jvb: use MUC connections for the JVB

README.md

@@ -86,7 +86,7 @@ Variable | Description | Example
 `TZ` | System Time Zone | Europe/Amsterdam
 `HTTP_PORT` | Exposed port for HTTP traffic | 8000
 `HTTPS_PORT` | Exposed port for HTTPS traffic | 8443
-`JVB_COMPONENT_SECRET` | XMPP component password for Jitsi Videobridge | s3cr3t
+`JVB_AUTH_PASSWORD` | XMPP password for JVB MUC client connections | passw0rd
 `JVB_STUN_SERVERS` | STUN servers used to discover the server's public IP | stun.l.google.com:19302, stun1.l.google.com:19302, stun2.l.google.com:19302
 `JICOFO_COMPONENT_SECRET` | XMPP component password for Jicofo | s3cr37
 `JICOFO_AUTH_PASSWORD` | XMPP password for Jicofo client connections | passw0rd
@@ -102,8 +102,11 @@ Variable | Description | Default value
 `XMPP_AUTH_DOMAIN` | Internal XMPP domain for authenticated services | auth.meet.jitsi
 `XMPP_BOSH_URL_BASE` | Base URL for XMPP BOSH connections | http://xmpp.meet.jitsi:5280
 `XMPP_MUC_DOMAIN` | XMPP domain for the MUC | muc.meet.jitsi
+`XMPP_INTERNAL_MUC_DOMAIN` | XMPP domain for the internal MUC | internal-muc.meet.jitsi
 `JICOFO_AUTH_USER` | XMPP user for Jicofo client connections | focus
+`JVB_AUTH_USER` | XMPP user for JVB MUC client connections | jvb
 `JVB_PORT` | Port for media used by Jitsi Videobridge | 10000
+`JVB_BREWERY_MUC` | MUC name for the JVB pool | jvbbrewery
 
 ### Running on a LAN environment
 

docker-compose.yml

@@ -32,10 +32,12 @@ services:
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
             - XMPP_MUC_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
             - JICOFO_COMPONENT_SECRET
-            - JVB_COMPONENT_SECRET
             - JICOFO_AUTH_USER
             - JICOFO_AUTH_PASSWORD
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
             - TZ
         networks:
             meet.jitsi:
@@ -50,10 +52,12 @@ services:
         environment:
             - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
             - XMPP_SERVER=xmpp.meet.jitsi
             - JICOFO_COMPONENT_SECRET
             - JICOFO_AUTH_USER
             - JICOFO_AUTH_PASSWORD
+            - JVB_BREWERY_MUC
             - TZ
         networks:
             meet.jitsi:
@@ -67,10 +71,12 @@ services:
             - ${CONFIG}/jvb:/config
         environment:
             - DOCKER_HOST_ADDRESS
-            - XMPP_DOMAIN
             - XMPP_AUTH_DOMAIN
+            - XMPP_INTERNAL_MUC_DOMAIN
             - XMPP_SERVER=xmpp.meet.jitsi
-            - JVB_COMPONENT_SECRET
+            - JVB_AUTH_USER
+            - JVB_AUTH_PASSWORD
+            - JVB_BREWERY_MUC
             - JVB_PORT
             - JVB_STUN_SERVERS
             - JICOFO_AUTH_USER

env.example

@@ -23,8 +23,19 @@ XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
 # XMPP domain for the MUC. You generally don't need to change this.
 XMPP_MUC_DOMAIN=muc.meet.jitsi
 
-# XMPP component password for Jitsi Videobridge.
-JVB_COMPONENT_SECRET=s3cr3t
+# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
+# You generally don't need to change this.
+XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
+
+# MUC for the JVB pool. You generally don't need to change this.
+JVB_BREWERY_MUC=jvbbrewery
+
+# XMPP user for JVB client connections. You generally don't need to change
+# this.
+JVB_AUTH_USER=jvb
+
+# XMPP password for JVB client connections.
+JVB_AUTH_PASSWORD=passw0rd
 
 # STUN servers used to discover the server's public IP.
 JVB_STUN_SERVERS=stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302

jicofo/rootfs/defaults/sip-communicator.properties

@@ -1 +1,2 @@
 org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
+org.jitsi.jicofo.BRIDGE_MUC={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}

jvb/rootfs/defaults/sip-communicator.properties

@@ -2,3 +2,16 @@ org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP={{ .Env.JICOFO_AUTH_USER }}@{{ .E
 org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ .Env.JVB_PORT }}
 org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
 org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ .Env.JVB_STUN_SERVERS }}
+
+org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ .Env.XMPP_SERVER }}
+org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ .Env.XMPP_AUTH_DOMAIN }}
+org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ .Env.JVB_AUTH_USER }}
+org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ .Env.JVB_AUTH_PASSWORD }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
+org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ .Env.HOSTNAME }}
+org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
+
+org.jitsi.videobridge.ENABLE_STATISTICS=true
+org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
+org.jitsi.videobridge.STATISTICS_INTERVAL=5000
+

jvb/rootfs/etc/services.d/jvb/run

@@ -8,7 +8,7 @@ if [[ ! -z "$DOCKER_HOST_ADDRESS" ]]; then
 fi
 
 DAEMON=/usr/share/jitsi-videobridge/jvb.sh
-DAEMON_OPTS="--domain=$XMPP_DOMAIN --host=$XMPP_SERVER --port=5347 --secret=$JVB_COMPONENT_SECRET"
+DAEMON_OPTS="--apis=none"
 
 exec s6-setuidgid jvb /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
 

prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

@@ -21,11 +21,15 @@ VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
     }
     authentication = "internal_plain"
 
-Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
+Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc"
+    modules_enabled = {
+      "ping";
+    }
     storage = "none"
+    muc_room_cache_size = 1000
 
-Component "jitsi-videobridge.{{ .Env.XMPP_DOMAIN }}"
-    component_secret = "{{ .Env.JVB_COMPONENT_SECRET }}"
+Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc"
+    storage = "none"
 
 Component "focus.{{ .Env.XMPP_DOMAIN }}"
     component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}"

prosody/rootfs/etc/cont-init.d/10-config

@@ -10,7 +10,9 @@ fi
 if [[ ! -f $PROSODY_CFG ]]; then
     cp -r /defaults/* /config
     tpl /defaults/conf.d/jitsi-meet.cfg.lua > /config/conf.d/jitsi-meet.cfg.lua
+
     prosodyctl --config $PROSODY_CFG register $JICOFO_AUTH_USER $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
+    prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD
 fi
 
 mkdir -p /config/certs