Merge prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

kmaziere · kmaziere · commit a2072638ecb7 · 2020-08-21T11:24:41.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,20 @@
+## stable-4857
+
+Based on stable release 4857.
+
+* a81ad73 prosody: add support for lobby
+* baed605 web: fix removing closed captions button if transcription is enabled
+* edecacd etherpad: add ability to use a external server
+* a7563d4 jvb: use JVB_TCP_PORT for exposing the port
+* b235ea1 prosody: disable s2s module
+* 1d428a8 prosody: use a 2-stage build
+* 613c26c misc: working on latest
+* 4d72ee3 release: stable-4627-1
+* 22b7063 examples: update Traefik v1 example
+* 1381b08 prosody: fix installing dependdencies
+* 2900c11 misc: add extra line to tag message
+* c57a84b misc: working on latest
+
 ## stable-4627-1
 
 Based on stable release 4627-1.
diff --git a/base/Dockerfile b/base/Dockerfile
@@ -4,19 +4,16 @@ ARG JITSI_RELEASE=stable
 
 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
 
-ADD https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz /tmp/s6-overlay.tar.gz
-ADD https://download.jitsi.org/jitsi-key.gpg.key /tmp/jitsi.key
-ADD https://github.com/subchen/frep/releases/download/v1.3.5/frep-1.3.5-linux-amd64 /usr/bin/frep
-
 COPY rootfs /
 
 RUN \
-	tar xfz /tmp/s6-overlay.tar.gz -C / && \
-	rm -f /tmp/*.tar.gz && \
 	apt-dpkg-wrap apt-get update && \
 	apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg && \
-	apt-key add /tmp/jitsi.key && \
-	rm -f /tmp/jitsi.key && \
+	apt-dpkg-wrap apt-get install -y wget && \
+	wget -qO - https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz | tar xfz - -C / && \
+	wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add - && \
+	wget -q https://github.com/subchen/frep/releases/download/v1.3.5/frep-1.3.5-linux-amd64 -O /usr/bin/frep && \
+	apt-dpkg-wrap apt-get --purge remove -y wget && \
 	echo "deb https://download.jitsi.org $JITSI_RELEASE/" > /etc/apt/sources.list.d/jitsi.list && \
 	echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list && \
 	apt-dpkg-wrap apt-get update && \
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -60,6 +60,7 @@ services:
             - AUTH_TYPE
             - ENABLE_AUTH
             - ENABLE_GUESTS
+            - ENABLE_LOBBY
             - GLOBAL_MODULES
             - GLOBAL_CONFIG
             - LDAP_URL
@@ -127,6 +128,7 @@ services:
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
+            - XMPP_MUC_DOMAIN
             - XMPP_SERVER
             - JICOFO_COMPONENT_SECRET
             - JICOFO_AUTH_USER
diff --git a/env.example b/env.example
@@ -49,6 +49,8 @@ TZ=UTC
 # See the "Running behind NAT or on a LAN environment" section in the README
 #DOCKER_HOST_ADDRESS=192.168.1.1
 
+# Control whether the lobby feature should be enabled or not
+#ENABLE_LOBBY=1
 
 #
 # Let's Encrypt configuration
@@ -94,7 +96,7 @@ TZ=UTC
 #JIGASI_SIP_TRANSPORT=UDP
 
 #
-# Authentication configuration (see README for details)
+# Authentication configuration (see handbook for details)
 #
 
 # Enable authentication
diff --git a/etherpad/Dockerfile b/etherpad/Dockerfile
@@ -1,5 +1,5 @@
 FROM etherpad/etherpad:1.8.4
 
-ADD ./rootfs/defaults/settings.json /opt/etherpad-lite/settings.json
+COPY ./rootfs/defaults/settings.json /opt/etherpad-lite/settings.json
 
 EXPOSE 9001
diff --git a/jibri/Dockerfile b/jibri/Dockerfile
@@ -6,6 +6,8 @@ FROM ${JITSI_REPO}/base-java
 ARG CHROME_RELEASE=78.0.3904.97
 ARG CHROMEDRIVER_MAJOR_RELEASE=78
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 RUN \
 	apt-dpkg-wrap apt-get update \
 	&& apt-dpkg-wrap apt-get install -y jibri libgl1-mesa-dri \
@@ -22,17 +24,17 @@ RUN \
 
 RUN \
         [ "${CHROME_RELEASE}" != "latest" ] \
-        && curl -4so /tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb \
+        && curl -4so "/tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb" "http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb" \
 	&& apt-dpkg-wrap apt-get update \
-        && apt-dpkg-wrap apt-get install -y /tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb \
+        && apt-dpkg-wrap apt-get install -y "/tmp/google-chrome-stable_${CHROME_RELEASE}-1_amd64.deb" \
 	&& apt-cleanup \
 	|| true
 
 RUN \
 	[ "${CHROMEDRIVER_MAJOR_RELEASE}" = "latest" ] \
 	&& CHROMEDRIVER_RELEASE="$(curl -4Ls https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" \
 	|| CHROMEDRIVER_RELEASE="$(curl -4Ls https://chromedriver.storage.googleapis.com/LATEST_RELEASE_${CHROMEDRIVER_MAJOR_RELEASE})" \
-	&& curl -4Ls https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_RELEASE}/chromedriver_linux64.zip \
+	&& curl -4Ls "https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_RELEASE}/chromedriver_linux64.zip" \
 	| zcat >> /usr/bin/chromedriver \
 	&& chmod +x /usr/bin/chromedriver \
 	&& chromedriver --version
diff --git a/jicofo/rootfs/defaults/sip-communicator.properties b/jicofo/rootfs/defaults/sip-communicator.properties
@@ -18,6 +18,10 @@ org.jitsi.impl.reservation.rest.BASE_URL={{ .Env.JICOFO_RESERVATION_REST_BASE_UR
 org.jitsi.jicofo.health.ENABLE_HEALTH_CHECKS=true
 {{ end }}
 
+{{ if .Env.XMPP_MUC_DOMAIN }}
+org.jitsi.jicofo.XMPP_MUC_COMPONENT_PREFIX={{ first (splitList "." .Env.XMPP_MUC_DOMAIN) }}
+{{ end }}
+
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
 
diff --git a/jvb/Dockerfile b/jvb/Dockerfile
@@ -3,7 +3,7 @@ FROM ${JITSI_REPO}/base-java
 
 RUN \
 	apt-dpkg-wrap apt-get update && \
-	apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl && \
+	apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 && \
 	apt-cleanup
 
 COPY rootfs/ /
diff --git a/jvb/rootfs/etc/services.d/jvb/run b/jvb/rootfs/etc/services.d/jvb/run
@@ -3,7 +3,7 @@
 JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties"
 
 if [[ ! -z "$DOCKER_HOST_ADDRESS" ]]; then
-    LOCAL_ADDRESS=$(hostname -I | cut -d " " -f1)
+    LOCAL_ADDRESS=$(ip route get "$DOCKER_HOST_ADDRESS" | head -n1 | cut -d " " -f7)
     JAVA_SYS_PROPS="$JAVA_SYS_PROPS -Dorg.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=$LOCAL_ADDRESS -Dorg.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=$DOCKER_HOST_ADDRESS"
 fi
 
diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
@@ -7,6 +7,7 @@ plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
 http_default_host = "{{ .Env.XMPP_DOMAIN }}"
 
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
+{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
 {{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
 {{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
@@ -53,7 +54,7 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
         "ping";
         "speakerstats";
         "conference_duration";
-        {{ if $ENABLE_LOBBY }}
+        {{ if and $ENABLE_LOBBY (not $ENABLE_GUEST_DOMAIN) }}
         "muc_lobby_rooms";
         {{ end }}
         {{ if .Env.XMPP_MODULES }}
@@ -64,7 +65,7 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
         {{end}}
     }
 
-    {{ if $ENABLE_LOBBY }}
+    {{ if and $ENABLE_LOBBY (not $ENABLE_GUEST_DOMAIN) }}
     main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}"
     lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}"
     {{ end }}
@@ -74,10 +75,20 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
 
     c2s_require_encryption = false
 
-{{ if and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) }}
+{{ if $ENABLE_GUEST_DOMAIN }}
 VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
     authentication = "anonymous"
     c2s_require_encryption = false
+
+    {{ if $ENABLE_LOBBY }}
+    modules_enabled = {
+        "muc_lobby_rooms";
+    }
+
+    main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}"
+    lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}"
+    {{ end }}
+
 {{ end }}
 
 VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf
@@ -11,6 +11,10 @@ ssi_types application/x-javascript application/javascript;
 index index.html index.htm;
 error_page 404 /static/404.html;
 
+# Security headers
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
 location = /config.js {
     alias /config/config.js;
 }
diff --git a/web/rootfs/defaults/ssl.conf b/web/rootfs/defaults/ssl.conf
@@ -20,5 +20,3 @@ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-
 
 # headers
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ TZ=UTC`
`49`	`49`	`# See the "Running behind NAT or on a LAN environment" section in the README`
`50`	`50`	`#DOCKER_HOST_ADDRESS=192.168.1.1`
`51`	`51`
	`52`	`+# Control whether the lobby feature should be enabled or not`
	`53`	`+#ENABLE_LOBBY=1`
`52`	`54`
`53`	`55`	`#`
`54`	`56`	`# Let's Encrypt configuration`
`@@ -94,7 +96,7 @@ TZ=UTC`
`94`	`96`	`#JIGASI_SIP_TRANSPORT=UDP`
`95`	`97`
`96`	`98`	`#`
`97`		`-# Authentication configuration (see README for details)`
	`99`	`+# Authentication configuration (see handbook for details)`
`98`	`100`	`#`
`99`	`101`
`100`	`102`	`# Enable authentication`