[jitsi-users] My Top-3 Jitsi Meet questions: authentication, stability, Locally Significant CA on Android issue


#1

Hi!

Being a Jitsi Meet user and owner of a private Jitsi Meet server installation for a several months, I have following questions about it:
1. Authentication - now, Jitsi Meet has only some XMPP authentication with rather opaque description and I've understood that it's far away from regular user/password option. Is there any info on plans for adding some sort of authentication to Jitsi Meet? Btw, I can add regular HTTP Basic authentication by means of NGINX in front of the Jitsi Meet, but I'm pretty sure that mobile iOS and Android Apps won't be happy with it.
2. Stability - from time to time, either new participants cannot join the meeting, or they're able to join, but without video and(or) audio, or screen sharing ceases to work. Are there any logs on the server which can aid development team in resolving this bug.
3. Locally Significant CA issue - one of my private Jitsi Meet servers was installed with a Digital Cert, signed by Local CA. This CA's Root Cert is imported to the Android device, but Jitsi Meet mobile app is unable to join any conference on the private server, while PC clients, joining with Firefox are joining meetings ok. Does Jitsi Meet searches all the Root CA stores on the Android? Or maybe there can be an option to import Root CA certs directly in the App, like Firefox does?


#2

Hi,

Hi!

Being a Jitsi Meet user and owner of a private Jitsi Meet server
installation for a several months, I have following questions about it:
1. Authentication - now, Jitsi Meet has only some XMPP authentication with
rather opaque description and I've understood that it's far away from
regular user/password option. Is there any info on plans for adding some
sort of authentication to Jitsi Meet? Btw, I can add regular HTTP Basic
authentication by means of NGINX in front of the Jitsi Meet, but I'm pretty
sure that mobile iOS and Android Apps won't be happy with it.

There is user/password option, if you just want user/password for all
users, do quick installation and just on your domain virtual host make
sure you have: authentication = "internal_plain" and you need to
create xmpp accounts in prosody. For guest and other options there is
some description: https://github.com/jitsi/jicofo#secure-domain

2. Stability - from time to time, either new participants cannot join the
meeting, or they're able to join, but without video and(or) audio, or screen
sharing ceases to work. Are there any logs on the server which can aid
development team in resolving this bug.

If this is Firefox participants, we had recently found a problem,
which should be fixed these days and will push new stable.

3. Locally Significant CA issue - one of my private Jitsi Meet servers was
installed with a Digital Cert, signed by Local CA. This CA's Root Cert is
imported to the Android device, but Jitsi Meet mobile app is unable to join
any conference on the private server, while PC clients, joining with Firefox
are joining meetings ok. Does Jitsi Meet searches all the Root CA stores on
the Android? Or maybe there can be an option to import Root CA certs
directly in the App, like Firefox does?

What you can try is opening the site through the browser, you need to
see it open secured on the mobile browser without a problem and then
it will be opened and in the Jitsi Meet app.

Regards
damencho

Regards
damencho

···

On Tue, Dec 26, 2017 at 8:00 AM, Leo.grand <leo.grand@protonmail.com> wrote:

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Hello, Damian!

Thanks for the reply, it really made some sense to me!

Some comments on your answers:
1. I was able to setup the authentication, but here are the new questions on it :slight_smile:
   - as I'm new to the Jitsi-Meet, it was rather hard to figure out what to do to correctly set up the auth, if possible, consider to publish more complete "step-by-step" guide;
  - do I correctly understand that only "internal_plain" auth is the way to go now and "cyrus" with LDAP backend is not a way to go due to some bugs?
  - the most disappointing, after enabling "internal_plain" auth, my main https://jitsi-meet.<domain.com> web page shows a grey screen, whereas mobile clients are working ok, can you advice a solution to that?
2. Yep, there were Firefox participants, mobile App <-> mobile App conferences were working much better.
3. Opening https://jitsi-meet.<domain.local> doesn't show cert errors in mobile browser, as the Root CA Cert is correctly installed on the system (Android 7).

Thanks!

···

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-------- Original Message --------
Subject: Re: [jitsi-users] My Top-3 Jitsi Meet questions: authentication, stability, Locally Significant CA on Android issue
Local Time: December 26, 2017 6:51 PM
UTC Time: December 26, 2017 3:51 PM
From: damencho@jitsi.org
To: Leo.grand <leo.grand@protonmail.com>, Jitsi Users <users@jitsi.org>

Hi,

On Tue, Dec 26, 2017 at 8:00 AM, Leo.grand leo.grand@protonmail.com wrote:

Hi!
Being a Jitsi Meet user and owner of a private Jitsi Meet server
installation for a several months, I have following questions about it:

- Authentication - now, Jitsi Meet has only some XMPP authentication with
rather opaque description and I've understood that it's far away from
regular user/password option. Is there any info on plans for adding some
sort of authentication to Jitsi Meet? Btw, I can add regular HTTP Basic
authentication by means of NGINX in front of the Jitsi Meet, but I'm pretty
sure that mobile iOS and Android Apps won't be happy with it.

There is user/password option, if you just want user/password for all
users, do quick installation and just on your domain virtual host make
sure you have: authentication = "internal_plain" and you need to
create xmpp accounts in prosody. For guest and other options there is
some description: https://github.com/jitsi/jicofo#secure-domain

- Stability - from time to time, either new participants cannot join the
meeting, or they're able to join, but without video and(or) audio, or screen
sharing ceases to work. Are there any logs on the server which can aid
development team in resolving this bug.

If this is Firefox participants, we had recently found a problem,
which should be fixed these days and will push new stable.

- Locally Significant CA issue - one of my private Jitsi Meet servers was
installed with a Digital Cert, signed by Local CA. This CA's Root Cert is
imported to the Android device, but Jitsi Meet mobile app is unable to join
any conference on the private server, while PC clients, joining with Firefox
are joining meetings ok. Does Jitsi Meet searches all the Root CA stores on
the Android? Or maybe there can be an option to import Root CA certs
directly in the App, like Firefox does?

What you can try is opening the site through the browser, you need to
see it open secured on the mobile browser without a problem and then
it will be opened and in the Jitsi Meet app.

Regards
damencho

Regards
damencho

---------------------------------------------------------------

users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Hi again,

Hello, Damian!

Thanks for the reply, it really made some sense to me!

Some comments on your answers:
1. I was able to setup the authentication, but here are the new questions on
it :slight_smile:
   - as I'm new to the Jitsi-Meet, it was rather hard to figure out what to
do to correctly set up the auth, if possible, consider to publish more
complete "step-by-step" guide;
  - do I correctly understand that only "internal_plain" auth is the way to
go now and "cyrus" with LDAP backend is not a way to go due to some bugs?

I have no idea what bugs you refer to, and I suppose the ldap backend
you mention is a prosody module, so then the question is to send to
prosody.

  - the most disappointing, after enabling "internal_plain" auth, my main
https://jitsi-meet.<domain.com> web page shows a grey screen, whereas mobile
clients are working ok, can you advice a solution to that?

Can you send some js console logs to see what is the problem, two days
ago I've been testing that with latest unstable and latest stable
packages and it was working fine for me.

2. Yep, there were Firefox participants, mobile App <-> mobile App
conferences were working much better.

This should be fixed these days, there was a problem with Firefox
using the bridge, it is working fine in p2p. We are also working now
to add firefox and all other webrtc capable browsers to all daily
executed tests so we can detect failures like this earlier.

3. Opening https://jitsi-meet.<domain.local> doesn't show cert errors in
mobile browser, as the Root CA Cert is correctly installed on the system
(Android 7).

So, you say the mobile browser works with your cert, but not the
mobile app? If this is the case, I would ask someone from the mobile
team to look at it.

Regards
damencho

···

On Thu, Dec 28, 2017 at 2:27 AM, Leo.grand <leo.grand@protonmail.com> wrote:

Thanks!

Sent with ProtonMail Secure Email.

-------- Original Message --------
Subject: Re: [jitsi-users] My Top-3 Jitsi Meet questions: authentication,
stability, Locally Significant CA on Android issue
Local Time: December 26, 2017 6:51 PM
UTC Time: December 26, 2017 3:51 PM
From: damencho@jitsi.org
To: Leo.grand <leo.grand@protonmail.com>, Jitsi Users <users@jitsi.org>

Hi,

On Tue, Dec 26, 2017 at 8:00 AM, Leo.grand leo.grand@protonmail.com wrote:

Hi!
Being a Jitsi Meet user and owner of a private Jitsi Meet server
installation for a several months, I have following questions about it:

Authentication - now, Jitsi Meet has only some XMPP authentication with
rather opaque description and I've understood that it's far away from
regular user/password option. Is there any info on plans for adding some
sort of authentication to Jitsi Meet? Btw, I can add regular HTTP Basic
authentication by means of NGINX in front of the Jitsi Meet, but I'm pretty
sure that mobile iOS and Android Apps won't be happy with it.

There is user/password option, if you just want user/password for all
users, do quick installation and just on your domain virtual host make
sure you have: authentication = "internal_plain" and you need to
create xmpp accounts in prosody. For guest and other options there is
some description: https://github.com/jitsi/jicofo#secure-domain

Stability - from time to time, either new participants cannot join the
meeting, or they're able to join, but without video and(or) audio, or screen
sharing ceases to work. Are there any logs on the server which can aid
development team in resolving this bug.

If this is Firefox participants, we had recently found a problem,
which should be fixed these days and will push new stable.

Locally Significant CA issue - one of my private Jitsi Meet servers was
installed with a Digital Cert, signed by Local CA. This CA's Root Cert is
imported to the Android device, but Jitsi Meet mobile app is unable to join
any conference on the private server, while PC clients, joining with Firefox
are joining meetings ok. Does Jitsi Meet searches all the Root CA stores on
the Android? Or maybe there can be an option to import Root CA certs
directly in the App, like Firefox does?

What you can try is opening the site through the browser, you need to
see it open secured on the mobile browser without a problem and then
it will be opened and in the Jitsi Meet app.

Regards
damencho

Regards
damencho

________________________________

users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users