Restrict creation of rooms

Hmm well ok here is a really simple example index2.html

This is the new Frontpage

Just save it as index2.html and you will see that text instead of the default jitsi page

I think we are at cross-purposes!

You said:

I have a wp on another vps and I would like to manage the htaccess from there

I read that as meaning that you wanted to manage the .htaccess file for your jitsi server by storing it on another server. My mistake.

1 Like

In what kind of format should executable return multiple rooms?

Aha, every room should be in a new line.

I apologize because I was too quick to concentrate.
I agree with you that doesn’t work (without extra efforts)

My steps are complement of “everyones”. Basically I restrict someone based on URL and its parameters on web server side and additionally on prosody for room existence but that is not actually needed probably.

Prosody side (which is basically not needed)

  1. I followed Restrict creation of rooms and don’t forget to add file “muc_restrict_rooms_exec.lua” from Restrict creation of rooms
  2. my restrict executable contains:

#!/bin/bash
python3 /home/someuser/muc_restrict_rooms.py

  1. my python script muc_restrict_rooms.py contains:

import sqlite3
conn = sqlite3.connect(’/home/someuser/muc.db’)
c = conn.cursor()

for row in c.execute(“SELECT room FROM room”):
print(row[0])

Nginx side

server {
server_name myservercom;

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

root /opt/jitsi-meet;
index index.html;
location ~ ^/([a-zA-Z0-9=\?]+)$ {
    auth_request /auth;
    auth_request_set $auth_status $upstream_status;

    rewrite ^/(.*)$ / break;
}   

location = /auth {
    internal;
    proxy_pass              http://127.0.0.1:5000$request_uri;
    proxy_set_header        Content-Length ""; 
    proxy_set_header        X-Original-URI $request_uri;
}   

location / { 
    ssi on; 
}   
# BOSH, Bidirectional-streams Over Synchronous HTTP
# https://en.wikipedia.org/wiki/BOSH_(protocol)
location /http-bind {
    proxy_pass      http://localhost:5280/http-bind;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $http_host;
}   
# external_api.js must be accessible from the root of the 
# installation for the electron version of Jitsi Meet to work
# https://github.com/jitsi/jitsi-meet-electron
location /external_api.js {
    alias /opt/jitsi-meet/libs/external_api.min.js;
}   

}

On url http 127.0.0.1 port 5000 some other web server returns 200 or 401 based on URL paramters which got to web server in the first place.

2 Likes

Hi There ! Firstly Thx Philipp for your work ! I’m currently trying to setup your module in order to restrict room creation and let only admin create room who’re not already listed on the accepted room list

I’m having trouble setting up the module ! after following installation instruction here i’m still having a full openend jitsi meet solution :frowning_face:

Here are the step I did :

  • Installing jitsi meet (naturally ^^)
  • Copying the module code and putting it into a lua file in usr/share/jitsi-meet/prosody-plugins folder
  • Copying the Lua file and renamming it to .sh and putting it into /home folder
  • Personnalising my prosody conf.avail file with this :

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

Component “conference.X.X.X.X” “muc”
storage = “none”
modules_enabled = {
“muc_restrict_rooms_exec”;
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
muc_restrict_exceptions = { “ok1”,“ok2” }
muc_restrict_executable = /home/usertest/mod_muc_restrict_rooms_exec.sh
admins = { “focus@auth.X.X.X.X” }

Is there something I misunderstood ? (X.X.X.X is my public ip i’m hidding here )

Or maybe i’m doing it wrong :frowning: ?

  1. Have you checked in the Prosody log files that it’s loading the new module?
  2. I think you’re getting it wrong about the executable – it’s not the script from above as a shell script. You need to write your own script that prints something like one allowed room per line. This Python script by @rokj should do the job

but for now something as simple as

#!/bin/bash
echo "test1"
echo "test2"

should do the job as well.

  1. Make sure the script, where ever you put it, is readable by Prosody. Your home directory may not be readable for example. I think there’s a Prosody user that runs the Prosody daemon (although not 100% sure).

Hope this helps!

2 Likes

Thx for your help ! I just come to change my setup :

  • putting the new sh file in the same folder than the lua modules
  • updating my config file

I just come to see after setting up your module & making change in my prosody config file i’m getting an error on boot :

Failed to start LSB : prosody XMPP server

Here are the prosody’s log output :

|Apr 15 00:41:04 mod_posix|warn|Received SIGTERM|
|Apr 15 00:41:04 general|info|Shutting down: Received SIGTERM|
|Apr 15 00:41:04 c2s560ea205fd60|info|Client disconnected: connection closed|
|Apr 15 00:41:04 c2s560ea207de70|info|Client disconnected: connection closed|
|Apr 15 00:41:04 jcp560ea20f62b0|info|component disconnected: focus.62.39.220.5 (false)|
|Apr 15 00:41:04 general|info|Shutting down…|
|Apr 15 00:41:04 general|info|Shutdown status: Cleaning up|
|Apr 15 00:41:04 general|info|Shutdown complete|

And :

Apr 15 00:20:01 portmanager error Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

UPDATE : I just come to make some test ! after reseting my prosody conf I no more error on boot (this one : Failed to start LSB : prosody XMPP server)

Actually i’m making my module integration under the – internal muc component ! Is that ok ?

I can’t find the logs messages.
Where are the logs written?

The previous error you had looked like it was unrelated to the Prosody module. Something to do with an SSL key. But it looks like you managed to get that one fixed?

The module needs to be placed in the correct Prosody module folder, which may vary between operating systems. Could you confirm where you placed it and what OS you’re using? Is it inside a Docker VM?

And yes, the config for the module needs to go inside the muc component config, AFAIK!

You can define yourself where to put the log files. There’s more info on this here.

Please remember you also need to give sufficient access permissions to Prosody / the log file. Otherwise, it won’t be allowed to create / write to the log file.

i have been trying to install the module but its seems that all is loaded fine but i can create any room i want and its not stopping me.I have installed on ubuntu 18.04 with all path as show here in this forum and activated secure domain where only registered users in prosody can create rooms all other users can join as guests as show in jitsi installation about secure domains. Also i have done a chmod+x on the script name.I have placed the script in /root folder.In prosody the only error i have is " portmanager error Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281".Is there any other place where i can read the logs to help me find why its not working?

Is it working with secure domain and guest domain for other users?

Hi,
thank you for the module and the explanation.
I followed the instructions and the logic seems functioning, but I can’t make the script works; more in details, I can create rooms only with a name listed in the “exceptions” list.
My test script:
#!/bin/bash
echo “test1”
echo “test2”
If I log the output from inside the module the result seems empty.
Maybe I placed the script in a wrong folder? Where should it be placed?

Thanks in advance!