diff --git a/webapps/jitsimeet/LISEZMOI.md b/webapps/jitsimeet/LISEZMOI.md index 29594f79..113a88e7 100644 --- a/webapps/jitsimeet/LISEZMOI.md +++ b/webapps/jitsimeet/LISEZMOI.md @@ -29,7 +29,7 @@ Exemple de playbook - all vars: # Supplanter ici les variables du rôle - domains: ['votre-vrai-domaine.org'] + jitsimeet_domains: ['votre-vrai-domaine.org'] service: 'mon-jitsimeet' roles: diff --git a/webapps/jitsimeet/README.md b/webapps/jitsimeet/README.md index a1f1463a..b3e48031 100644 --- a/webapps/jitsimeet/README.md +++ b/webapps/jitsimeet/README.md @@ -29,7 +29,7 @@ Example Playbook - all vars: # Overwrite the role variables here - domains: ['your-real-domain.org'] + jitsimeet_domains: ['your-real-domain.org'] service: 'my-jitsimeet' roles: diff --git a/webapps/jitsimeet/defaults/main.yml b/webapps/jitsimeet/defaults/main.yml index 22ed5a87..985298b4 100644 --- a/webapps/jitsimeet/defaults/main.yml +++ b/webapps/jitsimeet/defaults/main.yml @@ -1,16 +1,16 @@ --- # defaults file for main vars -system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']" +jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']" -domains: ['jitsi.example.net'] -turn_domains: ['turn.jitsi.example.net'] -certbot_admin_email: 'security@example.net' +jitsimeet_domains: ['jitsi.example.net'] +jitsimeet_turn_domains: ['turn.jitsi.example.net'] +jitsimeet_certbot_admin_email: 'security@example.net' -jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" -jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem" -jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key" -jitsi_meet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME" -jitsi_meet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL" -jitsi_meet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e" -colibri_ext_port: '8443' +jitsimeet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)" +jitsimeet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem" +jitsimeet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key" +jitsimeet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME" +jitsimeet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL" +jitsimeet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e" +jitsimeet_colibri_ext_port: '8443' diff --git a/webapps/jitsimeet/tasks/main.yml b/webapps/jitsimeet/tasks/main.yml index d5f2e635..50f1f223 100644 --- a/webapps/jitsimeet/tasks/main.yml +++ b/webapps/jitsimeet/tasks/main.yml @@ -1,8 +1,8 @@ --- # tasks file for jitsimeet install -- name: Set FQDN - command: "hostnamectl set-hostname {{ domains | first }}" +#- name: Set FQDN +# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}" - name: Add Prosody apt repository key ansible.builtin.get_url: @@ -12,7 +12,12 @@ force: true - name: Add Jitsi Meet apt repository key + dearmor hack - shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg' + ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg' + +- name: Adjust permissions of gpg key + ansible.builtin.file: + path: /etc/apt/trusted.gpg.d/jitsimeet.gpg + mode: '0644' - name: Add Prosody apt repository ansible.builtin.apt_repository: @@ -26,7 +31,7 @@ - name: Install system dependencies ansible.builtin.apt: - name: "{{ system_dep }}" + name: "{{ jitsimeet_system_dep }}" state: present update_cache: true @@ -39,23 +44,23 @@ loop: - name: jitsi-videobridge2 question: jitsi-videobridge/jvb-hostname - value: "{{ domains | first }}" + value: "{{ jitsimeet_domains | first }}" vtype: string - name: jitsi-meet-web-config question: jitsi-meet/cert-choice - value: "{{ jitsi_meet_cert_choice }}" + value: "{{ jitsimeet_cert_choice }}" vtype: string - name: jitsi-meet-web-config question: jitsi-meet/cert-path-crt - value: "{{ jitsi_meet_ssl_cert_path }}" + value: "{{ jitsimeet_ssl_cert_path }}" vtype: string - name: jitsi-meet-web-config question: jitsi-meet/cert-path-key - value: "{{ jitsi_meet_ssl_key_path }}" + value: "{{ jitsimeet_ssl_key_path }}" vtype: string - name: jitsi-meet-prosody question: jitsi-meet-prosody/turn-secret - value: "{{ jitsi_meet_turn_secret }}" + value: "{{ jitsimeet_turn_secret }}" vtype: string - name: Install Jitsi Meet @@ -70,7 +75,7 @@ state: present - name: Add certs dir for coturn/letsencrypt if needed - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory mode: "{{ item.mode }}" @@ -83,7 +88,7 @@ - { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" } - name: Template config files - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ item.owner }}" @@ -92,10 +97,10 @@ loop: - { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" } - { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" } - - { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-config.js", owner: "root", group: "root", mode: "0644" } - - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" } + - { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" } + - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" } - { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" } - - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" } + - { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" } - { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" } - { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" } @@ -110,10 +115,10 @@ } - name: Unregister default jvb account in prosody - ansible.builtin.command: prosodyctl unregister jvb auth.{{ domains | first }} + ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }} - name: Register jvb account in prosody (with proper secret) - ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }} + ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }} - name: Restart prosody ansible.builtin.service: @@ -131,75 +136,75 @@ state: restarted - name: Check if SSL certificate is present and register result - stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + ansible.builtin.stat: + path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) block: - name: Template vhost without SSL for successfull LE challengce - template: + ansible.builtin.template: src: "nginx/vhost.conf.j2" - dest: "/etc/nginx/sites-available/{{ domains |first }}.conf" + dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" - name: Enable temporary nginx vhost - file: - src: "/etc/nginx/sites-available/{{ domains |first }}.conf" - dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf" + ansible.builtin.file: + src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" + dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions - file: + ansible.builtin.file: path: /var/lib/letsencrypt state: directory mode: '0755' - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }} + ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result - stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + ansible.builtin.stat: + path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - - { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domains |first }}.conf" } + - { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" } - { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' } - name: Enable multiplex module conf - file: + ansible.builtin.file: src: '/etc/nginx/modules-available/multiplex.conf' dest: '/etc/nginx/modules-enabled/multiplex.conf' state: link - name: Enable nginx vhost - file: - src: "/etc/nginx/sites-available/{{ domains |first }}.conf" - dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf" + ansible.builtin.file: + src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" + dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded - name: Check if SSL certificate for coturn is present and register result - stat: - path: "/etc/coturn/certs/{{ turn_domains |first }}.crt" + ansible.builtin.stat: + path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt" register: ssl_coturn - name: Generate certificate for coturn with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ turn_domains |first }} + ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }} when: ssl_coturn.stat.exists != true - name: Setup other domains if any include_tasks: other_domains.yml - loop: "{{ domains[1:] }}" + loop: "{{ jitsimeet_domains[1:] }}" loop_control: loop_var: domain diff --git a/webapps/jitsimeet/tasks/other_domains.yml b/webapps/jitsimeet/tasks/other_domains.yml index b2dfcf69..04175831 100644 --- a/webapps/jitsimeet/tasks/other_domains.yml +++ b/webapps/jitsimeet/tasks/other_domains.yml @@ -2,7 +2,7 @@ # tasks file for other domains if any - name: Template config files - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ item.owner }}" @@ -13,59 +13,59 @@ - { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" } - name: Check if SSL certificate is present and register result - stat: + ansible.builtin.stat: path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) block: - name: Template vhost without SSL for successfull LE challengce - template: + ansible.builtin.template: src: "nginx/other.vhost.conf.j2" dest: "/etc/nginx/sites-available/{{ domain }}.conf" - name: Enable temporary nginx vhost - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ domain }}.conf" dest: "/etc/nginx/sites-enabled/{{ domain }}.conf" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded - name: Make sure /var/lib/letsencrypt exists and has correct permissions - file: + ansible.builtin.file: path: /var/lib/letsencrypt state: directory mode: '0755' - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domain }} + ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }} when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result - stat: + ansible.builtin.stat: path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" } - name: Insert block in multiplex.conf - lineinfile: + ansible.builtin.lineinfile: path: /etc/nginx/modules-enabled/multiplex.conf insertafter: "web_backend;" line: "{{ domain }} web_backend;" - name: Enable nginx vhost - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ domain }}.conf" dest: "/etc/nginx/sites-enabled/{{ domain }}.conf" state: link - name: Reload nginx conf - service: + ansible.builtin.service: name: nginx state: reloaded diff --git a/webapps/jitsimeet/templates/certbot/coturn-certbot-deploy.sh.j2 b/webapps/jitsimeet/templates/certbot/coturn-certbot-deploy.sh.j2 index 9e34af55..1985490f 100644 --- a/webapps/jitsimeet/templates/certbot/coturn-certbot-deploy.sh.j2 +++ b/webapps/jitsimeet/templates/certbot/coturn-certbot-deploy.sh.j2 @@ -6,7 +6,7 @@ set -e for domain in $RENEWED_DOMAINS; do case $domain in - {{ turn_domains | first }}) + {{ jitsimeet_turn_domains | first }}) daemon_cert_root=/etc/coturn/certs # Make sure the certificate and private key files are diff --git a/webapps/jitsimeet/templates/coturn/turnserver.conf.j2 b/webapps/jitsimeet/templates/coturn/turnserver.conf.j2 index 67ee20a3..574635aa 100644 --- a/webapps/jitsimeet/templates/coturn/turnserver.conf.j2 +++ b/webapps/jitsimeet/templates/coturn/turnserver.conf.j2 @@ -1,10 +1,10 @@ # jitsi-meet coturn config. Do not modify this line use-auth-secret keep-address-family -static-auth-secret={{ jitsi_meet_turn_secret }} -realm={{ turn_domains | first }} -cert=/etc/coturn/certs/{{ turn_domains | first }}.crt -pkey=/etc/coturn/certs/{{ turn_domains | first }}.key +static-auth-secret={{ jitsimeet_turn_secret }} +realm={{ jitsimeet_turn_domains | first }} +cert=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.crt +pkey=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.key no-multicast-peers no-cli #no-loopback-peers diff --git a/webapps/jitsimeet/templates/meet/config.js.j2 b/webapps/jitsimeet/templates/meet/config.js.j2 index 5000be95..9e50c6bd 100644 --- a/webapps/jitsimeet/templates/meet/config.js.j2 +++ b/webapps/jitsimeet/templates/meet/config.js.j2 @@ -30,31 +30,31 @@ var config = { hosts: { // XMPP domain. - domain: '{{ domains | first }}', + domain: '{{ jitsimeet_domains | first }}', // When using authentication, domain for guest users. // anonymousdomain: 'guest.example.com', // Domain for authenticated users. Defaults to . - // authdomain: '{{ domains | first }}', + // authdomain: '{{ jitsimeet_domains | first }}', // Focus component domain. Defaults to focus.. - // focus: 'focus.{{ domains | first }}', + // focus: 'focus.{{ jitsimeet_domains | first }}', // XMPP MUC domain. FIXME: use XEP-0030 to discover it. - muc: 'conference.' + subdomain + '{{ domains | first }}', + muc: 'conference.' + subdomain + '{{ jitsimeet_domains | first }}', }, // BOSH URL. FIXME: use XEP-0156 to discover it. - bosh: 'https://{{ domains | first }}/' + subdir + 'http-bind', + bosh: 'https://{{ jitsimeet_domains | first }}/' + subdir + 'http-bind', // Websocket URL (XMPP) - websocket: 'wss://{{ domains | first }}/' + subdir + 'xmpp-websocket', + websocket: 'wss://{{ jitsimeet_domains | first }}/' + subdir + 'xmpp-websocket', // The real JID of focus participant - can be overridden here // Do not change username - FIXME: Make focus username configurable // https://github.com/jitsi/jitsi-meet/issues/7376 - // focusUserJid: 'focus@auth.{{ domains | first }}', + // focusUserJid: 'focus@auth.{{ jitsimeet_domains | first }}', // Options related to the bridge (colibri) data channel bridgeChannel: { @@ -302,9 +302,9 @@ var config = { // appKey: '', // Specify your app key here. // // A URL to redirect the user to, after authenticating // // by default uses: - // // 'https://{{ domains | first }}/static/oauth.html' + // // 'https://{{ jitsimeet_domains | first }}/static/oauth.html' // redirectURI: - // 'https://{{ domains | first }}/subfolder/static/oauth.html', + // 'https://{{ jitsimeet_domains | first }}/subfolder/static/oauth.html', // }, // recordingService: { @@ -947,7 +947,7 @@ var config = { // The STUN servers that will be used in the peer to peer connections stunServers: [ - { urls: 'stun:{{ turn_domains | first }}:3478' }, + { urls: 'stun:{{ jitsimeet_turn_domains | first }}:3478' }, //{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }, ], }, @@ -1301,7 +1301,7 @@ var config = { // The URL of the moderated rooms microservice, if available. If it // is present, a link to the service will be rendered on the welcome page, // otherwise the app doesn't render it. - // moderatedRoomServiceUrl: 'https://moderated.{{ domains | first }}', + // moderatedRoomServiceUrl: 'https://moderated.{{ jitsimeet_domains | first }}', // If true, tile view will not be enabled automatically when the participants count threshold is reached. // disableTileView: true, diff --git a/webapps/jitsimeet/templates/meet/interface_config.js.j2 b/webapps/jitsimeet/templates/meet/interface_config.js.j2 index 0b8d546e..142661ed 100644 --- a/webapps/jitsimeet/templates/meet/interface_config.js.j2 +++ b/webapps/jitsimeet/templates/meet/interface_config.js.j2 @@ -63,7 +63,7 @@ var interfaceConfig = { */ DISABLE_VIDEO_BACKGROUND: false, - DISPLAY_WELCOME_FOOTER: {{ welcome_footer }}, + DISPLAY_WELCOME_FOOTER: {{ jitsimeet_welcome_footer }}, DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false, DISPLAY_WELCOME_PAGE_CONTENT: true, DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false, diff --git a/webapps/jitsimeet/templates/nginx/multiplex.conf.j2 b/webapps/jitsimeet/templates/nginx/multiplex.conf.j2 index 8a279fb9..3358fc41 100644 --- a/webapps/jitsimeet/templates/nginx/multiplex.conf.j2 +++ b/webapps/jitsimeet/templates/nginx/multiplex.conf.j2 @@ -1,7 +1,7 @@ stream { map $ssl_preread_server_name $name { - {{ domains | first }} web_backend; - {{ turn_domains | first }} turn_backend; + {{ jitsimeet_domains | first }} web_backend; + {{ jitsimeet_turn_domains | first }} turn_backend; } upstream web_backend { diff --git a/webapps/jitsimeet/templates/nginx/other.vhost.conf.j2 b/webapps/jitsimeet/templates/nginx/other.vhost.conf.j2 index 472f8de0..5e0b4858 100644 --- a/webapps/jitsimeet/templates/nginx/other.vhost.conf.j2 +++ b/webapps/jitsimeet/templates/nginx/other.vhost.conf.j2 @@ -105,7 +105,7 @@ server { proxy_pass http://prosody/room-info?prefix=$prefix&$args; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host {{ domains | first }}; + proxy_set_header Host {{ jitsimeet_domains | first }}; } location ~ ^/_api/public/(.*)$ { @@ -130,7 +130,7 @@ server { proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host {{ domains | first }}; + proxy_set_header Host {{ jitsimeet_domains | first }}; proxy_set_header Connection ""; } @@ -141,7 +141,7 @@ server { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - proxy_set_header Host {{ domains | first }}; + proxy_set_header Host {{ jitsimeet_domains | first }}; tcp_nodelay on; } diff --git a/webapps/jitsimeet/templates/nginx/vhost.conf.j2 b/webapps/jitsimeet/templates/nginx/vhost.conf.j2 index 386dd10d..aa1db962 100644 --- a/webapps/jitsimeet/templates/nginx/vhost.conf.j2 +++ b/webapps/jitsimeet/templates/nginx/vhost.conf.j2 @@ -33,7 +33,7 @@ map $arg_vnode $prosody_node { server { listen 80; listen [::]:80; - server_name {{ domains | first }} {{ turn_domains | first }}; + server_name {{ jitsimeet_domains | first }} {{ jitsimeet_turn_domains | first }}; # For certbot location ~ /.well-known/acme-challenge { @@ -50,7 +50,7 @@ server { server { listen 8088 ssl http2; listen [::]:8088 ssl http2; - server_name {{ domains | first }}; + server_name {{ jitsimeet_domains | first }}; access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m error_log /var/log/nginx/{{ service }}.error.log; @@ -74,16 +74,16 @@ server { add_header Strict-Transport-Security "max-age=63072000" always; set $prefix ""; set $custom_index ""; - set $config_js_location /etc/jitsi/meet/{{ domains | first }}-config.js; - set $interface_config_js_location /etc/jitsi/meet/{{ domains | first }}-interface_config.js; + set $config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js; + set $interface_config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js; set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html; ## # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## - ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem; root /usr/share/jitsi-meet; @@ -240,10 +240,10 @@ server { ## Pour communiquer les stats colibri à un serveur externe Grafana server { - listen {{ colibri_ext_port }} ssl http2; - listen [::]:{{ colibri_ext_port }} ssl http2; + listen {{ jitsimeet_colibri_ext_port }} ssl http2; + listen [::]:{{ jitsimeet_colibri_ext_port }} ssl http2; - server_name {{ domains | first }}; + server_name {{ jitsimeet_domains | first }}; # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; @@ -256,8 +256,8 @@ server { add_header Strict-Transport-Security "max-age=63072000" always; - ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem; location / { proxy_pass http://127.0.0.1:8080; diff --git a/webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2 b/webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2 index cef3eaae..bba56bd0 100644 --- a/webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2 +++ b/webapps/jitsimeet/templates/prosody/virtualhost.cfg.lua.j2 @@ -1,13 +1,13 @@ plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } -- domain mapper options, must at least have domain base set to use the mapper -muc_mapper_domain_base = "{{ domains | first }}"; +muc_mapper_domain_base = "{{ jitsimeet_domains | first }}"; -external_service_secret = "{{ jitsi_meet_turn_secret }}"; +external_service_secret = "{{ jitsimeet_turn_secret }}"; external_services = { - { type = "stun", host = "{{ turn_domains | first }}", port = 3478 }, - { type = "turn", host = "{{ turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" }, - { type = "turns", host = "{{ turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } + { type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 }, + { type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" }, + { type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" } }; cross_domain_bosh = false; @@ -33,11 +33,11 @@ ssl = { } unlimited_jids = { - "focus@auth.{{ domains | first }}", - "jvb@auth.{{ domains | first }}" + "focus@auth.{{ jitsimeet_domains | first }}", + "jvb@auth.{{ jitsimeet_domains | first }}" } -VirtualHost "{{ domains | first }}" +VirtualHost "{{ jitsimeet_domains | first }}" authentication = "jitsi-anonymous" -- do not delete me -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" @@ -48,13 +48,13 @@ VirtualHost "{{ domains | first }}" -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. ssl = { - key = "/etc/prosody/certs/{{ domains | first }}.key"; - certificate = "/etc/prosody/certs/{{ domains | first }}.crt"; + key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key"; + certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt"; } - av_moderation_component = "avmoderation.{{ domains | first }}" - speakerstats_component = "speakerstats.{{ domains | first }}" - conference_duration_component = "conferenceduration.{{ domains | first }}" - end_conference_component = "endconference.{{ domains | first }}" + av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}" + speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}" + conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}" + end_conference_component = "endconference.{{ jitsimeet_domains | first }}" -- we need bosh modules_enabled = { "bosh"; @@ -72,13 +72,13 @@ VirtualHost "{{ domains | first }}" "room_metadata"; } c2s_require_encryption = false - lobby_muc = "lobby.{{ domains | first }}" - breakout_rooms_muc = "breakout.{{ domains | first }}" - room_metadata_component = "metadata.{{ domains | first }}" - main_muc = "conference.{{ domains | first }}" - -- muc_lobby_whitelist = { "recorder.{{ domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms + lobby_muc = "lobby.{{ jitsimeet_domains | first }}" + breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}" + room_metadata_component = "metadata.{{ jitsimeet_domains | first }}" + main_muc = "conference.{{ jitsimeet_domains | first }}" + -- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms -Component "conference.{{ domains | first }}" "muc" +Component "conference.{{ jitsimeet_domains | first }}" "muc" restrict_room_creation = true storage = "memory" modules_enabled = { @@ -90,14 +90,14 @@ Component "conference.{{ domains | first }}" "muc" "muc_rate_limit"; "muc_password_whitelist"; } - admins = { "focus@auth.{{ domains | first }}" } + admins = { "focus@auth.{{ jitsimeet_domains | first }}" } muc_password_whitelist = { - "focus@auth.{{ domains | first }}" + "focus@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true -Component "breakout.{{ domains | first }}" "muc" +Component "breakout.{{ jitsimeet_domains | first }}" "muc" restrict_room_creation = true storage = "memory" modules_enabled = { @@ -107,25 +107,25 @@ Component "breakout.{{ domains | first }}" "muc" "muc_rate_limit"; "polls"; } - admins = { "focus@auth.{{ domains | first }}" } + admins = { "focus@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true -- internal muc component -Component "internal.auth.{{ domains | first }}" "muc" +Component "internal.auth.{{ jitsimeet_domains | first }}" "muc" storage = "memory" modules_enabled = { "muc_hide_all"; "ping"; } - admins = { "focus@auth.{{ domains | first }}", "jvb@auth.{{ domains | first }}" } + admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" } muc_room_locking = false muc_room_default_public_jids = true -VirtualHost "auth.{{ domains | first }}" +VirtualHost "auth.{{ jitsimeet_domains | first }}" ssl = { - key = "/etc/prosody/certs/auth.{{ domains | first }}.key"; - certificate = "/etc/prosody/certs/auth.{{ domains | first }}.crt"; + key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key"; + certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt"; } modules_enabled = { "limits_exception"; @@ -133,22 +133,22 @@ VirtualHost "auth.{{ domains | first }}" authentication = "internal_hashed" -- Proxy to jicofo's user JID, so that it doesn't have to register as a component. -Component "focus.{{ domains | first }}" "client_proxy" - target_address = "focus@auth.{{ domains | first }}" +Component "focus.{{ jitsimeet_domains | first }}" "client_proxy" + target_address = "focus@auth.{{ jitsimeet_domains | first }}" -Component "speakerstats.{{ domains | first }}" "speakerstats_component" - muc_component = "conference.{{ domains | first }}" +Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component" + muc_component = "conference.{{ jitsimeet_domains | first }}" -Component "conferenceduration.{{ domains | first }}" "conference_duration_component" - muc_component = "conference.{{ domains | first }}" +Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component" + muc_component = "conference.{{ jitsimeet_domains | first }}" -Component "endconference.{{ domains | first }}" "end_conference" - muc_component = "conference.{{ domains | first }}" +Component "endconference.{{ jitsimeet_domains | first }}" "end_conference" + muc_component = "conference.{{ jitsimeet_domains | first }}" -Component "avmoderation.{{ domains | first }}" "av_moderation_component" - muc_component = "conference.{{ domains | first }}" +Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component" + muc_component = "conference.{{ jitsimeet_domains | first }}" -Component "lobby.{{ domains | first }}" "muc" +Component "lobby.{{ jitsimeet_domains | first }}" "muc" storage = "memory" restrict_room_creation = true muc_room_locking = false @@ -159,6 +159,6 @@ Component "lobby.{{ domains | first }}" "muc" "polls"; } -Component "metadata.{{ domains | first }}" "room_metadata_component" - muc_component = "conference.{{ domains | first }}" - breakout_rooms_component = "breakout.{{ domains | first }}" +Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component" + muc_component = "conference.{{ jitsimeet_domains | first }}" + breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}" diff --git a/webapps/jitsimeet/templates/videobridge/jvb.conf.j2 b/webapps/jitsimeet/templates/videobridge/jvb.conf.j2 index 4a64ec9a..67da6060 100644 --- a/webapps/jitsimeet/templates/videobridge/jvb.conf.j2 +++ b/webapps/jitsimeet/templates/videobridge/jvb.conf.j2 @@ -9,7 +9,7 @@ videobridge { } websockets { enabled = true - domain = "{{ domains | first }}:443" + domain = "{{ jitsimeet_domains | first }}:443" tls = true } apis { diff --git a/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2 b/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2 index f8fe663e..ac06ccc6 100644 --- a/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2 +++ b/webapps/jitsimeet/templates/videobridge/sip-communicator.properties.j2 @@ -1,13 +1,13 @@ org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true -org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ turn_domains | first }}:3478 +org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ jitsimeet_turn_domains | first }}:3478 org.jitsi.videobridge.ENABLE_STATISTICS=true org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost -org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ domains | first }} +org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsimeet_domains | first }} org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb -org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_jvb_secret }} -org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ domains | first }} -org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsi_meet_jvb_muc_nick }} +org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsimeet_jvb_secret }} +org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsimeet_domains | first }} +org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsimeet_jvb_muc_nick }} #org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html # Switches off the BWE mechanism. #org.jitsi.videobridge.TRUST_BWE=false