diff --git a/docker-compose.yml b/docker-compose.yml index d0541d92..558946ba 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,6 +15,7 @@ services: environment: - ENABLE_LETSENCRYPT - ENABLE_HTTP_REDIRECT + - ENABLE_XMPP_WEBSOCKET - DISABLE_HTTPS - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL @@ -30,7 +31,6 @@ services: - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - CONFCODE_URL - - CONFIG_BOSH_HOST - CONFIG_EXTERNAL_CONNECT - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE @@ -61,7 +61,6 @@ services: - ENABLE_TALK_WHILE_MUTED - ENABLE_TCC - ENABLE_TRANSCRIPTIONS - - ENABLE_WEBSOCKETS - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE - GOOGLE_ANALYTICS_ID @@ -110,6 +109,7 @@ services: - ENABLE_AUTH - ENABLE_GUESTS - ENABLE_LOBBY + - ENABLE_XMPP_WEBSOCKET - GLOBAL_MODULES - GLOBAL_CONFIG - LDAP_URL @@ -154,6 +154,7 @@ services: - JWT_AUTH_TYPE - JWT_TOKEN_AUTH_MODULE - LOG_LEVEL + - PUBLIC_URL - TZ networks: meet.jitsi: diff --git a/env.example b/env.example index b01bd041..d5b979be 100644 --- a/env.example +++ b/env.example @@ -329,6 +329,9 @@ JIBRI_LOGS_DIR=/config/logs # Necessary for Let's Encrypt, relies on standard HTTPS port (443) #ENABLE_HTTP_REDIRECT=1 +# Enabled XMPP traffic over WebSocket (PUBLIC_URL must be defined!) +#ENABLE_XMPP_WEBSOCKET=1 + # Container restart policy # Defaults to unless-stopped RESTART_POLICY=unless-stopped diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index e8499b19..4dda2530 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -15,6 +15,9 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}" {{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }} {{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "0" | toBool }} +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }} +{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}} + {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } {{ end }} @@ -23,6 +26,13 @@ asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSU asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } {{ end }} +{{ if $ENABLE_XMPP_WEBSOCKET }} +-- Deprecated in 0.12 +-- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de +cross_domain_websocket = { "{{ $PUBLIC_URL }}" }; +consider_bosh_secure = true; +{{ end }} + VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} {{ if eq $AUTH_TYPE "jwt" }} @@ -42,7 +52,15 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" authentication = "internal_hashed" {{ end }} {{ else }} + -- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339 + {{ if $ENABLE_XMPP_WEBSOCKET }} + authentication = "token" + {{ else }} authentication = "anonymous" + {{ end }} + app_id = "" + app_secret = "" + allow_empty_token = true {{ end }} ssl = { key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key"; @@ -50,6 +68,10 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" } modules_enabled = { "bosh"; + {{ if $ENABLE_XMPP_WEBSOCKET }} + "websocket"; + "smacks"; -- XEP-0198: Stream Management + {{ end }} "pubsub"; "ping"; "speakerstats"; @@ -80,7 +102,16 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}" {{ if $ENABLE_GUEST_DOMAIN }} VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}" + -- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339 + {{ if $ENABLE_XMPP_WEBSOCKET }} + authentication = "token" + {{ else }} authentication = "anonymous" + {{ end }} + app_id = "" + app_secret = "" + allow_empty_token = true + c2s_require_encryption = false {{ if $ENABLE_LOBBY }} diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index e56cf2d2..467d4222 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -43,7 +43,7 @@ modules_enabled = { -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards - + -- These are commented by default as they have a performance impact --"privacy"; -- Support privacy lists --"compression"; -- Stream compression (Debian: requires lua-zlib module to work) @@ -59,7 +59,7 @@ modules_enabled = { -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - + -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"http_files"; -- Serve static files from a directory over HTTP @@ -166,4 +166,9 @@ component_interface = { "*" } data_path = "/config/data" +smacks_max_unacked_stanzas = 5; +smacks_hibernation_time = 60; +smacks_max_hibernated_sessions = 1; +smacks_max_old_sessions = 1; + Include "conf.d/*.cfg.lua" diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index 9cf41dd5..8ff0fa90 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -1,3 +1,5 @@ +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }} + server_name _; client_max_body_size 0; @@ -50,6 +52,21 @@ location = /http-bind { proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; } +{{ if $ENABLE_XMPP_WEBSOCKET }} +# xmpp websockets +location = /xmpp-websocket { + proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket; + proxy_http_version 1.1; + + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + + proxy_set_header Host {{ .Env.XMPP_DOMAIN }}; + proxy_set_header X-Forwarded-For $remote_addr; + tcp_nodelay on; +} +{{ end }} + location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } diff --git a/web/rootfs/defaults/system-config.js b/web/rootfs/defaults/system-config.js index 2df42675..a0d16c51 100644 --- a/web/rootfs/defaults/system-config.js +++ b/web/rootfs/defaults/system-config.js @@ -1,10 +1,10 @@ -{{ $CONFIG_BOSH_HOST := .Env.CONFIG_BOSH_HOST | default "" -}} {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}} {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}} {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}} {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "false" | toBool -}} -{{ $ENABLE_WEBSOCKETS := .Env.ENABLE_WEBSOCKETS | default "false" | toBool -}} +{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "false" | toBool -}} {{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }} +{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}} {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}} {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}} @@ -36,15 +36,15 @@ config.hosts.anonymousdomain = '{{ .Env.XMPP_GUEST_DOMAIN }}'; config.hosts.authdomain = '{{ $XMPP_DOMAIN }}'; {{ end -}} -config.bosh = '{{ if $CONFIG_BOSH_HOST }}https://{{ $CONFIG_BOSH_HOST }}{{ end }}/http-bind'; -{{ if $ENABLE_WEBSOCKETS -}} -config.websocket = 'wss://{{ if $CONFIG_BOSH_HOST }}{{ $CONFIG_BOSH_HOST }}{{end}}/xmpp-websocket'; +config.bosh = '/http-bind'; +{{ if $ENABLE_XMPP_WEBSOCKET -}} +config.websocket = 'wss://{{ $PUBLIC_URL_DOMAIN }}/xmpp-websocket'; {{ end -}} {{ if $CONFIG_EXTERNAL_CONNECT -}} {{ if $ENABLE_SUBDOMAINS -}} -config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/http-pre-bind'; +config.externalConnectUrl = '/http-pre-bind'; {{ else -}} -config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/http-pre-bind'; +config.externalConnectUrl = '/http-pre-bind'; {{ end -}} {{ end -}}