haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Adds jaas choice when installing.

This commit is contained in:
damencho 2022-08-26 14:52:03 -05:00 committed by Дамян Минков
parent cf37ba8771
commit fce15b491d
10 changed files with 116 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config.js
View File

@ -22,6 +22,8 @@ if (subdomain.startsWith('<!--')) {
subdomain = ''; subdomain = '';
} }
var enableJaaS = false;
var config = { var config = {
// Connection // Connection
// //
@ -1287,11 +1289,6 @@ var config = {
// {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"} // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
// dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
// or the other way around (more info in resources/cloud-api.swagger) // or the other way around (more info in resources/cloud-api.swagger)
//
// For JaaS customers the default values are:
// dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
// dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
//
// List of undocumented settings used in jitsi-meet // List of undocumented settings used in jitsi-meet
/** /**
@ -1494,3 +1491,10 @@ var config = {
// Application logo url // Application logo url
// defaultLogoUrl: 'images/watermark.svg', // defaultLogoUrl: 'images/watermark.svg',
}; };
// Set the default values for JaaS customers
if (enableJaaS) {
config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
}

1
debian/jitsi-meet-prosody.install vendored
View File

@ -1,2 +1,3 @@
doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example /usr/share/jitsi-meet-prosody/ doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example /usr/share/jitsi-meet-prosody/
doc/debian/jitsi-meet-prosody/jaas.cfg.lua /usr/share/jitsi-meet-prosody/
resources/prosody-plugins/ /usr/share/jitsi-meet/ resources/prosody-plugins/ /usr/share/jitsi-meet/

37
debian/jitsi-meet-prosody.postinst vendored
View File

@ -83,6 +83,18 @@ case "$1" in
TURN_SECRET="$RET" TURN_SECRET="$RET"
fi fi
db_get jitsi-meet/jaas-choice
JAAS_INPUT="$RET"
# In the case of updating from an older version the configure of -prosody package may happen before the -config
# one, so if JAAS_INPUT is empty (the question is not asked), let's ask it now.
if [ -z "$JAAS_INPUT" ] ; then
db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
db_input critical jitsi-meet/jaas-choice || true
db_go
db_get jitsi-meet/jaas-choice
JAAS_INPUT="$RET"
fi
# and we're done with debconf # and we're done with debconf
db_stop db_stop
@ -141,7 +153,7 @@ case "$1" in
# New: # New:
# Component "focus.jitmeet.example.com" "client_proxy" # Component "focus.jitmeet.example.com" "client_proxy"
# target_address = "focus@auth.jitmeet.example.com" # target_address = "focus@auth.jitmeet.example.com"
if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep -q "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
PROSODY_CONFIG_PRESENT="false" PROSODY_CONFIG_PRESENT="false"
fi fi
@ -166,6 +178,29 @@ case "$1" in
PROSODY_CONFIG_PRESENT="false" PROSODY_CONFIG_PRESENT="false"
fi fi
JAAS_HOST_CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
if [ "${JAAS_INPUT}" = "true" ] && [ ! -f $JAAS_HOST_CONFIG ]; then
sed -i "s/enabled = false -- Jitsi meet components/enabled = true -- Jitsi meet components/g" $PROSODY_HOST_CONFIG
PROSODY_CONFIG_PRESENT="false"
fi
# For those deployments that don't have the config in the jitsi-meet prosody config add the new jaas file
if [ ! -f $JAAS_HOST_CONFIG ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
PROSODY_CONFIG_PRESENT="false"
cp /usr/share/jitsi-meet-prosody/jaas.cfg.lua $JAAS_HOST_CONFIG
sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $JAAS_HOST_CONFIG
fi
if [ "${JAAS_INPUT}" = "true" ]; then
JAAS_HOST_CONFIG_ENABLED="/etc/prosody/conf.d/jaas.cfg.lua "
if [ ! -f $JAAS_HOST_CONFIG_ENABLED ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
if [ -f $JAAS_HOST_CONFIG ]; then
ln -s $JAAS_HOST_CONFIG $JAAS_HOST_CONFIG_ENABLED
PROSODY_CONFIG_PRESENT="false"
fi
fi
fi
# Make sure the focus@auth user's roster includes the proxy component (this is idempotent) # Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN

2
debian/jitsi-meet-prosody.postrm vendored
View File

@ -35,6 +35,8 @@ case "$1" in
if [ -n "$RET" ]; then if [ -n "$RET" ]; then
rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua
rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
rm -f /etc/prosody/conf.avail/jaas.cfg.lua
rm -f /etc/prosody/conf.d/jaas.cfg.lua
JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME" JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
# clean up generated certificates # clean up generated certificates

8
debian/jitsi-meet-web-config.config vendored
View File

@ -1,8 +0,0 @@
#!/bin/sh -e
# Source debconf library.
. /usr/share/debconf/confmodule
# certificate type choice
db_input critical jitsi-meet/cert-choice || true
db_go

68
debian/jitsi-meet-web-config.postinst vendored
View File

@ -68,10 +68,18 @@ case "$1" in
FORCE_NGINX="false" FORCE_NGINX="false"
fi fi
db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
db_input critical jitsi-meet/jaas-choice || true
db_go
db_get jitsi-meet/jaas-choice
JAAS_INPUT="$RET"
UPLOADED_CERT_CHOICE="I want to use my own certificate" UPLOADED_CERT_CHOICE="I want to use my own certificate"
# if first time config ask for certs, or if we are reconfiguring # if first time config ask for certs, or if we are reconfiguring
if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then
RET="" RET=""
db_input critical jitsi-meet/cert-choice || true
db_go
db_get jitsi-meet/cert-choice db_get jitsi-meet/cert-choice
CERT_CHOICE="$RET" CERT_CHOICE="$RET"
@ -122,6 +130,22 @@ case "$1" in
sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $JITSI_MEET_CONFIG sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $JITSI_MEET_CONFIG
fi fi
if [ "${JAAS_INPUT}" = "true" ] && ! grep -q "^var enableJaaS = true;$" $JITSI_MEET_CONFIG; then
if grep -q "^var enableJaaS = false;$" $JITSI_MEET_CONFIG; then
sed -i "s/^var enableJaaS = false;$/var enableJaaS = true;/g" $JITSI_MEET_CONFIG
else
# old config, let's add the lines at the end. Adding var enableJaaS to avoid adding it on update again
echo "var enableJaaS = true;" >> $JITSI_MEET_CONFIG
echo "config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';" >> $JITSI_MEET_CONFIG
echo "config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';" >> $JITSI_MEET_CONFIG
# Sets roomPasswordNumberOfDigits only if there was not already set
if ! cat $JITSI_MEET_CONFIG | grep roomPasswordNumberOfDigits | grep -qv //; then
echo "config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)" >> $JITSI_MEET_CONFIG
fi
fi
fi
if [[ "$FORCE_NGINX" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then if [[ "$FORCE_NGINX" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
# this is a reconfigure, lets just delete old links # this is a reconfigure, lets just delete old links
@ -191,27 +215,29 @@ case "$1" in
echo "" echo ""
echo "----------------" echo "----------------"
echo "" if [ "${JAAS_INPUT}" != "true" ]; then
echo "" echo ""
echo " ;dOocd;" echo ""
echo " .dNMM0dKO." echo " ;dOocd;"
echo " lNMMMKd0K," echo " .dNMM0dKO."
echo " .xMMMMNxkNc" echo " lNMMMKd0K,"
echo " dMMMMMkxXc" echo " .xMMMMNxkNc"
echo " cNMMMNl.." echo " dMMMMMkxXc"
echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?" echo " cNMMMNl.."
echo " ;XMMMO'" echo " .kMMMX; Interested in adding telephony to your Jitsi meetings?"
echo " lNMMWO' Sign up on https://jaas.8x8.vc/#/components" echo " ;XMMMO'"
echo " lNMMM0, and follow the guide in the dev console." echo " lNMMWO' Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
echo " lXMMMK:." echo " lNMMM0, and follow the guide in the dev console."
echo " ;KMMMNKd. 'oo," echo " lXMMMK:."
echo " 'xNMMMMXkkkkOKOl'" echo " ;KMMMNKd. 'oo,"
echo " :0WMMMMMMNOkk0Kk," echo " 'xNMMMMXkkkkOKOl'"
echo " .cdOWMMMMMWXOkOl" echo " :0WMMMMMMNOkk0Kk,"
echo " .;dKWMMMMMXc." echo " .cdOWMMMMMWXOkOl"
echo " .,:cll:'" echo " .;dKWMMMMMXc."
echo "" echo " .,:cll:'"
echo "" echo ""
echo ""
fi
# and we're done with debconf # and we're done with debconf
db_stop db_stop

9
debian/jitsi-meet-web-config.templates vendored
View File

@ -5,6 +5,7 @@ _Description: SSL certificate for the Jitsi Meet instance
Jitsi Meet is best to be set up with an SSL certificate. Jitsi Meet is best to be set up with an SSL certificate.
Having no certificate, a self-signed one will be generated. Having no certificate, a self-signed one will be generated.
By choosing self-signed you will later have a chance to install Lets Encrypt certificates. By choosing self-signed you will later have a chance to install Lets Encrypt certificates.
In the case of using a self-signed certificate, only the web app will be available with some warnings, the mobile app will not connect.
Having a certificate signed by a recognised CA, it can be uploaded on the server Having a certificate signed by a recognised CA, it can be uploaded on the server
and point its location. The default filenames will be /etc/ssl/--domain.name--.key and point its location. The default filenames will be /etc/ssl/--domain.name--.key
for the key and /etc/ssl/--domain.name--.crt for the certificate. for the key and /etc/ssl/--domain.name--.crt for the certificate.
@ -30,3 +31,11 @@ Template: jitsi-videobridge/jvb-hostname
Type: string Type: string
_Description: Hostname: _Description: Hostname:
The Jitsi Meet web config package needs the DNS hostname of your instance. The Jitsi Meet web config package needs the DNS hostname of your instance.
Template: jitsi-meet/jaas-choice
Type: boolean
_Description: Interested in adding telephony to your Jitsi meetings?
You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
You need to:
- have a certificate signed by a recognised CA or Lets Encrypt on your deployment
- sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}

12
doc/debian/jitsi-meet-prosody/jaas.cfg.lua Normal file
View File

@ -0,0 +1,12 @@
-- Enables dial-in for Jitsi meet components customers
VirtualHost "jigasi.meet.jitsi"
modules_enabled = {
"ping";
"bosh";
"muc_password_check";
}
authentication = "token"
app_id = "jitsi";
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
asap_accepted_issuers = { "jaas-components" }
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }

16
doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example
View File

@ -140,19 +140,3 @@ Component "lobby.jitmeet.example.com" "muc"
"muc_rate_limit"; "muc_rate_limit";
"polls"; "polls";
} }
-- Enables dial-in for Jitsi meet components customers
-- Note: make sure you have the following packages installed: lua-basexx, liblua5.3-dev, libssl-dev, luarocks
-- and execute $ sudo luarocks install luajwtjitsi 3.0-0
VirtualHost "jigasi.meet.jitsi"
enabled = false -- Jitsi meet components customers remove this line
modules_enabled = {
"ping";
"bosh";
"muc_password_check";
}
authentication = "token"
app_id = "jitsi";
asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
asap_accepted_issuers = { "jaas-components" }
asap_accepted_audiences = { "jigasi.jitmeet.example.com" }

1
resources/install-letsencrypt-cert.sh
View File

@ -12,7 +12,6 @@ echo "This script will:"
echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})" echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin" echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
echo "- Install additional dependencies in order to request Lets Encrypt certificate" echo "- Install additional dependencies in order to request Lets Encrypt certificate"
echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
echo "- Configure and reload nginx or apache2, whichever is used" echo "- Configure and reload nginx or apache2, whichever is used"
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks" echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
echo "- Add command in weekly cron job to renew certificates regularly" echo "- Add command in weekly cron job to renew certificates regularly"