Easiest way to secure jitsi meet

This means you are using an older kernel. Workaround is to go and find the jitsi-videobridge file in /etc/systemd/system and delete the line, AmbientCapabilities=CAP_NET_BIND_SERVICE, then restart jvb it will warn you which command you need first in order your changes to take effect, execute it restart jvb and jicofo.

hi @damencho
Thank you for your answer. However, this does not change anything. i am using Kernel 4.4.0 and I cannot change it due to provider restrictions.
JVB does not start with the same error message.

Dear damencho,

we are a gorup of high school teachers and, after some tribulation (we are not computer geeks…) we could set up a video call with 25 students.
Quality was not excellent but good enough.
The remaining problem, which is why we write to you in this section, is that we noticed that there were many other univited people joining.
Therefore, we would be extremely grateful if you could explain to us if there is a way to:

  1. set up a password so that only invited people attend;
  2. how can the teacher (who started the room) monitor, and eventually kick out, unwanted people.
    All this, possibly, without going into coding, but just from your website page.
    Otherwise could you be so kind and explain to us in the plainest terms how to do that on a Mac with Catalina ?
    We are really appreciative of your and other members’ help in these Covid19 times.
    Yours.

The teacher can enter the room few minutes before the meeting and set a password, using the Add password option:


And the students need to know this password before entering, the teacher can kick a participant by selecting the 3 dots menu on the participant thumbnail and select Kick option.

Damencho

I get some issues with my jitsi, when I restart the server then try to make conference, if one is up the guest try to join then the session restart to fix I have to do systemctl restart jicofo.

How to fix it?

You can set any of the
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN or org.jitsi.jicofo.auth.AUTH_LIFETIME



Where do I set this?

org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN or org.jitsi.jicofo.auth.AUTH_LIFETIME

In /etc/jitsi/jicofo/sip-communicator.properties

thanks for the feedback

So I have to copy this full file save to the sip properties and set those features?

I have it sort of working-ish… Rooms can only be created by a admin :slight_smile:
Can some one please double check if I’m getting this right… or if I’m overdoing things.
I’m looking what’s need to be in DNS and what needs to be in the FrontEnd Certificate SSL
I’m using the example domain jitsi-meet.example.com but I’m aware that should be your own host&domain :slight_smile:

Given the manual: https://github.com/jitsi/jicofo/blob/master/README.md#secure-domain

First about the name: jitsi-meet.example.com:

  1. DNS: The name base hostname (in the example used is “jitsi-meet.example.com”) must be resolvable from the DNS into a IP4 and/or IP6 address
  2. NGINX: The name is set in the server_name inside the file: /etc/nginx/sites-available/jitsi-meet.example.com.conf
  3. A certificate should be made for this domain with letsencrypt or your own certificate
  4. a entry at /etc/hosts

Now here comes the tricky one guest.jitsi-meet.example.com
q1. Do I need a DNS reference like a CNAME for guest.jitsi-meet.example.com ? (Looks like it)
q2. Do I need to add this domain to the SSL certificate of the NGINX front end ? (not sure)
q3. Do I need to add this to the NGINX server_name as a host alias (Don’t think so it works without)

Many thanks!.. (I might answer myself in a couple of days digging deeper into this :wink:

1 Like

No.

No.

Guest domain is a virtual host, internal for the system.

3 Likes

Hi,

Ive setup Jicofo according to teh instructions in https://github.com/jitsi/jicofo#secure-domain including securing the domain. However, when I visit my URL, I still get the full anonymous conference start screen without the username/password screen, I followed all the instructions but still the authentication part hasnt got activated … any ideas?

Make sure you erase all cookies or use an anonymous browser like the incognito window of Chrome. I noticed that the cookies will make you drop in the meeting room without any username/password once you’ve logged into the room.

Seems a pretty similar situation of this.

Did you solved in some way?

Thanks for the answer. Well, I kind of solved it as I removed the local jitsi server and use the public one… I decided to wait some time and retry in the future again with a newer version. There were other issues (although this one was making it impossible to use it), so I gave up for the time being.

Thank you for your reply. In fact I found Jitsi working pretty well until when added the secured part.

Well, one objective was to allow only “admins” to create rooms. The other was obviously to work with it without interruptions. Somewhere I probably lost track of the settings or it was not compatible to the Ubuntu 16.04 LTS I have to use. There is no urgend pressure at this time, but I’d prefer to have it self hosted for “company use” only, instead on a shared platform.
We’ll see in the future.

1 Like

Add below line in /etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com

I registered an account here just for you as you have already plowed through alot of time into this and helped me find a working solution.

Jitsi in itself is no doubt great and an awesome solution but the documentation could use some improvement for newcomers.

If you still have the wits later on to give it another try, then here’s a guide for you that worked for me and didnt cause disconnects etc (or headaches)

The way it works after you’ve applied the things in the guide is that you will use the same domain for guest and host.

Host enters site and presses GO to create a new meeting and are met with a username and password to finish the creation of the new meeting. The meeting is now up and the host can add a guest password aswell as you wish.

Guests enters the same site and types in the meeting name (or gets a directlink by email). If you set a password earlier for guests then they get a prompt to type the password, otherwise they’ll just get a prompt for their name and bam its done.

Thank you for putting the time in on the research and hope this helps.

Also dont forget to make the server secure from ssh with fail2ban and preferably dont open ssh to the whole world. If possible, use your ISP’s CIDR if you have dynamic ip to lower the attack surface and spamming bots.

Hi bro,
i’m using your step but:

(-In jicofo you need to specify your domain in the additional configuration property. Jicofo will only accept conference requests from authenticated domains. Add your domain with the following command.

sudo cat “org.jitsi.jicofo.auth.URL=XMPP:YOUR-SERVER-HOSTNAME” >> /etc/jitsi/jicofo/sip-communicator.properties)

I can’t run this command " sudo cat “org.jitsi.jicofo.auth.URL=XMPP:YOUR-SERVER-HOSTNAME” >> /etc/jitsi/jicofo/sip-communicator.properties"
example: my domain name is vuquangthang.com so command is: " sudo cat “org.jitsi.jicofo.auth.URL=XMPP:vuquangthang.com” >> /etc/jitsi/jicofo/sip-communicator.properties"

That’s right?.
Thanks for reply