config: simplify configuration
Use default values everywhere so they don't need to be specified in the .env file. This makes the default .env file much smaller (the larger config options are documented in the handbook) and should make it easier to port the setup to runtimes other than Docker Compose.
This commit is contained in:
Saúl Ibarra Corretgé
@@ -1,6 +1,9 @@
|
||||
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
|
||||
{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}}
|
||||
{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }}
|
||||
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
|
||||
{{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" -}}
|
||||
{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}}
|
||||
{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
|
||||
{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
|
||||
{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }}
|
||||
@@ -14,26 +17,32 @@
|
||||
{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
|
||||
{{ $TURN_PORT := .Env.TURN_PORT | default "443" }}
|
||||
{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" }}
|
||||
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." .Env.XMPP_MUC_DOMAIN)._0 }}
|
||||
{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
|
||||
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
|
||||
{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
|
||||
{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
|
||||
{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
|
||||
{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }}
|
||||
{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
|
||||
{{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
|
||||
{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
|
||||
|
||||
admins = {
|
||||
"{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}",
|
||||
"{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
|
||||
"{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
|
||||
"{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"
|
||||
}
|
||||
|
||||
unlimited_jids = {
|
||||
"{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}",
|
||||
"{{ .Env.JVB_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
|
||||
"{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
|
||||
"{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"
|
||||
}
|
||||
|
||||
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
|
||||
|
||||
muc_mapper_domain_base = "{{ .Env.XMPP_DOMAIN }}";
|
||||
muc_mapper_domain_base = "{{ $XMPP_DOMAIN }}";
|
||||
muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}";
|
||||
|
||||
http_default_host = "{{ .Env.XMPP_DOMAIN }}"
|
||||
http_default_host = "{{ $XMPP_DOMAIN }}"
|
||||
|
||||
{{ if .Env.TURN_CREDENTIALS }}
|
||||
external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
|
||||
@@ -64,7 +73,7 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU
|
||||
consider_bosh_secure = true;
|
||||
consider_websocket_secure = true;
|
||||
|
||||
VirtualHost "{{ .Env.XMPP_DOMAIN }}"
|
||||
VirtualHost "{{ $XMPP_DOMAIN }}"
|
||||
{{ if $ENABLE_AUTH }}
|
||||
{{ if eq $AUTH_TYPE "jwt" }}
|
||||
authentication = "{{ $JWT_AUTH_TYPE }}"
|
||||
@@ -95,8 +104,8 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
|
||||
authentication = "jitsi-anonymous"
|
||||
{{ end }}
|
||||
ssl = {
|
||||
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt";
|
||||
key = "/config/certs/{{ $XMPP_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ $XMPP_DOMAIN }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
@@ -128,54 +137,54 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
|
||||
{{end}}
|
||||
}
|
||||
|
||||
main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}"
|
||||
main_muc = "{{ $XMPP_MUC_DOMAIN }}"
|
||||
|
||||
{{ if $ENABLE_LOBBY }}
|
||||
lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}"
|
||||
{{ if .Env.XMPP_RECORDER_DOMAIN }}
|
||||
muc_lobby_whitelist = { "{{ .Env.XMPP_RECORDER_DOMAIN }}" }
|
||||
lobby_muc = "lobby.{{ $XMPP_DOMAIN }}"
|
||||
{{ if $ENABLE_RECORDING }}
|
||||
muc_lobby_whitelist = { "{{ $XMPP_RECORDER_DOMAIN }}" }
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
{{ if $ENABLE_BREAKOUT_ROOMS }}
|
||||
breakout_rooms_muc = "breakout.{{ .Env.XMPP_DOMAIN }}"
|
||||
breakout_rooms_muc = "breakout.{{ $XMPP_DOMAIN }}"
|
||||
{{ end }}
|
||||
|
||||
speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}"
|
||||
conference_duration_component = "conferenceduration.{{ .Env.XMPP_DOMAIN }}"
|
||||
speakerstats_component = "speakerstats.{{ $XMPP_DOMAIN }}"
|
||||
conference_duration_component = "conferenceduration.{{ $XMPP_DOMAIN }}"
|
||||
|
||||
{{ if $ENABLE_AV_MODERATION }}
|
||||
av_moderation_component = "avmoderation.{{ .Env.XMPP_DOMAIN }}"
|
||||
av_moderation_component = "avmoderation.{{ $XMPP_DOMAIN }}"
|
||||
{{ end }}
|
||||
|
||||
c2s_require_encryption = false
|
||||
|
||||
{{ if $ENABLE_GUEST_DOMAIN }}
|
||||
VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
|
||||
VirtualHost "{{ $XMPP_GUEST_DOMAIN }}"
|
||||
authentication = "jitsi-anonymous"
|
||||
|
||||
c2s_require_encryption = false
|
||||
{{ end }}
|
||||
|
||||
VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
|
||||
VirtualHost "{{ $XMPP_AUTH_DOMAIN }}"
|
||||
ssl = {
|
||||
key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt";
|
||||
key = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ $XMPP_AUTH_DOMAIN }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"limits_exception";
|
||||
}
|
||||
authentication = "internal_hashed"
|
||||
|
||||
{{ if .Env.XMPP_RECORDER_DOMAIN }}
|
||||
VirtualHost "{{ .Env.XMPP_RECORDER_DOMAIN }}"
|
||||
{{ if $ENABLE_RECORDING }}
|
||||
VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}"
|
||||
modules_enabled = {
|
||||
"ping";
|
||||
}
|
||||
authentication = "internal_hashed"
|
||||
{{ end }}
|
||||
|
||||
Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
|
||||
Component "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"ping";
|
||||
@@ -187,7 +196,7 @@ Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
|
||||
Component "{{ $XMPP_MUC_DOMAIN }}" "muc"
|
||||
storage = "memory"
|
||||
modules_enabled = {
|
||||
"muc_meeting_id";
|
||||
@@ -211,22 +220,22 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
|
||||
muc_room_locking = false
|
||||
muc_room_default_public_jids = true
|
||||
|
||||
Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy"
|
||||
target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
|
||||
Component "focus.{{ $XMPP_DOMAIN }}" "client_proxy"
|
||||
target_address = "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"
|
||||
|
||||
Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component"
|
||||
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"
|
||||
Component "speakerstats.{{ $XMPP_DOMAIN }}" "speakerstats_component"
|
||||
muc_component = "{{ $XMPP_MUC_DOMAIN }}"
|
||||
|
||||
Component "conferenceduration.{{ .Env.XMPP_DOMAIN }}" "conference_duration_component"
|
||||
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"
|
||||
Component "conferenceduration.{{ $XMPP_DOMAIN }}" "conference_duration_component"
|
||||
muc_component = "{{ $XMPP_MUC_DOMAIN }}"
|
||||
|
||||
{{ if $ENABLE_AV_MODERATION }}
|
||||
Component "avmoderation.{{ .Env.XMPP_DOMAIN }}" "av_moderation_component"
|
||||
muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"
|
||||
Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component"
|
||||
muc_component = "{{ $XMPP_MUC_DOMAIN }}"
|
||||
{{ end }}
|
||||
|
||||
{{ if $ENABLE_LOBBY }}
|
||||
Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc"
|
||||
Component "lobby.{{ $XMPP_DOMAIN }}" "muc"
|
||||
storage = "memory"
|
||||
restrict_room_creation = true
|
||||
muc_room_locking = false
|
||||
@@ -234,7 +243,7 @@ Component "lobby.{{ .Env.XMPP_DOMAIN }}" "muc"
|
||||
{{ end }}
|
||||
|
||||
{{ if $ENABLE_BREAKOUT_ROOMS }}
|
||||
Component "breakout.{{ .Env.XMPP_DOMAIN }}" "muc"
|
||||
Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
|
||||
storage = "memory"
|
||||
restrict_room_creation = true
|
||||
muc_room_locking = false
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
|
||||
|
||||
{{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }}
|
||||
ldap_servers: {{ .Env.LDAP_URL }}
|
||||
ldap_search_base: {{ .Env.LDAP_BASE }}
|
||||
@@ -9,8 +11,8 @@ ldap_filter: {{ .Env.LDAP_FILTER | default "uid=%u" }}
|
||||
ldap_version: {{ .Env.LDAP_VERSION | default "3" }}
|
||||
ldap_auth_method: {{ .Env.LDAP_AUTH_METHOD | default "bind" }}
|
||||
{{ if .Env.LDAP_USE_TLS | default "0" | toBool }}
|
||||
ldap_tls_key: /config/certs/{{ .Env.XMPP_DOMAIN }}.key
|
||||
ldap_tls_cert: /config/certs/{{ .Env.XMPP_DOMAIN }}.crt
|
||||
ldap_tls_key: /config/certs/{{ $XMPP_DOMAIN }}.key
|
||||
ldap_tls_cert: /config/certs/{{ $XMPP_DOMAIN }}.crt
|
||||
{{ if .Env.LDAP_TLS_CHECK_PEER | default "0" | toBool }}
|
||||
ldap_tls_check_peer: yes
|
||||
ldap_tls_cacert_file: {{ .Env.LDAP_TLS_CACERT_FILE | default "/etc/ssl/certs/ca-certificates.crt" }}
|
||||
|
||||
@@ -25,6 +25,7 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then
|
||||
chown -R prosody /prosody-plugins-custom
|
||||
fi
|
||||
|
||||
mkdir /config/certs
|
||||
cp -r /defaults/* /config
|
||||
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
|
||||
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
|
||||
@@ -34,6 +35,16 @@ if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Defaults
|
||||
[ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder
|
||||
[ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri
|
||||
[ -z "${JICOFO_AUTH_USER}" ] && export JICOFO_AUTH_USER=focus
|
||||
[ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi
|
||||
[ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb
|
||||
[ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi
|
||||
[ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi
|
||||
[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
|
||||
|
||||
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
|
||||
prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN
|
||||
|
||||
@@ -50,7 +61,7 @@ fi
|
||||
|
||||
prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD
|
||||
|
||||
if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
|
||||
if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
|
||||
OLD_JIBRI_XMPP_PASSWORD=passw0rd
|
||||
if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
|
||||
echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
|
||||
@@ -59,7 +70,7 @@ if [[ ! -z $JIBRI_XMPP_USER ]] && [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
|
||||
prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD
|
||||
fi
|
||||
|
||||
if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
|
||||
if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
|
||||
OLD_JIBRI_RECORDER_PASSWORD=passw0rd
|
||||
if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
|
||||
echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
|
||||
@@ -68,7 +79,7 @@ if [[ ! -z $JIBRI_RECORDER_USER ]] && [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
|
||||
prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD
|
||||
fi
|
||||
|
||||
if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
|
||||
if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
|
||||
OLD_JIGASI_XMPP_PASSWORD=passw0rd
|
||||
if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
|
||||
echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
|
||||
@@ -77,8 +88,6 @@ if [[ ! -z $JIGASI_XMPP_USER ]] && [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
|
||||
prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
|
||||
fi
|
||||
|
||||
mkdir -p /config/certs
|
||||
|
||||
if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
|
||||
# echo for using all default values
|
||||
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
|
||||
|
||||
Reference in New Issue
Block a user