Apache reverse-proxy setup for use with Kerberos auth and Jitsi

#1

Hi

I’d like to setup the following:
Apache with kerberos auth (valid-user) which is proxying requests to jitsi. Goal is to only use jitsi with a valid authentication.
We have a default apache proxy kerberos config which works on several other hosts. It is done via the following snippet:
<Proxy “*”>
Require valid-user
AuthType Kerberos
AuthName “Login”

But as soon as I add the following line to the config, apache is ignoring the valid-user requirement somehow:

ProxyPreserveHost on
ProxyPass /http-bind http ://localhost:5280/http-bind/
ProxyPassReverse /http-bind http ://localhost:5280/http-bind/

If I change it to the following:
ProxyPass / http://localhost:5280/http-bind/
ProxyPassReverse / http://localhost:5280/http-bind/

the browser is asking for a login, but afterwards I get the follwoing error:

404 Not Found

Whatever you were looking for is not here. Keep looking.

Unknown host: fqdn.of.the.jitsi.server

Is it possible to achive what I want? How do I have to correctly configure the reverse proxy?
Thank you!

#2

Ok, this was not very intelligent.
If I understand the apache-config correctly i have to change it to the following:

<Location “/”>
Require valid-user
AuthType Kerberos
AuthName “Login”

Now it works with the kerberos login

#3

You are passing this ^ as a Host when connecting to prosody bosh port, and prosody does not have this as a configured host.

#4

this is due to ProxyxPreserveHost on which is in the apache config. If I set it to off, nothing is working any more.
With the config from my above comment jitsi is working now. But everybody just sees himself and everybody else has a black screen

#5

What about NAT and ports from quick install guide, have you took care of those?
Have you checked js console for errors?

#6

It was a firewall issue. With the above statement in the jitsi conf, jitsi can be used with kerberos auth.