Secure domain login clarity

I would rather do it right the 1st time so please advise.
I followed this install: https://mangolassi.it/topic/18402/install-jitsi-meet-on-debian-9-minimal
and everything works perfectly. Tested with laptops/desktops/iphones/Android phones/and ipads. I am VERY Impressed with Jitsi, The developers should be VERY proud!!!
Had 8 devices (6 mobile) all working perfect on a video conference, but I need a secure password protected login b4 guests can join the room.
A few questions…
In following a Secure domain from GitHUB, I need some clarification

1 In Prosody:

(If you have installed jitsi-meet from the Debian package, these changes should be made in /etc/prosody/conf.avail/[your-hostname].cfg.lua)
Well I’m running Debian 9 so far so good.

a) Enable authentication on your main domain:

VirtualHost “jitsi-meet.example.com
authentication = “internal_plain”
b) Add new virtual host with anonymous login method for guests:

VirtualHost “guest.jitsi-meet.example.com
authentication = “anonymous”
c2s_require_encryption = false
2 In Jitsi Meet config.js configure ‘anonymousdomain’:

(If you have installed jitsi-meet from the Debian package, these changes should be made in /etc/jitsi/meet/[your-hostname]-config.js)

***QUESTION==Does this mean the quick install without NGX or Apache installed??

var config = {
hosts: {
domain: ‘jitsi-meet.example.com’,
anonymousdomain: ‘guest.jitsi-meet.example.com’,

},

}
3 When running Jicofo specify your main domain in additional configuration property. Jicofo will accept conference allocation requests only from authenticated domain.

-Dorg.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com
***QUESTION==where is the above added?
HERE> /etc/jitsi/meet/[your-hostname]-config.js)
or HERE> /etc/jitsi/jicofo/sip-communicator.properties
***QUESTION2== is the -Dorg a typo?

If you have Jicofo installed from the Debian package this should go directly to /etc/jitsi/jicofo/sip-communicator.properties file:

org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com

FACT= on the quick install my sip-communicator.properties file is empty so it’s simple enough to paste this in… org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.com with my correct subdomain.

4 To create users use the command:

prosodyctl register jitsi-meet.example.com
5 If you are using jigasi: QUESTION: as a noob I have no idea if I’m using this, am I using jigasi??

a) Set jigasi to authenticate by editing the following lines in sip-communicator.properties.

If you have jigasi installed from the Debian package this should go directly to /etc/jitsi/jigasi/sip-communicator.properties

org.jitsi.jigasi.xmpp.acc.USER_ID=SOME_USER@SOME_DOMAIN org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

QUESTION: so am I just pasting these lines into my empty sip-communicator.properties file with the correct edits for my users and domain??

The password is the actual plaintext password, not a base64 encoding.

b) If you experience problems with a certificate chain, you may also need to uncomment the following line, also in sip-communicator.properties:

net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

Note that this should only be used for testing/debugging purposes, or in controlled environments. If you confirm that this is the problem, you should then solve it in another way (e.g. get a signed certificate for prosody, or add the particular certificate to jigasi’s trust store).

Well it’s my 1st post and hopefully I provided enough for you expects to train a noob,
cheers and thanks:crazy_face:

Q: Is the quick install without Nginx or Apache?
A: The instructions say it can work with a preinstalled Nginx or Apache, but if there’s no http server, it will install jetty, a java web server that works from inside Jitsi (I imagine).
Q: Where -Dorg…
A: Remove the -D and insert “org.jitsi…” in /etc/jitsi/jicofo/sip-communicator.properties
“-D” is for the Jicofo executable, if you are starting it yourself in the root prompt, not as a daemon. This part is written as if most people are not installing it from the Debian pkg.
Q: If you are using jigasi
A: You are not using jigasi. Don’t install unless you want to allow SIP phones in the conference
Q: So am I just pasting these lines…?
A: Yes. It is for you to replace SOME_USER, SOME_DOMAIN, SOME_PASS

I hope you have success :smiley:

Thanks for your insight and clarity. Made the correct edits and the system is running perfect.

While this may require a separate post, if sales is running a vid conf presentation in one room, can mgmt be running a financial meeting in another room at the same time? does anyone know how many rooms can be running video conferences concurrently? estimate RAM required per room? no recording going on here,just normal vid-conference

There is no simple answer of that and the first problem you will hit having many rooms is the jvb bandwidth. And it depends whether participants use simulcast or not, there are several example estimates here in the forum, you can check to have an idea about the bandwidth.