Jitsi Meet KiwiIRC patches

About

This repository contains a set of patches to Jitsi Meet's Prosody plugins for use with kiwiirc/plugin-conference. The purpose of these patches is to mirror the access control model and user identity from the IRC environment to the Jitsi conference room.

The patches are necessary when using { "conference.secure": true } in your KiwiIRC client config.

You will need to host your own Jitsi Meet server for secured KiwiIRC conference calls, as the patches will make the services incompatible with other public Jitsi servers.

Prerequisites

Before proceeding, you'll need to complete the installation of the Jitsi Meet backend. Using the apt repository mentioned in Jitsi Meet's instructions, install the jitsi-meet and jitsi-meet-tokens packages. e.g. apt-get install jitsi-meet jitsi-meet-tokens.

A few hints:

  • jitsi-meet-tokens currently has a dependency on prosody-trunk, rather than the prosody package available in the main Ubuntu 16.04 repositories. See Prosody's documentation to add their apt repository as a package source on your system.
  • The Jitsi Meet packaging may have issues on Ubuntu 18.04.
  • Use an interactive shell when installing jitsi-meet because the packages will ask questions via debconf during installation and errors will occur if no debconf frontend is available.
  • Install nginx before jitsi-meet if you want the jitsi-meet package to automatically create an nginx site configuration for you.
  • On debian there is an issue building the dependencies at install time due to a difference in libssl packages. As a workaround, do sudo apt-get install apt-transport-https libssl1.0-dev luarocks git && sudo luarocks install luacrypto before trying to install the jitsi packages. libssl1.0-dev is needed to build luacrypto, but it will get uninstalled and replaced with libssl-dev due to the dependencies specified by jitsi packages later on.

Jitsi Meet configuration

The following configuration values will need special attention.

Prosody conf.d site config

In /etc/prosody/conf.d/<your jitsi domain>.cfg.lua:

  1. At the top level of the config, add these two lines, replacing <your jitsi domain> with the appropriate value for your installation:
jitsi_meet_domain = "<your jitsi domain>";
jitsi_meet_focus_hostname = "auth.<your jitsi domain>";
  1. app_secret (referred to as application secret during the interactive debconf prompts) needs to match the secret set in your webircgateway config.

  2. app_id (application ID in debconf) must match the hostname in the upstream section of your webircgateway config as well as the server hostname that the KiwiIRC client uses (i.e. startupOptions.server in the client config.json)

  3. Add "muc_role_from_jwt"; "presence_identity"; to modules_enabled in the "muc" component.

  4. Adjust the storage configuration based on your needs. Commenting out the default value in this config will work as shown below, but see the Jitsi docs for other options:

    -- storage = "null"
  1. If you're hosting Jitsi on a separate hostname from KiwiIRC, you will need to either add
cross_domain_bosh = true;

at the top level of the config or manually add CORS headers in your nginx config.

Jicofo SIP Communicator properties

  1. Open /etc/jitsi/jicofo/sip-communicator.properties and add the following line:
org.jitsi.jicofo.DISABLE_AUTO_OWNER=True

Jitsi Meet config

  1. You may also want to disable P2P connectivity in the videobridge's config file at /etc/jitsi/meet/<your jitsi domain>-config.js.
p2p: { enabled: false }

See /usr/share/doc/jitsi-meet-web-config/config.js for an example of the configuration format.

Post-installation patching

Finally, we need to apply the KiwiIRC patches from this repository whenever jitsi-meet-tokens is installed or upgraded:

$ git clone https://github.com/kiwiirc/jitsimeet-patches kiwiirc-jitsimeet-patches
Cloning into 'kiwiirc-jitsimeet-patches'...
remote: Enumerating objects: 271, done.
remote: Total 271 (delta 0), reused 0 (delta 0), pack-reused 271
Receiving objects: 100% (271/271), 418.22 KiB | 0 bytes/s, done.
Resolving deltas: 100% (34/34), done.
Checking connectivity... done.

$ cd kiwiirc-jitsimeet-patches

$ sudo ./patch_jitsi-meet-tokens_for_kiwi.sh
Kiwi patcher for Jitsi Meet Tokens

Applying kiwiirc-jitsi-meet-tokens.patch to /usr/share/jitsi-meet/prosody-plugins/
...
Done!

Restart Services

After patching and configuring the services, you'll want to restart them so the changes take effect.

sudo systemctl restart prosody.service jicofo.service jitsi-videobridge.service