Guest access with authentication for moderators

[UbiquitousBear]

I've enabled LDAP authentication in Jitsi via the addition of an extra set of environment variables in a Secret, and with the helm values declaring enableAuth: true.

When I authenticate to join a meeting, that works well. However, when I try to get a guest to join, they're prompted to login.

Am I missing something with how it's meant to be set up?

Deployment details:

CHART jitsi-meet-1.4.0
APP VERSION stable-9646

Originally posted by @UbiquitousBear in #125

[spijet]

Hello @UbiquitousBear!

Can you please post the output of env | grep 'ENABLE_' | sort command run in Prosody pod and the contents of Prosody config file located at /config/conf.d/jitsi-meet.cfg.lua? We need to verify that the Prosody configuration is being rendered correctly.

[UbiquitousBear]

Hi @spijet - thanks for reaching out.

Answers:

k exec -it p-gb-sys-coms-vconf01-meet-prosody-0 -- env | grep 'ENABLE_' | sort
ENABLE_AUTH=1
ENABLE_COLIBRI_WEBSOCKET=true
ENABLE_COLIBRI_WEBSOCKET_UNSAFE_REGEX=1
ENABLE_GUESTS=1
ENABLE_XMPP_WEBSOCKET=true

and

[master_p_gb_sys_coms_vconf01@p-gb-sys-coms-vconf01-789b664f58-cflh2 K8S-p_gb_sys_coms_vconf01 configuration]$ k exec -it p-gb-sys-coms-vconf01-meet-prosody-0 -- cat /config/conf.d/jitsi-
meet.cfg.lua
admins = {
    

    

    "[email protected]",
    "[email protected]"
}

unlimited_jids = {
    "[email protected]",
    "[email protected]"
}

plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom", "/prosody-plugins-contrib" }

muc_mapper_domain_base = "meet.jitsi";
muc_mapper_domain_prefix = "muc";

http_default_host = "meet.jitsi"









consider_bosh_secure = true;
consider_websocket_secure = true;


smacks_max_unacked_stanzas = 5;
smacks_hibernation_time = 60;
smacks_max_old_sessions = 1;




VirtualHost "meet.jitsi"

  
    authentication = "cyrus"
    cyrus_application_name = "xmpp"
    allow_unencrypted_plain_auth = true
  

    ssl = {
        key = "/config/certs/meet.jitsi.key";
        certificate = "/config/certs/meet.jitsi.crt";
    }
    modules_enabled = {
        "bosh";
        
        "websocket";
        "smacks"; -- XEP-0198: Stream Management
        
        "speakerstats";
        "conference_duration";
        "room_metadata";
        
        "end_conference";
        
        
        
        "muc_lobby_rooms";
        
        
        "muc_breakout_rooms";
        
        
        "av_moderation";
        
        
        
        "auth_cyrus";
        
        
        
    }

    main_muc = "muc.meet.jitsi"
    room_metadata_component = "metadata.meet.jitsi"
    
    lobby_muc = "lobby.meet.jitsi"
    
    

    

    
    breakout_rooms_muc = "breakout.meet.jitsi"
    

    speakerstats_component = "speakerstats.meet.jitsi"
    conference_duration_component = "conferenceduration.meet.jitsi"

    
    end_conference_component = "endconference.meet.jitsi"
    

    
    av_moderation_component = "avmoderation.meet.jitsi"
    

    c2s_require_encryption = true

    

    
VirtualHost "guest.meet.jitsi"
    authentication = "jitsi-anonymous"
    modules_enabled = {
        
        "smacks"; -- XEP-0198: Stream Management
        
    }

    c2s_require_encryption = true
    



VirtualHost "auth.meet.jitsi"
    ssl = {
        key = "/config/certs/auth.meet.jitsi.key";
        certificate = "/config/certs/auth.meet.jitsi.crt";
    }
    modules_enabled = {
        "limits_exception";
    }
    authentication = "internal_hashed"



Component "internal-muc.meet.jitsi" "muc"
    storage = "memory"
    modules_enabled = {
        }
    restrict_room_creation = true
    muc_filter_whitelist="auth.meet.jitsi"
    muc_room_locking = false
    muc_room_default_public_jids = true
    muc_room_cache_size = 1000
    muc_tombstones = false
    muc_room_allow_persistent = false

Component "muc.meet.jitsi" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        
        "polls";
        "muc_domain_mapper";
        
        "muc_password_whitelist";
    }

    -- The size of the cache that saves state for IP addresses
    rate_limit_cache_size = 10000;

    muc_room_cache_size = 10000
    muc_room_locking = false
    muc_room_default_public_jids = true
    
    muc_password_whitelist = {
        "[email protected]";
    }
    muc_tombstones = false
    muc_room_allow_persistent = false

Component "focus.meet.jitsi" "client_proxy"
    target_address = "[email protected]"

Component "speakerstats.meet.jitsi" "speakerstats_component"
    muc_component = "muc.meet.jitsi"

Component "conferenceduration.meet.jitsi" "conference_duration_component"
    muc_component = "muc.meet.jitsi"


Component "endconference.meet.jitsi" "end_conference"
    muc_component = "muc.meet.jitsi"



Component "avmoderation.meet.jitsi" "av_moderation_component"
    muc_component = "muc.meet.jitsi"



Component "lobby.meet.jitsi" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_tombstones = false
    muc_room_allow_persistent = false
    muc_room_cache_size = 10000
    muc_room_locking = false
    muc_room_default_public_jids = true
    modules_enabled = {
        }

    


Component "breakout.meet.jitsi" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_cache_size = 10000
    muc_room_locking = false
    muc_room_default_public_jids = true
    muc_tombstones = false
    muc_room_allow_persistent = false
    modules_enabled = {
        "muc_meeting_id";
        "polls";
        }


Component "metadata.meet.jitsi" "room_metadata_component"
    muc_component = "muc.meet.jitsi"
    breakout_rooms_component = "breakout.meet.jitsi"

[spijet]

Please add this to your values.yaml and let me know if anything is different:

# my-jitsi-values.yaml
extraCommonEnvs:
  PROSODY_C2S_REQUIRE_ENCRYPTION: "0"

According to Prosody docs, it may be required to disable C2S encryption in order to actually allow guest users to join meeting rooms. This environment variable does just that.