haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Enable bridge websockets by default for new installs (#7781) 

* feat: Drops multiplexing support by default.

* fix: Fix purge of jitsi-meet-prosody.

Clean the accounts when there is a - in the domain name.
Removes the certificate so reinstall will not cause problems.

* feat: Enables bridge websockets by default.

* fix: External-ip conflicts with denied-peer-ip.

In cases where the bridge and coturn are on the same machine and the local address is any of the networks from denied-peer-ip, coturn is not using its public address to probe it and communication fails as the other address is deneid.

* squash: Fix a comment.
This commit is contained in:
Дамян Минков 2020-09-25 13:15:58 -05:00 committed by GitHub
parent 11ae187ece
commit 93f4098dc0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 25 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config.js
View File

@ -337,6 +337,7 @@ var config = {
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't // 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel). // open any channel).
// openBridgeChannel: true, // openBridgeChannel: true,
openBridgeChannel: 'websocket',
// UI // UI

8
debian/jitsi-meet-prosody.postrm vendored
View File

@ -45,8 +45,12 @@ case "$1" in
rm -rf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.* rm -rf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.*
rm -rf /var/lib/prosody/$JVB_HOSTNAME.* rm -rf /var/lib/prosody/$JVB_HOSTNAME.*
# clean created users # clean created users, replace '.' with '%2e', replace '-' with '%2d'
rm -rf /var/lib/prosody/`echo $JICOFO_AUTH_DOMAIN | sed -e "s/\./%2e/g"` rm -rf /var/lib/prosody/`echo $JICOFO_AUTH_DOMAIN | sed -e "s/\./%2e/g"| sed -e "s/-/%2d/g"`
# clean the prosody cert from the trust store
rm -rf /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.*
update-ca-certificates -f
fi fi
# Clear the debconf variable # Clear the debconf variable

1
debian/jitsi-meet-turnserver.install vendored
View File

@ -1,3 +1,2 @@
doc/debian/jitsi-meet-turn/turnserver.conf /usr/share/jitsi-meet-turnserver/ doc/debian/jitsi-meet-turn/turnserver.conf /usr/share/jitsi-meet-turnserver/
doc/debian/jitsi-meet/jitsi-meet.conf /usr/share/jitsi-meet-turnserver/
doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/ doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh /usr/share/jitsi-meet-turnserver/

50
debian/jitsi-meet-turnserver.postinst vendored
View File

@ -36,26 +36,6 @@ case "$1" in
NGINX_CONFIG="/etc/nginx/sites-available/$JVB_HOSTNAME.conf" NGINX_CONFIG="/etc/nginx/sites-available/$JVB_HOSTNAME.conf"
JITSI_MEET_CONFIG="/etc/jitsi/meet/$JVB_HOSTNAME-config.js" JITSI_MEET_CONFIG="/etc/jitsi/meet/$JVB_HOSTNAME-config.js"
NGINX_SITES_ENABLED="/etc/nginx/sites-enabled/"
NGINX_CONFIG_ENABLED="${NGINX_SITES_ENABLED}${JVB_HOSTNAME}.conf"
NGINX_MULTIPLEXING="true"
for site in ${NGINX_SITES_ENABLED}*; do
# if it is not a file continue
[ -f "${site}" ] || continue
# if it is our config skip
[ "${site}" != "${NGINX_CONFIG_ENABLED}" ] || continue
# check whether other enabled hosts has listen 443
if cat ${site} | grep -v "^[[:space:]]*#" | grep listen | grep -q "^.*[[:space:]:]443[;[:space:]].*" ; then
# nothing to do
echo "------------------------------------------------"
echo ""
echo "turnserver is listening on tcp 5349 as other nginx sites use port 443"
echo ""
echo "------------------------------------------------"
NGINX_MULTIPLEXING="false"
fi
done
# if there was a turn config backup it so we can configure # if there was a turn config backup it so we can configure
# we cannot recognize at the moment is this a user config or default config when installing coturn # we cannot recognize at the moment is this a user config or default config when installing coturn
if [[ -f $TURN_CONFIG ]] && ! grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then if [[ -f $TURN_CONFIG ]] && ! grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
@ -133,19 +113,9 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG
TURN_SECRET="$RET" TURN_SECRET="$RET"
# no turn config exists, lt's copy template and fill it in # no turn config exists, lt's copy template and fill it in
PUBLIC_IP=$(dig -4 +short myip.opendns.com a @resolver1.opendns.com) || true
if [ -z "$PUBLIC_IP" ] ; then
PUBLIC_IP="127.0.0.1"
echo "------------------------------------------------"
echo "Warning! Could not resolve your external ip address! Error:^"
echo "Your turn server will not work till you edit your $TURN_CONFIG config file."
echo "You need to set your external ip address in external-ip and restart coturn service."
echo "------------------------------------------------"
fi
cp /usr/share/jitsi-meet-turnserver/turnserver.conf $TURN_CONFIG cp /usr/share/jitsi-meet-turnserver/turnserver.conf $TURN_CONFIG
sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $TURN_CONFIG sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $TURN_CONFIG
sed -i "s/__turnSecret__/$TURN_SECRET/g" $TURN_CONFIG sed -i "s/__turnSecret__/$TURN_SECRET/g" $TURN_CONFIG
sed -i "s/__external_ip_address__/$PUBLIC_IP/g" $TURN_CONFIG
# SSL for nginx # SSL for nginx
db_get jitsi-meet/cert-choice db_get jitsi-meet/cert-choice
@ -170,18 +140,14 @@ denied-peer-ip=240.0.0.0-255.255.255.255" >> $TURN_CONFIG
invoke-rc.d coturn restart || true invoke-rc.d coturn restart || true
NGINX_STREAM_CONFIG="/etc/nginx/modules-enabled/60-jitsi-meet.conf" NGINX_STREAM_CONFIG="/etc/nginx/modules-enabled/60-jitsi-meet.conf"
if [ $NGINX_MULTIPLEXING = "true" ] && [ ! -f $NGINX_STREAM_CONFIG ] && [ -f $NGINX_CONFIG ] ; then if [ -f $NGINX_STREAM_CONFIG ] ; then
ln -s /usr/share/jitsi-meet-turnserver/jitsi-meet.conf $NGINX_STREAM_CONFIG echo "------------------------------------------------"
sed -i "s/listen 443 ssl/listen 4444 ssl http2/g" $NGINX_CONFIG echo ""
sed -i "s/listen \[\:\:\]\:443 ssl/listen \[\:\:\]\:4444 ssl http2/g" $NGINX_CONFIG echo "You have multiplexing enabled, it is recommended to disable it and migrate to using websockets for the bridge channel."
invoke-rc.d nginx reload || true echo "The support for sctp data channels is deprecated and will be dropped at some point."
else echo "How to do it at: https://jitsi.org/multiplexing-to-bridge-ws-howto"
PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua" echo ""
if [ -f $PROSODY_HOST_CONFIG ] ; then echo "------------------------------------------------"
# If we are not multiplexing we need to change the port in prosody config
sed -i 's/"443"/"5349"/g' $PROSODY_HOST_CONFIG
invoke-rc.d prosody restart || true
fi
fi fi
# Enable turn server in config.js # Enable turn server in config.js

2
debian/jitsi-meet-turnserver.postrm vendored
View File

@ -24,7 +24,6 @@ set -e
case "$1" in case "$1" in
remove) remove)
rm -rf /etc/nginx/modules-enabled/60-jitsi-meet.conf
if [ -x "/etc/init.d/nginx" ]; then if [ -x "/etc/init.d/nginx" ]; then
invoke-rc.d nginx reload || true invoke-rc.d nginx reload || true
fi fi
@ -33,7 +32,6 @@ case "$1" in
fi fi
;; ;;
purge) purge)
rm -rf /etc/nginx/modules-enabled/60-jitsi-meet.conf
rm -rf /etc/turnserver.conf rm -rf /etc/turnserver.conf
if [ -x "/etc/init.d/nginx" ]; then if [ -x "/etc/init.d/nginx" ]; then
invoke-rc.d nginx reload || true invoke-rc.d nginx reload || true

2
doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
View File

@ -8,7 +8,7 @@ turncredentials_secret = "__turnSecret__";
turncredentials = { turncredentials = {
{ type = "stun", host = "jitmeet.example.com", port = "3478" }, { type = "stun", host = "jitmeet.example.com", port = "3478" },
{ type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" }, { type = "turn", host = "jitmeet.example.com", port = "3478", transport = "udp" },
{ type = "turns", host = "jitmeet.example.com", port = "443", transport = "tcp" } { type = "turns", host = "jitmeet.example.com", port = "5349", transport = "tcp" }
}; };
cross_domain_bosh = false; cross_domain_bosh = false;

1
doc/debian/jitsi-meet-turn/turnserver.conf
View File

@ -12,7 +12,6 @@ no-tcp-relay
no-tcp no-tcp
listening-port=3478 listening-port=3478
tls-listening-port=5349 tls-listening-port=5349
external-ip=__external_ip_address__
no-tlsv1 no-tlsv1
no-tlsv1_1 no-tlsv1_1
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4 # https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4

30
doc/debian/jitsi-meet/jitsi-meet.conf
View File

@ -1,30 +0,0 @@
# this is jitsi-meet nginx module configuration
# this forward all http traffic to the nginx virtual host port
# and the rest to the turn server
stream {
upstream web {
server 127.0.0.1:4444;
}
upstream turn {
server 127.0.0.1:5349;
}
# since 1.13.10
map $ssl_preread_alpn_protocols $upstream {
~\bh2\b web;
~\bhttp/1\. web;
default turn;
}
server {
listen 443;
listen [::]:443;
# since 1.11.5
ssl_preread on;
proxy_pass $upstream;
# Increase buffer to serve video
proxy_buffer_size 10m;
}
}

9
doc/debian/jitsi-meet/jitsi-meet.example
View File

@ -87,6 +87,15 @@ server {
tcp_nodelay on; tcp_nodelay on;
} }
# colibri (JVB) websockets for jvb1
location ~ ^/colibri-ws/default-id/(.*) {
proxy_pass http://127.0.0.1:9090/colibri-ws/default-id/$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ { location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path; try_files $uri @root_path;
} }