Moderated Meetings Setup

What configurations do I need to do to my Jitsi Meeting instance after spawning the microservice for Moderated Meetings to get the same flow as seen on https://moderated.jitsi.net/ ? I have tried to use enable_auth=1 and configuring the JWT options, but that seems to lead to the user being required to log in with username/password for all meetings. Without it the JWT does not seem to be validated at all and the first person to join becomes moderator and all others are guests as per the default flow. I have been trying to look in to different threads on here but the ones I have found has mainly been about configuring the microservice which seems to be doing its job currently.

moderatedRoomServiceUrl: ‘https://moderated.jitsi.net’,
in config.js and also add moderated tenant/subdomain to the allowners prosody module settings
jitsi-meet/mod_muc_allowners.lua at cbbe58a1ec5e0ab6798b26249ff4152dc72295d8 · jitsi/jitsi-meet · GitHub

1 Like

Thank you @damencho for the clarification!

I thought I’d share some knowledge about how I got it all working for the next one who might stumble on this while setting up their own instance. If something is inaccurate feel free to correct it.

.env Config Microservice

Generating keypair can be done through openssl:

  1. openssl genrsa -out keypair.pem 2048
  2. openssl rsa -in keypair.pem -pubout -out publickey.pem
  3. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in keypair.pem -out moderated.der
  4. Get the private_key_id through this command echo -n [NAME_OF_PRIVATE_KEY.der] | shasum -a 256 and change the publickey.pem name to the fetched private_key_id.
DEPLOYMENT_URL= url to the jitsi meet instance ex. https://meet.jit.si/ (ending with a /)
PORT= Port for the microservice
PRIVATE_KEY_FILE= ex. path/to/key/moderated.der
PRIVATE_KEY_ID= for this instance it would be 
'3c582c2fd86242e0a3655642607d548b5c271d4e1fe21ee7aa548438b3858640' as explained above
TARGET_TENANT= Tenant of your choice ex. moderated

Key Server

Next you’ll need to be able to serve the public key to the Jitsi instance. If you do not have a dedicated server for serving files, you could just set up a simple python http.server to test it out before creating a permanent solution.

  1. Create a new folder and add the public key to it.
  2. python3 -m http.server [PORT]

Jitsi Meet Config

If you don’t have jitsi-meet-tokens installed you need to install it first apt-get install jitsi-meet-tokens. After installing do the following steps:

  1. Disable auto-owner with the following command hocon -f /etc/jitsi/jicofo/jicofo.conf set jicofo.conference.enable-auto-owner false
  2. open /etc/prosody/conf.avail/[YOUR_DOMAIN].conf
  3. Add the following global variables in the top section of the file either set this to * or specify the accepted issuer and audiences for the instance:
...
asap_accepted_issuers = {"*"};
asap_accepted_audiences = {"*"};
...
  1. Then go to the VirtualHost section and add/make sure the following is enabled:
VirtualHost "[YOUR_DOMAIN]"
	...
    authentication = "token";
    app_id=[SPECIFIED ON JITSI-MEET-TOKENS INSTALL];
    asap_key_server=[URL_TO_KEY_SERVER];
    allow_empty_token = true;
  1. Modify the conference.[YOUR_DOMAIN] component. Add muc_allowners to modules_enabled and set the allowners_moderated_subdomains to the target tenant you specified during the microservice setup.
Component "conference.[YOUR_DOMAIN]" "muc"
    ...
    modules_enabled = {
        "muc_allowners";
        ...
    }
    allowners_moderated_subdomains = { "moderated" }
    ...
  1. restart the services service prosody restart && service jicofo restart && service jitsi-videobridge2 restart

Notes

During the setup I encountered an issue with the installation of jitsi-meet-tokens where some dependencies seemed to be missing. I followed the following threads to resolve the issues:

  1. Error: Failed installing dependency: https://luarocks.org/luaossl-20180708-0.src.rock - Could not find header file for CRYPTO · Issue #632 · leafo/lapis · GitHub
  2. Error while starting to use Jitsi with JWT cert - #10 by emrah