Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

prosody: visitor mode support (#1611)

Browse Source 
support for visitor mode in prosody, with some fixes for jicofo as well
This commit is contained in:
Aaron van Meerten
2023-09-29 08:03:53 -05:00
committed by GitHub
parent 7bfc5c1f7a
commit 6bfa8302f1
6 changed files with 352 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docker-compose.yml
View File

@@ -165,8 +165,9 @@ services:
restart: ${RESTART_POLICY:-unless-stopped} restart: ${RESTART_POLICY:-unless-stopped}
expose: expose:
- '${XMPP_PORT:-5222}' - '${XMPP_PORT:-5222}'
- '${PROSODY_S2S_PORT:-5269}'
- '5347' - '5347'
- '5280' - '${PROSODY_HTTP_PORT:-5280}'
volumes: volumes:
- ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/config:/config:Z
- ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
@@ -181,6 +182,8 @@ services:
- ENABLE_IPV6 - ENABLE_IPV6
- ENABLE_LOBBY - ENABLE_LOBBY
- ENABLE_RECORDING - ENABLE_RECORDING
- ENABLE_S2S
- ENABLE_VISITORS
- ENABLE_XMPP_WEBSOCKET - ENABLE_XMPP_WEBSOCKET
- ENABLE_JAAS_COMPONENTS - ENABLE_JAAS_COMPONENTS
- GC_TYPE - GC_TYPE
@@ -229,15 +232,23 @@ services:
- LDAP_URL - LDAP_URL
- LDAP_USE_TLS - LDAP_USE_TLS
- MAX_PARTICIPANTS - MAX_PARTICIPANTS
- PROSODY_ADMINS
- PROSODY_AUTH_TYPE - PROSODY_AUTH_TYPE
- PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_ENABLED
- PROSODY_RESERVATION_REST_BASE_URL - PROSODY_RESERVATION_REST_BASE_URL
- PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_RATE_LIMITS
- PROSODY_ENABLE_S2S
- PROSODY_HTTP_PORT
- PROSODY_MODE
- PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_LOGIN_RATE
- PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_SESSION_RATE
- PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_TIMEOUT
- PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_ALLOW_RANGES
- PROSODY_RATE_LIMIT_CACHE_SIZE - PROSODY_RATE_LIMIT_CACHE_SIZE
- PROSODY_S2S_PORT
- PROSODY_TRUSTED_PROXIES
- PROSODY_VISITOR_INDEX
- PROSODY_VISITORS_MUC_PREFIX
- PUBLIC_URL - PUBLIC_URL
- TURN_CREDENTIALS - TURN_CREDENTIALS
- TURN_HOST - TURN_HOST
@@ -246,6 +257,10 @@ services:
- TURNS_PORT - TURNS_PORT
- TURN_TRANSPORT - TURN_TRANSPORT
- TZ - TZ
- VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_DOMAIN
- VISITORS_XMPP_SERVER
- VISITORS_XMPP_PORT
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN - XMPP_GUEST_DOMAIN
@@ -257,6 +272,7 @@ services:
- XMPP_INTERNAL_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES
- XMPP_RECORDER_DOMAIN - XMPP_RECORDER_DOMAIN
- XMPP_PORT - XMPP_PORT
- XMPP_SERVER_S2S_PORT
networks: networks:
meet.jitsi: meet.jitsi:
aliases: aliases:
@@ -316,6 +332,7 @@ services:
- JVB_XMPP_SERVER - JVB_XMPP_SERVER
- MAX_BRIDGE_PARTICIPANTS - MAX_BRIDGE_PARTICIPANTS
- OCTO_BRIDGE_SELECTION_STRATEGY - OCTO_BRIDGE_SELECTION_STRATEGY
- PROSODY_VISITORS_MUC_PREFIX
- SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
- SENTRY_ENVIRONMENT - SENTRY_ENVIRONMENT
- SENTRY_RELEASE - SENTRY_RELEASE
@@ -323,6 +340,7 @@ services:
- VISITORS_MAX_PARTICIPANTS - VISITORS_MAX_PARTICIPANTS
- VISITORS_MAX_VISITORS_PER_NODE - VISITORS_MAX_VISITORS_PER_NODE
- VISITORS_XMPP_SERVER - VISITORS_XMPP_SERVER
- VISITORS_XMPP_DOMAIN
- XMPP_DOMAIN - XMPP_DOMAIN
- XMPP_AUTH_DOMAIN - XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN

11
jicofo/rootfs/defaults/jicofo.conf
View File

@@ -19,6 +19,9 @@
{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
{{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
{{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }} {{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
@@ -212,8 +215,8 @@ jicofo {
{{ if .Env.VISITORS_MAX_PARTICIPANTS }} {{ if .Env.VISITORS_MAX_PARTICIPANTS }}
max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }} max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }}
{{ end }} {{ end }}
{{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }} {{ if $VISITORS_MAX_VISITORS_PER_NODE }}
max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }} max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }}
{{ end }} {{ end }}
} }
{{ end }} {{ end }}
@@ -225,12 +228,12 @@ jicofo {
{{ $SERVER := splitn ":" 2 $element }} {{ $SERVER := splitn ":" 2 $element }}
v{{ $index }} { v{{ $index }} {
enabled = true enabled = true
conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }} conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
hostname = {{ $SERVER._0 }} hostname = {{ $SERVER._0 }}
{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
port = {{ $SERVER._1 | default $DEFAULT_PORT }} port = {{ $SERVER._1 | default $DEFAULT_PORT }}
domain = "{{ $XMPP_AUTH_DOMAIN }}" domain = "{{ $XMPP_AUTH_DOMAIN }}"
xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }} xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
disable-certificate-verification = true disable-certificate-verification = true
} }

18
prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
View File

@@ -1,4 +1,5 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}} {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
@@ -208,6 +209,9 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
{{ if $PROSODY_RESERVATION_ENABLED }} {{ if $PROSODY_RESERVATION_ENABLED }}
"reservations"; "reservations";
{{ end }} {{ end }}
{{ if $ENABLE_VISITORS }}
"visitors";
{{ end }}
} }
main_muc = "{{ $XMPP_MUC_DOMAIN }}" main_muc = "{{ $XMPP_MUC_DOMAIN }}"
@@ -240,11 +244,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
c2s_require_encryption = false c2s_require_encryption = false
{{ if $ENABLE_VISITORS }}
visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" }
{{ end }}
{{ if $ENABLE_GUEST_DOMAIN }} {{ if $ENABLE_GUEST_DOMAIN }}
VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" VirtualHost "{{ $XMPP_GUEST_DOMAIN }}"
authentication = "jitsi-anonymous" authentication = "jitsi-anonymous"
c2s_require_encryption = false c2s_require_encryption = false
{{ if $ENABLE_VISITORS }}
allow_anonymous_s2s = true
{{ end }}
{{ end }} {{ end }}
VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" VirtualHost "{{ $XMPP_AUTH_DOMAIN }}"
@@ -404,3 +416,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component" Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component"
muc_component = "{{ $XMPP_MUC_DOMAIN }}" muc_component = "{{ $XMPP_MUC_DOMAIN }}"
breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}" breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}"
{{ if $ENABLE_VISITORS }}
Component "visitors.{{ $XMPP_DOMAIN }}" "visitors_component"
auto_allow_visitor_promotion = true
{{ end }}

209
prosody/rootfs/defaults/conf.d/visitors.cfg.lua Normal file
View File

@@ -0,0 +1,209 @@
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}}
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}}
{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
{{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}}
{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}}
{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}}
{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}}
{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}}
{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}}
{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}}
{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
{{ $SHARD_NAME := .Env.SHARD | default "default" -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}}
{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
{{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
{{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}}
{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}}
{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}}
{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}}
{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}}
{{ $VISITOR_INDEX := .Env.PROSODY_VISITOR_INDEX | default "0" -}}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
{{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}}
{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}";
muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}";
http_default_host = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"
{{ if .Env.TURN_CREDENTIALS -}}
external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
{{- end }}
{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}}
external_services = {
{{ if $TURN_HOST -}}
{{- range $idx1, $host := $TURN_HOSTS -}}
{{- range $idx2, $transport := $TURN_TRANSPORTS -}}
{{- if or $idx1 $idx2 -}},{{- end }}
{ type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" }
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $TURNS_HOST -}}
{{- range $idx, $host := $TURNS_HOSTS -}}
{{- if or $TURN_HOST $idx -}},{{- end }}
{ type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
{{- end }}
{{- end }}
};
{{- end }}
main_domain = '{{ $XMPP_DOMAIN }}';
-- https://prosody.im/doc/modules/mod_smacks
smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
-- this is dropped in 0.12
smacks_max_hibernated_sessions = 1;
smacks_max_old_sessions = 1;
unlimited_jids = { "focus@{{ $XMPP_AUTH_DOMAIN }}" }
limits = {
c2s = {
rate = "512kb/s";
};
}
authentication = 'internal_hashed'
storage = 'internal'
consider_websocket_secure = true;
consider_bosh_secure = true;
bosh_max_inactivity = 60;
trusted_proxies = {
{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
"{{ $proxy }}";
{{ end }}
}
-- this is added to make certs_s2soutinjection work
s2sout_override = {
["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room
["{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
["visitors.{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
{{ if $ENABLE_GUEST_DOMAIN -}}
["{{ $XMPP_GUEST_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
{{ end -}}
}
muc_limit_messages_count = 10;
muc_limit_messages_check_token = {{ $LIMIT_MESSAGES_CHECK_TOKEN }};
----------- Virtual hosts -----------
VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}'
authentication = 'jitsi-anonymous'
ssl = {
key = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.key";
certificate = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.crt";
}
modules_enabled = {
'bosh';
'ping';
"external_services";
{{ if $ENABLE_XMPP_WEBSOCKET -}}
"websocket";
"smacks"; -- XEP-0198: Stream Management
{{ end -}}
{{ if .Env.XMPP_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
{{ end }}
}
main_muc = '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}';
shard_name = "{{ $SHARD_NAME }}"
region_name = "{{ $REGION_NAME }}"
release_number = "{{ $RELEASE_NUMBER }}"
VirtualHost '{{ $XMPP_AUTH_DOMAIN}}'
modules_enabled = {
'limits_exception';
'ping';
}
authentication = 'internal_hashed'
Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' 'muc'
storage = 'memory'
muc_room_cache_size = 10000
restrict_room_creation = true
modules_enabled = {
"muc_hide_all";
"muc_meeting_id";
'fmuc';
's2s_bidi';
's2s_whitelist';
's2sout_override';
'muc_max_occupants';
"muc_limit_messages";
{{ if $ENABLE_SUBDOMAINS -}}
"muc_domain_mapper";
{{ end -}}
{{ if $ENABLE_RATE_LIMITS -}}
"muc_rate_limit";
"rate_limit";
{{ end -}}
{{ if .Env.XMPP_MUC_MODULES -}}
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
{{ end -}}
}
muc_room_default_presence_broadcast = {
visitor = false;
participant = true;
moderator = true;
};
muc_room_locking = false
muc_room_default_public_jids = true
muc_max_occupants = {{ $VISITORS_MAX_VISITORS_PER_NODE}}
muc_access_whitelist = {
"{{ $XMPP_DOMAIN }}";
}
{{ if $ENABLE_RATE_LIMITS -}}
-- Max allowed join/login rate in events per second.
rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
-- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
-- The time in seconds, after which the limit for an IP address is lifted.
rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
-- List of regular expressions for IP addresses that are not limited by this module.
rate_limit_whitelist = {
"127.0.0.1";
{{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}}
"{{ $cidr }}";
{{ end -}}
};
rate_limit_whitelist_jids = {
"{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
"{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"
}
{{ end -}}
-- The size of the cache that saves state for IP addresses
rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
muc_rate_joins = 30;
{{ if .Env.XMPP_MUC_CONFIGURATION -}}
{{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }}
{{ end -}}

71
prosody/rootfs/defaults/prosody.cfg.lua
View File

@@ -1,5 +1,7 @@
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
{{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }}
{{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}}
{{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}} {{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}}
{{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}} {{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}}
@@ -7,6 +9,20 @@
{{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}} {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}}
{{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}}
{{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}}
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}}
{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}}
{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
-- Prosody Example Configuration File -- Prosody Example Configuration File
-- --
@@ -30,8 +46,7 @@
-- for the server. Note that you must create the accounts separately -- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info) -- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" } -- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { } admins = { {{ if .Env.PROSODY_ADMINS }}{{ range $index, $element := $PROSODY_ADMIN_LIST -}}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}{{ end }} }
-- Enable use of libevent for better performance under high load -- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent -- For more information see: http://prosody.im/doc/libevent
--use_libevent = true; --use_libevent = true;
@@ -81,6 +96,13 @@ modules_enabled = {
--"watchregistrations"; -- Alert admins of registrations --"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in --"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
{{ if $ENABLE_S2S -}}
"s2s_bidi";
"certs_s2soutinjection";
"s2sout_override";
"s2s_whitelist";
{{ end -}}
{{ if .Env.GLOBAL_MODULES }} {{ if .Env.GLOBAL_MODULES }}
"{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}"; "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
{{ end }} {{ end }}
@@ -94,7 +116,10 @@ https_ports = { }
modules_disabled = { modules_disabled = {
-- "offline"; -- Store offline messages -- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections -- "c2s"; -- Handle client connections
{{ if not $ENABLE_S2S -}}
"s2s"; -- Handle server-to-server connections "s2s"; -- Handle server-to-server connections
{{ end -}}
}; };
-- Disable account creation by default, for security -- Disable account creation by default, for security
@@ -143,6 +168,42 @@ c2s_interfaces = { "*", "::" }
c2s_interfaces = { "*" } c2s_interfaces = { "*" }
{{ end }} {{ end }}
{{ if $ENABLE_S2S -}}
-- set s2s port
s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port
s2s_whitelist = {
{{ if $ENABLE_VISITORS -}}
'{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room
'visitors.{{ $XMPP_DOMAIN }}'; -- needed for sending promotion request to visitors.{{ $XMPP_DOMAIN }} component
'{{ $XMPP_DOMAIN }}'; -- unavailable presences back to main room
{{ end -}}
{{ if $ENABLE_GUEST_DOMAIN -}}
'{{ $XMPP_GUEST_DOMAIN }}';
{{ end -}}
}
{{ end -}}
{{ if $ENABLE_VISITORS -}}
{{ if $.Env.VISITORS_XMPP_SERVER -}}
s2sout_override = {
{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
{{ $SERVER := splitn ":" 2 $element }}
{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
["{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
{{ end -}}
};
s2s_whitelist = {
{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
"{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}";
{{ end -}}
};
{{ end -}}
{{ end -}}
-- Force certificate authentication for server-to-server connections? -- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate -- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates. -- with to support encryption AND present valid, trusted certificates.
@@ -208,7 +269,7 @@ unbound = {
resolvconf = true resolvconf = true
} }
http_ports = { 5280 } http_ports = { {{ $PROSODY_HTTP_PORT }} }
{{ if $ENABLE_IPV6 }} {{ if $ENABLE_IPV6 }}
http_interfaces = { "*", "::" } http_interfaces = { "*", "::" }
{{ else }} {{ else }}

29
prosody/rootfs/etc/cont-init.d/10-config
View File

@@ -25,10 +25,24 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then
chown -R prosody /prosody-plugins-custom chown -R prosody /prosody-plugins-custom
fi fi
mkdir /config/certs mkdir /config/certs
cp -r /defaults/* /config cp -r /defaults/* /config
if [[ "$PROSODY_MODE" == "visitors" ]]; then
echo "Prosody visitor mode, using alternate config"
PROSODY_SITE_CFG="visitors.cfg.lua"
rm /config/conf.d/jitsi-meet.cfg.lua
# force jicofo into auth domain for visitor-mode prosody
[ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi"
export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN"
else
echo "Prosody normal mode, using default config"
PROSODY_SITE_CFG="jitsi-meet.cfg.lua"
rm /config/conf.d/visitors.cfg.lua
fi
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG
if [[ -z $JICOFO_AUTH_PASSWORD ]]; then if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: Jicofo auth password must be set' echo 'FATAL ERROR: Jicofo auth password must be set'
@@ -45,7 +59,10 @@ fi
[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi [ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
if [[ "$PROSODY_MODE" != "visitors" ]]; then
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
fi
if [[ -z $JVB_AUTH_PASSWORD ]]; then if [[ -z $JVB_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: JVB auth password must be set' echo 'FATAL ERROR: JVB auth password must be set'
@@ -87,10 +104,20 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
fi fi
if [[ "$PROSODY_MODE" == "visitors" ]]; then
[ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
[ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0
FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN"
if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then
# echo for using all default values
echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
fi
else
if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
# echo for using all default values # echo for using all default values
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
fi fi
fi
if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then
# echo for using all default values # echo for using all default values