diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml index 3dbad53e97..769ac16756 100644 --- a/.github/workflows/unstable.yml +++ b/.github/workflows/unstable.yml @@ -27,7 +27,7 @@ jobs: - name: Prosody repo uses: myci-actions/add-deb-repo@11 with: - repo: deb https://packages.prosody.im/debian bullseye main + repo: deb https://packages.prosody.im/debian bookworm main repo-name: prosody keys-asc: https://prosody.im/files/prosody-debian-packages.key - name: Jitsi repo diff --git a/CHANGELOG.md b/CHANGELOG.md index 6926237034..2b2afb2844 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,35 @@ +## stable-9457-2 + +Based on stable release 9457-2. + +* fed87fb web: update acme.sh version to 3.0.7 +* 11285cd prosody: Fixed the wrong position of the JWT_SIGN_TYPE setting in the file (#1796) +* f9ff2a4 misc: working on unstable + +## stable-9457-1 + +Based on stable release 9457-1. + +* 09bbfaf misc: working on unstable + +## stable-9457 + +Based on stable release 9457. + +* 6f98bbe prosody: add ability to customize TURN TTL value +* 8fe3139 jvb: fix autoscaler sidecar config (#1785) +* 48d803c jigasi: fix autoscaler sidecar config for shutdown url (#1784) +* c951116 jibri: fix autoscaler sidecar config (#1783) +* cae1e40 feat(jigasi): Adds trusted domains option. +* e939230 prosody: add ability to customize JWT signature type +* b0f9eb2 prosody: integrate prosody-plugins-contrib +* 604ba22 prosody: Switches lua gc back to incremental. (#1777) +* 68d4b1a jibri: fix xorg modeline for 1280x720 (#1778) +* 8094a17 web: add ability to change CORS header value +* 03b6ca2 web: remove no longer needed mime type definition +* 70ba4cb base: update to Debian Bookworm +* dc5cbae misc: working on unstable + ## stable-9364-1 Based on stable release 9364-1. diff --git a/Makefile b/Makefile index 2bb18425da..cc05716b06 100644 --- a/Makefile +++ b/Makefile @@ -57,7 +57,6 @@ clean: docker network prune prepare: - docker pull debian:bullseye-slim FORCE_REBUILD=1 $(MAKE) .PHONY: all build tag push clean prepare release $(addprefix build_,$(JITSI_SERVICES)) diff --git a/base/Dockerfile b/base/Dockerfile index 847bfe7d2f..463bd21a6d 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/debian:bullseye-slim +FROM docker.io/library/debian:bookworm-slim ARG JITSI_RELEASE=stable ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 @@ -15,10 +15,17 @@ RUN \ apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg wget && \ wget -qO /usr/bin/tpl https://github.com/jitsi/tpl/releases/download/v1.1.1/tpl-linux-${TPL_ARCH} && \ - wget -qO - https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-${S6_ARCH}.tar.gz | tar xfz - -C / && \ + # Workaround S6 bug when /bin is a symlink + wget -qO /tmp/s6.tar.gz https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-${S6_ARCH}.tar.gz && \ + mkdir /tmp/s6 && \ + tar xfz /tmp/s6.tar.gz -C /tmp/s6 && \ + tar hxfz /tmp/s6.tar.gz -C / && \ + rm -f /usr/bin/execlineb && \ + cp /tmp/s6/bin/execlineb /usr/bin/ && \ + rm -rf /tmp/s6* && \ wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmour > /etc/apt/trusted.gpg.d/jitsi.gpg && \ echo "deb https://download.jitsi.org $JITSI_RELEASE/" > /etc/apt/sources.list.d/jitsi.list && \ - echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list && \ + echo "deb http://ftp.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list && \ apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get dist-upgrade -y && \ apt-cleanup && \ diff --git a/docker-compose.yml b/docker-compose.yml index ffa960ce23..ba2f00ba12 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.5' services: # Frontend web: - image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/web:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${HTTP_PORT}:80' @@ -25,6 +25,7 @@ services: - COLIBRI_WEBSOCKET_JVB_LOOKUP_NAME - COLIBRI_WEBSOCKET_REGEX - CONFCODE_URL + - CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN - DEFAULT_LANGUAGE - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE @@ -179,7 +180,7 @@ services: # XMPP server prosody: - image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/prosody:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} expose: - '${XMPP_PORT:-5222}' @@ -231,6 +232,7 @@ services: - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE - JWT_ENABLE_DOMAIN_VERIFICATION + - JWT_SIGN_TYPE - JWT_TOKEN_AUTH_MODULE - MATRIX_UVS_URL - MATRIX_UVS_ISSUER @@ -311,7 +313,7 @@ services: # Focus component jicofo: - image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} ports: - '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888' @@ -360,6 +362,7 @@ services: - JIBRI_PENDING_TIMEOUT - JIGASI_BREWERY_MUC - JIGASI_SIP_URI + - JIGASI_TRUSTED_DOMAINS - JVB_BREWERY_MUC - JVB_XMPP_AUTH_DOMAIN - JVB_XMPP_INTERNAL_MUC_DOMAIN @@ -394,7 +397,7 @@ services: # Video bridge jvb: - image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/jvb:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp' diff --git a/jibri.yml b/jibri.yml index feffec2dd7..f88f665282 100644 --- a/jibri.yml +++ b/jibri.yml @@ -2,7 +2,7 @@ version: '3.5' services: jibri: - image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/jibri:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} volumes: - ${CONFIG}/jibri:/config:Z @@ -41,6 +41,8 @@ services: - JIBRI_USAGE_TIMEOUT - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD + - JIBRI_XORG_HORIZ_SYNC + - JIBRI_XORG_VERT_REFRESH - JIBRI_BREWERY_MUC - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD diff --git a/jibri/rootfs/defaults/autoscaler-sidecar.config b/jibri/rootfs/defaults/autoscaler-sidecar.config index 70d14ee706..a83173f1c5 100644 --- a/jibri/rootfs/defaults/autoscaler-sidecar.config +++ b/jibri/rootfs/defaults/autoscaler-sidecar.config @@ -9,6 +9,7 @@ export TERMINATE_SCRIPT="/opt/jitsi/jibri/shutdown.sh" export ENABLE_REPORT_STATS=true export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown" export STATS_RETRIEVE_URL="http://localhost:{{ $JIBRI_HTTP_API_EXTERNAL_PORT }}/jibri/api/v1.0/health" export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" diff --git a/jibri/rootfs/defaults/xorg-video-dummy.conf b/jibri/rootfs/defaults/xorg-video-dummy.conf index 4fede78132..7bb095d7c9 100644 --- a/jibri/rootfs/defaults/xorg-video-dummy.conf +++ b/jibri/rootfs/defaults/xorg-video-dummy.conf @@ -1,4 +1,6 @@ {{ $JIBRI_RECORDING_RESOLUTION := .Env.JIBRI_RECORDING_RESOLUTION | default "1280x720" -}} +{{ $JIBRI_HORIZ_SYNC := .Env.JIBRI_XORG_HORIZ_SYNC | default "43.0 - 47.0" -}} +{{ $JIBRI_VERT_REFRESH := .Env.JIBRI_XORG_VERT_REFRESH | default "58.0 - 62.0" -}} # This xorg configuration file is meant to be used by xpra # to start a dummy X11 server. @@ -24,8 +26,8 @@ EndSection Section "Monitor" Identifier "dummy_monitor" - HorizSync 5.0 - 1000.0 - VertRefresh 5.0 - 200.0 + HorizSync {{ $JIBRI_HORIZ_SYNC }} + VertRefresh {{ $JIBRI_VERT_REFRESH }} #This can be used to get a specific DPI, but only for the default resolution: #DisplaySize 508 317 #NOTE: the highest modes will not work without increasing the VideoRam @@ -63,6 +65,7 @@ Section "Monitor" Modeline "1360x768" 24.49 1360 1392 1480 1512 768 786 789 807 Modeline "1024x768" 18.71 1024 1056 1120 1152 768 786 789 807 Modeline "768x1024" 19.50 768 800 872 904 1024 1048 1052 1076 + Modeline "1280x720@60" 73.78 1280 1312 1592 1624 720 735 742 757 #common resolutions for android devices (both orientations): diff --git a/jigasi.yml b/jigasi.yml index edfc780d4b..7aade4d6d3 100644 --- a/jigasi.yml +++ b/jigasi.yml @@ -3,7 +3,7 @@ version: '3.5' services: # SIP gateway (audio) jigasi: - image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9364-1} + image: jitsi/jigasi:${JITSI_IMAGE_VERSION:-stable-9457-2} restart: ${RESTART_POLICY:-unless-stopped} ports: - '${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}:${JIGASI_PORT_MIN:-20000}-${JIGASI_PORT_MAX:-20050}/udp' diff --git a/jigasi/rootfs/defaults/autoscaler-sidecar.config b/jigasi/rootfs/defaults/autoscaler-sidecar.config index ca68cff2c9..8263968160 100644 --- a/jigasi/rootfs/defaults/autoscaler-sidecar.config +++ b/jigasi/rootfs/defaults/autoscaler-sidecar.config @@ -9,6 +9,7 @@ export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh" export ENABLE_REPORT_STATS=true export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown" export STATS_RETRIEVE_URL="http://localhost:{{ $JIGASI_STATS_PORT }}/about/stats" export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" diff --git a/jigasi/rootfs/defaults/sip-communicator.properties b/jigasi/rootfs/defaults/sip-communicator.properties index 0f30c71abc..ea5bf07d62 100644 --- a/jigasi/rootfs/defaults/sip-communicator.properties +++ b/jigasi/rootfs/defaults/sip-communicator.properties @@ -12,6 +12,8 @@ {{ $SHUTDOWN_REST_ENABLED := .Env.SHUTDOWN_REST_ENABLED | default "false" | toBool -}} {{ $DISABLE_SIP := .Env.JIGASI_DISABLE_SIP | default "false" | toBool -}} {{/* assign env from context, preserve during range when . is re-assigned */}} +{{ $TRUSTED_DOMAIN_LIST := .Env.JIGASI_TRUSTED_DOMAINS | default "" -}} +{{ $TRUSTED_DOMAINS := splitList "," $TRUSTED_DOMAIN_LIST -}} {{ $ENV := .Env -}} net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false @@ -180,3 +182,8 @@ org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME={{ .Env.JIGASI_SIP_DEFAULT_ROOM }} {{ end }} org.jitsi.jigasi.MUC_SERVICE_ADDRESS={{ $XMPP_MUC_DOMAIN }} + +# when checking other participants whether they are jibri/jigasi we can also check the the domain they use for connecting +{{ if $TRUSTED_DOMAIN_LIST }} +org.jitsi.jigasi.TRUSTED_DOMAINS=[ {{ range $index, $element := $TRUSTED_DOMAINS }}{{ if gt $index 0 }},{{ end }}"{{ $element }}"{{ end}} ] +{{ end }} diff --git a/jvb/rootfs/defaults/autoscaler-sidecar.config b/jvb/rootfs/defaults/autoscaler-sidecar.config index 31ad83338f..d7a8320065 100644 --- a/jvb/rootfs/defaults/autoscaler-sidecar.config +++ b/jvb/rootfs/defaults/autoscaler-sidecar.config @@ -9,6 +9,7 @@ export TERMINATE_SCRIPT="/opt/jitsi/shutdown.sh" export ENABLE_REPORT_STATS=true export POLLING_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/poll" export STATUS_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/status" +export SHUTDOWN_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/shutdown" export STATS_RETRIEVE_URL="http://localhost:{{ $JVB_COLIBRI_PORT }}/colibri/stats" export STATS_REPORT_URL="{{ .Env.AUTOSCALER_URL }}/sidecar/stats" export ASAP_SIGNING_KEY_FILE="{{ .Env.AUTOSCALER_SIDECAR_KEY_FILE }}" diff --git a/prosody/Dockerfile b/prosody/Dockerfile index f6542b6a30..633115e3f4 100644 --- a/prosody/Dockerfile +++ b/prosody/Dockerfile @@ -31,7 +31,7 @@ ARG VERSION_JITSI_CONTRIB_PROSODY_PLUGINS="20240117" ARG VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN="1.8.0" RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody-debian-packages.key && \ - echo "deb http://packages.prosody.im/debian bullseye main" > /etc/apt/sources.list.d/prosody.list && \ + echo "deb http://packages.prosody.im/debian bookworm main" > /etc/apt/sources.list.d/prosody.list && \ apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y \ lua5.4 \ @@ -64,9 +64,8 @@ RUN wget -qO /etc/apt/trusted.gpg.d/prosody.gpg https://prosody.im/files/prosody rm -rf prosody-mod-auth-matrix-user-verification-$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN v$VERSION_MATRIX_USER_VERIFICATION_SERVICE_PLUGIN.tar.gz && \ wget -q https://github.com/jitsi-contrib/prosody-plugins/archive/refs/tags/v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz && \ tar -xf v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz && \ - mv prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/auth_hybrid_matrix_token/mod_auth_hybrid_matrix_token.lua /prosody-plugins && \ - mv prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/auth_hybrid_matrix_token/mod_matrix_affiliation.lua /prosody-plugins && \ - mv prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/auth_hybrid_matrix_token/mod_matrix_lobby_bypass.lua /prosody-plugins && \ + mkdir /prosody-plugins-contrib && \ + cp -a prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS/* /prosody-plugins-contrib && \ rm -rf prosody-plugins-$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS v$VERSION_JITSI_CONTRIB_PROSODY_PLUGINS.tar.gz COPY rootfs/ / diff --git a/prosody/rootfs/defaults/conf.d/brewery.cfg.lua b/prosody/rootfs/defaults/conf.d/brewery.cfg.lua index a139f98d6f..0418d735b3 100644 --- a/prosody/rootfs/defaults/conf.d/brewery.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/brewery.cfg.lua @@ -10,7 +10,7 @@ admins = { "{{ $JVB_AUTH_USER }}@{{ $JVB_XMPP_AUTH_DOMAIN }}" } -plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" } VirtualHost "{{ $JVB_XMPP_AUTH_DOMAIN }}" authentication = "internal_hashed" diff --git a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua index 7f8e4fbcb4..6ea4e24f6b 100644 --- a/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua @@ -34,6 +34,7 @@ {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} {{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}} {{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}} +{{ $TURN_TTL := .Env.TURN_TTL | default "86400" -}} {{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}} {{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}} {{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}} @@ -75,7 +76,7 @@ unlimited_jids = { "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}" } -plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" } muc_mapper_domain_base = "{{ $XMPP_DOMAIN }}"; muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; @@ -95,7 +96,7 @@ external_services = { {{- range $idx1, $host := $TURN_HOSTS -}} {{- range $idx2, $transport := $TURN_TRANSPORTS -}} {{- if or $STUN_HOST $idx1 $idx2 -}},{{- end }} - { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } + { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = {{ $TURN_TTL }}, algorithm = "turn" } {{- end -}} {{- end -}} {{- end -}} @@ -103,7 +104,7 @@ external_services = { {{- if $TURNS_HOST -}} {{- range $idx, $host := $TURNS_HOSTS -}} {{- if or $STUN_HOST $TURN_HOST $idx -}},{{- end }} - { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = {{ $TURN_TTL }}, algorithm = "turn" } {{- end }} {{- end }} }; @@ -143,6 +144,9 @@ VirtualHost "jigasi.meet.jitsi" VirtualHost "{{ $XMPP_DOMAIN }}" {{ if $ENABLE_AUTH }} {{ if eq $PROSODY_AUTH_TYPE "jwt" }} + {{ if .Env.JWT_SIGN_TYPE }} + signature_algorithm = "{{ .Env.JWT_SIGN_TYPE }}" + {{ end -}} authentication = "{{ $JWT_AUTH_TYPE }}" app_id = "{{ .Env.JWT_APP_ID }}" app_secret = "{{ .Env.JWT_APP_SECRET }}" diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua index a082b5bc02..035759a75b 100644 --- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua +++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua @@ -20,6 +20,7 @@ {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}} {{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}} {{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}} +{{ $TURN_TTL := .Env.TURN_TTL | default "86400" -}} {{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}} {{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}} {{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}} @@ -36,7 +37,7 @@ {{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}} {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}} -plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } +plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" } muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"; muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}"; @@ -53,7 +54,7 @@ external_services = { {{- range $idx1, $host := $TURN_HOSTS -}} {{- range $idx2, $transport := $TURN_TRANSPORTS -}} {{- if or $idx1 $idx2 -}},{{- end }} - { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" } + { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = {{ $TURN_TTL }}, algorithm = "turn" } {{- end -}} {{- end -}} {{- end -}} @@ -61,7 +62,7 @@ external_services = { {{- if $TURNS_HOST -}} {{- range $idx, $host := $TURNS_HOSTS -}} {{- if or $TURN_HOST $idx -}},{{- end }} - { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = {{ $TURN_TTL }}, algorithm = "turn" } {{- end }} {{- end }} }; diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua index ee67f34efa..74e41d1e2a 100644 --- a/prosody/rootfs/defaults/prosody.cfg.lua +++ b/prosody/rootfs/defaults/prosody.cfg.lua @@ -4,8 +4,8 @@ {{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}} {{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }} {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}} -{{ $GC_TYPE := .Env.GC_TYPE | default "generational" -}} -{{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}} +{{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}} +{{ $GC_INC_TH := .Env.GC_INC_TH | default 400 -}} {{ $GC_INC_SPEED := .Env.GC_INC_SPEED | default 250 -}} {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}} {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}} diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config index e9ebc0e393..98f0f832eb 100644 --- a/prosody/rootfs/etc/cont-init.d/10-config +++ b/prosody/rootfs/etc/cont-init.d/10-config @@ -25,6 +25,9 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then chown -R prosody /prosody-plugins-custom fi +if [[ "$(stat -c %U /prosody-plugins-contrib)" != "prosody" ]]; then + chown -R prosody /prosody-plugins-contrib +fi mkdir /config/certs cp -r /defaults/* /config diff --git a/web/Dockerfile b/web/Dockerfile index 5f29e5f0c4..e26b90617c 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -8,7 +8,7 @@ LABEL org.opencontainers.image.url="https://jitsi.org/jitsi-meet/" LABEL org.opencontainers.image.source="https://github.com/jitsi/docker-jitsi-meet" LABEL org.opencontainers.image.documentation="https://jitsi.github.io/handbook/" -ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh /opt +ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/3.0.7/acme.sh /opt COPY rootfs/ / RUN apt-dpkg-wrap apt-get update && \ diff --git a/web/rootfs/defaults/meet.conf b/web/rootfs/defaults/meet.conf index 6ec7c0321e..a3bc391b20 100644 --- a/web/rootfs/defaults/meet.conf +++ b/web/rootfs/defaults/meet.conf @@ -8,6 +8,7 @@ {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}} {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}} {{ $XMPP_BOSH_URL_BASE := .Env.XMPP_BOSH_URL_BASE | default "http://xmpp.meet.jitsi:5280" -}} +{{ $CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN := .Env.CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN | default "*" }} server_name _; @@ -60,7 +61,7 @@ location = /_api/room-info { # ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { - add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Origin' '{{ $CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN }}'; alias /usr/share/jitsi-meet/$1/$2; # cache all versioned files @@ -192,7 +193,7 @@ location @root_path { rewrite ^/_load-test/(.*)$ /load-test/index.html break; } location ~ ^/_load-test/libs/(.*)$ { - add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Origin' '{{ $CORS_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN }}'; alias /usr/share/jitsi-meet/load-test/libs/$1; } diff --git a/web/rootfs/defaults/nginx.conf b/web/rootfs/defaults/nginx.conf index adf14f9412..3e1cf9fa08 100644 --- a/web/rootfs/defaults/nginx.conf +++ b/web/rootfs/defaults/nginx.conf @@ -32,8 +32,6 @@ http { include /etc/nginx/mime.types; types { - # add support for wasm MIME type, that is required by specification and it is not part of default mime.types file - application/wasm wasm; # add support for the wav MIME type that is requried to playback wav files in Firefox. audio/wav wav; }