How-to introduce authentication to start a meeting in Jitsi (secure moderator), my comprehensive tutorial for the beginner

Securing Jitsi Meet with username and password for moderators

Who has read my earlier post about setting up 2 servers with jitsi and jibri (How-to to setup integrated Jitsi and Jibri for dummies, my comprehensive tutorial for the beginner), knows about my setup. I’m hosting my Jitsi Meet at ‘meet.myfirewall.org’, you will need to change this name with your own! I will now show the changes to add security to this Jitsi setup. The changes will:

  1. Ensure that new meetings can only be started with existing username and password. This user will get the moderator role at the start of the meeting.
  2. Ensure that new meetings can be joined by new participants WITHOUT the need for a username and password combination. The moderator can still add a password to the link for the meeting, new participants will then need this password but don’t require a user-account on the server.

Configuration of prosody, set authentication

nano /etc/prosody/conf.avail/meet.myfirewall.org.cfg.lua

Step 1) Change authentication from “anonymous” to “internal_plain”:

VirtualHost "meet.myfirewall.org"
    authentication = "internal_plain"

Step 2) In the same file, add a new VirtualHost at the bottom of the file:

-- Allow our guests to join a conference without the need for a password
-- BELOW VIRTUALHOST NAME SHOULD NOT(!) BE REGISTERED IN DNS!
VirtualHost "guest.meet.myfirewall.org"
    authentication = "anonymous"
    c2s_require_encryption = false

Add moderators to Jitsi

In the terminal run following command (change user, domain and pass with your own):

prosodyctl register igor meet.myfirewall.org P@ssw0rd
prosodyctl register user meet.myfirewall.org P@ssw0rd
...
...
prosodyctl register as_many_users_you_need meet.myfirewall.org P@ssw0rd

Configuration of jicofo

nano /etc/jitsi/jicofo/sip-communicator.properties

Add a new authentication line at the bottom of this file:

org.jitsi.jicofo.auth.URL=XMPP:meet.myfirewall.org

Uncomment anonymousdomain and set the domain to enable guests to join us:

nano /etc/jitsi/meet/meet.myfirewall.org-config.js

hosts: {
    // XMPP domain.
    domain: 'meet.myfirewall.org',

    // When using authentication, domain for guest users.
	// BELOW VIRTUALHOST NAME SHOULD NOT(!) BE REGISTERED IN DNS!
    anonymousdomain: 'guest.meet.myfirewall.org',

MIND:
In 2 files we have added the domain 'guest.meet.myfirewall.org' (files: /etc/prosody/conf.avail/meet.myfirewall.org.cfg.lua and /etc/jitsi/meet/meet.myfirewall.org-config.js). This domain should NOT(!) be registered as a dns name, the name ‘guest.meet.myfirewall.org’ is only used internally! (also marked as a comment in the config changes)

Restart all services and test the changes:

service restart prosody
service restart jicofo
service restart jitsi-videobridge2

Try to start a new meeting, expect to be asked for a username and password. Try to join the same meeting as a guest, expect you will not require a username or password.

nJoy! Cheers, Igor

3 Likes

Hello Igor,

This was absolutely a breeze to follow! However i am bit confused by this line:

The moderator can still add a password to the link for the meeting, new participants will then need this password but don’t require a user-account on the server.

Your post does not talk about it, can you please give us some pointers on how to do it?

Regards
Sandeep

hi @rcworx, glad to hear it served you well!

I’m referring to the normal functionality of Jitsi Meet: share link:
image

You can still add a password to the chat session once it has started. Users can only join when they know the password. This is not a user account on the system, but only a session password for the conference!.. :wink:

Hope this helps! Cheers, Igor

1 Like

@Woodworker_Life Many thanks for answering the query. You have made my life easier. The community here on jitsi.org is fabulous.

Regards
Sandeep

Hi Igor
I followed your instruction from both instruction pages to install the jitsi, however, when launch the conference, I get the page say the conference is disconnected and will rejoin and time clock bar looping, can you tell me how and what I have to do to fix this?

hello, thanks for the great instructions.
It works, unfortunately no “invitation to persons via telephone number” works after the setup.
Do you have an idea why jigasi no longer works or does something need to be set up for jigasi?

best regards
matthias