How to setup MySQL authentication on JITSI

Jitsi is an open-source voice, video conferencing and instant messaging application. We can use it to easily build and deploy secure communication solutions. It is developed in Java and supports many telephony and instant messaging protocols.

By default JITSI comes up with no authentication set, means everyone can use your JITSI server for there video conferencing need. In order to setup a basic authentication you can enable secure domain on your JITSI instance. You can follow this guide to enable that on your server.

Now, once you have authentication enabled on your JITSI server you will notice that the users you created are not stored in the database. By default prosody (xmpp server) stores username and password in the memory. So let’s say if you guys want to integrate your custom app and want to generate bunch of users on JITSI then you not gonna like to execute prosodyctl commands on bash shell each time you create a new user. So to overcome this issue, we can enable mysql backend in prosody and can store the users of JITSI server in mysql database. Please hang tight as we proceed.

Installation


For this tutorial, we will be using Ubuntu 18 LTS as the host operating system. This tutorial assumes that you already have secure domain set up, if not then please follow this guide and come back to this blog. Here are all the steps we will be following to setup mysql auth on JITSI-MEET server.

  1. Some Pre-Requisite operations
  2. Set up MySQL database
  3. Prosody Configuration
  4. Adding Users

Step 1: Pre-Requisite


To begin with, we will first install MySQL server and some required packages on the host OS.

apt install mysql-server lua-dbi-mysql lua-dbi-mysql-dev

Now we will proceed with the MySQL installation and will setup username and password for root user.

mysql_secure_installation

Step 2: MySQL Database


We will create a database in MySQL to store our users. Also, we need a user who will manage the MySQL database.

mysql -uroot -p

Let’s create the database first

CREATE DATABASE prosody;

And now the user. Change the secret with a strong password below.

CREATE USER 'prosody'@'localhost' IDENTIFIED BY 'secret';
GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'localhost';
FLUSH PRIVILEGES;
exit

Step 3: Prosody Configuration


We will now edit the prosody config file and will enable mysql storage backend.

nano /etc/prosody/prosody.cfg.lua

Add the following lines in the config file

storage = "sql"
sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
 sql_manage_tables = true
 default_storage = "internal"
     storage = {
         accounts = "sql";
     }

Please replace username and password above with your mysql username and password you guys set while creating prosody database. Now let’s restart prosody we will be good to go.

systemctl restart prosody

Before you proceed with Step 4, make sure prosody has created the tables inside the prosody database after restarting prosody service.

Step 4: Users


Since prosody has now switched to MySQL storage backend for users, The users such as focus and jvb, which are required for the proper functioning of the secure domain and JITSI, will not be able to authenticate with prosody. So our first task is to add the above-mentioned users into our database.

The password for these users can be found in their configuration files.

nano /etc/jitsi/jicofo/config
nano /etc/jitsi/videobridge/config

Now to add the users, we will use the prosodyctl utility. Note: JITSI native users like focus, jvb etc are required to be in the database before you add normal users.Because jicofo and videobridge not gonna work if we don’t have there xmpp users in the prosody database.

prosodyctl register focus auth.j1.securevoip.io password
prosodyctl register jvb auth.j1.securevoip.io password

Now if we look at the prosody database that we created we will see the users we just added

Now we can start adding normal users which we will be using for authentication and starting conference sessions.

prosodyctl register ramneek your-jitsi-domain.com password

The following image shows that our new user was successfully registered.


Thanks for spending time with us. If you have any question or want to provide feedback please leave a comment in the comment section.

Leave a Reply

Your email address will not be published. Required fields are marked *