This project allows users to sign up to a Jitsi instance using a web UI.
IMPORTANT WARNING: There is currently no automated way to migrate your users from the Prosody user database into the Django database. We had a small number of users that we migrated manually by recreating their user accounts in Django admin console.
The web UI is a Django instance. It repurposes Django's admin Console to provide a way to manage users. The regisitration-redux module provides a way for users to sign up, regisitration-redux is configured to require admin approval of new user accounts. To link Jitsi to the Django user database a Prosody module is supplied. To get the version of Prosody that ships as part of Ubuntu 20.04 to work with the SHA256 hashes that Django uses, the Prosody utils module, hashes.so, has to be replaced with a newer version. The requirements.txt includes a dependency for Gunicorn to serve Django. Also provided are systemd unit files for a socket and service to keep it running.
The solution reuses code from various projects and as such those parts fall under following licences:
- Code reused from Django - BSD-3-Clause
- Code reused from Prosody and the Prosody community modules - MIT
All code not falling under the above is dual licensed under Apache-2.0 and MIT.
| Directory | Explanation |
|---|---|
| meet-accountmanager | a Django application for user sign up |
| prosody | contains files for Prosody |
| systemd | unit files for services and socket |
| configuration | example configuration files |
| util | utility scripts |
These instructions are for installation on Ubuntu 20.04. They assume that you already have a working Jitsi installation and mariadb is installed and ready to go. We followed these Digital Ocean community tutorials to set them up:
- How To Install Jitsi Meet on Ubuntu 20.04 By Elliot Cooper
- How To Install MariaDB on Ubuntu 20.04 By Brian Boucheron and Mark Drake
Download the two archives:
meet-accountmanager.tar.xzprosody-native-utils-amd64.tar.xz
From jitsi-community Releases.
You can use the command below to download a file, replace the <url copied from releases>:
curl -LO <url copied from releases>Open the MariaDB client:
mariadbIn the following section change for the accountmanager and the Prosody database users. Run it to create the database:
CREATE DATABASE accountmanager CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci;
CREATE USER 'accountmanager'@'localhost' IDENTIFIED BY '<replace with password>';
GRANT CREATE, ALTER, INDEX, SELECT, UPDATE, INSERT, DELETE, REFERENCES ON accountmanager.* TO 'accountmanager'@'localhost';
CREATE USER 'prosody'@'localhost' IDENTIFIED BY '<replace with password>';
GRANT SELECT ON accountmanager.* TO 'prosody'@'localhost';Install the deb using apt. The meet-accountmanager service will be installed into /opt/meet-accountmanager
sudo apt install ./meet-accountmanager_<version_you_downloaded>.debConfigure Django's database connection by editing /etc/meet-accountmanager/database.cnf:
sudo nano /etc/meet-accountmanager/database.cnfEdit accountmanager/settings.py.
sudo nano /etc/meet-accountmanager/settings.py
Update the following lines to add the details for the email account that will be used by the meet-accountmanager to verify emails and send notifications during the user registration process.
EMAIL_HOST = ""
EMAIL_HOST_USER = ""
KEY = ""
EMAIL_PORT = 587
EMAIL_USE_TLS = True
DEFAULT_FROM_EMAIL = ""Update the line with the emails:
REGISTRATION_ADMINS = [('<change to name>', '<change to email address>')]Use Django's manage.py to initialize the database:
cd /opt/meet-accountmanager
./manage.py makemigrations
./manage.py migrateAdd a Django admin user:
python manage.py createsuperuserRestart the socket and service:
sudo systemctl enable --now meet-accountmanager.socketTest the Django socket
sudo -u www-data curl --header "X-Forwarded-Proto: https" --unix-socket /run/meet-accountmanager.sock https:/accountmanager/accountmanager/login/The Gunicorn service should be automatically started and you should see some HTML from your server in the terminal.
Add the following to your Nginx configuration for the Jitsi Meet site.
The file is located in /etc/nginx/sites-available and is probably
named _<your site address>_.conf.
Add the following before the first server block:
upstream accountmanager {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server unix:/run/meet-accountmanager.sock fail_timeout=0;
}Add the following block after the location = /external_api.js block:
location ~ ^/static2/(.*)$ {
add_header 'Access-Control-Allow-Origin' '*';
alias /opt/meet-accountmanager/static2/$1;
# try_files $uri =404;
# cache all versioned files
if ($arg_v) {
expires 1y;
}
}Add the following block after the location = /xmpp-websocket block:
location ^~ /accountmanager/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_set_header SCRIPT_NAME /accountmanager;
proxy_redirect off;
proxy_pass http://accountmanager;
}Test the nginx configuration:
sudo nginx -c /etc/nginx/nginx.conf -tReload the nginx configuration.
sudo systemctl reload nginxInstall the lua dbi mysql package:
sudo apt install lua-dbi-mysqlUnzip the Prosody zip file.
tar -xJf prosody-native-utils-amd64.tar.xzReplace hashes.so with a version of hashes.so taken from a more recent version of Prosody because we need SHA-256 support.
sudo mv /usr/lib/prosody/util/hashes.so /usr/lib/prosody/util/hashes.so.bak
sudo cp prosody/util-src/hashes.so /usr/lib/prosody/util/
sudo cp prosody/auth_module/mod_auth_sql_hashed.lua /usr/lib/prosody/modules/Configure the Prosody instance to use the auth_sql_hashed module and add an auth_sql block containing the credentials for the Prosody MariaDB user you created earlier. In the configuration block for the Prosody host used by your Jitsi instance.
authentication = "sql_hashed"
auth_sql = { driver = "MySQL", database = "accountmanager", username = "prosody", password = "<prosody sql user password>", host = "localhost" }Restart the Prosody instance.
sudo systemctl restart prosodyTest that a user that is added in Django can log into Jitsi.
The following sources were consulted to create the installation guide: Django documentation Gunicorn documentation on deployment django-registration-redux 2.9 documentation