feat: Adds jaas choice when installing.
This commit is contained in:
damencho
Дамян Минков
parent
cf37ba8771
commit
fce15b491d
14
config.js
14
config.js
|
|
@ -22,6 +22,8 @@ if (subdomain.startsWith('<!--')) {
|
|||
subdomain = '';
|
||||
}
|
||||
|
||||
var enableJaaS = false;
|
||||
|
||||
var config = {
|
||||
// Connection
|
||||
//
|
||||
|
|
@ -1287,11 +1289,6 @@ var config = {
|
|||
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
|
||||
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
|
||||
// or the other way around (more info in resources/cloud-api.swagger)
|
||||
//
|
||||
// For JaaS customers the default values are:
|
||||
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
|
||||
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
|
||||
//
|
||||
|
||||
// List of undocumented settings used in jitsi-meet
|
||||
/**
|
||||
|
|
@ -1494,3 +1491,10 @@ var config = {
|
|||
// Application logo url
|
||||
// defaultLogoUrl: 'images/watermark.svg',
|
||||
};
|
||||
|
||||
// Set the default values for JaaS customers
|
||||
if (enableJaaS) {
|
||||
config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
|
||||
config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
|
||||
config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example /usr/share/jitsi-meet-prosody/
|
||||
doc/debian/jitsi-meet-prosody/jaas.cfg.lua /usr/share/jitsi-meet-prosody/
|
||||
resources/prosody-plugins/ /usr/share/jitsi-meet/
|
||||
|
|
|
|||
|
|
@ -83,6 +83,18 @@ case "$1" in
|
|||
TURN_SECRET="$RET"
|
||||
fi
|
||||
|
||||
db_get jitsi-meet/jaas-choice
|
||||
JAAS_INPUT="$RET"
|
||||
# In the case of updating from an older version the configure of -prosody package may happen before the -config
|
||||
# one, so if JAAS_INPUT is empty (the question is not asked), let's ask it now.
|
||||
if [ -z "$JAAS_INPUT" ] ; then
|
||||
db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
|
||||
db_input critical jitsi-meet/jaas-choice || true
|
||||
db_go
|
||||
db_get jitsi-meet/jaas-choice
|
||||
JAAS_INPUT="$RET"
|
||||
fi
|
||||
|
||||
# and we're done with debconf
|
||||
db_stop
|
||||
|
||||
|
|
@ -141,7 +153,7 @@ case "$1" in
|
|||
# New:
|
||||
# Component "focus.jitmeet.example.com" "client_proxy"
|
||||
# target_address = "focus@auth.jitmeet.example.com"
|
||||
if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
|
||||
if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep -q "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
|
||||
sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
|
||||
PROSODY_CONFIG_PRESENT="false"
|
||||
fi
|
||||
|
|
@ -166,6 +178,29 @@ case "$1" in
|
|||
PROSODY_CONFIG_PRESENT="false"
|
||||
fi
|
||||
|
||||
JAAS_HOST_CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
|
||||
if [ "${JAAS_INPUT}" = "true" ] && [ ! -f $JAAS_HOST_CONFIG ]; then
|
||||
sed -i "s/enabled = false -- Jitsi meet components/enabled = true -- Jitsi meet components/g" $PROSODY_HOST_CONFIG
|
||||
PROSODY_CONFIG_PRESENT="false"
|
||||
fi
|
||||
|
||||
# For those deployments that don't have the config in the jitsi-meet prosody config add the new jaas file
|
||||
if [ ! -f $JAAS_HOST_CONFIG ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
|
||||
PROSODY_CONFIG_PRESENT="false"
|
||||
cp /usr/share/jitsi-meet-prosody/jaas.cfg.lua $JAAS_HOST_CONFIG
|
||||
sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $JAAS_HOST_CONFIG
|
||||
fi
|
||||
|
||||
if [ "${JAAS_INPUT}" = "true" ]; then
|
||||
JAAS_HOST_CONFIG_ENABLED="/etc/prosody/conf.d/jaas.cfg.lua "
|
||||
if [ ! -f $JAAS_HOST_CONFIG_ENABLED ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
|
||||
if [ -f $JAAS_HOST_CONFIG ]; then
|
||||
ln -s $JAAS_HOST_CONFIG $JAAS_HOST_CONFIG_ENABLED
|
||||
PROSODY_CONFIG_PRESENT="false"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
|
||||
prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@ case "$1" in
|
|||
if [ -n "$RET" ]; then
|
||||
rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua
|
||||
rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
|
||||
rm -f /etc/prosody/conf.avail/jaas.cfg.lua
|
||||
rm -f /etc/prosody/conf.d/jaas.cfg.lua
|
||||
|
||||
JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
|
||||
# clean up generated certificates
|
||||
|
|
|
|||
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Source debconf library.
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
# certificate type choice
|
||||
db_input critical jitsi-meet/cert-choice || true
|
||||
db_go
|
||||
|
|
@ -68,10 +68,18 @@ case "$1" in
|
|||
FORCE_NGINX="false"
|
||||
fi
|
||||
|
||||
db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
|
||||
db_input critical jitsi-meet/jaas-choice || true
|
||||
db_go
|
||||
db_get jitsi-meet/jaas-choice
|
||||
JAAS_INPUT="$RET"
|
||||
|
||||
UPLOADED_CERT_CHOICE="I want to use my own certificate"
|
||||
# if first time config ask for certs, or if we are reconfiguring
|
||||
if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then
|
||||
RET=""
|
||||
db_input critical jitsi-meet/cert-choice || true
|
||||
db_go
|
||||
db_get jitsi-meet/cert-choice
|
||||
CERT_CHOICE="$RET"
|
||||
|
||||
|
|
@ -122,6 +130,22 @@ case "$1" in
|
|||
sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $JITSI_MEET_CONFIG
|
||||
fi
|
||||
|
||||
if [ "${JAAS_INPUT}" = "true" ] && ! grep -q "^var enableJaaS = true;$" $JITSI_MEET_CONFIG; then
|
||||
if grep -q "^var enableJaaS = false;$" $JITSI_MEET_CONFIG; then
|
||||
sed -i "s/^var enableJaaS = false;$/var enableJaaS = true;/g" $JITSI_MEET_CONFIG
|
||||
else
|
||||
# old config, let's add the lines at the end. Adding var enableJaaS to avoid adding it on update again
|
||||
echo "var enableJaaS = true;" >> $JITSI_MEET_CONFIG
|
||||
echo "config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';" >> $JITSI_MEET_CONFIG
|
||||
echo "config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';" >> $JITSI_MEET_CONFIG
|
||||
|
||||
# Sets roomPasswordNumberOfDigits only if there was not already set
|
||||
if ! cat $JITSI_MEET_CONFIG | grep roomPasswordNumberOfDigits | grep -qv //; then
|
||||
echo "config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)" >> $JITSI_MEET_CONFIG
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$FORCE_NGINX" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
|
||||
|
||||
# this is a reconfigure, lets just delete old links
|
||||
|
|
@ -191,27 +215,29 @@ case "$1" in
|
|||
echo ""
|
||||
echo "----------------"
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo " ;dOocd;"
|
||||
echo " .dNMM0dKO."
|
||||
echo " lNMMMKd0K,"
|
||||
echo " .xMMMMNxkNc"
|
||||
echo " dMMMMMkxXc"
|
||||
echo " cNMMMNl.."
|
||||
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
|
||||
echo " ;XMMMO'"
|
||||
echo " lNMMWO' Sign up on https://jaas.8x8.vc/#/components"
|
||||
echo " lNMMM0, and follow the guide in the dev console."
|
||||
echo " lXMMMK:."
|
||||
echo " ;KMMMNKd. 'oo,"
|
||||
echo " 'xNMMMMXkkkkOKOl'"
|
||||
echo " :0WMMMMMMNOkk0Kk,"
|
||||
echo " .cdOWMMMMMWXOkOl"
|
||||
echo " .;dKWMMMMMXc."
|
||||
echo " .,:cll:'"
|
||||
echo ""
|
||||
echo ""
|
||||
if [ "${JAAS_INPUT}" != "true" ]; then
|
||||
echo ""
|
||||
echo ""
|
||||
echo " ;dOocd;"
|
||||
echo " .dNMM0dKO."
|
||||
echo " lNMMMKd0K,"
|
||||
echo " .xMMMMNxkNc"
|
||||
echo " dMMMMMkxXc"
|
||||
echo " cNMMMNl.."
|
||||
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
|
||||
echo " ;XMMMO'"
|
||||
echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
|
||||
echo " lNMMM0, and follow the guide in the dev console."
|
||||
echo " lXMMMK:."
|
||||
echo " ;KMMMNKd. 'oo,"
|
||||
echo " 'xNMMMMXkkkkOKOl'"
|
||||
echo " :0WMMMMMMNOkk0Kk,"
|
||||
echo " .cdOWMMMMMWXOkOl"
|
||||
echo " .;dKWMMMMMXc."
|
||||
echo " .,:cll:'"
|
||||
echo ""
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# and we're done with debconf
|
||||
db_stop
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ _Description: SSL certificate for the Jitsi Meet instance
|
|||
Jitsi Meet is best to be set up with an SSL certificate.
|
||||
Having no certificate, a self-signed one will be generated.
|
||||
By choosing self-signed you will later have a chance to install Let’s Encrypt certificates.
|
||||
In the case of using a self-signed certificate, only the web app will be available with some warnings, the mobile app will not connect.
|
||||
Having a certificate signed by a recognised CA, it can be uploaded on the server
|
||||
and point its location. The default filenames will be /etc/ssl/--domain.name--.key
|
||||
for the key and /etc/ssl/--domain.name--.crt for the certificate.
|
||||
|
|
@ -30,3 +31,11 @@ Template: jitsi-videobridge/jvb-hostname
|
|||
Type: string
|
||||
_Description: Hostname:
|
||||
The Jitsi Meet web config package needs the DNS hostname of your instance.
|
||||
|
||||
Template: jitsi-meet/jaas-choice
|
||||
Type: boolean
|
||||
_Description: Interested in adding telephony to your Jitsi meetings?
|
||||
You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
|
||||
You need to:
|
||||
- have a certificate signed by a recognised CA or Let’s Encrypt on your deployment
|
||||
- sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
-- Enables dial-in for Jitsi meet components customers
|
||||
VirtualHost "jigasi.meet.jitsi"
|
||||
modules_enabled = {
|
||||
"ping";
|
||||
"bosh";
|
||||
"muc_password_check";
|
||||
}
|
||||
authentication = "token"
|
||||
app_id = "jitsi";
|
||||
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
||||
asap_accepted_issuers = { "jaas-components" }
|
||||
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
||||
|
|
@ -140,19 +140,3 @@ Component "lobby.jitmeet.example.com" "muc"
|
|||
"muc_rate_limit";
|
||||
"polls";
|
||||
}
|
||||
|
||||
-- Enables dial-in for Jitsi meet components customers
|
||||
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
|
||||
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
|
||||
VirtualHost "jigasi.meet.jitsi"
|
||||
enabled = false -- Jitsi meet components customers remove this line
|
||||
modules_enabled = {
|
||||
"ping";
|
||||
"bosh";
|
||||
"muc_password_check";
|
||||
}
|
||||
authentication = "token"
|
||||
app_id = "jitsi";
|
||||
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
|
||||
asap_accepted_issuers = { "jaas-components" }
|
||||
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ echo "This script will:"
|
|||
echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
|
||||
echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
|
||||
echo "- Install additional dependencies in order to request Let’s Encrypt certificate"
|
||||
echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
|
||||
echo "- Configure and reload nginx or apache2, whichever is used"
|
||||
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
|
||||
echo "- Add command in weekly cron job to renew certificates regularly"
|
||||
|
|
|
|||
Loading…
Reference in New Issue