diff --git a/README.md b/README.md index 240e918..c93e9b8 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ sudo systemctl enable --now meet-accountmanager.socket #### 3.2 Test the Django socket ```sh -sudo -u www-data curl --unix-socket /run/meet-accountmanager.sock http +sudo -u www-data curl --header "X-Forwarded-Proto: https" --unix-socket /run/meet-accountmanager.sock https:/accountmanager/accountmanager/login/ ``` The Gunicorn service should be automatically started and you should see some HTML from your server in the terminal. @@ -256,200 +256,3 @@ The following sources were consulted to create the installation guide: [Gunicorn documentation on deployment](https://docs.gunicorn.org/en/latest/deploy.html) [django-registration-redux 2.9 documentation](https://django-registration-redux.readthedocs.io/en/latest/) -## Manual Installation - -These instructions are for installation on Ubuntu 20.04. They -assume that you already have a working Jitsi installation and mariadb is installed and ready to go. -We followed these Digital Ocean community tutorials to set them up: -* [How To Install Jitsi Meet on Ubuntu 20.04 By Elliot Cooper](https://www.digitalocean.com/community/tutorials/how-to-install-jitsi-meet-on-ubuntu-20-04) -* [How To Install MariaDB on Ubuntu 20.04 By Brian Boucheron and Mark -Drake](https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-ubuntu-20-04) - -### 0. Download the files -Download the two archives: -* `meet-accountmanager.tar.xz` -* `prosody-native-utils-amd64.tar.xz` - -From [jitsi-community Releases](https://github.com/publiccodenet/jitsi-community/releases). - -You can use the command below to download a file, replace the ``: -```sh -curl -LO -``` - -### 1. Create a MariaDB database and users for our services. -Open the MariaDB client: -```sh -mariadb -``` -In the following section change __ for the accountmanager and the Prosody database users. Run it to create the database: -```mysql -CREATE DATABASE accountmanager CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci; - -CREATE USER 'accountmanager'@'localhost' IDENTIFIED BY ''; -GRANT CREATE, ALTER, INDEX, SELECT, UPDATE, INSERT, DELETE, REFERENCES ON accountmanager.* TO 'accountmanager'@'localhost'; - -CREATE USER 'prosody'@'localhost' IDENTIFIED BY ''; -GRANT SELECT ON accountmanager.* TO 'prosody'@'localhost'; -``` - - -### 2. Create a system user and group for the meet-accountmanager service. - -```sh -sudo adduser --quiet --system --home "/var/lib/meet-accountmanager" --group meet-accountmanager -``` - -### 3. Create directories -Create home, configuration and logging directories for the -meet-accountmanager service to use. The logging and home directories should be -writable by the service. - -```sh -sudo mkdir -p /{etc/meet-accountmanager,/var/{lib,log}/meet-accountmanager} -chown -R meet-accountmanager:meet-accountmanager /var/{lib,log}/meet-accountmanager -``` - -### 4. Install the meet-accountmanager Django app - -Unpack the meet account manager archive into /opt/meet-accountmanager -```sh -sudo tar -xJf meet-accountmanager.tar.xz -C /opt -``` - -Configure Django's database connection by copying the example config -into the configuration directory. Then edit the values: -```sh -cp /opt/meet-accountmanager/example-configuration/* /etc/meet-accountmananger/ -chown root:meet-accountmanager /etc/meet-accountmanager/database.cnf -chmod 640 /etc/meet-accountmanager/database.cnf -``` - -Configure Django's email server password by placing it in the file `/etc/meet-accountmanager/email_password`. -```sh -touch /etc/meet-accountmanager/email_password -chown root:meet-accountmanager /etc/meet-accountmanager/email_password -chmod 640 /etc/meet-accountmanager/email_password -nano /etc/meet-accountmanager/email_password -``` - -Generate a secret key for session and cookie encryption: -```sh -cd /etc/meet-accountmanager/ -umask 037 -python3 /opt/meet-accountmanager/create_key.py key -umask 022 -``` - -Configure the email accounts that will receive notifications for approvals. -Edit `accountmanager/settings.py`. Update the line with the emails: -```python -REGISTRATION_ADMINS = [('', '')] -``` - -Activate the Python virtual environment and use Django's manage.py to -initialize the database: -```sh -cd /opt/meet-accountmanager -source venv/bin/activate -python manage.py makemigrations -python manage.py migrate -``` - -Add a Django admin user: -```sh -python manage.py createsuperuser -``` -### Setup the systemd unit files for meet-accountmanager - -Add the socket and service: -```sh -sudo cp systemd/meet-accountmanager.{service,socket} /etc/systemd/system/ -``` - -Restart the socket and service: -```sh -sudo systemctl enable --now meet-accountmanager.socket -``` - -Test the Django socket -```sh -sudo -u www-data curl --unix-socket /run/gunicorn.sock http -``` -The Gunicorn service should be automatically -started and you should see some HTML from your server in the terminal. - -### Update the Nginx configuration - -Add the following to your Nginx configuration for the Jitsi Meet site. -The file is located in `/etc/nginx/sites-available` and is probably -named `__.conf`. - -Add the following before the first `server` block: -```nginx -upstream accountmanager { - # fail_timeout=0 means we always retry an upstream even if it failed - # to return a good HTTP response - server unix:/run/meet-accountmanager.sock fail_timeout=0; -} -``` - -Add the following block after the `location = /external_api.js` block: -```nginx - location ~ ^/static2/(.*)$ { - add_header 'Access-Control-Allow-Origin' '*'; - alias /opt/meet-accountmanager/static2/$1; - # try_files $uri =404; - # cache all versioned files - if ($arg_v) { - expires 1y; - } - } -``` - -Add the following block after the `location = /xmpp-websocket` block: -```nginx - location ^~ /accountmanager/ { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - # we don't want nginx trying to do something clever with - # redirects, we set the Host: header above already. - proxy_set_header SCRIPT_NAME /accountmanager; - proxy_redirect off; - proxy_pass http://accountmanager; - } -``` - -### Install the prosody modules -Unzip the Prosody zip file. -```sh -unzip prosody-native-utils-amd64.zip -``` - -Replace hashes.so with a version of hashes.so taken from a more recent version of Prosody -because we need SHA-256 support. -```sh -mv /usr/lib/prosody/util/hashes.so /usr/lib/prosody/util/hashes.so.bak -cp hashes.so /usr/lib/prosody/util/ -cp mod_auth_sql_hashed.lua /usr/lib/prosody/modules/ -``` - -### Edit the Prosody configuration for the Jitsi instance. -Configure the Prosody instance to use the auth_sql_hashed module and add an auth_sql block containing the credentials for the Prosody MariaDB user you created earlier. -In the configuration block for the Prosody host used by your Jitsi instance. -```lua - authentication = "sql_hashed" - auth_sql = { driver = "MySQL", database = "accountmanager", username = "prosody", password = "", host = "localhost" -``` -Restart the Prosody instance. - -### Test the installation -Test that a user that is added in Django can log into Jitsi. - -## References -The following sources were consulted to create the installation guide: -[Django documentation](https://docs.djangoproject.com/en/3.2/) -[Gunicorn documentation on deployment](https://docs.gunicorn.org/en/latest/deploy.html) -[django-registration-redux 2.9 documentation](https://django-registration-redux.readthedocs.io/en/latest/) -