3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 01:23:24 +00:00

Matrix Authentication Support for Jitsi

This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.

1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
This commit is contained in:
jakicoll
2023-01-04 13:45:37 +01:00
parent f400093865
commit 42e4e50f5b
25 changed files with 747 additions and 59 deletions

View File

@@ -203,6 +203,8 @@ matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }
# Controls whether proxying the jitsi domain should be done.
matrix_nginx_proxy_proxy_jitsi_enabled: false
matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}"
matrix_nginx_proxy_proxy_jitsi_manage_wellknown: false
matrix_nginx_proxy_proxy_jitsi_well_known_configuration_blocks: []
# Controls whether proxying the grafana domain should be done.
matrix_nginx_proxy_proxy_grafana_enabled: false

View File

@@ -18,6 +18,15 @@
{{- configuration_block }}
{% endfor %}
{% if matrix_nginx_proxy_proxy_jitsi_manage_wellknown %}
location /.well-known {
root {{ matrix_static_files_base_path }};
expires 4h;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
{% endif %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
@@ -75,7 +84,7 @@
{% if matrix_nginx_proxy_enabled %}
resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s;
set $backend {{ matrix_jitsi_xmpp_bosh_url_base }};
proxy_pass $backend/xmpp-websocket;
proxy_pass $backend$request_uri;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:5280;