Help with restricting user entry?

Hello everyone, I have had a problem with entering users, when creating a room it asks me to enter username and password but when inviting a user , it asks for the password and user by the user, it is possible that only ask for username and password to the moderator who created the room and not to the users who enter?

thanks!

Did you uncomment this part in your config.js?

anonymousdomain: ‘guest.meet.example.com’,

And add this to your cfg.lua?

VirtualHost “guest.meet.example.com
authentication = “anonymous”
c2s_require_encryption = false

1 Like

hi @Freddie , where can i find the file?

cfg.lua

see the secure domain setup

1 Like

dont work @Freddie @gpatel-fr , When changing the parameters of the

VirtualHost “guest.meet.example.com
authentication = “anonymous”
c2s_require_encryption = false

it generates an error, it does not connect to the meeting.

You substituted your domain for meet.example.com, right?
What error exactly were you getting?

Share your jicofo log and your cfg.lua file

you have to follow all (IIRC there are 6) the steps in the procedure, not just one.

Hi @Freddie, this is my jicofo and cfg.lua:

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.myserver.com
org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.myserver.com
org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90

cfg.lua:

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “myserver.com”;

turncredentials_secret = “wWlHhXKh3ee8guqP”;

turncredentials = {
{ type = “stun”, host = “myserver.com”, port = “3478” },
{ type = “turn”, host = “myserver.com”, port = “3478”, transport = “udp” },
{ type = “turns”, host = “myserver.com”, port = “5349”, transport = “tcp” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284

https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “myserver.com
– enabled = false – Remove this line to enable this host
authentication = “internal_hashed”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/myserver.com.key”;
certificate = “/etc/prosody/certs/myserver.com.crt”;
}
speakerstats_component = “speakerstats.myserver.com
conference_duration_component = “conferenceduration.myserver.com
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “lobby.myserver.com
main_muc = “conference.myserver.com
– muc_lobby_whitelist = { “recorder.myserver.com” } – Here we can whitelist jibri to enter lobby enabled rooms

Component “conference.myserver.com” “muc”
storage = “none”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
admins = { “focus@auth.myserver.com” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.myserver.com” “muc”
storage = “none”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.myserver.com”, “jvb@auth.myserver.com” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.myserver.com
ssl = {
key = “/etc/prosody/certs/auth.myserver.com.key”;
certificate = “/etc/prosody/certs/auth.myserver.com.crt”;
}
authentication = “internal_plain”

Component “focus.myserver.com
component_secret = “f6Ub330q”

Component “speakerstats.myserver.com” “speakerstats_component”
muc_component = “conference.myserver.com

Component “conferenceduration.myserver.com” “conference_duration_component”
muc_component = “conference.myserver.com

Component “lobby.myserver.com” “muc”
storage = “none”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

Hi @gpatel-fr

I have followed all the steps, when creating a meeting it asks me for username and password, but when inviting someone, it also asks for the username and password, I do not find the point where the guests do not ask for this username and password.

Thanks!!

err, I don’t see a VirtualHost for the guests in your config file.

1 Like

@gpatel-fr I think I am confused in this step, according to these steps, I must add another line of code

one for identification of the creator of the meeting:

VirtualHost “jitsi-meet.example.com
authentication = “internal_hashed”

and the other for the one who enters as a guest?

VirtualHost “guest.jitsi-meet.example.com
authentication = “anonymous”
c2s_require_encryption = false

are they two separate lines of code? (in the same cfg.lua file)

@gpatel-fr Thanks, I have added the missing line

VirtualHost “guest.jitsi-meet.example.com
authentication = “anonymous”
c2s_require_encryption = false

and it has worked for me, now only the moderator who creates the meeting asks for the username and password

Thanks.!

note also that for conference duration, speakerstats, lobby to work these features must also to translated (not copied) to the anonymous host.

1 Like

@gpatel-fr shouldn’t I use the same moderator modules?

VirtualHost "guest.myserver.com"
    authentication = "anonymous"
    modules_enabled = {
      "bosh";
      "pubsub";
      "ping"; -- Enable mod_ping
      "speakerstats";
      "turncredentials";
      "conference_duration";
      "muc_lobby_rooms";
    }
    c2s_require_encryption = false

I don’t think so, just

      "speakerstats";
      "turncredentials";
      "conference_duration";
      "muc_lobby_rooms";

you have also to move these lines to the anonymous host

lobby_muc = “lobby.myserver.com”
main_muc = “conference.myserver.com”
– muc_lobby_whitelist = { “recorder.myserver.com” } – Here we can whitelist jibri to enter lobby enabled rooms

1 Like

@Camilo_Pimentel I haven’t gone through the rest of this thread, but there’s an omission in your jicofo. You need to add this line:

org.jitsi.jicofo.auth.URL=XMPP:my.domain.com

1 Like

@Freddie thanks, I have added the missing line.

Is it working now? If not, what exactly are you getting?

@Camilo_Pimentel Your cfg.lua is rife with errors. Amongst other things, the storage value should be “memory”. There are other errors too. Here’s what you should have:

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “myserver.com”;

turncredentials_secret = “wWlHhXKh3ee8guqP”;

turncredentials = {
{ type = “stun”, host = “myserver.com”, port = “3478” },
{ type = “turn”, host = “myserver.com”, port = “3478”, transport = “udp” },
{ type = “turns”, host = “myserver.com”, port = “5349”, transport = “tcp” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284

https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “myserver.com
– enabled = false – Remove this line to enable this host
authentication = “internal_hashed”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/myserver.com.key”;
certificate = “/etc/prosody/certs/myserver.com.crt”;
}
speakerstats_component = “speakerstats.myserver.com
conference_duration_component = “conferenceduration.myserver.com
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
}

Component “conference.myserver.com” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
– “token_verification”;
}
admins = { “focus@auth.myserver.com” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.myserver.com” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.myserver.com”, “jvb@auth.myserver.com” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.myserver.com
ssl = {
key = “/etc/prosody/certs/auth.myserver.com.key”;
certificate = “/etc/prosody/certs/auth.myserver.com.crt”;
}
authentication = “internal_plain”

Component “focus.myserver.com
component_secret = “f6Ub330q”

Component “speakerstats.myserver.com” “speakerstats_component”
muc_component = “conference.myserver.com

Component “conferenceduration.myserver.com” “conference_duration_component”
muc_component = “conference.myserver.com

VirtualHost “guest.myserver.com
authentication = “anonymous”
c2s_require_encryption = false
modules_enabled = {
“muc_lobby_rooms”;
}

lobby_muc = “lobby.myserver.com
main_muc = “conference.myserver.com
– muc_lobby_whitelist = { “recorder.myserver.com” } – Here we can whitelist jibri to enter lobby enabled rooms

Component “lobby.myserver.com” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

1 Like

Hello @Freddie , I have already made the correction you told me about “memory”, I’m curious, what function does the code do"memory"?

has any other errors?

Tanks!