Diferencia entre revisiones de «Instalación de Servidor Jitsi con token»
Sin resumen de edición |
Sin resumen de edición |
||
Línea 1: | Línea 1: | ||
* | Por defecto, Jitsi Meet no viene disponible en los repositorios de Debian 9, para ello deberemos de añadir el repositorio oficial. | ||
'''Sobre debian 10 no funciona por que utiliza el paquete lua5.2 y la libreria luacrypt no compila.''' | |||
wget -qO - <nowiki>https://download.jitsi.org/jitsi-key.gpg.key</nowiki> | apt-key add - | |||
Añadimos el repositorio: | |||
sh -c "echo 'deb <nowiki>https://download.jitsi.org</nowiki> stable/'> /etc/apt/sources.list.d/jitsi.list" | |||
Actualizamos los repositorios e instalamos el paquete necesario: | |||
apt update | |||
apt install jitsi-meet | |||
La autenticacion por token necesita una version de prosody en particular, la instalamos: | |||
wget <nowiki>https://packages.prosody.im/debian/pool/main/p/prosody-trunk/prosody-trunk_1nightly747-1~stretch_amd64.deb</nowiki> | |||
dpkg -i prosody-trunk_1nightly747-1~stretch_amd64.deb | |||
Instalamos el paquete de jitsi para token | |||
apt install jitsi-meet-tokens | |||
Hay que asegurarse que al final del archivo /etc/prosody/prosody.cfg.lua contenga la siguiente linea | |||
Include "conf.d/*.cfg.lua" | |||
Chequear que el cifrado de cliente a servidor no se aplica en el archivo /etc/prosody/prosody.cfg.lua | |||
c2s_require_encryption=false | |||
Editamos el archivo /etc/prosody/conf.d/jitsi.unq.edu.ar.cfg.lua y nos aseguramos que la linea plugin_paths este descomentada, es decir que no tenga adelante – | |||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } | |||
-- domain mapper options, must at least have domain base set to use the mapper | |||
muc_mapper_domain_base = "jitsi.riu.edu.ar"; | |||
turncredentials_secret = "pM5NU340JZ3S6dIr"; | |||
turncredentials = { | |||
{ type = "stun", host = "jitsi.riu.edu.ar", port = "4446" }, | |||
{ type = "turn", host = "jitsi.riu.edu.ar", port = "4446", transport = "udp" }, | |||
{ type = "turns", host = "jitsi.riu.edu.ar", port = "443", transport = "tcp" } | |||
}; | |||
cross_domain_bosh = false; | |||
consider_bosh_secure = true; | |||
VirtualHost "jitsi.unq.edu.ar" | |||
-- enabled = false -- Remove this line to enable this host | |||
authentication = "token" | |||
app_id = "id-app" | |||
app_secret = "secreto" | |||
allow_empty_token = false | |||
-- Properties below are modified by jitsi-meet-tokens package config | |||
-- and authentication above is switched to "token" | |||
-- Assign this host a certificate for TLS, otherwise it would use the one | |||
-- set in the global section (if any). | |||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always | |||
-- use the global one. | |||
ssl = { | |||
key = "/etc/prosody/certs/jitsi.riu.edu.ar.key"; | |||
certificate = "/etc/prosody/certs/jitsi.riu.edu.ar.crt"; | |||
} | |||
speakerstats_component = "speakerstats.jitsi.riu.edu.ar" | |||
conference_duration_component = "conferenceduration.jitsi.riu.edu.ar" | |||
-- we need bosh | |||
modules_enabled = { | |||
"bosh"; | |||
"pubsub"; | |||
"ping"; -- Enable mod_ping | |||
"speakerstats"; | |||
"turncredentials"; | |||
"conference_duration"; | |||
"presence_identity"; #Este parametro tiene que estar habilitado | |||
} | |||
c2s_require_encryption = false | |||
Component "conference.jitsi.riu.edu.ar" "muc" | |||
storage = "null" | |||
modules_enabled = { | |||
"muc_meeting_id"; | |||
"muc_domain_mapper"; | |||
"token_verification"; #Este parametro tiene que estar habilitado | |||
} | |||
admins = { "focus@auth.jitsi.riu.edu.ar" } | |||
muc_room_locking = false | |||
muc_room_default_public_jids = true | |||
-- internal muc component | |||
Component "internal.auth.jitsi.riu.edu.ar" "muc" | |||
storage = "null" | |||
modules_enabled = { | |||
"ping"; | |||
} | |||
admins = { "focus@auth.jitsi.riu.edu.ar", "jvb@auth.jitsi.riu.edu.ar" } | |||
-- muc_room_locking = false | |||
-- muc_room_default_public_jids = true | |||
VirtualHost "auth.jitsi.riu.edu.ar" | |||
ssl = { | |||
key = "/etc/prosody/certs/auth.jitsi.riu.edu.ar.key"; | |||
certificate = "/etc/prosody/certs/auth.jitsi.riu.edu.ar.crt"; | |||
} | |||
authentication = "internal_plain" | |||
Component "focus.jitsi.riu.edu.ar" | |||
component_secret = "V9aZtBrm" | |||
Component "speakerstats.jitsi.riu.edu.ar" "speakerstats_component" | |||
muc_component = "conference.jitsi.riu.edu.ar" | |||
Component "conferenceduration.jitsi.riu.edu.ar" "conference_duration_component" | |||
muc_component = "conference.jitsi.riu.edu.ar" | |||
Instalar los paquetes necesarios para que funcione la autenticación con token | |||
apt install libssl1.0-dev luarocks | |||
luarocks install basexx | |||
luarocks install luacrypto | |||
luarocks install lua-cjson | |||
luarocks install lbase64 | |||
luarocks install luajwtjitsi | |||
Reemplazar el archivo mod_posix.lua, de la siguiente manera | |||
cd /usr/lib/prosody/modules/ | |||
rm mod_posix.lua | |||
wget <nowiki>https://raw.githubusercontent.com/bjc/prosody/master/plugins/mod_posix.lua</nowiki> | |||
Reiniciamos prosody | |||
/etc/init.d/prosody restart | |||
Luego generamos el token, para esto ingresamos a la pagina <nowiki>https://jwt.io/</nowiki> y la completamos de la siguiente manera: | |||
{ | |||
"alg": "HS256", | |||
"typ": "JWT" | |||
} | |||
{ | |||
"aud": "jitsi", | |||
"iss": "app_id", | |||
"sub": "jitsi.unq.edu.ar", | |||
"room": "*" | |||
} | |||
Reemplazamos "your-256-bit-secret" por el app_secret |
Revisión actual - 14:46 3 jul 2023
Por defecto, Jitsi Meet no viene disponible en los repositorios de Debian 9, para ello deberemos de añadir el repositorio oficial.
Sobre debian 10 no funciona por que utiliza el paquete lua5.2 y la libreria luacrypt no compila.
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
Añadimos el repositorio:
sh -c "echo 'deb https://download.jitsi.org stable/'> /etc/apt/sources.list.d/jitsi.list"
Actualizamos los repositorios e instalamos el paquete necesario:
apt update apt install jitsi-meet
La autenticacion por token necesita una version de prosody en particular, la instalamos:
wget https://packages.prosody.im/debian/pool/main/p/prosody-trunk/prosody-trunk_1nightly747-1~stretch_amd64.deb dpkg -i prosody-trunk_1nightly747-1~stretch_amd64.deb
Instalamos el paquete de jitsi para token
apt install jitsi-meet-tokens
Hay que asegurarse que al final del archivo /etc/prosody/prosody.cfg.lua contenga la siguiente linea
Include "conf.d/*.cfg.lua"
Chequear que el cifrado de cliente a servidor no se aplica en el archivo /etc/prosody/prosody.cfg.lua
c2s_require_encryption=false
Editamos el archivo /etc/prosody/conf.d/jitsi.unq.edu.ar.cfg.lua y nos aseguramos que la linea plugin_paths este descomentada, es decir que no tenga adelante –
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" } -- domain mapper options, must at least have domain base set to use the mapper muc_mapper_domain_base = "jitsi.riu.edu.ar"; turncredentials_secret = "pM5NU340JZ3S6dIr"; turncredentials = { { type = "stun", host = "jitsi.riu.edu.ar", port = "4446" }, { type = "turn", host = "jitsi.riu.edu.ar", port = "4446", transport = "udp" }, { type = "turns", host = "jitsi.riu.edu.ar", port = "443", transport = "tcp" } }; cross_domain_bosh = false; consider_bosh_secure = true; VirtualHost "jitsi.unq.edu.ar" -- enabled = false -- Remove this line to enable this host authentication = "token" app_id = "id-app" app_secret = "secreto" allow_empty_token = false -- Properties below are modified by jitsi-meet-tokens package config -- and authentication above is switched to "token" -- Assign this host a certificate for TLS, otherwise it would use the one -- set in the global section (if any). -- Note that old-style SSL on port 5223 only supports one certificate, and will always -- use the global one. ssl = { key = "/etc/prosody/certs/jitsi.riu.edu.ar.key"; certificate = "/etc/prosody/certs/jitsi.riu.edu.ar.crt"; } speakerstats_component = "speakerstats.jitsi.riu.edu.ar" conference_duration_component = "conferenceduration.jitsi.riu.edu.ar" -- we need bosh modules_enabled = { "bosh"; "pubsub"; "ping"; -- Enable mod_ping "speakerstats"; "turncredentials"; "conference_duration"; "presence_identity"; #Este parametro tiene que estar habilitado } c2s_require_encryption = false Component "conference.jitsi.riu.edu.ar" "muc" storage = "null" modules_enabled = { "muc_meeting_id"; "muc_domain_mapper"; "token_verification"; #Este parametro tiene que estar habilitado } admins = { "focus@auth.jitsi.riu.edu.ar" } muc_room_locking = false muc_room_default_public_jids = true -- internal muc component Component "internal.auth.jitsi.riu.edu.ar" "muc" storage = "null" modules_enabled = { "ping"; } admins = { "focus@auth.jitsi.riu.edu.ar", "jvb@auth.jitsi.riu.edu.ar" } -- muc_room_locking = false -- muc_room_default_public_jids = true VirtualHost "auth.jitsi.riu.edu.ar" ssl = { key = "/etc/prosody/certs/auth.jitsi.riu.edu.ar.key"; certificate = "/etc/prosody/certs/auth.jitsi.riu.edu.ar.crt"; } authentication = "internal_plain" Component "focus.jitsi.riu.edu.ar" component_secret = "V9aZtBrm" Component "speakerstats.jitsi.riu.edu.ar" "speakerstats_component" muc_component = "conference.jitsi.riu.edu.ar" Component "conferenceduration.jitsi.riu.edu.ar" "conference_duration_component" muc_component = "conference.jitsi.riu.edu.ar"
Instalar los paquetes necesarios para que funcione la autenticación con token
apt install libssl1.0-dev luarocks luarocks install basexx luarocks install luacrypto luarocks install lua-cjson luarocks install lbase64 luarocks install luajwtjitsi
Reemplazar el archivo mod_posix.lua, de la siguiente manera
cd /usr/lib/prosody/modules/ rm mod_posix.lua wget https://raw.githubusercontent.com/bjc/prosody/master/plugins/mod_posix.lua
Reiniciamos prosody
/etc/init.d/prosody restart
Luego generamos el token, para esto ingresamos a la pagina https://jwt.io/ y la completamos de la siguiente manera:
{ "alg": "HS256", "typ": "JWT" } { "aud": "jitsi", "iss": "app_id", "sub": "jitsi.unq.edu.ar", "room": "*" } Reemplazamos "your-256-bit-secret" por el app_secret