prosody: visitor mode support (#1611)

support for visitor mode in prosody, with some fixes for jicofo as well

docker-compose.yml

@@ -165,8 +165,9 @@ services:
         restart: ${RESTART_POLICY:-unless-stopped}
         expose:
             - '${XMPP_PORT:-5222}'
+            - '${PROSODY_S2S_PORT:-5269}'
             - '5347'
-            - '5280'
+            - '${PROSODY_HTTP_PORT:-5280}'
         volumes:
             - ${CONFIG}/prosody/config:/config:Z
             - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
@@ -181,6 +182,8 @@ services:
             - ENABLE_IPV6
             - ENABLE_LOBBY
             - ENABLE_RECORDING
+            - ENABLE_S2S
+            - ENABLE_VISITORS
             - ENABLE_XMPP_WEBSOCKET
             - ENABLE_JAAS_COMPONENTS
             - GC_TYPE
@@ -229,15 +232,23 @@ services:
             - LDAP_URL
             - LDAP_USE_TLS
             - MAX_PARTICIPANTS
+            - PROSODY_ADMINS
             - PROSODY_AUTH_TYPE
             - PROSODY_RESERVATION_ENABLED
             - PROSODY_RESERVATION_REST_BASE_URL
             - PROSODY_ENABLE_RATE_LIMITS
+            - PROSODY_ENABLE_S2S
+            - PROSODY_HTTP_PORT
+            - PROSODY_MODE
             - PROSODY_RATE_LIMIT_LOGIN_RATE
             - PROSODY_RATE_LIMIT_SESSION_RATE
             - PROSODY_RATE_LIMIT_TIMEOUT
             - PROSODY_RATE_LIMIT_ALLOW_RANGES
             - PROSODY_RATE_LIMIT_CACHE_SIZE
+            - PROSODY_S2S_PORT
+            - PROSODY_TRUSTED_PROXIES
+            - PROSODY_VISITOR_INDEX
+            - PROSODY_VISITORS_MUC_PREFIX
             - PUBLIC_URL
             - TURN_CREDENTIALS
             - TURN_HOST
@@ -246,6 +257,10 @@ services:
             - TURNS_PORT
             - TURN_TRANSPORT
             - TZ
+            - VISITORS_MAX_VISITORS_PER_NODE
+            - VISITORS_XMPP_DOMAIN
+            - VISITORS_XMPP_SERVER
+            - VISITORS_XMPP_PORT
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_GUEST_DOMAIN
@@ -257,6 +272,7 @@ services:
             - XMPP_INTERNAL_MUC_MODULES
             - XMPP_RECORDER_DOMAIN
             - XMPP_PORT
+            - XMPP_SERVER_S2S_PORT
         networks:
             meet.jitsi:
                 aliases:
@@ -316,6 +332,7 @@ services:
             - JVB_XMPP_SERVER
             - MAX_BRIDGE_PARTICIPANTS
             - OCTO_BRIDGE_SELECTION_STRATEGY
+            - PROSODY_VISITORS_MUC_PREFIX
             - SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
             - SENTRY_ENVIRONMENT
             - SENTRY_RELEASE
@@ -323,6 +340,7 @@ services:
             - VISITORS_MAX_PARTICIPANTS
             - VISITORS_MAX_VISITORS_PER_NODE
             - VISITORS_XMPP_SERVER
+            - VISITORS_XMPP_DOMAIN
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_INTERNAL_MUC_DOMAIN

jicofo/rootfs/defaults/jicofo.conf

@@ -19,6 +19,9 @@
 {{ $JVB_XMPP_INTERNAL_MUC_DOMAIN := .Env.JVB_XMPP_INTERNAL_MUC_DOMAIN | default "muc.jvb.meet.jitsi" -}}
 {{ $JVB_XMPP_PORT := .Env.JVB_XMPP_PORT | default "6222" -}}
 {{ $JVB_XMPP_SERVER := .Env.JVB_XMPP_SERVER | default "xmpp.jvb.meet.jitsi" -}}
+{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
+{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
+{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
 {{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
 {{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
 {{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
@@ -212,8 +215,8 @@ jicofo {
       {{ if .Env.VISITORS_MAX_PARTICIPANTS }}
       max-participants = {{ .Env.VISITORS_MAX_PARTICIPANTS }}
       {{ end }}
-      {{ if .Env.VISITORS_MAX_VISITORS_PER_NODE }}
-      max-visitors-per-node = {{ .Env.VISITORS_MAX_VISITORS_PER_NODE }}
+      {{ if $VISITORS_MAX_VISITORS_PER_NODE }}
+      max-visitors-per-node = {{ $VISITORS_MAX_VISITORS_PER_NODE }}
       {{ end }}
     }
 {{ end }}
@@ -225,12 +228,12 @@ jicofo {
         {{ $SERVER := splitn ":" 2 $element }}
             v{{ $index }} {
                 enabled = true
-                conference-service = conference.v{{ $index }}.{{ $XMPP_DOMAIN }}
+                conference-service = {{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
                 hostname = {{ $SERVER._0 }}
                 {{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
                 port = {{ $SERVER._1 | default $DEFAULT_PORT }}
                 domain = "{{ $XMPP_AUTH_DOMAIN }}"
-                xmpp-domain = v{{ $index }}.{{ $XMPP_DOMAIN }}
+                xmpp-domain = v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}
                 password = "{{ $ENV.JICOFO_AUTH_PASSWORD }}"
                 disable-certificate-verification = true
             }

prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

@@ -1,4 +1,5 @@
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
+{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
 {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" -}}
 {{ $PROSODY_AUTH_TYPE := .Env.PROSODY_AUTH_TYPE | default $AUTH_TYPE -}}
 {{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
@@ -208,6 +209,9 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
         {{ if $PROSODY_RESERVATION_ENABLED }}
         "reservations";
         {{ end }}
+        {{ if $ENABLE_VISITORS }}
+        "visitors";
+        {{ end }}
     }
 
     main_muc = "{{ $XMPP_MUC_DOMAIN }}"
@@ -240,11 +244,19 @@ VirtualHost "{{ $XMPP_DOMAIN }}"
 
     c2s_require_encryption = false
 
+    {{ if $ENABLE_VISITORS }}
+    visitors_ignore_list = { "{{ $XMPP_RECORDER_DOMAIN }}" }
+    {{ end }}
+
 {{ if $ENABLE_GUEST_DOMAIN }}
 VirtualHost "{{ $XMPP_GUEST_DOMAIN }}"
     authentication = "jitsi-anonymous"
 
     c2s_require_encryption = false
+    {{ if $ENABLE_VISITORS }}
+    allow_anonymous_s2s = true
+    {{ end }}
+
 {{ end }}
 
 VirtualHost "{{ $XMPP_AUTH_DOMAIN }}"
@@ -404,3 +416,9 @@ Component "breakout.{{ $XMPP_DOMAIN }}" "muc"
 Component "metadata.{{ $XMPP_DOMAIN }}" "room_metadata_component"
     muc_component = "{{ $XMPP_MUC_DOMAIN }}"
     breakout_rooms_component = "breakout.{{ $XMPP_DOMAIN }}"
+
+
+{{ if $ENABLE_VISITORS }}
+Component "visitors.{{ $XMPP_DOMAIN }}" "visitors_component"
+    auto_allow_visitor_promotion = true
+{{ end }}

prosody/rootfs/defaults/conf.d/visitors.cfg.lua

@@ -0,0 +1,209 @@
+{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
+{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
+{{ $ENABLE_RATE_LIMITS := .Env.PROSODY_ENABLE_RATE_LIMITS | default "0" | toBool -}}
+{{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
+{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "1" | toBool -}}
+{{ $JIBRI_RECORDER_USER := .Env.JIBRI_RECORDER_USER | default "recorder" -}}
+{{ $JIGASI_TRANSCRIBER_USER := .Env.JIGASI_TRANSCRIBER_USER | default "transcriber" -}}
+{{ $LIMIT_MESSAGES_CHECK_TOKEN := .Env.PROSODY_LIMIT_MESSAGES_CHECK_TOKEN | default "0" | toBool -}}
+{{ $RATE_LIMIT_LOGIN_RATE := .Env.PROSODY_RATE_LIMIT_LOGIN_RATE | default "3" -}}
+{{ $RATE_LIMIT_SESSION_RATE := .Env.PROSODY_RATE_LIMIT_SESSION_RATE | default "200" -}}
+{{ $RATE_LIMIT_TIMEOUT := .Env.PROSODY_RATE_LIMIT_TIMEOUT | default "60" -}}
+{{ $RATE_LIMIT_ALLOW_RANGES := .Env.PROSODY_RATE_LIMIT_ALLOW_RANGES | default "10.0.0.0/8" -}}
+{{ $RATE_LIMIT_CACHE_SIZE := .Env.PROSODY_RATE_LIMIT_CACHE_SIZE | default "10000" -}}
+{{ $REGION_NAME := .Env.PROSODY_REGION_NAME | default "default" -}}
+{{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
+{{ $SHARD_NAME := .Env.SHARD | default "default" -}}
+{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}}
+{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
+{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
+{{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
+{{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
+{{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
+{{ $TURN_TRANSPORT := .Env.TURN_TRANSPORT | default "tcp" -}}
+{{ $TURN_TRANSPORTS := splitList "," $TURN_TRANSPORT -}}
+{{ $TURNS_HOST := .Env.TURNS_HOST | default "" -}}
+{{ $TURNS_HOSTS := splitList "," $TURNS_HOST -}}
+{{ $TURNS_PORT := .Env.TURNS_PORT | default "443" -}}
+{{ $VISITOR_INDEX := .Env.PROSODY_VISITOR_INDEX | default "0" -}}
+{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
+{{ $VISITORS_MAX_VISITORS_PER_NODE := .Env.VISITORS_MAX_VISITORS_PER_NODE | default "250" }}
+{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN | default "auth.meet.jitsi" -}}
+{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
+{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
+{{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 -}}
+{{ $XMPP_SERVER := .Env.XMPP_SERVER | default "xmpp.meet.jitsi" -}}
+{{ $XMPP_SERVER_S2S_PORT := .Env.XMPP_SERVER_S2S_PORT | default $S2S_PORT -}}
+{{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
+
+plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
+
+muc_mapper_domain_base = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}";
+muc_mapper_domain_prefix = "{{ $XMPP_MUC_DOMAIN_PREFIX }}";
+
+http_default_host = "v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}"
+
+{{ if .Env.TURN_CREDENTIALS -}}
+external_service_secret = "{{.Env.TURN_CREDENTIALS}}";
+{{- end }}
+
+{{ if or .Env.TURN_HOST .Env.TURNS_HOST -}}
+external_services = {
+  {{ if $TURN_HOST -}}
+    {{- range $idx1, $host := $TURN_HOSTS -}}
+      {{- range $idx2, $transport := $TURN_TRANSPORTS -}}
+        {{- if or $idx1 $idx2 -}},{{- end }}
+        { type = "turn", host = "{{ $host }}", port = {{ $TURN_PORT }}, transport = "{{ $transport }}", secret = true, ttl = 86400, algorithm = "turn" }
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $TURNS_HOST -}}
+    {{- range $idx, $host := $TURNS_HOSTS -}}
+        {{- if or $TURN_HOST $idx -}},{{- end }}
+        { type = "turns", host = "{{ $host }}", port = {{ $TURNS_PORT }}, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
+    {{- end }}
+  {{- end }}
+};
+{{- end }}
+
+main_domain = '{{ $XMPP_DOMAIN }}';
+
+-- https://prosody.im/doc/modules/mod_smacks
+smacks_max_unacked_stanzas = 5;
+smacks_hibernation_time = 60;
+-- this is dropped in 0.12
+smacks_max_hibernated_sessions = 1;
+smacks_max_old_sessions = 1;
+
+unlimited_jids = { "focus@{{ $XMPP_AUTH_DOMAIN }}" }
+limits = {
+    c2s = {
+        rate = "512kb/s";
+    };
+}
+
+authentication = 'internal_hashed'
+storage = 'internal'
+
+consider_websocket_secure = true;
+consider_bosh_secure = true;
+bosh_max_inactivity = 60;
+
+trusted_proxies = {
+{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
+  "{{ $proxy }}";
+{{ end }}
+}
+
+-- this is added to make certs_s2soutinjection work
+s2sout_override = {
+    ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room
+    ["{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
+    ["visitors.{{ $XMPP_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
+{{ if $ENABLE_GUEST_DOMAIN -}}
+    ["{{ $XMPP_GUEST_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}";
+{{ end -}}
+}
+
+muc_limit_messages_count = 10;
+muc_limit_messages_check_token = {{ $LIMIT_MESSAGES_CHECK_TOKEN }};
+
+----------- Virtual hosts -----------
+VirtualHost 'v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}'
+    authentication = 'jitsi-anonymous'
+    ssl = {
+        key = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.key";
+        certificate = "/config/certs/v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}.crt";
+    }
+    modules_enabled = {
+      'bosh';
+      'ping';
+      "external_services";
+      {{ if $ENABLE_XMPP_WEBSOCKET -}}
+      "websocket";
+      "smacks"; -- XEP-0198: Stream Management
+      {{ end -}}
+      {{ if .Env.XMPP_MODULES }}
+      "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}";
+      {{ end }}
+    }
+    main_muc = '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}';
+    shard_name = "{{ $SHARD_NAME }}"
+    region_name = "{{ $REGION_NAME }}"
+    release_number = "{{ $RELEASE_NUMBER }}"
+
+
+VirtualHost '{{ $XMPP_AUTH_DOMAIN}}'
+    modules_enabled = {
+      'limits_exception';
+      'ping';
+    }
+    authentication = 'internal_hashed'
+
+Component '{{ $VISITORS_MUC_PREFIX }}.v{{ $VISITOR_INDEX }}.{{ $VISITORS_XMPP_DOMAIN }}' 'muc'
+    storage = 'memory'
+    muc_room_cache_size = 10000
+    restrict_room_creation = true
+    modules_enabled = {
+        "muc_hide_all";
+        "muc_meeting_id";
+        'fmuc';
+        's2s_bidi';
+        's2s_whitelist';
+        's2sout_override';
+        'muc_max_occupants';
+        "muc_limit_messages";
+        {{ if $ENABLE_SUBDOMAINS -}}
+        "muc_domain_mapper";
+        {{ end -}}
+        {{ if $ENABLE_RATE_LIMITS -}}
+        "muc_rate_limit";
+        "rate_limit";
+        {{ end -}}
+        {{ if .Env.XMPP_MUC_MODULES -}}
+        "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}";
+        {{ end -}}
+      }
+    muc_room_default_presence_broadcast = {
+        visitor = false;
+        participant = true;
+        moderator = true;
+    };
+    muc_room_locking = false
+    muc_room_default_public_jids = true
+    muc_max_occupants = {{ $VISITORS_MAX_VISITORS_PER_NODE}}
+    muc_access_whitelist = {
+        "{{ $XMPP_DOMAIN }}";
+    }
+
+    {{ if $ENABLE_RATE_LIMITS -}}
+    -- Max allowed join/login rate in events per second.
+	rate_limit_login_rate = {{ $RATE_LIMIT_LOGIN_RATE }};
+	-- The rate to which sessions from IPs exceeding the join rate will be limited, in bytes per second.
+	rate_limit_session_rate = {{ $RATE_LIMIT_SESSION_RATE }};
+	-- The time in seconds, after which the limit for an IP address is lifted.
+	rate_limit_timeout = {{ $RATE_LIMIT_TIMEOUT }};
+	-- List of regular expressions for IP addresses that are not limited by this module.
+	rate_limit_whitelist = {
+      "127.0.0.1";
+      {{ range $index, $cidr := (splitList "," $RATE_LIMIT_ALLOW_RANGES) -}}
+      "{{ $cidr }}";
+      {{ end -}}
+    };
+
+    rate_limit_whitelist_jids = {
+        "{{ $JIBRI_RECORDER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}",
+        "{{ $JIGASI_TRANSCRIBER_USER }}@{{ $XMPP_RECORDER_DOMAIN }}"    
+    }
+    {{ end -}}
+
+	-- The size of the cache that saves state for IP addresses
+    rate_limit_cache_size = {{ $RATE_LIMIT_CACHE_SIZE }};
+
+    muc_rate_joins = 30;
+    {{ if .Env.XMPP_MUC_CONFIGURATION -}}
+    {{ join "\n" (splitList "," .Env.XMPP_MUC_CONFIGURATION) }}
+    {{ end -}}

prosody/rootfs/defaults/prosody.cfg.lua

@@ -1,5 +1,7 @@
-{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
-{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
+{{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool -}}
+{{ $ENABLE_GUEST_DOMAIN := and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) -}}
+{{ $ENABLE_VISITORS := .Env.ENABLE_VISITORS | default "0" | toBool -}}
+{{ $ENABLE_S2S := or $ENABLE_VISITORS ( .Env.PROSODY_ENABLE_S2S | default "0" | toBool ) }}
 {{ $ENABLE_IPV6 := .Env.ENABLE_IPV6 | default "true" | toBool -}}
 {{ $GC_TYPE := .Env.GC_TYPE | default "incremental" -}}
 {{ $GC_INC_TH := .Env.GC_INC_TH | default 150 -}}
@@ -7,6 +9,20 @@
 {{ $GC_INC_STEP_SIZE := .Env.GC_INC_STEP_SIZE | default 13 -}}
 {{ $GC_GEN_MIN_TH := .Env.GC_GEN_MIN_TH | default 20 -}}
 {{ $GC_GEN_MAX_TH := .Env.GC_GEN_MAX_TH | default 100 -}}
+{{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }}
+{{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}}
+{{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}}
+{{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}}
+{{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }}
+{{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
+{{ $VISITORS_XMPP_DOMAIN := .Env.VISITORS_XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $VISITORS_XMPP_SERVER := .Env.VISITORS_XMPP_SERVER | default "" -}}
+{{ $VISITORS_XMPP_SERVERS := splitList "," $VISITORS_XMPP_SERVER -}}
+{{ $VISITORS_XMPP_PORT := .Env.VISITORS_XMPP_PORT | default "52220" }}
+{{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN | default "meet.jitsi" -}}
+{{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
+{{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
+{{ $XMPP_PORT := .Env.XMPP_PORT | default "5222" -}}
 
 -- Prosody Example Configuration File
 --
@@ -30,8 +46,7 @@
 -- for the server. Note that you must create the accounts separately
 -- (see http://prosody.im/doc/creating_accounts for info)
 -- Example: admins = { "user1@example.com", "user2@example.net" }
-admins = { }
-
+admins = { {{ if .Env.PROSODY_ADMINS }}{{ range $index, $element := $PROSODY_ADMIN_LIST -}}{{ if $index }}, {{ end }}"{{ $element }}"{{ end }}{{ end }} }
 -- Enable use of libevent for better performance under high load
 -- For more information see: http://prosody.im/doc/libevent
 --use_libevent = true;
@@ -81,7 +96,14 @@ modules_enabled = {
 		--"watchregistrations"; -- Alert admins of registrations
 		--"motd"; -- Send a message to users when they log in
 		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-        {{ if .Env.GLOBAL_MODULES }}
+
+		{{ if $ENABLE_S2S -}}
+		"s2s_bidi";
+		"certs_s2soutinjection";
+		"s2sout_override";
+		"s2s_whitelist";
+		{{ end -}}
+		{{ if .Env.GLOBAL_MODULES }}
         "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}";
         {{ end }}
 };
@@ -94,7 +116,10 @@ https_ports = { }
 modules_disabled = {
 	-- "offline"; -- Store offline messages
 	-- "c2s"; -- Handle client connections
+
+	{{ if not $ENABLE_S2S -}}
 	"s2s"; -- Handle server-to-server connections
+	{{ end -}}
 };
 
 -- Disable account creation by default, for security
@@ -143,6 +168,42 @@ c2s_interfaces = { "*", "::" }
 c2s_interfaces = { "*" }
 {{ end }}
 
+{{ if $ENABLE_S2S -}}
+-- set s2s port
+s2s_ports = { {{ $S2S_PORT }} } -- Listen on specific s2s port
+
+s2s_whitelist = {
+	{{ if $ENABLE_VISITORS -}}
+    '{{ $XMPP_MUC_DOMAIN }}'; -- needed for visitors to send messages to main room
+    'visitors.{{ $XMPP_DOMAIN }}'; -- needed for sending promotion request to visitors.{{ $XMPP_DOMAIN }} component
+    '{{ $XMPP_DOMAIN }}'; -- unavailable presences back to main room
+
+	{{ end -}}
+	{{ if $ENABLE_GUEST_DOMAIN -}}
+    '{{ $XMPP_GUEST_DOMAIN }}';
+	{{ end -}}
+}
+{{ end -}}
+
+{{ if $ENABLE_VISITORS -}}
+{{ if $.Env.VISITORS_XMPP_SERVER -}}
+s2sout_override = {
+{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
+{{ $SERVER := splitn ":" 2 $element }}
+{{ $DEFAULT_PORT := add $VISITORS_XMPP_PORT $index }}
+        ["{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
+        ["v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}"] = "tcp://{{ $SERVER._0 }}:{{ $SERVER._1 | default $DEFAULT_PORT }}";
+{{ end -}}
+};
+s2s_whitelist = {
+{{ range $index, $element := $VISITORS_XMPP_SERVERS -}}
+	"{{ $VISITORS_MUC_PREFIX }}.v{{ $index }}.{{ $VISITORS_XMPP_DOMAIN }}";
+{{ end -}}
+};
+{{ end -}}
+{{ end -}}
+
+
 -- Force certificate authentication for server-to-server connections?
 -- This provides ideal security, but requires servers you communicate
 -- with to support encryption AND present valid, trusted certificates.
@@ -208,7 +269,7 @@ unbound = {
     resolvconf = true
 }
 
-http_ports = { 5280 }
+http_ports = { {{ $PROSODY_HTTP_PORT }} }
 {{ if $ENABLE_IPV6 }}
 http_interfaces = { "*", "::" }
 {{ else }}

prosody/rootfs/etc/cont-init.d/10-config

@@ -25,10 +25,24 @@ if [[ "$(stat -c %U /prosody-plugins-custom)" != "prosody" ]]; then
     chown -R prosody /prosody-plugins-custom
 fi
 
+
 mkdir /config/certs
 cp -r /defaults/* /config
+
+if [[ "$PROSODY_MODE" == "visitors" ]]; then
+    echo "Prosody visitor mode, using alternate config"
+    PROSODY_SITE_CFG="visitors.cfg.lua"
+    rm /config/conf.d/jitsi-meet.cfg.lua
+    # force jicofo into auth domain for visitor-mode prosody
+    [ -z "$XMPP_AUTH_DOMAIN" ] && XMPP_AUTH_DOMAIN="auth.meet.jitsi"
+    export PROSODY_ADMINS="focus@$XMPP_AUTH_DOMAIN"
+else
+    echo "Prosody normal mode, using default config"
+    PROSODY_SITE_CFG="jitsi-meet.cfg.lua"
+    rm /config/conf.d/visitors.cfg.lua
+fi
 tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
-tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
+tpl /defaults/conf.d/$PROSODY_SITE_CFG > /config/conf.d/$PROSODY_SITE_CFG
 
 if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
     echo 'FATAL ERROR: Jicofo auth password must be set'
@@ -45,7 +59,10 @@ fi
 [ -z "${XMPP_RECORDER_DOMAIN}" ] && export XMPP_RECORDER_DOMAIN=recorder.meet.jitsi
 
 prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
-prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
+
+if [[ "$PROSODY_MODE" != "visitors" ]]; then
+    prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
+fi
 
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
     echo 'FATAL ERROR: JVB auth password must be set'
@@ -87,9 +104,19 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
     prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
 fi
 
-if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
-    # echo for using all default values
-    echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
+if [[ "$PROSODY_MODE" == "visitors" ]]; then
+    [ -z "$VISITORS_XMPP_DOMAIN" ] && VISITORS_XMPP_DOMAIN="meet.jitsi"
+    [ -z "$PROSODY_VISITOR_INDEX" ] && PROSODY_VISITOR_INDEX=0
+    FULL_VISITORS_XMPP_DOMAIN="v$PROSODY_VISITOR_INDEX.$VISITORS_XMPP_DOMAIN"
+    if [[ ! -f /config/certs/$FULL_VISITORS_XMPP_DOMAIN.crt ]]; then
+        # echo for using all default values
+        echo | prosodyctl --config $PROSODY_CFG cert generate $FULL_VISITORS_XMPP_DOMAIN
+    fi
+else
+    if [[ ! -f /config/certs/$XMPP_DOMAIN.crt ]]; then
+        # echo for using all default values
+        echo | prosodyctl --config $PROSODY_CFG cert generate $XMPP_DOMAIN
+    fi
 fi
 
 if [[ ! -f /config/certs/$XMPP_AUTH_DOMAIN.crt ]]; then