web,prosody: add XMPP WebSocket / Stream Management support

docker-compose.yml

@@ -15,6 +15,7 @@ services:
         environment:
             - ENABLE_LETSENCRYPT
             - ENABLE_HTTP_REDIRECT
+            - ENABLE_XMPP_WEBSOCKET
             - DISABLE_HTTPS
             - LETSENCRYPT_DOMAIN
             - LETSENCRYPT_EMAIL
@@ -30,7 +31,6 @@ services:
             - CALLSTATS_SECRET
             - CHROME_EXTENSION_BANNER_JSON
             - CONFCODE_URL
-            - CONFIG_BOSH_HOST
             - CONFIG_EXTERNAL_CONNECT
             - DEPLOYMENTINFO_ENVIRONMENT
             - DEPLOYMENTINFO_ENVIRONMENT_TYPE
@@ -61,7 +61,6 @@ services:
             - ENABLE_TALK_WHILE_MUTED
             - ENABLE_TCC
             - ENABLE_TRANSCRIPTIONS
-            - ENABLE_WEBSOCKETS
             - ETHERPAD_PUBLIC_URL
             - ETHERPAD_URL_BASE
             - GOOGLE_ANALYTICS_ID
@@ -110,6 +109,7 @@ services:
             - ENABLE_AUTH
             - ENABLE_GUESTS
             - ENABLE_LOBBY
+            - ENABLE_XMPP_WEBSOCKET
             - GLOBAL_MODULES
             - GLOBAL_CONFIG
             - LDAP_URL
@@ -154,6 +154,7 @@ services:
             - JWT_AUTH_TYPE
             - JWT_TOKEN_AUTH_MODULE
             - LOG_LEVEL
+            - PUBLIC_URL
             - TZ
         networks:
             meet.jitsi:

env.example

@@ -329,6 +329,9 @@ JIBRI_LOGS_DIR=/config/logs
 # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
 #ENABLE_HTTP_REDIRECT=1
 
+# Enabled XMPP traffic over WebSocket (PUBLIC_URL must be defined!)
+#ENABLE_XMPP_WEBSOCKET=1
+
 # Container restart policy
 # Defaults to unless-stopped
 RESTART_POLICY=unless-stopped

prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua

@@ -15,6 +15,9 @@ http_default_host = "{{ .Env.XMPP_DOMAIN }}"
 {{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }}
 {{ $ENABLE_LOBBY := .Env.ENABLE_LOBBY | default "0" | toBool }}
 
+{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }}
+{{ $PUBLIC_URL := .Env.PUBLIC_URL | default "https://localhost:8443" -}}
+
 {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }}
 asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" }
 {{ end }}
@@ -23,6 +26,13 @@ asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSU
 asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" }
 {{ end }}
 
+{{ if $ENABLE_XMPP_WEBSOCKET }}
+-- Deprecated in 0.12
+-- https://github.com/bjc/prosody/commit/26542811eafd9c708a130272d7b7de77b92712de
+cross_domain_websocket = { "{{ $PUBLIC_URL }}" };
+consider_bosh_secure = true;
+{{ end }}
+
 VirtualHost "{{ .Env.XMPP_DOMAIN }}"
 {{ if $ENABLE_AUTH }}
   {{ if eq $AUTH_TYPE "jwt" }}
@@ -42,7 +52,15 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
     authentication = "internal_hashed"
   {{ end }}
 {{ else }}
+    -- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339
+    {{ if $ENABLE_XMPP_WEBSOCKET }}
+    authentication = "token"
+    {{ else }}
     authentication = "anonymous"
+    {{ end }}
+    app_id = ""
+    app_secret = ""
+    allow_empty_token = true
 {{ end }}
     ssl = {
         key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
@@ -50,6 +68,10 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
     }
     modules_enabled = {
         "bosh";
+        {{ if $ENABLE_XMPP_WEBSOCKET }}
+        "websocket";
+        "smacks"; -- XEP-0198: Stream Management
+        {{ end }}
         "pubsub";
         "ping";
         "speakerstats";
@@ -80,7 +102,16 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
 
 {{ if $ENABLE_GUEST_DOMAIN }}
 VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
+    -- https://github.com/jitsi/docker-jitsi-meet/pull/502#issuecomment-619146339
+    {{ if $ENABLE_XMPP_WEBSOCKET }}
+    authentication = "token"
+    {{ else }}
     authentication = "anonymous"
+    {{ end }}
+    app_id = ""
+    app_secret = ""
+    allow_empty_token = true
+
     c2s_require_encryption = false
 
     {{ if $ENABLE_LOBBY }}

prosody/rootfs/defaults/prosody.cfg.lua

@@ -43,7 +43,7 @@ modules_enabled = {
 	-- Not essential, but recommended
 		"private"; -- Private XML storage (for room bookmarks, etc.)
 		"vcard"; -- Allow users to set vCards
-	
+
 	-- These are commented by default as they have a performance impact
 		--"privacy"; -- Support privacy lists
 		--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
@@ -59,7 +59,7 @@ modules_enabled = {
 	-- Admin interfaces
 		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-	
+
 	-- HTTP modules
 		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
 		--"http_files"; -- Serve static files from a directory over HTTP
@@ -166,4 +166,9 @@ component_interface = { "*" }
 
 data_path = "/config/data"
 
+smacks_max_unacked_stanzas = 5;
+smacks_hibernation_time = 60;
+smacks_max_hibernated_sessions = 1;
+smacks_max_old_sessions = 1;
+
 Include "conf.d/*.cfg.lua"

web/rootfs/defaults/meet.conf

@@ -1,3 +1,5 @@
+{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "0" | toBool }}
+
 server_name _;
 
 client_max_body_size 0;
@@ -50,6 +52,21 @@ location = /http-bind {
     proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
 }
 
+{{ if $ENABLE_XMPP_WEBSOCKET }}
+# xmpp websockets
+location = /xmpp-websocket {
+    proxy_pass {{ .Env.XMPP_BOSH_URL_BASE }}/xmpp-websocket;
+    proxy_http_version 1.1;
+
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Upgrade $http_upgrade;
+
+    proxy_set_header Host {{ .Env.XMPP_DOMAIN }};
+    proxy_set_header X-Forwarded-For $remote_addr;
+    tcp_nodelay on;
+}
+{{ end }}
+
 location ~ ^/([^/?&:'"]+)$ {
     try_files $uri @root_path;
 }

web/rootfs/defaults/system-config.js

@@ -1,10 +1,10 @@
-{{ $CONFIG_BOSH_HOST := .Env.CONFIG_BOSH_HOST | default "" -}}
 {{ $CONFIG_EXTERNAL_CONNECT := .Env.CONFIG_EXTERNAL_CONNECT | default "false" | toBool -}}
 {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "false" | toBool -}}
 {{ $ENABLE_GUESTS := .Env.ENABLE_GUESTS | default "false" | toBool -}}
 {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "false" | toBool -}}
-{{ $ENABLE_WEBSOCKETS := .Env.ENABLE_WEBSOCKETS | default "false" | toBool -}}
+{{ $ENABLE_XMPP_WEBSOCKET := .Env.ENABLE_XMPP_WEBSOCKET | default "false" | toBool -}}
 {{ $JICOFO_AUTH_USER := .Env.JICOFO_AUTH_USER | default "focus" }}
+{{ $PUBLIC_URL_DOMAIN := .Env.PUBLIC_URL | default "https://localhost:8443" | trimPrefix "https://" | trimSuffix "/" -}}
 {{ $XMPP_AUTH_DOMAIN := .Env.XMPP_AUTH_DOMAIN -}}
 {{ $XMPP_DOMAIN := .Env.XMPP_DOMAIN -}}
 {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN -}}
@@ -36,15 +36,15 @@ config.hosts.anonymousdomain = '{{ .Env.XMPP_GUEST_DOMAIN }}';
 config.hosts.authdomain = '{{ $XMPP_DOMAIN }}';
 {{ end -}}
 
-config.bosh = '{{ if $CONFIG_BOSH_HOST }}https://{{ $CONFIG_BOSH_HOST }}{{ end }}/http-bind';
-{{ if $ENABLE_WEBSOCKETS -}}
-config.websocket = 'wss://{{ if $CONFIG_BOSH_HOST }}{{ $CONFIG_BOSH_HOST }}{{end}}/xmpp-websocket';
+config.bosh = '/http-bind';
+{{ if $ENABLE_XMPP_WEBSOCKET -}}
+config.websocket = 'wss://{{ $PUBLIC_URL_DOMAIN }}/xmpp-websocket';
 {{ end -}}
 
 {{ if $CONFIG_EXTERNAL_CONNECT -}}
 {{ if $ENABLE_SUBDOMAINS -}}
-config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/<!--# echo var="subdir" default="" -->http-pre-bind';
+config.externalConnectUrl = '/<!--# echo var="subdir" default="" -->http-pre-bind';
 {{ else -}}
-config.externalConnectUrl = '//{{ if .Env.CONFIG_BOSH_HOST }}{{ .Env.CONFIG_BOSH_HOST }}{{ end }}/http-pre-bind';
+config.externalConnectUrl = '/http-pre-bind';
 {{ end -}}
 {{ end -}}