Help with config on Azure container instances

I’ve been trying to get Jitsi deployed as an Azure container group (via terraform, not the docker compose aci integration), using the containers specified in the docker-compose.yml. I’m hitting a few snags with the prosody configuration. (I think the other containers are fine, but we’ll see.)

  1. Prosody doesn’t seem to pick up the Jicofo component secret from the environment:

    Component “focus.meet.example.com
    component_secret = “<no value>”

Is it just Lua code, meaning I could pull it in with os.getenv?

  1. Prosody doesn’t generate certificates–/config/certs is empty. When I run everything locally, I get certificates for meet.jitsi and auth.meet.jitsi. I think these are self-signed certs, so I probably could just copy them over to the Azure file share holding my config file? Or generate a cert with letsencrypt?

  2. The JVB password appears to be stored in plaintext in sip-communicator.properties. Will it parse a reference to an environment variable instead?

I am pretty sure (1) is user error–looks like my prosody container has an environment variable called JICOFO_AUTH_PASSOWORD which is a) spelled wrong and b) the wrong environment variable.

Would you post your docker-compose file and env var file?

I’m not using docker-compose–the terraform file is here: https://pastebin.com/gTDci26K

Current variables are here: https://pastebin.com/x6jV0etE

I’m pulling in JVB_AUTH_PASSWORD, JICOFO_COMPONENT_SECRET and JICOFO_AUTH_PASSWORD from the Azure key vault.

The significant difference between this setup and the docker-compole.yml file from the self-hosting guide is that there’s no meet.jitsi network. Azure exposes all ports to the public internet (for better or worse). I haven’t modified the docker images at all.

Seems you have some problems by loading secrets since you have a “no-value” line in your configs.
If you ignore “network” section of docket-compose then you have to somehow make components to see each other (for example using public address of each component and …).

Yes–I’ve fixed the environment variable and the containers can all talk to each other. My main question/concern is around the fact certificates aren’t being created in the prosody container.