Docker-Jitsi-Meet: Plugins and Moderation

Hello there,

thanks for this awesome software. I installed docker-jitsi-meet and so far, everything works fine.
I used the jwt auth method to restrict access to rooms - works fine as well.
Now here is my problem: Everybody who joins the room, is granted moderator rights. That does not make sense to me.
So here is my question: Is there a way to make the “room-creator” the mod and everybody else just a normal user?

I found this plugin here: https://github.com/nvonahsen/jitsi-token-moderation-plugin which seems to to just what I need.
However I am not sure, how to install it within docker.

What I tried:

  1. Downloaded the plugin, created a folder “plugins” in the root dir of the docker-jitsi-meet repo

  2. Added a volume to docker-compose (prosody service):
    volumes:

  • ${CONFIG}/prosody:/config
  • ./plugins:/plugins
  1. Added ‘/plugins’ here: https://github.com/jitsi/docker-jitsi-meet/blob/76acc6502734d9bca5fa78b67102cfbc7a4ad29c/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua#L2

Now: Is this correct so far and where would I have to activate the plugin? The plugin readme says:

edit the conferance.[YOUR DOMAIN] component to add token_moderation

But where is that? Really could need some help!
Thanks a lot in advance.
Kind regards!

1 Like

Hi,

did you manage to install the module?

Hello @sirfragles,

yes I did. It’s not a 100% clean solution, but it works perfectly fine since two weeks.
Do you need help?

Yes please, if u can :slight_smile:

So here is what I did:

First of all I created a folder called “plugins” in my jitsi dir and pasted the mod_token_moderation.lua file into it.

within the docker-compose.yml I added the following paths / volumes:

web:
        ...
        volumes:
            - ...
            - ./plugins:/plugins


prosody:
        ...
        volumes:
            - ...
            - ./plugins:/plugins

As soon as you docker-compose up -d for the first time, jitsi will create the config files to your config dir you specified in your .env file.

Please note: These files will not be deleted in case you remove your containers or change config here, so you need to remove and recreate these folders again if you made some changes to your conf.
Also, this is the weak spot for my solution: As soon as you change some settings within the .env file, you will need to remove the conf and manually edit it again. Sadly that is necessary because changing the conf within the docker files did not work.

So! For me I had to cd ~/.jitsi-meet-cfg/prosody/conf.d and here nano jitsi-meet.cfg.lua .
Here I added "/plugins" to plugin_paths and "token_moderation"; to the modules_enabled lists (several).

Now you can docker-compose restart and voila!

2 Likes

if you need to change files within your image you can do as follow.
lets say the file you change is within prosody service
vim docker-compose.yml and change the following lines to download image and build it locally.
prosody:
#image: jitsi/prosody
build: ./prosody
expose:
- ‘5222’
- ‘5347’
- ‘5280’

I was behind a proxy so i had to add the following lines to the prosody/Dockerfile

#ARG JITSI_REPO=jitsi
#FROM ${JITSI_REPO}/base
FROM jitsi/base
ENV https_proxy=http://proxy.yourcompanydomain.com:80 http_proxy=http://proxy.yourcompanydom.com:80

you can follow the same steps for any image that you need to modify.(jvb, web, jicofo, etc.)
always remember to remove the jitsi-meet-config folder every time you reload docker containers

1 Like

JFYI, if you want to download new updated images in the future you can do the following
docker-compose down
docker image prune
docker image prune -a
docker-compose build
docker-compose up -d

1 Like

Hello,
I’ve followed the instruction above but now nobody is granted with moderator rights. Can someone help me?

What does the log say?

First of all, I’ am running behind a proxy.
This is my jitsi-meet.cfg.lua config. On which modules enable tags should i add the “token_moderation”?

admins = { “focus@auth.meet.jitsi” }
plugin_paths = { “/prosody-plugins/”, “/prosody-plugins-custom”, “/plugins” }
http_default_host = “meet.jitsi”

VirtualHost “meet.jitsi”

authentication = "token"
app_id = "zzzzzzzzzz"
app_secret = "zzzzzzzzz"
allow_empty_token = false




ssl = {
    key = "/config/certs/meet.jitsi.key";
    certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
    "bosh";
    "pubsub";
    "ping";
    
}

c2s_require_encryption = false

VirtualHost “guest.meet.jitsi”
authentication = “anonymous”
c2s_require_encryption = false

VirtualHost “auth.meet.jitsi”
ssl = {
key = “/config/certs/auth.meet.jitsi.key”;
certificate = “/config/certs/auth.meet.jitsi.crt”;
}
authentication = “internal_plain”

VirtualHost “recorder.meet.jitsi”
modules_enabled = {
“ping”;
“token_moderation”;
}
authentication = “internal_plain”

Component “internal-muc.meet.jitsi” “muc”
modules_enabled = {
“ping”;
“token_moderation”;
}
storage = “memory”
muc_room_cache_size = 1000

Component “muc.meet.jitsi” “muc”
storage = “memory”
modules_enabled = {

    "token_moderation";
    "token_verification";

}
muc_room_locking = false
muc_room_default_public_jids = true

@ErrorInPersona
please have a look in what I have done: stil I cannot activate moderation via API

  1. I have jitsi-docker-meet and deleted .jitsi.meet.cfg
  2. created /plugin folder in jitsi-docker-meet
  3. placed there https://github.com/nvonahsen/jitsi-token-moderation-plugin/blob/master/mod_token_moderation.lua
  4. Added ‘/plugins’ here: https://github.com/jitsi/docker-jitsi-meet/blob/76acc6502734d9bca5fa78b67102cfbc7a4ad29c/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua#L2
  5. edited docker-compose.yml

version: ‘3’

services:
# Frontend
web:
image: jitsi/web
restart: {RESTART_POLICY} ports: - '{HTTP_PORT}:80’
- '{HTTPS_PORT}:443' volumes: - {CONFIG}/web:/config
- {CONFIG}/web/letsencrypt:/etc/letsencrypt - {CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
- {CONFIG}/plugins:/plugins environment: - ENABLE_AUTH - ENABLE_GUESTS - ENABLE_LETSENCRYPT - ENABLE_HTTP_REDIRECT - ENABLE_TRANSCRIPTIONS - DISABLE_HTTPS - JICOFO_AUTH_USER - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - PUBLIC_URL - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - ETHERPAD_URL_BASE - TZ - JIBRI_BREWERY_MUC - JIBRI_PENDING_TIMEOUT - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD - ENABLE_RECORDING networks: meet.jitsi: aliases: - {XMPP_DOMAIN}

# XMPP server
prosody:
    image: jitsi/prosody
    restart: ${RESTART_POLICY}
    expose:
        - '5222'
        - '5347'
        - '5280'
    volumes:
        - ${CONFIG}/prosody:/config
        - ${CONFIG}/plugins:/plugins
    environment:
        - AUTH_TYPE
        - ENABLE_AUTH
        - ENABLE_GUESTS
        - GLOBAL_MODULES
        - GLOBAL_CONFIG
        - LDAP_URL
        - LDAP_BASE
        - LDAP_BINDDN
        - LDAP_BINDPW
        - LDAP_FILTER
        - LDAP_AUTH_METHOD
        - LDAP_VERSION
        - LDAP_USE_TLS
        - LDAP_TLS_CIPHERS
        - LDAP_TLS_CHECK_PEER
        - LDAP_TLS_CACERT_FILE
        - LDAP_TLS_CACERT_DIR
        - LDAP_START_TLS
        - XMPP_DOMAIN
        - XMPP_AUTH_DOMAIN
        - XMPP_GUEST_DOMAIN
        - XMPP_MUC_DOMAIN
        - XMPP_INTERNAL_MUC_DOMAIN
        - XMPP_MODULES
        - XMPP_MUC_MODULES
        - XMPP_INTERNAL_MUC_MODULES
        - XMPP_RECORDER_DOMAIN
        - JICOFO_COMPONENT_SECRET
        - JICOFO_AUTH_USER
        - JICOFO_AUTH_PASSWORD
        - JVB_AUTH_USER
        - JVB_AUTH_PASSWORD
        - JIGASI_XMPP_USER
        - JIGASI_XMPP_PASSWORD
        - JIBRI_XMPP_USER
        - JIBRI_XMPP_PASSWORD
        - JIBRI_RECORDER_USER
        - JIBRI_RECORDER_PASSWORD
        - JWT_APP_ID
        - JWT_APP_SECRET
        - JWT_ACCEPTED_ISSUERS
        - JWT_ACCEPTED_AUDIENCES
        - JWT_ASAP_KEYSERVER
        - JWT_ALLOW_EMPTY
        - JWT_AUTH_TYPE
        - JWT_TOKEN_AUTH_MODULE
        - LOG_LEVEL
        - TZ
    networks:
        meet.jitsi:
            aliases:
                - ${XMPP_SERVER}

# Focus component
jicofo:
    image: jitsi/jicofo
    restart: ${RESTART_POLICY}
    volumes:
        - ${CONFIG}/jicofo:/config
        - ${CONFIG}/plugins:/plugins
    environment:
        - ENABLE_AUTH
        - XMPP_DOMAIN
        - XMPP_AUTH_DOMAIN
        - XMPP_INTERNAL_MUC_DOMAIN
        - XMPP_SERVER
        - JICOFO_COMPONENT_SECRET
        - JICOFO_AUTH_USER
        - JICOFO_AUTH_PASSWORD
        - JICOFO_RESERVATION_REST_BASE_URL
        - JVB_BREWERY_MUC
        - JIGASI_BREWERY_MUC
        - JIGASI_SIP_URI
        - JIBRI_BREWERY_MUC
        - JIBRI_PENDING_TIMEOUT
        - TZ
    depends_on:
        - prosody
    networks:
        meet.jitsi:

# Video bridge
jvb:
    image: jitsi/jvb
    restart: ${RESTART_POLICY}
    ports:
        - '${JVB_PORT}:${JVB_PORT}/udp'
        - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
    volumes:
        - ${CONFIG}/jvb:/config
        - ${CONFIG}/plugins:/plugins
    environment:
        - DOCKER_HOST_ADDRESS
        - XMPP_AUTH_DOMAIN
        - XMPP_INTERNAL_MUC_DOMAIN
        - XMPP_SERVER
        - JVB_AUTH_USER
        - JVB_AUTH_PASSWORD
        - JVB_BREWERY_MUC
        - JVB_PORT
        - JVB_TCP_HARVESTER_DISABLED
        - JVB_TCP_PORT
        - JVB_STUN_SERVERS
        - JVB_ENABLE_APIS
        - TZ
    depends_on:
        - prosody
    networks:
        meet.jitsi:

networks:
meet.jitsi:

  1. cd /root/docker-jitsi-meet
    docker-compose -f docker-compose.yml -f jibri.yml -f etherpad.yml up -d
    docker-compose -f docker-compose.yml -f jibri.yml -f etherpad.yml down -v

  2. cd ~/.jitsi-meet-cfg/prosody/conf.d and here nano jitsi-meet.cfg.lua .
    Here I added “/plugins” to plugin_paths and “token_moderation”; to the modules_enabled lists


admins = { “focus@auth.meet.jitsi” }
plugin_paths = { “/prosody-plugins/”, “/prosody-plugins-custom”,"/plugins" }
http_default_host = “meet.jitsi”

VirtualHost “meet.jitsi”

authentication = "token"
app_id = "sss"
app_secret = "ss"
allow_empty_token = false




ssl = {
    key = "/config/certs/meet.jitsi.key";
    certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
    "bosh";
    "pubsub";
    "ping";
    "speakerstats";
    "conference_duration";
    
    "token_moderation";
    
    
}

speakerstats_component = "speakerstats.meet.jitsi"
conference_duration_component = "conferenceduration.meet.jitsi"

c2s_require_encryption = false

VirtualHost “auth.meet.jitsi”
ssl = {
key = “/config/certs/auth.meet.jitsi.key”;
certificate = “/config/certs/auth.meet.jitsi.crt”;
}
authentication = “internal_hashed”

VirtualHost “recorder.meet.jitsi”
modules_enabled = {
“ping”;
}
authentication = “internal_hashed”

Component “internal-muc.meet.jitsi” “muc”
modules_enabled = {
“ping”;

    "token_moderation";
    
}
storage = "memory"
muc_room_cache_size = 1000

Component “muc.meet.jitsi” “muc”
storage = “memory”
modules_enabled = {

    "token_moderation";
    
    
    "token_verification";
    
}
muc_room_locking = false
muc_room_default_public_jids = true

Component “focus.meet.jitsi”
component_secret = “ssss”

Component “speakerstats.meet.jitsi” “speakerstats_component”
muc_component = “muc.meet.jitsi”

Component “conferenceduration.meet.jitsi” “conference_duration_component”
muc_component = “muc.meet.jitsi”


  1. the API “moderator”: true

  2. config.js has enableUserRolesBasedOnToken: true,

  3. docker-compose -f docker-compose.yml -f jibri.yml -f etherpad.yml up -d

  4. then when I log as non-moderator I still see the message “Moderator right has granted to…”

What is missing?

The last stable [ stable-4548-1] works, creating .jitsi-meet-cfg/prosody/prosody-plugins-custom and copy there mod_token_moderation.lua
My error was because a wrong mod_token_moderation.lua I copied there. Nevetheless now it works.

Hi @ErrorInPersona, I followed your steps but i did not see any change.

Actually, What I want to implement is the following:

  • only one user could be a moderator.
  • if one user open the session and start as moderator, when the correct moderator user enters the room, he should receive the moderator role.

In my code i want to do something like that:
if user_id is “founder”
role=moderator
else
role=guest

<script>

var domain="mydomain.com";
var option= {
    roomname='',
    parentNode= '',
    ...
}

api.executeCommand(''changerol', role);
</script>

Hi @drcz,
I was following your steps but I lost in the steps:
8. the API “moderator”: true
9. config.js has enableUserRolesBasedOnToken: true,

Where is the API? please could you detail what should do? i did not implement before jwt, please could give the steps to follow?.

Actually, in the link https://github.com/nvonahsen/jitsi-token-moderation-plugin/blob/master/README.md
mentions the following but I don’t understand. please could you help?
Just include a boolean field “moderator” in the body of the jwt you create for jitsi, if its true that user will be mod, if not they wont. It works irrespective of which order people join in.
Token body should look something like this:
{
context: {
user: {
avatar,
name,
id
}
},
sub,
room,
moderator: true
}

thanks a lot!

hi,
8. The API is a JS included in HTML where you want the video https://jitsi.org/api/
https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/API.md#installation

here is how the settings may look
var data = {
“context”: {
“user”: {
“avatar”: “https://gravatar.com/avatar/abc123”,
“name”: displayname,
“email”: email
}
}
,
“aud”: “my_jitsi_app_id”,
“iss”: “my_jitsi_app_id”,
“sub”: “meet.jitsi”,
“room”: room,
“moderator”: this.moderator
};

  1. JWT this file https://github.com/nvonahsen/jitsi-token-moderation-plugin/blob/master/mod_token_moderation.lua
    you have to put manually in .root/.jitsi-meet-cfg/prosody/prosody-plugins-custom

I hope it helps

Hi!

Im write redeploy script for my tasks, maybe somebody find it useful.

#!/bin/bash

docker-compose -f docker-compose.yml down
sudo rm -rf ~/.jitsi-meet-cfg/
docker-compose -f docker-compose.yml up -d
docker-compose -f docker-compose.yml down
sudo cp -r ./plugins ~/.jitsi-meet-cfg/
sudo sed -i – ‘s/plugin_paths = {/plugin_paths = {"/plugins",/g’ ~/.jitsi-meet-cfg/prosody/config/conf.d/jitsi-meet.cfg.lua
sudo sed -i – ‘s/modules_enabled = {/modules_enabled = {\n “token_moderation”;/g’ ~/.jitsi-meet-cfg/prosody/config/conf.d/jitsi-meet.cfg.lua
docker-compose -f docker-compose.yml up -d