Special configuration¶
Kopano Meet configuration is done via REST config API. An example what this API needs to provide can be found in the config.json.in example which you find in the sources if Kopano Meet. Kopano Meet loads the config endpoint on startup from /api/config/v1/kopano/meet/config.json. The location on disk Kopano Web serves this file is /usr/share/kopano-kweb/www/config/kopano/meet.json.
Configuring the applications grid in Kopano Meet¶
By default Kopano Meet shows all applications known to the Kopano REACT UI component library, which currently also includes unreleased applications, not yet available to the public. Below are the currently possible values, to hide one of the entries simply remove the line from the file.
..
"apps": {
"enabled": [
"kopano-calendar",
"kopano-contacts",
"kopano-meet",
"kopano-mail",
"kopano-konnect",
"kopano-webapp"
]
}
..
Enabling guest users for Meeting rooms¶
Available starting with Kopano Meet 0.18.0.
Kopano Meet supports the possibility to invite external users (which do not have a user account of their own and therefore can’t login through Konnect) into dedicated Meeting rooms. These rooms can be identified by their url.
The following components need to be available and configured to allow external users:
- Kopano Konnect (minimal required version >=0.20.0)
- Kopano Kwmserver (minimal required version >=0.15.1)
- Kopano Meet (minimal required version >=0.18.0)
Configuring Konnect for guest users¶
For the guest mode to work the administrator has to register Meet as a client inside of Kopano Konnect. This registration is necessary since guests require additional scopes as well has a JSON Web Key (JWK) so that Konnect can perform the actual login for the guests.
Generating Keys¶
Before adding the key to the client registry a new ECDSA key needs to be generated.
$ openssl ecparam -name prime256v1 -genkey -noout -out ecparam.pem
$ openssl ec -in ecparam.pem -out meet-kwmserver.pem
The pem encoded EC PRIVATE KEY part from meet-kwmserver.pem now needs to be converted into a JSON Web Key (JWK). For convenience a helper utility is included for this within Kopano Konnect.
$ kopano-konnectd utils jwk-from-pem --yaml meet-kwmserver.pem
crv: P-256
d: mr9hsFCC8q4v4I4Yv1HHSUoU2ax4X_vRKm60CkLb8XE
kid: meet-kwmserver
kty: EC
use: sig
x: 3h9BEMjO0CSP1vILZrT8ALN1XLp3B4F9q26HKghiqns
"y": pBnvjxvEFIymNB82xeQFNkpo01jxEprEPmxxdx1DS74
Note
When running kwmserver and konnect on different systems or when the principle of least knowledge should be applied, then two “registration.yml” should be created. One with the private key for kwmserver and one with the public key for konnect. A public key can be generated by running openssl ec -in ecparam.pem -pubout -out meet-kwmserver-public.pem
Konnect Client Registry¶
In below example registration file (expected location for this file is /etc/kopano/konnectd-identifier-registration.yaml, does not exist by default) the value kopano.dev needs to be replaced with the actual FQDN. Additionally the value below keys: needs to be replaced with the locally generated JWK.
clients:
- id: kpop-https://kopano.dev/meet/
name: Kopano Meet
application_type: web
trusted: true
redirect_uris:
- https://kopano.dev/meet/
trusted_scopes:
- konnect/guestok
- kopano/kwm
jwks:
keys:
- kty: EC
use: sig
crv: P-256
d: mr9hsFCC8q4v4I4Yv1HHSUoU2ax4X_vRKm60CkLb8XE
kid: meet-kwmserver
x: 3h9BEMjO0CSP1vILZrT8ALN1XLp3B4F9q26HKghiqns
y: pBnvjxvEFIymNB82xeQFNkpo01jxEprEPmxxdx1DS74
request_object_signing_alg: ES256
Konnect configuration¶
Now that we have generated our client registry we can configure Konnect to use it, as well as make the other required changes for the guest mode.
The following values need to be adapted in /etc/kopano/konnectd.cfg:
- Uncomment
identifier_registration_confand make sure it points to the registry created above, e.g.: -identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml - uncomment and switch
allow_client_gueststo yes -allow_client_guests = yes
On restart of Konnect the following log line will indicate that Konnect is now configured to enable guest users for Meet:
time="2019-03-28T09:29:14Z" level=info msg="identity guest manager set up"
Configuring Kwmserver for guest users¶
Kwmserver also needs to be made aware the guest mode and Meet as a registered client. Luckily the same file already configured in Konnect can simply be reused in Kwmserver.
The following values need to be adapted in /etc/kopano/kwmserverd.cfg:
- uncomment and switch
enable_guest_apitoyes: -enable_guest_api = yes - uncomment
registration_confand point it to the same file as previously done in Konnect: -registration_conf = /etc/kopano/konnectd-identifier-registration.yaml - uncomment and configure the name prefix for guest channels. The below setting will make all rooms starting with
group/publicrooms that guests can join: -public_guest_access_regexp = ^group/public/.*
Configuring Meet for guest users¶
Last but not least we need to make Meet aware of the guest functionality as well. This happens in the config.json files that is loaded at startup by Meet.
As previously explained Kopano Web serves this file from /usr/share/kopano-kweb/www/config/kopano/meet.json (if it does not yet exist it can be copied from the example directory at /usr/share/doc/kopano-meet-webapp/config.json.in). To enable the guest mode modify the below block so that it reads "enabled": "true":
..
"guests": {
"enabled": "true"
},
..
Using the guest mode¶
With the above configuration users can now create rooms where external users can join existing calls. To create such a room the user has to:
- click on the “new call button”
- in the dialogue followed by this click on “new public group”
- choose a name that starts with “public/”, like for example “public/customer-a”
- after the groups has been entered, click on “share group”
Enabling screensharing¶
Available starting with Kopano Meet 0.19.0.
Screensharing is automatically enabled once a browser with support for the “Screen Capture API” is detected.
Supported browsers include:
- Google Chrome >=72
- Mozilla Firefox >= 66
- Kopano DeskApp >=2.2.3