From 7fb1026f88094f90c442eac373fe8a95d2fdf5a0 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 08:45:30 -0500 Subject: [PATCH 01/52] prosody: params for limits (#1622) --- docker-compose.yml | 4 ++++ prosody/rootfs/defaults/prosody.cfg.lua | 16 +++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 411caf2899..7cf9a37af4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -235,17 +235,21 @@ services: - MAX_PARTICIPANTS - PROSODY_ADMINS - PROSODY_AUTH_TYPE + - PROSODY_C2S_LIMIT + - PROSODY_C2S_REQUIRE_ENCRYPTION - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_S2S - PROSODY_HTTP_PORT + - PROSODY_LOG_CONFIG - PROSODY_MODE - PROSODY_RATE_LIMIT_LOGIN_RATE - PROSODY_RATE_LIMIT_SESSION_RATE - PROSODY_RATE_LIMIT_TIMEOUT - PROSODY_RATE_LIMIT_ALLOW_RANGES - PROSODY_RATE_LIMIT_CACHE_SIZE + - PROSODY_S2S_LIMIT - PROSODY_S2S_PORT - PROSODY_TRUSTED_PROXIES - PROSODY_VISITOR_INDEX diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 5c9e6d03a9..83a4801959 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -1,3 +1,4 @@ +{{ $C2S_REQUIRE_ENCRYPTION := .Env.PROSODY_C2S_REQUIRE_ENCRYPTION | default "0" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} {{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} @@ -10,9 +11,11 @@ {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}} {{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} +{{ $PROSODY_C2S_LIMIT := .Env.PROSODY_C2S_LIMIT | default "10kb/s" -}} {{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} {{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} {{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} +{{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} {{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} @@ -128,12 +131,16 @@ allow_registration = false; -- Enable rate limits for incoming client and server connections limits = { +{{ if ne $PROSODY_C2S_LIMIT "" }} c2s = { - rate = "10kb/s"; + rate = "{{ $PROSODY_C2S_LIMIT }}"; }; +{{ end }} +{{ if ne $PROSODY_S2S_LIMIT "" }} s2sin = { - rate = "30kb/s"; + rate = "{{ $PROSODY_S2S_LIMIT }}"; }; +{{ end }} } --Prosody garbage collector settings @@ -158,7 +165,7 @@ pidfile = "/config/data/prosody.pid"; -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. -c2s_require_encryption = false +c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }}; -- set c2s port c2s_ports = { {{ $XMPP_PORT }} } -- Listen on specific c2s port @@ -253,6 +260,9 @@ authentication = "internal_hashed" -- Logs errors to syslog also log = { { levels = {min = "{{ $LOG_LEVEL }}"}, timestamps = "%Y-%m-%d %X", to = "console"}; +{{ if .Env.PROSODY_LOG_CONFIG }} + {{ join "\n" (splitList "\\n" .Env.PROSODY_LOG_CONFIG) }} +{{ end }} } {{ if .Env.GLOBAL_CONFIG }} From 261caa3d6dc8b0014eacfca901f78bd1e6f5fd22 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 10:37:01 -0500 Subject: [PATCH 02/52] prosody: guest ping module, var for auth type (#1623) --- docker-compose.yml | 1 + prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7cf9a37af4..441bff86bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -241,6 +241,7 @@ services: - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS - PROSODY_ENABLE_S2S + - PROSODY_GUEST_AUTH_TYPE - PROSODY_HTTP_PORT - PROSODY_LOG_CONFIG - PROSODY_MODE diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 204cd9ac23..57c5bfcd09 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -21,6 +21,7 @@ {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool -}} {{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}} +{{ $GUEST_AUTH_TYPE := .Env.PROSODY_GUEST_AUTH_TYPE | default "jitsi-anonymous" -}} {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}} @@ -254,7 +255,10 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" - authentication = "jitsi-anonymous" + authentication = "{{ $GUEST_AUTH_TYPE }}" + modules_enabled = { + "ping"; + } c2s_require_encryption = false {{ if $ENABLE_VISITORS }} From eb91893895af13dd3e4f96f4a5626499f34bce04 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 13:20:44 -0500 Subject: [PATCH 03/52] prosody: add ping module to auth domain (#1624) --- .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 42 +++++++++++-------- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 57c5bfcd09..2fbb440e43 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -202,7 +202,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" "av_moderation"; {{ end }} {{ if .Env.XMPP_MODULES }} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_MODULES) }}"; {{ end }} {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }} "auth_cyrus"; @@ -274,6 +274,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" } modules_enabled = { "limits_exception"; + "ping"; } authentication = "internal_hashed" @@ -281,6 +282,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}" modules_enabled = { "ping"; + "smacks"; } authentication = "internal_hashed" {{ end }} @@ -303,7 +305,7 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" modules_enabled = { "muc_meeting_id"; {{ if .Env.XMPP_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; {{ end -}} {{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) -}} "{{ $JWT_TOKEN_AUTH_MODULE }}"; @@ -332,17 +334,17 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" {{ if $ENABLE_RATE_LIMITS -}} -- Max allowed join/login rate in events per second. - rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; - -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. - rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; - -- The time in seconds, after which the limit for an IP address is lifted. - rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; - -- List of regular expressions for IP addresses that are not limited by this module. - rate_limit_whitelist = { - "127.0.0.1"; - {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} - "{{ $cidr }}"; - {{ end -}} + rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; + -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. + rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; + -- The time in seconds, after which the limit for an IP address is lifted. + rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; + -- List of regular expressions for IP addresses that are not limited by this module. + rate_limit_whitelist = { + "127.0.0.1"; +{{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) }} + "{{ $cidr }}"; +{{ end }} }; rate_limit_whitelist_jids = { @@ -352,13 +354,13 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" {{ end -}} -- The size of the cache that saves state for IP addresses - rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; + rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; - muc_room_cache_size = 1000 + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true {{ if .Env.XMPP_MUC_CONFIGURATION -}} - {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} + {{ join "\n " (splitList "," .Env.XMPP_MUC_CONFIGURATION) }} {{ end -}} {{ if .Env.MAX_PARTICIPANTS }} muc_access_whitelist = { "focus@{{ .Env.XMPP_AUTH_DOMAIN }}" } @@ -391,6 +393,8 @@ Component "avmoderation.{{ $XMPP_DOMAIN }}" "av_moderation_component" Component "lobby.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true + muc_room_allow_persistent = false + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true modules_enabled = { @@ -398,7 +402,7 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" "muc_rate_limit"; {{ end -}} {{ if .Env.XMPP_LOBBY_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_LOBBY_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_LOBBY_MUC_MODULES) }}"; {{ end -}} } @@ -408,8 +412,10 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" Component "breakout.{{ $XMPP_DOMAIN }}" "muc" storage = "memory" restrict_room_creation = true + muc_room_cache_size = 10000 muc_room_locking = false muc_room_default_public_jids = true + muc_room_allow_persistent = false modules_enabled = { "muc_meeting_id"; {{ if $ENABLE_SUBDOMAINS -}} @@ -422,7 +428,7 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc" "muc_rate_limit"; {{ end -}} {{ if .Env.XMPP_BREAKOUT_MUC_MODULES -}} - "{{ join "\";\n\"" (splitList "," .Env.XMPP_BREAKOUT_MUC_MODULES) }}"; + "{{ join "\";\n \"" (splitList "," .Env.XMPP_BREAKOUT_MUC_MODULES) }}"; {{ end -}} } {{ end }} From af50ddeecbe3b8a7d7754d0885ab0ff47104b712 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 13 Oct 2023 14:52:28 -0500 Subject: [PATCH 04/52] prosody: s2s whitelist duplicate param fix (#1625) --- prosody/rootfs/defaults/prosody.cfg.lua | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 83a4801959..c72a06dec4 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -179,6 +179,7 @@ c2s_interfaces = { "*" } -- set s2s port s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port +{{ if eq .Env.PROSODY_MODE "visitors" -}} s2s_whitelist = { {{ if $ENABLE_VISITORS -}} '{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room @@ -192,6 +193,8 @@ s2s_whitelist = { } {{ end -}} +{{ end -}} + {{ if $ENABLE_VISITORS -}} {{ if $.Env.VISITORS_XMPP_SERVER -}} s2sout_override = { @@ -202,6 +205,7 @@ s2sout_override = { ["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}"; {{ end -}} }; +{{ if ne .Env.PROSODY_MODE "visitors" -}} s2s_whitelist = { {{ range $index, $element := $VISITORS_XMPP_SERVERS -}} "{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"; @@ -209,6 +213,7 @@ s2s_whitelist = { }; {{ end -}} {{ end -}} +{{ end -}} -- Force certificate authentication for server-to-server connections? From cd1c9fbfbad33be74474b8796e25f50d7e292872 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 17 Oct 2023 09:34:20 -0500 Subject: [PATCH 05/52] prosody: remove muc limit messages from visitors (#1626) --- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 4f6fe03d44..35fd209bc9 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -159,7 +159,6 @@ Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DO 's2s_whitelist'; 's2sout_override'; 'muc_max_occupants'; - "muc_limit_messages"; {{ if $ENABLE_SUBDOMAINS -}} "muc_domain_mapper"; {{ end -}} From 8555fe1c4a7ea434960ec61e7774f1091400d16a Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 17 Oct 2023 11:52:13 -0500 Subject: [PATCH 06/52] web: param to control config.hosts.authDomain (#1627) --- docker-compose.yml | 1 + web/rootfs/defaults/system-config.js | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 441bff86bb..3527e86762 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -54,6 +54,7 @@ services: - DYNAMIC_BRANDING_URL - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH + - ENABLE_AUTH_DOMAIN - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index f79f56b7d4..2d6f8d081c 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -1,5 +1,6 @@ {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}} +{{ $ENABLE_AUTH_DOMAIN := .Env.ENABLE_AUTH_DOMAIN | default "true" | toBool -}} {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} @@ -37,9 +38,11 @@ config.hosts.muc = '{{ $XMPP_MUC_DOMAIN }}'; // When using authentication, domain for guest users. config.hosts.anonymousdomain = '{{ $XMPP_GUEST_DOMAIN }}'; {{ end -}} +{{ if $ENABLE_AUTH_DOMAIN -}} // Domain for authenticated users. Defaults to . config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; {{ end -}} +{{ end -}} config.bosh = '/http-bind'; From 5d05ba253937644383b69d2d77376b0c92c52cbf Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 30 Oct 2023 11:45:39 -0500 Subject: [PATCH 07/52] jicofo: support jicofo log file for tailing (#1632) --- jicofo/rootfs/etc/services.d/jicofo/run | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run index 8e8b315bb2..a34e801f19 100644 --- a/jicofo/rootfs/etc/services.d/jicofo/run +++ b/jicofo/rootfs/etc/services.d/jicofo/run @@ -4,4 +4,8 @@ JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dcon DAEMON=/usr/share/jicofo/jicofo.sh DAEMON_DIR=/usr/share/jicofo/ -exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON" +JICOFO_CMD="exec $DAEMON" + +[ -n "$JICOFO_LOG_FILE" ] && JICOFO_CMD="$JICOFO_CMD 2>&1 | tee $JICOFO_LOG_FILE" + +exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" $JICOFO_CMD" From 9f0658dd77ab619feac4b06af6f5ba8a65c329e1 Mon Sep 17 00:00:00 2001 From: HannesOberreiter Date: Thu, 2 Nov 2023 11:32:18 +0100 Subject: [PATCH 08/52] sample: escape/encapsulate string Currently if you use the default `source` command in linux and the default `.env` file as declared in the `env.example`, it will fail because of the space in the string. Using double-quotes around the string will solve this issue. --- env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env.example b/env.example index 1e328f87f1..d2a1f7ba43 100644 --- a/env.example +++ b/env.example @@ -74,7 +74,7 @@ TZ=UTC #ETHERPAD_PUBLIC_URL=https://etherpad.my.domain/p/ # Name your etherpad instance! -ETHERPAD_TITLE=Video Chat +ETHERPAD_TITLE="Video Chat" # The default text of a pad ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n" From 54d422b5933f6445c3ffbdcc7c51622bf2de772f Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 14 Nov 2023 06:13:37 -0600 Subject: [PATCH 09/52] jvb: autoscaler sidecar support --- docker-compose.yml | 10 ++++++ jibri.yml | 1 + jvb/Dockerfile | 2 +- jvb/rootfs/defaults/autoscaler-sidecar.config | 18 ++++++++++ jvb/rootfs/etc/cont-init.d/10-config | 33 +++++++++++++++++++ .../etc/services.d/50-autoscaler-sidecar/run | 10 ++++++ 6 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 jvb/rootfs/defaults/autoscaler-sidecar.config create mode 100644 jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run diff --git a/docker-compose.yml b/docker-compose.yml index 3527e86762..fe00116963 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -373,6 +373,15 @@ services: volumes: - ${CONFIG}/jvb:/config:Z environment: + - AUTOSCALER_SIDECAR_KEY_FILE + - AUTOSCALER_SIDECAR_KEY_ID + - AUTOSCALER_SIDECAR_GROUP_NAME + - AUTOSCALER_SIDECAR_HOST_ID + - AUTOSCALER_SIDECAR_INSTANCE_ID + - AUTOSCALER_SIDECAR_PORT + - AUTOSCALER_SIDECAR_REGION + - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL + - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL - DOCKER_HOST_ADDRESS - ENABLE_COLIBRI_WEBSOCKET - ENABLE_JVB_XMPP_SERVER @@ -383,6 +392,7 @@ services: - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - JVB_DISABLE_STUN + - JVB_INSTANCE_ID - JVB_PORT - JVB_MUC_NICKNAME - JVB_STUN_SERVERS diff --git a/jibri.yml b/jibri.yml index 97d2e4c7e0..a0b4937dbe 100644 --- a/jibri.yml +++ b/jibri.yml @@ -24,6 +24,7 @@ services: - DISPLAY=:0 - ENABLE_STATS_D - JIBRI_WEBHOOK_SUBSCRIBERS + - JIBRI_INSTANCE_ID - JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_RECORDING_RESOLUTION diff --git a/jvb/Dockerfile b/jvb/Dockerfile index 0a72dc1606..488ad4358b 100644 --- a/jvb/Dockerfile +++ b/jvb/Dockerfile @@ -9,7 +9,7 @@ LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-mee LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 dnsutils && \ + apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jitsi-autoscaler-sidecar jq curl iproute2 dnsutils && \ apt-cleanup COPY rootfs/ / diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config new file mode 100644 index 0000000000..777942a681 --- /dev/null +++ b/jvb/rootfs/defaults/autoscaler-sidecar.config @@ -0,0 +1,18 @@ +{{ $JVB_COLIBRI_PORT := .Env.JVB_COLIBRI_PORT | default "8080" -}} +{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}} +{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}} +export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }} +export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }} +export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }} +export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh" +export TERMINATE_SCRIPT="/opt/jitsi/jvb/shutdown.sh" +export ENABLE_REPORT_STATS=true +export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" +export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats" +export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" +export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" +export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}" +export INSTANCE_TYPE="JVB" +export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}" +export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}' diff --git a/jvb/rootfs/etc/cont-init.d/10-config b/jvb/rootfs/etc/cont-init.d/10-config index 62beddf32d..127e71715c 100644 --- a/jvb/rootfs/etc/cont-init.d/10-config +++ b/jvb/rootfs/etc/cont-init.d/10-config @@ -35,6 +35,39 @@ if [[ -f /config/custom-sip-communicator.properties ]]; then cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties fi +# set random jvb nickname for the instance if is not set +[ -z "${JVB_INSTANCE_ID}" ] && export JVB_INSTANCE_ID="jvb-$(date +%N)" + +# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled +if [ -n "$AUTOSCALER_URL" ]; then + if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem" + fi + if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then + # assume key id is equal to the base real path of the key file minus .pem + export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')" + fi + + if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + echo "AUTOSCALER_URL found, enabling autoscaler sidecar" + + export JVB_VERSION="dpkg -s jitsi-videobridge2 | grep Version | awk '{print $2}' | sed 's/..$//'" + + [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000" + [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook" + [ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JVB_INSTANCE_ID" + [ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker" + [ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jvb" + + mkdir -p /etc/jitsi/autoscaler-sidecar + tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config + else + echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled" + fi +else + echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled" +fi + tpl /defaults/logging.properties > /config/logging.properties tpl /defaults/jvb.conf > /config/jvb.conf diff --git a/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run b/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run new file mode 100644 index 0000000000..22f775088e --- /dev/null +++ b/jvb/rootfs/etc/services.d/50-autoscaler-sidecar/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash + +if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then + DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js" + exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON" +else + # if autoscaler-sidecar should not be started, + # prevent s6 from restarting this script again and again + s6-svc -O /var/run/s6/services/50-autoscaler-sidecar +fi From 3b9afe4f5ae36376a83acc6c47c9d4018a705870 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:39:42 +0100 Subject: [PATCH 10/52] release: build images before comitting the changelog This makes it easy to re-attempt a botched build. --- release.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/release.sh b/release.sh index b5fbae8378..98c1e57049 100755 --- a/release.sh +++ b/release.sh @@ -25,8 +25,8 @@ VERSION="${RELEASE}-${V}" echo "Releasing ${VERSION}" if git rev-parse "${VERSION}" >/dev/null 2>&1; then - echo "Tag for such version already exists!" - exit 1 + echo "Tag for such version already exists!" + exit 1 fi # Prepare changelog @@ -38,6 +38,14 @@ CHANGES=$(git log --oneline --no-decorate --no-merges ${LAST_VERSION}..HEAD --pr echo "Changelog:" echo "$CHANGES" +# Tag Docker images and push them to DockerHub +# + +JITSI_BUILD=${VERSION} JITSI_RELEASE=${RELEASE} make release + +# Changelog +# + echo -e "## ${VERSION}\n\nBased on ${RELEASE} release ${V}.\n\n${CHANGES}\n" > tmp cat CHANGELOG.md >> tmp mv tmp CHANGELOG.md @@ -53,11 +61,6 @@ sed -i "" -e "s/unstable/${VERSION}/" *.yml git commit -a -m "release: ${VERSION}" -m "${CHANGES}" git tag -a "${VERSION}" -m "release" -m "${CHANGES}" -# Tag Docker images and push them to DockerHub -# - -JITSI_BUILD=${VERSION} JITSI_RELEASE=${RELEASE} make release - # Revert back to "unstable" for development # From ea61fb7f7cd64d895297b31729cddf880949db43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:55:18 +0100 Subject: [PATCH 11/52] release: stable-9078 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 3b9afe4 release: build images before comitting the changelog * 54d422b jvb: autoscaler sidecar support * 9f0658d sample: escape/encapsulate string * 5d05ba2 jicofo: support jicofo log file for tailing (#1632) * 8555fe1 web: param to control config.hosts.authDomain (#1627) * cd1c9fb prosody: remove muc limit messages from visitors (#1626) * af50dde prosody: s2s whitelist duplicate param fix (#1625) * eb91893 prosody: add ping module to auth domain (#1624) * 261caa3 prosody: guest ping module, var for auth type (#1623) * 7fb1026 prosody: params for limits (#1622) * cf894ce prosody: variables for lobby and breakout modules * a827437 prosody: param to link room metadata to main vhost (#1616) * 5120595 prosody: var for config in main vhost (#1615) * bebd748 web: flag to control sctp bridge channel choice (#1613) * 6bfa830 prosody: visitor mode support (#1611) * 7bfc5c1 prosody: update version of prosody-plugings package * 3a77aac jicofo: support visitors in jicofo configuration (#1610) * f860c5d jvb: don’t send Jetty server version * 63380fa misc: working on unstable --- CHANGELOG.md | 24 ++++++++++++++++++++++++ docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7edbdb277..70922f7034 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,27 @@ +## stable-9078 + +Based on stable release 9078. + +* 3b9afe4 release: build images before comitting the changelog +* 54d422b jvb: autoscaler sidecar support +* 9f0658d sample: escape/encapsulate string +* 5d05ba2 jicofo: support jicofo log file for tailing (#1632) +* 8555fe1 web: param to control config.hosts.authDomain (#1627) +* cd1c9fb prosody: remove muc limit messages from visitors (#1626) +* af50dde prosody: s2s whitelist duplicate param fix (#1625) +* eb91893 prosody: add ping module to auth domain (#1624) +* 261caa3 prosody: guest ping module, var for auth type (#1623) +* 7fb1026 prosody: params for limits (#1622) +* cf894ce prosody: variables for lobby and breakout modules +* a827437 prosody: param to link room metadata to main vhost (#1616) +* 5120595 prosody: var for config in main vhost (#1615) +* bebd748 web: flag to control sctp bridge channel choice (#1613) +* 6bfa830 prosody: visitor mode support (#1611) +* 7bfc5c1 prosody: update version of prosody-plugings package +* 3a77aac jicofo: support visitors in jicofo configuration (#1610) +* f860c5d jvb: don’t send Jetty server version +* 63380fa misc: working on unstable + ## stable-8960-1 Based on stable release 8960-1. diff --git a/docker-compose.yml b/docker-compose.yml index fe00116963..74f23e1a7e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -163,7 +163,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -290,7 +290,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -365,7 +365,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index a0b4937dbe..9052ea5192 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 210d5916cc..93d055f7b1 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9078} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From d67938cc6639b8bd41cd0379e2e0bde6c3590fa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 14 Nov 2023 13:55:18 +0100 Subject: [PATCH 12/52] misc: working on unstable --- docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 74f23e1a7e..fe00116963 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -163,7 +163,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -290,7 +290,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -365,7 +365,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index 9052ea5192..a0b4937dbe 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 93d055f7b1..210d5916cc 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9078} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From 082718697672d3e0add450d1c61971885b5897f1 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 14 Nov 2023 13:15:13 -0600 Subject: [PATCH 13/52] prosody: stun in external services (#1644) --- docker-compose.yml | 2 ++ prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index fe00116963..f6feeec701 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -257,6 +257,8 @@ services: - PROSODY_VISITOR_INDEX - PROSODY_VISITORS_MUC_PREFIX - PUBLIC_URL + - STUN_HOST + - STUN_PORT - TURN_CREDENTIALS - TURN_HOST - TURNS_HOST diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 2fbb440e43..ce9c36a828 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -24,6 +24,8 @@ {{ $GUEST_AUTH_TYPE := .Env.PROSODY_GUEST_AUTH_TYPE | default "jitsi-anonymous" -}} {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}} +{{ $STUN_HOST := .Env.STUN_HOST | default "" -}} +{{ $STUN_PORT := .Env.STUN_PORT | default "443" -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}} {{ $TURN_HOSTS := splitList "," $TURN_HOST -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} @@ -81,12 +83,15 @@ http_default_host = "{{ $XMPP_DOMAIN }}" external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; {{- end }} -{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}} +{{ if or .Env.STUN_HOST .Env.TURN_HOST .Env.TURNS_HOST -}} external_services = { - {{ if $TURN_HOST -}} + {{- if $STUN_HOST }} + { type = "stun", host = "{{ $STUN_HOST }}", port = {{ $STUN_PORT }}, transport = "udp" } + {{- end }} + {{- if $TURN_HOST -}} {{- range $idx1, $host := $TURN_HOSTS -}} {{- range $idx2, $transport := $TURN_TRANSPORTS -}} - {{- if or $idx1 $idx2 -}},{{- end }} + {{- if or $STUN_HOST $idx1 $idx2 -}},{{- end }} { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } {{- end -}} {{- end -}} @@ -94,7 +99,7 @@ external_services = { {{- if $TURNS_HOST -}} {{- range $idx, $host := $TURNS_HOSTS -}} - {{- if or $TURN_HOST $idx -}},{{- end }} + {{- if or $STUN_HOST $TURN_HOST $idx -}},{{- end }} { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } {{- end }} {{- end }} From 54d3aca2bf8b8c599054ca17c8c5b9b25b1c1556 Mon Sep 17 00:00:00 2001 From: Daniel McAssey Date: Tue, 14 Nov 2023 15:04:31 +0000 Subject: [PATCH 14/52] jicofo: add AV1 options --- docker-compose.yml | 4 ++++ jicofo/rootfs/defaults/jicofo.conf | 5 +++++ web/rootfs/defaults/settings-config.js | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index f6feeec701..9367b73ec8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -147,6 +147,9 @@ services: - VIDEOQUALITY_BITRATE_VP9_LOW - VIDEOQUALITY_BITRATE_VP9_STANDARD - VIDEOQUALITY_BITRATE_VP9_HIGH + - VIDEOQUALITY_BITRATE_AV1_LOW + - VIDEOQUALITY_BITRATE_AV1_STANDARD + - VIDEOQUALITY_BITRATE_AV1_HIGH - VIDEOQUALITY_ENFORCE_PREFERRED_CODEC - VIDEOQUALITY_PREFERRED_CODEC - XMPP_AUTH_DOMAIN @@ -306,6 +309,7 @@ services: - ENABLE_AUTO_OWNER - ENABLE_CODEC_VP8 - ENABLE_CODEC_VP9 + - ENABLE_CODEC_AV1 - ENABLE_CODEC_H264 - ENABLE_CODEC_OPUS_RED - ENABLE_JVB_XMPP_SERVER diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index b8f9abe879..1b1510ac92 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -107,6 +107,11 @@ jicofo { enabled = {{ .Env.ENABLE_CODEC_VP9 | toBool }} } {{ end }} + {{ if .Env.ENABLE_CODEC_AV1 }} + av1 { + enabled = {{ .Env.ENABLE_CODEC_AV1 | toBool }} + } + {{ end }} {{ if .Env.ENABLE_CODEC_H264 }} h264 { enabled = {{ .Env.ENABLE_CODEC_H264 | toBool }} diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 5151b84978..be2d79f8d6 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -436,6 +436,10 @@ config.videoQuality.maxBitratesVideo.VP8 = { low: {{ .Env.VIDEOQUALITY_BITRATE_V {{ if and .Env.VIDEOQUALITY_BITRATE_VP9_LOW .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD .Env.VIDEOQUALITY_BITRATE_VP9_HIGH -}} config.videoQuality.maxBitratesVideo = config.videoQuality.maxBitratesVideo || {} config.videoQuality.maxBitratesVideo.VP9 = { low: {{ .Env.VIDEOQUALITY_BITRATE_VP9_LOW }}, standard: {{ .Env.VIDEOQUALITY_BITRATE_VP9_STANDARD }}, high: {{ .Env.VIDEOQUALITY_BITRATE_VP9_HIGH }} }; +{{ end -}} +{{ if and .Env.VIDEOQUALITY_BITRATE_AV1_LOW .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD .Env.VIDEOQUALITY_BITRATE_AV1_HIGH -}} +config.videoQuality.maxBitratesVideo = config.videoQuality.maxBitratesVideo || {} +config.videoQuality.maxBitratesVideo.AV1 = { low: {{ .Env.VIDEOQUALITY_BITRATE_AV1_LOW }}, standard: {{ .Env.VIDEOQUALITY_BITRATE_AV1_STANDARD }}, high: {{ .Env.VIDEOQUALITY_BITRATE_AV1_HIGH }} }; {{ end -}} // Reactions From 825730d6597a92b4f06c14eaf54a45e0d4667527 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 17 Nov 2023 14:32:05 -0600 Subject: [PATCH 15/52] web: nginx ws-colibri proxy regex updates (#1645) --- docker-compose.yml | 4 ++++ web/Dockerfile | 2 +- web/rootfs/defaults/meet.conf | 3 ++- web/rootfs/etc/cont-init.d/10-config | 19 +++++++++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9367b73ec8..e8f1c306b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,6 +24,8 @@ services: - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - COLIBRI_WEBSOCKET_PORT + - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME + - COLIBRI_WEBSOCKET_REGEX - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEFAULT_LANGUAGE @@ -38,6 +40,7 @@ services: - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DISABLE_AUDIO_LEVELS + - DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP - DISABLE_DEEP_LINKING - DISABLE_GRANT_MODERATOR - DISABLE_HTTPS @@ -58,6 +61,7 @@ services: - ENABLE_BREAKOUT_ROOMS - ENABLE_CALENDAR - ENABLE_COLIBRI_WEBSOCKET + - ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX - ENABLE_E2EPING - ENABLE_FILE_RECORDING_SHARING - ENABLE_GUESTS diff --git a/web/Dockerfile b/web/Dockerfile index c8f1be4555..5f29e5f0c4 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -12,7 +12,7 @@ ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh /opt COPY rootfs/ / RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web socat curl jq && \ + apt-dpkg-wrap apt-get install -y dnsutils cron nginx-extras jitsi-meet-web socat curl jq && \ mv /usr/share/jitsi-meet/interface_config.js /defaults && \ rm -f /etc/nginx/conf.d/default.conf && \ apt-cleanup diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index 8fc7beb493..013a15b221 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,5 +1,6 @@ {{ $ENABLE_COLIBRI_WEBSOCKET := .Env.ENABLE_COLIBRI_WEBSOCKET | default "1" | toBool }} {{ $COLIBRI_WEBSOCKET_PORT := .Env.COLIBRI_WEBSOCKET_PORT | default "9090" }} +{{ $COLIBRI_WEBSOCKET_REGEX := .Env.COLIBRI_WEBSOCKET_REGEX | default "jvb" }} {{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} @@ -69,7 +70,7 @@ location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|. {{ if $ENABLE_COLIBRI_WEBSOCKET }} # colibri (JVB) websockets -location ~ ^/colibri-ws/([a-zA-Z0-9-\._]+)/(.*) { +location ~ ^/colibri-ws/({{ $COLIBRI_WEBSOCKET_REGEX }})/(.*) { tcp_nodelay on; proxy_http_version 1.1; diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config index f0e7ab2ac0..318dfa750d 100644 --- a/web/rootfs/etc/cont-init.d/10-config +++ b/web/rootfs/etc/cont-init.d/10-config @@ -88,6 +88,25 @@ fi echo "Using Nginx resolver: =$NGINX_RESOLVER=" +# colibri-ws settings +COLIBRI_WEBSOCKET_UNSAFE_REGEX="[a-zA-Z0-9-\._]+" +# use custom websocket regex if provided +if [ -z "$COLIBRI_WEBSOCKET_REGEX" ]; then + # default to the previous unsafe behavior only if flag is set + if [[ "$ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX" == "1" ]]; then + export COLIBRI_WEBSOCKET_REGEX="$COLIBRI_WEBSOCKET_UNSAFE_REGEX" + else + # default value to the JVB IP, works in compose and anywhere a dns lookup of the JVB reveals the correct IP for proxying + [ -z "$COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME" ] && export COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME="jvb" + if [[ "$DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP" == "1" ]]; then + # otherwise value default to the static value in the template 'jvb' + echo "WARNING: DISABLE_COLIBRI_WEBSOCKET_JVB_LOOKUP is set and no value for COLIBRI_WEBSOCKET_REGEX was provided, using static value 'jvb' for COLIBRI_WEBSOCKET_REGEX" + else + export COLIBRI_WEBSOCKET_REGEX="$(dig +short +search $COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME)" + fi + fi +fi + # copy config files tpl /defaults/nginx.conf > /config/nginx/nginx.conf From c56ed00634e30133a8be82c2e5f38f3c532f0d06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 21 Nov 2023 17:40:07 +0100 Subject: [PATCH 16/52] release: stable-9111 * 825730d web: nginx ws-colibri proxy regex updates (#1645) * 54d3aca jicofo: add AV1 options * 0827186 prosody: stun in external services (#1644) * d67938c misc: working on unstable --- CHANGELOG.md | 9 +++++++++ docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70922f7034..0a08a4b7d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## stable-9111 + +Based on stable release 9111. + +* 825730d web: nginx ws-colibri proxy regex updates (#1645) +* 54d3aca jicofo: add AV1 options +* 0827186 prosody: stun in external services (#1644) +* d67938c misc: working on unstable + ## stable-9078 Based on stable release 9078. diff --git a/docker-compose.yml b/docker-compose.yml index e8f1c306b9..a6065b0f20 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -170,7 +170,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -299,7 +299,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -375,7 +375,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index a0b4937dbe..165f0d029f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 210d5916cc..754691dae3 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9111} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From 42a2153a15079feb45a7a699527a469be9dff96f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Tue, 21 Nov 2023 17:40:07 +0100 Subject: [PATCH 17/52] misc: working on unstable --- docker-compose.yml | 8 ++++---- jibri.yml | 2 +- jigasi.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a6065b0f20..e8f1c306b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -170,7 +170,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -299,7 +299,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -375,7 +375,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index 165f0d029f..a0b4937dbe 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index 754691dae3..210d5916cc 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9111} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-unstable} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' From fa2b4db2d1c2fefe7dbcbd923ffe3711b2fa4a07 Mon Sep 17 00:00:00 2001 From: Daniel McAssey Date: Fri, 1 Dec 2023 12:34:39 +0000 Subject: [PATCH 18/52] jicofo, jigasi, jvb: fix SENTRY_DSN not being read --- docker-compose.yml | 4 ++-- jicofo/rootfs/defaults/logging.properties | 6 ++++-- jigasi.yml | 2 +- jigasi/rootfs/defaults/logging.properties | 4 +++- jvb/rootfs/defaults/logging.properties | 6 ++++-- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e8f1c306b9..76f2236162 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -353,7 +353,7 @@ services: - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY - PROSODY_VISITORS_MUC_PREFIX - - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" + - SENTRY_DSN - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ @@ -416,7 +416,7 @@ services: - JVB_XMPP_PORT - JVB_XMPP_SERVER - PUBLIC_URL - - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" + - SENTRY_DSN - SENTRY_ENVIRONMENT - SENTRY_RELEASE - COLIBRI_REST_ENABLED diff --git a/jicofo/rootfs/defaults/logging.properties b/jicofo/rootfs/defaults/logging.properties index 16a7e5631a..5641132bf4 100644 --- a/jicofo/rootfs/defaults/logging.properties +++ b/jicofo/rootfs/defaults/logging.properties @@ -1,7 +1,9 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} + +{{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} -handlers= java.util.logging.ConsoleHandler +handlers=java.util.logging.ConsoleHandler {{ end }} java.util.logging.ConsoleHandler.level = ALL diff --git a/jigasi.yml b/jigasi.yml index 210d5916cc..2952b92cf5 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -48,7 +48,7 @@ services: - GC_CLIENT_ID - GC_CLIENT_CERT_URL - SHUTDOWN_REST_ENABLED - - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" + - SENTRY_DSN - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ diff --git a/jigasi/rootfs/defaults/logging.properties b/jigasi/rootfs/defaults/logging.properties index b52000a25d..4ee839ed77 100644 --- a/jigasi/rootfs/defaults/logging.properties +++ b/jigasi/rootfs/defaults/logging.properties @@ -1,4 +1,6 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} + +{{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers=java.util.logging.ConsoleHandler diff --git a/jvb/rootfs/defaults/logging.properties b/jvb/rootfs/defaults/logging.properties index 4b67430c40..6a2dc3ba9d 100644 --- a/jvb/rootfs/defaults/logging.properties +++ b/jvb/rootfs/defaults/logging.properties @@ -1,7 +1,9 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} + +{{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} -handlers= java.util.logging.ConsoleHandler +handlers=java.util.logging.ConsoleHandler {{ end }} java.util.logging.ConsoleHandler.level = ALL From 8415c84c10c5eac7255a1cbb3267ccc1231b66f5 Mon Sep 17 00:00:00 2001 From: Daniel McAssey Date: Fri, 1 Dec 2023 12:36:21 +0000 Subject: [PATCH 19/52] logging: fix reference to old variable --- jicofo/rootfs/defaults/logging.properties | 2 +- jigasi/rootfs/defaults/logging.properties | 2 +- jvb/rootfs/defaults/logging.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jicofo/rootfs/defaults/logging.properties b/jicofo/rootfs/defaults/logging.properties index 5641132bf4..a473db7bea 100644 --- a/jicofo/rootfs/defaults/logging.properties +++ b/jicofo/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler diff --git a/jigasi/rootfs/defaults/logging.properties b/jigasi/rootfs/defaults/logging.properties index 4ee839ed77..d2deccd53e 100644 --- a/jigasi/rootfs/defaults/logging.properties +++ b/jigasi/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler diff --git a/jvb/rootfs/defaults/logging.properties b/jvb/rootfs/defaults/logging.properties index 6a2dc3ba9d..512ff098cf 100644 --- a/jvb/rootfs/defaults/logging.properties +++ b/jvb/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler From 073f85d76ce179ed3c28dd37e6ecedcd0137b6ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 1 Dec 2023 14:17:50 +0100 Subject: [PATCH 20/52] Revert "logging: fix reference to old variable" This reverts commit 8415c84c10c5eac7255a1cbb3267ccc1231b66f5. --- jicofo/rootfs/defaults/logging.properties | 2 +- jigasi/rootfs/defaults/logging.properties | 2 +- jvb/rootfs/defaults/logging.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jicofo/rootfs/defaults/logging.properties b/jicofo/rootfs/defaults/logging.properties index a473db7bea..5641132bf4 100644 --- a/jicofo/rootfs/defaults/logging.properties +++ b/jicofo/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler diff --git a/jigasi/rootfs/defaults/logging.properties b/jigasi/rootfs/defaults/logging.properties index d2deccd53e..4ee839ed77 100644 --- a/jigasi/rootfs/defaults/logging.properties +++ b/jigasi/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler diff --git a/jvb/rootfs/defaults/logging.properties b/jvb/rootfs/defaults/logging.properties index 512ff098cf..6a2dc3ba9d 100644 --- a/jvb/rootfs/defaults/logging.properties +++ b/jvb/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default .Env.JICOFO_SENTRY_DSN -}} +{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} {{ if $SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler From dbffba1d6c0dce2ceb7ec746e16cc66ddc3b2970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 1 Dec 2023 14:17:50 +0100 Subject: [PATCH 21/52] Revert "jicofo, jigasi, jvb: fix SENTRY_DSN not being read" This reverts commit fa2b4db2d1c2fefe7dbcbd923ffe3711b2fa4a07. --- docker-compose.yml | 4 ++-- jicofo/rootfs/defaults/logging.properties | 6 ++---- jigasi.yml | 2 +- jigasi/rootfs/defaults/logging.properties | 4 +--- jvb/rootfs/defaults/logging.properties | 6 ++---- 5 files changed, 8 insertions(+), 14 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 76f2236162..e8f1c306b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -353,7 +353,7 @@ services: - MAX_BRIDGE_PARTICIPANTS - OCTO_BRIDGE_SELECTION_STRATEGY - PROSODY_VISITORS_MUC_PREFIX - - SENTRY_DSN + - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ @@ -416,7 +416,7 @@ services: - JVB_XMPP_PORT - JVB_XMPP_SERVER - PUBLIC_URL - - SENTRY_DSN + - SENTRY_DSN="${JVB_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - COLIBRI_REST_ENABLED diff --git a/jicofo/rootfs/defaults/logging.properties b/jicofo/rootfs/defaults/logging.properties index 5641132bf4..16a7e5631a 100644 --- a/jicofo/rootfs/defaults/logging.properties +++ b/jicofo/rootfs/defaults/logging.properties @@ -1,9 +1,7 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} - -{{ if $SENTRY_DSN }} +{{ if .Env.SENTRY_DSN | default "0" | toBool }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} -handlers=java.util.logging.ConsoleHandler +handlers= java.util.logging.ConsoleHandler {{ end }} java.util.logging.ConsoleHandler.level = ALL diff --git a/jigasi.yml b/jigasi.yml index 2952b92cf5..210d5916cc 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -48,7 +48,7 @@ services: - GC_CLIENT_ID - GC_CLIENT_CERT_URL - SHUTDOWN_REST_ENABLED - - SENTRY_DSN + - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE - TZ diff --git a/jigasi/rootfs/defaults/logging.properties b/jigasi/rootfs/defaults/logging.properties index 4ee839ed77..b52000a25d 100644 --- a/jigasi/rootfs/defaults/logging.properties +++ b/jigasi/rootfs/defaults/logging.properties @@ -1,6 +1,4 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} - -{{ if $SENTRY_DSN }} +{{ if .Env.SENTRY_DSN | default "0" | toBool }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers=java.util.logging.ConsoleHandler diff --git a/jvb/rootfs/defaults/logging.properties b/jvb/rootfs/defaults/logging.properties index 6a2dc3ba9d..4b67430c40 100644 --- a/jvb/rootfs/defaults/logging.properties +++ b/jvb/rootfs/defaults/logging.properties @@ -1,9 +1,7 @@ -{{ $SENTRY_DSN := .Env.SENTRY_DSN | default $JICOFO_SENTRY_DSN -}} - -{{ if $SENTRY_DSN }} +{{ if .Env.SENTRY_DSN | default "0" | toBool }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} -handlers=java.util.logging.ConsoleHandler +handlers= java.util.logging.ConsoleHandler {{ end }} java.util.logging.ConsoleHandler.level = ALL From e6a0c0461ed3040fa8c4c9e2c17940b7fae85faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Thu, 30 Nov 2023 22:51:13 +0100 Subject: [PATCH 22/52] jibri: add check for /dev/shm size If the container was staryed without a /dev/shm of at least 2GB (defaults to 6MB in Docker) Chrome will behave erratically or crash. Catch this with a tiny binary and make the container fail to start. Ref: https://github.com/jitsi/docker-jitsi-meet/issues/1653 --- jibri/Dockerfile | 8 +++++++- jibri/rootfs/etc/cont-init.d/10-config | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/jibri/Dockerfile b/jibri/Dockerfile index 52f8698cba..fbe9506a0b 100644 --- a/jibri/Dockerfile +++ b/jibri/Dockerfile @@ -20,6 +20,12 @@ RUN apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" jibri libgl1-mesa-dri procps jitsi-upload-integrations jitsi-autoscaler-sidecar jq pulseaudio dbus dbus-x11 rtkit unzip fonts-noto && \ /usr/bin/install-chrome.sh && \ apt-cleanup && \ - adduser jibri rtkit + adduser jibri rtkit && \ + case ${TARGETPLATFORM} in \ + "linux/amd64") SC_ARCH=x86_64 ;; \ + "linux/arm64") SC_ARCH=aarch64 ;; \ + esac && \ + wget -qO /usr/bin/shm-check https://github.com/saghul/shm-check/releases/download/v1.0.0/shm-check-${SC_ARCH} && \ + chmod +x /usr/bin/shm-check VOLUME /config diff --git a/jibri/rootfs/etc/cont-init.d/10-config b/jibri/rootfs/etc/cont-init.d/10-config index a90c673b15..9d3b1f517b 100644 --- a/jibri/rootfs/etc/cont-init.d/10-config +++ b/jibri/rootfs/etc/cont-init.d/10-config @@ -1,5 +1,11 @@ #!/usr/bin/with-contenv bash +# Check if /dev/shm is large enough (2GB at least) +if ! shm-check; then + echo "/dev/shm must be at least 2GB in size" + exit 1 +fi + if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then echo 'FATAL ERROR: Jibri recorder password and auth password must be set' exit 1 From 71b3892d64fad284522df49b873e0c6890c5b237 Mon Sep 17 00:00:00 2001 From: Matthias Kesler Date: Sun, 3 Dec 2023 09:28:06 +0100 Subject: [PATCH 23/52] jicofo,jvb,jigasi: fix SENTRY_DSN cannot be defined --- jicofo/rootfs/defaults/logging.properties | 2 +- jigasi/rootfs/defaults/logging.properties | 2 +- jvb/rootfs/defaults/logging.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/jicofo/rootfs/defaults/logging.properties b/jicofo/rootfs/defaults/logging.properties index 16a7e5631a..6fad54a0a4 100644 --- a/jicofo/rootfs/defaults/logging.properties +++ b/jicofo/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ if .Env.SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers= java.util.logging.ConsoleHandler diff --git a/jigasi/rootfs/defaults/logging.properties b/jigasi/rootfs/defaults/logging.properties index b52000a25d..d7d0da2bff 100644 --- a/jigasi/rootfs/defaults/logging.properties +++ b/jigasi/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ if .Env.SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers=java.util.logging.ConsoleHandler diff --git a/jvb/rootfs/defaults/logging.properties b/jvb/rootfs/defaults/logging.properties index 4b67430c40..e99f245c56 100644 --- a/jvb/rootfs/defaults/logging.properties +++ b/jvb/rootfs/defaults/logging.properties @@ -1,4 +1,4 @@ -{{ if .Env.SENTRY_DSN | default "0" | toBool }} +{{ if .Env.SENTRY_DSN }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers= java.util.logging.ConsoleHandler From 940cd974faf4ab6adb26dc65e5c57cde6b5be6e7 Mon Sep 17 00:00:00 2001 From: must_eat Date: Sun, 26 Nov 2023 06:28:12 +0300 Subject: [PATCH 24/52] env.example: add jicofo and jvb env vars for defining max memory. --- env.example | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/env.example b/env.example index d2a1f7ba43..30dafb31a9 100644 --- a/env.example +++ b/env.example @@ -36,6 +36,12 @@ TZ=UTC # https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#running-behind-nat-or-on-a-lan-environment #JVB_ADVERTISE_IPS=192.168.1.1,1.2.3.4 +# +# Memory limits for Java components +# + +#JICOFO_MAX_MEMORY=3072m +#VIDEOBRIDGE_MAX_MEMORY=3072m # # JaaS Components (beta) From ee2f3c93e0b128b64e726b939739e50d0c227190 Mon Sep 17 00:00:00 2001 From: must_eat Date: Sun, 26 Nov 2023 06:31:44 +0300 Subject: [PATCH 25/52] docker-compose.yml: expose jicofo and jvb env vars for defining max memory. --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index e8f1c306b9..e25752fd23 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -338,6 +338,7 @@ services: - JICOFO_ENABLE_HEALTH_CHECKS - JICOFO_ENABLE_REST - JICOFO_HEALTH_CHECKS_USE_PRESENCE + - JICOFO_MAX_MEMORY - JICOFO_MULTI_STREAM_BACKWARD_COMPAT - JICOFO_OCTO_REGION - JIBRI_BREWERY_MUC @@ -422,6 +423,7 @@ services: - COLIBRI_REST_ENABLED - SHUTDOWN_REST_ENABLED - TZ + - VIDEOBRIDGE_MAX_MEMORY - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER From b4428bf2611f5de363fbc07b76d60f5013da050c Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Thu, 7 Dec 2023 09:11:33 -0600 Subject: [PATCH 26/52] prosody: use mod_smacks.lua from prosody since 0.12.4 --- prosody/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/prosody/Dockerfile b/prosody/Dockerfile index b00a4b1011..f9a745722b 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -47,6 +47,7 @@ RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody lua-unbound && \ apt-dpkg-wrap apt-get -d install -y jitsi-meet-prosody && \ dpkg -x /var/cache/apt/archives/jitsi-meet-prosody*.deb /tmp/pkg && \ + rm /tmp/pkg/usr/share/jitsi-meet/prosody-plugins/mod_smacks.lua && \ mv /tmp/pkg/usr/share/jitsi-meet/prosody-plugins /prosody-plugins && \ rm -rf /tmp/pkg /var/cache/apt && \ apt-cleanup && \ From 453161597401173693e36c68fc2479aca087cdc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 8 Dec 2023 11:04:08 +0100 Subject: [PATCH 27/52] prosody: add smacks to guest vhost Fixes: https://github.com/jitsi/docker-jitsi-meet/issues/1545 --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 3 +++ 1 file changed, 3 insertions(+) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index ce9c36a828..0aadb95c94 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -263,6 +263,9 @@ VirtualHost "{{ $XMPP_GUEST_DOMAIN }}" authentication = "{{ $GUEST_AUTH_TYPE }}" modules_enabled = { "ping"; + {{ if $ENABLE_XMPP_WEBSOCKET }} + "smacks"; -- XEP-0198: Stream Management + {{ end }} } c2s_require_encryption = false From 4c009ad8c2e421572ad362bce2ef1e9835c7e1e5 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Fri, 15 Dec 2023 09:46:44 -0600 Subject: [PATCH 28/52] jvb: fix version for autoscaler config * jvb: fix version for autoscaler config --- jvb/rootfs/etc/cont-init.d/10-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jvb/rootfs/etc/cont-init.d/10-config b/jvb/rootfs/etc/cont-init.d/10-config index 127e71715c..5e65dff575 100644 --- a/jvb/rootfs/etc/cont-init.d/10-config +++ b/jvb/rootfs/etc/cont-init.d/10-config @@ -51,7 +51,7 @@ if [ -n "$AUTOSCALER_URL" ]; then if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then echo "AUTOSCALER_URL found, enabling autoscaler sidecar" - export JVB_VERSION="dpkg -s jitsi-videobridge2 | grep Version | awk '{print $2}' | sed 's/..$//'" + export JVB_VERSION="$(dpkg -s jitsi-videobridge2 | grep Version | awk '{print $2}' | sed 's/..$//')" [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000" [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook" From 431cdccbfe4e64fe4e29fc76e6eddb59b947e62a Mon Sep 17 00:00:00 2001 From: Cedric Roijakkers Date: Tue, 19 Dec 2023 12:24:09 +0100 Subject: [PATCH 29/52] web: allow desktop framerate to be automatically determined by the browser --- docker-compose.yml | 1 + web/rootfs/defaults/settings-config.js | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index e25752fd23..5819c3ef4a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,6 +34,7 @@ services: - DEPLOYMENTINFO_REGION - DEPLOYMENTINFO_SHARD - DEPLOYMENTINFO_USERREGION + - DESKTOP_SHARING_FRAMERATE_AUTO - DESKTOP_SHARING_FRAMERATE_MIN - DESKTOP_SHARING_FRAMERATE_MAX - DIALIN_NUMBERS_URL diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index be2d79f8d6..ed2c3ccb6a 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -47,6 +47,7 @@ {{ $ENABLE_NOISY_MIC_DETECTION := .Env.ENABLE_NOISY_MIC_DETECTION | default "true" | toBool -}} {{ $START_VIDEO_MUTED := .Env.START_VIDEO_MUTED | default 10 -}} {{ $START_WITH_VIDEO_MUTED := .Env.START_WITH_VIDEO_MUTED | default "false" | toBool -}} +{{ $DESKTOP_SHARING_FRAMERATE_AUTO := .Env.DESKTOP_SHARING_FRAMERATE_AUTO | default "true" | toBool -}} {{ $DESKTOP_SHARING_FRAMERATE_MIN := .Env.DESKTOP_SHARING_FRAMERATE_MIN | default 5 -}} {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} {{ $TESTING_OCTO_PROBABILITY := .Env.TESTING_OCTO_PROBABILITY | default "0" -}} @@ -92,11 +93,12 @@ config.flags.sourceNameSignaling = true; config.flags.sendMultipleVideoStreams = true; config.flags.receiveMultipleVideoStreams = true; - +{{ if not $DESKTOP_SHARING_FRAMERATE_AUTO }} // ScreenShare Configuration. // config.desktopSharingFrameRate = { min: {{ $DESKTOP_SHARING_FRAMERATE_MIN }}, max: {{ $DESKTOP_SHARING_FRAMERATE_MAX }} }; +{{ end }} // Audio configuration. // From 4fba8b5d985a16ad95cc6b813e74dda265096ea6 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 19 Dec 2023 12:53:00 -0600 Subject: [PATCH 30/52] task: support logging to file in JVB container (#1675) --- docker-compose.yml | 1 + jvb/rootfs/etc/services.d/jvb/run | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5819c3ef4a..f8b3d45431 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -408,6 +408,7 @@ services: - JVB_PORT - JVB_MUC_NICKNAME - JVB_STUN_SERVERS + - JVB_LOG_FILE - JVB_OCTO_BIND_ADDRESS - JVB_OCTO_REGION - JVB_OCTO_RELAY_ID diff --git a/jvb/rootfs/etc/services.d/jvb/run b/jvb/rootfs/etc/services.d/jvb/run index 09b9c3e118..d499fc0674 100644 --- a/jvb/rootfs/etc/services.d/jvb/run +++ b/jvb/rootfs/etc/services.d/jvb/run @@ -4,4 +4,7 @@ export JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet. DAEMON=/usr/share/jitsi-videobridge/jvb.sh -exec s6-setuidgid jvb /bin/bash -c "exec $DAEMON" +JVB_CMD="exec $DAEMON" +[ -n "$JVB_LOG_FILE" ] && JVB_CMD="$JVB_CMD 2>&1 | tee $JVB_LOG_FILE" + +exec s6-setuidgid jvb /bin/bash -c "$JVB_CMD" From 3519113ef9403d2f944b12fe51ac69e7c3623929 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 19 Dec 2023 12:53:53 -0600 Subject: [PATCH 31/52] jvb: finish script for graceful shutdown (#1676) --- jvb/rootfs/etc/services.d/jvb/finish | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 jvb/rootfs/etc/services.d/jvb/finish diff --git a/jvb/rootfs/etc/services.d/jvb/finish b/jvb/rootfs/etc/services.d/jvb/finish new file mode 100644 index 0000000000..9f7171a418 --- /dev/null +++ b/jvb/rootfs/etc/services.d/jvb/finish @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv bash + +# When the jvb is shutdown (or gracefully shutdown), it exits with code 0. +# In this case, we don't want S6 to restart the service. We want to stop all +# services and shutdown the container. + +if [[ $1 -eq 0 ]]; then + s6-svscanctl -t /var/run/s6/services +fi From 2e3c272bdf8532a745027baf4cd5a1903cb17c19 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 19 Dec 2023 13:16:09 -0600 Subject: [PATCH 32/52] jvb: fix terminate script for autoscaler sidecar * jvb: fix terminate script for autoscaler sidecar --- jvb/rootfs/defaults/autoscaler-sidecar.config | 2 +- jvb/rootfs/opt/jitsi/shutdown.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100755 jvb/rootfs/opt/jitsi/shutdown.sh diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config index 777942a681..69b83726ed 100644 --- a/jvb/rootfs/defaults/autoscaler-sidecar.config +++ b/jvb/rootfs/defaults/autoscaler-sidecar.config @@ -5,7 +5,7 @@ export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }} export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }} export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }} export GRACEFUL_SHUTDOWN_SCRIPT="/usr/share/jitsi-videobridge/graceful_shutdown.sh" -export TERMINATE_SCRIPT="/opt/jitsi/jvb/shutdown.sh" +export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh" export ENABLE_REPORT_STATS=true export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" diff --git a/jvb/rootfs/opt/jitsi/shutdown.sh b/jvb/rootfs/opt/jitsi/shutdown.sh new file mode 100755 index 0000000000..7a42791c58 --- /dev/null +++ b/jvb/rootfs/opt/jitsi/shutdown.sh @@ -0,0 +1,3 @@ +# shutdown everything + +s6-svscanctl -t /var/run/s6/services From b8a9080fde9a03fd98dede16094f152be51312a3 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 19 Dec 2023 13:21:06 -0600 Subject: [PATCH 33/52] task: fix shutdown script * task: fix shutdown script --- jvb/rootfs/opt/jitsi/shutdown.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jvb/rootfs/opt/jitsi/shutdown.sh b/jvb/rootfs/opt/jitsi/shutdown.sh index 7a42791c58..d7808909ab 100755 --- a/jvb/rootfs/opt/jitsi/shutdown.sh +++ b/jvb/rootfs/opt/jitsi/shutdown.sh @@ -1,3 +1,4 @@ -# shutdown everything +#!/usr/bin/with-contenv bash +# shutdown everything s6-svscanctl -t /var/run/s6/services From 60100d6ce273f46386126539598be91790fb698e Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 19 Dec 2023 15:22:53 -0600 Subject: [PATCH 34/52] jvb: expose public IP in autoscaler sidecar config (#1679) --- jvb/rootfs/defaults/autoscaler-sidecar.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config index 69b83726ed..31ad83338f 100644 --- a/jvb/rootfs/defaults/autoscaler-sidecar.config +++ b/jvb/rootfs/defaults/autoscaler-sidecar.config @@ -15,4 +15,4 @@ export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}" export INSTANCE_TYPE="JVB" export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}" -export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}' +export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JVB_INSTANCE_ID }}","version":"{{ .Env.JVB_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","publicIp":"{{ .Env.JVB_ADVERTISE_IPS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}' From 11cbfccd8bb1c5511480c8f676412a5aada32faf Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Thu, 21 Dec 2023 16:34:21 -0600 Subject: [PATCH 35/52] web: provide bosh URL as relative only if flagged (#1682) --- docker-compose.yml | 1 + web/rootfs/defaults/system-config.js | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index f8b3d45431..ab524e5f0f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,6 +19,7 @@ services: - AUDIO_QUALITY_OPUS_BITRATE - AUTO_CAPTION_ON_RECORD - BRANDING_DATA_URL + - BOSH_RELATIVE - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index 2d6f8d081c..5dbe4b28f3 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -1,3 +1,4 @@ +{{ $BOSH_RELATIVE := .Env.BOSH_RELATIVE | default "false" | toBool -}} {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}} {{ $ENABLE_AUTH_DOMAIN := .Env.ENABLE_AUTH_DOMAIN | default "true" | toBool -}} @@ -44,7 +45,19 @@ config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; {{ end -}} {{ end -}} +{{ if $BOSH_RELATIVE -}} +{{ if $ENABLE_SUBDOMAINS -}} +config.bosh = '/'+ subdir + 'http-bind'; +{{ else -}} config.bosh = '/http-bind'; +{{ end -}} +{{ else -}} +{{ if $ENABLE_SUBDOMAINS -}} +config.bosh = 'https://{{ $PUBLIC_URL_DOMAIN}}/' + subdir + 'http-bind'; +{{ else -}} +config.bosh = 'https://{{ $PUBLIC_URL_DOMAIN}}/http-bind'; +{{ end -}} +{{ end -}} {{ if $ENABLE_XMPP_WEBSOCKET -}} {{ if $ENABLE_SUBDOMAINS -}} From 483bbde1ee4ff9341d5d606d8e6777c2cf2b1776 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 2 Jan 2024 10:38:24 -0600 Subject: [PATCH 36/52] web: trim deprecated options and defaults * web: trim deprecated options and defaults --- docker-compose.yml | 3 --- web/rootfs/defaults/settings-config.js | 33 ++++++++++---------------- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ab524e5f0f..6ab0e49908 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -71,7 +71,6 @@ services: - ENABLE_HTTP_REDIRECT - ENABLE_IPV6 - ENABLE_LETSENCRYPT - - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - ENABLE_NOISY_MIC_DETECTION - ENABLE_OCTO @@ -136,8 +135,6 @@ services: - START_WITH_AUDIO_MUTED - START_VIDEO_MUTED - START_WITH_VIDEO_MUTED - - TESTING_CAP_SCREENSHARE_BITRATE - - TESTING_OCTO_PROBABILITY - TOKEN_AUTH_URL - TOOLBAR_BUTTONS - TRANSLATION_LANGUAGES diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index ed2c3ccb6a..cd861c0e56 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -4,7 +4,6 @@ {{ $ENABLE_CALENDAR := .Env.ENABLE_CALENDAR | default "false" | toBool -}} {{ $ENABLE_FILE_RECORDING_SHARING := .Env.ENABLE_FILE_RECORDING_SHARING | default "false" | toBool -}} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} -{{ $ENABLE_LIPSYNC := .Env.ENABLE_LIPSYNC | default "false" | toBool -}} {{ $ENABLE_NO_AUDIO_DETECTION := .Env.ENABLE_NO_AUDIO_DETECTION | default "true" | toBool -}} {{ $ENABLE_P2P := .Env.ENABLE_P2P | default "true" | toBool -}} {{ $ENABLE_PREJOIN_PAGE := .Env.ENABLE_PREJOIN_PAGE | default "true" | toBool -}} @@ -50,8 +49,6 @@ {{ $DESKTOP_SHARING_FRAMERATE_AUTO := .Env.DESKTOP_SHARING_FRAMERATE_AUTO | default "true" | toBool -}} {{ $DESKTOP_SHARING_FRAMERATE_MIN := .Env.DESKTOP_SHARING_FRAMERATE_MIN | default 5 -}} {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} -{{ $TESTING_OCTO_PROBABILITY := .Env.TESTING_OCTO_PROBABILITY | default "0" -}} -{{ $TESTING_CAP_SCREENSHARE_BITRATE := .Env.TESTING_CAP_SCREENSHARE_BITRATE | default "1" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $DISABLE_DEEP_LINKING := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}} @@ -80,7 +77,10 @@ if (!config.constraints.hasOwnProperty('video')) config.constraints.video = {}; config.resolution = {{ $RESOLUTION }}; config.constraints.video.height = { ideal: {{ $RESOLUTION }}, max: {{ $RESOLUTION }}, min: {{ $RESOLUTION_MIN }} }; config.constraints.video.width = { ideal: {{ $RESOLUTION_WIDTH }}, max: {{ $RESOLUTION_WIDTH }}, min: {{ $RESOLUTION_WIDTH_MIN }}}; -config.disableSimulcast = {{ not $ENABLE_SIMULCAST }}; + +{{ if not $ENABLE_SIMULCAST -}} +config.disableSimulcast = true; +{{ end -}} config.startVideoMuted = {{ $START_VIDEO_MUTED }}; config.startWithVideoMuted = {{ $START_WITH_VIDEO_MUTED }}; @@ -119,7 +119,9 @@ config.startAudioMuted = {{ $START_AUDIO_MUTED }}; config.startWithAudioMuted = {{ $START_WITH_AUDIO_MUTED }}; config.startSilent = {{ $START_SILENT }}; config.enableOpusRed = {{ $ENABLE_OPUS_RED }}; -config.disableAudioLevels = {{ $DISABLE_AUDIO_LEVELS }}; +{{ if $DISABLE_AUDIO_LEVELS -}} +config.disableAudioLevels = true; +{{ end -}} config.enableNoisyMicDetection = {{ $ENABLE_NOISY_MIC_DETECTION }}; @@ -344,11 +346,12 @@ config.roomPasswordNumberOfDigits = {{ $ROOM_PASSWORD_DIGITS }}; // Advanced. // -// Lipsync hack in jicofo, may not be safe. -config.enableLipSync = {{ $ENABLE_LIPSYNC }}; - -config.enableRemb = {{ $ENABLE_REMB }}; -config.enableTcc = {{ $ENABLE_TCC }}; +{{ if not $ENABLE_REMB -}} +config.enableRemb = false; +{{ end -}} +{{ if not $ENABLE_TCC -}} +config.enableTcc = false; +{{ end -}} // Enable IPv6 support. config.useIPv6 = {{ $ENABLE_IPV6 }}; @@ -400,16 +403,6 @@ config.deploymentInfo.region = '{{ .Env.DEPLOYMENTINFO_REGION }}'; config.deploymentInfo.userRegion = '{{ $DEPLOYMENTINFO_USERREGION }}'; {{ end -}} - -// Testing -// - -if (!config.hasOwnProperty('testing')) config.testing = {}; -if (!config.testing.hasOwnProperty('octo')) config.testing.octo = {}; - -config.testing.capScreenshareBitrate = {{ $TESTING_CAP_SCREENSHARE_BITRATE }}; -config.testing.octo.probability = {{ $TESTING_OCTO_PROBABILITY }}; - // Deep Linking config.disableDeepLinking = {{ $DISABLE_DEEP_LINKING }}; From ec8615a292d86cb54ab47db32ced070ecde62019 Mon Sep 17 00:00:00 2001 From: bgrozev Date: Tue, 2 Jan 2024 10:48:35 -0600 Subject: [PATCH 37/52] fix: Fix default JIBRI_PENDING_TIMEOUT. (#1686) --- jicofo/rootfs/defaults/jicofo.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 1b1510ac92..05a7bf4d78 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -14,7 +14,7 @@ {{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} {{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} -{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default 90 -}} +{{ $JIBRI_PENDING_TIMEOUT := .Env.JIBRI_PENDING_TIMEOUT | default "90 seconds" -}} {{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}} {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}} From aa898e457a2bcae378944557005fff6bcb3aa2c1 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 2 Jan 2024 11:13:40 -0600 Subject: [PATCH 38/52] jicofo: fix visitors auth domain (#1687) * jicofo: fix visitors auth domain * include compose --- docker-compose.yml | 1 + jicofo/rootfs/defaults/jicofo.conf | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6ab0e49908..688f19df06 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -359,6 +359,7 @@ services: - TZ - VISITORS_MAX_PARTICIPANTS - VISITORS_MAX_VISITORS_PER_NODE + - VISITORS_XMPP_AUTH_DOMAIN - VISITORS_XMPP_SERVER - VISITORS_XMPP_DOMAIN - XMPP_DOMAIN diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 05a7bf4d78..221ae8a2f8 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -21,6 +21,7 @@ {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}} {{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }} {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} +{{ $VISITORS_XMPP_AUTH_DOMAIN := .Env.VISITORS_XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} {{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}} {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}} {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}} @@ -237,7 +238,7 @@ jicofo { hostname = {{ $SERVER._0 }} {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }} port = {{ $SERVER._1 | default $DEFAULT_PORT }} - domain = "{{ $XMPP_AUTH_DOMAIN }}" + domain = "{{ $VISITORS_XMPP_AUTH_DOMAIN }}" xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }} password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}" disable-certificate-verification = true From 1ad045ea0d707481c6c5465acc418f208fac6b5a Mon Sep 17 00:00:00 2001 From: bgrozev Date: Tue, 2 Jan 2024 12:17:31 -0600 Subject: [PATCH 39/52] feat: Add an option to enable sctp for relays. (#1688) --- docker-compose.yml | 1 + jicofo/rootfs/defaults/jicofo.conf | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 688f19df06..bd0045266e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -317,6 +317,7 @@ services: - ENABLE_CODEC_OPUS_RED - ENABLE_JVB_XMPP_SERVER - ENABLE_OCTO + - ENABLE_OCTO_SCTP - ENABLE_RECORDING - ENABLE_SCTP - ENABLE_VISITORS diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 221ae8a2f8..0ecdaf3cb7 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -7,6 +7,7 @@ {{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}} {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} +{{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default $ENABLE_SCTP | toBool -}} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}} {{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}} {{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}} @@ -203,6 +204,7 @@ jicofo { // two MUST be in sync (otherwise bridges will crash because they won't know how to // deal with octo channels). enabled = {{ $ENABLE_OCTO }} + sctp-datachannels = {{ $ENABLE_OCTO_SCTP }} } {{ if $ENABLE_REST }} From 78fb030bbeadef2be4df025fa9c5dfdb806342ef Mon Sep 17 00:00:00 2001 From: bgrozev Date: Tue, 2 Jan 2024 12:52:47 -0600 Subject: [PATCH 40/52] fix: Fix typo in var name. (#1690) --- jicofo/rootfs/defaults/jicofo.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 0ecdaf3cb7..5c222f8598 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -145,7 +145,7 @@ jicofo { {{ end }} {{ if .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }} - source-signaling-delays = {{ .Env.JICOFO_SOURCE_SIGNALING_DELAYS }} + source-signaling-delays = {{ .Env.JICOFO_CONF_SOURCE_SIGNALING_DELAYS }} {{ end }} {{ if .Env.JICOFO_CONF_MAX_AUDIO_SENDERS }} From 2a6788593f3a0dca7fae4983e0f3d28c108f7a39 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 2 Jan 2024 13:39:36 -0600 Subject: [PATCH 41/52] jicofo: trusted domain list * jicofo: always trust auth domain * jicofo: allow trusted domain list --- docker-compose.yml | 1 + jicofo/rootfs/defaults/jicofo.conf | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bd0045266e..970d7671b3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -341,6 +341,7 @@ services: - JICOFO_MAX_MEMORY - JICOFO_MULTI_STREAM_BACKWARD_COMPAT - JICOFO_OCTO_REGION + - JICOFO_TRUSTED_DOMAINS - JIBRI_BREWERY_MUC - JIBRI_REQUEST_RETRIES - JIBRI_PENDING_TIMEOUT diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 5c222f8598..b0fe406b30 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -7,7 +7,7 @@ {{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}} {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} -{{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default $ENABLE_SCTP | toBool -}} +{{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default .Env.ENABLE_SCTP | toBool -}} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}} {{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}} {{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}} @@ -34,6 +34,10 @@ {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default ($ENABLE_RECORDING | ternary $XMPP_RECORDER_DOMAIN "") -}} +{{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} +{{ $ENV := .Env }} + {{ $ENV := .Env }} jicofo { @@ -272,8 +276,8 @@ jicofo { disable-certificate-verification = true } {{ end }} - {{ if $ENABLE_RECORDING }} - trusted-domains = [ "{{ $XMPP_RECORDER_DOMAIN }}" ] - {{ end }} + + trusted-domains = [ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ] + } } From 5cc0ef0180ca7cdf4f8379b8a68e06e9fd5c66d1 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 2 Jan 2024 13:55:07 -0600 Subject: [PATCH 42/52] jicofo: fix duplicate line * jicofo: fix duplicate line --- jicofo/rootfs/defaults/jicofo.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index b0fe406b30..3b8ffdbd99 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -38,8 +38,6 @@ {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env }} -{{ $ENV := .Env }} - jicofo { {{ if $JICOFO_ENABLE_AUTH }} authentication { From ab30f56e2711afc965d326cba58e7b9731fc51ee Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Tue, 2 Jan 2024 14:36:24 -0600 Subject: [PATCH 43/52] prosody: enable muc_meeting_id in lobby component * prosody: enable muc_meeting_id in lobby component --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 0aadb95c94..e08787f5e2 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -406,6 +406,7 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true modules_enabled = { + "muc_meeting_id"; {{ if $ENABLE_RATE_LIMITS -}} "muc_rate_limit"; {{ end -}} From 52eef2eb23178963c28bcbf88f226439c1cc31c9 Mon Sep 17 00:00:00 2001 From: bgrozev Date: Tue, 2 Jan 2024 15:13:12 -0600 Subject: [PATCH 44/52] feat: Add an option to set jibri-sip brewery jid. (#1689) --- docker-compose.yml | 1 + jicofo/rootfs/defaults/jicofo.conf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 970d7671b3..aca3853a17 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -204,6 +204,7 @@ services: - GLOBAL_MODULES - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD + - JIBRI_SIP_BREWERY_MUC - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JICOFO_AUTH_PASSWORD diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 3b8ffdbd99..2cb69929ac 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -190,6 +190,12 @@ jicofo { } {{ end }} + {{ if .Env.JIBRI_SIP_BREWERY_MUC }} + jibri-sip { + brewery-jid = "{{ .Env.JIBRI_SIP_BREWERY_MUC }}" + } + {{ end }} + {{ if and .Env.JIGASI_SIP_URI $JIGASI_BREWERY_MUC }} jigasi { brewery-jid = "{{ $JIGASI_BREWERY_MUC }}@{{ $XMPP_INTERNAL_MUC_DOMAIN }}" From 46b98b5a7a54347cc28d863f179accbf22ca969c Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Wed, 3 Jan 2024 11:51:30 -0600 Subject: [PATCH 45/52] prosody: brewery mode for jvb/jicofo discovery muc * prosody: brewery mode for jvb/jicofo discovery muc * do not include c2s limits in brewery mode --- .../rootfs/defaults/conf.d/brewery.cfg.lua | 36 +++++++++++++++++++ prosody/rootfs/defaults/prosody.cfg.lua | 14 +++++++- .../rules.d/jvb_muc_presence_filter.pfw | 13 +++++++ prosody/rootfs/etc/cont-init.d/10-config | 23 +++++++++++- 4 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 prosody/rootfs/defaults/conf.d/brewery.cfg.lua create mode 100644 prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw diff --git a/prosody/rootfs/defaults/conf.d/brewery.cfg.lua b/prosody/rootfs/defaults/conf.d/brewery.cfg.lua new file mode 100644 index 0000000000..d225cb8ec0 --- /dev/null +++ b/prosody/rootfs/defaults/conf.d/brewery.cfg.lua @@ -0,0 +1,36 @@ +{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}} +{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}} +{{ $SHARD_NAME := .Env.SHARD | default "default" -}} +{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}} +{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} + +admins = { + "focus@{{ $JVB_XMPP_AUTH_DOMAIN }}", + "{{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}" +} + +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } + +VirtualHost "{{ $JVB_XMPP_AUTH_DOMAIN }}" + modules_enabled = { + "ping"; + } + authentication = "internal_hashed" + ssl = { + key = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.key"; + certificate = "/config/certs/{{ $JVB_XMPP_AUTH_DOMAIN }}.crt"; + } + +Component "{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }}" "muc" + modules_enabled = { + "ping", + "muc_hide_all"; + "muc_filter_access"; + } + storage = "memory" + muc_room_cache_size = 10000 + muc_filter_whitelist="{{ $JVB_XMPP_AUTH_DOMAIN }}" + muc_room_locking = false + muc_room_default_public_jids = true + diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index c72a06dec4..77e4512a9f 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -99,7 +99,10 @@ modules_enabled = { --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - + {{ if eq .Env.PROSODY_MODE "brewery" -}} + "firewall"; -- Enable firewalling + "secure_interfaces"; + {{ end -}} {{ if $ENABLE_S2S -}} "s2s_bidi"; "certs_s2soutinjection"; @@ -114,6 +117,13 @@ modules_enabled = { component_ports = { } https_ports = { } + +{{ if eq .Env.PROSODY_MODE "brewery" -}} +firewall_scripts = { + "/config/rules.d/jvb_muc_presence_filter.pfw"; +}; +{{ end -}} + -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { @@ -129,6 +139,7 @@ modules_disabled = { -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; +{{ if ne .Env.PROSODY_MODE "brewery" -}} -- Enable rate limits for incoming client and server connections limits = { {{ if ne $PROSODY_C2S_LIMIT "" }} @@ -142,6 +153,7 @@ limits = { }; {{ end }} } +{{ end -}} --Prosody garbage collector settings --For more information see https://prosody.im/doc/advanced_gc diff --git a/prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw b/prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw new file mode 100644 index 0000000000..2f7713a2d2 --- /dev/null +++ b/prosody/rootfs/defaults/rules.d/jvb_muc_presence_filter.pfw @@ -0,0 +1,13 @@ +{{ $JVB_XMPP_AUTH_DOMAIN := .Env.JVB_XMPP_AUTH_DOMAIN | default "auth.jvb.meet.jitsi" -}} +{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}} +{{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} +{{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} +# Drop all presence from a jvb in a MUC to a jvb +FROM: {{ $JVB_BREWERY_MUC }}@{{ $JVB_XMPP_INTERNAL_MUC_DOMAIN }} +TO: {{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }} +KIND: presence +# Seems safer to allow all "unavailable" to pass +TYPE: available +# Allow self-presence (code=110) +NOT INSPECT: {http://jabber.org/protocol/muc#user}x/status@code=110 +DROP. diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index ce02571577..b55196f4bb 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -29,17 +29,35 @@ fi mkdir /config/certs cp -r /defaults/* /config +[ -z "$PROSODY_MODE" ] && PROSODY_MODE="client" + if [[ "$PROSODY_MODE" == "visitors" ]]; then echo "Prosody visitor mode, using alternate config" PROSODY_SITE_CFG="visitors.cfg.lua" rm /config/conf.d/jitsi-meet.cfg.lua + rm /config/conf.d/brewery.cfg.lua # force jicofo into auth domain for visitor-mode prosody [ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi" export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN" +elif [[ "$PROSODY_MODE" == "brewery" ]]; then + echo "Prosody brewery mode, using alternate config" + PROSODY_SITE_CFG="brewery.cfg.lua" + rm /config/conf.d/jitsi-meet.cfg.lua + rm /config/conf.d/visitors.cfg.lua + # force jicofo into auth domain for brewer prosody + [ -z "$JVB_XMPP_AUTH_DOMAIN" ] && JVB_XMPP_AUTH_DOMAIN="auth.meet.jitsi" + # ensure proper certs are generated + export XMPP_AUTH_DOMAIN="$JVB_XMPP_AUTH_DOMAIN" + # brewery mode requires C2S encryption + export C2S_REQUIRE_ENCRYPTION="true" + + mkdir -p /config/rules.d + tpl /defaults/rules.d/jvb_muc_presence_filter.pfw > /config/rules.d/jvb_muc_presence_filter.pfw else echo "Prosody normal mode, using default config" PROSODY_SITE_CFG="jitsi-meet.cfg.lua" rm /config/conf.d/visitors.cfg.lua + rm /config/conf.d/brewery.cfg.lua fi tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG @@ -60,7 +78,8 @@ fi prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD -if [[ "$PROSODY_MODE" != "visitors" ]]; then +# if we are in client mode, we need to subscribe the focus user to the focus component proxy +if [[ "$PROSODY_MODE" == "client" ]]; then prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN fi @@ -112,6 +131,8 @@ if [[ "$PROSODY_MODE" == "visitors" ]]; then # echo for using all default values echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN fi +elif [[ "$PROSODY_MODE" == "brewery" ]]; then + echo "No need to generate certs for main XMPP domain in brewery mode" else if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then # echo for using all default values From 2915176b2e4c19478a7cbd9ecd1caada4f8171fe Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Wed, 3 Jan 2024 12:36:46 -0600 Subject: [PATCH 46/52] prosody: skip recorder account unless in client mode * prosody: skip recorder account unless in client mode --- prosody/rootfs/etc/cont-init.d/10-config | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index b55196f4bb..2f3b138080 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -105,13 +105,15 @@ if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD fi -if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then - OLD_JIBRI_RECORDER_PASSWORD=passw0rd - if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then - echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' - exit 1 +if [[ "$PROSODY_MODE" == "client" ]]; then + if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then + OLD_JIBRI_RECORDER_PASSWORD=passw0rd + if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then + echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' + exit 1 + fi + prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD fi - prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD fi if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then From 80e4ee6341df077e126c19116b8c83ae6c011fcb Mon Sep 17 00:00:00 2001 From: bgrozev Date: Wed, 3 Jan 2024 16:20:29 -0600 Subject: [PATCH 47/52] Remove unnecessary modules and properties (#1697) * Only enable dialback when s2s is enabled. * Remove vcard, pep, register modules. * Only set smacks properties when xmpp ws is enabled. --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 7 +++++++ prosody/rootfs/defaults/prosody.cfg.lua | 10 +--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index e08787f5e2..5a04b4e3ea 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -117,6 +117,13 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU consider_bosh_secure = true; consider_websocket_secure = true; +{{ if $ENABLE_XMPP_WEBSOCKET }} +smacks_max_unacked_stanzas = 5; +smacks_hibernation_time = 60; +smacks_max_hibernated_sessions = 1; +smacks_max_old_sessions = 1; +{{ end }} + {{ if $ENABLE_JAAS_COMPONENTS }} VirtualHost "jigasi.meet.jitsi" modules_enabled = { diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 77e4512a9f..23f20d9eaf 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -63,12 +63,10 @@ modules_enabled = { "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support "disco"; -- Service discovery -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) - "vcard"; -- Allow users to set vCards "limits"; -- Enable bandwidth limiting for XMPP connections -- These are commented by default as they have a performance impact @@ -80,8 +78,6 @@ modules_enabled = { "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs - "pep"; -- Enables users to publish their mood, activity, playing music and more - "register"; -- Allow users to register on this server using a client and change passwords -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands @@ -104,6 +100,7 @@ modules_enabled = { "secure_interfaces"; {{ end -}} {{ if $ENABLE_S2S -}} + "dialback"; -- s2s dialback support "s2s_bidi"; "certs_s2soutinjection"; "s2sout_override"; @@ -305,9 +302,4 @@ http_interfaces = { "*" } data_path = "/config/data" -smacks_max_unacked_stanzas = 5; -smacks_hibernation_time = 60; -smacks_max_hibernated_sessions = 1; -smacks_max_old_sessions = 1; - Include "conf.d/*.cfg.lua" From e41e4f480d8f8790c05f2d498fa0e5a41f14a1b3 Mon Sep 17 00:00:00 2001 From: bgrozev Date: Thu, 4 Jan 2024 14:59:09 -0600 Subject: [PATCH 48/52] Require tls by default. (#1698) --- prosody/rootfs/defaults/prosody.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 23f20d9eaf..a1ec9ca98f 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -1,4 +1,4 @@ -{{ $C2S_REQUIRE_ENCRYPTION := .Env.PROSODY_C2S_REQUIRE_ENCRYPTION | default "0" | toBool -}} +{{ $C2S_REQUIRE_ENCRYPTION := .Env.PROSODY_C2S_REQUIRE_ENCRYPTION | default "1" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} {{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} From 884560678521d735de77bdb11e78aa206da7004e Mon Sep 17 00:00:00 2001 From: bgrozev Date: Thu, 4 Jan 2024 15:37:18 -0600 Subject: [PATCH 49/52] Move trusted_proxies from visitors to main prosody config file. (#1699) --- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 8 -------- prosody/rootfs/defaults/prosody.cfg.lua | 7 +++++++ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 35fd209bc9..96b4677d87 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -15,8 +15,6 @@ {{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}} {{ $SHARD_NAME := .Env.SHARD | default "default" -}} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}} -{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}} -{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}} {{ $TURN_HOST := .Env.TURN_HOST | default "" -}} {{ $TURN_HOSTS := splitList "," $TURN_HOST -}} {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} @@ -92,12 +90,6 @@ consider_websocket_secure = true; consider_bosh_secure = true; bosh_max_inactivity = 60; -trusted_proxies = { -{{ range $index, $proxy := $TRUSTED_PROXY_LIST }} - "{{ $proxy }}"; -{{ end }} -} - -- this is added to make certs_s2soutinjection work s2sout_override = { ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index a1ec9ca98f..8864b8bdae 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -15,6 +15,8 @@ {{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}} {{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}} {{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}} +{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}} +{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}} {{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}} {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }} {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}} @@ -114,6 +116,11 @@ modules_enabled = { component_ports = { } https_ports = { } +trusted_proxies = { +{{ range $index, $proxy := $TRUSTED_PROXY_LIST }} + "{{ $proxy }}"; +{{ end }} +} {{ if eq .Env.PROSODY_MODE "brewery" -}} firewall_scripts = { From c21a59856237f2c02a88f0e9b3d4b3934a9be229 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Thu, 4 Jan 2024 15:39:36 -0600 Subject: [PATCH 50/52] prosody: visitors config whitespace fix (#1694) --- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 96b4677d87..51520ebe6a 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -129,8 +129,7 @@ VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' {{ if .Env.XMPP_CONFIGURATION -}} {{ join "\n " (splitList "," .Env.XMPP_CONFIGURATION) }} - {{ end -}} - + {{- end }} VirtualHost '{{ $XMPP_AUTH_DOMAIN}}' modules_enabled = { From 7f86006c3f5f8b26e168d5b49fd2608ac06be003 Mon Sep 17 00:00:00 2001 From: Aaron van Meerten Date: Mon, 8 Jan 2024 12:24:53 -0600 Subject: [PATCH 51/52] prosody: remove muc_meeting_id from lobby * prosody: remove muc_meeting_id from lobby --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 5a04b4e3ea..a711318d86 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -413,7 +413,6 @@ Component "lobby.{{ $XMPP_DOMAIN }}" "muc" muc_room_locking = false muc_room_default_public_jids = true modules_enabled = { - "muc_meeting_id"; {{ if $ENABLE_RATE_LIMITS -}} "muc_rate_limit"; {{ end -}} From 5093efb4bbe644ba3ea64aa251400bd31ad66d6d Mon Sep 17 00:00:00 2001 From: Jaya Allamsetty Date: Wed, 10 Jan 2024 14:58:17 -0500 Subject: [PATCH 52/52] feat: Add testing flag for Av1 --- docker-compose.yml | 1 + web/rootfs/defaults/settings-config.js | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index aca3853a17..58c2723c8f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -135,6 +135,7 @@ services: - START_WITH_AUDIO_MUTED - START_VIDEO_MUTED - START_WITH_VIDEO_MUTED + - TESTING_AV1_SUPPORT - TOKEN_AUTH_URL - TOOLBAR_BUTTONS - TRANSLATION_LANGUAGES diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index cd861c0e56..bb9b903eed 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -67,6 +67,7 @@ {{ $ROOM_PASSWORD_DIGITS := .Env.ROOM_PASSWORD_DIGITS | default "false" -}} {{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL := .Env.WHITEBOARD_COLLAB_SERVER_PUBLIC_URL | default "" -}} {{ $WHITEBOARD_ENABLED := .Env.WHITEBOARD_ENABLED | default "false" | toBool -}} +{{ $TESTING_AV1_SUPPORT := .Env.TESTING_AV1_SUPPORT | default "false" | toBool -}} // Video configuration. // @@ -477,3 +478,7 @@ config.e2eping.maxMessagePerSecond = {{ .Env.E2EPING_MAX_MESSAGE_PER_SECOND }}; if (!config.hasOwnProperty('whiteboard')) config.whiteboard = {}; config.whiteboard.enabled = {{ $WHITEBOARD_ENABLED }}; config.whiteboard.collabServerBaseUrl = '{{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL }}'; + +// Testing +if (!config.hasOwnProperty('testing')) config.testing = {}; +config.testing.enableAv1Support = {{ $TESTING_AV1_SUPPORT }};