Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:jitsimeet [2019/06/03 17:05]
documentation:latest:applications:jitsimeet [2019/06/03 17:05] (current)
Line 1: Line 1:
 +====== Jitsi Meet ======
 +
 +{{ :​applications:​logo-jitsimeet.png |}}
 +
 +===== Presentation =====
 +
 +[[https://​github.com/​jitsi/​jitsi-meet|Jitsi Meet]] is a WEBRTC-based video conferencing application,​ powering the [[http://​meet.jit.si|meet.jit.si]] online service.
 +
 +Users may install their own instance of Jitsi Meet for private use, in which case, they may use authentication to control the creation of conference rooms.
 +
 +The official documentation provides instructions on [[https://​github.com/​jitsi/​jicofo/​blob/​master/​doc/​shibboleth.md|how to configure Jitsi Meet to use Shibboleth]],​ but with a little adaptation, it can work just as fine with LemonLDAP::​NG.
 +
 +===== Configuration =====
 +
 +==== Pre-requisites ====
 +
 +In this guide, it is assumed that you have followed the [[https://​github.com/​jitsi/​jitsi-meet/​blob/​master/​doc/​quick-install.md|Jitsi Meet quick start]] and that **you have installed Nginx on your Jitsi Meet server first**
 +
 +If you have not done that, the Jitsi Meet installer will not generate a Nginx configuration file for you. This is not a problem is you are already using your own reverse proxy.
 +
 +
 +==== Jitsi Meet configuration ====
 +
 +As with the Shibboleth guide, you need to configure ''/​etc/​jitsi/​jicofo/​sip-communicator.properties''​
 +
 +<​code>​
 +org.jitsi.jicofo.auth.URL=shibboleth:​default
 +org.jitsi.jicofo.auth.LOGOUT_URL=/​logout/​
 +</​code>​
 +
 +This defines the login servlet as ''/​login/''​ and the logout URL as ''/​logout/''​
 +
 +
 +==== Jitsi Meet Nginx configuration ====
 +
 +In the Nginx configuration that the Jitsi Meet quickstart generated, you must add the following blocks, just like you would in a typical handler configuration file:
 +
 +<​code>​
 +
 + ​location = /lmauth {
 +    internal;
 +    include /​etc/​nginx/​fastcgi_params;​
 +    fastcgi_pass unix:/​var/​run/​llng-fastcgi-server/​llng-fastcgi.sock
 +    fastcgi_pass_request_body ​ off;
 +    fastcgi_param CONTENT_LENGTH "";​
 +    fastcgi_param HOST $http_host;
 +    fastcgi_param X_ORIGINAL_URI ​ $request_uri;​
 +  }
 +
 +# Protect only the /login/ and /logout/ URLs. 
 +# You may want to change this is your goal is to make the whole Jitsi Meet instance private
 +
 +location ~ ^/​log(in|out)/​ {
 +
 + auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    error_page 401 $lmlocation;​
 +
 +    auth_request_set $mail $upstream_http_mail;​
 +    proxy_set_header mail $mail;
 +    auth_request_set $lmcookie $upstream_http_cookie;​
 +    proxy_set_header Cookie: $lmcookie;
 +
 + proxy_pass http://​127.0.0.1:​8888;​
 +}
 +</​code>​
 +
 +
 +==== Jitsi Meet Virtual host in Manager ====
 +
 +Go to the Manager and [[..configvhost#​lemonldapng_configuration|create a new virtual host]] for Jitsi Meet.
 +
 +Configure the [[..writingrulesand_headers#​rules|access rules]].
 + * Don't forget to configure the /logout/ URL
 +
 +Configure the following [[..writingrulesand_headers#​headers|headers]].
 +  * **mail**: $mail
 +  * **displayName**:​ $cn
 +
 +<note warning>
 +Jitsi meet expects to find a ''​mail''​ HTTP header, it will ignore REMOTE_USER and only use the mail value to identify the user.
 +</​note>​