From 3008851343bf37118826041e6de0d27182d22576 Mon Sep 17 00:00:00 2001 From: Daniel Zoba Date: Tue, 6 Feb 2024 10:08:52 +0100 Subject: [PATCH 01/10] rename variable and default value for recorder domain to not suggest single usage anymore --- docker-compose.yml | 6 +- jibri.yml | 2 +- jibri/rootfs/defaults/jibri.conf | 72 +++++++++++++++++++ jicofo/rootfs/defaults/jicofo.conf | 4 +- .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 14 ++-- .../rootfs/defaults/conf.d/visitors.cfg.lua | 30 ++++---- prosody/rootfs/etc/cont-init.d/10-config | 4 +- web/rootfs/defaults/settings-config.js | 4 +- 8 files changed, 106 insertions(+), 30 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 0d33d541a4..b99fe7906e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -169,7 +169,7 @@ services: - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN + - XMPP_HIDDEN_PARTICIPANT_DOMAIN - XMPP_PORT - WHITEBOARD_ENABLED - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL @@ -302,7 +302,7 @@ services: - XMPP_MUC_MODULES - XMPP_MUC_CONFIGURATION - XMPP_INTERNAL_MUC_MODULES - - XMPP_RECORDER_DOMAIN + - XMPP_HIDDEN_PARTICIPANT_DOMAIN - XMPP_PORT - XMPP_SERVER_S2S_PORT - XMPP_SPEAKERSTATS_MODULES @@ -384,7 +384,7 @@ services: - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN + - XMPP_HIDDEN_PARTICIPANT_DOMAIN - XMPP_SERVER - XMPP_PORT - MAX_SSRCS_PER_USER diff --git a/jibri.yml b/jibri.yml index 65c7d103e1..855e6228e2 100644 --- a/jibri.yml +++ b/jibri.yml @@ -55,7 +55,7 @@ services: - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_RECORDER_DOMAIN + - XMPP_HIDDEN_PARTICIPANT_DOMAIN - XMPP_SERVER - XMPP_PORT - XMPP_TRUST_ALL_CERTS diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 33199cb6c1..6d252380dc 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -6,6 +6,17 @@ {{ $JIBRI_RECORDING_QUEUE_SIZE := .Env.JIBRI_RECORDING_QUEUE_SIZE | default 4096 -}} {{ $JIBRI_RECORDING_STREAMING_MAX_BITRATE := .Env.JIBRI_RECORDING_STREAMING_MAX_BITRATE | default 2976 -}} {{ $JIBRI_SINGLE_USE_MODE := .Env.JIBRI_SINGLE_USE_MODE | default "false" -}} +{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}} +{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} +{{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} +{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} +{{ $JIBRI_STRIP_DOMAIN_JID := .Env.JIBRI_STRIP_DOMAIN_JID | default $XMPP_MUC_DOMAIN_PREFIX -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_TRUST_ALL_CERTS := .Env.XMPP_TRUST_ALL_CERTS | default "true" | toBool -}} +{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} +{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} +{{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{ $STATSD_HOST := .Env.JIBRI_STATSD_HOST | default "localhost" -}} {{ $STATSD_PORT := .Env.JIBRI_STATSD_PORT | default "8125" -}} @@ -29,6 +40,67 @@ jibri { {{ end -}} } {{ end -}} + xmpp { + // See example_xmpp_envs.conf for an example of what is expected here + environments = [ +{{ range $index, $element := $XMPP_SERVERS -}} +{{ $SERVER := splitn ":" 2 $element }} + { + // A user-friendly name for this environment + name = "{{ $ENV.XMPP_ENV_NAME }}-{{$index}}" + + // A list of XMPP server hosts to which we'll connect + xmpp-server-hosts = [ + "{{ $SERVER._0 }}" + ] + + // The base XMPP domain + xmpp-domain = "{{ $XMPP_DOMAIN }}" + + {{ if $ENV.PUBLIC_URL -}} + // An (optional) base url the Jibri will join if it is set + base-url = "{{ $ENV.PUBLIC_URL }}" + {{ end -}} + + // The MUC we'll join to announce our presence for + // recording and streaming services + control-muc { + domain = "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" + room-name = "{{ $JIBRI_BREWERY_MUC }}" + nickname = "{{ $ENV.JIBRI_INSTANCE_ID }}" + } + + // The login information for the control MUC + control-login { + domain = "{{ $XMPP_AUTH_DOMAIN }}" + port = "{{ $SERVER._1 | default $XMPP_PORT }}" + username = "{{ $JIBRI_XMPP_USER }}" + password = "{{ $ENV.JIBRI_XMPP_PASSWORD }}" + } + + // The login information the selenium web client will use + call-login { + domain = "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" + username = "{{ $JIBRI_RECORDER_USER }}" + password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}" + } + + // The value we'll strip from the room JID domain to derive + // the call URL + strip-from-room-domain = "{{ $JIBRI_STRIP_DOMAIN_JID }}." + + // How long Jibri sessions will be allowed to last before + // they are stopped. A value of 0 allows them to go on + // indefinitely + usage-timeout = "{{ $JIBRI_USAGE_TIMEOUT }}" + + // Whether or not we'll automatically trust any cert on + // this XMPP domain + trust-all-xmpp-certs = {{ $XMPP_TRUST_ALL_CERTS }} + } +{{ end }} + ] + } } recording { recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR | default "/config/recordings" }}" diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 0fdbf0e903..9613fdb1c2 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -32,12 +32,12 @@ {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}} {{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}} -{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default ($ENABLE_RECORDING | ternary $XMPP_RECORDER_DOMAIN "") -}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default ($ENABLE_RECORDING | ternary $XMPP_HIDDEN_PARTICIPANT_DOMAIN "") -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env }} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 78bb09b5a5..e50b8d938b 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -44,7 +44,7 @@ {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} {{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} {{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} @@ -236,7 +236,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_LOBBY }} lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_RECORDING }} - muc_lobby_whitelist = { "{{ $XMPP_RECORDER_DOMAIN }}" } + muc_lobby_whitelist = { "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" } {{ end }} {{ end }} @@ -262,7 +262,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }} {{ if $ENABLE_VISITORS -}} - visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" } + visitors_ignore_list = { "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" } {{ end }} {{ if .Env.XMPP_CONFIGURATION -}} @@ -296,7 +296,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" authentication = "internal_hashed" {{ if $ENABLE_RECORDING }} -VirtualHost "{{ $XMPP_RECORDER_DOMAIN }}" +VirtualHost "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" modules_enabled = { "smacks"; } @@ -370,7 +370,7 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" }; rate_limit_whitelist_hosts = { - "{{ $XMPP_RECORDER_DOMAIN }}"; + "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; } {{ end -}} @@ -390,10 +390,10 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" muc_password_whitelist = { "focus@{{ $XMPP_AUTH_DOMAIN }}"; {{- if $ENABLE_RECORDING }} - "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"; + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; {{- end }} {{- if $ENABLE_TRANSCRIPTIONS }} - "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"; + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; {{- end }} } muc_tombstones = false diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 035759a75b..2775e3e823 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -35,7 +35,7 @@ {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" } @@ -176,22 +176,26 @@ Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DO {{ if $ENABLE_RATE_LIMITS -}} -- Max allowed join/login rate in events per second. - rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; - -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. - rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; - -- The time in seconds, after which the limit for an IP address is lifted. - rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; - -- List of regular expressions for IP addresses that are not limited by this module. - rate_limit_whitelist = { - "127.0.0.1"; - {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} - "{{ $cidr }}"; - {{ end -}} + rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }}; + -- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second. + rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }}; + -- The time in seconds, after which the limit for an IP address is lifted. + rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }}; + -- List of regular expressions for IP addresses that are not limited by this module. + rate_limit_whitelist = { + "127.0.0.1"; + {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}} + "{{ $cidr }}"; + {{ end -}} }; + rate_limit_whitelist_jids = { + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}", + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" + } {{ end -}} - -- The size of the cache that saves state for IP addresses + -- The size of the cache that saves state for IP addresses rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }}; muc_rate_joins = 30; diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 98f0f832eb..760cb49f38 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -77,7 +77,7 @@ fi [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb [ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi [ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi -[ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi +[ -z "${XMPP_HIDDEN_PARTICIPANT_DOMAIN}" ] && export XMPP_HIDDEN_PARTICIPANT_DOMAIN=hiddenpart.meet.jitsi prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD @@ -115,7 +115,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' exit 1 fi - prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_RECORDER_DOMAIN $JIBRI_RECORDER_PASSWORD + prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_HIDDEN_PARTICIPANT_DOMAIN $JIBRI_RECORDER_PASSWORD fi fi diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 4a5fbb133b..219ece6178 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -48,7 +48,7 @@ {{ $DESKTOP_SHARING_FRAMERATE_MIN := .Env.DESKTOP_SHARING_FRAMERATE_MIN | default 5 -}} {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} -{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} {{ $DISABLE_DEEP_LINKING := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $DISABLE_REACTIONS := .Env.DISABLE_REACTIONS | default "false" | toBool -}} @@ -152,7 +152,7 @@ config.etherpad_base = '{{ $PUBLIC_URL }}/etherpad/p/'; {{ if $ENABLE_RECORDING -}} -config.hiddenDomain = '{{ $XMPP_RECORDER_DOMAIN }}'; +config.hiddenDomain = '{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}'; config.recordingService = { // Whether to enable file recording or not using the "service" defined by the finalizer in Jibri From ba024c29f7033f53537150bbe642a48d5fd6a10c Mon Sep 17 00:00:00 2001 From: Daniel Zoba Date: Tue, 6 Feb 2024 10:35:11 +0100 Subject: [PATCH 02/10] assure hidden domain is handled equally when recording and/or transcriptions are enabled --- jicofo/rootfs/defaults/jicofo.conf | 2 +- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 4 ++-- web/rootfs/defaults/settings-config.js | 9 +++++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 9613fdb1c2..ab7c1bf641 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -37,7 +37,7 @@ {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}} {{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}} -{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default ($ENABLE_RECORDING | ternary $XMPP_HIDDEN_PARTICIPANT_DOMAIN "") -}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default (or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS | ternary $XMPP_HIDDEN_PARTICIPANT_DOMAIN "") -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env }} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index e50b8d938b..b09c08bf68 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -235,7 +235,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" room_metadata_component = "metadata.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_LOBBY }} lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" - {{ if $ENABLE_RECORDING }} + {{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} muc_lobby_whitelist = { "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" } {{ end }} {{ end }} @@ -295,7 +295,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" } authentication = "internal_hashed" -{{ if $ENABLE_RECORDING }} +{{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} VirtualHost "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" modules_enabled = { "smacks"; diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 219ece6178..591cdcebb0 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -146,14 +146,19 @@ config.etherpad_base = '{{ .Env.ETHERPAD_PUBLIC_URL }}'; config.etherpad_base = '{{ $PUBLIC_URL }}/etherpad/p/'; {{ end -}} +// Hidden domain usage +// +{{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS -}} + +config.hiddenDomain = '{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}'; + +{{ end -}} // Recording. // {{ if $ENABLE_RECORDING -}} -config.hiddenDomain = '{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}'; - config.recordingService = { // Whether to enable file recording or not using the "service" defined by the finalizer in Jibri enabled: {{ $ENABLE_SERVICE_RECORDING }}, From 0699717940a0125013386972311e1a98b41812a4 Mon Sep 17 00:00:00 2001 From: Daniel Zoba Date: Tue, 6 Feb 2024 11:06:46 +0100 Subject: [PATCH 03/10] add explicit authentication of transcriber to hidden domain --- docker-compose.yml | 2 ++ env.example | 3 +++ gen-passwords.sh | 2 ++ jigasi.yml | 3 +++ jigasi/rootfs/defaults/sip-communicator.properties | 7 ++++++- prosody/rootfs/etc/cont-init.d/10-config | 5 +++++ 6 files changed, 21 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index b99fe7906e..82f2c04893 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -222,6 +222,8 @@ services: - JICOFO_COMPONENT_SECRET - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD + - JIGASI_TRANSCRIBER_USER + - JIGASI_TRANSCRIBER_PASSWORD - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JWT_APP_ID diff --git a/env.example b/env.example index 485649c572..169ce092b9 100644 --- a/env.example +++ b/env.example @@ -199,6 +199,9 @@ JIBRI_RECORDER_PASSWORD= # XMPP password for Jibri client connections JIBRI_XMPP_PASSWORD= +# Transcriber XMPP password for Jigasi MUC client connections +JIGASI_TRANSCRIBER_PASSWORD= + # # Docker Compose options # diff --git a/gen-passwords.sh b/gen-passwords.sh index 29aec9b785..a499e55af5 100755 --- a/gen-passwords.sh +++ b/gen-passwords.sh @@ -9,6 +9,7 @@ JVB_AUTH_PASSWORD=$(generatePassword) JIGASI_XMPP_PASSWORD=$(generatePassword) JIBRI_RECORDER_PASSWORD=$(generatePassword) JIBRI_XMPP_PASSWORD=$(generatePassword) +JIGASI_TRANSCRIBER_PASSWORD=$(generatePassword) sed -i.bak \ -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \ @@ -16,4 +17,5 @@ sed -i.bak \ -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \ -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \ -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \ + -e "s#JIGASI_TRANSCRIBER_PASSWORD=.*#JIGASI_TRANSCRIBER_PASSWORD=${JIGASI_TRANSCRIBER_PASSWORD}#g" \ "$(dirname "$0")/.env" diff --git a/jigasi.yml b/jigasi.yml index 3ad1d3f658..5ef9a8be1f 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -30,6 +30,7 @@ services: - XMPP_SERVER - XMPP_PORT - XMPP_DOMAIN + - XMPP_HIDDEN_PARTICIPANT_DOMAIN - PUBLIC_URL - JIGASI_DISABLE_SIP - JIGASI_LOG_FILE @@ -41,6 +42,8 @@ services: - JIGASI_SIP_DEFAULT_ROOM - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD + - JIGASI_TRANSCRIBER_USER + - JIGASI_TRANSCRIBER_PASSWORD - JIGASI_BREWERY_MUC - JIGASI_PORT_MIN - JIGASI_PORT_MAX diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index ea5bf07d62..c0cfa228cc 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -175,7 +175,12 @@ org.jitsi.jigasi.transcription.SAVE_TXT=true org.jitsi.jigasi.transcription.SEND_TXT={{ .Env.JIGASI_TRANSCRIBER_SEND_TXT | default "false"}} org.jitsi.jigasi.transcription.RECORD_AUDIO={{ .Env.JIGASI_TRANSCRIBER_RECORD_AUDIO | default "false"}} org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav -{{ end -}} +# non-anonymous authentication is required for transcriber +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false +org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_TRANSCRIBER_PASSWORD }} +org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true +{{end}} {{ if .Env.JIGASI_SIP_DEFAULT_ROOM }} org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 760cb49f38..7ab11ab995 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -74,6 +74,7 @@ fi [ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder [ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri [ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi +[ -z "${JIGASI_TRANSCRIBER_USER}" ] && export JIGASI_TRANSCRIBER_USER=transcriber [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb [ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi [ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi @@ -128,6 +129,10 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi +if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then + prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_PARTICIPANT_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD +fi + if [[ "$PROSODY_MODE" == "visitors" ]]; then [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi" [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0 From fc48755de82519f69f03b797d319722eaaa7709b Mon Sep 17 00:00:00 2001 From: Daniel Zoba Date: Tue, 6 Feb 2024 16:39:30 +0100 Subject: [PATCH 04/10] need to import variable first --- jicofo/rootfs/defaults/jicofo.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index ab7c1bf641..8f811c7cb7 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -6,6 +6,7 @@ {{ $JICOFO_AUTH_LIFETIME := .Env.JICOFO_AUTH_LIFETIME | default "24 hours" -}} {{ $ENABLE_SCTP := .Env.ENABLE_SCTP | default "0" | toBool -}} {{ $ENABLE_RECORDING := .Env.ENABLE_RECORDING | default "0" | toBool -}} +{{ $ENABLE_TRANSCRIPTIONS := .Env.ENABLE_TRANSCRIPTIONS | default "0" | toBool -}} {{ $ENABLE_OCTO := .Env.ENABLE_OCTO | default "0" | toBool -}} {{ $ENABLE_OCTO_SCTP := .Env.ENABLE_OCTO_SCTP | default $ENABLE_SCTP | toBool -}} {{ $ENABLE_AUTO_LOGIN := .Env.ENABLE_AUTO_LOGIN | default "1" | toBool -}} From 601cc245cdec8f50774cbff7724a0f4e3715c8aa Mon Sep 17 00:00:00 2001 From: Daniel Zoba Date: Tue, 6 Feb 2024 16:55:55 +0100 Subject: [PATCH 05/10] need to import variables before referencing --- jigasi/rootfs/defaults/sip-communicator.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index c0cfa228cc..9d43036adf 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -11,6 +11,8 @@ {{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}} {{ $DISABLE_SIP := .Env.JIGASI_DISABLE_SIP | default "false" | toBool -}} +{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} +{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} From 6e250c9d6ea6af4e2ffda952e10bf0f50433284d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20L=C3=B6w?= Date: Tue, 18 Jun 2024 08:59:14 +0200 Subject: [PATCH 06/10] :art: rename XMPP_HIDDEN_PARTICIPANT_DOMAIN to XMPP_HIDDEN_DOMAIN with default value hidden.meet.jitsi (as suggested by @saghul) --- docker-compose.yml | 6 +++--- jibri.yml | 2 +- jibri/rootfs/defaults/jibri.conf | 4 ++-- jicofo/rootfs/defaults/jicofo.conf | 4 ++-- jigasi.yml | 2 +- jigasi/rootfs/defaults/sip-communicator.properties | 4 ++-- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 14 +++++++------- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 6 +++--- prosody/rootfs/etc/cont-init.d/10-config | 6 +++--- web/rootfs/defaults/settings-config.js | 4 ++-- 10 files changed, 26 insertions(+), 26 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 82f2c04893..b1d9e166ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -169,7 +169,7 @@ services: - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_HIDDEN_PARTICIPANT_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_PORT - WHITEBOARD_ENABLED - WHITEBOARD_COLLAB_SERVER_PUBLIC_URL @@ -304,7 +304,7 @@ services: - XMPP_MUC_MODULES - XMPP_MUC_CONFIGURATION - XMPP_INTERNAL_MUC_MODULES - - XMPP_HIDDEN_PARTICIPANT_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_PORT - XMPP_SERVER_S2S_PORT - XMPP_SPEAKERSTATS_MODULES @@ -386,7 +386,7 @@ services: - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_HIDDEN_PARTICIPANT_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_SERVER - XMPP_PORT - MAX_SSRCS_PER_USER diff --git a/jibri.yml b/jibri.yml index 855e6228e2..ea22d9c790 100644 --- a/jibri.yml +++ b/jibri.yml @@ -55,7 +55,7 @@ services: - XMPP_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - - XMPP_HIDDEN_PARTICIPANT_DOMAIN + - XMPP_HIDDEN_DOMAIN - XMPP_SERVER - XMPP_PORT - XMPP_TRUST_ALL_CERTS diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 6d252380dc..6130694745 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -12,7 +12,7 @@ {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} {{ $JIBRI_STRIP_DOMAIN_JID := .Env.JIBRI_STRIP_DOMAIN_JID | default $XMPP_MUC_DOMAIN_PREFIX -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{ $XMPP_TRUST_ALL_CERTS := .Env.XMPP_TRUST_ALL_CERTS | default "true" | toBool -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} @@ -80,7 +80,7 @@ jibri { // The login information the selenium web client will use call-login { - domain = "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" + domain = "{{ $XMPP_HIDDEN_DOMAIN }}" username = "{{ $JIBRI_RECORDER_USER }}" password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}" } diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 8f811c7cb7..45cdaf400a 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -33,12 +33,12 @@ {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}} {{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}} -{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default (or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS | ternary $XMPP_HIDDEN_PARTICIPANT_DOMAIN "") -}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default (or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS | ternary $XMPP_HIDDEN_DOMAIN "") -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env }} diff --git a/jigasi.yml b/jigasi.yml index 5ef9a8be1f..4f0f5864c6 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -30,7 +30,7 @@ services: - XMPP_SERVER - XMPP_PORT - XMPP_DOMAIN - - XMPP_HIDDEN_PARTICIPANT_DOMAIN + - XMPP_HIDDEN_DOMAIN - PUBLIC_URL - JIGASI_DISABLE_SIP - JIGASI_LOG_FILE diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 9d43036adf..e4372afa6d 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -12,7 +12,7 @@ {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}} {{ $DISABLE_SIP := .Env.JIGASI_DISABLE_SIP | default "false" | toBool -}} {{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} @@ -178,7 +178,7 @@ org.jitsi.jigasi.transcription.SEND_TXT={{ .Env.JIGASI_TRANSCRIBER_SEND_TXT | de org.jitsi.jigasi.transcription.RECORD_AUDIO={{ .Env.JIGASI_TRANSCRIBER_RECORD_AUDIO | default "false"}} org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav # non-anonymous authentication is required for transcriber -org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_TRANSCRIBER_PASSWORD }} org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index b09c08bf68..58ffda5e41 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -44,7 +44,7 @@ {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}} {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} {{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} @@ -236,7 +236,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_LOBBY }} lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" {{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} - muc_lobby_whitelist = { "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" } + muc_lobby_whitelist = { "{{ $XMPP_HIDDEN_DOMAIN }}" } {{ end }} {{ end }} @@ -262,7 +262,7 @@ VirtualHost "{{ $XMPP_DOMAIN }}" c2s_require_encryption = {{ $C2S_REQUIRE_ENCRYPTION }} {{ if $ENABLE_VISITORS -}} - visitors_ignore_list = { "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" } + visitors_ignore_list = { "{{ $XMPP_HIDDEN_DOMAIN }}" } {{ end }} {{ if .Env.XMPP_CONFIGURATION -}} @@ -296,7 +296,7 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" authentication = "internal_hashed" {{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} -VirtualHost "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" +VirtualHost "{{ $XMPP_HIDDEN_DOMAIN }}" modules_enabled = { "smacks"; } @@ -370,7 +370,7 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" }; rate_limit_whitelist_hosts = { - "{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; + "{{ $XMPP_HIDDEN_DOMAIN }}"; } {{ end -}} @@ -390,10 +390,10 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" muc_password_whitelist = { "focus@{{ $XMPP_AUTH_DOMAIN }}"; {{- if $ENABLE_RECORDING }} - "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}"; {{- end }} {{- if $ENABLE_TRANSCRIPTIONS }} - "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}"; + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}"; {{- end }} } muc_tombstones = false diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 2775e3e823..11bc2025ff 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -35,7 +35,7 @@ {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" } @@ -190,8 +190,8 @@ Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DO }; rate_limit_whitelist_jids = { - "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}", - "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}" + "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}", + "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}" } {{ end -}} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 7ab11ab995..97508e0822 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -78,7 +78,7 @@ fi [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb [ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi [ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi -[ -z "${XMPP_HIDDEN_PARTICIPANT_DOMAIN}" ] && export XMPP_HIDDEN_PARTICIPANT_DOMAIN=hiddenpart.meet.jitsi +[ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN=hidden.meet.jitsi prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD @@ -116,7 +116,7 @@ if [[ "$PROSODY_MODE" == "client" ]]; then echo 'FATAL ERROR: Jibri recorder password must be changed, check the README' exit 1 fi - prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_HIDDEN_PARTICIPANT_DOMAIN $JIBRI_RECORDER_PASSWORD + prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD fi fi @@ -130,7 +130,7 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then fi if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then - prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_PARTICIPANT_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD + prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD fi if [[ "$PROSODY_MODE" == "visitors" ]]; then diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index 591cdcebb0..c020955084 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -48,7 +48,7 @@ {{ $DESKTOP_SHARING_FRAMERATE_MIN := .Env.DESKTOP_SHARING_FRAMERATE_MIN | default 5 -}} {{ $DESKTOP_SHARING_FRAMERATE_MAX := .Env.DESKTOP_SHARING_FRAMERATE_MAX | default 5 -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} -{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN := .Env.XMPP_HIDDEN_PARTICIPANT_DOMAIN | default "hiddenpart.meet.jitsi" -}} +{{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{ $DISABLE_DEEP_LINKING := .Env.DISABLE_DEEP_LINKING | default "false" | toBool -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $DISABLE_REACTIONS := .Env.DISABLE_REACTIONS | default "false" | toBool -}} @@ -150,7 +150,7 @@ config.etherpad_base = '{{ $PUBLIC_URL }}/etherpad/p/'; // {{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS -}} -config.hiddenDomain = '{{ $XMPP_HIDDEN_PARTICIPANT_DOMAIN }}'; +config.hiddenDomain = '{{ $XMPP_HIDDEN_DOMAIN }}'; {{ end -}} From 7684c09621c68fea646f8b4782086bba8472a70f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20L=C3=B6w?= Date: Tue, 18 Jun 2024 12:43:22 +0200 Subject: [PATCH 07/10] :art: remove some recording/transcribing config conditionals which do no harm even if both is disabled --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 -- web/rootfs/defaults/settings-config.js | 2 -- 2 files changed, 4 deletions(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 58ffda5e41..3b4683ffcb 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -295,13 +295,11 @@ VirtualHost "{{ $XMPP_AUTH_DOMAIN }}" } authentication = "internal_hashed" -{{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} VirtualHost "{{ $XMPP_HIDDEN_DOMAIN }}" modules_enabled = { "smacks"; } authentication = "internal_hashed" -{{ end }} Component "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" "muc" storage = "memory" diff --git a/web/rootfs/defaults/settings-config.js b/web/rootfs/defaults/settings-config.js index c020955084..e4ee117006 100644 --- a/web/rootfs/defaults/settings-config.js +++ b/web/rootfs/defaults/settings-config.js @@ -148,11 +148,9 @@ config.etherpad_base = '{{ $PUBLIC_URL }}/etherpad/p/'; // Hidden domain usage // -{{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS -}} config.hiddenDomain = '{{ $XMPP_HIDDEN_DOMAIN }}'; -{{ end -}} // Recording. // From 9fca6ade6efc16ca1e065e3e2be771b1f6caf289 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20L=C3=B6w?= Date: Tue, 25 Jun 2024 10:17:25 +0200 Subject: [PATCH 08/10] :fire: :rocket: remove JIGASI_TRANSCRIBER_USER using JIGASI_XMPP_USER instead --- docker-compose.yml | 2 -- env.example | 3 --- gen-passwords.sh | 2 -- jigasi.yml | 2 -- jigasi/rootfs/defaults/sip-communicator.properties | 5 ++--- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 3 +-- prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 3 +-- prosody/rootfs/etc/cont-init.d/10-config | 5 ----- 8 files changed, 4 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b1d9e166ac..3ec80ebb2c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -222,8 +222,6 @@ services: - JICOFO_COMPONENT_SECRET - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - - JIGASI_TRANSCRIBER_USER - - JIGASI_TRANSCRIBER_PASSWORD - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JWT_APP_ID diff --git a/env.example b/env.example index 169ce092b9..485649c572 100644 --- a/env.example +++ b/env.example @@ -199,9 +199,6 @@ JIBRI_RECORDER_PASSWORD= # XMPP password for Jibri client connections JIBRI_XMPP_PASSWORD= -# Transcriber XMPP password for Jigasi MUC client connections -JIGASI_TRANSCRIBER_PASSWORD= - # # Docker Compose options # diff --git a/gen-passwords.sh b/gen-passwords.sh index a499e55af5..29aec9b785 100755 --- a/gen-passwords.sh +++ b/gen-passwords.sh @@ -9,7 +9,6 @@ JVB_AUTH_PASSWORD=$(generatePassword) JIGASI_XMPP_PASSWORD=$(generatePassword) JIBRI_RECORDER_PASSWORD=$(generatePassword) JIBRI_XMPP_PASSWORD=$(generatePassword) -JIGASI_TRANSCRIBER_PASSWORD=$(generatePassword) sed -i.bak \ -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \ @@ -17,5 +16,4 @@ sed -i.bak \ -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \ -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \ -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \ - -e "s#JIGASI_TRANSCRIBER_PASSWORD=.*#JIGASI_TRANSCRIBER_PASSWORD=${JIGASI_TRANSCRIBER_PASSWORD}#g" \ "$(dirname "$0")/.env" diff --git a/jigasi.yml b/jigasi.yml index 4f0f5864c6..fc2ef05f1a 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -42,8 +42,6 @@ services: - JIGASI_SIP_DEFAULT_ROOM - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - - JIGASI_TRANSCRIBER_USER - - JIGASI_TRANSCRIBER_PASSWORD - JIGASI_BREWERY_MUC - JIGASI_PORT_MIN - JIGASI_PORT_MAX diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index e4372afa6d..435d007725 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -11,7 +11,6 @@ {{ $XMPP_SERVERS := splitList "," $XMPP_SERVER -}} {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}} {{ $DISABLE_SIP := .Env.JIGASI_DISABLE_SIP | default "false" | toBool -}} -{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{/* assign env from context, preserve during range when . is re-assigned */}} {{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}} @@ -178,9 +177,9 @@ org.jitsi.jigasi.transcription.SEND_TXT={{ .Env.JIGASI_TRANSCRIBER_SEND_TXT | de org.jitsi.jigasi.transcription.RECORD_AUDIO={{ .Env.JIGASI_TRANSCRIBER_RECORD_AUDIO | default "false"}} org.jitsi.jigasi.transcription.RECORD_AUDIO_FORMAT=wav # non-anonymous authentication is required for transcriber -org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }} +org.jitsi.jigasi.xmpp.acc.USER_ID={{ $JIGASI_XMPP_USER }}@{{ $XMPP_HIDDEN_DOMAIN }} org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false -org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_TRANSCRIBER_PASSWORD }} +org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }} org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true {{end}} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 3b4683ffcb..f5bfeeaa9e 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -46,7 +46,6 @@ {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}} {{ $XMPP_HIDDEN_DOMAIN := .Env.XMPP_HIDDEN_DOMAIN | default "hidden.meet.jitsi" -}} {{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} -{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool -}} @@ -391,7 +390,7 @@ Component "{{ $XMPP_MUC_DOMAIN }}" "muc" "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}"; {{- end }} {{- if $ENABLE_TRANSCRIPTIONS }} - "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}"; + "{{ $JIGASI_XMPP_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}"; {{- end }} } muc_tombstones = false diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index 11bc2025ff..729c08413c 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -4,7 +4,6 @@ {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}} {{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}} -{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}} {{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}} {{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}} {{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}} @@ -191,7 +190,7 @@ Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DO rate_limit_whitelist_jids = { "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}", - "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}" + "{{ $JIGASI_XMPP_USER }}@{{ $XMPP_HIDDEN_DOMAIN }}" } {{ end -}} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 97508e0822..2053f806bc 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -74,7 +74,6 @@ fi [ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder [ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri [ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi -[ -z "${JIGASI_TRANSCRIBER_USER}" ] && export JIGASI_TRANSCRIBER_USER=transcriber [ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb [ -z "${XMPP_DOMAIN}" ] && export XMPP_DOMAIN=meet.jitsi [ -z "${XMPP_AUTH_DOMAIN}" ] && export XMPP_AUTH_DOMAIN=auth.meet.jitsi @@ -129,10 +128,6 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD fi -if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then - prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD -fi - if [[ "$PROSODY_MODE" == "visitors" ]]; then [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi" [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0 From 2dd66de68af72d883bd6eb12d366524f0f0a7208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20L=C3=B6w?= Date: Tue, 13 Aug 2024 14:48:53 +0200 Subject: [PATCH 09/10] :fire: remove xmpp block from jibri config (re-added during rebase, but has a seperate file) --- jibri/rootfs/defaults/jibri.conf | 61 -------------------------------- 1 file changed, 61 deletions(-) diff --git a/jibri/rootfs/defaults/jibri.conf b/jibri/rootfs/defaults/jibri.conf index 6130694745..23ae4c05a3 100644 --- a/jibri/rootfs/defaults/jibri.conf +++ b/jibri/rootfs/defaults/jibri.conf @@ -40,67 +40,6 @@ jibri { {{ end -}} } {{ end -}} - xmpp { - // See example_xmpp_envs.conf for an example of what is expected here - environments = [ -{{ range $index, $element := $XMPP_SERVERS -}} -{{ $SERVER := splitn ":" 2 $element }} - { - // A user-friendly name for this environment - name = "{{ $ENV.XMPP_ENV_NAME }}-{{$index}}" - - // A list of XMPP server hosts to which we'll connect - xmpp-server-hosts = [ - "{{ $SERVER._0 }}" - ] - - // The base XMPP domain - xmpp-domain = "{{ $XMPP_DOMAIN }}" - - {{ if $ENV.PUBLIC_URL -}} - // An (optional) base url the Jibri will join if it is set - base-url = "{{ $ENV.PUBLIC_URL }}" - {{ end -}} - - // The MUC we'll join to announce our presence for - // recording and streaming services - control-muc { - domain = "{{ $XMPP_INTERNAL_MUC_DOMAIN }}" - room-name = "{{ $JIBRI_BREWERY_MUC }}" - nickname = "{{ $ENV.JIBRI_INSTANCE_ID }}" - } - - // The login information for the control MUC - control-login { - domain = "{{ $XMPP_AUTH_DOMAIN }}" - port = "{{ $SERVER._1 | default $XMPP_PORT }}" - username = "{{ $JIBRI_XMPP_USER }}" - password = "{{ $ENV.JIBRI_XMPP_PASSWORD }}" - } - - // The login information the selenium web client will use - call-login { - domain = "{{ $XMPP_HIDDEN_DOMAIN }}" - username = "{{ $JIBRI_RECORDER_USER }}" - password = "{{ $ENV.JIBRI_RECORDER_PASSWORD }}" - } - - // The value we'll strip from the room JID domain to derive - // the call URL - strip-from-room-domain = "{{ $JIBRI_STRIP_DOMAIN_JID }}." - - // How long Jibri sessions will be allowed to last before - // they are stopped. A value of 0 allows them to go on - // indefinitely - usage-timeout = "{{ $JIBRI_USAGE_TIMEOUT }}" - - // Whether or not we'll automatically trust any cert on - // this XMPP domain - trust-all-xmpp-certs = {{ $XMPP_TRUST_ALL_CERTS }} - } -{{ end }} - ] - } } recording { recordings-directory = "{{ .Env.JIBRI_RECORDING_DIR | default "/config/recordings" }}" From 48e66eb738ff5765466f466a07b59d5fb4bc76b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakob=20L=C3=B6w?= Date: Tue, 13 Aug 2024 14:51:06 +0200 Subject: [PATCH 10/10] :art: always place trusted domain configuration it does not hurt to have them, so the conditions simply increase config complexity --- jicofo/rootfs/defaults/jicofo.conf | 2 +- jigasi/rootfs/defaults/sip-communicator.properties | 4 +--- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 -- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/jicofo/rootfs/defaults/jicofo.conf b/jicofo/rootfs/defaults/jicofo.conf index 45cdaf400a..784d1c1783 100644 --- a/jicofo/rootfs/defaults/jicofo.conf +++ b/jicofo/rootfs/defaults/jicofo.conf @@ -38,7 +38,7 @@ {{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}} {{ $MAX_SSRCS_PER_USER := .Env.MAX_SSRCS_PER_USER | default "20" -}} {{ $MAX_SSRC_GROUPS_PER_USER := .Env.MAX_SSRC_GROUPS_PER_USER | default $MAX_SSRCS_PER_USER -}} -{{ $TRUSTED_DOMAIN_LIST := .Env.JICOFO_TRUSTED_DOMAINS | default (or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS | ternary $XMPP_HIDDEN_DOMAIN "") -}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}} {{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env }} diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 435d007725..620beb1d4f 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -189,7 +189,5 @@ org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }} org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ $XMPP_MUC_DOMAIN }} -# when checking other participants whether they are jibri/jigasi we can also check the the domain they use for connecting -{{ if $TRUSTED_DOMAIN_LIST }} +# when checking other participants whether they are jibri/jigasi we can also check the domain they use for connecting org.jitsi.jigasi.TRUSTED_DOMAINS=[ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ] -{{ end }} diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index f5bfeeaa9e..b58e0a4c34 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -234,10 +234,8 @@ VirtualHost "{{ $XMPP_DOMAIN }}" room_metadata_component = "metadata.{{ $XMPP_DOMAIN }}" {{ if $ENABLE_LOBBY }} lobby_muc = "lobby.{{ $XMPP_DOMAIN }}" - {{ if or $ENABLE_RECORDING $ENABLE_TRANSCRIPTIONS }} muc_lobby_whitelist = { "{{ $XMPP_HIDDEN_DOMAIN }}" } {{ end }} - {{ end }} {{ if $PROSODY_RESERVATION_ENABLED }} reservations_api_prefix = "{{ $PROSODY_RESERVATION_REST_BASE_URL }}"