Secure Domain Not Working on Ubuntu 20.04

I have just installed Jitsi on Ubuntu 20.04 using the repo and am now trying to go through the Secure Domain process. https://jitsi.github.io/handbook/docs/devops-guide/secure-domain

However, after completeing the Secure Domain guide, I do not get the prompt “Waiting for the host”. It just opens up the session as usual.

I have rebooted the server and cleared the broswer to make sure there wasn’t any settings lingering.

Here are my config files.

/etc/prosody/conf.d/jitsi.MYDOMAIN.com.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.MYDOMAIN.com";

turncredentials_secret = "secret";

turncredentials = {
  { type = "stun", host = "jitsi.MYDOMAIN.com", port = "4446" },
  { type = "turn", host = "jitsi.MYDOMAIN.com", port = "4446", transport = "udp" },
  { type = "turns", host = "jitsi.MYDOMAIN.com", port = "443", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284
VirtualHost "guest.jitsi.MYDOMAIN.com"
        authentication = "anonymous"
        c2s_require_encryption = false

VirtualHost "jitsi.MYDOMAIN.com"
        -- enabled = false -- Remove this line to enable this host
        -- authentication = "anonymous"
        authentication = "internal_plain"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/jitsi.MYDOMAIN.com.key";
                certificate = "/etc/prosody/certs/jitsi.MYDOMAIN.com.crt";
        }
        speakerstats_component = "speakerstats.jitsi.MYDOMAIN.com"
        conference_duration_component = "conferenceduration.jitsi.MYDOMAIN.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
        }
        c2s_require_encryption = false
        
Component "conference.jitsi.MYDOMAIN.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        -- "token_verification";
    }
    admins = { "focus@auth.jitsi.MYDOMAIN.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.jitsi.MYDOMAIN.com" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.jitsi.MYDOMAIN.com", "jvb@auth.jitsi.MYDOMAIN.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.jitsi.MYDOMAIN.com"
    ssl = {
        key = "/etc/prosody/certs/auth.jitsi.MYDOMAIN.com.key";
        certificate = "/etc/prosody/certs/auth.jitsi.MYDOMAIN.com.crt";
    }
    authentication = "internal_plain"

Component "focus.jitsi.MYDOMAIN.com"
    component_secret = "secret"

Component "speakerstats.jitsi.MYDOMAIN.com" "speakerstats_component"
    muc_component = "conference.jitsi.MYDOMAIN.com"

Component "conferenceduration.jitsi.MYDOMAIN.com" "conference_duration_component"
    muc_component = "conference.jitsi.MYDOMAIN.com"

/etc/jitsi/meet/jitsi.MYDOMAIN.com-config.js

/* eslint-disable no-unused-vars, no-var */

var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'jitsi.MYDOMAIN.com',

        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.jitsi.MYDOMAIN.com',

        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'jitsi.MYDOMAIN.com',

        // Jirecon recording component domain.
        // jirecon: 'jirecon.jitsi.MYDOMAIN.com',

        // Call control component (Jigasi).
        // call_control: 'callcontrol.jitsi.MYDOMAIN.com',

        // Focus component domain. Defaults to focus.<domain>.
        // focus: 'focus.jitsi.MYDOMAIN.com',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi.MYDOMAIN.com'
    },

/etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.MYDOMAIN.com
org.jitsi.jicofo.auth.URL=XMPP:jitsi.MYDOMAIN.com

you are using the duration thingy; most annoyingly, when you are doing that and not including the thingy in your anonymous virtual host, secure domain does not work, without much indication why.

As an aside, when you are hiding your domain, use search and replace, don’t do it by hand else you risk missing some occurrence of the secret information.

Can you be more specific on the duration thing?
I’m using the stock settings from the install. The only thing I have changed is what the Secure Domain Doc suggests.

you have to include the duration parameters in the anonymous domain

VirtualHost "guest.meet.yourdomain.yourtld"
   authentication = "anonymous"
   speakerstats_component = "speakerstats.meet.yourdomain.yourtld"
   conference_duration_component = "conferenceduration.meet.yourdomain.yourtld"
   modules_enabled = {
      "speakerstats";
      "conference_duration";
    }
   c2s_require_encryption = false

and well, these parameters are useless in the main domain

I already did this but. When someone joins the room, he is asked for credentials also. Why is that?