Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

jvb: migrate config to secure octo

Browse Source 
* Migrating configuration to use secure octo configuration by default

Adding a new JVB_OCTO_RELAY_ID to configure videobridge.relay.relay-id (with a fallback to the old JVB_OCTO_BIND_ADDRESS to be used as relay-id)

* Adding a configuration check to verify that Octo cannot be enabled without the ENABLE_COLIBRI_WEBSOCKET environment variable set to "1"
This commit is contained in:
David Négrier
2022-09-15 07:36:57 +02:00
committed by GitHub
parent 91043c581d
commit a1e82ea582
4 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.yml
View File

@@ -64,6 +64,7 @@ services:
- ENABLE_LIPSYNC - ENABLE_LIPSYNC
- ENABLE_NO_AUDIO_DETECTION - ENABLE_NO_AUDIO_DETECTION
- ENABLE_NOISY_MIC_DETECTION - ENABLE_NOISY_MIC_DETECTION
- ENABLE_OCTO
- ENABLE_OPUS_RED - ENABLE_OPUS_RED
- ENABLE_PREJOIN_PAGE - ENABLE_PREJOIN_PAGE
- ENABLE_P2P - ENABLE_P2P
@@ -316,9 +317,8 @@ services:
- JVB_MUC_NICKNAME - JVB_MUC_NICKNAME
- JVB_STUN_SERVERS - JVB_STUN_SERVERS
- JVB_OCTO_BIND_ADDRESS - JVB_OCTO_BIND_ADDRESS
- JVB_OCTO_PUBLIC_ADDRESS
- JVB_OCTO_BIND_PORT
- JVB_OCTO_REGION - JVB_OCTO_REGION
- JVB_OCTO_RELAY_ID
- JVB_WS_DOMAIN - JVB_WS_DOMAIN
- JVB_WS_SERVER_ID - JVB_WS_SERVER_ID
- PUBLIC_URL - PUBLIC_URL

6
jvb/rootfs/defaults/jvb.conf
View File

@@ -77,12 +77,10 @@ videobridge {
} }
{{ if $ENABLE_OCTO -}} {{ if $ENABLE_OCTO -}}
octo { relay {
enabled = true enabled = true
bind-address = "{{ .Env.JVB_OCTO_BIND_ADDRESS | default "0.0.0.0" }}"
public-address = "{{ .Env.JVB_OCTO_PUBLIC_ADDRESS }}"
bind-port = "{{ .Env.JVB_OCTO_BIND_PORT | default "4096" }}"
region = "{{ .Env.JVB_OCTO_REGION | default "europe" }}" region = "{{ .Env.JVB_OCTO_REGION | default "europe" }}"
relay-id = "{{ .Env.JVB_OCTO_RELAY_ID | default .Env.JVB_OCTO_BIND_ADDRESS }}"
} }
{{ end -}} {{ end -}}
} }

6
jvb/rootfs/etc/cont-init.d/10-config
View File

@@ -31,3 +31,9 @@ tpl /defaults/logging.properties > /config/logging.properties
tpl /defaults/jvb.conf > /config/jvb.conf tpl /defaults/jvb.conf > /config/jvb.conf
chown -R jvb:jitsi /config chown -R jvb:jitsi /config
# Configuration checks
if [[ (-z $ENABLE_COLIBRI_WEBSOCKET || $ENABLE_COLIBRI_WEBSOCKET == "0") && $ENABLE_OCTO == "1" ]]; then
echo "ERROR: In order to enable Octo relays (with ENABLE_OCTO=1), you MUST enable Colibri websockets (with ENABLE_COLIBRI_WEBSOCKET=1)";
exit 1;
fi

14
web/rootfs/defaults/meet.conf
View File

@@ -1,5 +1,6 @@
{{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }}
{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }}
{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }}
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
@@ -74,6 +75,19 @@ location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) {
proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args; proxy_pass http://$1:9090/colibri-ws/$1/$2$is_args$args;
} }
{{ if $ENABLE_OCTO }}
# colibri (JVB) Relay to Relay websockets
location ~ ^/colibri-relay-ws/([a-zA-Z0-9-\._]+)/(.*) {
tcp_nodelay on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://$1:9090/colibri-relay-ws/$1/$2$is_args$args;
}
{{ end }}
{{ end }} {{ end }}
# BOSH # BOSH