Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Move trusted_proxies from visitors to main prosody config file. (#1699)

Browse Source
This commit is contained in:
bgrozev
2024-01-04 15:37:18 -06:00
committed by GitHub
parent e41e4f480d
commit 8845606785
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
prosody/rootfs/defaults/conf.d/visitors.cfg.lua
View File

@@ -15,8 +15,6 @@
{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}} {{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
{{ $SHARD_NAME := .Env.SHARD | default "default" -}} {{ $SHARD_NAME := .Env.SHARD | default "default" -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}}
{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
{{ $TURN_HOST := .Env.TURN_HOST | default "" -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
{{ $TURN_HOSTS := splitList "," $TURN_HOST -}} {{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
@@ -92,12 +90,6 @@ consider_websocket_secure = true;
consider_bosh_secure = true; consider_bosh_secure = true;
bosh_max_inactivity = 60; bosh_max_inactivity = 60;
trusted_proxies = {
{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
"{{ $proxy }}";
{{ end }}
}
-- this is added to make certs_s2soutinjection work -- this is added to make certs_s2soutinjection work
s2sout_override = { s2sout_override = {
["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room

7
prosody/rootfs/defaults/prosody.cfg.lua
View File

@@ -15,6 +15,8 @@
{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} {{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}}
{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} {{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}}
{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} {{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}}
{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
{{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}} {{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}}
{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }}
{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
@@ -114,6 +116,11 @@ modules_enabled = {
component_ports = { } component_ports = { }
https_ports = { } https_ports = { }
trusted_proxies = {
{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
"{{ $proxy }}";
{{ end }}
}
{{ if eq .Env.PROSODY_MODE "brewery" -}} {{ if eq .Env.PROSODY_MODE "brewery" -}}
firewall_scripts = { firewall_scripts = {