Secure domain

Hi,

I have installed jitsi meet on ubuntu 16.04 and configured secure domain as following document. But it didn’t worked https://github.com/jitsi/jicofo/blob/master/README.md#secure-domain

Well, it works for most people including me. So if you have details to add and precisions on what exactly did not work out for you, don’t hesitate, it’s really necessary to provide them if you want to get help…

Hello,

I tried to setup the two seperated Domains setup, one with authentication for room creation and a second one for guests. I followed this manual: https://github.com/jitsi/jicofo#secure-domain

After it did not work I verified with this tutorial:

Our general setup, without any authentication runs as following:

  • one Server with all the jitsi components on it
  • second Server with coturn as a turn server

This works.

With the added authentication and guest virtualhost it works to setup a room and to add guest users. But as soon as the guest users enter the video and audio is not working (messaging works).

Thank you for your help.

Regards

Just to check, you don’t need these to be actual domains, with DNS A records or nginx/web server config. They’re just internal. Everyone browses to the same URL.

Exactly, only one domain has public dns record.

Hmm… I’m not sure what is not working then.

Is there anything useful in the jvb log?

Just to be sure, it there are 2 authenticated users in a room, all is working ?
In case you don’t know how to have 2 moderators,on the second station you have first to create a (different) room, that will allow you to authenticate; then open another tab and join the meeting started on the first computer.

I didn’t set it up correctly then, which explains why I got problems. But I don’t understand at which point people get sent one way or the other? I want everyone coming from one domain to authenticate, everyone using the other to just enter the chat or wait for the moderator without login. If everybody browses meet.mydomain.tld, and internally it’s meet.mydomain.tld and guest.meet.mydomain.tld … how does it work?

My problem at the moment is, I want more than one person to authenticate, to have more than one moderator. But there is no option to enter credentials once one person did.

No-one gets sent anywhere. Everyone visits the same URL (meet.mydomain.tld), and those with a prosody account are able to authenticate and open a room, and those who do not have one cannot and so just wait.

I want more than one person to authenticate, to have more than one moderator

@gpatel-fr’s advice seems sensible to me:

In case you don’t know how to have 2 moderators,on the second station you have first to create a (different) room, that will allow you to authenticate; then open another tab and join the meeting started on the first computer.

1 Like

I was under that impression. :wink: However that is not how I understood whatever pieces of documentation I found.

That sounds like horrible design tbh and contradicts things I found on here (I think, or it was whereever on the web). However for my purpose that will kind of work for now, thanks a lot for your help! :grinning:

Hmm… odd.

All I can say is that what I described is how it works on my system, with the normal “secure domain” config.

Hello,
I am pretty new here, I tried following the instruction on how to “secure domain”, I did not fully understand what to do. Step 1 says:

a) Enable authentication on your main domain:
VirtualHost “jitsi-meet.example.com
authentication = “internal_plain”
So I edited the file in /etc/prosody/conf.avail/[your-hostname].cfg.lua).
How do I implement it. Do I only have to change the authentication from “anonymous” to “internal_plain” under my hostname or Do I have to add the whole thing above.

Step 2 says
b) Add new virtual host with anonymous login method for guests:
VirtualHost “guest.jitsi-meet.example.com
authentication = “anonymous”
c2s_require_encryption = false
Do I have to replace the “guest.jitsi-meet.example…” to “guest.my-domain”?
Please enlighten me. Thank you.

How do I implement it. Do I only have to change the authentication from “anonymous” to “internal_plain” under my hostname

Yes

Step 2 says
b) Add new virtual host with anonymous login method for guests:
VirtualHost “guest.jitsi-meet.example.com
authentication = “anonymous”
c2s_require_encryption = false
Do I have to replace the “guest.jitsi-meet.example…” to “guest.my-domain

Yes, and uncomment it.

We identified that only fallback TCP users have problems with audio/video as we are using a coturn server. the solution was to include the turncredentials module in guest domain:
VirtualHost “guest.jitsi.domainname”
authentication = “anonymous”
modules_enabled = {
“turncredentials”;
}
c2s_require_encryption = false

Thank you.