Wrong or missing rewrite rule for guest access in meet?
-
Hi,
I have set up meet using an apache2 reverse proxy (I “translated” the nginx configuration). When I try to use guest access everything looks fine until the guest is trying to access the call.
The generated url for group “public/abc” looks like this: https://meet.domain.tld/meet/r/group/public/abc#guest=1
When the guest tries to access the url a rewrite to https://meet.domain.tld/meet/ happens due to the following rule and the guest eventually lands on the signin page:RewriteRule "^/meet/r/(.*)$" "https://meet.domain.tld/meet/" [L]Which is my “translation” of the nginx rewrite rule:
location /meet { rewrite ^/meet/r/(.*)$ /meet last; alias /usr/share/kopano-meet/meet-webapp; }Is there a missing rewrite rule in the documentation for the guest access or is my translation of the rule wrong?
Has anybody a working apache2 configuration for meet with guest access?I understand that apache2 is not really a supported platform (yet), but due to some legacy applications it would be a real problem to use kwebd for me instead.
I’m using meet 1.2.1-0+346.1 (nightly).
Thanks in advance. -
Hi @rbrunhuber,
Can you share you whole configuration? Maybe I’ll find some time today to verify it.
For the Univention app I resorted to proxying from apache to kweb. I have you can find the config inside of https://stash.z-hub.io/projects/K4U/repos/kopano-apps/browse/kopano-meet/configure_host?at=refs%2Fheads%2Fmeet-domain
-
@rbrunhuber said in Wrong or missing rewrite rule for guest access in meet?:
RewriteRule “^/meet/r/(.*)$” “https://meet.domain.tld/meet/” [L]
This is wrong. You need to do an internal rewrite so that all request urls starting with /meet/r/ do directly return the content of /usr/share/kopano-meet/meet-webapp/index.html .
Please note that there are a lot of additional web server configuration needed. To simplify this, we made kweb which does this all for free.
In setups where on need to keep an existing web server configuration, look at the suggestion from Felix, to reverse proxy to kweb from your apache. If your use case is large enough where this makes a difference, please consider getting in touch with our professional services.
If you want to replicate what kweb does yourself, start at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#110 for meet, at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#81 for kwmserver and at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#55 for kapi.
-
Hi @fbartels,
this is my complete apache configuration for meet:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName meet.domain.tld SSLEngine on SSLCertificateFile /etc/ssl/certs/wild_domain.tld_test.cert SSLCertificateKeyFile /etc/ssl/private/wild_domain.tld_test.key ErrorLog ${APACHE_LOG_DIR}/meet_error.log CustomLog ${APACHE_LOG_DIR}/meet_access.log combined LogLevel error rewrite:trace3 Alias /meet /usr/share/kopano-meet/meet-webapp Alias /api/config/v1/kopano/meet/config.json /usr/share/kopano-meet/meet-webapp/config.json.in RedirectMatch 301 "^/$" "/meet/" RewriteEngine On RewriteRule "^/meet/r/(.*)$" "https://meet.domain.tld/meet/" [L] SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On <Proxy balancer://kwmserver_ws> BalancerMember ws://127.0.0.1:8778 </Proxy> <Proxy balancer://konnect> BalancerMember http://127.0.0.1:8777 </Proxy> <Proxy balancer://kapi> BalancerMember http://127.0.0.1:8039 </Proxy> <Proxy balancer://kapi_ws> BalancerMember ws://127.0.0.1:8039 </Proxy> <Proxy balancer://kwmserver> BalancerMember http://127.0.0.1:8778 </Proxy> RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule /api/kwm/v2/(.*) ws://localhost:8778/api/kwm/v2/$1 [P,L] ProxyPass /api/kwm/v2/ http://kwmserver/api/kwm/v2/ RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteRule ^/api/kvs/v1/(.*)$ ws://localhost:8039/api/kvs/v1/$1 [P,L] ProxyPass /api/kvs/v1 http://localhost:8039/api/kvs/v1/ retry=0 #konnect <Location /.well-known/openid-configuration > ProxyPass http://127.0.0.1:8777/.well-known/openid-configuration </Location> <Location /konnect/v1/jwks.json > ProxyPass http://127.0.0.1:8777/konnect/v1/jwks.json </Location> <Location /konnect/v1/token > ProxyPass http://127.0.0.1:8777/konnect/v1/token </Location> <Location /konnect/v1/userinfo > ProxyPass http://127.0.0.1:8777/konnect/v1/userinfo </Location> <Location /konnect/v1/static > ProxyPass http://127.0.0.1:8777/konnect/v1/static </Location> <Location /konnect/v1/session > ProxyPass http://127.0.0.1:8777/konnect/v1/session </Location> <Location /signin/ > ProxyPass http://127.0.0.1:8777/signin/ </Location> <Location /api/gc/> ProxyPass balancer://kapi/api/gc/ </Location> <Location /api/pubs/> ProxyPass balancer://kapi_ws/api/pubs/ </Location> <Location /api/gc/> ProxyPass balancer://kapi/api/gc/ </Location> <Location /api/gc/> ProxyPass balancer://kapi/api/gc/ </Location> <Location /api/v1/websocket/ > ProxyPass balancer://kwmserver_ws/api/v1/websocket/ </Location> <Location /api/v1/ > ProxyPass balancer://kwmserver/api/v1/ </Location> <Location /api/kvs/v1/ > </Location> </VirtualHost> </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noetIt would be great if you could have a look into it.
-
@longsleep: Thank you very much, that looks much better now.
I updated the rewrite rule as follows and now I’m at directed to the group call page as guest.
RewriteRule "^/meet/r/(.*)$" "/usr/share/kopano-meet/meet-webapp/index.html" [L]Then I had a nice group call with my alter ego “Obsidian Solsticerider” \o/.
I will further test this configuration for now, as it’s a nice playground for me as an enthusiast. If things get more serious with meet I will definitely proxy to kweb.
@fbartels: thank you very much for your support.
