jicofo: use a client proxy connection

docker-compose.yml

@@ -188,7 +188,6 @@ services:
             - ENABLE_CODEC_H264
             - ENABLE_RECORDING
             - ENABLE_SCTP
-            - JICOFO_COMPONENT_SECRET
             - JICOFO_AUTH_USER
             - JICOFO_AUTH_PASSWORD
             - JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS

env.example

@@ -9,9 +9,6 @@
 # DO NOT reuse passwords
 #
 
-# XMPP component password for Jicofo
-JICOFO_COMPONENT_SECRET=
-
 # XMPP password for Jicofo client connections
 JICOFO_AUTH_PASSWORD=
 

gen-passwords.sh

@@ -4,7 +4,6 @@ function generatePassword() {
     openssl rand -hex 16
 }
 
-JICOFO_COMPONENT_SECRET=$(generatePassword)
 JICOFO_AUTH_PASSWORD=$(generatePassword)
 JVB_AUTH_PASSWORD=$(generatePassword)
 JIGASI_XMPP_PASSWORD=$(generatePassword)
@@ -12,7 +11,6 @@ JIBRI_RECORDER_PASSWORD=$(generatePassword)
 JIBRI_XMPP_PASSWORD=$(generatePassword)
 
 sed -i.bak \
-    -e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
     -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
     -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
     -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \

jicofo/rootfs/etc/cont-init.d/10-config

@@ -1,13 +1,7 @@
 #!/usr/bin/with-contenv bash
 
-if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
-    echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
-    exit 1
-fi
-
-OLD_JICOFO_COMPONENT_SECRET=s3cr37
-if [[ "$JICOFO_COMPONENT_SECRET" == "$OLD_JICOFO_COMPONENT_SECRET" ]]; then
-    echo 'FATAL ERROR: Jicofo component secret must be changed, check the README'
+if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jicofo auth password must be set'
     exit 1
 fi
 

jicofo/rootfs/etc/services.d/jicofo/run

@@ -3,6 +3,6 @@
 JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
 DAEMON=/usr/share/jicofo/jicofo.sh
 DAEMON_DIR=/usr/share/jicofo/
-DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --secret=$JICOFO_COMPONENT_SECRET --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
+DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --user_name=$JICOFO_AUTH_USER --user_domain=$XMPP_AUTH_DOMAIN --user_password=$JICOFO_AUTH_PASSWORD"
 
 exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"

prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

@@ -166,8 +166,8 @@ Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
     muc_room_locking = false
     muc_room_default_public_jids = true
 
-Component "focus.{{ .Env.XMPP_DOMAIN }}"
-    component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}"
+Component "focus.{{ .Env.XMPP_DOMAIN }}" "client_proxy"
+    target_address = "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}"
 
 Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component"
     muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}"

prosody/rootfs/etc/cont-init.d/10-config

@@ -29,12 +29,13 @@ cp -r /defaults/* /config
 tpl /defaults/prosody.cfg.lua > $PROSODY_CFG
 tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
 
-if [[ -z $JICOFO_COMPONENT_SECRET || -z $JICOFO_AUTH_PASSWORD ]]; then
-    echo 'FATAL ERROR: Jicofo component secret and auth password must be set'
+if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo 'FATAL ERROR: Jicofo auth password must be set'
     exit 1
 fi
 
 prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
+prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN $JICOFO_AUTH_USER@$XMPP_AUTH_DOMAIN
 
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
     echo 'FATAL ERROR: JVB auth password must be set'