From 424253b246ba5e1cfd8fed68b56c59d3e1ea58f2 Mon Sep 17 00:00:00 2001 From: netaskd Date: Wed, 11 Dec 2019 18:49:42 +0200 Subject: [PATCH 01/35] turn: add TURN server --- Makefile | 2 +- README.md | 1 - docker-compose.yml | 6 +++ env.example | 40 +++++++++++++++++++ prosody/Dockerfile | 3 ++ .../rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 3 ++ prosody/rootfs/defaults/prosody.cfg.lua | 15 +++++++ turn.yml | 27 +++++++++++++ turn/Dockerfile | 11 +++++ turn/Makefile | 5 +++ turn/rootfs/defaults/docker-entrypoint.sh | 38 ++++++++++++++++++ 11 files changed, 149 insertions(+), 2 deletions(-) create mode 100644 turn.yml create mode 100644 turn/Dockerfile create mode 100644 turn/Makefile create mode 100755 turn/rootfs/defaults/docker-entrypoint.sh diff --git a/Makefile b/Makefile index 08ec3a9d41..757c8f076b 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ FORCE_REBUILD ?= 0 JITSI_RELEASE ?= stable JITSI_BUILD ?= latest JITSI_REPO ?= jitsi -JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi jibri +JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi etherpad jibri turn BUILD_ARGS := --build-arg JITSI_REPO=$(JITSI_REPO) --build-arg JITSI_RELEASE=$(JITSI_RELEASE) ifeq ($(FORCE_REBUILD), 1) diff --git a/README.md b/README.md index 7c07d2c25a..6c905dc4a7 100644 --- a/README.md +++ b/README.md @@ -15,5 +15,4 @@ The installation manual is available [here](https://jitsi.github.io/handbook/doc ## TODO * Support container replicas (where applicable). -* TURN server. diff --git a/docker-compose.yml b/docker-compose.yml index 17ca6eca66..4629be9e0b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -165,6 +165,12 @@ services: - LOG_LEVEL - PUBLIC_URL - TZ + - ENABLE_TURN + - TURN_SECRET + - TURN_TYPE + - TURN_HOST + - TURN_PORT + - TURN_TRANSPORT networks: meet.jitsi: aliases: diff --git a/env.example b/env.example index 5b62e08d8b..087a449445 100644 --- a/env.example +++ b/env.example @@ -379,3 +379,43 @@ RESTART_POLICY=unless-stopped # Authenticate using external service or just focus external auth window if there is one already. # TOKEN_AUTH_URL=https://auth.meet.example.com/{room} +# +## Use TURN for P2P connections +##TURN_ENABLE_P2P=0 +# +## Use TURN for JVB (bridge mode) connections +##TURN_ENABLE=0 +# +## Realm to be used for the users with long-term credentials mechanism or with TURN REST API +##TURN_REALM=realm +# +## Secret for connect to TURN server +##TURN_SECRET=keepthissecret +# +## Username for admin panel +##TURN_ADMIN_USER=admin +# +## Password for admin panel +##TURN_ADMIN_SECRET=changeme +# +## HTTP(s) port for acess to admin panel +##TURN_ADMIN_PORT=8443 +# +## Type of TURN(s)/STUN. Can be turn or turns. +##TURN_TYPE=turns +# +## Annonce FQDN or IP address of turn server +##TURN_HOST=8.8.8.8 +# +## TLS/TCP/UDP turn port for connection +##TURN_PORT=5349 +# +## Transport for stun/turn connection. Can be tcp or udp. +##TURN_TRANSPORT=tcp +# +## RTP start port for turn/turns connections +##TURN_RTP_MIN=10000 +# +## RTP end port for turn/turns connections +##TURN_RTP_MAX=11000 +# diff --git a/prosody/Dockerfile b/prosody/Dockerfile index c2da8ea673..8e605f89d8 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -45,6 +45,9 @@ RUN \ && rm -rf /tmp/pkg /var/cache/apt RUN patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch +RUN \ + curl -4so /prosody-plugins/mod_turncredentials.lua \ + https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua COPY rootfs/ / diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 86c52021c4..cd3aa860d3 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -95,6 +95,9 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }} "auth_cyrus"; {{end}} + {{ if .Env.ENABLE_TURN | default "0" | toBool }} + "turncredentials"; + {{end}} } {{ if and $ENABLE_LOBBY (not $ENABLE_GUEST_DOMAIN) }} diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 467d4222b8..9402a02eea 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -172,3 +172,18 @@ smacks_max_hibernated_sessions = 1; smacks_max_old_sessions = 1; Include "conf.d/*.cfg.lua" + + +{{ if .Env.ENABLE_TURN | default "0" | toBool }} +turncredentials_secret = "{{ .Env.TURN_SECRET | default "keepthissecret" }}"; +turncredentials_port = {{ .Env.TURN_PORT | default "3478" }}; +turncredentials_ttl = {{ .Env.TURN_TTL | default "86400" }}; +turncredentials = { +{{ if .Env.TURN_HOST }} + { type = "{{ .Env.TURN_PROTO | default "turns" }}", + host = "{{ .Env.TURN_HOST }}", + port = {{ .Env.TURN_PORT | default "3478" }}, + transport = "{{ .Env.TURN_TRANSPORT | default "tcp" }}" + } +{{ end }} +{{ end }} \ No newline at end of file diff --git a/turn.yml b/turn.yml new file mode 100644 index 0000000000..278277ec9d --- /dev/null +++ b/turn.yml @@ -0,0 +1,27 @@ +version: '3' + +services: + # coturn TURN server project + turn: + image: jitsi/turn + restart: always + ports: + - '${TURN_PORT}:${TURN_PORT}/tcp' + - '${TURN_PORT}:${TURN_PORT}/udp' + - '${TURN_RTP_MIN}-${TURN_RTP_MAX}:${TURN_RTP_MIN}-${TURN_RTP_MAX}/udp' + - '${TURN_ADMIN_PORT}:${TURN_ADMIN_PORT}/tcp' + environment: + - TURN_SECRET + - TURN_REALM + - TURN_ADMIN_USER + - TURN_ADMIN_SECRET + - TURN_ADMIN_PORT + - TURN_TYPE + - TURN_HOST + - TURN_PORT + - TURN_TRANSPORT + - TURN_RTP_MIN + - TURN_RTP_MAX + networks: + meet.jitsi: + diff --git a/turn/Dockerfile b/turn/Dockerfile new file mode 100644 index 0000000000..8f53ff7910 --- /dev/null +++ b/turn/Dockerfile @@ -0,0 +1,11 @@ +ARG VERSION +FROM instrumentisto/coturn:${VERSION:-latest} + +RUN apk add --no-cache openssl + +ADD ./rootfs/defaults/docker-entrypoint.sh /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] + +EXPOSE 5349 8443 10000:11000/udp + diff --git a/turn/Makefile b/turn/Makefile new file mode 100644 index 0000000000..7317d86e50 --- /dev/null +++ b/turn/Makefile @@ -0,0 +1,5 @@ +build: + docker build $(BUILD_ARGS) -t $(JITSI_REPO)/turn . + +.PHONY: build + diff --git a/turn/rootfs/defaults/docker-entrypoint.sh b/turn/rootfs/defaults/docker-entrypoint.sh new file mode 100755 index 0000000000..cc54a71871 --- /dev/null +++ b/turn/rootfs/defaults/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/ash +# make certs if not exist +if [[ ! -f /etc/ssl/cert.crt || ! -f /etc/ssl/cert.key ]]; then + openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}" +fi + +# set coturn admin user +turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} + +# run coturn server with API auth method enabled. +turnserver -n \ +--verbose \ +--prod \ +--no-tlsv1 \ +--no-tlsv1_1 \ +--log-file=stdout \ +--listening-port=${TURN_PORT:-5349} \ +--tls-listening-port=${TURN_PORT:-5349} \ +--alt-listening-port=${TURN_PORT:-5349} \ +--alt-tls-listening-port=${TURN_PORT:-5349} \ +--cert=/etc/ssl/cert.crt \ +--pkey=/etc/ssl/cert.key \ +--min-port=${TURN_RTP_MIN:-10000} \ +--max-port=${TURN_RTP_MAX:-11000} \ +--no-stun \ +--use-auth-secret \ +--static-auth-secret=${TURN_SECRET:-keepthissecret} \ +--no-multicast-peers \ +--realm=${TURN_REALM:-realm} \ +--external-ip=$(curl -4k https://icanhazip.com 2>/dev/null) \ +--relay-ip=$(hostname -i) \ +--listening-ip=$(hostname -i) \ +--web-admin \ +--web-admin-ip=$(hostname -i) \ +--web-admin-port=${TURN_ADMIN_PORT:-8443} \ +--no-cli \ +--cli-password=${TURN_ADMIN_SECRET:-changeme} + From 463bf716f05aac14e41a7eec130c29fdb2e58a30 Mon Sep 17 00:00:00 2001 From: netaskd Date: Thu, 12 Dec 2019 18:42:10 +0200 Subject: [PATCH 02/35] turn: the fist review changes --- env.example | 2 +- turn.yml | 1 + turn/rootfs/defaults/docker-entrypoint.sh | 34 +++++++++++++---------- 3 files changed, 22 insertions(+), 15 deletions(-) diff --git a/env.example b/env.example index 087a449445..2ad04a7830 100644 --- a/env.example +++ b/env.example @@ -384,7 +384,7 @@ RESTART_POLICY=unless-stopped ##TURN_ENABLE_P2P=0 # ## Use TURN for JVB (bridge mode) connections -##TURN_ENABLE=0 +##ENABLE_TURN=0 # ## Realm to be used for the users with long-term credentials mechanism or with TURN REST API ##TURN_REALM=realm diff --git a/turn.yml b/turn.yml index 278277ec9d..d267921f6e 100644 --- a/turn.yml +++ b/turn.yml @@ -11,6 +11,7 @@ services: - '${TURN_RTP_MIN}-${TURN_RTP_MAX}:${TURN_RTP_MIN}-${TURN_RTP_MAX}/udp' - '${TURN_ADMIN_PORT}:${TURN_ADMIN_PORT}/tcp' environment: + - DOCKER_HOST_ADDRESS - TURN_SECRET - TURN_REALM - TURN_ADMIN_USER diff --git a/turn/rootfs/defaults/docker-entrypoint.sh b/turn/rootfs/defaults/docker-entrypoint.sh index cc54a71871..08e406c795 100755 --- a/turn/rootfs/defaults/docker-entrypoint.sh +++ b/turn/rootfs/defaults/docker-entrypoint.sh @@ -1,14 +1,24 @@ #!/bin/ash +# create config dir if not exists +[ ! -d /config ] && mkdir /config + # make certs if not exist -if [[ ! -f /etc/ssl/cert.crt || ! -f /etc/ssl/cert.key ]]; then - openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}" +if [[ ! -f /config/cert.crt || ! -f /config/cert.key ]]; then + openssl req -newkey rsa:2048 -nodes -keyout /config/cert.key -x509 -days 3650 -out /config/cert.crt -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}" fi -# set coturn admin user -turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} +# use non empty TURN_PUBLIC_IP variable, othervise set it dynamically. +[ -z "${TURN_PUBLIC_IP}" ] && export TURN_PUBLIC_IP=$(curl -4ks https://icanhazip.com) +[ -z "${TURN_PUBLIC_IP}" ] && echo "ERROR: variable TURN_PUBLIC_IP is not set and can not be set dynamically!" && kill 1 + +# set coturn web-admin access +if [[ "${TURN_ADMIN_ENABLE}" == "1" || "${TURN_ADMIN_ENABLE}" == "true" ]]; then + turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} + export TURN_ADMIN_OPTIONS="--web-admin --web-admin-ip=$(hostname -i) --web-admin-port=${TURN_ADMIN_PORT:-8443}" +fi # run coturn server with API auth method enabled. -turnserver -n \ +turnserver -n ${TURN_ADMIN_OPTIONS} \ --verbose \ --prod \ --no-tlsv1 \ @@ -18,8 +28,8 @@ turnserver -n \ --tls-listening-port=${TURN_PORT:-5349} \ --alt-listening-port=${TURN_PORT:-5349} \ --alt-tls-listening-port=${TURN_PORT:-5349} \ ---cert=/etc/ssl/cert.crt \ ---pkey=/etc/ssl/cert.key \ +--cert=/config/cert.crt \ +--pkey=/config/cert.key \ --min-port=${TURN_RTP_MIN:-10000} \ --max-port=${TURN_RTP_MAX:-11000} \ --no-stun \ @@ -27,12 +37,8 @@ turnserver -n \ --static-auth-secret=${TURN_SECRET:-keepthissecret} \ --no-multicast-peers \ --realm=${TURN_REALM:-realm} \ ---external-ip=$(curl -4k https://icanhazip.com 2>/dev/null) \ ---relay-ip=$(hostname -i) \ --listening-ip=$(hostname -i) \ ---web-admin \ ---web-admin-ip=$(hostname -i) \ ---web-admin-port=${TURN_ADMIN_PORT:-8443} \ ---no-cli \ ---cli-password=${TURN_ADMIN_SECRET:-changeme} +--external-ip=${TURN_PUBLIC_IP} \ +--cli-password=NotReallyCliUs3d \ +--no-cli From c6b12d607f3a34e2dd19296c976889639afb55d5 Mon Sep 17 00:00:00 2001 From: netaskd Date: Thu, 12 Dec 2019 18:48:42 +0200 Subject: [PATCH 03/35] turn: add forgotten variable TURN_ADMIN_ENABLE --- turn.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/turn.yml b/turn.yml index d267921f6e..32839bb282 100644 --- a/turn.yml +++ b/turn.yml @@ -14,15 +14,16 @@ services: - DOCKER_HOST_ADDRESS - TURN_SECRET - TURN_REALM - - TURN_ADMIN_USER - - TURN_ADMIN_SECRET - - TURN_ADMIN_PORT - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT - TURN_RTP_MIN - TURN_RTP_MAX + - TURN_ADMIN_ENABLE + - TURN_ADMIN_USER + - TURN_ADMIN_SECRET + - TURN_ADMIN_PORT networks: meet.jitsi: From e837f12dbee3ebd65ba909b2a72d1a5e52d8093f Mon Sep 17 00:00:00 2001 From: netaskd Date: Fri, 13 Dec 2019 18:37:44 +0200 Subject: [PATCH 04/35] turn: the second review --- docker-compose.yml | 1 - prosody/rootfs/etc/cont-init.d/10-config | 5 +++++ turn.yml | 3 ++- turn/Dockerfile | 2 ++ turn/rootfs/defaults/docker-entrypoint.sh | 2 -- 5 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4629be9e0b..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -167,7 +167,6 @@ services: - TZ - ENABLE_TURN - TURN_SECRET - - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index 82f02eb72d..c35e63e142 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -26,6 +26,11 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then fi cp -r /defaults/* /config +if [[ "${TURN_ENABLE}" == "1" || "${TURN_ENABLE}" == "true" ]]; then + [ -z "${GLOBAL_MODULES}" ] && export GLOBAL_MODULES="turncredentials" \ + || export GLOBAL_MODULES="${GLOBAL_MODULES},turncredentials" +fi + tpl /defaults/prosody.cfg.lua > $PROSODY_CFG tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua diff --git a/turn.yml b/turn.yml index 32839bb282..d52d44c2f9 100644 --- a/turn.yml +++ b/turn.yml @@ -5,6 +5,8 @@ services: turn: image: jitsi/turn restart: always + volumes: + - ${CONFIG}/turn:/config ports: - '${TURN_PORT}:${TURN_PORT}/tcp' - '${TURN_PORT}:${TURN_PORT}/udp' @@ -14,7 +16,6 @@ services: - DOCKER_HOST_ADDRESS - TURN_SECRET - TURN_REALM - - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT diff --git a/turn/Dockerfile b/turn/Dockerfile index 8f53ff7910..da62b7148a 100644 --- a/turn/Dockerfile +++ b/turn/Dockerfile @@ -7,5 +7,7 @@ ADD ./rootfs/defaults/docker-entrypoint.sh /docker-entrypoint.sh ENTRYPOINT ["/docker-entrypoint.sh"] +VOLUME ["/config"] + EXPOSE 5349 8443 10000:11000/udp diff --git a/turn/rootfs/defaults/docker-entrypoint.sh b/turn/rootfs/defaults/docker-entrypoint.sh index 08e406c795..28e397fb5a 100755 --- a/turn/rootfs/defaults/docker-entrypoint.sh +++ b/turn/rootfs/defaults/docker-entrypoint.sh @@ -1,6 +1,4 @@ #!/bin/ash -# create config dir if not exists -[ ! -d /config ] && mkdir /config # make certs if not exist if [[ ! -f /config/cert.crt || ! -f /config/cert.key ]]; then From c2b0d0ad005af799b5061a2273073358ff41e071 Mon Sep 17 00:00:00 2001 From: netaskd Date: Thu, 23 Apr 2020 15:06:40 +0300 Subject: [PATCH 05/35] base: add curl as necessary for getting mod_turncredentials.lua in prosody --- base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/Dockerfile b/base/Dockerfile index 79950e0a9c..46d1f932e5 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -23,7 +23,7 @@ RUN \ RUN \ [ "$JITSI_RELEASE" = "unstable" ] && \ apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y jq procps curl vim iputils-ping net-tools && \ + apt-dpkg-wrap apt-get install -y jq procps vim iputils-ping net-tools && \ apt-cleanup || \ true From 80208ba222cc02b06e86f5ac109929567f0dbc91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:03:22 +0200 Subject: [PATCH 06/35] release: stable-4857 * a81ad73 prosody: add support for lobby * baed605 web: fix removing closed captions button if transcription is enabled * edecacd etherpad: add ability to use a external server * a7563d4 jvb: use JVB_TCP_PORT for exposing the port * b235ea1 prosody: disable s2s module * 1d428a8 prosody: use a 2-stage build * 613c26c misc: working on latest * 4d72ee3 release: stable-4627-1 * 22b7063 examples: update Traefik v1 example * 1381b08 prosody: fix installing dependdencies * 2900c11 misc: add extra line to tag message * c57a84b misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..cb517946d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-4857 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-4857 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-4857 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 92709994e1..455bb59e86 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: etherpad/etherpad:1.8.6 + image: jitsi/etherpad:stable-4857 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..2ffdf4580a 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..fb83b3f62e 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-4857 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 8b9d2385a32013b588700ffe329a9f60f8ae7e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 07/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb517946d0..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-4857 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-4857 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-4857 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-4857 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 455bb59e86..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-4857 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 2ffdf4580a..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-4857 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index fb83b3f62e..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-4857 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 7b08d32f12d3004c60584462daf3f9d902e261aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:00:46 +0200 Subject: [PATCH 08/35] prosody: add support for lobby --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index cd3aa860d3..f86c5aab49 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -100,7 +100,7 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{end}} } - {{ if and $ENABLE_LOBBY (not $ENABLE_GUEST_DOMAIN) }} + {{ if $ENABLE_LOBBY }} main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}" lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}" {{ if .Env.XMPP_RECORDER_DOMAIN }} From 387a7150ca9a5f1dea84b0474cc9549b0091f39f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:03:22 +0200 Subject: [PATCH 09/35] release: stable-4857 * a81ad73 prosody: add support for lobby * baed605 web: fix removing closed captions button if transcription is enabled * edecacd etherpad: add ability to use a external server * a7563d4 jvb: use JVB_TCP_PORT for exposing the port * b235ea1 prosody: disable s2s module * 1d428a8 prosody: use a 2-stage build * 613c26c misc: working on latest * 4d72ee3 release: stable-4627-1 * 22b7063 examples: update Traefik v1 example * 1381b08 prosody: fix installing dependdencies * 2900c11 misc: add extra line to tag message * c57a84b misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..cb517946d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-4857 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-4857 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-4857 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..455bb59e86 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-4857 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..2ffdf4580a 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..fb83b3f62e 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-4857 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 5be94701fdf530a5f0be0a1cd93c9ca553fa16cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 10/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb517946d0..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-4857 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-4857 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-4857 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-4857 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 455bb59e86..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-4857 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 2ffdf4580a..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-4857 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index fb83b3f62e..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-4857 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 1f40f2fa0e80d5c4b83a307ea06b22bb06969ba9 Mon Sep 17 00:00:00 2001 From: ChrisPortman Date: Thu, 13 Aug 2020 19:17:16 +1000 Subject: [PATCH 11/35] prosody: configure lobby on the guest domain is necessary If the lobby is enabled and ENABLE_AUTH and ENABLE_GUESTS is true, and therefore the guest.$XMPP_DOMAIN domain is to be defined, the lobby config should be placed in the guest domain. --- prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index f86c5aab49..cd3aa860d3 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -100,7 +100,7 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{end}} } - {{ if $ENABLE_LOBBY }} + {{ if and $ENABLE_LOBBY (not $ENABLE_GUEST_DOMAIN) }} main_muc = "{{ .Env.XMPP_MUC_DOMAIN }}" lobby_muc = "lobby.{{ .Env.XMPP_DOMAIN }}" {{ if .Env.XMPP_RECORDER_DOMAIN }} From 20e7104454251fdf7465ff5ea349a07b008e5801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Domas?= <2965063+paweldomas@users.noreply.github.com> Date: Fri, 2 Oct 2020 09:44:36 -0500 Subject: [PATCH 12/35] jicofo: no auth URL in JWT auth mode There's no need to have Jicofo involved in authentication when JWT authentication type is configured in Prosody in which case Prosody plugins are validating the token when user tries to enter a MUC. This mechanism was initially designed for 'internal' Prosody XMPP authentication with guest access. In this mode only admin users are allowed to create MUC rooms and Jicofo is an admin. In this flow, a user first joins from domain with authentication enabled and it will receive a session ID from Jicofo. Now the client will store this session ID in the local storage and use it next time when coming back to Jitsi Meet to make Jicofo create a MUC room for him/her. https://jitsi.github.io/handbook/docs/devops-guide/secure-domain The EXT_JWT mode was an experiment at some point, but now should probably be removed. It may come handy only in case where there is no JWT verification in Prosody and all users connect as anonymous and MUC creation is only allowed to Jicofo. --- jicofo/rootfs/defaults/sip-communicator.properties | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/jicofo/rootfs/defaults/sip-communicator.properties b/jicofo/rootfs/defaults/sip-communicator.properties index dc3b49c18a..7af95e90d3 100644 --- a/jicofo/rootfs/defaults/sip-communicator.properties +++ b/jicofo/rootfs/defaults/sip-communicator.properties @@ -25,10 +25,6 @@ org.jitsi.jicofo.XMPP_MUC_COMPONENT_PREFIX={{ first (splitList "." .Env.XMPP_MUC {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} -{{ if $ENABLE_AUTH }} - {{ if eq $AUTH_TYPE "jwt" }} -org.jitsi.jicofo.auth.URL=EXT_JWT:{{ .Env.XMPP_DOMAIN }} - {{ else }} +{{ if and $ENABLE_AUTH (ne $AUTH_TYPE "jwt") }} org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }} - {{ end }} {{ end }} From 888e03de212ca886bc60c61e8868564f6d49079d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:21:16 +0200 Subject: [PATCH 13/35] release: stable-5076 * 5ceaf5f web: add IPv6 support * aff3775 xmpp: allow recorders to bypass lobby * ad5625b jvb: switch to WebSocket based bridge channels * 8110336 web: add ability to configure the nginx resolver * 2f47518 jicofo: no auth URL in JWT auth mode * c149463 web: build config.js on each boot * c792bbc base: update frep * bec928c prosody: configure lobby on the guest domain is necessary * bcbd977 jicofo: pass XMPP_MUC_DOMAIN through docker-compose.yml * 8f9caa4 jicofo: set XMPP_MUC_COMPONENT_PREFIX * 2a0120d web: set security headers also for non HTTPS * e6586f2 jvb: set LOCAL_ADDRESS to the correct local IP (#630) * 97f5e75 base: optimize size * b78c89e misc: minor Dockerfile Improvements * a754519 misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..a04af93ea9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-5076 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-5076 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-5076 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..323b7fbefb 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-5076 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..5472b77570 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..a081d6fa20 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-5076 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 4fad2338c06bcd3997d0dbb839a69461f75fd786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:26:25 +0200 Subject: [PATCH 14/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a04af93ea9..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-5076 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-5076 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-5076 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-5076 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 323b7fbefb..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-5076 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 5472b77570..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-5076 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index a081d6fa20..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-5076 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From d5de8c5f1be567d960a9af5cc039f8f24a3681e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:03:22 +0200 Subject: [PATCH 15/35] release: stable-4857 * a81ad73 prosody: add support for lobby * baed605 web: fix removing closed captions button if transcription is enabled * edecacd etherpad: add ability to use a external server * a7563d4 jvb: use JVB_TCP_PORT for exposing the port * b235ea1 prosody: disable s2s module * 1d428a8 prosody: use a 2-stage build * 613c26c misc: working on latest * 4d72ee3 release: stable-4627-1 * 22b7063 examples: update Traefik v1 example * 1381b08 prosody: fix installing dependdencies * 2900c11 misc: add extra line to tag message * c57a84b misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..cb517946d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-4857 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-4857 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-4857 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..455bb59e86 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-4857 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..2ffdf4580a 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..fb83b3f62e 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-4857 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 63ded206781829129aeb0881fae871801fd9b844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 16/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb517946d0..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-4857 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-4857 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-4857 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-4857 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 455bb59e86..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-4857 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 2ffdf4580a..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-4857 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index fb83b3f62e..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-4857 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From da80b37e53481dcc265eeb6e7521d22da582ed56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:21:16 +0200 Subject: [PATCH 17/35] release: stable-5076 * 5ceaf5f web: add IPv6 support * aff3775 xmpp: allow recorders to bypass lobby * ad5625b jvb: switch to WebSocket based bridge channels * 8110336 web: add ability to configure the nginx resolver * 2f47518 jicofo: no auth URL in JWT auth mode * c149463 web: build config.js on each boot * c792bbc base: update frep * bec928c prosody: configure lobby on the guest domain is necessary * bcbd977 jicofo: pass XMPP_MUC_DOMAIN through docker-compose.yml * 8f9caa4 jicofo: set XMPP_MUC_COMPONENT_PREFIX * 2a0120d web: set security headers also for non HTTPS * e6586f2 jvb: set LOCAL_ADDRESS to the correct local IP (#630) * 97f5e75 base: optimize size * b78c89e misc: minor Dockerfile Improvements * a754519 misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..a04af93ea9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-5076 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-5076 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-5076 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..323b7fbefb 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-5076 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..5472b77570 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..a081d6fa20 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-5076 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 441a987b18b2d0ddfb82e39cd62d81a9d7899787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:26:25 +0200 Subject: [PATCH 18/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a04af93ea9..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-5076 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-5076 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-5076 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-5076 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 323b7fbefb..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-5076 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 5472b77570..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-5076 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index a081d6fa20..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-5076 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 2eb46ef10ab16cbb5829c0e2730e2dc26161e4cb Mon Sep 17 00:00:00 2001 From: goacid Date: Thu, 26 Nov 2020 13:44:20 +0100 Subject: [PATCH 19/35] Fix after rebase --- base/Dockerfile | 2 +- jicofo/rootfs/defaults/sip-communicator.properties | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/base/Dockerfile b/base/Dockerfile index 46d1f932e5..79950e0a9c 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -23,7 +23,7 @@ RUN \ RUN \ [ "$JITSI_RELEASE" = "unstable" ] && \ apt-dpkg-wrap apt-get update && \ - apt-dpkg-wrap apt-get install -y jq procps vim iputils-ping net-tools && \ + apt-dpkg-wrap apt-get install -y jq procps curl vim iputils-ping net-tools && \ apt-cleanup || \ true diff --git a/jicofo/rootfs/defaults/sip-communicator.properties b/jicofo/rootfs/defaults/sip-communicator.properties index 7af95e90d3..dc3b49c18a 100644 --- a/jicofo/rootfs/defaults/sip-communicator.properties +++ b/jicofo/rootfs/defaults/sip-communicator.properties @@ -25,6 +25,10 @@ org.jitsi.jicofo.XMPP_MUC_COMPONENT_PREFIX={{ first (splitList "." .Env.XMPP_MUC {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} -{{ if and $ENABLE_AUTH (ne $AUTH_TYPE "jwt") }} +{{ if $ENABLE_AUTH }} + {{ if eq $AUTH_TYPE "jwt" }} +org.jitsi.jicofo.auth.URL=EXT_JWT:{{ .Env.XMPP_DOMAIN }} + {{ else }} org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }} + {{ end }} {{ end }} From a349d009cac07aeeb3d94c81724d9efc77cd8505 Mon Sep 17 00:00:00 2001 From: goacid Date: Fri, 27 Nov 2020 15:57:41 +0100 Subject: [PATCH 20/35] Turn : Add Letsencrypt support. --- turn.yml | 5 ++ turn/Dockerfile | 2 + turn/rootfs/defaults/docker-entrypoint.sh | 42 ------------ turn/rootfs/defaults/letsencrypt-renew | 7 ++ turn/rootfs/docker-entrypoint.sh | 84 +++++++++++++++++++++++ 5 files changed, 98 insertions(+), 42 deletions(-) delete mode 100755 turn/rootfs/defaults/docker-entrypoint.sh create mode 100644 turn/rootfs/defaults/letsencrypt-renew create mode 100755 turn/rootfs/docker-entrypoint.sh diff --git a/turn.yml b/turn.yml index d52d44c2f9..46ee9a4d84 100644 --- a/turn.yml +++ b/turn.yml @@ -12,6 +12,7 @@ services: - '${TURN_PORT}:${TURN_PORT}/udp' - '${TURN_RTP_MIN}-${TURN_RTP_MAX}:${TURN_RTP_MIN}-${TURN_RTP_MAX}/udp' - '${TURN_ADMIN_PORT}:${TURN_ADMIN_PORT}/tcp' + - '80:80' environment: - DOCKER_HOST_ADDRESS - TURN_SECRET @@ -25,6 +26,10 @@ services: - TURN_ADMIN_USER - TURN_ADMIN_SECRET - TURN_ADMIN_PORT + - DISABLE_HTTPS + - ENABLE_LETSENCRYPT + - LETSENCRYPT_DOMAIN + - LETSENCRYPT_EMAIL networks: meet.jitsi: diff --git a/turn/Dockerfile b/turn/Dockerfile index da62b7148a..365f0ab423 100644 --- a/turn/Dockerfile +++ b/turn/Dockerfile @@ -2,6 +2,8 @@ ARG VERSION FROM instrumentisto/coturn:${VERSION:-latest} RUN apk add --no-cache openssl +RUN apk add --no-cache certbot +RUN apk add --no-cache bash ADD ./rootfs/defaults/docker-entrypoint.sh /docker-entrypoint.sh diff --git a/turn/rootfs/defaults/docker-entrypoint.sh b/turn/rootfs/defaults/docker-entrypoint.sh deleted file mode 100755 index 28e397fb5a..0000000000 --- a/turn/rootfs/defaults/docker-entrypoint.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/ash - -# make certs if not exist -if [[ ! -f /config/cert.crt || ! -f /config/cert.key ]]; then - openssl req -newkey rsa:2048 -nodes -keyout /config/cert.key -x509 -days 3650 -out /config/cert.crt -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}" -fi - -# use non empty TURN_PUBLIC_IP variable, othervise set it dynamically. -[ -z "${TURN_PUBLIC_IP}" ] && export TURN_PUBLIC_IP=$(curl -4ks https://icanhazip.com) -[ -z "${TURN_PUBLIC_IP}" ] && echo "ERROR: variable TURN_PUBLIC_IP is not set and can not be set dynamically!" && kill 1 - -# set coturn web-admin access -if [[ "${TURN_ADMIN_ENABLE}" == "1" || "${TURN_ADMIN_ENABLE}" == "true" ]]; then - turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} - export TURN_ADMIN_OPTIONS="--web-admin --web-admin-ip=$(hostname -i) --web-admin-port=${TURN_ADMIN_PORT:-8443}" -fi - -# run coturn server with API auth method enabled. -turnserver -n ${TURN_ADMIN_OPTIONS} \ ---verbose \ ---prod \ ---no-tlsv1 \ ---no-tlsv1_1 \ ---log-file=stdout \ ---listening-port=${TURN_PORT:-5349} \ ---tls-listening-port=${TURN_PORT:-5349} \ ---alt-listening-port=${TURN_PORT:-5349} \ ---alt-tls-listening-port=${TURN_PORT:-5349} \ ---cert=/config/cert.crt \ ---pkey=/config/cert.key \ ---min-port=${TURN_RTP_MIN:-10000} \ ---max-port=${TURN_RTP_MAX:-11000} \ ---no-stun \ ---use-auth-secret \ ---static-auth-secret=${TURN_SECRET:-keepthissecret} \ ---no-multicast-peers \ ---realm=${TURN_REALM:-realm} \ ---listening-ip=$(hostname -i) \ ---external-ip=${TURN_PUBLIC_IP} \ ---cli-password=NotReallyCliUs3d \ ---no-cli - diff --git a/turn/rootfs/defaults/letsencrypt-renew b/turn/rootfs/defaults/letsencrypt-renew new file mode 100644 index 0000000000..62233dfb9c --- /dev/null +++ b/turn/rootfs/defaults/letsencrypt-renew @@ -0,0 +1,7 @@ +#!/bin/bash + +certbot --no-self-upgrade -n renew >> /config/le-renew.log + +# Not sur it reload the service ... +/bin/kill -HUP `cat /var/run/turnserver.pid 2>/dev/null` 2> /dev/null || true +exit 0 \ No newline at end of file diff --git a/turn/rootfs/docker-entrypoint.sh b/turn/rootfs/docker-entrypoint.sh new file mode 100755 index 0000000000..ad303a2696 --- /dev/null +++ b/turn/rootfs/docker-entrypoint.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +mkdir -p /config/keys +# make certs if not exist +# generate keys (maybe) +if [[ $DISABLE_HTTPS -ne 1 ]]; then + if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then + if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then + if ! certbot \ + certonly \ + --no-self-upgrade \ + --noninteractive \ + --standalone \ + --preferred-challenges http \ + -d $LETSENCRYPT_DOMAIN \ + --agree-tos \ + --email $LETSENCRYPT_EMAIL; then + + echo "Failed to obtain a certificate from the Let's Encrypt CA." + # this tries to get the user's attention and to spare the + # authority's rate limit: + sleep 15 + echo "Exiting." + exit 1 + else + echo "Let's Encrypt certificate generated." + cp -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem /config/keys/cert.crt + cp -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/privkey.pem /config/keys/cert.key + fi + fi + + # setup certbot renewal script + if [[ ! -f /etc/periodic/weekly/letencrypt-renew ]]; then + cp /defaults/letsencrypt-renew /etc/periodic/weekly/ + fi + else + # use self-signed certs + if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then + echo "using keys found in /config/keys" + else + echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required" + SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*" + openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT" + fi + fi +fi + +# use non empty TURN_PUBLIC_IP variable, othervise set it dynamically. +[ -z "${TURN_PUBLIC_IP}" ] && export TURN_PUBLIC_IP=$(curl -4ks https://icanhazip.com) +[ -z "${TURN_PUBLIC_IP}" ] && echo "ERROR: variable TURN_PUBLIC_IP is not set and can not be set dynamically!" && kill 1 + +# set coturn web-admin access +if [[ "${TURN_ADMIN_ENABLE}" == "1" || "${TURN_ADMIN_ENABLE}" == "true" ]]; then + turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} + export TURN_ADMIN_OPTIONS="--web-admin --web-admin-ip=$(hostname -i) --web-admin-port=${TURN_ADMIN_PORT:-8443}" +fi + +#run cron +crond + +# run coturn server with API auth method enabled. +turnserver -n ${TURN_ADMIN_OPTIONS} \ + --verbose \ + --prod \ + --no-tlsv1 \ + --no-tlsv1_1 \ + --log-file=stdout \ + --listening-port=${TURN_PORT:-5349} \ + --tls-listening-port=${TURN_PORT:-5349} \ + --alt-listening-port=${TURN_PORT:-5349} \ + --alt-tls-listening-port=${TURN_PORT:-5349} \ + --cert=/config/keys/cert.crt \ + --pkey=/config/keys/cert.key \ + --min-port=${TURN_RTP_MIN:-10000} \ + --max-port=${TURN_RTP_MAX:-11000} \ + --no-stun \ + --use-auth-secret \ + --static-auth-secret=${TURN_SECRET:-keepthissecret} \ + --no-multicast-peers \ + --realm=${TURN_REALM:-realm} \ + --listening-ip=$(hostname -i) \ + --external-ip=${TURN_PUBLIC_IP} \ + --cli-password=NotReallyCliUs3d \ + --no-cli From c117521b75753c387d3dc611e8bb96f513fab11b Mon Sep 17 00:00:00 2001 From: goacid Date: Fri, 27 Nov 2020 15:58:07 +0100 Subject: [PATCH 21/35] Prosody : remove mod_credential --- prosody/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 8e605f89d8..c2da8ea673 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -45,9 +45,6 @@ RUN \ && rm -rf /tmp/pkg /var/cache/apt RUN patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch -RUN \ - curl -4so /prosody-plugins/mod_turncredentials.lua \ - https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua COPY rootfs/ / From 970f13c9a7a1c456336fbe83979cecddeacc6302 Mon Sep 17 00:00:00 2001 From: Paul Tiedtke Date: Tue, 31 Mar 2020 13:41:57 +0200 Subject: [PATCH 22/35] etherpad: use official image and making skin full width --- etherpad.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..92709994e1 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: etherpad/etherpad:1.8.6 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" From c3befc08174a6ce856d2e942a94223a762cfcfbb Mon Sep 17 00:00:00 2001 From: netaskd Date: Wed, 11 Dec 2019 18:49:42 +0200 Subject: [PATCH 23/35] turn: add TURN server --- docker-compose.yml | 1 + prosody/Dockerfile | 3 ++ turn.yml | 9 +++--- turn/Dockerfile | 3 +- turn/rootfs/defaults/docker-entrypoint.sh | 38 +++++++++++++++++++++++ 5 files changed, 48 insertions(+), 6 deletions(-) create mode 100755 turn/rootfs/defaults/docker-entrypoint.sh diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..4629be9e0b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -167,6 +167,7 @@ services: - TZ - ENABLE_TURN - TURN_SECRET + - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT diff --git a/prosody/Dockerfile b/prosody/Dockerfile index c2da8ea673..8e605f89d8 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -45,6 +45,9 @@ RUN \ && rm -rf /tmp/pkg /var/cache/apt RUN patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch +RUN \ + curl -4so /prosody-plugins/mod_turncredentials.lua \ + https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua COPY rootfs/ / diff --git a/turn.yml b/turn.yml index 46ee9a4d84..1df2f910e1 100644 --- a/turn.yml +++ b/turn.yml @@ -17,15 +17,16 @@ services: - DOCKER_HOST_ADDRESS - TURN_SECRET - TURN_REALM + - TURN_ADMIN_ENABLE + - TURN_ADMIN_USER + - TURN_ADMIN_SECRET + - TURN_ADMIN_PORT + - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT - TURN_RTP_MIN - TURN_RTP_MAX - - TURN_ADMIN_ENABLE - - TURN_ADMIN_USER - - TURN_ADMIN_SECRET - - TURN_ADMIN_PORT - DISABLE_HTTPS - ENABLE_LETSENCRYPT - LETSENCRYPT_DOMAIN diff --git a/turn/Dockerfile b/turn/Dockerfile index 365f0ab423..656beb4f91 100644 --- a/turn/Dockerfile +++ b/turn/Dockerfile @@ -11,5 +11,4 @@ ENTRYPOINT ["/docker-entrypoint.sh"] VOLUME ["/config"] -EXPOSE 5349 8443 10000:11000/udp - +EXPOSE 80 5349 8443 10000:11000/udp \ No newline at end of file diff --git a/turn/rootfs/defaults/docker-entrypoint.sh b/turn/rootfs/defaults/docker-entrypoint.sh new file mode 100755 index 0000000000..cc54a71871 --- /dev/null +++ b/turn/rootfs/defaults/docker-entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/ash +# make certs if not exist +if [[ ! -f /etc/ssl/cert.crt || ! -f /etc/ssl/cert.key ]]; then + openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out certificate.pem -subj "/C=US/ST=NY/L=NY/O=IT/CN=${TURN_HOST}" +fi + +# set coturn admin user +turnadmin -A -u ${TURN_ADMIN_USER:-admin} -p ${TURN_ADMIN_SECRET:-changeme} + +# run coturn server with API auth method enabled. +turnserver -n \ +--verbose \ +--prod \ +--no-tlsv1 \ +--no-tlsv1_1 \ +--log-file=stdout \ +--listening-port=${TURN_PORT:-5349} \ +--tls-listening-port=${TURN_PORT:-5349} \ +--alt-listening-port=${TURN_PORT:-5349} \ +--alt-tls-listening-port=${TURN_PORT:-5349} \ +--cert=/etc/ssl/cert.crt \ +--pkey=/etc/ssl/cert.key \ +--min-port=${TURN_RTP_MIN:-10000} \ +--max-port=${TURN_RTP_MAX:-11000} \ +--no-stun \ +--use-auth-secret \ +--static-auth-secret=${TURN_SECRET:-keepthissecret} \ +--no-multicast-peers \ +--realm=${TURN_REALM:-realm} \ +--external-ip=$(curl -4k https://icanhazip.com 2>/dev/null) \ +--relay-ip=$(hostname -i) \ +--listening-ip=$(hostname -i) \ +--web-admin \ +--web-admin-ip=$(hostname -i) \ +--web-admin-port=${TURN_ADMIN_PORT:-8443} \ +--no-cli \ +--cli-password=${TURN_ADMIN_SECRET:-changeme} + From 0edd80db2576e865b1da0b4fcb1519ea87785b3c Mon Sep 17 00:00:00 2001 From: netaskd Date: Fri, 13 Dec 2019 18:37:44 +0200 Subject: [PATCH 24/35] turn: the second review --- docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4629be9e0b..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -167,7 +167,6 @@ services: - TZ - ENABLE_TURN - TURN_SECRET - - TURN_TYPE - TURN_HOST - TURN_PORT - TURN_TRANSPORT From f49a2b2f8318be2ec0080c89e3369f6e85ac5f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 25/35] misc: working on latest --- etherpad.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etherpad.yml b/etherpad.yml index 92709994e1..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: etherpad/etherpad:1.8.6 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" From 9b77048d71dcbbe025dc01ef6341c5d297a1d390 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:03:22 +0200 Subject: [PATCH 26/35] release: stable-4857 * a81ad73 prosody: add support for lobby * baed605 web: fix removing closed captions button if transcription is enabled * edecacd etherpad: add ability to use a external server * a7563d4 jvb: use JVB_TCP_PORT for exposing the port * b235ea1 prosody: disable s2s module * 1d428a8 prosody: use a 2-stage build * 613c26c misc: working on latest * 4d72ee3 release: stable-4627-1 * 22b7063 examples: update Traefik v1 example * 1381b08 prosody: fix installing dependdencies * 2900c11 misc: add extra line to tag message * c57a84b misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..cb517946d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-4857 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-4857 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-4857 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..455bb59e86 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-4857 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..2ffdf4580a 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..fb83b3f62e 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-4857 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 005316316027634d958e3d8c52a63d4137ede6ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 27/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb517946d0..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-4857 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-4857 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-4857 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-4857 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 455bb59e86..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-4857 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 2ffdf4580a..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-4857 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index fb83b3f62e..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-4857 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 3562942d4daa3c174a5cde093455d84dfc838d84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:21:16 +0200 Subject: [PATCH 28/35] release: stable-5076 * 5ceaf5f web: add IPv6 support * aff3775 xmpp: allow recorders to bypass lobby * ad5625b jvb: switch to WebSocket based bridge channels * 8110336 web: add ability to configure the nginx resolver * 2f47518 jicofo: no auth URL in JWT auth mode * c149463 web: build config.js on each boot * c792bbc base: update frep * bec928c prosody: configure lobby on the guest domain is necessary * bcbd977 jicofo: pass XMPP_MUC_DOMAIN through docker-compose.yml * 8f9caa4 jicofo: set XMPP_MUC_COMPONENT_PREFIX * 2a0120d web: set security headers also for non HTTPS * e6586f2 jvb: set LOCAL_ADDRESS to the correct local IP (#630) * 97f5e75 base: optimize size * b78c89e misc: minor Dockerfile Improvements * a754519 misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..a04af93ea9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-5076 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-5076 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-5076 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..323b7fbefb 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-5076 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..5472b77570 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..a081d6fa20 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-5076 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 902b7b712271f8eef4f83972996558e2ce8445dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:26:25 +0200 Subject: [PATCH 29/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a04af93ea9..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-5076 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-5076 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-5076 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-5076 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 323b7fbefb..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-5076 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 5472b77570..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-5076 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index a081d6fa20..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-5076 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From b325704140a629bbded68cd2f060c888bec7f2a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:03:22 +0200 Subject: [PATCH 30/35] release: stable-4857 * a81ad73 prosody: add support for lobby * baed605 web: fix removing closed captions button if transcription is enabled * edecacd etherpad: add ability to use a external server * a7563d4 jvb: use JVB_TCP_PORT for exposing the port * b235ea1 prosody: disable s2s module * 1d428a8 prosody: use a 2-stage build * 613c26c misc: working on latest * 4d72ee3 release: stable-4627-1 * 22b7063 examples: update Traefik v1 example * 1381b08 prosody: fix installing dependdencies * 2900c11 misc: add extra line to tag message * c57a84b misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..cb517946d0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-4857 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-4857 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-4857 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..455bb59e86 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-4857 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..2ffdf4580a 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-4857 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..fb83b3f62e 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-4857 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 763c087849900e31ffe88dbc0b7e5763ad052e85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 22 Jul 2020 11:07:40 +0200 Subject: [PATCH 31/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb517946d0..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-4857 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-4857 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-4857 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-4857 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 455bb59e86..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-4857 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 2ffdf4580a..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-4857 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index fb83b3f62e..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-4857 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 912bfe79c0bce7968d701ff7cb395b4c651f2974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:21:16 +0200 Subject: [PATCH 32/35] release: stable-5076 * 5ceaf5f web: add IPv6 support * aff3775 xmpp: allow recorders to bypass lobby * ad5625b jvb: switch to WebSocket based bridge channels * 8110336 web: add ability to configure the nginx resolver * 2f47518 jicofo: no auth URL in JWT auth mode * c149463 web: build config.js on each boot * c792bbc base: update frep * bec928c prosody: configure lobby on the guest domain is necessary * bcbd977 jicofo: pass XMPP_MUC_DOMAIN through docker-compose.yml * 8f9caa4 jicofo: set XMPP_MUC_COMPONENT_PREFIX * 2a0120d web: set security headers also for non HTTPS * e6586f2 jvb: set LOCAL_ADDRESS to the correct local IP (#630) * 97f5e75 base: optimize size * b78c89e misc: minor Dockerfile Improvements * a754519 misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6a5bb3ef69..a04af93ea9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:latest + image: jitsi/web:stable-5076 restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:latest + image: jitsi/prosody:stable-5076 restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:latest + image: jitsi/jicofo:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:latest + image: jitsi/jvb:stable-5076 restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..323b7fbefb 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: jitsi/etherpad:stable-5076 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 67b5b9807f..5472b77570 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:latest + image: jitsi/jibri:stable-5076 restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index b50ab71297..a081d6fa20 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:latest + image: jitsi/jigasi:stable-5076 restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From 35047496ee9d805c5ed74930a88ee39b8ad79fd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Fri, 2 Oct 2020 17:26:25 +0200 Subject: [PATCH 33/35] misc: working on latest --- docker-compose.yml | 8 ++++---- etherpad.yml | 2 +- jibri.yml | 2 +- jigasi.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a04af93ea9..6a5bb3ef69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Frontend web: - image: jitsi/web:stable-5076 + image: jitsi/web:latest restart: ${RESTART_POLICY} ports: - '${HTTP_PORT}:80' @@ -103,7 +103,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:stable-5076 + image: jitsi/prosody:latest restart: ${RESTART_POLICY} expose: - '5222' @@ -177,7 +177,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:stable-5076 + image: jitsi/jicofo:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jicofo:/config:Z @@ -206,7 +206,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:stable-5076 + image: jitsi/jvb:latest restart: ${RESTART_POLICY} ports: - '${JVB_PORT}:${JVB_PORT}/udp' diff --git a/etherpad.yml b/etherpad.yml index 323b7fbefb..7d979503b9 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:stable-5076 + image: jitsi/etherpad:latest restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/jibri.yml b/jibri.yml index 5472b77570..67b5b9807f 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3' services: jibri: - image: jitsi/jibri:stable-5076 + image: jitsi/jibri:latest restart: ${RESTART_POLICY} volumes: - ${CONFIG}/jibri:/config:Z diff --git a/jigasi.yml b/jigasi.yml index a081d6fa20..b50ab71297 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:stable-5076 + image: jitsi/jigasi:latest restart: ${RESTART_POLICY} ports: - '${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}:${JIGASI_PORT_MIN}-${JIGASI_PORT_MAX}/udp' From dce2fa6b388ae670cff274688f80edac72644398 Mon Sep 17 00:00:00 2001 From: goacid Date: Thu, 17 Dec 2020 14:56:57 +0100 Subject: [PATCH 34/35] Turn : cleaning code --- Makefile | 2 +- etherpad.yml | 2 +- prosody/Dockerfile | 3 --- prosody/rootfs/defaults/prosody.cfg.lua | 2 +- prosody/rootfs/etc/cont-init.d/10-config | 2 +- turn/Dockerfile | 2 +- turn/rootfs/defaults/letsencrypt-renew | 2 +- 7 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 757c8f076b..1cccd104dc 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ FORCE_REBUILD ?= 0 JITSI_RELEASE ?= stable JITSI_BUILD ?= latest JITSI_REPO ?= jitsi -JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi etherpad jibri turn +JITSI_SERVICES ?= base base-java web prosody jicofo jvb jigasi jibri turn BUILD_ARGS := --build-arg JITSI_REPO=$(JITSI_REPO) --build-arg JITSI_RELEASE=$(JITSI_RELEASE) ifeq ($(FORCE_REBUILD), 1) diff --git a/etherpad.yml b/etherpad.yml index 7d979503b9..92709994e1 100644 --- a/etherpad.yml +++ b/etherpad.yml @@ -3,7 +3,7 @@ version: '3' services: # Etherpad: real-time collaborative document editing etherpad: - image: jitsi/etherpad:latest + image: etherpad/etherpad:1.8.6 restart: ${RESTART_POLICY} environment: - TITLE="${ETHERPAD_TITLE}" diff --git a/prosody/Dockerfile b/prosody/Dockerfile index 8e605f89d8..c2da8ea673 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -45,9 +45,6 @@ RUN \ && rm -rf /tmp/pkg /var/cache/apt RUN patch -d /usr/lib/prosody/modules/muc -p0 < /prosody-plugins/muc_owner_allow_kick.patch -RUN \ - curl -4so /prosody-plugins/mod_turncredentials.lua \ - https://raw.githubusercontent.com/netaskd/mod_turncredentials/master/mod_turncredentials.lua COPY rootfs/ / diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index 9402a02eea..9a4ed549f0 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -186,4 +186,4 @@ turncredentials = { transport = "{{ .Env.TURN_TRANSPORT | default "tcp" }}" } {{ end }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index c35e63e142..c4699a8587 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -26,7 +26,7 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then fi cp -r /defaults/* /config -if [[ "${TURN_ENABLE}" == "1" || "${TURN_ENABLE}" == "true" ]]; then +if [[ "${ENABLE_TURN}" == "1" || "${ENABLE_TURN}" == "true" ]]; then [ -z "${GLOBAL_MODULES}" ] && export GLOBAL_MODULES="turncredentials" \ || export GLOBAL_MODULES="${GLOBAL_MODULES},turncredentials" fi diff --git a/turn/Dockerfile b/turn/Dockerfile index 656beb4f91..5a20bae148 100644 --- a/turn/Dockerfile +++ b/turn/Dockerfile @@ -11,4 +11,4 @@ ENTRYPOINT ["/docker-entrypoint.sh"] VOLUME ["/config"] -EXPOSE 80 5349 8443 10000:11000/udp \ No newline at end of file +EXPOSE 80 5349 8443 10000:11000/udp diff --git a/turn/rootfs/defaults/letsencrypt-renew b/turn/rootfs/defaults/letsencrypt-renew index 62233dfb9c..c64f6bea24 100644 --- a/turn/rootfs/defaults/letsencrypt-renew +++ b/turn/rootfs/defaults/letsencrypt-renew @@ -4,4 +4,4 @@ certbot --no-self-upgrade -n renew >> /config/le-renew.log # Not sur it reload the service ... /bin/kill -HUP `cat /var/run/turnserver.pid 2>/dev/null` 2> /dev/null || true -exit 0 \ No newline at end of file +exit 0 From 7a0116f1d07a8fb1b9dceb13fb719ab150c8b005 Mon Sep 17 00:00:00 2001 From: goacid Date: Tue, 18 May 2021 11:22:21 +0200 Subject: [PATCH 35/35] Change source image from official coturn image ubuntu based. --- turn/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/turn/Dockerfile b/turn/Dockerfile index 5a20bae148..9772a1142b 100644 --- a/turn/Dockerfile +++ b/turn/Dockerfile @@ -1,8 +1,9 @@ ARG VERSION -FROM instrumentisto/coturn:${VERSION:-latest} +FROM coturn/coturn:${VERSION:-latest} RUN apk add --no-cache openssl RUN apk add --no-cache certbot +RUN apk add --no-cache curl RUN apk add --no-cache bash ADD ./rootfs/defaults/docker-entrypoint.sh /docker-entrypoint.sh