Everyone has to enter password also if host already created the room

Hi all,

I’ve been looking around and have found a similar thread but not with a clear resolution, or at least not clear enough for me what I need to change.

I set up a secure domain for our Jitsi, but it’s too secure :slight_smile: If the host has entered the room and filled in the password, I want my colleagues to be able to enter the room without entering their password.

I used prosodyctl to set passwords for all of them, because they need to be hosts sometimes as well, but it seems that this setting is not only for the host but also enforces password requirements at all times, even when entering the room even if the host is already there.

In /etc/prosody/conf.avail/[your-hostname].cfg.lua I looked at the VirtualHost settings, but unsure what I need to enable / disable, or change. This is what I currently have set:

VirtualHost "jitsi.my-domain"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_plain"

VirtualHost "guest.jitsi.my-domain"
    authentication = "anonymous"
    c2s_require_encryption = false

I also find the last setting confusing as this is for external people, not for my colleagues, right? Or are my colleagues also perceived as guests?

I’m sure I’m missing something :slight_smile:

Many thanks in advance!!

Best,

Deborah

did you set the anonymous domain in the config.js file as stated in the thread you linked to ?

Hello again,

If you mean this step:

var config = {
    hosts: {
            domain: 'jitsi.mydomain',
            anonymousdomain: 'guest.jitsi.mydomain'
        }
}

Then I added it. I tested it with a colleague with me being the host, and the password was still required… Maybe it’s another step I need to add?

thanks so much!

I’m now looking at: /etc/jitsi/meet/jitsi.my.domain-config.js

/* eslint-disable no-unused-vars, no-var */

var config = {
// Connection
//

hosts: {
    // XMPP domain.
    domain: 'jitsi.my-domain',

    // When using authentication, domain for guest users.
    // anonymousdomain: 'guest.jitsi.my-domain',

    // Domain for authenticated users. Defaults to <domain>.
    // authdomain: 'jitsi.my-domain',

Does this look okay? Thank you!

no, anonymousdomain is commented out here. It needs to appear in the same way as domain.

other steps is to add to /etc/jitsi/jicofo/sip-communicator.properties:

org.jitsi.jicofo.auth.URL=XMPP:jitsi.my.domain

also (optional but many people like it this way):
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

the canonical guide is here:

and the internal_hashed is a small security improvement but not necessary for the secure domain to work (meaning that if your server is compromised it will be difficult for the attacker to retrieve the passwords, an useful feature if the users have identical passwords on other sites)

1 Like

Okay, will look into it, thanks! I’ll write to Digital Ocean to update their documentation. I think I should be able to resolve it from here. Thanks again, learning a lot as I go.

best,

Deborah

@gpatel-fr - I updated the file as per your instructions. The documentation I originally followed also mentioned that I had to add the first line (BRIDGE), but is this actually needed? XMPP was already set

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.my-domain
org.jitsi.jicofo.auth.URL=XMPP:jitsi.my-domain
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

And as per the other instructions (if I understood it correctly), that looks like this now:

var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'jitsi.my-domain',

        // When using authentication, domain for guest users.
        // anonymousdomain: 'jitsi.my-domain',

        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'jitsi.my-domaint',

As before, learning as I go! Will test Jitsi with a colleague shortly.

Thanks a lot and cheers,
Deborah

remove the // before the line else it is commented out (ignored)

aha! That is what you meant! Great! Thanks so much!

and I did not notice it first but somehow you removed the ‘guest.’ prefix. It should be

anonymousdomain: guest.jitsi.my-domain

Yes, I added “guest” back to the line and removed ‘//’
You’ve been really helpful and patient, many thanks!
Best regards from Amsterdam