xmpp: add support for authentication
This commit is contained in:
parent
136460578d
commit
ee90a92d43
23
README.md
23
README.md
|
@ -91,6 +91,8 @@ Variable | Description | Example
|
|||
`HTTPS_PORT` | Exposed port for HTTPS traffic | 8443
|
||||
`DOCKER_HOST_ADDRESS` | IP addrss of the Docker host, needed for LAN environments | 192.168.1.1
|
||||
|
||||
### SIP gateway configuration
|
||||
|
||||
If you want to enable the SIP gateway, these options are required:
|
||||
|
||||
Variable | Description | Example
|
||||
|
@ -99,6 +101,27 @@ Variable | Description | Example
|
|||
`JIGASI_SIP_PASSWORD` | Password for the specified SIP account | passw0rd
|
||||
`JIGASI_SIP_SERVER` | SIP server (use the SIP account domain if in doubt) | sip2sip.info
|
||||
|
||||
### Authentication
|
||||
|
||||
Authentication can be controlled with the environment variables below. If guest
|
||||
access is enabled, unauthenticated users will need to wait until a user authenticates
|
||||
before they can join a room. If guest access is not enabled, every user will need
|
||||
to authenticate before they can join.
|
||||
|
||||
Variable | Description | Example
|
||||
--- | --- | ---
|
||||
`ENABLE_AUTH` | Enable authentication | 1
|
||||
`ENABLE_GUESTS` | Enable guest access | 1
|
||||
|
||||
Users must be created with the ``prosodyctl`` utility in the ``prosody`` container.
|
||||
In order to do that, first execute a shell in the corresponding container:
|
||||
|
||||
``docker-compose exec prosody /bin/bash``
|
||||
|
||||
Once in the container, run the following command to create a user:
|
||||
|
||||
``prosodyctl --config /config/prosody.cfg.lua register user meet.jitsi password``
|
||||
|
||||
### Advanced configuration
|
||||
|
||||
These configuration options are already set and generally don't need to be changed.
|
||||
|
|
|
@ -10,10 +10,13 @@ services:
|
|||
volumes:
|
||||
- ${CONFIG}/meet:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- JICOFO_AUTH_USER
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_BOSH_URL_BASE=http://xmpp.meet.jitsi:5280
|
||||
- XMPP_GUEST_DOMAIN
|
||||
- XMPP_MUC_DOMAIN
|
||||
- TZ
|
||||
networks:
|
||||
|
@ -29,8 +32,11 @@ services:
|
|||
volumes:
|
||||
- ${CONFIG}/prosody:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- ENABLE_GUESTS
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_GUEST_DOMAIN
|
||||
- XMPP_MUC_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- JICOFO_COMPONENT_SECRET
|
||||
|
@ -52,6 +58,7 @@ services:
|
|||
volumes:
|
||||
- ${CONFIG}/jicofo:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- XMPP_DOMAIN
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
|
|
19
env.example
19
env.example
|
@ -23,16 +23,26 @@ TZ=Europe/Amsterdam
|
|||
# Basic Jigasi configuration options (needed for SIP gateway support)
|
||||
#
|
||||
|
||||
# SIP URI for incoming / outgoing calls
|
||||
# SIP URI for incoming / outgoing calls.
|
||||
#JIGASI_SIP_URI=test@sip2sip.info
|
||||
|
||||
# Password for the specified SIP account
|
||||
# Password for the specified SIP account.
|
||||
#JIGASI_SIP_PASSWORD=passw0rd
|
||||
|
||||
# SIP server (use the SIP account domain if in doubt)
|
||||
# SIP server (use the SIP account domain if in doubt).
|
||||
#JIGASI_SIP_SERVER=sip2sip.info
|
||||
|
||||
|
||||
#
|
||||
# Authentication configuration (see README for details)
|
||||
#
|
||||
|
||||
# Enable authentication.
|
||||
#ENABLE_AUTH=1
|
||||
|
||||
# Enable guest access.
|
||||
#ENABLE_GUESTS=1
|
||||
|
||||
#
|
||||
# Advanced configuration options (you generally don't need to change these)
|
||||
#
|
||||
|
@ -49,6 +59,9 @@ XMPP_MUC_DOMAIN=muc.meet.jitsi
|
|||
# XMPP domain for the internal MUC used for jibri, jigasi and jvb pools.
|
||||
XMPP_INTERNAL_MUC_DOMAIN=internal-muc.meet.jitsi
|
||||
|
||||
# XMPP domain for unauthenticated users.
|
||||
XMPP_GUEST_DOMAIN=guest.meet.jitsi
|
||||
|
||||
# MUC for the JVB pool.
|
||||
JVB_BREWERY_MUC=jvbbrewery
|
||||
|
||||
|
|
|
@ -2,3 +2,6 @@ org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
|
|||
org.jitsi.jicofo.BRIDGE_MUC={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
|
||||
org.jitsi.jicofo.jigasi.BREWERY={{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}
|
||||
|
||||
{{ if .Env.ENABLE_AUTH }}
|
||||
org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }}
|
||||
{{ end }}
|
||||
|
|
|
@ -9,6 +9,7 @@ services:
|
|||
volumes:
|
||||
- ${CONFIG}/jigasi:/config
|
||||
environment:
|
||||
- ENABLE_AUTH
|
||||
- XMPP_AUTH_DOMAIN
|
||||
- XMPP_INTERNAL_MUC_DOMAIN
|
||||
- XMPP_SERVER=xmpp.meet.jitsi
|
||||
|
|
|
@ -86,6 +86,12 @@ org.jitsi.jigasi.BREWERY_ENABLED=true
|
|||
|
||||
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
|
||||
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS={{ .Env.XMPP_SERVER }}
|
||||
{{ if .Env.ENABLE_AUTH }}
|
||||
org.jitsi.jigasi.xmpp.acc.USER_ID={{ .Env.JIGASI_XMPP_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}
|
||||
org.jitsi.jigasi.xmpp.acc.PASS={{ .Env.JIGASI_XMPP_PASSWORD }}
|
||||
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
|
||||
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
|
||||
{{ end }}
|
||||
|
||||
# Activate this property if you are using self-signed certificates or other
|
||||
# type of non-trusted certicates. In this mode your service trust in the
|
||||
|
|
|
@ -1,18 +1,28 @@
|
|||
admins = { "{{ .Env.JICOFO_AUTH_USER }}@{{ .Env.XMPP_AUTH_DOMAIN }}" }
|
||||
|
||||
VirtualHost "{{ .Env.XMPP_DOMAIN }}"
|
||||
authentication = "anonymous"
|
||||
ssl = {
|
||||
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
"ping";
|
||||
}
|
||||
{{ if .Env.ENABLE_AUTH }}
|
||||
authentication = "internal_plain"
|
||||
{{ else }}
|
||||
authentication = "anonymous"
|
||||
{{ end }}
|
||||
ssl = {
|
||||
key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key";
|
||||
certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt";
|
||||
}
|
||||
modules_enabled = {
|
||||
"bosh";
|
||||
"pubsub";
|
||||
"ping";
|
||||
}
|
||||
|
||||
c2s_require_encryption = false
|
||||
c2s_require_encryption = false
|
||||
|
||||
{{ if and .Env.ENABLE_AUTH .Env.ENABLE_GUESTS }}
|
||||
VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}"
|
||||
authentication = "anonymous"
|
||||
c2s_require_encryption = false
|
||||
{{ end }}
|
||||
|
||||
VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}"
|
||||
ssl = {
|
||||
|
|
|
@ -24,6 +24,18 @@ if [[ ! -f /config/config.js ]]; then
|
|||
-e "s#muc:.*#muc: '${XMPP_MUC_DOMAIN}',#" \
|
||||
-e "s#// focusUserJid:.*#focusUserJid: '${JICOFO_AUTH_USER}@${XMPP_AUTH_DOMAIN}',#" \
|
||||
/config/config.js
|
||||
|
||||
if [[ $ENABLE_AUTH -eq 1 ]]; then
|
||||
if [[ $ENABLE_GUESTS -eq 1 ]]; then
|
||||
sed -i \
|
||||
-e "s#// anonymousdomain:.*#anonymousdomain: '${XMPP_GUEST_DOMAIN}',#" \
|
||||
/config/config.js
|
||||
fi
|
||||
|
||||
sed -i \
|
||||
-e "s#// authdomain:.*#authdomain: '${XMPP_DOMAIN}',#" \
|
||||
/config/config.js
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ ! -f /config/interface_config.js ]]; then
|
||||
|
|
Loading…
Reference in New Issue