Docker-jitsi-meet JWT support

Hello,

I see some commits about JWT on prosody, docker.compose.yml and .env files of docker-jitsi-meet 20 days ago…
I am wondering when we can use an approved JWT functionality on master branch for docker installations of jitsi-meet

Many Thanks
Onur

I want to test and use docker image on dev and configure mydomain.com with JWT ; but with no luck.
I am not sure if the .env file is fully covering for such an installation…
I’d appreciate if someone tell me step by step which files to edit from scratch to make a server work for a domain with jwt using docker image.

In .env file i have edited http ports, letsencrypt settings and these:

Enable authentication.

ENABLE_AUTH=1

Enable guest access.

#ENABLE_GUESTS=1

And by git checkout dev i was able to get jwt settings in env.example file and edited them as follows:

Select authentication type: internal, jwt or ldap

AUTH_TYPE=jwt

JWT auuthentication

Application identifier.

JWT_APP_ID=my_jitsi_app_id

Application secret known only to your token.

JWT_APP_SECRET=my_jitsi_app_secret

I haven’t touched this:

Directory where all configuration will be stored.

CONFIG=~/.jitsi-meet-cfg

And after docker-compose up -d

From the browser, i was unable to see https://mydomain.com so i am not sure if i have to manually edit
/docker-jitsi-meet/web/rootfs/default and vi config.js for replacing example.com with mydomain.com:

hosts: {
    // XMPP domain.
    domain: 'mydomain.com',

    // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
    muc: 'conference.mydomain.com'    

// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//jitsi-meet.mydomain.com/http-bind’,

So, in conclusion, i want mydomain.com to work with jwt in a docker environment; but having trouble how to do…

Thanks in advance

Hello,

I have no problems of installing docker-jitsi-meet without authentication from master branch.
I have followed following instructions and installed docker-jitsi-meet from dev with JWT support; but having CONNECTION FAILED: connection.passwordRequired error in chrome console and my link with token did not work…

#!/usr/bin/env bash

sudo apt-get update

sudo apt-get install docker.io -y

git clone https://github.com/jitsi/docker-jitsi-meet.git

git checkout dev

cp example.env .env

vi .env

apt install docker-compose

docker-compose up -d

Can you please check, what i may be missing? any other files should i edit?

please find sample link and jwt as follows:

Also, i can not find prosody logs and prosody errors path in docker installation…

Thanks in advance

You need to build the images too. After checking out the dev branch run: make

That was an great help, thank you Saghul appreciated…

Finally i have my docker installation worked with JWT…

One little issue, just want to check if anyone has faced such a thing;
when i change a letter in token itself, i get authentication failed message, which is correct and shows token is working fine…

But in cases a token is created with room parameter something other than “*” this token should only work for that room (for example “aaa”)…
regular jwt installation gives “sorry you are not allowed to be here” if i change a latter in room name in the link (/111aaa?jwt=)

but in docker jwt setup, it still enters edited room name, even token was just for room “aaa”

any idea?

thanks

Not really, it should reject it.

That’s what i would expect, but let me share some screenshots with you:

This is the token generated for room “aaa”

I can enter

also

with moderator access without any rejection…

Ah, I see the bug! This mudule must be enabled: https://github.com/jitsi/jitsi-meet/blob/master/resources/prosody-plugins/mod_token_verification.lua when using JWT auth. Please open an issue on GitHub and link this thread here.

opened

thanks…

1 Like