Easiest way to secure jitsi meet

24 errors

2020-01-08T12:15:40.590Z [modules/UI/videolayout/SmallVideo.js] <w.prototype.updateView>: Unable to init avatar - no id
Object { videoSpanId: “localVideoContainer”, streamEndedCallback: _updateLargeVideoIfDisplayed(), container: span#localVideoContainer.videocontainer, “$container”: Object(1), localVideoId: null, isLocal: true, emitter: {…}, statsPopoverLocation: “left top”, _isModerator: false, isAudioMuted: false, … }
Logger.js:154:22

Seems your bosh connection is not working and is returning 404. It should look like: https://meet.jit.si/http-bind
This can be prosody or webserver problem.

How did it break?

No idea, check your webserver and prosody config. Check the logs.

Bingo

I back tracked and once I removed changes should be made in /etc/prosody/conf.avail/[your-hostname].cfg.lua) in Prosody it it provided the focus as needed.

But the Jitsi mobile no longer connect to the server, and I share the link the participant have to enter the credentials.

PS I rebooted the server and it is working with the mobile app, but no video or sound.
Thanks for your input.

After spending hours and 5 reinstall here is what worked.
Authentication Set-up

Authentication for Jisti-meet is done through the program ‘Prosody’. By configuring these settings only users created by prosodyctl will be able to access Jitsi-meet sessions.

-Install jigasi which which is an application that assist with authentication in Jitsi-meet

sudo apt-get install jigasi -y

-Edit the prosody configuration file for your server at /etc/prosody/conf.avail/YOUR-SERVER-HOSTNAME.cfg.lua.

sudo vim /etc/prosody/conf.avail/YOUR-SERVER-HOSTNAME.cfg.lua

-Locate the virtual host with your hostname(should be at the top of the file) and change authentication options to “internal_plain”. It should look like this afterwards.

VirtualHost “YOUR-SERVER-HOSTNAME”
authentication = “internal_plain”

-Once this is done, write and save the file. In vim you type “:wq” then press “Enter”

-In jicofo you need to specify your domain in the additional configuration property. Jicofo will only accept conference requests from authenticated domains. Add your domain with the following command.

sudo cat “org.jitsi.jicofo.auth.URL=XMPP:YOUR-SERVER-HOSTNAME” >> /etc/jitsi/jicofo/sip-communicator.properties

-Create user using prosodyctl. This is where we create users that will sign into Jitsi-meet.

sudo prosodyctl register USERNAME YOUR-SERVER-HOSTNAME PASSWORD

-Restart the server

sudo shutdown now -r

4 Likes

It means we have to manually register new users?

No! You create one user, and the user is the only one that can create room. Once the room is created then the user can send invites. The guest have no account, they just click the link and joins the room. After the last person leaves, the room is destroyed.

Just one user? Thats a pity. Jitsi Meet is good. I was looking for something like skype. Where people can register and add people to contact lists and communicate.

Is there any way this is possible in jitsi meet?

If not, can you suggest any other opensource software?

Is this link useful? https://www.tothenew.com/blog/authorizing-creationentrance-of-a-conference-in-jitsi/

Hi
Wenn I do this, it still does not happen. The page is shown with the regular “anonymous” login.

@MeetTheHonk I followed this and it worked for me Easiest way to secure jitsi meet

@ugintl I did, too, but it does not change anything. Still the regular screen where you can just create a meeting.

The authentication is been shown when you try to join a meeting, nothing is shown on the welcome page.

1 Like

Try creating a room. As @damencho said, the home page will remain the same.

Well… I can create a room without any problems, without entering any password.
I did not restart the server, but restarted apache.

EDIT: I just found the mistake. Prosdy is not restarted when the apache server is restarted. So instead of “shutdown -r now” the following should be used:

systemctl restart prosody

Then it works…
Thanks for the help folks.

@coper I tried this setting, however, when I try to join that room from another device, it asks again the credentials. It is not the first user only, but it is every user. This does not make sense.
It would make sense to protect the “creation” page, and then decide to have or have not passwords for the rooms.
Is that possible? Or at last restrict the use of the “creation” page to specific IPs or so?

This is why the anonymous domain setting exists. This is how it works.

Sorry, I don’t find any explanation in the quoted text and don’t understand what you mean by “this is why anonymous mode exists”. I do NOT want anybody to start meetings, but only a selected few.
I want to invite people to meeting rooms by invitation only.
Like a regular video conferencing system as Teams, Zoom, Blizz etc.
Therefore I need to have a group of users, that can generate meeting, and guests that can join them.
However, if I use the user-password system, Everybody that joins has to provide user credentials (and actually the session get disconnected on connection immediately).

Is that clearer?

The secure configuration has an anonymous domain, used by the guests. So you have hosts which authenticate and guests which don’t need to authenticate. Guests cannot enter the room before any host appear. This is how it works.