Merge branch 'master' into master

CHANGELOG.md

@@ -1,3 +1,36 @@
+## stable-9111
+
+Based on stable release 9111.
+
+* 825730d web: nginx ws-colibri proxy regex updates (#1645)
+* 54d3aca jicofo: add AV1 options
+* 0827186 prosody: stun in external services (#1644)
+* d67938c misc: working on unstable
+
+## stable-9078
+
+Based on stable release 9078.
+
+* 3b9afe4 release: build images before comitting the changelog
+* 54d422b jvb: autoscaler sidecar support
+* 9f0658d sample: escape/encapsulate string
+* 5d05ba2 jicofo: support jicofo log file for tailing (#1632)
+* 8555fe1 web: param to control config.hosts.authDomain (#1627)
+* cd1c9fb prosody: remove muc limit messages from visitors (#1626)
+* af50dde prosody: s2s whitelist duplicate param fix (#1625)
+* eb91893 prosody: add ping module to auth domain (#1624)
+* 261caa3 prosody: guest ping module, var for auth type (#1623)
+* 7fb1026 prosody: params for limits (#1622)
+* cf894ce prosody: variables for lobby and breakout modules
+* a827437 prosody: param to link room metadata to main vhost (#1616)
+* 5120595 prosody: var for config in main vhost (#1615)
+* bebd748 web: flag to control sctp bridge channel choice (#1613)
+* 6bfa830 prosody: visitor mode support (#1611)
+* 7bfc5c1 prosody: update version of prosody-plugings package
+* 3a77aac jicofo: support visitors in jicofo configuration (#1610)
+* f860c5d jvb: don’t send Jetty server version
+* 63380fa misc: working on unstable
+
 ## stable-8960-1
 
 Based on stable release 8960-1.

docker-compose.yml

@@ -19,11 +19,14 @@ services:
             - AUDIO_QUALITY_OPUS_BITRATE
             - AUTO_CAPTION_ON_RECORD
             - BRANDING_DATA_URL
+            - BOSH_RELATIVE
             - CALLSTATS_CUSTOM_SCRIPT_URL
             - CALLSTATS_ID
             - CALLSTATS_SECRET
             - CHROME_EXTENSION_BANNER_JSON
             - COLIBRI_WEBSOCKET_PORT
+            - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME
+            - COLIBRI_WEBSOCKET_REGEX
             - CONFCODE_URL
             - CONFIG_EXTERNAL_CONNECT
             - DEFAULT_LANGUAGE
@@ -32,12 +35,14 @@ services:
             - DEPLOYMENTINFO_REGION
             - DEPLOYMENTINFO_SHARD
             - DEPLOYMENTINFO_USERREGION
+            - DESKTOP_SHARING_FRAMERATE_AUTO
             - DESKTOP_SHARING_FRAMERATE_MIN
             - DESKTOP_SHARING_FRAMERATE_MAX
             - DIALIN_NUMBERS_URL
             - DIALOUT_AUTH_URL
             - DIALOUT_CODES_URL
             - DISABLE_AUDIO_LEVELS
+            - DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP
             - DISABLE_DEEP_LINKING
             - DISABLE_GRANT_MODERATOR
             - DISABLE_HTTPS
@@ -54,17 +59,18 @@ services:
             - DYNAMIC_BRANDING_URL
             - ENABLE_AUDIO_PROCESSING
             - ENABLE_AUTH
+            - ENABLE_AUTH_DOMAIN
             - ENABLE_BREAKOUT_ROOMS
             - ENABLE_CALENDAR
             - ENABLE_COLIBRI_WEBSOCKET
+            - ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX
             - ENABLE_E2EPING
             - ENABLE_FILE_RECORDING_SHARING
             - ENABLE_GUESTS
             - ENABLE_HSTS
             - ENABLE_HTTP_REDIRECT
             - ENABLE_IPV6
             - ENABLE_LETSENCRYPT
-            - ENABLE_LIPSYNC
             - ENABLE_NO_AUDIO_DETECTION
             - ENABLE_NOISY_MIC_DETECTION
             - ENABLE_OCTO
@@ -129,8 +135,7 @@ services:
             - START_WITH_AUDIO_MUTED
             - START_VIDEO_MUTED
             - START_WITH_VIDEO_MUTED
-            - TESTING_CAP_SCREENSHARE_BITRATE
-            - TESTING_OCTO_PROBABILITY
+            - TESTING_AV1_SUPPORT
             - TOKEN_AUTH_URL
             - TOOLBAR_BUTTONS
             - TRANSLATION_LANGUAGES
@@ -146,6 +151,9 @@ services:
             - VIDEOQUALITY_BITRATE_VP9_LOW
             - VIDEOQUALITY_BITRATE_VP9_STANDARD
             - VIDEOQUALITY_BITRATE_VP9_HIGH
+            - VIDEOQUALITY_BITRATE_AV1_LOW
+            - VIDEOQUALITY_BITRATE_AV1_STANDARD
+            - VIDEOQUALITY_BITRATE_AV1_HIGH
             - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
             - VIDEOQUALITY_PREFERRED_CODEC
             - XMPP_AUTH_DOMAIN
@@ -197,6 +205,7 @@ services:
             - GLOBAL_MODULES
             - JIBRI_RECORDER_USER
             - JIBRI_RECORDER_PASSWORD
+            - JIBRI_SIP_BREWERY_MUC
             - JIBRI_XMPP_USER
             - JIBRI_XMPP_PASSWORD
             - JICOFO_AUTH_PASSWORD
@@ -235,22 +244,29 @@ services:
             - MAX_PARTICIPANTS
             - PROSODY_ADMINS
             - PROSODY_AUTH_TYPE
+            - PROSODY_C2S_LIMIT
+            - PROSODY_C2S_REQUIRE_ENCRYPTION
             - PROSODY_RESERVATION_ENABLED
             - PROSODY_RESERVATION_REST_BASE_URL
             - PROSODY_ENABLE_RATE_LIMITS
             - PROSODY_ENABLE_S2S
+            - PROSODY_GUEST_AUTH_TYPE
             - PROSODY_HTTP_PORT
+            - PROSODY_LOG_CONFIG
             - PROSODY_MODE
             - PROSODY_RATE_LIMIT_LOGIN_RATE
             - PROSODY_RATE_LIMIT_SESSION_RATE
             - PROSODY_RATE_LIMIT_TIMEOUT
             - PROSODY_RATE_LIMIT_ALLOW_RANGES
             - PROSODY_RATE_LIMIT_CACHE_SIZE
+            - PROSODY_S2S_LIMIT
             - PROSODY_S2S_PORT
             - PROSODY_TRUSTED_PROXIES
             - PROSODY_VISITOR_INDEX
             - PROSODY_VISITORS_MUC_PREFIX
             - PUBLIC_URL
+            - STUN_HOST
+            - STUN_PORT
             - TURN_CREDENTIALS
             - TURN_HOST
             - TURNS_HOST
@@ -298,10 +314,12 @@ services:
             - ENABLE_AUTO_OWNER
             - ENABLE_CODEC_VP8
             - ENABLE_CODEC_VP9
+            - ENABLE_CODEC_AV1
             - ENABLE_CODEC_H264
             - ENABLE_CODEC_OPUS_RED
             - ENABLE_JVB_XMPP_SERVER
             - ENABLE_OCTO
+            - ENABLE_OCTO_SCTP
             - ENABLE_RECORDING
             - ENABLE_SCTP
             - ENABLE_VISITORS
@@ -322,8 +340,10 @@ services:
             - JICOFO_ENABLE_HEALTH_CHECKS
             - JICOFO_ENABLE_REST
             - JICOFO_HEALTH_CHECKS_USE_PRESENCE
+            - JICOFO_MAX_MEMORY
             - JICOFO_MULTI_STREAM_BACKWARD_COMPAT
             - JICOFO_OCTO_REGION
+            - JICOFO_TRUSTED_DOMAINS
             - JIBRI_BREWERY_MUC
             - JIBRI_REQUEST_RETRIES
             - JIBRI_PENDING_TIMEOUT
@@ -343,6 +363,7 @@ services:
             - TZ
             - VISITORS_MAX_PARTICIPANTS
             - VISITORS_MAX_VISITORS_PER_NODE
+            - VISITORS_XMPP_AUTH_DOMAIN
             - VISITORS_XMPP_SERVER
             - VISITORS_XMPP_DOMAIN
             - XMPP_DOMAIN
@@ -369,6 +390,15 @@ services:
         volumes:
             - ${CONFIG}/jvb:/config:Z
         environment:
+            - AUTOSCALER_SIDECAR_KEY_FILE
+            - AUTOSCALER_SIDECAR_KEY_ID
+            - AUTOSCALER_SIDECAR_GROUP_NAME
+            - AUTOSCALER_SIDECAR_HOST_ID
+            - AUTOSCALER_SIDECAR_INSTANCE_ID
+            - AUTOSCALER_SIDECAR_PORT
+            - AUTOSCALER_SIDECAR_REGION
+            - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL
+            - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL
             - DOCKER_HOST_ADDRESS
             - ENABLE_COLIBRI_WEBSOCKET
             - ENABLE_JVB_XMPP_SERVER
@@ -379,9 +409,11 @@ services:
             - JVB_AUTH_PASSWORD
             - JVB_BREWERY_MUC
             - JVB_DISABLE_STUN
+            - JVB_INSTANCE_ID
             - JVB_PORT
             - JVB_MUC_NICKNAME
             - JVB_STUN_SERVERS
+            - JVB_LOG_FILE
             - JVB_OCTO_BIND_ADDRESS
             - JVB_OCTO_REGION
             - JVB_OCTO_RELAY_ID
@@ -398,6 +430,7 @@ services:
             - COLIBRI_REST_ENABLED
             - SHUTDOWN_REST_ENABLED
             - TZ
+            - VIDEOBRIDGE_MAX_MEMORY
             - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN
             - XMPP_SERVER

env.example

@@ -36,6 +36,12 @@ TZ=UTC
 # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment
 #JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4
 
+#
+# Memory limits for Java components
+#
+
+#JICOFO_MAX_MEMORY=3072m
+#VIDEOBRIDGE_MAX_MEMORY=3072m
 
 #
 # JaaS Components (beta)
@@ -74,7 +80,7 @@ TZ=UTC
 #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/
 
 # Name your etherpad instance!
-ETHERPAD_TITLE=Video Chat
+ETHERPAD_TITLE="Video Chat"
 
 # The default text of a pad
 ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"

jibri.yml

@@ -24,6 +24,7 @@ services:
             - DISPLAY=:0
             - ENABLE_STATS_D
             - JIBRI_WEBHOOK_SUBSCRIBERS
+            - JIBRI_INSTANCE_ID
             - JIBRI_HTTP_API_EXTERNAL_PORT
             - JIBRI_HTTP_API_INTERNAL_PORT
             - JIBRI_RECORDING_RESOLUTION

jibri/Dockerfile

@@ -20,6 +20,12 @@ RUN apt-dpkg-wrap apt-get update && \
     apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" jibri libgl1-mesa-dri procps jitsi-upload-integrations jitsi-autoscaler-sidecar jq pulseaudio dbus dbus-x11 rtkit unzip fonts-noto && \
     /usr/bin/install-chrome.sh && \
     apt-cleanup && \
-    adduser jibri rtkit
+    adduser jibri rtkit && \
+    case ${TARGETPLATFORM} in \
+        "linux/amd64")  SC_ARCH=x86_64  ;; \
+        "linux/arm64")  SC_ARCH=aarch64  ;; \
+    esac && \
+    wget -qO /usr/bin/shm-check https://github.com/saghul/shm-check/releases/download/v1.0.0/shm-check-${SC_ARCH} && \
+    chmod +x /usr/bin/shm-check
 
 VOLUME /config

jibri/rootfs/etc/cont-init.d/10-config

@@ -1,5 +1,11 @@
 #!/usr/bin/with-contenv bash
 
+# Check if /dev/shm is large enough (2GB at least)
+if ! shm-check; then
+    echo "/dev/shm must be at least 2GB in size"
+    exit 1
+fi
+
 if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then
     echo 'FATAL ERROR: Jibri recorder password and auth password must be set'
     exit 1

jicofo/rootfs/defaults/jicofo.conf

@@ -7,20 +7,22 @@
 {{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}}
 {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}}
 {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}}
+{{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default .Env.ENABLE_SCTP | toBool -}}
 {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}}
 {{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}}
 {{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}}
 {{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool -}}
 {{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}}
 {{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}}
 {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}}
-{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default 90 -}}
+{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default "90 seconds" -}}
 {{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}}
 {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
 {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
 {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
 {{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
 {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
+{{ $VISITORS_XMPP_AUTH_DOMAIN := .Env.VISITORS_XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
 {{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
 {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
 {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
@@ -34,6 +36,8 @@
 {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
 {{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}}
 {{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}}
+{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default ($ENABLE_RECORDING | ternary $XMPP_RECORDER_DOMAIN "") -}}
+{{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}}
 {{ $ENV := .Env }}
 
 jicofo {
@@ -109,6 +113,11 @@ jicofo {
           enabled = {{ .Env.ENABLE_CODEC_VP9 | toBool }}
         }
         {{ end }}
+        {{ if .Env.ENABLE_CODEC_AV1 }}
+        av1 {
+          enabled = {{ .Env.ENABLE_CODEC_AV1 | toBool }}
+        }
+        {{ end }}
         {{ if .Env.ENABLE_CODEC_H264 }}
         h264 {
           enabled = {{ .Env.ENABLE_CODEC_H264 | toBool }}
@@ -144,7 +153,7 @@ jicofo {
       {{ end }}
 
       {{ if .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }}
-      source-signaling-delays = {{ .Env.JICOFO_SOURCE_SIGNALING_DELAYS }}
+      source-signaling-delays = {{ .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }}
       {{ end }}
 
       {{ if .Env.JICOFO_CONF_MAX_AUDIO_SENDERS }}
@@ -187,6 +196,12 @@ jicofo {
     }
     {{ end }}
 
+    {{ if .Env.JIBRI_SIP_BREWERY_MUC }}
+    jibri-sip {
+      brewery-jid = "{{ .Env.JIBRI_SIP_BREWERY_MUC }}"
+    }
+    {{ end }}
+
     {{ if and .Env.JIGASI_SIP_URI $JIGASI_BREWERY_MUC }}
     jigasi {
       brewery-jid = "{{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}"
@@ -203,6 +218,7 @@ jicofo {
       // two MUST be in sync (otherwise bridges will crash because they won't know how to
       // deal with octo channels).
       enabled = {{ $ENABLE_OCTO }}
+      sctp-datachannels = {{ $ENABLE_OCTO_SCTP }}
     }
 
     {{ if $ENABLE_REST }}
@@ -238,7 +254,7 @@ jicofo {
                 hostname = {{ $SERVER._0 }}
                 {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
                 port = {{ $SERVER._1 | default $DEFAULT_PORT }}
-                domain = "{{ $XMPP_AUTH_DOMAIN }}"
+                domain = "{{ $VISITORS_XMPP_AUTH_DOMAIN }}"
                 xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
                 password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
                 disable-certificate-verification = true
@@ -270,8 +286,8 @@ jicofo {
         disable-certificate-verification = true
       }
       {{ end }}
-      {{ if $ENABLE_RECORDING }}
-      trusted-domains = [ "{{ $XMPP_RECORDER_DOMAIN }}" ]
-      {{ end }}
+
+      trusted-domains = [ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ]
+
     }
 }

jicofo/rootfs/defaults/logging.properties

@@ -1,4 +1,4 @@
-{{ if .Env.SENTRY_DSN | default "0" | toBool }}
+{{ if .Env.SENTRY_DSN }}
 handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
 {{ else }}
 handlers= java.util.logging.ConsoleHandler

jicofo/rootfs/etc/services.d/jicofo/run

@@ -4,4 +4,8 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dcon
 DAEMON=/usr/share/jicofo/jicofo.sh
 DAEMON_DIR=/usr/share/jicofo/
 
-exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON"
+JICOFO_CMD="exec $DAEMON"
+
+[ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE"
+
+exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD"

jigasi/rootfs/defaults/logging.properties

@@ -1,4 +1,4 @@
-{{ if .Env.SENTRY_DSN | default "0" | toBool }}
+{{ if .Env.SENTRY_DSN }}
 handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
 {{ else }}
 handlers=java.util.logging.ConsoleHandler

jvb/Dockerfile

@@ -9,7 +9,7 @@ LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-mee
 LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/"
 
 RUN apt-dpkg-wrap apt-get update && \
-    apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 dnsutils && \
+    apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils && \
     apt-cleanup
 
 COPY rootfs/ /