' + subdir + 'http-pre-bind'; config.externalConnectUrl = '/http-pre-bind'; {{ end -}} {{ end -}} + +{{ if $JVB_PREFER_SCTP -}} +if (!config.hasOwnProperty('bridgeChannel')) config.bridgeChannel = {}; +config.bridgeChannel.preferSctp=true; +{{ end -}} From 5120595a487f91a03d1911067c1308eae643efdf Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 2 Oct 2023 11:21:32 -0500 Subject: [PATCH 07/27] prosody: var for config in main vhost (#1615) --- docker-compose.yml | 1 + prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 6 +++++- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index f56e52ccb7..cab05d8beb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -262,6 +262,7 @@ services: - VISITORS_XMPP_DOMAIN - VISITORS_XMPP_SERVER - VISITORS_XMPP_PORT + - XMPP_CONFIGURATION - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index af44b0b8e5..eb704d9eb7 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -244,10 +244,14 @@ VirtualHost "{{ $XMPP_DOMAIN }}" c2s_require_encryption = false - {{ if $ENABLE_VISITORS }} + {{ if $ENABLE_VISITORS -}} visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" } {{ end }} + {{ if .Env.XMPP_CONFIGURATION -}} + {{ join "\n " (splitList "," .Env.XMPP_CONFIGURATION) }} + {{ end -}} + {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "jitsi-anonymous" diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 142974b9e5..4f6fe03d44 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -135,6 +135,10 @@ VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' region_name = "{{ $REGION_NAME }}" release_number = "{{ $RELEASE_NUMBER }}" + {{ if .Env.XMPP_CONFIGURATION -}} + {{ join "\n " (splitList "," .Env.XMPP_CONFIGURATION) }} + {{ end -}} + VirtualHost '{{ $XMPP_AUTH_DOMAIN}}' modules_enabled = { From a827437fc92fd7c9e574f0e40aebdef99cf91fe5 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 2 Oct 2023 12:41:46 -0500 Subject: [PATCH 08/27] prosody: param to link room metadata to main vhost (#1616) --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index eb704d9eb7..04a7b0b590 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -215,7 +215,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" } main_muc = "{{ $XMPP_MUC_DOMAIN }}" - + room_metadata_component = "metadata.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_LOBBY }} lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_RECORDING }} From cf894ce8f18588dad7f4158c585c84f40ef2f656 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 9 Oct 2023 16:16:15 -0500 Subject: [PATCH 09/27] prosody: variables for lobby and breakout modules --- docker-compose.yml | 2 ++ prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index cab05d8beb..411caf2899 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -262,12 +262,14 @@ services: - VISITORS_XMPP_DOMAIN - VISITORS_XMPP_SERVER - VISITORS_XMPP_PORT + - XMPP_BREAKOUT_MUC_MODULES - XMPP_CONFIGURATION - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN + - XMPP_LOBBY_MUC_MODULES - XMPP_MODULES - XMPP_MUC_MODULES - XMPP_MUC_CONFIGURATION diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 04a7b0b590..204cd9ac23 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -393,6 +393,9 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" {{ if $ENABLE_RATE_LIMITS -}} "muc_rate_limit"; {{ end -}} + {{ if .Env.XMPP_LOBBY_MUC_MODULES -}} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_LOBBY_MUC_MODULES) }}"; + {{ end -}} } {{ end }} @@ -414,6 +417,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc" {{ if $ENABLE_RATE_LIMITS -}} "muc_rate_limit"; {{ end -}} + {{ if .Env.XMPP_BREAKOUT_MUC_MODULES -}} + "{{ join "\";\n\"" (splitList "," .Env.XMPP_BREAKOUT_MUC_MODULES) }}"; + {{ end -}} } {{ end }} From 7fb1026f88094f90c442eac373fe8a95d2fdf5a0 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 08:45:30 -0500 Subject: [PATCH 10/27] prosody: params for limits (#1622) --- docker-compose.yml | 4 ++++ prosody/rootfs/defaults/prosody.cfg.lua | 16 +++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 411caf2899..7cf9a37af4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -235,17 +235,21 @@ services: - MAX_PARTICIPANTS - PROSODY_ADMINS - PROSODY_AUTH_TYPE + - PROSODY_C2S_LIMIT + - PROSODY_C2S_REQUIRE_ENCRYPTION - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_S2S - PROSODY_HTTP_PORT + - PROSODY_LOG_CONFIG - PROSODY_MODE - PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_CACHE_SIZE + - PROSODY_S2S_LIMIT - PROSODY_S2S_PORT - PROSODY_TRUSTED_PROXIES - PROSODY_VISITOR_INDEX diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 5c9e6d03a9..83a4801959 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -1,3 +1,4 @@ +{{ $C2S_REQUIRE_ENCRYPTION := .Env.PROSODY_C2S_REQUIRE_ENCRYPTION | default "0" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} {{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} @@ -10,9 +11,11 @@ {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} {{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} +{{ $PROSODY_C2S_LIMIT := .Env.PROSODY_C2S_LIMIT | default "10kb/s" -}} {{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} {{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} {{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} +{{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} {{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} @@ -128,12 +131,16 @@ allow_registration = false; -- Enable rate limits for incoming client and server connections limits = { +{{ if ne $PROSODY_C2S_LIMIT "" }} c2s = { - rate = "10kb/s"; + rate = "{{ $PROSODY_C2S_LIMIT }}"; }; +{{ end }} +{{ if ne $PROSODY_S2S_LIMIT "" }} s2sin = { - rate = "30kb/s"; + rate = "{{ $PROSODY_S2S_LIMIT }}"; }; +{{ end }} } --Prosody garbage collector settings @@ -158,7 +165,7 @@ pidfile = "/config/data/prosody.pid"; -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. -c2s_require_encryption = false +c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }}; -- set c2s port c2s_ports = { {{ $XMPP_PORT }} } -- Listen on specific c2s port @@ -253,6 +260,9 @@ authentication = "internal_hashed" -- Logs errors to syslog also log = { { levels = {min = "{{ $LOG_LEVEL }}"}, timestamps = "%Y-%m-%d %X", to = "console"}; +{{ if .Env.PROSODY_LOG_CONFIG }} + {{ join "\n" (splitList "\\n" .Env.PROSODY_LOG_CONFIG) }} +{{ end }} } {{ if .Env.GLOBAL_CONFIG }} From 261caa3d6dc8b0014eacfca901f78bd1e6f5fd22 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 10:37:01 -0500 Subject: [PATCH 11/27] prosody: guest ping module, var for auth type (#1623) --- docker-compose.yml | 1 + prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7cf9a37af4..441bff86bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -241,6 +241,7 @@ services: - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_S2S + - PROSODY_GUEST_AUTH_TYPE - PROSODY_HTTP_PORT - PROSODY_LOG_CONFIG - PROSODY_MODE diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 204cd9ac23..57c5bfcd09 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -21,6 +21,7 @@ {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool -}} {{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}} +{{ $GUEST_AUTH_TYPE := .Env.PROSODY_GUEST_AUTH_TYPE | default "jitsi-anonymous" -}} {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}} @@ -254,7 +255,10 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" - authentication = "jitsi-anonymous" + authentication = "{{ $GUEST_AUTH_TYPE }}" + modules_enabled = { + "ping"; + } c2s_require_encryption = false {{ if $ENABLE_VISITORS }} From eb91893895af13dd3e4f96f4a5626499f34bce04 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 13:20:44 -0500 Subject: [PATCH 12/27] prosody: add ping module to auth domain (#1624) --- .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 42 +++++++++++-------- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 57c5bfcd09..2fbb440e43 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -202,7 +202,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" "av_moderation"; {{ end }} {{ if .Env.XMPP_MODULES }} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_MODULES) }}"; {{ end }} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }} "auth_cyrus"; @@ -274,6 +274,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" } modules_enabled = { "limits_exception"; + "ping"; } authentication = "internal_hashed" @@ -281,6 +282,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}" modules_enabled = { "ping"; + "smacks"; } authentication = "internal_hashed" {{ end }} @@ -303,7 +305,7 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" modules_enabled = { "muc_meeting_id"; {{ if .Env.XMPP_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; {{ end -}} {{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) -}} "{{ $JWT_TOKEN_AUTH_MODULE }}"; @@ -332,17 +334,17 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" {{ if $ENABLE_RATE_LIMITS -}} -- Max allowed join/login rate in events per second. - rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; - -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. - rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; - -- The time in seconds, after which the limit for an IP address is lifted. - rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; - -- List of regular expressions for IP addresses that are not limited by this module. - rate_limit_whitelist = { - "127.0.0.1"; - {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} - "{{ $cidr }}"; - {{ end -}} + rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; + -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. + rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; + -- The time in seconds, after which the limit for an IP address is lifted. + rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; + -- List of regular expressions for IP addresses that are not limited by this module. + rate_limit_whitelist = { + "127.0.0.1"; +{{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) }} + "{{ $cidr }}"; +{{ end }} }; rate_limit_whitelist_jids = { @@ -352,13 +354,13 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" {{ end -}} -- The size of the cache that saves state for IP addresses - rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; + rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; - muc_room_cache_size = 1000 + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true {{ if .Env.XMPP_MUC_CONFIGURATION -}} - {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} + {{ join "\n " (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} {{ end -}} {{ if .Env.MAX_PARTICIPANTS }} muc_access_whitelist = { "focus@{{ .Env.XMPP_AUTH_DOMAIN }}" } @@ -391,6 +393,8 @@ Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component" Component "lobby.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true + muc_room_allow_persistent = false + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true modules_enabled = { @@ -398,7 +402,7 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" "muc_rate_limit"; {{ end -}} {{ if .Env.XMPP_LOBBY_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_LOBBY_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_LOBBY_MUC_MODULES) }}"; {{ end -}} } @@ -408,8 +412,10 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" Component "breakout.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true + muc_room_allow_persistent = false modules_enabled = { "muc_meeting_id"; {{ if $ENABLE_SUBDOMAINS -}} @@ -422,7 +428,7 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc" "muc_rate_limit"; {{ end -}} {{ if .Env.XMPP_BREAKOUT_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_BREAKOUT_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_BREAKOUT_MUC_MODULES) }}"; {{ end -}} } {{ end }} From af50ddeecbe3b8a7d7754d0885ab0ff47104b712 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 14:52:28 -0500 Subject: [PATCH 13/27] prosody: s2s whitelist duplicate param fix (#1625) --- prosody/rootfs/defaults/prosody.cfg.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 83a4801959..c72a06dec4 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -179,6 +179,7 @@ c2s_interfaces = { "*" } -- set s2s port s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port +{{ if eq .Env.PROSODY_MODE "visitors" -}} s2s_whitelist = { {{ if $ENABLE_VISITORS -}} '{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room @@ -192,6 +193,8 @@ s2s_whitelist = { } {{ end -}} +{{ end -}} + {{ if $ENABLE_VISITORS -}} {{ if $.Env.VISITORS_XMPP_SERVER -}} s2sout_override = { @@ -202,6 +205,7 @@ s2sout_override = { ["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; {{ end -}} }; +{{ if ne .Env.PROSODY_MODE "visitors" -}} s2s_whitelist = { {{ range $index, $element := $VISITORS_XMPP_SERVERS -}} "{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"; @@ -209,6 +213,7 @@ s2s_whitelist = { }; {{ end -}} {{ end -}} +{{ end -}} -- Force certificate authentication for server-to-server connections? From cd1c9fbfbad33be74474b8796e25f50d7e292872 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 17 Oct 2023 09:34:20 -0500 Subject: [PATCH 14/27] prosody: remove muc limit messages from visitors (#1626) --- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 4f6fe03d44..35fd209bc9 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -159,7 +159,6 @@ Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DO 's2s_whitelist'; 's2sout_override'; 'muc_max_occupants'; - "muc_limit_messages"; {{ if $ENABLE_SUBDOMAINS -}} "muc_domain_mapper"; {{ end -}} From 8555fe1c4a7ea434960ec61e7774f1091400d16a Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 17 Oct 2023 11:52:13 -0500 Subject: [PATCH 15/27] web: param to control config.hosts.authDomain (#1627) --- docker-compose.yml | 1 + web/rootfs/defaults/system-config.js | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 441bff86bb..3527e86762 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,6 +54,7 @@ services: - DYNAMIC_BRANDING_URL - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH + - ENABLE_AUTH_DOMAIN - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index f79f56b7d4..2d6f8d081c 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -1,5 +1,6 @@ {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}} +{{ $ENABLE_AUTH_DOMAIN := .Env.ENABLE_AUTH_DOMAIN | default "true" | toBool -}} {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} @@ -37,9 +38,11 @@ config.hosts.muc = '{{ $XMPP_MUC_DOMAIN }}'; // When using authentication, domain for guest users. config.hosts.anonymousdomain = '{{ $XMPP_GUEST_DOMAIN }}'; {{ end -}} +{{ if $ENABLE_AUTH_DOMAIN -}} // Domain for authenticated users. Defaults to . config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; {{ end -}} +{{ end -}} config.bosh = '/http-bind'; From 5d05ba253937644383b69d2d77376b0c92c52cbf Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 30 Oct 2023 11:45:39 -0500 Subject: [PATCH 16/27] jicofo: support jicofo log file for tailing (#1632) --- jicofo/rootfs/etc/services.d/jicofo/run | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run index 8e8b315bb2..a34e801f19 100644 --- a/jicofo/rootfs/etc/services.d/jicofo/run +++ b/jicofo/rootfs/etc/services.d/jicofo/run @@ -4,4 +4,8 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dcon DAEMON=/usr/share/jicofo/jicofo.sh DAEMON_DIR=/usr/share/jicofo/ -exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON" +JICOFO_CMD="exec $DAEMON" + +[ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE" + +exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD" From 9f0658dd77ab619feac4b06af6f5ba8a65c329e1 Mon Sep 17 00:00:00 2001 From: HannesOberreiter Date: Thu, 2 Nov 2023 11:32:18 +0100 Subject: [PATCH 17/27] sample: escape/encapsulate string Currently if you use the default `source` command in linux and the default `.env` file as declared in the `env.example`, it will fail because of the space in the string. Using double-quotes around the string will solve this issue. --- env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.example b/env.example index 1e328f87f1..d2a1f7ba43 100644 --- a/env.example +++ b/env.example @@ -74,7 +74,7 @@ TZ=UTC #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/ # Name your etherpad instance! -ETHERPAD_TITLE=Video Chat +ETHERPAD_TITLE="Video Chat" # The default text of a pad ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n" From 54d422b5933f6445c3ffbdcc7c51622bf2de772f Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 14 Nov 2023 06:13:37 -0600 Subject: [PATCH 18/27] jvb: autoscaler sidecar support --- docker-compose.yml | 10 ++++++ jibri.yml | 1 + jvb/Dockerfile | 2 +- jvb/rootfs/defaults/autoscaler-sidecar.config | 18 ++++++++++ jvb/rootfs/etc/cont-init.d/10-config | 33 +++++++++++++++++++ .../etc/services.d/50-autoscaler-sidecar/run | 10 ++++++ 6 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 jvb/rootfs/defaults/autoscaler-sidecar.config create mode 100644 jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run diff --git a/docker-compose.yml b/docker-compose.yml index 3527e86762..fe00116963 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -373,6 +373,15 @@ services: volumes: - ${CONFIG}/jvb:/config:Z environment: + - AUTOSCALER_SIDECAR_KEY_FILE + - AUTOSCALER_SIDECAR_KEY_ID + - AUTOSCALER_SIDECAR_GROUP_NAME + - AUTOSCALER_SIDECAR_HOST_ID + - AUTOSCALER_SIDECAR_INSTANCE_ID + - AUTOSCALER_SIDECAR_PORT + - AUTOSCALER_SIDECAR_REGION + - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL + - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET - ENABLE_JVB_XMPP_SERVER @@ -383,6 +392,7 @@ services: - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - JVB_DISABLE_STUN + - JVB_INSTANCE_ID - JVB_PORT - JVB_MUC_NICKNAME - JVB_STUN_SERVERS diff --git a/jibri.yml b/jibri.yml index 97d2e4c7e0..a0b4937dbe 100644 --- a/jibri.yml +++ b/jibri.yml @@ -24,6 +24,7 @@ services: - DISPLAY=:0 - ENABLE_STATS_D - JIBRI_WEBHOOK_SUBSCRIBERS + - JIBRI_INSTANCE_ID - JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_RECORDING_RESOLUTION diff --git a/jvb/Dockerfile b/jvb/Dockerfile index 0a72dc1606..488ad4358b 100644 --- a/jvb/Dockerfile +++ b/jvb/Dockerfile @@ -9,7 +9,7 @@ LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-mee LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 dnsutils && \ + apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils && \ apt-cleanup COPY rootfs/ / diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config new file mode 100644 index 0000000000..777942a681 --- /dev/null +++ b/jvb/rootfs/defaults/autoscaler-sidecar.config @@ -0,0 +1,18 @@ +{{ $JVB_COLIBRI_PORT := .Env.JVB_COLIBRI_PORT | default "8080" -}} +{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}} +{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}} +export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }} +export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }} +export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }} +export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh" +export TERMINATE_SCRIPT="/opt/jitsi/jvb/shutdown.sh" +export ENABLE_REPORT_STATS=true +export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" +export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats" +export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" +export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" +export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}" +export INSTANCE_TYPE="JVB" +export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}" +export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}' diff --git a/jvb/rootfs/etc/cont-init.d/10-config b/jvb/rootfs/etc/cont-init.d/10-config index 62beddf32d..127e71715c 100644 --- a/jvb/rootfs/etc/cont-init.d/10-config +++ b/jvb/rootfs/etc/cont-init.d/10-config @@ -35,6 +35,39 @@ if [[ -f /config/custom-sip-communicator.properties ]]; then cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties fi +# set random jvb nickname for the instance if is not set +[ -z "${JVB_INSTANCE_ID}" ] && export JVB_INSTANCE_ID="jvb-$(date +%N)" + +# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled +if [ -n "$AUTOSCALER_URL" ]; then + if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem" + fi + if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then + # assume key id is equal to the base real path of the key file minus .pem + export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')" + fi + + if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + echo "AUTOSCALER_URL found, enabling autoscaler sidecar" + + export JVB_VERSION="dpkg -s jitsi-videobridge2 | grep Version | awk '{print $2}' | sed 's/..$//'" + + [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000" + [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook" + [ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JVB_INSTANCE_ID" + [ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker" + [ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jvb" + + mkdir -p /etc/jitsi/autoscaler-sidecar + tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config + else + echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled" + fi +else + echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled" +fi + tpl /defaults/logging.properties > /config/logging.properties tpl /defaults/jvb.conf > /config/jvb.conf diff --git a/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run b/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run new file mode 100644 index 0000000000..22f775088e --- /dev/null +++ b/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash + +if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then + DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js" + exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON" +else + # if autoscaler-sidecar should not be started, + # prevent s6 from restarting this script again and again + s6-svc -O /var/run/s6/services/50-autoscaler-sidecar +fi From 3b9afe4f5ae36376a83acc6c47c9d4018a705870 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:39:42 +0100 Subject: [PATCH 19/27] release: build images before comitting the changelog This makes it easy to re-attempt a botched build. --- release.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/release.sh b/release.sh index b5fbae8378..98c1e57049 100755 --- a/release.sh +++ b/release.sh @@ -25,8 +25,8 @@ VERSION="${RELEASE}-${V}" echo "Releasing ${VERSION}" if git rev-parse "${VERSION}" >/dev/null 2>&1; then - echo "Tag for such version already exists!" - exit 1 + echo "Tag for such version already exists!" + exit 1 fi # Prepare changelog @@ -38,6 +38,14 @@ CHANGES=$(git log --oneline --no-decorate --no-merges ${LAST_VERSION}..HEAD --pr echo "Changelog:" echo "$CHANGES" +# Tag Docker images and push them to DockerHub +# + +JITSI_BUILD=${VERSION} JITSI_RELEASE=${RELEASE} make release + +# Changelog +# + echo -e "## ${VERSION}\n\nBased on ${RELEASE} release ${V}.\n\n${CHANGES}\n" > tmp cat CHANGELOG.md >> tmp mv tmp CHANGELOG.md @@ -53,11 +61,6 @@ sed -i "" -e "s/unstable/${VERSION}/" *.yml git commit -a -m "release: ${VERSION}" -m "${CHANGES}" git tag -a "${VERSION}" -m "release" -m "${CHANGES}" -# Tag Docker images and push them to DockerHub -# - -JITSI_BUILD=${VERSION} JITSI_RELEASE=${RELEASE} make release - # Revert back to "unstable" for development # From ea61fb7f7cd64d895297b31729cddf880949db43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:55:18 +0100 Subject: [PATCH 20/27] release: stable-9078 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 3b9afe4 release: build images before comitting the changelog * 54d422b jvb: autoscaler sidecar support * 9f0658d sample: escape/encapsulate string * 5d05ba2 jicofo: support jicofo log file for tailing (#1632) * 8555fe1 web: param to control config.hosts.authDomain (#1627) * cd1c9fb prosody: remove muc limit messages from visitors (#1626) * af50dde prosody: s2s whitelist duplicate param fix (#1625) * eb91893 prosody: add ping module to auth domain (#1624) * 261caa3 prosody: guest ping module, var for auth type (#1623) * 7fb1026 prosody: params for limits (#1622) * cf894ce prosody: variables for lobby and breakout modules * a827437 prosody: param to link room metadata to main vhost (#1616) * 5120595 prosody: var for config in main vhost (#1615) * bebd748 web: flag to control sctp bridge channel choice (#1613) * 6bfa830 prosody: visitor mode support (#1611) * 7bfc5c1 prosody: update version of prosody-plugings package * 3a77aac jicofo: support visitors in jicofo configuration (#1610) * f860c5d jvb: don’t send Jetty server version * 63380fa misc: working on unstable --- CHANGELOG.md | 24 ++++++++++++++++++++++++ docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7edbdb277..70922f7034 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +## stable-9078 + +Based on stable release 9078. + +* 3b9afe4 release: build images before comitting the changelog +* 54d422b jvb: autoscaler sidecar support +* 9f0658d sample: escape/encapsulate string +* 5d05ba2 jicofo: support jicofo log file for tailing (#1632) +* 8555fe1 web: param to control config.hosts.authDomain (#1627) +* cd1c9fb prosody: remove muc limit messages from visitors (#1626) +* af50dde prosody: s2s whitelist duplicate param fix (#1625) +* eb91893 prosody: add ping module to auth domain (#1624) +* 261caa3 prosody: guest ping module, var for auth type (#1623) +* 7fb1026 prosody: params for limits (#1622) +* cf894ce prosody: variables for lobby and breakout modules +* a827437 prosody: param to link room metadata to main vhost (#1616) +* 5120595 prosody: var for config in main vhost (#1615) +* bebd748 web: flag to control sctp bridge channel choice (#1613) +* 6bfa830 prosody: visitor mode support (#1611) +* 7bfc5c1 prosody: update version of prosody-plugings package +* 3a77aac jicofo: support visitors in jicofo configuration (#1610) +* f860c5d jvb: don’t send Jetty server version +* 63380fa misc: working on unstable + ## stable-8960-1 Based on stable release 8960-1. diff --git a/docker-compose.yml b/docker-compose.yml index fe00116963..74f23e1a7e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -163,7 +163,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -290,7 +290,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -365,7 +365,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index a0b4937dbe..9052ea5192 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 210d5916cc..93d055f7b1 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From d67938cc6639b8bd41cd0379e2e0bde6c3590fa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:55:18 +0100 Subject: [PATCH 21/27] misc: working on unstable --- docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 74f23e1a7e..fe00116963 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -163,7 +163,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -290,7 +290,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -365,7 +365,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index 9052ea5192..a0b4937dbe 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 93d055f7b1..210d5916cc 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From ca7635a7a5ea93b468c3da8a8f5893b24ef28af9 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Tue, 14 Nov 2023 11:11:13 -0600 Subject: [PATCH 22/27] Re-add mistakenly removed call-status-checks settings Signed-off-by: Rhea Danzey --- jibri/rootfs/defaults/jibri.conf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 5881d01bb9..59d2aeac89 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -150,4 +150,31 @@ jibri { port = {{ $STATSD_PORT }} } {{ end -}} + + call-status-checks { + {{ if .Env.NO_MEDIA_TIMEOUT -}} + // If all clients have their audio and video muted and if Jibri does not + // detect any data stream (audio or video) comming in, it will stop + // recording after NO_MEDIA_TIMEOUT expires. + no-media-timeout = {{ .Env.NO_MEDIA_TIMEOUT }} + {{ end -}} + + {{ if .Env.ALL_MUTED_TIMEOUT -}} + // If all clients have their audio and video muted, Jibri consideres this + // as an empty call and stops the recording after ALL_MUTED_TIMEOUT expires. + all-muted-timeout = {{ .Env.ALL_MUTED_TIMEOUT }} + {{ end -}} + + {{ if .Env.DEFAULT_CALL_EMPTY_TIMEOUT -}} + // When detecting if a call is empty, Jibri takes into consideration for how + // long the call has been empty already. If it has been empty for more than + // DEFAULT_CALL_EMPTY_TIMEOUT, it will consider it empty and stop the recording. + default-call-empty-timeout = {{ .Env.DEFAULT_CALL_EMPTY_TIMEOUT }} + {{ end -}} + + {{ if .Env.ICE_CONNECTION_TIMEOUT -}} + // If ICE hasn't completed, or stays in a state other than "connected" for this amount of time, Jibri will stop. + ice-connection-timeout = {{ .Env.ICE_CONNECTION_TIMEOUT }} + {{ end -}} + } } From 082718697672d3e0add450d1c61971885b5897f1 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 14 Nov 2023 13:15:13 -0600 Subject: [PATCH 23/27] prosody: stun in external services (#1644) --- docker-compose.yml | 2 ++ prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index fe00116963..f6feeec701 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -257,6 +257,8 @@ services: - PROSODY_VISITOR_INDEX - PROSODY_VISITORS_MUC_PREFIX - PUBLIC_URL + - STUN_HOST + - STUN_PORT - TURN_CREDENTIALS - TURN_HOST - TURNS_HOST diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 2fbb440e43..ce9c36a828 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -24,6 +24,8 @@ {{ $GUEST_AUTH_TYPE := .Env.PROSODY_GUEST_AUTH_TYPE | default "jitsi-anonymous" -}} {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}} +{{ $STUN_HOST := .Env.STUN_HOST | default "" -}} +{{ $STUN_PORT := .Env.STUN_PORT | default "443" -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}} {{ $TURN_HOSTS := splitList "," $TURN_HOST -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} @@ -81,12 +83,15 @@ http_default_host = "{{ $XMPP_DOMAIN }}" external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; {{- end }} -{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}} +{{ if or .Env.STUN_HOST .Env.TURN_HOST .Env.TURNS_HOST -}} external_services = { - {{ if $TURN_HOST -}} + {{- if $STUN_HOST }} + { type = "stun", host = "{{ $STUN_HOST }}", port = {{ $STUN_PORT }}, transport = "udp" } + {{- end }} + {{- if $TURN_HOST -}} {{- range $idx1, $host := $TURN_HOSTS -}} {{- range $idx2, $transport := $TURN_TRANSPORTS -}} - {{- if or $idx1 $idx2 -}},{{- end }} + {{- if or $STUN_HOST $idx1 $idx2 -}},{{- end }} { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } {{- end -}} {{- end -}} @@ -94,7 +99,7 @@ external_services = { {{- if $TURNS_HOST -}} {{- range $idx, $host := $TURNS_HOSTS -}} - {{- if or $TURN_HOST $idx -}},{{- end }} + {{- if or $STUN_HOST $TURN_HOST $idx -}},{{- end }} { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } {{- end }} {{- end }} From 54d3aca2bf8b8c599054ca17c8c5b9b25b1c1556 Mon Sep 17 00:00:00 2001 From: Daniel McAssey Date: Tue, 14 Nov 2023 15:04:31 +0000 Subject: [PATCH 24/27] jicofo: add AV1 options --- docker-compose.yml | 4 ++++ jicofo/rootfs/defaults/jicofo.conf | 5 +++++ web/rootfs/defaults/settings-config.js | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index f6feeec701..9367b73ec8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -147,6 +147,9 @@ services: - VIDEOQUALITY_BITRATE_VP9_LOW - VIDEOQUALITY_BITRATE_VP9_STANDARD - VIDEOQUALITY_BITRATE_VP9_HIGH + - VIDEOQUALITY_BITRATE_AV1_LOW + - VIDEOQUALITY_BITRATE_AV1_STANDARD + - VIDEOQUALITY_BITRATE_AV1_HIGH - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC - VIDEOQUALITY_PREFERRED_CODEC - XMPP_AUTH_DOMAIN @@ -306,6 +309,7 @@ services: - ENABLE_AUTO_OWNER - ENABLE_CODEC_VP8 - ENABLE_CODEC_VP9 + - ENABLE_CODEC_AV1 - ENABLE_CODEC_H264 - ENABLE_CODEC_OPUS_RED - ENABLE_JVB_XMPP_SERVER diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index b8f9abe879..1b1510ac92 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -107,6 +107,11 @@ jicofo { enabled = {{ .Env.ENABLE_CODEC_VP9 | toBool }} } {{ end }} + {{ if .Env.ENABLE_CODEC_AV1 }} + av1 { + enabled = {{ .Env.ENABLE_CODEC_AV1 | toBool }} + } + {{ end }} {{ if .Env.ENABLE_CODEC_H264 }} h264 { enabled = {{ .Env.ENABLE_CODEC_H264 | toBool }} diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 5151b84978..be2d79f8d6 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -436,6 +436,10 @@ config.videoQuality.maxBitratesVideo.VP8 = { low: {{ .Env.VIDEOQUALITY_BITRATE_V {{ if and .Env.VIDEOQUALITY_BITRATE_VP9_LOW .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD .Env.VIDEOQUALITY_BITRATE_VP9_HIGH -}} config.videoQuality.maxBitratesVideo = config.videoQuality.maxBitratesVideo || {} config.videoQuality.maxBitratesVideo.VP9 = { low: {{ .Env.VIDEOQUALITY_BITRATE_VP9_LOW }}, standard: {{ .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD }}, high: {{ .Env.VIDEOQUALITY_BITRATE_VP9_HIGH }} }; +{{ end -}} +{{ if and .Env.VIDEOQUALITY_BITRATE_AV1_LOW .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD .Env.VIDEOQUALITY_BITRATE_AV1_HIGH -}} +config.videoQuality.maxBitratesVideo = config.videoQuality.maxBitratesVideo || {} +config.videoQuality.maxBitratesVideo.AV1 = { low: {{ .Env.VIDEOQUALITY_BITRATE_AV1_LOW }}, standard: {{ .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD }}, high: {{ .Env.VIDEOQUALITY_BITRATE_AV1_HIGH }} }; {{ end -}} // Reactions From 825730d6597a92b4f06c14eaf54a45e0d4667527 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 17 Nov 2023 14:32:05 -0600 Subject: [PATCH 25/27] web: nginx ws-colibri proxy regex updates (#1645) --- docker-compose.yml | 4 ++++ web/Dockerfile | 2 +- web/rootfs/defaults/meet.conf | 3 ++- web/rootfs/etc/cont-init.d/10-config | 19 +++++++++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9367b73ec8..e8f1c306b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,6 +24,8 @@ services: - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - COLIBRI_WEBSOCKET_PORT + - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME + - COLIBRI_WEBSOCKET_REGEX - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEFAULT_LANGUAGE @@ -38,6 +40,7 @@ services: - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DISABLE_AUDIO_LEVELS + - DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP - DISABLE_DEEP_LINKING - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS @@ -58,6 +61,7 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX - ENABLE_E2EPING - ENABLE_FILE_RECORDING_SHARING - ENABLE_GUESTS diff --git a/web/Dockerfile b/web/Dockerfile index c8f1be4555..5f29e5f0c4 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -12,7 +12,7 @@ ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh /opt COPY rootfs/ / RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web socat curl jq && \ + apt-dpkg-wrap apt-get install -y dnsutils cron nginx-extras jitsi-meet-web socat curl jq && \ mv /usr/share/jitsi-meet/interface_config.js /defaults && \ rm -f /etc/nginx/conf.d/default.conf && \ apt-cleanup diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index 8fc7beb493..013a15b221 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,5 +1,6 @@ {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $COLIBRI_WEBSOCKET_PORT := .Env.COLIBRI_WEBSOCKET_PORT | default "9090" }} +{{ $COLIBRI_WEBSOCKET_REGEX := .Env.COLIBRI_WEBSOCKET_REGEX | default "jvb" }} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} @@ -69,7 +70,7 @@ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|. {{ if $ENABLE_COLIBRI_WEBSOCKET }} # colibri (JVB) websockets -location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) { +location ~ ^/colibri-ws/({{ $COLIBRI_WEBSOCKET_REGEX }})/(.*) { tcp_nodelay on; proxy_http_version 1.1; diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config index f0e7ab2ac0..318dfa750d 100644 --- a/web/rootfs/etc/cont-init.d/10-config +++ b/web/rootfs/etc/cont-init.d/10-config @@ -88,6 +88,25 @@ fi echo "Using Nginx resolver: =$NGINX_RESOLVER=" +# colibri-ws settings +COLIBRI_WEBSOCKET_UNSAFE_REGEX="[a-zA-Z0-9-\._]+" +# use custom websocket regex if provided +if [ -z "$COLIBRI_WEBSOCKET_REGEX" ]; then + # default to the previous unsafe behavior only if flag is set + if [[ "$ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX" == "1" ]]; then + export COLIBRI_WEBSOCKET_REGEX="$COLIBRI_WEBSOCKET_UNSAFE_REGEX" + else + # default value to the JVB IP, works in compose and anywhere a dns lookup of the JVB reveals the correct IP for proxying + [ -z "$COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME" ] && export COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME="jvb" + if [[ "$DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP" == "1" ]]; then + # otherwise value default to the static value in the template 'jvb' + echo "WARNING: DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP is set and no value for COLIBRI_WEBSOCKET_REGEX was provided, using static value 'jvb' for COLIBRI_WEBSOCKET_REGEX" + else + export COLIBRI_WEBSOCKET_REGEX="$(dig +short +search $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME)" + fi + fi +fi + # copy config files tpl /defaults/nginx.conf > /config/nginx/nginx.conf From c56ed00634e30133a8be82c2e5f38f3c532f0d06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 21 Nov 2023 17:40:07 +0100 Subject: [PATCH 26/27] release: stable-9111 * 825730d web: nginx ws-colibri proxy regex updates (#1645) * 54d3aca jicofo: add AV1 options * 0827186 prosody: stun in external services (#1644) * d67938c misc: working on unstable --- CHANGELOG.md | 9 +++++++++ docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70922f7034..0a08a4b7d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## stable-9111 + +Based on stable release 9111. + +* 825730d web: nginx ws-colibri proxy regex updates (#1645) +* 54d3aca jicofo: add AV1 options +* 0827186 prosody: stun in external services (#1644) +* d67938c misc: working on unstable + ## stable-9078 Based on stable release 9078. diff --git a/docker-compose.yml b/docker-compose.yml index e8f1c306b9..a6065b0f20 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -170,7 +170,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -299,7 +299,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -375,7 +375,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index a0b4937dbe..165f0d029f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 210d5916cc..754691dae3 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From 80d5b1296ea196c70ab41f422b9bbdf06d170148 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Mon, 27 Nov 2023 10:52:57 -0600 Subject: [PATCH 27/27] Patch JVB autoscaler sidecar config to not use s6-overlay Signed-off-by: Rhea Danzey --- jvb/rootfs/etc/supervisor/conf.d/20_autoscaler_sidecar.conf | 6 ++++++ .../run => usr/bin/service_wrapper_autoscaler_sidecar} | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 jvb/rootfs/etc/supervisor/conf.d/20_autoscaler_sidecar.conf rename jvb/rootfs/{etc/services.d/50-autoscaler-sidecar/run => usr/bin/service_wrapper_autoscaler_sidecar} (58%) diff --git a/jvb/rootfs/etc/supervisor/conf.d/20_autoscaler_sidecar.conf b/jvb/rootfs/etc/supervisor/conf.d/20_autoscaler_sidecar.conf new file mode 100644 index 0000000000..606812a324 --- /dev/null +++ b/jvb/rootfs/etc/supervisor/conf.d/20_autoscaler_sidecar.conf @@ -0,0 +1,6 @@ +[program:jvb-autoscaler-sidecar] +command=/bin/bash -c "/usr/bin/service_wrapper_autoscaler_sidecar" +autorestart=unexpected +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true diff --git a/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run b/jvb/rootfs/usr/bin/service_wrapper_autoscaler_sidecar similarity index 58% rename from jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run rename to jvb/rootfs/usr/bin/service_wrapper_autoscaler_sidecar index 22f775088e..f811d97306 100644 --- a/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run +++ b/jvb/rootfs/usr/bin/service_wrapper_autoscaler_sidecar @@ -1,10 +1,10 @@ -#!/usr/bin/with-contenv bash +#!/bin/bash if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js" - exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON" + /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON" else # if autoscaler-sidecar should not be started, # prevent s6 from restarting this script again and again - s6-svc -O /var/run/s6/services/50-autoscaler-sidecar + supervisorctl stop jvb-autoscaler-sidecar fi