From 80a2a13b5e741e0f3f10b7d46fd171d318c6447d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= Date: Wed, 28 Mar 2018 08:42:09 +0200 Subject: [PATCH] xmpp: make the auth XMPP domain configurable --- docker-compose.yml | 3 +++ env.example | 1 + jicofo/rootfs/etc/services.d/jicofo/run | 2 +- jvb/rootfs/defaults/sip-communicator.properties | 2 +- jvb/rootfs/etc/cont-init.d/10-config | 1 + prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua | 2 +- prosody/rootfs/etc/cont-init.d/10-config | 8 ++++---- 7 files changed, 12 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3577395..a555a57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,6 +27,7 @@ services: - ${CONFIG}/prosody:/config environment: - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN - JICOFO_COMPONENT_SECRET - JVB_COMPONENT_SECRET - JICOFO_AUTH_USER @@ -44,6 +45,7 @@ services: - ${CONFIG}/jicofo:/config environment: - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN - XMPP_SERVER=xmpp.meet.jitsi - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER @@ -63,6 +65,7 @@ services: environment: - DOCKER_HOST_ADDRESS - XMPP_DOMAIN + - XMPP_AUTH_DOMAIN - XMPP_SERVER=xmpp.meet.jitsi - JVB_COMPONENT_SECRET - JVB_STUN_SERVERS diff --git a/env.example b/env.example index 7fbcc6b..e4793e7 100644 --- a/env.example +++ b/env.example @@ -1,6 +1,7 @@ CONFIG=~/tmp-cfg TZ=Europe/Amsterdam XMPP_DOMAIN=meet.jitsi +XMPP_AUTH_DOMAIN=meet.jitsi JVB_COMPONENT_SECRET=s3cr3t JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 JICOFO_COMPONENT_SECRET=s3cr37 diff --git a/jicofo/rootfs/etc/services.d/jicofo/run b/jicofo/rootfs/etc/services.d/jicofo/run index 0d3700d..4934019 100644 --- a/jicofo/rootfs/etc/services.d/jicofo/run +++ b/jicofo/rootfs/etc/services.d/jicofo/run @@ -3,7 +3,7 @@ JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config" DAEMON=/usr/share/jicofo/jicofo.sh DAEMON_DIR=/usr/share/jicofo/ -DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain="auth.$XMPP_DOMAIN" --user_password=$JICOFO_AUTH_PASSWORD" +DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain="$XMPP_AUTH_DOMAIN" --user_password=$JICOFO_AUTH_PASSWORD" exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS" diff --git a/jvb/rootfs/defaults/sip-communicator.properties b/jvb/rootfs/defaults/sip-communicator.properties index 23c6e67..ac231b1 100644 --- a/jvb/rootfs/defaults/sip-communicator.properties +++ b/jvb/rootfs/defaults/sip-communicator.properties @@ -1,4 +1,4 @@ -org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=${JICOFO_AUTH_USER}@auth.${XMPP_DOMAIN}/.* +org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=${JICOFO_AUTH_USER}@${XMPP_AUTH_DOMAIN}/.* org.jitsi.videobridge.TCP_HARVESTER_PORT=4443 org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=${JVB_STUN_SERVERS} org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS= diff --git a/jvb/rootfs/etc/cont-init.d/10-config b/jvb/rootfs/etc/cont-init.d/10-config index ce1339d..a4fe547 100644 --- a/jvb/rootfs/etc/cont-init.d/10-config +++ b/jvb/rootfs/etc/cont-init.d/10-config @@ -4,6 +4,7 @@ if [[ ! -f /config/sip-communicator.properties ]]; then cp /defaults/sip-communicator.properties /config sed -i \ -e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \ + -e "s,\${XMPP_AUTH_DOMAIN},$XMPP_AUTH_DOMAIN,g" \ -e "s,\${JICOFO_AUTH_USER},$JICOFO_AUTH_USER,g" \ -e "s#\${JVB_STUN_SERVERS}#$JVB_STUN_SERVERS#g" \ /config/sip-communicator.properties diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index ccb7e34..3d45e18 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -14,7 +14,7 @@ VirtualHost "${XMPP_DOMAIN}" c2s_require_encryption = false -VirtualHost "auth.${XMPP_DOMAIN}" +VirtualHost "${XMPP_AUTH_DOMAIN}" ssl = { key = "/config/certs/auth.${XMPP_DOMAIN}.key"; certificate = "/config/certs/auth.${XMPP_DOMAIN}.crt"; diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index fd6cfc0..bdcb627 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -1,6 +1,5 @@ #!/usr/bin/with-contenv bash -AUTH_XMPP_DOMAIN="auth.$XMPP_DOMAIN" PROSODY_CFG="/config/prosody.cfg.lua" if [[ ! -d /config/data ]]; then @@ -12,10 +11,11 @@ if [[ ! -f $PROSODY_CFG ]]; then cp -r /defaults/* /config sed -i \ -e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \ + -e "s,\${XMPP_AUTH_DOMAIN},$XMPP_AUTH_DOMAIN,g" \ -e "s,\${JICOFO_COMPONENT_SECRET},$JICOFO_COMPONENT_SECRET,g" \ -e "s,\${JVB_COMPONENT_SECRET},$JVB_COMPONENT_SECRET,g" \ /config/conf.d/jitsi-meet.cfg.lua - prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $AUTH_XMPP_DOMAIN $JICOFO_AUTH_PASSWORD + prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD fi mkdir /config/certs @@ -25,9 +25,9 @@ if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN fi -if [[ ! -f /config/certs/$AUTH_XMPP_DOMAIN.crt ]]; then +if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then # echo for using all default values - echo | prosodyctl --config $PROSODY_CFG cert generate $AUTH_XMPP_DOMAIN + echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_AUTH_DOMAIN fi # certs vill be created in /var/lib/prosody