xmpp: make the auth XMPP domain configurable
This commit is contained in:
parent
916788fd1c
commit
80a2a13b5e
|
@ -27,6 +27,7 @@ services:
|
||||||
- ${CONFIG}/prosody:/config
|
- ${CONFIG}/prosody:/config
|
||||||
environment:
|
environment:
|
||||||
- XMPP_DOMAIN
|
- XMPP_DOMAIN
|
||||||
|
- XMPP_AUTH_DOMAIN
|
||||||
- JICOFO_COMPONENT_SECRET
|
- JICOFO_COMPONENT_SECRET
|
||||||
- JVB_COMPONENT_SECRET
|
- JVB_COMPONENT_SECRET
|
||||||
- JICOFO_AUTH_USER
|
- JICOFO_AUTH_USER
|
||||||
|
@ -44,6 +45,7 @@ services:
|
||||||
- ${CONFIG}/jicofo:/config
|
- ${CONFIG}/jicofo:/config
|
||||||
environment:
|
environment:
|
||||||
- XMPP_DOMAIN
|
- XMPP_DOMAIN
|
||||||
|
- XMPP_AUTH_DOMAIN
|
||||||
- XMPP_SERVER=xmpp.meet.jitsi
|
- XMPP_SERVER=xmpp.meet.jitsi
|
||||||
- JICOFO_COMPONENT_SECRET
|
- JICOFO_COMPONENT_SECRET
|
||||||
- JICOFO_AUTH_USER
|
- JICOFO_AUTH_USER
|
||||||
|
@ -63,6 +65,7 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- DOCKER_HOST_ADDRESS
|
- DOCKER_HOST_ADDRESS
|
||||||
- XMPP_DOMAIN
|
- XMPP_DOMAIN
|
||||||
|
- XMPP_AUTH_DOMAIN
|
||||||
- XMPP_SERVER=xmpp.meet.jitsi
|
- XMPP_SERVER=xmpp.meet.jitsi
|
||||||
- JVB_COMPONENT_SECRET
|
- JVB_COMPONENT_SECRET
|
||||||
- JVB_STUN_SERVERS
|
- JVB_STUN_SERVERS
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
CONFIG=~/tmp-cfg
|
CONFIG=~/tmp-cfg
|
||||||
TZ=Europe/Amsterdam
|
TZ=Europe/Amsterdam
|
||||||
XMPP_DOMAIN=meet.jitsi
|
XMPP_DOMAIN=meet.jitsi
|
||||||
|
XMPP_AUTH_DOMAIN=meet.jitsi
|
||||||
JVB_COMPONENT_SECRET=s3cr3t
|
JVB_COMPONENT_SECRET=s3cr3t
|
||||||
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
|
JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
|
||||||
JICOFO_COMPONENT_SECRET=s3cr37
|
JICOFO_COMPONENT_SECRET=s3cr37
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config"
|
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config"
|
||||||
DAEMON=/usr/share/jicofo/jicofo.sh
|
DAEMON=/usr/share/jicofo/jicofo.sh
|
||||||
DAEMON_DIR=/usr/share/jicofo/
|
DAEMON_DIR=/usr/share/jicofo/
|
||||||
DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain="auth.$XMPP_DOMAIN" --user_password=$JICOFO_AUTH_PASSWORD"
|
DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain="$XMPP_AUTH_DOMAIN" --user_password=$JICOFO_AUTH_PASSWORD"
|
||||||
|
|
||||||
exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
|
exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=${JICOFO_AUTH_USER}@auth.${XMPP_DOMAIN}/.*
|
org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=${JICOFO_AUTH_USER}@${XMPP_AUTH_DOMAIN}/.*
|
||||||
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
org.jitsi.videobridge.TCP_HARVESTER_PORT=4443
|
||||||
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=${JVB_STUN_SERVERS}
|
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=${JVB_STUN_SERVERS}
|
||||||
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=
|
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=
|
||||||
|
|
|
@ -4,6 +4,7 @@ if [[ ! -f /config/sip-communicator.properties ]]; then
|
||||||
cp /defaults/sip-communicator.properties /config
|
cp /defaults/sip-communicator.properties /config
|
||||||
sed -i \
|
sed -i \
|
||||||
-e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \
|
-e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \
|
||||||
|
-e "s,\${XMPP_AUTH_DOMAIN},$XMPP_AUTH_DOMAIN,g" \
|
||||||
-e "s,\${JICOFO_AUTH_USER},$JICOFO_AUTH_USER,g" \
|
-e "s,\${JICOFO_AUTH_USER},$JICOFO_AUTH_USER,g" \
|
||||||
-e "s#\${JVB_STUN_SERVERS}#$JVB_STUN_SERVERS#g" \
|
-e "s#\${JVB_STUN_SERVERS}#$JVB_STUN_SERVERS#g" \
|
||||||
/config/sip-communicator.properties
|
/config/sip-communicator.properties
|
||||||
|
|
|
@ -14,7 +14,7 @@ VirtualHost "${XMPP_DOMAIN}"
|
||||||
|
|
||||||
c2s_require_encryption = false
|
c2s_require_encryption = false
|
||||||
|
|
||||||
VirtualHost "auth.${XMPP_DOMAIN}"
|
VirtualHost "${XMPP_AUTH_DOMAIN}"
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/config/certs/auth.${XMPP_DOMAIN}.key";
|
key = "/config/certs/auth.${XMPP_DOMAIN}.key";
|
||||||
certificate = "/config/certs/auth.${XMPP_DOMAIN}.crt";
|
certificate = "/config/certs/auth.${XMPP_DOMAIN}.crt";
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
#!/usr/bin/with-contenv bash
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
AUTH_XMPP_DOMAIN="auth.$XMPP_DOMAIN"
|
|
||||||
PROSODY_CFG="/config/prosody.cfg.lua"
|
PROSODY_CFG="/config/prosody.cfg.lua"
|
||||||
|
|
||||||
if [[ ! -d /config/data ]]; then
|
if [[ ! -d /config/data ]]; then
|
||||||
|
@ -12,10 +11,11 @@ if [[ ! -f $PROSODY_CFG ]]; then
|
||||||
cp -r /defaults/* /config
|
cp -r /defaults/* /config
|
||||||
sed -i \
|
sed -i \
|
||||||
-e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \
|
-e "s,\${XMPP_DOMAIN},$XMPP_DOMAIN,g" \
|
||||||
|
-e "s,\${XMPP_AUTH_DOMAIN},$XMPP_AUTH_DOMAIN,g" \
|
||||||
-e "s,\${JICOFO_COMPONENT_SECRET},$JICOFO_COMPONENT_SECRET,g" \
|
-e "s,\${JICOFO_COMPONENT_SECRET},$JICOFO_COMPONENT_SECRET,g" \
|
||||||
-e "s,\${JVB_COMPONENT_SECRET},$JVB_COMPONENT_SECRET,g" \
|
-e "s,\${JVB_COMPONENT_SECRET},$JVB_COMPONENT_SECRET,g" \
|
||||||
/config/conf.d/jitsi-meet.cfg.lua
|
/config/conf.d/jitsi-meet.cfg.lua
|
||||||
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $AUTH_XMPP_DOMAIN $JICOFO_AUTH_PASSWORD
|
prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir /config/certs
|
mkdir /config/certs
|
||||||
|
@ -25,9 +25,9 @@ if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
|
||||||
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
|
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! -f /config/certs/$AUTH_XMPP_DOMAIN.crt ]]; then
|
if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then
|
||||||
# echo for using all default values
|
# echo for using all default values
|
||||||
echo | prosodyctl --config $PROSODY_CFG cert generate $AUTH_XMPP_DOMAIN
|
echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_AUTH_DOMAIN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# certs vill be created in /var/lib/prosody
|
# certs vill be created in /var/lib/prosody
|
||||||
|
|
Loading…
Reference in New Issue
Block a user