jitsi-meet

oxofrmbl/jitsi-meet

Fork 0

Commit Graph

Author	SHA1	Message	Date
Dennis Paradzinski	8e76a96668	feat: switch Prosody to JWT auth (HS256, Embertime as issuer) All checks were successful deploy / deploy (push) Successful in 4s Details Replaces the anonymous-OK setup with JWT-gated joins. Only participants that Embertime invited get a valid token — random URL-guessers can no longer enter rooms even if they discover the slug. - ConfigMap: ENABLE_AUTH=1 + AUTH_TYPE=jwt + JWT_APP_ID=embertime - 20-secrets.yaml.example: JWT_APP_SECRET placeholder with docs - CLAUDE.md: documents the new auth model + rotation flow Pipeline rolls config out; the secret itself stays out-of-band — admin copies it from Embertime UI (Settings → Meeting-Server) or queries the embertime DB directly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-11 15:19:00 +02:00
Dennis Paradzinski	d946046773	fix(jvb): shift media port to UDP 10001 (10000 taken by OpenDesk bundle) All checks were successful deploy / deploy (push) Successful in 11s Details	2026-05-11 14:48:10 +02:00
Dennis Paradzinski	6efce0c8f1	chore: initial Jitsi-Meet k3s scaffold for darkemberserver Some checks failed deploy / deploy (push) Failing after 3s Details Self-hosted Jitsi instance at meet.it.financeflow.de — avoids the meet.jit.si moderator-auth wall. Four components (web/prosody/jicofo/jvb) as raw k3s manifests, same deploy pattern as Embertime (Gitea Actions + kubectl apply + KUBECONFIG_B64 secret). JVB uses hostNetwork + UDP 10000 for media — requires router forward. Component passwords live in a kubectl-applied Secret (not in git); generate-secrets.sh produces a fresh manifest. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-11 12:55:29 +02:00

Author

SHA1

Message

Date

Dennis Paradzinski

8e76a96668

feat: switch Prosody to JWT auth (HS256, Embertime as issuer)

deploy / deploy (push) Successful in 4s

Details

Replaces the anonymous-OK setup with JWT-gated joins. Only participants
that Embertime invited get a valid token — random URL-guessers can no
longer enter rooms even if they discover the slug.

- ConfigMap: ENABLE_AUTH=1 + AUTH_TYPE=jwt + JWT_APP_ID=embertime
- 20-secrets.yaml.example: JWT_APP_SECRET placeholder with docs
- CLAUDE.md: documents the new auth model + rotation flow

Pipeline rolls config out; the secret itself stays out-of-band — admin
copies it from Embertime UI (Settings → Meeting-Server) or queries the
embertime DB directly.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-11 15:19:00 +02:00

Dennis Paradzinski

d946046773

fix(jvb): shift media port to UDP 10001 (10000 taken by OpenDesk bundle)

deploy / deploy (push) Successful in 11s

Details

2026-05-11 14:48:10 +02:00

Dennis Paradzinski

6efce0c8f1

chore: initial Jitsi-Meet k3s scaffold for darkemberserver

deploy / deploy (push) Failing after 3s

Details

Self-hosted Jitsi instance at meet.it.financeflow.de — avoids the
meet.jit.si moderator-auth wall. Four components (web/prosody/jicofo/jvb)
as raw k3s manifests, same deploy pattern as Embertime (Gitea Actions
+ kubectl apply + KUBECONFIG_B64 secret).

JVB uses hostNetwork + UDP 10000 for media — requires router forward.
Component passwords live in a kubectl-applied Secret (not in git);
generate-secrets.sh produces a fresh manifest.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-11 12:55:29 +02:00

3 Commits