No. I use authentication. My configuration is now usable.
Apache2/prosody/jicofo and jitsi-meet.
Apache configuration:
<VirtualHost *:443>
ServerName jitsi.systella.fr
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/systella.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/systella.fr/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/systella.fr/chain.pem
SSLCipherSuite
"EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED"
SSLHonorCipherOrder on
Header set Strict-Transport-Security "max-age=31536000"
DocumentRoot "/usr/share/jitsi-meet"
<Directory "/usr/share/jitsi-meet">
Options Indexes MultiViews Includes FollowSymLinks
AddOutputFilter Includes html
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorDocument 404 /static/404.html
Alias "/config.js" "/etc/jitsi/meet/jitsi.systella.fr-config.js"
<Location /config.js>
Require all granted
</Location>
Alias "/external_api.js" "/usr/share/jitsi-meet/libs/external_api.min.js"
<Location /external_api.js>
Require all granted
</Location>
ProxyPreserveHost on
ProxyPass /http-bind http://localhost:5280/http-bind/
ProxyPassReverse /http-bind http://localhost:5280/http-bind/
RewriteEngine on
RewriteRule ^/([a-zA-Z0-9]+)$ /index.html
</VirtualHost>
Prosody (/etc/prosody/conf.d/jitsi.systella.fr.cfg.lua):
conf file has to begin with:
consider_bosh_secure = true;
https_key = "/etc/prosody/certs/jitsi.systella.fr.key";
https_certificate = "/etc/prosody/certs/jitsi.systella.fr.crt";
Later, some subdomains are created:
VirtualHost "jitsi.systella.fr"
authentication = "internal_plain"
ssl = {
key = "/etc/prosody/certs/jitsi.systella.fr.key";
certificate = "/etc/prosody/certs/jitsi.systella.fr.crt";
}
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
}
c2s_require_encryption = false
VirtualHost "guest.jitsi.systella.fr"
authentication = "internal_plain"
c2s_require_encryption = false
Component "conference.jitsi.systella.fr" "muc"
storage = "memory"
admins = { "focus@auth.jitsi.systella.fr" }
Component "jitsi-videobridge.jitsi.systella.fr"
component_secret = "lkjhlkjolkj"
VirtualHost "auth.jitsi.systella.fr"
ssl = {
key = "/etc/prosody/certs/jitsi.systella.fr.key";
certificate = "/etc/prosody/certs/jitsi.systella.fr.crt";
}
authentication = "internal_plain"
Component "focus.jitsi.systella.fr"
component_secret = "sldkjflsdkjf"
Jicofo’s config:
JICOFO_HOST=localhost
JICOFO_HOSTNAME=jitsi.systella.fr
JICOFO_SECRET=dlfkgjldfkjglj
JICOFO_PORT=5347
JICOFO_AUTH_DOMAIN=auth.jitsi.systella.fr
JICOFO_AUTH_USER=focus
JICOFO_AUTH_PASSWORD=lksdjfljf
JICOFO_OPTS=
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi -Dnet.java.sip.communicator.SC_HOME_DIR_NAME=jicofo -Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi -Djava.util.logging.config.file=/etc/jitsi/jicofo/logging.properties"
sip-communicator.properties:
org.jitsi.jicofo.auth.URL=XMPP:auth.jitsi.systella.fr
org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true
/etc/jitsi/meet:
var config = {
hosts: {
domain: 'jitsi.systella.fr',
anonymousdomain: 'guest.jitsi.systella.fr',
authdomain: 'auth.jitsi.systella.fr',
muc: 'conference.jitsi.systella.fr'
},
bosh: '//jitsi.systella.fr/http-bind',
clientNode: 'http://jitsi.org/jitsimeet',
testing: {
enableFirefoxSimulcast: false,
p2pTestMode: false
},
resolution: 720,
constraints: {
video: {
aspectRatio: 16 / 9,
height: {
ideal: 480,
max: 720,
min: 240
}
}
},
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
desktopSharingChromeMinExtVersion: '0.1',
channelLastN: -1,
enableTcc: true,
enableRemb: false,
useIPv6: true,
requireDisplayName: true,
enableWelcomePage: true,
defaultLanguage: 'fr',
enableUserRolesBasedOnToken: false,
// J'ai invalidé le p2p, mais ça fonctionne aussi avec cela
p2p: {
enabled: false,
stunServers: [
{ urls: 'stun:stun.l.google.com:19302' },
{ urls: 'stun:stun1.l.google.com:19302' },
{ urls: 'stun:stun2.l.google.com:19302' }
],
},
analytics: {
},
}
};
sip-communicator.properties:
JVB_HOSTNAME=jitsi.systella.fr
JVB_HOST=
JVB_PORT=5347
JVB_SECRET= (voir Component "jitsi-videobridge.jitsi.systella.fr" dans
la conf de prosody)
JVB_OPTS="--apis=xmpp,rest"
JAVA_SYS_PROPS="-Dnet.java.sip.communicator.SC_HOME_DIR_LOCATION=/etc/jitsi
-Dnet.java.sip.communicator.SC_HOME_DIR_NAME=videobridge
-Dnet.java.sip.communicator.SC_LOG_DIR_LOCATION=/var/log/jitsi
-Djava.util.logging.config.file=/etc/jitsi/videobridge/logging.properties"
and last file:
org.jitsi.videobridge.AUTHORIZED_SOURCE_REGEXP=focus@auth.jitsi.systella.fr/.*
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.254.1
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=(public ip)
org.ice4j.ice.harvest.ALLOWED_ADDRESSES=192.168.254.1
With these configuration files, I obtain a configuration with authentification for hosts (domain auth.jitsi.systella.fr) and for guest (domain jitsi.systella.fr). I have done some QoS and now jitsi runs as I expected.
Best regards,
JB