xmpp: add support for authentication

pull/20/head
Saúl Ibarra Corretgé 6 years ago
parent 136460578d
commit ee90a92d43
  1. 23
      README.md
  2. 7
      docker-compose.yml
  3. 19
      env.example
  4. 3
      jicofo/rootfs/defaults/sip-communicator.properties
  5. 1
      jigasi.yml
  6. 6
      jigasi/rootfs/defaults/sip-communicator.properties
  7. 10
      prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua
  8. 12
      web/rootfs/etc/cont-init.d/10-config

@ -91,6 +91,8 @@ Variable | Description | Example
`HTTPS_PORT` | Exposed port for HTTPS traffic | 8443
`DOCKER_HOST_ADDRESS` | IP addrss of the Docker host, needed for LAN environments | 192.168.1.1
### SIP gateway configuration
If you want to enable the SIP gateway, these options are required:
Variable | Description | Example
@ -99,6 +101,27 @@ Variable | Description | Example
`JIGASI_SIP_PASSWORD` | Password for the specified SIP account | passw0rd
`JIGASI_SIP_SERVER` | SIP server (use the SIP account domain if in doubt) | sip2sip.info
### Authentication
Authentication can be controlled with the environment variables below. If guest
access is enabled, unauthenticated users will need to wait until a user authenticates
before they can join a room. If guest access is not enabled, every user will need
to authenticate before they can join.
Variable | Description | Example
--- | --- | ---
`ENABLE_AUTH` | Enable authentication | 1
`ENABLE_GUESTS` | Enable guest access | 1
Users must be created with the ``prosodyctl`` utility in the ``prosody`` container.
In order to do that, first execute a shell in the corresponding container:
``docker-compose exec prosody /bin/bash``
Once in the container, run the following command to create a user:
``prosodyctl --config /config/prosody.cfg.lua register user meet.jitsi password``
### Advanced configuration
These configuration options are already set and generally don't need to be changed.

@ -10,10 +10,13 @@ services:
volumes:
- ${CONFIG}/meet:/config
environment:
- ENABLE_AUTH
- ENABLE_GUESTS
- JICOFO_AUTH_USER
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- TZ
networks:
@ -29,8 +32,11 @@ services:
volumes:
- ${CONFIG}/prosody:/config
environment:
- ENABLE_AUTH
- ENABLE_GUESTS
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_GUEST_DOMAIN
- XMPP_MUC_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- JICOFO_COMPONENT_SECRET
@ -52,6 +58,7 @@ services:
volumes:
- ${CONFIG}/jicofo:/config
environment:
- ENABLE_AUTH
- XMPP_DOMAIN
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN

@ -23,16 +23,26 @@ TZ=Europe/Amsterdam
# Basic Jigasi configuration options (needed for SIP gateway support)
#
# SIP URI for incoming / outgoing calls
# SIP URI for incoming / outgoing calls.
#JIGASI_SIP_URI=test@sip2sip.info
# Password for the specified SIP account
# Password for the specified SIP account.
#JIGASI_SIP_PASSWORD=passw0rd
# SIP server (use the SIP account domain if in doubt)
# SIP server (use the SIP account domain if in doubt).
#JIGASI_SIP_SERVER=sip2sip.info
#
# Authentication configuration (see README for details)
#
# Enable authentication.
#ENABLE_AUTH=1
# Enable guest access.
#ENABLE_GUESTS=1
#
# Advanced configuration options (you generally don't need to change these)
#
@ -49,6 +59,9 @@ XMPP_MUC_DOMAIN=muc.meet.jitsi
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
# XMPP domain for unauthenticated users.
XMPP_GUEST_DOMAIN=guest.meet.jitsi
# MUC for the JVB pool.
JVB_BREWERY_MUC=jvbbrewery

@ -2,3 +2,6 @@ org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jicofo.BRIDGE_MUC={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
org.jitsi.jicofo.jigasi.BREWERY={{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
{{ if .Env.ENABLE_AUTH }}
org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }}
{{ end }}

@ -9,6 +9,7 @@ services:
volumes:
- ${CONFIG}/jigasi:/config
environment:
- ENABLE_AUTH
- XMPP_AUTH_DOMAIN
- XMPP_INTERNAL_MUC_DOMAIN
- XMPP_SERVER=xmpp.meet.jitsi

@ -86,6 +86,12 @@ org.jitsi.jigasi.BREWERY_ENABLED=true
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }}
{{ if .Env.ENABLE_AUTH }}
org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}
org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }}
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
{{ end }}
# Activate this property if you are using self-signed certificates or other
# type of non-trusted certicates. In this mode your service trust in the

@ -1,7 +1,11 @@
admins = { "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" }
VirtualHost "{{ .Env.XMPP_DOMAIN }}"
{{ if .Env.ENABLE_AUTH }}
authentication = "internal_plain"
{{ else }}
authentication = "anonymous"
{{ end }}
ssl = {
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt";
@ -14,6 +18,12 @@ VirtualHost "{{ .Env.XMPP_DOMAIN }}"
c2s_require_encryption = false
{{ if and .Env.ENABLE_AUTH .Env.ENABLE_GUESTS }}
VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
authentication = "anonymous"
c2s_require_encryption = false
{{ end }}
VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
ssl = {
key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key";

@ -24,6 +24,18 @@ if [[ ! -f /config/config.js ]]; then
-e "s#muc:.*#muc: '${XMPP_MUC_DOMAIN}',#" \
-e "s#// focusUserJid:.*#focusUserJid: '${JICOFO_AUTH_USER}@${XMPP_AUTH_DOMAIN}',#" \
/config/config.js
if [[ $ENABLE_AUTH -eq 1 ]]; then
if [[ $ENABLE_GUESTS -eq 1 ]]; then
sed -i \
-e "s#// anonymousdomain:.*#anonymousdomain: '${XMPP_GUEST_DOMAIN}',#" \
/config/config.js
fi
sed -i \
-e "s#// authdomain:.*#authdomain: '${XMPP_DOMAIN}',#" \
/config/config.js
fi
fi
if [[ ! -f /config/interface_config.js ]]; then

Loading…
Cancel
Save