Jitsi meet on docker: internal auth, prosody

Hi there,
I have set up a jitsi meet server with docker that works fine as open server. I would like to add authentication for creating rooms following https://github.com/jitsi/docker-jitsi-meet.

What I did in .env is:
ENABLE_AUTH=1
#ENABLE_GUESTS=1
AUTH_TYPE=internal

In the prosody container when running:
prosodyctl --config /config/prosody.cfg.lua register username meet.jitsi password
I get
Error: Account creation/modification not supported.
When I replace meet.jitsi with auth.meet.jitsi I get no error. (maybe this is wrong as well)
I ran service prosody restart afterwards.

But: there is no authentication. The site is still open.
What do I need to do in order to enable authentication? - require authentication for room creation (moderator) and join without user/password as non-moderator.

Thanks and stay healthy!

You must have run first your container with ENABLE_AUTH=0.
In order to make prosody enable to create user, you must :

  • stop all containers
  • delete your config directory (default = ~/.jitsi-meet-cfg), at least directory prosody in config directory
  • change your configuration with ENABLE_AUTH=1 and AUTH_TYPE=internal
  • then restart your containers

Documentation explain that once you have first run jitsi, the .env file is no more used and config files preval.
Hope this help.

Hello Get

here my config file. i had already run prosody and have my users.

version: '3'

services:
    # Frontend
    web:
        image: jitsi/web
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=meet.jitsi"
          - "traefik.http.routers.jitsi.rule=Host(`meet.example.com`)"
          - "traefik.http.routers.jitsi.tls.certresolver=letsencrypt"
          - "traefik.http.routers.jitsi.entrypoints=websecure"
        expose:
          - "80"
        restart: ${RESTART_POLICY}
        ports:
             - '${HTTP_PORT}:80'
             - '${HTTPS_PORT}:443'
        volumes:
            - ${CONFIG}/web:/config
            - ${CONFIG}/web/letsencrypt:/etc/letsencrypt
            - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts
        environment:
            - ENABLE_AUTH=1
            - ENABLE_GUESTS=1
            - ENABLE_LETSENCRYPT
            - ENABLE_HTTP_REDIRECT
            - ENABLE_TRANSCRIPTIONS
            - DISABLE_HTTPS
            - JICOFO_AUTH_USER
            - LETSENCRYPT_DOMAIN
            - LETSENCRYPT_EMAIL
            - PUBLIC_URL
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_BOSH_URL_BASE
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_RECORDER_DOMAIN
            - ETHERPAD_URL_BASE
            - TZ
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - ENABLE_RECORDING
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_DOMAIN}

    # XMPP server
    prosody:
        image: jitsi/prosody
        restart: ${RESTART_POLICY}
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody:/config
        environment:
            - AUTH_TYPE=internal
            - ENABLE_AUTH=1
            - ENABLE_GUESTS=1
            - GLOBAL_MODULES
            - GLOBAL_CONFIG
            - LDAP_URL
            - LDAP_BASE
            - LDAP_BINDDN
            - LDAP_BINDPW
            - LDAP_FILTER
            - LDAP_AUTH_METHOD
            - LDAP_VERSION
            - LDAP_USE_TLS
            - LDAP_TLS_CIPHERS
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
            - XMPP_MUC_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_MODULES
            - XMPP_MUC_MODULES
            - XMPP_INTERNAL_MUC_MODULES
            - XMPP_RECORDER_DOMAIN
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JIGASI_XMPP_USER
            - JIGASI_XMPP_PASSWORD
            - JIBRI_XMPP_USER
            - JIBRI_XMPP_PASSWORD
            - JIBRI_RECORDER_USER
            - JIBRI_RECORDER_PASSWORD
            - JWT_APP_ID
            - JWT_APP_SECRET
            - JWT_ACCEPTED_ISSUERS
            - JWT_ACCEPTED_AUDIENCES
            - JWT_ASAP_KEYSERVER
            - JWT_ALLOW_EMPTY
            - JWT_AUTH_TYPE
            - JWT_TOKEN_AUTH_MODULE
            - LOG_LEVEL
            - TZ
        networks:
            meet.jitsi:
                aliases:
                    - ${XMPP_SERVER}

    # Focus component
    jicofo:
        image: jitsi/jicofo
        restart: ${RESTART_POLICY}
        volumes:
            - ${CONFIG}/jicofo:/config
        environment:
            - ENABLE_AUTH=1
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JICOFO_COMPONENT_SECRET
            - JICOFO_AUTH_USER
            - JICOFO_AUTH_PASSWORD
            - JICOFO_RESERVATION_REST_BASE_URL
            - JVB_BREWERY_MUC
            - JIGASI_BREWERY_MUC
            - JIGASI_SIP_URI
            - JIBRI_BREWERY_MUC
            - JIBRI_PENDING_TIMEOUT
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:

    # Video bridge
    jvb:
        image: jitsi/jvb
        restart: ${RESTART_POLICY}
        ports:
            - '${JVB_PORT}:${JVB_PORT}/udp'
            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
        volumes:
            - ${CONFIG}/jvb:/config
        environment:
            - DOCKER_HOST_ADDRESS
            - XMPP_AUTH_DOMAIN
            - XMPP_INTERNAL_MUC_DOMAIN
            - XMPP_SERVER
            - JVB_AUTH_USER
            - JVB_AUTH_PASSWORD
            - JVB_BREWERY_MUC
            - JVB_PORT
            - JVB_TCP_HARVESTER_DISABLED
            - JVB_TCP_PORT
            - JVB_STUN_SERVERS
            - JVB_ENABLE_APIS
            - TZ
        depends_on:
            - prosody
        networks:
            meet.jitsi:

# Custom network so all services can communicate using a FQDN
networks:
    meet.jitsi:
        external: true

did a docker-compose restart and still no auth.

did i miss something?

thank you.

figured it out.

https://community.jitsi.org/t/docker-authentication/39060/4?u=michelb855

Have you down all the steps I had give you ?

The matter is that if you first run docker-compose up -d with ENABLE_AUTH=0 and then stop and re-run with ENABLE_AUTH=1 the jitsi server don’t use your modification.

There is no correlation between your docker-compose file and the fact you first run with bad values in your .env file.

You can try to change configuration files in your config directory (default = ~/.jitsi-meet-cfg), but if you can redo all your prosody actions, you must do the 4 steps starting with deletion of your config directory.