3

在我的Jitsi Meet Prodody 配置文件中:~/.jitsi-meet-cfg/prosody/config/conf.d

我有以下配置:

admins = {
  "focus@auth.meet.jitsi",
  "jvb@auth.meet.jitsi"
}

plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
http_default_host = "meet.jitsi"

VirtualHost "meet.jitsi"

authentication = "token"
app_id = "this-is-my-app-id"
app_secret = "FF0AE1DEC0F36167A100CF0C234CF4A5"
allow_empty_token = false

ssl = {
  key = "/config/certs/meet.jitsi.key";
  certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
  "bosh";
  "pubsub";
  "ping";
  "speakerstats";
  "conference_duration";
}

speakerstats_component = "speakerstats.meet.jitsi"
conference_duration_component = "conferenceduration.meet.jitsi"

c2s_require_encryption = false

VirtualHost "auth.meet.jitsi"
ssl = {
  key = "/config/certs/auth.meet.jitsi.key";
  certificate = "/config/certs/auth.meet.jitsi.crt";
}
authentication = "internal_hashed"

VirtualHost "recorder.meet.jitsi"
modules_enabled = {
  "ping";
}
authentication = "internal_hashed"

Component "internal-muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
  "ping";
}
muc_room_locking = false
muc_room_default_public_jids = true

Component "muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
  "muc_meeting_id";
  "token_verification";
}
muc_room_cache_size = 1000
muc_room_locking = false
muc_room_default_public_jids = true

Component "focus.meet.jitsi"
component_secret = "1380629bfbc47acef63de093bcf231ec"

Component "speakerstats.meet.jitsi" "speakerstats_component"
muc_component = "muc.meet.jitsi"

Component "conferenceduration.meet.jitsi" "conference_duration_component"
muc_component = "muc.meet.jitsi"

这样我就可以通过jwt令牌进行身份验证。

但如果我不指定任何令牌,例如:

https://jitsi.mydummyserver.com/test

然后我收到以下提示,要求输入用户名和密码:

在此处输入图像描述

有没有办法只允许令牌身份验证并完全摆脱该提示?

谢谢!

4

1 回答 1

1

tokenAuthUrl您可以在/etc/jitsi/meet/<fqdn>-config.js文件中设置用于生成令牌的端点。

tokenAuthUrl目前无证。您可以在此处查看拉取请求tokenAuthUrl

如果您想在会议 URL 不包含 JWT 令牌的情况下完全重定向,那么您可以在服务器配置中编写一个简单的 Nginx 或 Apache 规则。

由于会议 URL 是https://meet.example.com?jwt=<token>格式的,Nginx 配置规则会像

location / {

    set $url 1;    

    if ($arg_jwt = ''){
        set $url 0;
    }   

    if ($url = 1){
        return 301 https://$host$request_uri;
    }

    return 301 https://example.com;
 
}

如果会议 URL 不包含 JWT 查询参数,这将重定向到example.com,即使用户尝试通过jwt在会议 URL 末尾附加 auery 参数来绕过 Nginx 规则,访问也将被拒绝,因为 JWT 无效.

于 2021-02-21T18:52:10.747 回答