diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..c6f7318d2f --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,84 @@ +name: CI Test Build + +on: + pull_request: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + driver: docker + + - name: Build base + uses: docker/build-push-action@v2 + with: + context: ./base + load: true + tags: | + jitsi/base:latest + build-args: | + JITSI_RELEASE=unstable + + - name: Build base-java + uses: docker/build-push-action@v2 + with: + context: ./base-java + load: true + tags: | + jitsi/base-java:latest + + - name: Build jibri + uses: docker/build-push-action@v2 + with: + context: ./jibri + load: true + tags: | + jitsi/jibri:latest + + - name: Build jicofo + uses: docker/build-push-action@v2 + with: + context: ./jicofo + load: true + tags: | + jitsi/jicofo:latest + + - name: Build jigasi + uses: docker/build-push-action@v2 + with: + context: ./jigasi + load: true + tags: | + jitsi/jigasi:latest + + - name: Build jvb + uses: docker/build-push-action@v2 + with: + context: ./jvb + load: true + tags: | + jitsi/jvb:latest + + - name: Build prosody + uses: docker/build-push-action@v2 + with: + context: ./prosody + load: true + tags: | + jitsi/prosody:latest + + - name: Build web + uses: docker/build-push-action@v2 + with: + context: ./web + load: true + tags: | + jitsi/web:latest diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml index db54d1d97c..3dbad53e97 100644 --- a/.github/workflows/unstable.yml +++ b/.github/workflows/unstable.yml @@ -1,7 +1,6 @@ name: Unstable Build on: - pull_request: schedule: - cron: "0 6 * * *" workflow_dispatch: @@ -70,13 +69,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./base @@ -88,19 +85,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./base - tags: | - jitsi/base:${{ needs.version.outputs.base }} - jitsi/base:${{ needs.version.outputs.date }} - build-args: | - JITSI_RELEASE=unstable - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max base-java: runs-on: ubuntu-latest @@ -116,13 +100,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./base-java @@ -135,20 +117,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./base-java - tags: | - jitsi/base-java:${{ needs.version.outputs.base }} - jitsi/base-java:${{ needs.version.outputs.date }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max jibri: runs-on: ubuntu-latest @@ -164,13 +132,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./jibri @@ -184,21 +150,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./jibri - tags: | - jitsi/jibri:${{ needs.version.outputs.base }} - jitsi/jibri:${{ needs.version.outputs.date }} - jitsi/jibri:${{ needs.version.outputs.jibri_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max jicofo: runs-on: ubuntu-latest @@ -214,13 +165,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./jicofo @@ -234,21 +183,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./jicofo - tags: | - jitsi/jicofo:${{ needs.version.outputs.base }} - jitsi/jicofo:${{ needs.version.outputs.date }} - jitsi/jicofo:${{ needs.version.outputs.jicofo_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max jigasi: runs-on: ubuntu-latest @@ -264,13 +198,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./jigasi @@ -284,21 +216,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./jigasi - tags: | - jitsi/jigasi:${{ needs.version.outputs.base }} - jitsi/jigasi:${{ needs.version.outputs.date }} - jitsi/jigasi:${{ needs.version.outputs.jigasi_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max jvb: runs-on: ubuntu-latest @@ -314,13 +231,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./jvb @@ -334,21 +249,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./jvb - tags: | - jitsi/jvb:${{ needs.version.outputs.base }} - jitsi/jvb:${{ needs.version.outputs.date }} - jitsi/jvb:${{ needs.version.outputs.jvb_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max prosody: runs-on: ubuntu-latest @@ -364,13 +264,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./prosody @@ -384,21 +282,6 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./prosody - tags: | - jitsi/prosody:${{ needs.version.outputs.base }} - jitsi/prosody:${{ needs.version.outputs.date }} - jitsi/prosody:${{ needs.version.outputs.prosody_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max web: runs-on: ubuntu-latest @@ -414,13 +297,11 @@ jobs: uses: docker/setup-buildx-action@v1 - name: Login to DockerHub uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 - if: ${{ github.event_name != 'pull_request' }} with: push: true context: ./web @@ -434,18 +315,3 @@ jobs: platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max - - name: Dryrun - uses: docker/build-push-action@v2 - if: ${{ github.event_name == 'pull_request' }} - with: - context: ./web - tags: | - jitsi/web:${{ needs.version.outputs.base }} - jitsi/web:${{ needs.version.outputs.date }} - jitsi/web:${{ needs.version.outputs.web_version }} - build-args: | - JITSI_REPO=jitsi - BASE_TAG=${{ needs.version.outputs.base }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b6dc6d6c2..d0b54b1d66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,43 @@ +## stable-8922-1 + +Based on stable release 8922-1. + +* b3abfc0 ci: split unstable build and test workflows (#1601) +* 603d461 jibri: adapt to new ChromeDriver zip file structure +* a76b1f4 jibri: simplify ChromeDriver download +* fd1c308 jibri: fix new ChromeDriver API endpoints +* 2c0a793 jibri: update Chrome to 116 +* 916bccb jibri: autoscaler sidecar tuning parameters +* 6e59319 misc: working on unstable + +## stable-8922 + +Based on stable release 8922. + +* 1cbb8f8 prosody: add hybrid_matrix_token as a new authentication method +* b5b8ea2 jigasi: add toggle to enable REST shutdown +* 6bb2455 jibri: add extra fonts +* 497015b jicofo: add JICOFO_AUTH_LIFETIME as environment variable +* f18acb4 jicofo, prosody: allow to set different AUTH_TYPE +* dc1994a jicofo: remove shibboleth authentication options +* 58d4736 misc: working on unstable + +## stable-8719 + +Based on stable release 8719. + +* 6f72293 jibri: bump Chrome version +* 94c7060 jibri: params to override statsd host and port +* 0569bce jibri: add autoscaler-sidecar service support (#1562) +* 57a7c22 jicofo: add ability to disable auth +* a41578c prosody: update the comma logic while listing TURNs +* 9776714 prosody: allow multiple TURN (#1559) +* ce59d1e jibri: upgrade chrome to 113 (#1555) +* c2f01f3 web: update livestreaming settings according to new config.js +* e4c8c2a jibri: pre-warm chrome first before starting jibri (#1549) +* 809f63c compose: add ability to configure the Jicofo REST port in the host +* b81bd5c misc: working on unstable + ## stable-8615 Based on stable release 8615. diff --git a/docker-compose.yml b/docker-compose.yml index eb23639005..5d668b2036 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -74,6 +74,10 @@ services: - ENABLE_WELCOME_PAGE - ENABLE_CLOSE_PAGE - ENABLE_LIVESTREAMING + - ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK + - ENABLE_LIVESTREAMING_HELP_LINK + - ENABLE_LIVESTREAMING_TERMS_LINK + - ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING - ENABLE_LOCAL_RECORDING_NOTIFY_ALL_PARTICIPANT - ENABLE_LOCAL_RECORDING_SELF_START - ENABLE_RECORDING @@ -157,7 +161,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -225,6 +229,7 @@ services: - LDAP_URL - LDAP_USE_TLS - MAX_PARTICIPANTS + - PROSODY_AUTH_TYPE - PROSODY_RESERVATION_ENABLED - PROSODY_RESERVATION_REST_BASE_URL - PROSODY_ENABLE_RATE_LIMITS @@ -259,10 +264,10 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} ports: - - '127.0.0.1:8888:8888' + - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' volumes: - ${CONFIG}/jicofo:/config:Z environment: @@ -280,8 +285,11 @@ services: - ENABLE_RECORDING - ENABLE_SCTP - ENABLE_AUTO_LOGIN + - JICOFO_AUTH_LIFETIME - JICOFO_AUTH_PASSWORD + - JICOFO_AUTH_TYPE - JICOFO_BRIDGE_REGION_GROUPS + - JICOFO_ENABLE_AUTH - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS - JICOFO_CONF_INITIAL_PARTICIPANT_WAIT_TIMEOUT - JICOFO_CONF_SINGLE_PARTICIPANT_TIMEOUT @@ -326,7 +334,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index b7fae2d246..dd62d1a0cd 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z @@ -11,11 +11,22 @@ services: - SYS_ADMIN environment: - ALL_MUTED_TIMEOUT + - AUTOSCALER_SIDECAR_KEY_FILE + - AUTOSCALER_SIDECAR_KEY_ID + - AUTOSCALER_SIDECAR_GROUP_NAME + - AUTOSCALER_SIDECAR_HOST_ID + - AUTOSCALER_SIDECAR_INSTANCE_ID + - AUTOSCALER_SIDECAR_PORT + - AUTOSCALER_SIDECAR_REGION + - AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL + - AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL + - AUTOSCALER_URL - CHROMIUM_FLAGS - DEFAULT_CALL_EMPTY_TIMEOUT - DISPLAY=:0 - ENABLE_STATS_D - ICE_CONNECTION_TIMEOUT + - JIBRI_WEBHOOK_SUBSCRIBERS - JIBRI_HTTP_API_EXTERNAL_PORT - JIBRI_HTTP_API_INTERNAL_PORT - JIBRI_RECORDING_RESOLUTION @@ -28,6 +39,9 @@ services: - JIBRI_RECORDING_DIR - JIBRI_FINALIZE_RECORDING_SCRIPT_PATH - JIBRI_STRIP_DOMAIN_JID + - JIBRI_STATSD_HOST + - JIBRI_STATSD_PORT + - LOCAL_ADDRESS - NO_MEDIA_TIMEOUT - PUBLIC_URL - TZ diff --git a/jibri/Dockerfile b/jibri/Dockerfile index 498a2d0da2..52f8698cba 100644 --- a/jibri/Dockerfile +++ b/jibri/Dockerfile @@ -11,14 +11,13 @@ LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" ARG TARGETPLATFORM ARG USE_CHROMIUM=0 #ARG CHROME_RELEASE=latest -#ARG CHROMEDRIVER_MAJOR_RELEASE=latest -ARG CHROME_RELEASE=112.0.5615.49 -ARG CHROMEDRIVER_MAJOR_RELEASE=112 +# https://googlechromelabs.github.io/chrome-for-testing/ +ARG CHROME_RELEASE=116.0.5845.96 COPY rootfs/ / RUN apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" jibri libgl1-mesa-dri procps jitsi-upload-integrations jq pulseaudio dbus dbus-x11 rtkit unzip && \ + apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" jibri libgl1-mesa-dri procps jitsi-upload-integrations jitsi-autoscaler-sidecar jq pulseaudio dbus dbus-x11 rtkit unzip fonts-noto && \ /usr/bin/install-chrome.sh && \ apt-cleanup && \ adduser jibri rtkit diff --git a/jibri/rootfs/defaults/autoscaler-sidecar.config b/jibri/rootfs/defaults/autoscaler-sidecar.config new file mode 100644 index 0000000000..70d14ee706 --- /dev/null +++ b/jibri/rootfs/defaults/autoscaler-sidecar.config @@ -0,0 +1,18 @@ +{{ $JIBRI_HTTP_API_EXTERNAL_PORT := .Env.JIBRI_HTTP_API_EXTERNAL_PORT | default "2222" -}} +{{ $SHUTDOWN_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_SHUTDOWN_POLLING_INTERVAL | default "60" -}} +{{ $STATS_POLLING_INTERVAL := .Env.AUTOSCALER_SIDECAR_STATS_POLLING_INTERVAL | default "30" -}} +export SHUTDOWN_POLLING_INTERVAL={{ $SHUTDOWN_POLLING_INTERVAL }} +export STATS_POLLING_INTERVAL={{ $STATS_POLLING_INTERVAL }} +export PORT={{ .Env.AUTOSCALER_SIDECAR_PORT }} +export GRACEFUL_SHUTDOWN_SCRIPT="/opt/jitsi/jibri/wait_graceful_shutdown.sh" +export TERMINATE_SCRIPT="/opt/jitsi/jibri/shutdown.sh" +export ENABLE_REPORT_STATS=true +export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" +export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export STATS_RETRIEVE_URL="http://localhost:{{ $JIBRI_HTTP_API_EXTERNAL_PORT }}/jibri/api/v1.0/health" +export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" +export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" +export ASAP_JWT_KID="{{ .Env.AUTOSCALER_SIDECAR_KEY_ID }}" +export INSTANCE_TYPE="jibri" +export INSTANCE_ID="{{ .Env.AUTOSCALER_SIDECAR_INSTANCE_ID }}" +export INSTANCE_METADATA='{"environment":"{{ .Env.XMPP_ENV_NAME }}","region":"{{ .Env.AUTOSCALER_SIDECAR_REGION }}","group":"{{ .Env.AUTOSCALER_SIDECAR_GROUP_NAME }}","name":"{{ .Env.JIBRI_INSTANCE_ID }}","version":"{{ .Env.JIBRI_VERSION }}","privateIp":"{{ .Env.LOCAL_ADDRESS }}","hostId":"{{ .Env.AUTOSCALER_SIDECAR_HOST_ID }}"}' diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index ff04a1fa93..07eb4eb01a 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -15,6 +15,8 @@ {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} +{{ $STATSD_HOST := .Env.JIBRI_STATSD_HOST | default "localhost" -}} +{{ $STATSD_PORT := .Env.JIBRI_STATSD_PORT | default "8125" -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -106,7 +108,10 @@ jibri { finalize-script = "{{ .Env.JIBRI_FINALIZE_RECORDING_SCRIPT_PATH }}" {{ end -}} } - +{{ if .Env.JIBRI_WEBHOOK_SUBSCRIBERS -}} + webhook { + subscribers = [{{ range $index, $element := splitList "," .Env.JIBRI_WEBHOOK_SUBSCRIBERS }}{{ if gt $index 0}},{{ end }}"{{ $element }}"{{ end }}] + }{{ end }} ffmpeg { resolution = "{{ $JIBRI_RECORDING_RESOLUTION }}" // The audio source that will be used to capture audio on Linux @@ -127,6 +132,8 @@ jibri { {{ if .Env.ENABLE_STATS_D -}} stats { enable-stats-d = {{ .Env.ENABLE_STATS_D }} + host = "{{ $STATSD_HOST }}" + port = {{ $STATSD_PORT }} } {{ end -}} diff --git a/jibri/rootfs/etc/cont-init.d/10-config b/jibri/rootfs/etc/cont-init.d/10-config index 2cf1522803..a90c673b15 100644 --- a/jibri/rootfs/etc/cont-init.d/10-config +++ b/jibri/rootfs/etc/cont-init.d/10-config @@ -30,6 +30,37 @@ fi # set random jibri nickname for the instance if is not set [ -z "${JIBRI_INSTANCE_ID}" ] && export JIBRI_INSTANCE_ID="jibri-$(date +%N)" +# check for AUTOSCALER_URL, AUTOSCALER_SIDECAR_KEY_FILE and AUTOSCALER_SIDECAR_KEY_ID as indicator that sidecar should be enabled +if [ -n "$AUTOSCALER_URL" ]; then + if [ -z "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + export AUTOSCALER_SIDECAR_KEY_FILE="/etc/jitsi/autoscaler-sidecar/asap.pem" + fi + if [ -z "$AUTOSCALER_SIDECAR_KEY_ID" ]; then + # assume key id is equal to the base real path of the key file minus .pem + export AUTOSCALER_SIDECAR_KEY_ID="$(basename "$(realpath "$AUTOSCALER_SIDECAR_KEY_FILE")" | tr -d '.pem')" + fi + + if [ -f "$AUTOSCALER_SIDECAR_KEY_FILE" ]; then + echo "AUTOSCALER_URL found, enabling autoscaler sidecar" + + export JIBRI_VERSION="$(dpkg -s jibri | grep Version | awk '{print $2}' | sed 's/..$//')" + + [ -z "$AUTOSCALER_SIDECAR_PORT" ] && export AUTOSCALER_SIDECAR_PORT="6000" + [ -z "$JIBRI_WEBHOOK_SUBSCRIBERS" ] && export JIBRI_WEBHOOK_SUBSCRIBERS="http://localhost:$AUTOSCALER_SIDECAR_PORT/hook" + [ -z "$AUTOSCALER_SIDECAR_INSTANCE_ID" ] && export AUTOSCALER_SIDECAR_INSTANCE_ID="$JIBRI_INSTANCE_ID" + [ -z "$AUTOSCALER_SIDECAR_REGION" ] && export AUTOSCALER_SIDECAR_REGION="docker" + [ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jibri" + [ -z "$LOCAL_ADDRESS" ] && export LOCAL_ADDRESS="$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1 '})" + + mkdir -p /etc/jitsi/autoscaler-sidecar + tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config + else + echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled" + fi +else + echo "No AUTOSCALER_URL defined, leaving autoscaler sidecar disabled" +fi + # always recreate configs tpl /defaults/jibri.conf > /etc/jitsi/jibri/jibri.conf tpl /defaults/logging.properties > /etc/jitsi/jibri/logging.properties diff --git a/jibri/rootfs/etc/services.d/40-jibri/run b/jibri/rootfs/etc/services.d/40-jibri/run index f939caab70..1a730fc6fd 100644 --- a/jibri/rootfs/etc/services.d/40-jibri/run +++ b/jibri/rootfs/etc/services.d/40-jibri/run @@ -4,4 +4,6 @@ HOME=/home/jibri DAEMON=/opt/jitsi/jibri/launch.sh -exec s6-setuidgid jibri /bin/bash -c "/usr/bin/first-start-chrome.sh && exec $DAEMON" +# pre-warm google chrome before jibri launches to ensure fast chrome launch during recordings +s6-setuidgid jibri /usr/bin/google-chrome --timeout=1000 --headless about:blank +exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON" diff --git a/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run b/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run new file mode 100644 index 0000000000..22f775088e --- /dev/null +++ b/jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash + +if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then + DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js" + exec s6-setuidgid autoscaler-sidecar /bin/bash -c ". /etc/jitsi/autoscaler-sidecar/config && exec $DAEMON" +else + # if autoscaler-sidecar should not be started, + # prevent s6 from restarting this script again and again + s6-svc -O /var/run/s6/services/50-autoscaler-sidecar +fi diff --git a/jibri/rootfs/usr/bin/first-start-chrome.sh b/jibri/rootfs/usr/bin/first-start-chrome.sh deleted file mode 100755 index dd86acc9a8..0000000000 --- a/jibri/rootfs/usr/bin/first-start-chrome.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -o pipefail -xeu - -google-chrome "${PUBLIC_URL:-https://google.com}" & -PID=$! -sleep 10 -kill $PID diff --git a/jibri/rootfs/usr/bin/install-chrome.sh b/jibri/rootfs/usr/bin/install-chrome.sh index 5f10aeb3c3..8a291108f0 100755 --- a/jibri/rootfs/usr/bin/install-chrome.sh +++ b/jibri/rootfs/usr/bin/install-chrome.sh @@ -21,16 +21,19 @@ else google-chrome --version - if [ "${CHROMEDRIVER_MAJOR_RELEASE}" = "latest" ]; then - CHROMEDRIVER_RELEASE="$(curl -4Ls https://chromedriver.storage.googleapis.com/LATEST_RELEASE)" + BASE_URL=https://googlechromelabs.github.io/chrome-for-testing + + if [ "${CHROME_RELEASE}" = "latest" ]; then + CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_STABLE)" else - CHROMEDRIVER_RELEASE="$(curl -4Ls https://chromedriver.storage.googleapis.com/LATEST_RELEASE_${CHROMEDRIVER_MAJOR_RELEASE})" + CHROMEDRIVER_MAJOR_RELEASE=$(echo $CHROME_RELEASE | cut -d. -f1) + CHROMEDRIVER_RELEASE="$(curl -4Ls ${BASE_URL}/LATEST_RELEASE_${CHROMEDRIVER_MAJOR_RELEASE})" fi CHROMEDRIVER_ZIP="/tmp/chromedriver_linux64.zip" - curl -4Lso ${CHROMEDRIVER_ZIP} "https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_RELEASE}/chromedriver_linux64.zip" - unzip ${CHROMEDRIVER_ZIP} -d /tmp/chromedriver - mv /tmp/chromedriver/chromedriver /usr/bin/ + curl -4Lso ${CHROMEDRIVER_ZIP} "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/${CHROMEDRIVER_RELEASE}/linux64/chromedriver-linux64.zip" + unzip ${CHROMEDRIVER_ZIP} -d /tmp/ + mv /tmp/chromedriver-linux64/chromedriver /usr/bin/ chmod +x /usr/bin/chromedriver rm -rf /tmp/chromedriver* fi diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 6f508c50d5..eb4d9115c4 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -1,12 +1,15 @@ -{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} -{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool }} -{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} -{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} -{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool }} -{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool }} -{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool }} -{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool }} -{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool }} +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" -}} +{{ $JICOFO_ENABLE_AUTH := .Env.JICOFO_ENABLE_AUTH | default $ENABLE_AUTH | toBool -}} +{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} +{{ $JICOFO_AUTH_TYPE := .Env.JICOFO_AUTH_TYPE | default $AUTH_TYPE -}} +{{ $JICOFO_AUTH_LIFETIME := .Env.JICOFO_AUTH_LIFETIME | default "24 hours" -}} +{{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}} +{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}} +{{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} +{{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}} +{{ $ENABLE_REST := .Env.JICOFO_ENABLE_REST | default "0" | toBool -}} +{{ $ENABLE_JVB_XMPP_SERVER := .Env.ENABLE_JVB_XMPP_SERVER | default "0" | toBool -}} +{{ $HEALTH_CHECKS_USE_PRESENCE := .Env.JICOFO_HEALTH_CHECKS_USE_PRESENCE | default "0" | toBool -}} {{ $JIBRI_BREWERY_MUC := .Env.JIBRI_BREWERY_MUC | default "jibribrewery" -}} {{ $JIGASI_BREWERY_MUC := .Env.JIGASI_BREWERY_MUC | default "jigasibrewery" -}} {{ $JVB_BREWERY_MUC := .Env.JVB_BREWERY_MUC | default "jvbbrewery" -}} @@ -25,24 +28,18 @@ {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} jicofo { - {{ if $ENABLE_AUTH }} + {{ if $JICOFO_ENABLE_AUTH }} authentication { enabled = true - // The type of authentication. Supported values are XMPP, JWT or SHIBBOLETH (default). - {{ if eq $AUTH_TYPE "jwt" }} + // The type of authentication. Supported values are XMPP or JWT. + {{ if eq $JICOFO_AUTH_TYPE "jwt" }} type = JWT - {{ else if eq $AUTH_TYPE "shibboleth" }} - type = SHIBBOLETH {{ else }} type = XMPP {{ end }} - {{ if eq $AUTH_TYPE "shibboleth" }} - login-url = "shibboleth:default" - logout-url = "shibboleth:default" - {{ else }} login-url = "{{ $XMPP_DOMAIN }}" - {{ end }} - enable-auto-login={{ $ENABLE_AUTO_LOGIN }} + enable-auto-login = {{ $ENABLE_AUTO_LOGIN }} + authentication-lifetime = {{ $JICOFO_AUTH_LIFETIME }} } {{ end }} diff --git a/jigasi.yml b/jigasi.yml index 38f63f79e8..1744d07e83 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-8615} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-8922-1} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' @@ -47,6 +47,7 @@ services: - GC_CLIENT_EMAIL - GC_CLIENT_ID - GC_CLIENT_CERT_URL + - SHUTDOWN_REST_ENABLED - SENTRY_DSN="${JIGASI_SENTRY_DSN:-0}" - SENTRY_ENVIRONMENT - SENTRY_RELEASE diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index ce0eb74b27..a13e49bc97 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -8,6 +8,7 @@ {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} +{{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}} {{ $DISABLE_SIP := .Env.JIGASI_DISABLE_SIP | default "false" | toBool -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $ENV := .Env -}} @@ -20,6 +21,9 @@ net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10 # Disables packet logging net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=false +# Control REST Shutdown +org.jitsi.jigasi.ENABLE_REST_SHUTDOWN={{ $SHUTDOWN_REST_ENABLED }} + # SIP account net.java.sip.communicator.impl.protocol.sip.acc1=acc1 {{ if .Env.JIGASI_SIP_SERVER }} diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 9d6d3b78b1..762c4f2878 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -27,6 +27,7 @@ LABEL org.opencontainers.image.url="https://prosody.im/" LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet" LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" +ARG VERSION_JITSI_CONTRIB_PROSODY_PLUGINS="20230803" ARG VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN="1.8.0" RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody-debian-packages.key && \ @@ -59,7 +60,12 @@ RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody tar -xf v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz && \ mv prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN/mod_auth_matrix_user_verification.lua /prosody-plugins && \ mv prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN/mod_matrix_power_sync.lua /prosody-plugins && \ - rm -rf prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz + rm -rf prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz && \ + wget -q https://github.com/jitsi-contrib/prosody-plugins/archive/refs/tags/v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz && \ + tar -xf v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz && \ + mv prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/auth_hybrid_matrix_token/mod_auth_hybrid_matrix_token.lua /prosody-plugins && \ + mv prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/auth_hybrid_matrix_token/mod_matrix_affiliation.lua /prosody-plugins && \ + rm -rf prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz COPY rootfs/ / diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index f872119d93..c7ac94aa06 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -1,48 +1,53 @@ -{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} -{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool)}} -{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool }} -{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} +{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}} +{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} +{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}} +{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}} +{{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}} {{ $JIBRI_XMPP_USER := .Env.JIBRI_XMPP_USER | default "jibri" -}} {{ $JIGASI_XMPP_USER := .Env.JIGASI_XMPP_USER | default "jigasi" -}} {{ $JVB_AUTH_USER := .Env.JVB_AUTH_USER | default "jvb" -}} -{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }} -{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }} -{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }} +{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" -}} +{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool -}} +{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" -}} {{ $JWT_ENABLE_DOMAIN_VERIFICATION := .Env.JWT_ENABLE_DOMAIN_VERIFICATION | default "false" | toBool -}} -{{ $MATRIX_UVS_ISSUER := .Env.MATRIX_UVS_ISSUER | default "issuer" }} -{{ $MATRIX_UVS_SYNC_POWER_LEVELS := .Env.MATRIX_UVS_SYNC_POWER_LEVELS | default "0" | toBool }} -{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }} -{{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "true" | toBool }} -{{ $ENABLE_AV_MODERATION := .Env.ENABLE_AV_MODERATION | default "true" | toBool }} -{{ $ENABLE_BREAKOUT_ROOMS := .Env.ENABLE_BREAKOUT_ROOMS | default "true" | toBool }} -{{ $ENABLE_END_CONFERENCE := .Env.ENABLE_END_CONFERENCE | default "true" | toBool }} -{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool }} -{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool }} -{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool }} +{{ $MATRIX_UVS_ISSUER := .Env.MATRIX_UVS_ISSUER | default "issuer" -}} +{{ $MATRIX_UVS_SYNC_POWER_LEVELS := .Env.MATRIX_UVS_SYNC_POWER_LEVELS | default "0" | toBool -}} +{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" -}} +{{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "true" | toBool -}} +{{ $ENABLE_AV_MODERATION := .Env.ENABLE_AV_MODERATION | default "true" | toBool -}} +{{ $ENABLE_BREAKOUT_ROOMS := .Env.ENABLE_BREAKOUT_ROOMS | default "true" | toBool -}} +{{ $ENABLE_END_CONFERENCE := .Env.ENABLE_END_CONFERENCE | default "true" | toBool -}} +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} +{{ $ENABLE_JAAS_COMPONENTS := .Env.ENABLE_JAAS_COMPONENTS | default "0" | toBool -}} +{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}} {{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} {{ $PUBLIC_URL_DOMAIN := $PUBLIC_URL | trimPrefix "https://" | trimSuffix "/" -}} -{{ $TURN_PORT := .Env.TURN_PORT | default "443" }} -{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" }} +{{ $TURN_HOST := .Env.TURN_HOST | default "" -}} +{{ $TURN_HOSTS := splitList "," $TURN_HOST -}} +{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} {{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}} {{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}} +{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}} +{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}} +{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}} {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}} {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} -{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} {{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} {{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} -{{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool }} -{{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" }} -{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" }} -{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" }} -{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" }} -{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" }} -{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" }} +{{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool -}} +{{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" -}} +{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}} +{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}} +{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}} +{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}} +{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}} {{ $ENV := .Env -}} admins = { @@ -70,34 +75,35 @@ muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; http_default_host = "{{ $XMPP_DOMAIN }}" -{{ if .Env.TURN_CREDENTIALS }} +{{ if .Env.TURN_CREDENTIALS -}} external_service_secret = "{{.Env.TURN_CREDENTIALS}}"; -{{ end }} +{{- end }} -{{ if or .Env.TURN_HOST .Env.TURNS_HOST }} +{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}} external_services = { - {{ if .Env.TURN_HOST }} - {{ range $index, $transport := $TURN_TRANSPORTS }} - {{ if gt $index 0 }} - , - {{ end }} - { type = "turn", host = "{{ $ENV.TURN_HOST }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } - {{ end }} - {{ end }} - {{ if and .Env.TURN_HOST .Env.TURNS_HOST }} - , - {{ end }} - {{ if .Env.TURNS_HOST }} - { type = "turns", host = "{{ .Env.TURNS_HOST }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } - {{ end }} + {{ if $TURN_HOST -}} + {{- range $idx1, $host := $TURN_HOSTS -}} + {{- range $idx2, $transport := $TURN_TRANSPORTS -}} + {{- if or $idx1 $idx2 -}},{{- end }} + { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if $TURNS_HOST -}} + {{- range $idx, $host := $TURNS_HOSTS -}} + {{- if or $TURN_HOST $idx -}},{{- end }} + { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + {{- end }} + {{- end }} }; -{{ end }} +{{- end }} -{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} +{{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) .Env.JWT_ACCEPTED_ISSUERS }} asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } {{ end }} -{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }} +{{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) .Env.JWT_ACCEPTED_AUDIENCES }} asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } {{ end }} @@ -120,7 +126,7 @@ VirtualHost "jigasi.meet.jitsi" VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} - {{ if eq $AUTH_TYPE "jwt" }} + {{ if eq $PROSODY_AUTH_TYPE "jwt" }} authentication = "{{ $JWT_AUTH_TYPE }}" app_id = "{{ .Env.JWT_APP_ID }}" app_secret = "{{ .Env.JWT_APP_SECRET }}" @@ -129,19 +135,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}" asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}" {{ end }} enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }} - {{ else if eq $AUTH_TYPE "ldap" }} + {{ else if eq $PROSODY_AUTH_TYPE "ldap" }} authentication = "cyrus" cyrus_application_name = "xmpp" allow_unencrypted_plain_auth = true - -- AUTH_TYPE of uvs is deprecated now that AUTH_TYPE of matrix is upstream - {{ else if eq $AUTH_TYPE "uvs" }} + -- PROSODY_AUTH_TYPE of uvs is deprecated now that PROSODY_AUTH_TYPE of matrix is upstream + {{ else if eq $PROSODY_AUTH_TYPE "uvs" }} authentication = "matrix_user_verification" app_id="{{ .Env.PUBLIC_URL }}" -- Base URL to the matrix user verification service (without ending slash) uvs_base_url = "{{ .Env.UVS_URL }}" uvs_auth_token = "{{ .Env.UVS_AUTH_TOKEN }}" uvs_sync_power_levels = {{ .Env.UVS_SYNC_POWER_LEVELS | default "false" }} - {{ else if eq $AUTH_TYPE "matrix" }} + {{ else if eq $PROSODY_AUTH_TYPE "matrix" }} authentication = "matrix_user_verification" app_id = "{{ $MATRIX_UVS_ISSUER }}" uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}" @@ -151,7 +157,21 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $MATRIX_UVS_SYNC_POWER_LEVELS }} uvs_sync_power_levels = true {{ end }} - {{ else if eq $AUTH_TYPE "internal" }} + {{ else if eq $PROSODY_AUTH_TYPE "hybrid_matrix_token" }} + authentication = "hybrid_matrix_token" + app_id = "{{ .Env.JWT_APP_ID }}" + app_secret = "{{ .Env.JWT_APP_SECRET }}" + allow_empty_token = {{ $JWT_ALLOW_EMPTY }} + enable_domain_verification = {{ $JWT_ENABLE_DOMAIN_VERIFICATION }} + + uvs_base_url = "{{ .Env.MATRIX_UVS_URL }}" + {{ if .Env.MATRIX_UVS_ISSUER }} + uvs_issuer = "{{ .Env.MATRIX_UVS_ISSUER }}" + {{ end }} + {{ if .Env.MATRIX_UVS_AUTH_TOKEN }} + uvs_auth_token = "{{ .Env.MATRIX_UVS_AUTH_TOKEN }}" + {{ end }} + {{ else if eq $PROSODY_AUTH_TYPE "internal" }} authentication = "internal_hashed" {{ end }} {{ else }} @@ -190,7 +210,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if .Env.XMPP_MODULES }} "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; {{ end }} - {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }} + {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "ldap") }} "auth_cyrus"; {{end}} {{ if $PROSODY_RESERVATION_ENABLED }} @@ -273,16 +293,19 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" {{ if .Env.XMPP_MUC_MODULES -}} "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; {{ end -}} - {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") -}} + {{ if and $ENABLE_AUTH (or (eq $PROSODY_AUTH_TYPE "jwt") (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token")) -}} "{{ $JWT_TOKEN_AUTH_MODULE }}"; {{ end }} - {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}} + {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "matrix") $MATRIX_UVS_SYNC_POWER_LEVELS -}} "matrix_power_sync"; {{ end -}} - -- AUTH_TYPE of uvs is deprecated now that AUTH_TYPE of matrix is upstream - {{ if and (and $ENABLE_AUTH (eq $AUTH_TYPE "uvs")) (eq ($.Env.UVS_SYNC_POWER_LEVELS | default "false") "true") }} + -- PROSODY_AUTH_TYPE of uvs is deprecated now that PROSODY_AUTH_TYPE of matrix is upstream + {{ if and (and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "uvs")) (eq ($.Env.UVS_SYNC_POWER_LEVELS | default "false") "true") }} "matrix_power_sync"; {{end}} + {{ if and $ENABLE_AUTH (eq $PROSODY_AUTH_TYPE "hybrid_matrix_token") $MATRIX_UVS_SYNC_POWER_LEVELS -}} + "matrix_affiliation"; + {{ end -}} {{ if not $DISABLE_POLLS -}} "polls"; {{ end -}} diff --git a/prosody/rootfs/defaults/saslauthd.conf b/prosody/rootfs/defaults/saslauthd.conf index 543b5eb9e1..79cdc0ad61 100644 --- a/prosody/rootfs/defaults/saslauthd.conf +++ b/prosody/rootfs/defaults/saslauthd.conf @@ -1,6 +1,8 @@ +{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}} +{{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE }} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} -{{ if eq (.Env.AUTH_TYPE | default "internal") "ldap" }} +{{ if eq $PROSODY_AUTH_TYPE "ldap" }} ldap_servers: {{ .Env.LDAP_URL }} ldap_search_base: {{ .Env.LDAP_BASE }} {{ if .Env.LDAP_BINDDN | default "" }} diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 62d3dfbb1c..5151b84978 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -13,6 +13,10 @@ {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "false" | toBool -}} {{ $ENABLE_SERVICE_RECORDING := .Env.ENABLE_SERVICE_RECORDING | default ($ENABLE_RECORDING | printf "%t") | toBool -}} {{ $ENABLE_LIVESTREAMING := .Env.ENABLE_LIVESTREAMING | default "false" | toBool -}} +{{ $ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK := .Env.ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK | default "https://policies.google.com/privacy" -}} +{{ $ENABLE_LIVESTREAMING_HELP_LINK := .Env.ENABLE_LIVESTREAMING_HELP_LINK | default "https://jitsi.org/live" -}} +{{ $ENABLE_LIVESTREAMING_TERMS_LINK := .Env.ENABLE_LIVESTREAMING_TERMS_LINK | default "https://www.youtube.com/t/terms" -}} +{{ $ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING := .Env.ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING | default "^(?:[a-zA-Z0-9]{4}(?:-(?!$)|$)){4}" -}} {{ $ENABLE_REMB := .Env.ENABLE_REMB | default "true" | toBool -}} {{ $ENABLE_REQUIRE_DISPLAY_NAME := .Env.ENABLE_REQUIRE_DISPLAY_NAME | default "false" | toBool -}} {{ $ENABLE_SIMULCAST := .Env.ENABLE_SIMULCAST | default "true" | toBool -}} @@ -153,8 +157,18 @@ if (!config.hasOwnProperty('recordingService')) config.recordingService = {}; // Whether to enable file recording or not using the "service" defined by the finalizer in Jibri config.recordingService.enabled = {{ $ENABLE_SERVICE_RECORDING }}; -// Whether to enable live streaming or not. -config.liveStreamingEnabled = {{ $ENABLE_LIVESTREAMING }}; +// Whether to show the possibility to share file recording with other people +// (e.g. meeting participants), based on the actual implementation +// on the backend. +config.recordingService.sharingEnabled = {{ $ENABLE_FILE_RECORDING_SHARING }}; + +// Live streaming configuration. +if (!config.hasOwnProperty('liveStreaming')) config.liveStreaming = {}; +config.liveStreaming.enabled = {{ $ENABLE_LIVESTREAMING }}; +config.liveStreaming.dataPrivacyLink= '{{ $ENABLE_LIVESTREAMING_DATA_PRIVACY_LINK }}'; +config.liveStreaming.helpLink= '{{ $ENABLE_LIVESTREAMING_HELP_LINK }}'; +config.liveStreaming.termsLink= '{{ $ENABLE_LIVESTREAMING_TERMS_LINK }}'; +config.liveStreaming.validatorRegExpString= '{{ $ENABLE_LIVESTREAMING_VALIDATOR_REGEXP_STRING }}'; {{ if .Env.DROPBOX_APPKEY -}} // Enable the dropbox integration. @@ -167,11 +181,6 @@ config.dropbox.appKey = '{{ .Env.DROPBOX_APPKEY }}'; config.dropbox.redirectURI = '{{ .Env.DROPBOX_REDIRECT_URI }}'; {{ end -}} {{ end -}} - -// Whether to show the possibility to share file recording with other people -// (e.g. meeting participants), based on the actual implementation -// on the backend. -config.recordingService.sharingEnabled = {{ $ENABLE_FILE_RECORDING_SHARING }}; {{ end -}} @@ -468,4 +477,4 @@ config.e2eping.maxMessagePerSecond = {{ .Env.E2EPING_MAX_MESSAGE_PER_SECOND }}; // Settings for the Excalidraw whiteboard integration. if (!config.hasOwnProperty('whiteboard')) config.whiteboard = {}; config.whiteboard.enabled = {{ $WHITEBOARD_ENABLED }}; -config.whiteboard.collabServerBaseUrl = '{{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL }}'; \ No newline at end of file +config.whiteboard.collabServerBaseUrl = '{{ $WHITEBOARD_COLLAB_SERVER_PUBLIC_URL }}';