How to enable Moderated Meet?

Hello Community,

I wanted to enable Moderated Meetings as seen on https://meet.jit.si

I have configured two servers for it.

The first server, which hosts the JMS - is resolved to meet.xyz.com

On The second server, the microservice running ,which is resolved to moderatedmeet.xyz.com

From my understanding, I have modified the .env file in the second server which looks something like this

DEPLOYMENT_URL=https://meet.xyz.com 
PORT=80 
PRIVATE_KEY_FILE=path/to/moderated.der
PRIVATE_KEY_ID=JWT_ID 
TARGET_TENANT=http://moderatedmeet.xyz.com

Where,

  1. The DEPLOYMENT_URL is the URL from first server where the meet is hosted

  2. The PRIVATE_KEY_FILE is the location of our .der file. Using OpenSSL, I have converted the wildcard .crt certificate to .der, following the commands

openssl x509 -in cert.crt -out cert.pem
openssl x509 -outform der -in cert.pem -out cert.der
  1. The PRIVATE_KEY_ID is the JWT_ID from first server which is used to JWT authentication for https://meet.xyz.com

  2. The TARGET_TENANT is the domain assigned for moderated meet.

I am not able to generate meetings in http://moderatedmeet.xyz.com

What I want is:
1. Open meetings where anybody can create a meet on meet.xyz.com
2. And a book URL from moderated meet moderatedmeet.xyz.com

Same like https://meet.jit.si/ and https://moderated.jitsi.net/

Please guide me how to achieve this??
Did I miss anything???

Community, any help on this will be highly appreciated!!

So the problem is that the jwt generated from moderatedmeet.xyz.com does not work on meet.xyz.com?
How did you configure the meet.xyz.com in prosody?
Have you configured asap_key_server?

This is not correct, this should be just the tenant name you configured for https://github.com/jitsi/jitsi-meet/blob/56c0edc8968304a0f672e4e536e8b7d985265494/resources/prosody-plugins/mod_muc_allowners.lua#L16
For example for meet.jit.si this is the value moderated.

Thanks @damencho for your reply

In a nutshell, we want to enable

  1. free meetings [no authentication needed] +
  2. Moderated meetings as seen on meet.jit.si frontpage, where book a meeting url redirects user to moderatedmeet.jitsi.net

Environment details - docker-jitsi-meet-5963

What we have done till now,
We have setup our jitsi media server. Initially, it was open to all - meaning - no authentication. ENABLE_AUTH=0

Now, referring to one of the solutions in one of the thread, they suggested that we had to enable JWT authentication to be able to create moderated meetings, as expected in point no. 2 above

ENABLE_AUTH=1
ENABLE_GUESTS=1
AUTH_TYPE=jwt
JWT_APP_ID=my_jitsi_app_id
JWT_APP_SECRET=my_jitsi_app_secret

For prosody configurations in jitsi-meet.cfg.lua file

VirtualHost "meet.xyz.com"

    authentication = "token"
    app_id = "my_jitsi_app_id"
    app_secret = "my_jitsi_app_secret"
    allow_empty_token = false

On our main jms server, it asks for username password. We found a workaround for the same i.e generate a jwt token using https://jwt.io/

How can we make it Open for all User without authentication??

For Moderated Meet Server we wanted to setup moderated meetings so we cloned the moderated-meetings repository on a different server that has a public IP assigned to it.
We have configured nginx proxy pass for SSL as shown in following diagram.

image

We have Configured .env as,

DEPLOYMENT_URL=https://meet.xyz.com 
PORT=8081
PRIVATE_KEY_FILE=path/to/moderated.der
PRIVATE_KEY_ID=my_jitsi_app_id
TARGET_TENANT=http://moderatedmeet.xyz.com

The second issue is, with the moderated site is that it isn’t generating any tokens at all for us.

We have not configured asap_key_server.

Is there is anything we are missing to configure ?

Look at my previous post for what you had missed and also you need to configure jitsi-meet to use key server (asap_key_server ) not shared secret for jwt.

@damencho any guide on asap_key_server configuration? how to configure it?

For example … there maybe more posts about that