feat: Adds jaas choice when installing.

config.js

@@ -22,6 +22,8 @@ if (subdomain.startsWith('<!--')) {
     subdomain = '';
 }
 
+var enableJaaS = false;
+
 var config = {
     // Connection
     //
@@ -1287,11 +1289,6 @@ var config = {
     // {"countryCode":"US","tollFree":false,"formattedNumber":"+1 123-456-7890"}
     // dialInConfCodeUrl is the conference mapper converting a meeting id to a PIN used for dial-in
     // or the other way around (more info in resources/cloud-api.swagger)
-    //
-    // For JaaS customers the default values are:
-    // dialInNumbersUrl: 'https://conference-mapper.jitsi.net/v1/access/dids',
-    // dialInConfCodeUrl: 'https://conference-mapper.jitsi.net/v1/access',
-    //
 
     // List of undocumented settings used in jitsi-meet
     /**
@@ -1494,3 +1491,10 @@ var config = {
     // Application logo url
     // defaultLogoUrl: 'images/watermark.svg',
 };
+
+// Set the default values for JaaS customers
+if (enableJaaS) {
+    config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';
+    config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';
+    config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)
+}

debian/jitsi-meet-prosody.install

@@ -1,2 +1,3 @@
 doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example   /usr/share/jitsi-meet-prosody/
+doc/debian/jitsi-meet-prosody/jaas.cfg.lua                  /usr/share/jitsi-meet-prosody/
 resources/prosody-plugins/                                  /usr/share/jitsi-meet/

debian/jitsi-meet-prosody.postinst

@@ -83,6 +83,18 @@ case "$1" in
             TURN_SECRET="$RET"
         fi
 
+        db_get jitsi-meet/jaas-choice
+        JAAS_INPUT="$RET"
+        # In the case of updating from an older version the configure of -prosody package may happen before the -config
+        # one, so if JAAS_INPUT is empty (the question is not asked), let's ask it now.
+        if [ -z "$JAAS_INPUT" ] ; then
+            db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
+            db_input critical jitsi-meet/jaas-choice || true
+            db_go
+            db_get jitsi-meet/jaas-choice
+            JAAS_INPUT="$RET"
+        fi
+
         # and we're done with debconf
         db_stop
 
@@ -141,7 +153,7 @@ case "$1" in
         # New:
         # Component "focus.jitmeet.example.com" "client_proxy"
         #    target_address = "focus@auth.jitmeet.example.com"
-        if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
+        if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep -q "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
             sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n    target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
             PROSODY_CONFIG_PRESENT="false"
         fi
@@ -166,6 +178,29 @@ case "$1" in
             PROSODY_CONFIG_PRESENT="false"
         fi
 
+        JAAS_HOST_CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
+        if [ "${JAAS_INPUT}" = "true" ] && [ ! -f $JAAS_HOST_CONFIG ]; then
+            sed -i "s/enabled = false -- Jitsi meet components/enabled = true -- Jitsi meet components/g" $PROSODY_HOST_CONFIG
+            PROSODY_CONFIG_PRESENT="false"
+        fi
+
+        # For those deployments that don't have the config in the jitsi-meet prosody config add the new jaas file
+        if [ ! -f $JAAS_HOST_CONFIG ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
+            PROSODY_CONFIG_PRESENT="false"
+            cp /usr/share/jitsi-meet-prosody/jaas.cfg.lua $JAAS_HOST_CONFIG
+            sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $JAAS_HOST_CONFIG
+        fi
+
+        if [ "${JAAS_INPUT}" = "true" ]; then
+            JAAS_HOST_CONFIG_ENABLED="/etc/prosody/conf.d/jaas.cfg.lua "
+            if [ ! -f $JAAS_HOST_CONFIG_ENABLED ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
+                if [ -f $JAAS_HOST_CONFIG ]; then
+                    ln -s $JAAS_HOST_CONFIG $JAAS_HOST_CONFIG_ENABLED
+                    PROSODY_CONFIG_PRESENT="false"
+                fi
+            fi
+        fi
+
         # Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
         prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN
 

debian/jitsi-meet-prosody.postrm

@@ -35,6 +35,8 @@ case "$1" in
         if [ -n "$RET" ]; then
             rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua
             rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
+            rm -f /etc/prosody/conf.avail/jaas.cfg.lua
+            rm -f /etc/prosody/conf.d/jaas.cfg.lua
 
             JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
             # clean up generated certificates

debian/jitsi-meet-web-config.config

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-
-# Source debconf library.
-. /usr/share/debconf/confmodule
-
-# certificate type choice
-db_input critical jitsi-meet/cert-choice || true
-db_go

debian/jitsi-meet-web-config.postinst

@@ -68,10 +68,18 @@ case "$1" in
             FORCE_NGINX="false"
         fi
 
+        db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
+        db_input critical jitsi-meet/jaas-choice || true
+        db_go
+        db_get jitsi-meet/jaas-choice
+        JAAS_INPUT="$RET"
+
         UPLOADED_CERT_CHOICE="I want to use my own certificate"
         # if first time config ask for certs, or if we are reconfiguring
         if [ -z "$JVB_HOSTNAME_OLD" ] || [ "$RECONFIGURING" = "true" ] ; then
             RET=""
+            db_input critical jitsi-meet/cert-choice || true
+            db_go
             db_get jitsi-meet/cert-choice
             CERT_CHOICE="$RET"
 
@@ -122,6 +130,22 @@ case "$1" in
             sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" $JITSI_MEET_CONFIG
         fi
 
+        if [ "${JAAS_INPUT}" = "true" ] && ! grep -q "^var enableJaaS = true;$" $JITSI_MEET_CONFIG;  then
+            if grep -q "^var enableJaaS = false;$" $JITSI_MEET_CONFIG; then
+                sed -i "s/^var enableJaaS = false;$/var enableJaaS = true;/g" $JITSI_MEET_CONFIG
+            else
+                # old config, let's add the lines at the end. Adding var enableJaaS to avoid adding it on update again
+                echo "var enableJaaS = true;" >> $JITSI_MEET_CONFIG
+                echo "config.dialInNumbersUrl = 'https://conference-mapper.jitsi.net/v1/access/dids';" >> $JITSI_MEET_CONFIG
+                echo "config.dialInConfCodeUrl = 'https://conference-mapper.jitsi.net/v1/access';" >> $JITSI_MEET_CONFIG
+
+                # Sets roomPasswordNumberOfDigits only if there was not already set
+                if ! cat $JITSI_MEET_CONFIG | grep roomPasswordNumberOfDigits | grep -qv //; then
+                    echo "config.roomPasswordNumberOfDigits = 10; // skip re-adding it (do not remove comment)" >> $JITSI_MEET_CONFIG
+                fi
+            fi
+        fi
+
         if [[ "$FORCE_NGINX" = "true" && ( -z "$JVB_HOSTNAME_OLD" || "$RECONFIGURING" = "true" ) ]] ; then
 
             # this is a reconfigure, lets just delete old links
@@ -191,27 +215,29 @@ case "$1" in
         echo ""
         echo "----------------"
 
-        echo ""
-        echo ""
-        echo "       ;dOocd;"
-        echo "     .dNMM0dKO."
-        echo "     lNMMMKd0K,"
-        echo "    .xMMMMNxkNc"
-        echo "     dMMMMMkxXc"
-        echo "     cNMMMNl.."
-        echo "     .kMMMX;             Interested in adding telephony to your Jitsi meetings?"
-        echo "      ;XMMMO'"
-        echo "       lNMMWO'           Sign up on https://jaas.8x8.vc/#/components"
-        echo "        lNMMM0,                        and follow the guide in the dev console."
-        echo "         lXMMMK:."
-        echo "          ;KMMMNKd.  'oo,"
-        echo "           'xNMMMMXkkkkOKOl'"
-        echo "             :0WMMMMMMNOkk0Kk,"
-        echo "              .cdOWMMMMMWXOkOl"
-        echo "                 .;dKWMMMMMXc."
-        echo "                    .,:cll:'"
-        echo ""
-        echo ""
+        if [ "${JAAS_INPUT}" != "true" ]; then
+            echo ""
+            echo ""
+            echo "       ;dOocd;"
+            echo "     .dNMM0dKO."
+            echo "     lNMMMKd0K,"
+            echo "    .xMMMMNxkNc"
+            echo "     dMMMMMkxXc"
+            echo "     cNMMMNl.."
+            echo "     .kMMMX;             Interested in adding telephony to your Jitsi meetings?"
+            echo "      ;XMMMO'"
+            echo "       lNMMWO'           Sign up on https://jaas.8x8.vc/components?host=${JVB_HOSTNAME}"
+            echo "        lNMMM0,                        and follow the guide in the dev console."
+            echo "         lXMMMK:."
+            echo "          ;KMMMNKd.  'oo,"
+            echo "           'xNMMMMXkkkkOKOl'"
+            echo "             :0WMMMMMMNOkk0Kk,"
+            echo "              .cdOWMMMMMWXOkOl"
+            echo "                 .;dKWMMMMMXc."
+            echo "                    .,:cll:'"
+            echo ""
+            echo ""
+        fi
 
         # and we're done with debconf
         db_stop

debian/jitsi-meet-web-config.templates

@@ -5,6 +5,7 @@ _Description: SSL certificate for the Jitsi Meet instance
  Jitsi Meet is best to be set up with an SSL certificate.
  Having no certificate, a self-signed one will be generated.
  By choosing self-signed you will later have a chance to install Let’s Encrypt certificates.
+ In the case of using a self-signed certificate, only the web app will be available with some warnings, the mobile app will not connect.
  Having a certificate signed by a recognised CA, it can be uploaded on the server
  and point its location. The default filenames will be /etc/ssl/--domain.name--.key
  for the key and /etc/ssl/--domain.name--.crt for the certificate.
@@ -30,3 +31,11 @@ Template: jitsi-videobridge/jvb-hostname
 Type: string
 _Description: Hostname:
  The Jitsi Meet web config package needs the DNS hostname of your instance.
+
+Template: jitsi-meet/jaas-choice
+Type: boolean
+_Description: Interested in adding telephony to your Jitsi meetings?
+ You can easily add dialing in support to your meetings using JaaS (Jitsi as a Service).
+ You need to:
+  - have a certificate signed by a recognised CA or Let’s Encrypt on your deployment
+  - sign in for JaaS at https://jaas.8x8.vc/components?host=${domain}

doc/debian/jitsi-meet-prosody/jaas.cfg.lua

@@ -0,0 +1,12 @@
+-- Enables dial-in for Jitsi meet components customers
+VirtualHost "jigasi.meet.jitsi"
+    modules_enabled = {
+        "ping";
+        "bosh";
+        "muc_password_check";
+    }
+    authentication = "token"
+    app_id = "jitsi";
+    asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
+    asap_accepted_issuers = { "jaas-components" }
+    asap_accepted_audiences = { "jigasi.jitmeet.example.com" }

doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example

@@ -140,19 +140,3 @@ Component "lobby.jitmeet.example.com" "muc"
         "muc_rate_limit";
         "polls";
     }
-
-VirtualHost "jigasi.meet.jitsi"
-    enabled = false -- Jitsi meet components customers remove this line
-    modules_enabled = {
-      "ping";
-      "bosh";
-      "muc_password_check";
-    }
-    authentication = "token"
-    app_id = "jitsi";
-    asap_key_server = "https://jaas-public-keys.jitsi.net/jitsi-components/prod-8x8"
-    asap_accepted_issuers = { "jaas-components" }
-    asap_accepted_audiences = { "jigasi.jitmeet.example.com" }

resources/install-letsencrypt-cert.sh

@@ -12,7 +12,6 @@ echo "This script will:"
 echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
 echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
 echo "- Install additional dependencies in order to request Let’s Encrypt certificate"
-echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
 echo "- Configure and reload nginx or apache2, whichever is used"
 echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
 echo "- Add command in weekly cron job to renew certificates regularly"