Restricting room creation only to token-authenticated users

Hi all,

my company is testing Jitsi-meet as a possible solution for internal/external video conferences. We are having some troubles configuring it.

We would like to expose it for public access from internet, but first we’d like to restrict the room creation only to people coming from Rocketchat (both are on our private servers in cloud).

On rocketchat side, I’ve configured, in the Videoconference section jitsi-meet with the correct domain (let’s say “zzzz”, SSL enabled, JWT Auth enabled, and application id (say “xxxx”) and application secret (say “yyyy”).

On jitsi-meet side, in the zzzz.cfg.lua, I’ve configured, under the main virtualhost:
authentication = “token”
app_id=“xxxx”
app_secret=“yyyy”
allow_empty_token = false;

and under the conference component, I have configured:

modules_enabled = { “token_verification” }
restrict_room_creation = true

restarted prosody but there’s no restriction in creating rooms; going directly for the domain on the browser allows me to create a room.
What do you think is not working? Is there something more to configure? I also did a test, changing authentication to internal_plain and that does work.

Thanks in advance.

It seems the token authentication had not been activated. If it is and allow_empty_token is false and you do not provide a token, you will see the dialog asking for username and password.
Clear your prosody logs, restart it and check it for errors.

Thanks for your reply. seems that the mod token verification module and the mod auth module are missing. Where should I get them?

They should be installed with the tokens package, you can also find them here https://github.com/jitsi/jitsi-meet/tree/master/resources/prosody-plugins
Have you uncommented the plugins folder in the prosody config?

Ok, i’ve put the right modules in the folder. Then at the restarting it mentioned a “basexx” dependency

I’ve installed it with luarocks. Now it is missing" luajwtjitsi" which I also tried installing but it says: luarocks install luajwtjitsi
Installing https://luarocks.org/luajwtjitsi-1.3-7.rockspec
Missing dependencies for luajwtjitsi 1.3-7:
luacrypto >= 0.3.2-1 (not installed)
lua-cjson >= 2.1.0 (not installed)
lbase64 >= 20120807-3 (not installed)

So I proceeded trying installing luacrypto but:
Installing https://luarocks.org/luacrypto-0.3.2-2.src.rock

Error: Failed installing dependency: https://luarocks.org/luacrypto-0.3.2-2.src.rock - Could not find header file for OPENSSL
No file openssl/evp.h in /usr/local/include
No file openssl/evp.h in /usr/include
You may have to install OPENSSL in your system and/or pass OPENSSL_DIR or OPENSSL_INCDIR to the luarocks command.
Example: luarocks install luacrypto OPENSSL_DIR=/usr/local

I’ve locate openssl which is already installed and tried:

Example: luarocks install luacrypto OPENSSL_DIR=/usr/local
luarocks install luacrypto OPENSSL_DIR=/usr/bin/openssl
Installing https://luarocks.org/luacrypto-0.3.2-2.src.rock

Error: Could not find header file for OPENSSL
No file openssl/evp.h in /usr/bin/openssl/include

What could I do now?

Which lua do you have is it 5.2?
I have some notes about it, let me share it:
“apt-get install liblua5.2-dev
wget https://keplerproject.github.io/luarocks/releases/luarocks-2.4.1.tar.gz
./configure --lua-version=5.2 --versioned-rocks-dir
make build
sudo make install
luarocks-5.2 install net-url”

"luarocks-5.2 install basexx
apt-get install libssl1.0-dev
luarocks-5.2 install luajwtjitsi
luarocks-5.2 install lua-cjson 2.1.0-1

Thanks for your reply. I just installed the liblua5.2 dev, downloaded the tar.gz file.

When I launch:

./configure --lua-version=5.2 --versioned-rocks-dir

I get:
Lua interpreter found: /usr/bin/lua…
Lua version detected: 5.1
This clashes with the value of --lua-version. Please check your configuration.

configure failed.

Here are all the errors I get when starting prosody with the token and room restriction configurations (I’ve put * to hide the real domain for security):

Nov 27 13:42:13 modulemanager   error   Error initializing module 'token_verification' on 'conference.****.****.it': /usr/lib/prosody/../../bin/prosody:185: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/../../bin/prosody:185: in function 'require'
        /usr/lib/prosody/modules/token/util.lib.lua:7: in main chunk
        (tail call): ?
        /usr/lib/prosody/modules/mod_token_verification.lua:24: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:177: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:255: in function 'load'
        /usr/lib/prosody/core/modulemanager.lua:77: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:113: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:59: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/../../bin/prosody:358: in function 'prepare_to_start'
        /usr/lib/prosody/../../bin/prosody:427: in main chunk
        [C]: ?

==> prosody.err <==
Nov 27 13:42:13 modulemanager   error   Error initializing module 'token_verification' on 'conference.****.****.it': /usr/lib/prosody/../../bin/prosody:185: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/../../bin/prosody:185: in function 'require'
        /usr/lib/prosody/modules/token/util.lib.lua:7: in main chunk
        (tail call): ?
        /usr/lib/prosody/modules/mod_token_verification.lua:24: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:177: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:255: in function 'load'
        /usr/lib/prosody/core/modulemanager.lua:77: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:113: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:59: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/../../bin/prosody:358: in function 'prepare_to_start'
        /usr/lib/prosody/../../bin/prosody:427: in main chunk
        [C]: ?

==> prosody.log <==
Nov 27 13:42:13 modulemanager   error   Error initializing module 'auth_token' on '****.****.it': /usr/lib/prosody/../../bin/prosody:185: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/../../bin/prosody:185: in function 'require'
        /usr/lib/prosody/modules/token/util.lib.lua:7: in main chunk
        (tail call): ?
        /usr/lib/prosody/modules/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:177: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:255: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:66: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:113: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:59: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/../../bin/prosody:358: in function 'prepare_to_start'
        /usr/lib/prosody/../../bin/prosody:427: in main chunk
        [C]: ?

==> prosody.err <==
Nov 27 13:42:13 modulemanager   error   Error initializing module 'auth_token' on '****.****.it': /usr/lib/prosody/../../bin/prosody:185: module 'luajwtjitsi' not found:No LuaRocks module found for luajwtjitsi
        no field package.preload['luajwtjitsi']
        no file '/usr/lib/prosody/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.lua'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi.lua'
        no file '/usr/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi.lua'
        no file '/var/lib/prosody/.luarocks/share/lua/5.1/luajwtjitsi/init.lua'
        no file '/usr/lib/prosody/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/x86_64-linux-gnu/lua/5.1/luajwtjitsi.so'
        no file '/usr/lib/lua/5.1/luajwtjitsi.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
        no file '/var/lib/prosody/.luarocks/lib/lua/5.1/luajwtjitsi.so'
stack traceback:
        /usr/lib/prosody/core/modulemanager.lua:31: in function </usr/lib/prosody/core/modulemanager.lua:31>
        [C]: in function '_real_require'
        /usr/lib/prosody/../../bin/prosody:185: in function 'require'
        /usr/lib/prosody/modules/token/util.lib.lua:7: in main chunk
        (tail call): ?
        /usr/lib/prosody/modules/mod_auth_token.lua:8: in main chunk
        (tail call): ?
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:31: in function 'pcall'
        /usr/lib/prosody/core/modulemanager.lua:177: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:255: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:66: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:113: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:59: in function '?'
        /usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
        (tail call): ?
        /usr/lib/prosody/../../bin/prosody:358: in function 'prepare_to_start'
        /usr/lib/prosody/../../bin/prosody:427: in main chunk
        [C]: ?

==> prosody.log <==
Nov 27 13:42:13 portmanager     info    Activated service 'http' on [::]:5280, [*]:5280
Nov 27 13:42:13 portmanager     error   Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

==> prosody.err <==
Nov 27 13:42:13 portmanager     error   Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

==> prosody.log <==
Nov 27 13:42:13 portmanager     error   Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

==> prosody.err <==
Nov 27 13:42:13 portmanager     error   Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281

Hi,
I’ve managed to go through the configuration. I’ve installed the trunk version of prosody, installed luarocks and finally jitsi-meet tokens.
Now the modules load correctly and if I try to create a room without coming from Rocket (thus withouth JWT token) it asks me for internal plain authentication.
The only problem I’m having is when I try to launch the videochat from rocket. Even though I setup properly both appid and appsecret on Jitsi and Rocket, when I try to launch the videochat, on Jitsi’s log I have:

Dec 04 11:08:53 mod_bosh        info    Client tried to use sid '4bce964e-bbed-4c66-bcb7-2fa83ccbdb4c' which we don't know about
Dec 04 11:09:11 mod_bosh        info    New BOSH session, assigned it sid 'c6d307b7-a138-495d-b553-823b30ce254c'
Dec 04 11:09:11 general warn    Error verifying token err:not-allowed, reason:token required

I tried analyzing the jwt parameter seen in the request url and it correctly displays the appid I did setup before.

What do you think could be the problem?

Found the solutions, here’s what I also had to do:

Replace, in the config file:

/usr/lib/prosody/modules/mod_bosh.lua

this line:

module:fire_event(“bosh-session”, { session = session, request = request });

with this one

hosts[session.host].events.fire_event(“bosh-session”, { session = session, request = request });

then, in the cfg.lua of my domain under /etc/prosody/conf.d, in the section:
Component “conference.video.opensquare.it” “muc”

I had to add these two parameters:

storage = “internal”
muc_room_cache_size = 100

Then after restarting prosody all went fine

Hum, this should be taken care of the token install scripts:


1 Like