Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding support for non-root containers #1584

Open
wants to merge 45 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 39 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
3cf538c
Upgraded s6-overlay to version v3.1.5.0 - Fixed broken build
bsobbe Jul 17, 2023
c2f8fc2
Change to s6-overlay new command path
bsobbe Jul 19, 2023
af959ba
Refactoring scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
deb8892
Refactoring jicofo scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
1f283d7
Refactoring jigasi scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
a984ff8
Refactoring prosody scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
5c97820
Refactoring web scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
e452fec
Upgrade s6-overlay to v3.1.5.0 - making cont-init.d scripts executable
bsobbe Jul 19, 2023
8bb646e
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
b76dd96
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
4524b24
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
f0c374e
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
1d854cc
Refactoring jvb scripts to be s6-overlay v3 friendly
bsobbe Jul 19, 2023
4163e2c
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
13e8663
Make cont-init and services.d scripts executable
bsobbe Jul 19, 2023
2053f9d
Adding noroot user with id 1000 - setting scripts ownership for noroot
bsobbe Jul 19, 2023
9f2d13d
Setting script ownerships to noroot
bsobbe Jul 19, 2023
9831e43
Fixing ownership and permission issues for noroot - setting the user …
bsobbe Jul 19, 2023
b0c08b7
Fixing ownership and permission issues for noroot
bsobbe Jul 19, 2023
493490e
Refactoring paths for s6-overlay v3
bsobbe Jul 19, 2023
93b4cae
Moving this block to dockerfile due to permission issues after switch…
bsobbe Jul 20, 2023
339c6f6
Fixing permission issues - moving /config prepare block - removing le…
bsobbe Jul 20, 2023
e042186
Creating user and group noroot with ids 1000
bsobbe Jul 20, 2023
5b3c8af
Changing /var ownership to noroot:noroot
bsobbe Jul 20, 2023
a88e09a
Removing legacy command
bsobbe Jul 20, 2023
6ac6ca6
Fixing permission issues due to noroot - moving root specific operati…
bsobbe Jul 20, 2023
5020778
Moving back some commands to init config
bsobbe Jul 24, 2023
d224159
Moving back some commands to init config
bsobbe Jul 24, 2023
2491511
Fixing issues with permissions and moving some init commands to docke…
bsobbe Jul 24, 2023
ca8f66a
Refactoring for s6 overlay v3
bsobbe Jul 24, 2023
d3e63ef
Cleaning up commands that moved to dockerfile
bsobbe Jul 24, 2023
63e15d7
Fixing permission issue causing prosody tls not being loaded
bsobbe Jul 25, 2023
0a337ab
Fixing permission issues for noroot
bsobbe Aug 1, 2023
7a92697
Changing directory to get over tls certificate permission issue - upd…
bsobbe Aug 1, 2023
62633f7
Change user to noroot - change ownerships and permissions - update sc…
bsobbe Aug 1, 2023
a9c7328
Change user to noroot - change ownerships and permissions - update sc…
bsobbe Aug 1, 2023
9264bbf
Comment out build blocks with noroot as UID and GID
bsobbe Aug 1, 2023
e23b95c
Merge pull request #2 from jitsi/master
bsobbe Aug 1, 2023
714e525
Merge pull request #1 from bsobbe/1447-non-root
bsobbe Aug 1, 2023
a5c98ea
Cleaning up Dockerfile - changing bad saslauthd path and ownership
bsobbe Aug 3, 2023
304401f
Cleaning up Dockerfile - fix indent
bsobbe Aug 3, 2023
0ae86e7
Removing comments
bsobbe Aug 3, 2023
0efcf93
Cleaning up Dockerfile - changing how the scripts are being started
bsobbe Aug 3, 2023
d359557
Cleaning up
bsobbe Aug 3, 2023
43c9507
Cleaning up Dockerfile - changing transcripts path
bsobbe Aug 3, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,32 +4,41 @@ ARG JITSI_RELEASE=stable
ARG TARGETPLATFORM
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2

COPY rootfs /
RUN groupadd --gid 1000 noroot; \
useradd --uid 1000 --gid 1000 -m noroot

COPY --chown=noroot:noroot rootfs /

RUN case ${TARGETPLATFORM} in \
"linux/amd64") TPL_ARCH=amd64 ;; \
"linux/arm64") TPL_ARCH=arm64 ;; \
esac && \
case ${TARGETPLATFORM} in \
"linux/amd64") S6_ARCH=amd64 ;; \
"linux/amd64") S6_ARCH=x86_64 ;; \
"linux/arm64") S6_ARCH=aarch64 ;; \
esac && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg wget && \
apt-dpkg-wrap apt-get install -y apt-transport-https apt-utils ca-certificates gnupg wget xz-utils && \
wget -qO /usr/bin/tpl https://github.com/jitsi/tpl/releases/download/v1.0.4/tpl-linux-${TPL_ARCH} && \
wget -qO - https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-${S6_ARCH}.tar.gz | tar xfz - -C / && \
wget -qO - https://github.com/just-containers/s6-overlay/releases/download/v3.1.5.0/s6-overlay-${S6_ARCH}.tar.xz | tar -xJp -C / && \
wget -qO - https://github.com/just-containers/s6-overlay/releases/download/v3.1.5.0/s6-overlay-noarch.tar.xz | tar -xJp -C / && \
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | gpg --dearmour > /etc/apt/trusted.gpg.d/jitsi.gpg && \
echo "deb https://download.jitsi.org $JITSI_RELEASE/" > /etc/apt/sources.list.d/jitsi.list && \
echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get dist-upgrade -y && \
apt-cleanup && \
chmod +x /usr/bin/tpl

chown -R noroot:noroot /usr/bin/tpl && \
chown -R noroot:noroot /etc/cont-init.d && \
chown -R noroot:noroot /etc/services.d && \
chown -R noroot:noroot /etc/timezone && \
chmod +x /usr/bin/tpl && \
chmod +x /etc/cont-init.d/*

RUN [ "$JITSI_RELEASE" = "unstable" ] && \
apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jq procps curl vim iputils-ping net-tools && \
apt-cleanup || \
true

ENTRYPOINT [ "/init" ]
ENTRYPOINT [ "/init" ]
2 changes: 1 addition & 1 deletion base/rootfs/etc/cont-init.d/01-set-timezone
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

if [[ ! -z "$TZ" ]]; then
if [[ -f /usr/share/zoneinfo/$TZ ]]; then
Expand Down
24 changes: 24 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ services:
# Frontend
web:
image: jitsi/web:${JITSI_IMAGE_VERSION:-unstable}
# build:
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
# context: ./web
# dockerfile: Dockerfile
# args:
# UID: 1000
# GID: 1000
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${HTTP_PORT}:80'
Expand Down Expand Up @@ -162,6 +168,12 @@ services:
# XMPP server
prosody:
image: jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable}
# build:
# context: ./prosody
# dockerfile: Dockerfile
# args:
# UID: 1000
# GID: 1000
restart: ${RESTART_POLICY:-unless-stopped}
expose:
- '${XMPP_PORT:-5222}'
Expand Down Expand Up @@ -265,6 +277,12 @@ services:
# Focus component
jicofo:
image: jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable}
# build:
# context: ./jicofo
# dockerfile: Dockerfile
# args:
# UID: 1000
# GID: 1000
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '127.0.0.1:${JICOFO_REST_PORT:-8888}:8888'
Expand Down Expand Up @@ -334,6 +352,12 @@ services:
# Video bridge
jvb:
image: jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable}
# build:
# context: ./jvb
# dockerfile: Dockerfile
# args:
# UID: 1000
# GID: 1000
restart: ${RESTART_POLICY:-unless-stopped}
ports:
- '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
Expand Down
31 changes: 28 additions & 3 deletions jibri/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,37 @@ ARG USE_CHROMIUM=0
ARG CHROME_RELEASE=114.0.5735.90
ARG CHROMEDRIVER_MAJOR_RELEASE=114

COPY rootfs/ /
COPY --chown=noroot:noroot rootfs/ /

RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" jibri libgl1-mesa-dri procps jitsi-upload-integrations jitsi-autoscaler-sidecar jq pulseaudio dbus dbus-x11 rtkit unzip fonts-noto && \
/usr/bin/install-chrome.sh && \
apt-cleanup && \
adduser jibri rtkit
apt-cleanup

RUN mkdir -p /etc/jitsi/autoscaler-sidecar
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN mkdir -p /config/logs
RUN mkdir -p /config/recordings
RUN mkdir -p /jibri
bsobbe marked this conversation as resolved.
Show resolved Hide resolved

RUN chown -R noroot:noroot /etc/cont-init.d
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN chown -R noroot:noroot /etc/services.d
RUN chown -R noroot:noroot /etc/jitsi
RUN chown -R noroot:noroot /run
RUN chown -R noroot:noroot /jibri
RUN chown -R noroot:noroot /config
RUN chown -R noroot:noroot /var
RUN chown -R noroot:noroot /opt/jitsi
RUN chown -R noroot:noroot /tmp
RUN chown -R noroot:noroot /defaults
RUN chown -R noroot:noroot /usr/bin
RUN chmod +x /etc/cont-init.d/*
RUN chmod +x /etc/services.d/10-xorg/*
RUN chmod +x /etc/services.d/20-icewm/*
RUN chmod +x /etc/services.d/30-pulse/*
RUN chmod +x /etc/services.d/40-jibri/*
RUN chmod +x /etc/services.d/50-autoscaler-sidecar/*
RUN chmod +x /opt/jitsi/jibri/launch.sh

USER noroot

VOLUME /config
11 changes: 3 additions & 8 deletions jibri/rootfs/etc/cont-init.d/10-config
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

if [[ -z $JIBRI_RECORDER_PASSWORD || -z $JIBRI_XMPP_PASSWORD ]]; then
echo 'FATAL ERROR: Jibri recorder password and auth password must be set'
Expand Down Expand Up @@ -52,7 +52,6 @@ if [ -n "$AUTOSCALER_URL" ]; then
[ -z "$AUTOSCALER_SIDECAR_GROUP_NAME" ] && export AUTOSCALER_SIDECAR_GROUP_NAME="docker-jibri"
[ -z "$LOCAL_ADDRESS" ] && export LOCAL_ADDRESS="$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1 '})"

mkdir -p /etc/jitsi/autoscaler-sidecar
tpl /defaults/autoscaler-sidecar.config > /etc/jitsi/autoscaler-sidecar/config
else
echo "No key file at $AUTOSCALER_SIDECAR_KEY_FILE, leaving autoscaler sidecar disabled"
Expand All @@ -66,12 +65,8 @@ tpl /defaults/jibri.conf > /etc/jitsi/jibri/jibri.conf
tpl /defaults/logging.properties > /etc/jitsi/jibri/logging.properties
tpl /defaults/xorg-video-dummy.conf > /etc/jitsi/jibri/xorg-video-dummy.conf

# make recording dir
# set recording dir
[ -z "${JIBRI_RECORDING_DIR}" ] && export JIBRI_RECORDING_DIR=/config/recordings
mkdir -p ${JIBRI_RECORDING_DIR}
chown -R jibri ${JIBRI_RECORDING_DIR}

# make logs dir
# set logs dir
JIBRI_LOGS_DIR=/config/logs
mkdir -p ${JIBRI_LOGS_DIR}
chown -R jibri ${JIBRI_LOGS_DIR}
4 changes: 2 additions & 2 deletions jibri/rootfs/etc/services.d/10-xorg/run
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

DAEMON="/usr/bin/Xorg -nocursor -noreset +extension RANDR +extension RENDER -logfile /tmp/xorg.log -config /etc/jitsi/jibri/xorg-video-dummy.conf ${DISPLAY}"
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
exec s6-setuidgid /bin/bash -c "exec $DAEMON"
bsobbe marked this conversation as resolved.
Show resolved Hide resolved

4 changes: 2 additions & 2 deletions jibri/rootfs/etc/services.d/20-icewm/run
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

DAEMON="/usr/bin/icewm-session"
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
exec s6-setuidgid /bin/bash -c "exec $DAEMON"
bsobbe marked this conversation as resolved.
Show resolved Hide resolved

6 changes: 3 additions & 3 deletions jibri/rootfs/etc/services.d/30-pulse/run
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

HOME=/home/jibri
exec s6-setuidgid jibri /bin/bash -c "exec /usr/bin/pulseaudio"
HOME=/jibri
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
exec s6-setuidgid /bin/bash -c "exec /usr/bin/pulseaudio"
2 changes: 1 addition & 1 deletion jibri/rootfs/etc/services.d/40-jibri/finish
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

# When jibri is shutdown (or gracefully shutdown), it exits with code 255.
# In this case, we don't want S6 to restart the service. We want to stop all
Expand Down
8 changes: 4 additions & 4 deletions jibri/rootfs/etc/services.d/40-jibri/run
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

# we have to set it, otherwise chrome won't find ~/.asoundrc file
HOME=/home/jibri
HOME=/jibri

DAEMON=/opt/jitsi/jibri/launch.sh
# pre-warm google chrome before jibri launches to ensure fast chrome launch during recordings
s6-setuidgid jibri /usr/bin/google-chrome --timeout=1000 --headless about:blank
exec s6-setuidgid jibri /bin/bash -c "exec $DAEMON"
s6-setuidgid /usr/bin/google-chrome --timeout=1000 --headless about:blank
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
exec s6-setuidgid /bin/bash -c "exec $DAEMON"

2 changes: 1 addition & 1 deletion jibri/rootfs/etc/services.d/50-autoscaler-sidecar/run
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

if [[ -n "$AUTOSCALER_URL" ]] && [[ -f "/etc/jitsi/autoscaler-sidecar/config" ]]; then
DAEMON="/usr/bin/node /usr/share/jitsi-autoscaler-sidecar/app.js"
Expand Down
18 changes: 17 additions & 1 deletion jicofo/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,22 @@ RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jicofo && \
apt-cleanup

COPY rootfs/ /
COPY --chown=noroot:noroot rootfs/ /

RUN mkdir -p /config
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN chown -R noroot:noroot /etc/cont-init.d
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN chown -R noroot:noroot /etc/services.d
RUN chown -R noroot:noroot /run
RUN chown -R noroot:noroot /var
RUN chown -R noroot:noroot /usr/share/jicofo
RUN chown -R noroot:noroot /etc/jitsi
RUN chown -R noroot:noroot /etc/jitsi/jicofo
RUN chmod +x /usr/share/jicofo/jicofo.sh
RUN chmod +x /etc/cont-init.d/*
RUN chmod +x /etc/services.d/jicofo/*

RUN chown -R noroot:noroot /config

USER noroot

VOLUME /config
4 changes: 1 addition & 3 deletions jicofo/rootfs/etc/cont-init.d/10-config
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jicofo | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"

Expand All @@ -15,5 +15,3 @@ fi

tpl /defaults/logging.properties > /config/logging.properties
tpl /defaults/jicofo.conf > /config/jicofo.conf

chown -R jicofo:jitsi /config
4 changes: 2 additions & 2 deletions jicofo/rootfs/etc/services.d/jicofo/run
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jicofo.conf"
DAEMON=/usr/share/jicofo/jicofo.sh
DAEMON_DIR=/usr/share/jicofo/

exec s6-setuidgid jicofo /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON"
exec /bin/bash -c "cd $DAEMON_DIR; JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON"
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
19 changes: 18 additions & 1 deletion jigasi/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,23 @@ RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jigasi jq && \
apt-cleanup

COPY rootfs/ /
COPY --chown=noroot:noroot rootfs/ /

RUN mkdir /config
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN mkdir -pm777 /tmp/transcripts
bsobbe marked this conversation as resolved.
Show resolved Hide resolved

RUN chown -R noroot:noroot /etc/cont-init.d
RUN chown -R noroot:noroot /etc/services.d
RUN chown -R noroot:noroot /tmp
RUN chown -R noroot:noroot /run
RUN chown -R noroot:noroot /config
RUN chown -R noroot:noroot /var
RUN chown -R noroot:noroot /usr/share
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
RUN chown -R noroot:noroot /defaults
RUN chmod +x /etc/cont-init.d/*
RUN chmod +x /etc/services.d/jigasi/*
RUN chmod +x /usr/share/jigasi/jigasi.sh

USER noroot

VOLUME ["/config", "/tmp/transcripts"]
4 changes: 1 addition & 3 deletions jigasi/rootfs/etc/cont-init.d/10-config
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jigasi | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"

Expand All @@ -20,8 +20,6 @@ if [[ -f /config/custom-sip-communicator.properties ]]; then
cat /config/custom-sip-communicator.properties >> /config/sip-communicator.properties
fi

mkdir -pm777 /tmp/transcripts
chown jigasi:jitsi /tmp/transcripts

# Create Google Cloud Credentials
if [[ $ENABLE_TRANSCRIPTIONS -eq 1 || $ENABLE_TRANSCRIPTIONS == "true" ]]; then
Expand Down
4 changes: 2 additions & 2 deletions jigasi/rootfs/etc/services.d/jigasi/run
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

JAVA_SYS_PROPS="-Djava.util.logging.config.file=/config/logging.properties"

DAEMON=/usr/share/jigasi/jigasi.sh
DAEMON_OPTS="--nocomponent=true --configdir=/ --configdirname=config --min-port=${JIGASI_PORT_MIN:-20000} --max-port=${JIGASI_PORT_MAX:-20050}"

exec s6-setuidgid jigasi /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
exec s6-setuidgid /bin/bash -c "JAVA_SYS_PROPS=\"$JAVA_SYS_PROPS\" exec $DAEMON $DAEMON_OPTS"
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
14 changes: 13 additions & 1 deletion jvb/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,18 @@ RUN apt-dpkg-wrap apt-get update && \
apt-dpkg-wrap apt-get install -y jitsi-videobridge2 jq curl iproute2 dnsutils && \
apt-cleanup

COPY rootfs/ /
COPY --chown=noroot:noroot rootfs/ /

RUN chown -R noroot:noroot /etc/cont-init.d
RUN chown -R noroot:noroot /etc/services.d
RUN chown -R noroot:noroot /run
RUN chown -R noroot:noroot /var
RUN mkdir -p /config
RUN chmod +x /etc/cont-init.d/*
RUN chmod +x /etc/services.d/jvb/*

RUN chown -R noroot:noroot /config

USER noroot

VOLUME /config
6 changes: 2 additions & 4 deletions jvb/rootfs/etc/cont-init.d/10-config
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

if [[ -z $JVB_AUTH_PASSWORD ]]; then
echo 'FATAL ERROR: JVB auth password must be set'
Expand Down Expand Up @@ -32,14 +32,12 @@ export LOCAL_ADDRESS=$(ip route get 1 | grep -oP '(?<=src ).*' | awk '{ print $1
export SENTRY_RELEASE="${SENTRY_RELEASE:-$(apt-cache policy jitsi-videobridge2 | sed -n '/Installed/p' | sed -e 's/[^:]*: //')}"

if [[ -f /config/custom-sip-communicator.properties ]]; then
cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties
cat /config/custom-sip-communicator.properties > /config/sip-communicator.properties;
bsobbe marked this conversation as resolved.
Show resolved Hide resolved
fi

tpl /defaults/logging.properties > /config/logging.properties
tpl /defaults/jvb.conf > /config/jvb.conf

chown -R jvb:jitsi /config

# Configuration checks
if [[ (-z $ENABLE_COLIBRI_WEBSOCKET || $ENABLE_COLIBRI_WEBSOCKET == "0") && $ENABLE_OCTO == "1" ]]; then
echo "ERROR: In order to enable Octo relays (with ENABLE_OCTO=1), you MUST enable Colibri websockets (with ENABLE_COLIBRI_WEBSOCKET=1)";
Expand Down
4 changes: 2 additions & 2 deletions jvb/rootfs/etc/services.d/jvb/run
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/with-contenv bash
#!/command/with-contenv bash

export JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/ -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=config -Djava.util.logging.config.file=/config/logging.properties -Dconfig.file=/config/jvb.conf"

DAEMON=/usr/share/jitsi-videobridge/jvb.sh

exec s6-setuidgid jvb /bin/bash -c "exec $DAEMON"
exec /bin/bash -c "exec $DAEMON"
Loading