Problem creating user to custom virtualhost

Hi,
My company is currently using Jitsi Meet on a customized virtualhost, with JWT Authentication enabled for users coming from Rocket.Chat.

For people not coming from Rocket, thus without token, it correctly prompts for password.

The problem is that the user account creation in prosody seems not to be working correctly.

I tried using:

  • prosodyctl adduser user@test.myhost.it

  • prosodyctl --config /etc/prosody/conf.d/test.myhost.it.cfg.lua adduser user@test.myhost.it

  • prosodyctl --config /etc/prosody/prosody.cfg.lua adduser user@test.myhost.it

each one of them asks me for password, but then it gives me the error:

Error: Creating user failed

I double checked that:

  • the “register” module was enabled in modules_enabled in /etc/prosody/prosody.cfg.lua
  • “allow_registration = true” was presenth in both /etc/prosody/prosody.cfg.lua and in /etc/prosody/conf.d/test.myhost.it.cfg.lua both inside and outside the tag VirtualHost “test.myhost.it.cfg.lua”

Here’s the config (I did put * to cover passwords etc)

-- Plugins path gets uncommented during jitsi-meet-tokens package install - that's where token plugin is located
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
allow_registration = true
VirtualHost "test.myhost.it"
        allow_registration = true
        -- enabled = false -- Remove this line to enable this host
        authentication = "token"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="******"
        app_secret="******"
        allow_empty_token=false
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/test.myhost.it.key";
                certificate = "/etc/prosody/certs/test.myhost.it.crt";
        }
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

        c2s_require_encryption = false

VirtualHost "guest.test.myhost.it"
authentication = "token"
app_id = "******"
app_secret = "*******"
allow_empty_token = true
c2s_require_encryption = false

Component "conference.test.myhost.it" "muc"
    storage = "internal"
    muc_room_cache_size = 100
    modules_enabled = { "token_verification" }
    restrict_room_creation = true
admins = { "focus@auth.test.myhost.it" }

Component "jitsi-videobridge.test.myhost.it"
    component_secret = "******"

VirtualHost "auth.test.myhost.it"
    ssl = {
        key = "/etc/prosody/certs/auth.test.myhost.it.key";
        certificate = "/etc/prosody/certs/auth.test.myhost.it.crt";
    }
    authentication = "internal_plain"

Component "focus.test.myhost.it"
    component_secret = "*******"

Thanks everyone for the help.

You cannot create users for host with jwt authentication. You see the prompt cause those users does not pass jwt and they are not authenticated.
There is no point of having guest domain, that is for the username/password setup.
You can add allow_empty_token = true to your main domain to allow guests.

Hi, thanks for your reply.

Isn’t it possible to have both JWT Authentication and Basic Authentication for the host, so that if some admin wants to create a room without passing through rocket, can do it, logging in with basic auth?

There was some reports for using those here in the forum, try searching. It is not intended to work both ways, but someone was using it like that … we merged some changes for that … o you need to be on latest from unstable, as that change is not in stable … maybe with that change your user creation will succeed.

1 Like