jitsi-contrib/jitsi-helm

How to enable authentication for jitsi using helm?

Abbasgori13 opened this issue · 4 comments

Abbasgori13 commented

I am trying to enable authentication. I saw this #12 issue but I want to enable authentication using username and password. can you help me, please?

kpeiruza commented

I'm new on this helm chart but we've our own helm to deploy Jitsi.

The underlying dockers used, the official ones, already support authentication. This chart has just 1 value to do so "enableAuth".

I'd suggest adding the specific variables required for prosody to enable JWT or LDAP, as described on docker-jitsi-meet for their docker compose under a new "env:" section under "prosody"

Probably this will work for you too:

prosody:
  enabled: true
  affinity: {}
  env:
    AUTH_TYPE: ldap
    ENABLE_GUESTS: "true"
    JIBRI_RECORDER_PASSWORD: 1234567890
    JIBRI_RECORDER_USER: recorder
    JIBRI_XMPP_PASSWORD: 0987654321
    JIBRI_XMPP_USER: jibri
    LDAP_AUTH_METHOD: bind
    LDAP_BASE: dc=mydomain,dc=com
    LDAP_TLS_CHECK_PEER: "0"
    LDAP_URL: ldap://10.20.30.40:389/
    LDAP_FILTER: (sAMAccountName=%u)
    LDAP_BINDDN: cn=jitsi,ou=Users,ou=Systems,dc=mydomain,dc=com
    LDAP_VERSION: "3"
    LDAP_BINDPW: ABCDEF012345
    LDAP_START_TLS: "0"
    LDAP_USE_TLS: "0"
    XMPP_RECORDER_DOMAIN: recorder.jitsi.mydomain.com
  extraEnvFrom:
[....]

For JWT use this instead:

AUTH_TYPE: jwt
JWT_APP_ID: ABCDEFG
JWT_APP_SECRET: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
JWT_ALLOW_EMPTY: "true"
XMPP_MUC_MODULES: token_moderation

Please, try it out and tell us if it worked as expected :-)

Thanks!

sapkra commented

@kpeiruza Thank you for your help. Closing it because there was no response from @Abbasgori13.

Marker689 commented

So I've added an "env" section under "prosody"

prosody:
  enabled: true
  env:
    AUTH_TYPE: ldap
    LDAP_AUTH_METHOD: bind
    LDAP_BASE: DC=myad,DC=local
    LDAP_TLS_CHECK_PEER: "0"
    LDAP_URL: ldap://myad.local/
    LDAP_FILTER: (sAMAccountName=%u)
    LDAP_BINDDN: sys-ad@myad.local
    LDAP_VERSION: "3"
    LDAP_BINDPW: pwd
    LDAP_START_TLS: "1"
    LDAP_USE_TLS: "1"
    LDAP_TLS_CHECK_PEER: "0"

Also I've set this

enableAuth: true
enableGuests: true

So LDAP auth works, but for some reason all users need to auth, even If meet was started. Don't know how to fix it, unfortunately.

UPD. Just using newer image
tag: 'stable-9111'
Resolved my issue, now this works as intended.

  • ❤️1
spijet commented

Hello @Marker689!

Thank you for the info, I'll make sure to bump the Jitsi image before packaging a new release.