Merge pull request #122 from jitsi/token-parameter-additions
prosody: new variables for prosody
This commit is contained in:
commit
5408e9e383
|
@ -185,6 +185,10 @@ Variable | Description | Example
|
|||
`JWT_APP_SECRET` | Application secret known only to your token | my_jitsi_app_secret
|
||||
`JWT_ACCEPTED_ISSUERS` | (Optional) Set asap_accepted_issuers as a comma separated list | my_web_client,my_app_client
|
||||
`JWT_ACCEPTED_AUDIENCES` | (Optional) Set asap_accepted_audiences as a comma separated list | my_server1,my_server2
|
||||
`JWT_ASAP_KEYSERVER` | (Optional) Set asap_keyserver to a url where public keys can be found | https://example.com/asap
|
||||
`JWT_ALLOW_EMPTY` | (Optional) Allow anonymous users with no JWT while validating JWTs when provided | 0
|
||||
`JWT_AUTH_TYPE` | (Optional) Controls which module is used for processing incoming JWTs | token
|
||||
`JWT_TOKEN_AUTH_MODULE` | (Optional) Controls which module is used for validating JWTs | token_verification
|
||||
|
||||
This can be tested using the [jwt.io] debugger. Use the following samople payload:
|
||||
|
||||
|
@ -242,6 +246,8 @@ Variable | Description | Default value
|
|||
`XMPP_MODULES` | Custom Prosody modules for XMPP_DOMAIN (comma separated) | mod_info,mod_alert
|
||||
`XMPP_MUC_MODULES` | Custom Prosody modules for MUC component (comma separated) | mod_info,mod_alert
|
||||
`XMPP_INTERNAL_MUC_MODULES` | Custom Prosody modules for internal MUC component (comma separated) | mod_info,mod_alert
|
||||
`GLOBAL_MODULES` | Custom prosodule modules to load in global configuration (comma separated) | mod_statistics,mod_alert
|
||||
`GLOBAL_CONFIG` | Custom configuration string with escaped newlines | foo = bar;\nkey = val;
|
||||
`JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37
|
||||
`JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus
|
||||
`JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | passw0rd
|
||||
|
@ -267,6 +273,7 @@ Variable | Description | Default value
|
|||
`JIGASI_TRANSCRIBER_ADVERTISE_URL` | Jigasi post to the chat an url with transcription file | true
|
||||
`DISABLE_HTTPS` | Disable HTTPS, this can be useful if TLS connections are going to be handled outside of this setup | 1
|
||||
`ENABLE_HTTP_REDIRECT` | Redirects HTTP traffic to HTTPS | 1
|
||||
`LOG_LEVEL` | Controls which logs are output from prosody and associated modules | info
|
||||
|
||||
### Running behind NAT or on a LAN environment
|
||||
|
||||
|
|
|
@ -45,6 +45,8 @@ services:
|
|||
- AUTH_TYPE
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- GLOBAL_MODULES
|
||||
- GLOBAL_CONFIG
|
||||
- LDAP_URL
|
||||
- LDAP_BASE
|
||||
- LDAP_BINDDN
|
||||
|
@ -76,6 +78,11 @@ services:
|
|||
- JWT_APP_SECRET
|
||||
- JWT_ACCEPTED_ISSUERS
|
||||
- JWT_ACCEPTED_AUDIENCES
|
||||
- JWT_ASAP_KEYSERVER
|
||||
- JWT_ALLOW_EMPTY
|
||||
- JWT_AUTH_TYPE
|
||||
- JWT_TOKEN_AUTH_MODULE
|
||||
- LOG_LEVEL
|
||||
- TZ
|
||||
networks:
|
||||
meet.jitsi:
|
||||
|
|
|
@ -4,6 +4,10 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
|
|||
|
||||
{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }}
|
||||
{{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }}
|
||||
{{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }}
|
||||
{{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }}
|
||||
{{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }}
|
||||
{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
|
||||
|
||||
{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
|
||||
asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
|
||||
|
@ -16,11 +20,15 @@ asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AU
|
|||
VirtualHost "{{ .Env.XMPP_DOMAIN }}"
|
||||
{{ if $ENABLE_AUTH }}
|
||||
{{ if eq $AUTH_TYPE "jwt" }}
|
||||
authentication = "token"
|
||||
authentication = "{{ $JWT_AUTH_TYPE }}"
|
||||
app_id = "{{ .Env.JWT_APP_ID }}"
|
||||
app_secret = "{{ .Env.JWT_APP_SECRET }}"
|
||||
allow_empty_token = false
|
||||
{{ else if eq $AUTH_TYPE "ldap" }}
|
||||
allow_empty_token = {{ if $JWT_ALLOW_EMPTY }}true{{ else }}false{{ end }}
|
||||
{{ if $JWT_ASAP_KEYSERVER }}
|
||||
asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}"
|
||||
{{ end }}
|
||||
|
||||
{{ else if eq $AUTH_TYPE "ldap" }}
|
||||
authentication = "cyrus"
|
||||
cyrus_application_name = "xmpp"
|
||||
allow_unencrypted_plain_auth = true
|
||||
|
@ -78,7 +86,7 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
|
|||
"{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
|
||||
{{ end }}
|
||||
{{ if eq $AUTH_TYPE "jwt" }}
|
||||
"token_verification";
|
||||
"{{ $JWT_TOKEN_AUTH_MODULE }}";
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
|
||||
|
||||
-- Prosody Example Configuration File
|
||||
--
|
||||
-- Information on configuring Prosody can be found on our
|
||||
|
@ -70,6 +72,9 @@ modules_enabled = {
|
|||
--"watchregistrations"; -- Alert admins of registrations
|
||||
--"motd"; -- Send a message to users when they log in
|
||||
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
|
||||
{{ if .Env.GLOBAL_MODULES }}
|
||||
"{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
|
||||
{{ end }}
|
||||
};
|
||||
|
||||
https_ports = { }
|
||||
|
@ -143,9 +148,13 @@ authentication = "internal_plain"
|
|||
-- Logs info and higher to /var/log
|
||||
-- Logs errors to syslog also
|
||||
log = {
|
||||
{ levels = {min = "info"}, to = "console"};
|
||||
{ levels = {min = "{{ $LOG_LEVEL }}"}, to = "console"};
|
||||
}
|
||||
|
||||
{{ if .Env.GLOBAL_CONFIG }}
|
||||
{{ join "\n" (splitList "\\n" .Env.GLOBAL_CONFIG) }}
|
||||
{{ end }}
|
||||
|
||||
component_interface = { "*" }
|
||||
|
||||
data_path = "/config/data"
|
||||
|
|
|
@ -31,6 +31,7 @@ fi
|
|||
|
||||
if [[ ! -f $PROSODY_CFG ]]; then
|
||||
cp -r /defaults/* /config
|
||||
tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
|
||||
tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
|
||||
|
||||
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
|
||||
|
|
Loading…
Reference in New Issue