Securing Moderator Privileges on Docker

I found this post: Moderator Permissions and the link that @reset gave ( https://github.com/jitsi/jicofo#secure-domain ) looked really good, but I can’t seem to find the configuration file for:

/etc/prosody/conf.avail/[your-hostname].cfg.lua

The thing is, I want my Jitsi server to be secure, so I use another Docker (Ubuntu) that runs Apache2 and I have it redirect from HTTP to HTTPS using this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName example.com
	ServerAdmin webmaster@localhost
	ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
	Protocols h2 http/1.1
	Header always set Strict-Transport-Security "max-age=63072000"
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
	SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
	SSLHonorCipherOrder     off
	SSLSessionTickets       off
	SSLUseStapling On
	SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

	ProxyPass "/"  "http://172.17.0.1:8000/"
	ProxyPassReverse "/"  "http://172.17.0.1:8000/"

</VirtualHost>
</IfModule>

So I am not exactly sure how exactly I am supposed to setup Jitsi to be a little more secure, in that I can control my chatrooms, and not have a bunch of bogus rooms opened.

This seems to be a huge problem, how has this not been solved? Anyone having moderator privileges is chaos, have you found anything yet?

I am working on this now, let’s see what I can figure out.

1 Like

Awesome, so excited to hear! Keep me updated please and thank you!

Hi KR,
Were you able to find any solutions for this issue? I have read alot about secure domain, but not sure if that just allows the first person to moderate? Would like to be able to set permissions to certain people if possible?

If you active the authentication system only registered users can be moderators.

If you active the token authentication, only the user with the apropiate token can be modeators.

I’m trying to register a user, but getting the error “account creation/modification not supported”. There must be a step I’m missing in the original config. I’m going to ask my colleague to see if he has any ideas. We’re close. I can feel it.

Just following up, do you know why I am getting an error “Account creation/modification not supported?” I tried restarting the system but no luck

Did you read the docks, there is a section on authentication?

Remember that, whenever you change a value in the .env file, you should

  1. remove your containers: docker-compose down
  2. remove your configuration files: rm -rf $your-config-dir/*
  3. adjust the config in your .env file
  4. create the containers with the configuration according to the adjusted .env file: docker-compose up -d

If you do not remove the stale configuration from your ocnfiguration folder, the changed values from the .env file will not be used as no new configurations for the containers is generated from the environment variables.