Jitsi is an open-source voice, video conferencing and instant messaging application. We can use it to easily build and deploy secure communication solutions. It is developed in Java and supports many telephony and instant messaging protocols.
By default JITSI comes up with no authentication set, means everyone can use your JITSI server for there video conferencing need. In order to setup a basic authentication you can enable secure domain on your JITSI instance. You can follow this guide to enable that on your server.
Now, once you have authentication enabled on your JITSI server you will notice that the users you created are not stored in the database. By default prosody (xmpp server) stores username and password in the memory. So let’s say if you guys want to integrate your custom app and want to generate bunch of users on JITSI then you not gonna like to execute prosodyctl commands on bash shell each time you create a new user. So to overcome this issue, we can enable mysql backend in prosody and can store the users of JITSI server in mysql database. Please hang tight as we proceed.
Installation
For this tutorial, we will be using Ubuntu 18 LTS as the host operating system. This tutorial assumes that you already have secure domain set up, if not then please follow this guide and come back to this blog. Here are all the steps we will be following to setup mysql auth on JITSI-MEET server.
- Some Pre-Requisite operations
- Set up MySQL database
- Prosody Configuration
- Adding Users
Step 1: Pre-Requisite
To begin with, we will first install MySQL server and some required packages on the host OS.
apt install mysql-server lua-dbi-mysql lua-dbi-mysql-dev
Now we will proceed with the MySQL installation and will setup username and password for root user.
mysql_secure_installation
Step 2: MySQL Database
We will create a database in MySQL to store our users. Also, we need a user who will manage the MySQL database.
mysql -uroot -p
Let’s create the database first
CREATE DATABASE prosody;
And now the user. Change the secret with a strong password below.
CREATE USER 'prosody'@'localhost' IDENTIFIED BY 'secret'; GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'localhost'; FLUSH PRIVILEGES; exit
Step 3: Prosody Configuration
We will now edit the prosody config file and will enable mysql storage backend.
nano /etc/prosody/prosody.cfg.lua
Add the following lines in the config file
storage = "sql"
sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
sql_manage_tables = true
default_storage = "internal"
storage = {
accounts = "sql";
}
Please replace username and password above with your mysql username and password you guys set while creating prosody database. Now let’s restart prosody we will be good to go.
systemctl restart prosody
Before you proceed with Step 4, make sure prosody has created the tables inside the prosody database after restarting prosody service.
Step 4: Users
Since prosody has now switched to MySQL storage backend for users, The users such as focus and jvb, which are required for the proper functioning of the secure domain and JITSI, will not be able to authenticate with prosody. So our first task is to add the above-mentioned users into our database.
The password for these users can be found in their configuration files.
nano /etc/jitsi/jicofo/config
nano /etc/jitsi/videobridge/config
Now to add the users, we will use the prosodyctl utility. Note: JITSI native users like focus, jvb etc are required to be in the database before you add normal users.Because jicofo and videobridge not gonna work if we don’t have there xmpp users in the prosody database.
prosodyctl register focus auth.j1.securevoip.io password prosodyctl register jvb auth.j1.securevoip.io password
Now if we look at the prosody database that we created we will see the users we just added
Now we can start adding normal users which we will be using for authentication and starting conference sessions.
prosodyctl register ramneek your-jitsi-domain.com password
The following image shows that our new user was successfully registered.
Thanks for spending time with us. If you have any question or want to provide feedback please leave a comment in the comment section.
please show how to create the tables with structure inside the prosody database (before step 4). thank you very much
Hi bakter,
If you look into the prosody config, you will see the following line
sql_manage_tables = true
So prosody will automatically create the tables for you after you restart prosody service.
hi, congratulations for this post.
when i create user password return this error:
Error: Account creation/modification not supported.
what am I doing wrong ?
Hi,
Have you configured Secure Domain on Jitsi?
If you have configured Secure Domain and it is working, then it is possible that there is an issue with the prosody configuration.
It is also possible to get this error if you have not restarted the required services(which are prosody, jitsi, jitsi-videobridge, jicofo) after making the changes in the configuration files.
I hope this helps.
Any way to can authenticate using an external database ?
Yes. Why not. Just change the host address in MySQL connection string
Hello. Thanks for guide.
I have configure as you shown. But I get error about Jicofo service
Thanks a lot for your help!
But i’ve a question :
What about “modulemanager error Error initializing module ‘auth_sql’ on ”: /usr/lib/prosody/modules/mod_auth_sql.lua:26: attempt to call field ‘unlock_globals’ (a nil value)” after the command “prosodyctl register secret” ?
Regards