Set up authentication

Hello,

Im on Ubuntu

I added 4 spaces to each .com since the forum tells me I can’t post more than 2 links…

so I just installed Jitsi. Works without video/audio since the UDP@10000 isn’t open yet. Can’t do it so I have to wait.

I want to set up authentication so that meet.example. com requries a login and meet.example. com/somemeeting is open to whoever.

I tried following https://jitsi.github.io/handbook/docs/devops-guide/secure-domain but those docs aren’t the best to follow. I assumed that since I’m on Ubuntu I’m also using the Debian Package. (I wouldn’t have a clue where to find those config files if it wasn’t the case since the docs only cover this case.)

so I did:

VirtualHost "jitsi-meet.example.     com"
    authentication = "internal_hashed"

and

VirtualHost "guest.jitsi-meet.example.    com"
    authentication = "anonymous"
    c2s_require_encryption = false

in /etc/prosody/conf.avail/[your-hostname].cfg.lua

I also added

anonymousdomain: 'guest.jitsi-meet.example.      com',

in /etc/jitsi/meet/[your-hostname]-config.js

I then added

org.jitsi.jicofo.auth.URL=XMPP:jitsi-meet.example.     com

to

/etc/jitsi/jicofo/sip-communicator.properties

I didn’t add

org.jitsi.jicofo.auth.URL=EXT_JWT:jitsi-meet.example.      com

since JWT tokes are insecure since they usually get saved in some local storage. I want my cookies and sessions.

I have to admit that I have no idea what jicofo is and I never installed it but it seems it’s default.

I then run

sudo prosodyctl register <username> jitsi-meet.example.     com <password>

and

systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2
systemctl restart apache2
systemctl reload apache2

just to be sure.

Nothing seemed to change. Why?

Of course I substituted all domains etc. accordingly.

You are not asked to log in?

Have you tried simply rebooting the server?

The following site has a semi-automated way to do it, basically using sed to edit their working config file examples for your domain. I tried it and it worked immediately after restarting the jitsi software. (Obviously, back up your configuration first!)

For additional security I used htaccess password protection in nginx so you can’t even bring up the jitsi page on my server without authentication. I also use fail2ban so after 3 bad login attempts the originating IP address is banned via iptables firewall.