Add user authentication to Jitsi, a web conferencing system

9306 단어 AWS Docker WebRTC jitsi prosody tech

Hello everyone.
This article was frequently accessed from overseas, so I will translate it into English and repost it.
I hope it helps.

Today's topic

I want to add user authentication to Jitsi, a web conferencing system deployed on AWS, so that only people who know ID/PASS can use it. (I want to limit users to friends, companies, etc.)
Otherwise, Misaka will become a free web conferencing system used by 100 million people, and if you wake up in the morning with the AWS usage fee, you may go bankrupt.

Before the start

I started EC2 of Jitsi that I created before and checked the connection, but it doesn't connect.
Upon confirmation, EC2's "public IPv4 address open address"(global IP assigned to EC2) was changed.
It takes about 3 days to update automatically. It's a little unexpected speed.
You may need to consider using AWS EIP. (About $10 a month)
However, since it is an experiment, it is unnecessary recognition so far.

.env configuration file settings

Set the .env file used by docker-compose.

# Enable authentication
#ENABLE_AUTH=1
+ENABLE_AUTH=1

Restart Docker to reflect the settings.

[root@meet docker-jitsi-meet]# docker-compose stop
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-web-1      Stopped                                                                                                           3.7s
 ⠿ Container docker-jitsi-meet-jicofo-1   Stopped                                                                                                           3.9s
 ⠿ Container docker-jitsi-meet-jvb-1      Stopped                                                                                                           4.0s
 ⠿ Container docker-jitsi-meet-prosody-1  Stopped                                                                                                           3.6s
[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-prosody-1  Started                                                                                                           1.5s
 ⠿ Container docker-jitsi-meet-web-1      Started                                                                                                           1.5s
 ⠿ Container docker-jitsi-meet-jicofo-1   Started                                                                                                           3.5s
 ⠿ Container docker-jitsi-meet-jvb-1      Started                                                                                                           3.6s
[root@meet docker-jitsi-meet]#

Connection test

When I connected, an authentication pop-up appeared, but I noticed that there was no ID/PASS.
However, it has been successful.

ID / PASS settings

I considered how to set ID/PASS.
It seems that you cannot register from the Jitsi web screen.
After investigating, it seems that it is necessary to register the command in Prosody, which is the XMPP server of the component of Jitsi.

[root@meet docker-jitsi-meet]# docker-compose exec prosody prosodyctl --config /config/prosody.cfg.lua register user meet.jitsi password
[root@meet docker-jitsi-meet]#

Apparently, user authentication worked.
However, in this state, everyone must enter their ID/PASS before the meeting.
In this case, it is necessary to issue an ID/PASS every time a web conference is held temporarily with a person outside the company, which creates restrictions on usage.

Authentication is required only when creating a room, and authentication is not required from the second person

I referred to the following manual.

Add the following settings to your .env file and restart your Docker container.
A little troublesome, if everyone needs ID/PASS, the ID/PASS input screen will appear immediately after entering the URL, but with this setting, after entering the name, the room After logging in to, the authentication flow will change so that you will get an ID/PASS. (I was worried here.)

# Enable authentication
#ENABLE_AUTH=1
+ENABLE_AUTH=1

# Enable guest access
#ENABLE_GUESTS=1
+ENABLE_GUESTS=1

# Select authentication type: internal, jwt or ldap
#AUTH_TYPE=internal
+AUTH_TYPE=internal

+ENABLE_AUTO_LOGIN=1

Delete ID/PASS (Delete logged-in user)

In the above manual, the register and unregister commands are hidden by default.
I also want to know why it's not on the list. It's OSS.
In this area, you can inquire about the manufacturer's product, so there is a difference with the manufacturer.

[root@meet docker-jitsi-meet]# docker-compose exec prosody prosodyctl --config /config/prosody.cfg.lua unregister user meet.jitsi
[root@meet docker-jitsi-meet]#

Also, when adding or deleting users, you need to restart Docker below.
I think this operation is a little bad. (See below)

[root@meet docker-jitsi-meet]# docker-compose stop
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-jvb-1      Stopped                                                                                   4.1s
 ⠿ Container docker-jitsi-meet-web-1      Stopped                                                                                   3.6s
 ⠿ Container docker-jitsi-meet-jicofo-1   Stopped                                                                                   4.0s
 ⠿ Container docker-jitsi-meet-prosody-1  Stopped                                                                                   3.5s
[root@meet docker-jitsi-meet]# docker-compose up -d
[+] Running 4/4
 ⠿ Container docker-jitsi-meet-web-1      Started                                                                                   1.2s
 ⠿ Container docker-jitsi-meet-prosody-1  Started                                                                                   1.2s
 ⠿ Container docker-jitsi-meet-jicofo-1   Started                                                                                   3.1s
 ⠿ Container docker-jitsi-meet-jvb-1      Started                                                                                   3.1s
[root@meet docker-jitsi-meet]#

Future tasks

Even if it is good to use commands such as adding or deleting users, if the system needs to be restarted, various restrictions (problems) will arise in the work time after operation.
For example, when Mr. A is in a meeting and wants to register a newcomer's ID. If the system needs to be restarted, Mr. A's meeting will be interrupted. To avoid that, you need to perform user management when no one is in a meeting.
→ It will be an old-fashioned batch operation without immediacy.
　Therefore, it is expected that it will be easily troubled in normal operation.
The limitation of OSS is that this area is not well done. (Zoom is well done.)
Therefore, it is necessary to consider a mechanism that considers operation.

If you use it for work, we recommend that you consider the operation and use the manufacturer's product.
I would like to avoid user editing work in the middle of the night.

Time required this time

This time, it took a long time even though only the parameter setting was done for the following reasons.

However, I think this is the cost of OSS, and it is a part that needs to be understood by users.

Because the order of display of the authentication screen of the connection test is different, it was not possible to judge whether the setting was successful or not.

Because I forgot to restart Docker after registering ID/PASS, it could not be reflected.

With the above detour, the survey time was about 5 hours.

Reference

이 문제에 관하여(Add user authentication to Jitsi, a web conferencing system), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://zenn.dev/kurayasu/articles/986d8bcf9f850c

텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.

우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)

Ext 개발 2 ------ext3.0 여러 줄 다열 양식입니다.

모든 자바스크립트 개발자가 알아야 할 초보자를 위한 9가지 트릭

좋은 웹페이지 즐겨찾기

개발자 우수 사이트 수집

개발자가 알아야 할 필수 사이트 100선 추천 우리는 당신을 위해 100개의 자주 사용하는 개발자 학습 사이트를 정리했습니다