feat(lab-02): Jitsi LAN -- coturn TURN/STUN server, config.js TURN config

Author: RedjiJB

.github/workflows/ci.yml

@@ -103,3 +103,37 @@ jobs:
       - name: Cleanup
         if: always()
         run: docker compose -f docker/docker-compose.standalone.yml down -v
+
+  lab-02-smoke:
+    name: Lab 02 — Jitsi LAN (coturn TURN/STUN, web, TLS, config.js)
+    runs-on: ubuntu-latest
+    needs: validate
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: sudo apt-get install -y curl openssl
+
+      - name: Validate LAN compose
+        run: docker compose -f docker/docker-compose.lan.yml config -q && echo "LAN compose valid"
+
+      - name: Start LAN stack
+        run: docker compose -f docker/docker-compose.lan.yml up -d
+
+      - name: Wait for coturn TURN server
+        run: timeout 30 bash -c 'until timeout 3 bash -c "echo > /dev/tcp/localhost/3478" 2>/dev/null; do sleep 2; done'
+
+      - name: Wait for Jitsi web
+        run: timeout 120 bash -c 'until curl -sk https://localhost:8443/ -o /dev/null -w "%{http_code}" | grep -E "^(200|301|302)"; do sleep 5; done'
+
+      - name: Run Lab 08-02 test script
+        run: bash tests/labs/test-lab-08-02.sh
+
+      - name: Collect logs on failure
+        if: failure()
+        run: docker compose -f docker/docker-compose.lan.yml logs
+
+      - name: Cleanup
+        if: always()
+        run: docker compose -f docker/docker-compose.lan.yml down -v

docker/docker-compose.lan.yml

@@ -1,36 +1,170 @@
-# Lab 02 — External Dependencies: jitsi with external PostgreSQL and Redis
----
+# =============================================================================
+# IT-Stack — Jitsi — Lab 02: External Dependencies
+# =============================================================================
+# Adds a coturn TURN/STUN server to the 4-container Jitsi stack.
+# The TURN server enables NAT traversal for clients behind firewalls/NAT,
+# which is required in any real LAN or internet deployment.
+#
+# Services:
+#   coturn  — coturn 4.6 TURN/STUN server (:3478 TCP/UDP, :5349 TLS)
+#   prosody — XMPP server (xmpp.meet.jitsi alias)
+#   jicofo  — conference focus
+#   jvb     — video bridge with TURN config (:10000/udp, :4443)
+#   web     — Jitsi Web  (:8443 HTTPS, :8180 HTTP)
+#
+# Usage:
+#   docker compose -f docker/docker-compose.lan.yml up -d
+#   docker compose -f docker/docker-compose.lan.yml down -v
+# =============================================================================
+
+networks:
+  jitsi-net:
+    driver: bridge
+  turn-net:
+    driver: bridge
+
+volumes:
+  jitsi-lan-prosody-config:
+  jitsi-lan-prosody-plugins:
+  jitsi-lan-jicofo-config:
+  jitsi-lan-jvb-config:
+  jitsi-lan-web-config:
+
 services:
-  jitsi:
-    image: jitsi/web:stable
-    container_name: it-stack-jitsi
-    restart: unless-stopped
+
+  coturn:
+    image: coturn/coturn:4.6
+    container_name: jitsi-lan-coturn
     ports:
-      - "443:$firstPort"
+      - "3478:3478/tcp"
+      - "3478:3478/udp"
+      - "5349:5349/tcp"
+      - "5349:5349/udp"
+    command: >
+      --listening-port=3478
+      --tls-listening-port=5349
+      --min-port=49152
+      --max-port=49200
+      --lt-cred-mech
+      --fingerprint
+      --realm=lab.local
+      --user=jitsi:TurnPass1!
+      --log-file=stdout
+      --no-cli
+    networks:
+      - turn-net
+      - jitsi-net
+    restart: unless-stopped
+
+  prosody:
+    image: jitsi/prosody:stable-9753
+    container_name: jitsi-lan-prosody
     environment:
-      - IT_STACK_ENV=lab-02-lan
-      - DB_HOST=
-      - DB_PORT=5432
-      - REDIS_HOST=
+      AUTH_TYPE: internal
+      ENABLE_AUTH: "1"
+      ENABLE_GUESTS: "1"
+      JICOFO_AUTH_PASSWORD: JicofoPass1!
+      JVB_AUTH_PASSWORD: JvbPass1!
+      JICOFO_COMPONENT_SECRET: JicofoSecret1!
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_GUEST_DOMAIN: guest.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      TURN_HOST: coturn
+      TURN_PORT: "3478"
+      TURN_CREDENTIALS: TurnPass1!
+      TZ: UTC
+    volumes:
+      - jitsi-lan-prosody-config:/config
+      - jitsi-lan-prosody-plugins:/prosody-plugins-custom
     networks:
-      - it-stack-net
+      jitsi-net:
+        aliases:
+          - xmpp.meet.jitsi
+    restart: unless-stopped
 
-  # Lightweight local DB for lab (replace with lab-db1 in real env)
-  postgres:
-    image: postgres:16
-    container_name: it-stack-jitsi-db
+  jicofo:
+    image: jitsi/jicofo:stable-9753
+    container_name: jitsi-lan-jicofo
     environment:
-      POSTGRES_DB: jitsi_db
-      POSTGRES_USER: jitsi_user
-      POSTGRES_PASSWORD: jitsi_pass
+      AUTH_TYPE: internal
+      JICOFO_AUTH_PASSWORD: JicofoPass1!
+      JICOFO_COMPONENT_SECRET: JicofoSecret1!
+      XMPP_SERVER: xmpp.meet.jitsi
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      TZ: UTC
     volumes:
-      - jitsi_pg_data:/var/lib/postgresql/data
+      - jitsi-lan-jicofo-config:/config
     networks:
-      - it-stack-net
+      - jitsi-net
+    depends_on:
+      - prosody
+    restart: unless-stopped
 
-networks:
-  it-stack-net:
-    driver: bridge
+  jvb:
+    image: jitsi/jvb:stable-9753
+    container_name: jitsi-lan-jvb
+    ports:
+      - "10000:10000/udp"
+      - "4443:4443"
+    environment:
+      JVB_AUTH_PASSWORD: JvbPass1!
+      XMPP_SERVER: xmpp.meet.jitsi
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_INTERNAL_MUC_DOMAIN: internal-muc.meet.jitsi
+      DOCKER_HOST_ADDRESS: 127.0.0.1
+      # TURN configuration
+      JVB_STUN_SERVERS: coturn:3478
+      TURN_HOST: coturn
+      TURN_PORT: "3478"
+      TURN_CREDENTIALS: TurnPass1!
+      TZ: UTC
+    volumes:
+      - jitsi-lan-jvb-config:/config
+    networks:
+      - jitsi-net
+    depends_on:
+      - prosody
+    restart: unless-stopped
 
-volumes:
-  jitsi_pg_data:
+  web:
+    image: jitsi/web:stable-9753
+    container_name: jitsi-lan-web
+    ports:
+      - "8443:443"
+      - "8180:80"
+    environment:
+      ENABLE_AUTH: "1"
+      ENABLE_GUESTS: "1"
+      PUBLIC_URL: https://localhost:8443
+      XMPP_SERVER: xmpp.meet.jitsi
+      XMPP_BOSH_URL_BASE: http://xmpp.meet.jitsi:5280
+      XMPP_DOMAIN: meet.jitsi
+      XMPP_AUTH_DOMAIN: auth.meet.jitsi
+      XMPP_GUEST_DOMAIN: guest.meet.jitsi
+      XMPP_MUC_DOMAIN: muc.meet.jitsi
+      JVB_TCP_HARVESTER_DISABLED: "true"
+      # TURN configuration for web clients
+      TURN_HOST: coturn
+      TURN_PORT: "3478"
+      TURN_CREDENTIALS: TurnPass1!
+      TZ: UTC
+    volumes:
+      - jitsi-lan-web-config:/config
+    networks:
+      - jitsi-net
+    depends_on:
+      - prosody
+      - jicofo
+      - jvb
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sk https://localhost/ -o /dev/null -w '%{http_code}' | grep -E '^(200|301|302)$'"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 60s
+    restart: unless-stopped

tests/labs/test-lab-08-02.sh

@@ -1,7 +1,6 @@
-#!/usr/bin/env bash
+#!/usr/bin/env bash
 # test-lab-08-02.sh — Lab 08-02: External Dependencies
-# Module 08: Jitsi video conferencing
-# jitsi with external PostgreSQL, Redis, and network integration
+# Module 08: Jitsi — coturn TURN/STUN server, separate jitsi-net + turn-net
 set -euo pipefail
 
 LAB_ID="08-02"
@@ -11,7 +10,6 @@ COMPOSE_FILE="docker/docker-compose.lan.yml"
 PASS=0
 FAIL=0
 
-# ── Colors ────────────────────────────────────────────────────────────────────
 RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
 CYAN='\033[0;36m'; NC='\033[0m'
 
@@ -29,30 +27,92 @@ echo ""
 # ── PHASE 1: Setup ────────────────────────────────────────────────────────────
 info "Phase 1: Setup"
 docker compose -f "${COMPOSE_FILE}" up -d
-info "Waiting 30s for ${MODULE} to initialize..."
-sleep 30
+info "Waiting for coturn TURN server..."
+timeout 30 bash -c 'until docker ps --filter name=jitsi-lan-coturn --filter status=running --format "{{.Names}}" | grep -q coturn; do sleep 2; done'
+info "Waiting for Jitsi web (HTTPS :8443)..."
+timeout 120 bash -c 'until curl -sk https://localhost:8443/ -o /dev/null -w "%{http_code}" | grep -E "^(200|301|302)$"; do sleep 5; done'
 
 # ── PHASE 2: Health Checks ────────────────────────────────────────────────────
 info "Phase 2: Health Checks"
 
-if docker compose -f "${COMPOSE_FILE}" ps | grep -q "running\|Up"; then
-    pass "Container is running"
+for c in jitsi-lan-coturn jitsi-lan-prosody jitsi-lan-jicofo jitsi-lan-jvb jitsi-lan-web; do
+  if docker ps --filter "name=^/${c}$" --filter "status=running" --format '{{.Names}}' | grep -q "${c}"; then
+    pass "Container ${c} is running"
+  else
+    fail "Container ${c} is not running"
+  fi
+done
+
+if timeout 5 bash -c 'echo > /dev/tcp/localhost/3478' 2>/dev/null; then
+  pass "TURN server: TCP port 3478 reachable"
+else
+  fail "TURN server: TCP port 3478 not reachable"
+fi
+
+HTTP_CODE=$(curl -sk http://localhost:8180/ -o /dev/null -w "%{http_code}" 2>/dev/null || echo "000")
+if echo "${HTTP_CODE}" | grep -qE '^(200|301|302)$'; then
+  pass "Jitsi web HTTP :8180 → ${HTTP_CODE}"
+else
+  fail "Jitsi web HTTP :8180 → ${HTTP_CODE}"
+fi
+
+HTTPS_CODE=$(curl -sk https://localhost:8443/ -o /dev/null -w "%{http_code}" 2>/dev/null || echo "000")
+if echo "${HTTPS_CODE}" | grep -qE '^(200|301|302)$'; then
+  pass "Jitsi web HTTPS :8443 → ${HTTPS_CODE}"
 else
-    fail "Container is not running"
+  fail "Jitsi web HTTPS :8443 → ${HTTPS_CODE}"
 fi
 
 # ── PHASE 3: Functional Tests ─────────────────────────────────────────────────
 info "Phase 3: Functional Tests (Lab 02 — External Dependencies)"
 
-# TODO: Add module-specific functional tests here
-# Example:
-# if curl -sf http://localhost:443/health > /dev/null 2>&1; then
-#     pass "Health endpoint responds"
-# else
-#     fail "Health endpoint not reachable"
-# fi
+COTURN_LOG=$(docker logs jitsi-lan-coturn 2>&1 | tail -10 || echo "")
+if echo "${COTURN_LOG}" | grep -qi "turnserver\|Coturn\|listening"; then
+  pass "coturn: TURN server started and logging"
+else
+  warn "coturn: check logs manually"
+fi
 
-warn "Functional tests for Lab 08-02 pending implementation"
+CERT_SUBJECT=$(echo | openssl s_client -connect localhost:8443 -servername localhost \
+  2>/dev/null | openssl x509 -noout -subject 2>/dev/null | head -1 || echo "")
+if [ -n "${CERT_SUBJECT}" ]; then
+  pass "TLS cert: present (${CERT_SUBJECT})"
+else
+  warn "TLS cert: could not retrieve"
+fi
+
+CONFIG_JS=$(curl -sk https://localhost:8443/config.js 2>/dev/null || echo "")
+if [ -n "${CONFIG_JS}" ]; then
+  pass "config.js: served by Jitsi web"
+else
+  fail "config.js: not reachable"
+fi
+
+if echo "${CONFIG_JS}" | grep -q 'stunServers\|iceServers\|p2p'; then
+  pass "config.js: STUN/ICE server config present"
+else
+  warn "config.js: STUN/ICE config not detected"
+fi
+
+# Key Lab 02 test: TURN config in config.js
+if echo "${CONFIG_JS}" | grep -qiE 'turn|coturn|TurnCredentials'; then
+  pass "config.js: TURN configuration present"
+else
+  warn "config.js: TURN config not found in config.js (may be injected at runtime)"
+fi
+
+if curl -sk https://localhost:8443/external_api.js | grep -q 'JitsiMeetExternalAPI\|external_api'; then
+  pass "external_api.js: Jitsi Meet External API available"
+else
+  fail "external_api.js: not available"
+fi
+
+JVB_LOG=$(docker logs jitsi-lan-jvb 2>&1 | tail -20 || echo "")
+if echo "${JVB_LOG}" | grep -qi "started\|running\|bridge"; then
+  pass "JVB: started (log evidence)"
+else
+  warn "JVB: could not confirm start from log"
+fi
 
 # ── PHASE 4: Cleanup ──────────────────────────────────────────────────────────
 info "Phase 4: Cleanup"
@@ -67,5 +127,5 @@ echo -e " ${GREEN}PASS: ${PASS}${NC} | ${RED}FAIL: ${FAIL}${NC}"
 echo -e "${CYAN}======================================${NC}"
 
 if [ "${FAIL}" -gt 0 ]; then
-    exit 1
-fi
+  exit 1
+fi