Secure domain enabled, but still no password requested

I’m trying to configure domain authentication so that creating rooms is only done via authenticated login (but participants don’t need to login)

I’m using Jitsi under Ubuntu 18.04.4. I’ve followed the steps under the “Secure Domain” section here https://github.com/jitsi/jicofo#secure-domain

When I start a new meeting, I still do not get a password prompt; I can just start it.

After making the configuration changes, do I need to restart something before the changes take effect?

Below are the settings that I changed; all other configuration is unchanged. I changed my subdomain name to xxx for privacy reasons. Did I miss something?

In /etc/jitsi/meet/xxx.sikando.com/config.js:

var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'xxx.sikando.com',
        anonymousdomain: 'guest.xxx.sikando.com',

In /etc/prosody/conf.avail/xxx.sikando.com.cfg.lua:

VirtualHost "xxx.sikando.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_plain"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/xxx.sikando.com.key";
                certificate = "/etc/prosody/certs/xxx.sikando.com.crt";
        }
        speakerstats_component = "speakerstats.xxx.sikando.com"
        conference_duration_component = "conferenceduration.xxx.sikando.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
        }
        c2s_require_encryption = false

VirtualHost "guest.xxx.sikando.com"
    authentication = "anonymous"
    c2s_require_encryption = false

Did you configure jicofo as well? Can’t see that in the snippets you provided. Jicofo needs its own user as well. Otherwise the config looks good to me…
Have you restarted all services after making those changes? I missed one when I did that and was searching for an hour before I had a power outage (that was a testing instance in a vm on my pc). As a result of that the machine did a reboot and everything worked :smiley:

I did not do anything specific to configure jicofo yet - did not realize it was required. I checked the quick install instructions at https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md that I followed; there is nothing about jicofo there?

How do I restart all services? The instructions for “Secure Domain” don’t mention this, and I am not familiar with the services Jitsi is using.

In the link you provided in the first post Secure Domain step 3 and 4 are jicofo related.

To restart the services you need to do something along the lines of sudo systemctl restart prosody jicofo I don’t think the videobridge needs a restart.

Yeah, you missed this (unrelated to jitsi-meet) :slight_smile:

@Cookiefamily I tried sudo systemctl restart prosody jicofo. This had no effect. I can still create a new room and connect to it without authentication.

I just realized that jicofo was indirectly installed - with default configuration - by apt-get -y install jitsi-meet. This is the content of
/etc/jitsi/jicofo/sip-communicator.properties :

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.xxx.sikando.com

Is there any other jicofo-related configuration to be checked?

I followed this guide, but have not used his templates from github.
I just compared them with my config and changed the settings myself.
It works - see also the comments:

I think at this point you must add the second line:

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.xxx.sikando.com
org.jitsi.jicofo.auth.URL=XMPP:xxx.sikando.com

1 Like

As pointed out earlier you need to update jicofo as decribed in step 3 of secure domain setup

If you have Jicofo installed from the Debian package this should go directly to /etc/jitsi/jicofo/sip-communicator.properties file:

org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com

Yes.

I would do:

service jitsi-videobridge2 restart && service jicofo restart

Adding the above line followed by a restart of jicofo did the trick. Thanks @Raccoon.

It might be useful to update GitHub - jitsi/jicofo: JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. accordingly. Does anyone know how to do that or where to report this suggestion?

Pull request to the read me on GitHub.

I’ve sent the PR.

How are you creating a PR for an observation from 2yrs ago? Things have since changed. This is irrelevant, sorry.