prosody/IDEA.md

Project description

A production-ready Docker image for Prosody XMPP configured specifically for Jitsi Meet deployments. Replaces the upstream jitsi/docker-jitsi-meet prosody image with a standards-compliant CasjaysDev image built on Alpine Linux with full BOSH and WebSocket support (mod_websocket).

Project variables

project_name:    prosody
project_org:     casjaysdevdocker
internal_name:   prosody
internal_org:    casjaysdevdocker
image_registry:  ghcr.io
upstream_image:  prosody (Alpine package)
jitsi_repo:      https://github.com/jitsi/docker-jitsi-meet

Business logic

• Must be a drop-in replacement for jitsi/docker-jitsi-meet prosody container
• Must support all standard Jitsi Docker env vars: XMPP_DOMAIN, XMPP_AUTH_DOMAIN, XMPP_MUC_DOMAIN, XMPP_INTERNAL_MUC_DOMAIN, XMPP_GUEST_DOMAIN, JICOFO_AUTH_PASSWORD, JVB_AUTH_PASSWORD, ENABLE_AUTH, ENABLE_GUESTS, ENABLE_XMPP_WEBSOCKET, PUBLIC_URL, LOG_LEVEL
• Must have BOSH working on /http-bind at port 5280
• Must have WebSocket working on /xmpp-websocket at port 5280 (this is the primary fix over upstream)
• Must register jicofo and jvb users automatically at startup
• Must generate self-signed TLS certificates for Jitsi domains at startup if not present
• Must expose ports 5222 (c2s), 5280 (HTTP/BOSH/WS), 5347 (component)
• Must include all Jitsi prosody plugins from jitsi/docker-jitsi-meet prosody image
• Must run prosody as the prosody system user (non-root), not as root
• Must use tini as PID 1
• Must work with zero config — sane defaults for all env vars
• Must NOT require a separate nginx reverse proxy in the container
• Must NOT include s6 or any other process supervisor — single process per container
• consider_websocket_secure = true and consider_bosh_secure = true must always be set so trusted-proxy HTTPS termination works