Wrong or missing rewrite rule for guest access in meet?



  • Hi,

    I have set up meet using an apache2 reverse proxy (I “translated” the nginx configuration). When I try to use guest access everything looks fine until the guest is trying to access the call.

    The generated url for group “public/abc” looks like this: https://meet.domain.tld/meet/r/group/public/abc#guest=1
    When the guest tries to access the url a rewrite to https://meet.domain.tld/meet/ happens due to the following rule and the guest eventually lands on the signin page:

     RewriteRule "^/meet/r/(.*)$" "https://meet.domain.tld/meet/" [L]
    

    Which is my “translation” of the nginx rewrite rule:

    location /meet {
            rewrite ^/meet/r/(.*)$ /meet last;
            alias /usr/share/kopano-meet/meet-webapp;
    }
    

    Is there a missing rewrite rule in the documentation for the guest access or is my translation of the rule wrong?
    Has anybody a working apache2 configuration for meet with guest access?

    I understand that apache2 is not really a supported platform (yet), but due to some legacy applications it would be a real problem to use kwebd for me instead.

    I’m using meet 1.2.1-0+346.1 (nightly).
    Thanks in advance.


  • Kopano

    Hi @rbrunhuber,

    Can you share you whole configuration? Maybe I’ll find some time today to verify it.

    For the Univention app I resorted to proxying from apache to kweb. I have you can find the config inside of https://stash.z-hub.io/projects/K4U/repos/kopano-apps/browse/kopano-meet/configure_host?at=refs%2Fheads%2Fmeet-domain


  • Kopano

    @rbrunhuber said in Wrong or missing rewrite rule for guest access in meet?:

    RewriteRule “^/meet/r/(.*)$” “https://meet.domain.tld/meet/” [L]

    This is wrong. You need to do an internal rewrite so that all request urls starting with /meet/r/ do directly return the content of /usr/share/kopano-meet/meet-webapp/index.html .

    Please note that there are a lot of additional web server configuration needed. To simplify this, we made kweb which does this all for free.

    In setups where on need to keep an existing web server configuration, look at the suggestion from Felix, to reverse proxy to kweb from your apache. If your use case is large enough where this makes a difference, please consider getting in touch with our professional services.

    If you want to replicate what kweb does yourself, start at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#110 for meet, at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#81 for kwmserver and at https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/base.go?until=974b45646f17fcae6b55d36527a271c8ed6ae7c5&untilPath=config%2Fbase.go#55 for kapi.



  • Hi @fbartels,

    this is my complete apache configuration for meet:

    <IfModule mod_ssl.c>
            <VirtualHost *:443>
                    ServerName meet.domain.tld
    
                    SSLEngine on
                    SSLCertificateFile     /etc/ssl/certs/wild_domain.tld_test.cert
                    SSLCertificateKeyFile /etc/ssl/private/wild_domain.tld_test.key
    
                    ErrorLog ${APACHE_LOG_DIR}/meet_error.log
                    CustomLog ${APACHE_LOG_DIR}/meet_access.log combined
                    LogLevel error rewrite:trace3
    
                    Alias /meet /usr/share/kopano-meet/meet-webapp
                    Alias /api/config/v1/kopano/meet/config.json /usr/share/kopano-meet/meet-webapp/config.json.in
    
                    RedirectMatch 301 "^/$" "/meet/"
    
                    RewriteEngine On
                    RewriteRule "^/meet/r/(.*)$" "https://meet.domain.tld/meet/" [L]
    
                    SSLProxyEngine On
    
                    ProxyRequests Off
                    ProxyPreserveHost On
    
                    <Proxy balancer://kwmserver_ws>
                            BalancerMember ws://127.0.0.1:8778
                    </Proxy>
    
                    <Proxy balancer://konnect>
                            BalancerMember http://127.0.0.1:8777
                    </Proxy>
    
                    <Proxy balancer://kapi>
                            BalancerMember http://127.0.0.1:8039
                    </Proxy>
    
                    <Proxy balancer://kapi_ws>
                            BalancerMember ws://127.0.0.1:8039
                    </Proxy>
    				
                   <Proxy balancer://kwmserver>
                            BalancerMember http://127.0.0.1:8778
                    </Proxy>
    
                    RewriteCond %{HTTP:Connection} Upgrade [NC]
                    RewriteCond %{HTTP:Upgrade} websocket [NC]
                    RewriteRule /api/kwm/v2/(.*) ws://localhost:8778/api/kwm/v2/$1 [P,L]
    		ProxyPass /api/kwm/v2/ http://kwmserver/api/kwm/v2/
    
    		RewriteCond %{HTTP:Connection} Upgrade [NC]
    		RewriteCond %{HTTP:Upgrade} websocket [NC]
    		RewriteRule ^/api/kvs/v1/(.*)$ ws://localhost:8039/api/kvs/v1/$1 [P,L]
    		ProxyPass /api/kvs/v1  http://localhost:8039/api/kvs/v1/ retry=0
    
    
                    #konnect
                    <Location /.well-known/openid-configuration >
                            ProxyPass http://127.0.0.1:8777/.well-known/openid-configuration
                    </Location>
    
                    <Location /konnect/v1/jwks.json >
                            ProxyPass http://127.0.0.1:8777/konnect/v1/jwks.json
                    </Location>
    
                    <Location /konnect/v1/token >
                            ProxyPass http://127.0.0.1:8777/konnect/v1/token
                    </Location>
    
                    <Location /konnect/v1/userinfo >
                            ProxyPass http://127.0.0.1:8777/konnect/v1/userinfo
                    </Location>
    
                    <Location /konnect/v1/static >
                            ProxyPass http://127.0.0.1:8777/konnect/v1/static
                    </Location>
    
                    <Location /konnect/v1/session >
                            ProxyPass http://127.0.0.1:8777/konnect/v1/session
                    </Location>
    
                    <Location /signin/ >
                            ProxyPass http://127.0.0.1:8777/signin/
                    </Location>
                    <Location /api/gc/>
                            ProxyPass balancer://kapi/api/gc/
                    </Location>
    
                    <Location /api/pubs/>
                            ProxyPass balancer://kapi_ws/api/pubs/
                    </Location>
    
                    <Location /api/gc/>
                            ProxyPass balancer://kapi/api/gc/
                    </Location>
    
                    <Location /api/gc/>
                            ProxyPass balancer://kapi/api/gc/
                    </Location>
    
                    <Location /api/v1/websocket/ >
                            ProxyPass balancer://kwmserver_ws/api/v1/websocket/
                    </Location>
    
                    <Location /api/v1/ >
                            ProxyPass balancer://kwmserver/api/v1/
                    </Location>
    
                    <Location /api/kvs/v1/ >
                    </Location>
            </VirtualHost>
    </IfModule>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    
    

    It would be great if you could have a look into it.



  • @longsleep: Thank you very much, that looks much better now.

    I updated the rewrite rule as follows and now I’m at directed to the group call page as guest.

    RewriteRule "^/meet/r/(.*)$" "/usr/share/kopano-meet/meet-webapp/index.html" [L]

    Then I had a nice group call with my alter ego “Obsidian Solsticerider” \o/.

    I will further test this configuration for now, as it’s a nice playground for me as an enthusiast. If things get more serious with meet I will definitely proxy to kweb.

    @fbartels: thank you very much for your support.


Log in to reply