[SOLVED] Jitsi lobby question

Hi there! I want to know how can i create room with authorization, but can connect to this conference room anonymous users without authorization, but with secret password that creating by moderator in this room?
Now i can create root and invite users only with authorization anywhere

ii  jitsi-meet                       2.0.5870-1                    all          WebRTC JavaScript video conferences
ii  jitsi-meet-prosody               1.0.4985-1                    all          Prosody configuration for Jitsi Meet
ii  jitsi-meet-turnserver            1.0.4985-1                    all          Configures coturn to be used with Jitsi Meet
ii  jitsi-meet-web                   1.0.4985-1                    all          WebRTC JavaScript video conferences
ii  jitsi-meet-web-config            1.0.4985-1                    all          Configuration for web serving of Jitsi Meet
ii  jitsi-videobridge2               2.1-492-g5edaf7dd-1           all          WebRTC compatible Selective Forwarding Unit (SFU)
ii  prosody                          0.11.9-1~buster1              amd64        Lightweight Jabber/XMPP server

Thank you!

Secure domain + enbale lobby…is that not what you want?

Now my prosody config. Lobby is enabled. But now this work as

  1. Anybody created room (firstly authorized in prosody by username and password)
  2. Create password for this room
  3. Anybody can connect to this room with username and password and room password
    But i want a next algorithm
  4. Anybody create room (firstly authorized in prosody by username and password)
  5. Create password for this room
  6. Anybody can connect to this room without username and password and using only room password

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

muc_mapper_domain_base = “meetings.domain.tld”;

external_service_secret = “dsdsdada”;
external_services = {
{ type = “stun”, host = “meetings.domain.tld”, port = 3478 },
{ type = “turn”, host = “meetings.domain.tld”, port = 3478, transport = “udp”, secret = true, ttl = 86400, algorithm = “turn” },
{ type = “turns”, host = “meetings.domain.tld”, port = 5349, transport = “tcp”, secret = true, ttl = 86400, algorithm = “turn” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “meetings.domain.tld”
authentication = “internal_hashed”
ssl = {
key = “/etc/prosody/certs/meetings.domain.tld.key”;
certificate = “/etc/prosody/certs/meetings.domain.tld.crt”;
}
speakerstats_component = “speakerstats.meetings.domain.tld”
conference_duration_component = “conferenceduration.meetings.domain.tld”
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“external_services”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “guest.meetings.domain.tld”
main_muc = “conference.meetings.domain.tld”
muc_lobby_whitelist = { “recorder.meetings.domain.tld” } – Here we can whitelist jibri to enter lobby enabled rooms

Component “conference.meetings.domain.tld” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
}
admins = { “focus@auth.meetings.domain.tld” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.meetings.domain.tld” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.meetings.domain.tld”, “jvb@auth.meetings.domain.tld” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.meetings.domain.tld”
ssl = {
key = “/etc/prosody/certs/auth.meetings.domain.tld.key”;
certificate = “/etc/prosody/certs/auth.meetings.domain.tld.crt”;
}
authentication = “internal_hashed”

– Proxy to jicofo’s user JID, so that it doesn’t have to register as a component.
Component “focus.meetings.domain.tld” “client_proxy”
target_address = “focus@auth.meetings.domain.tld”
component_secret = “dsafafad”

Component “speakerstats.meetings.domain.tld” “speakerstats_component”
muc_component = “conference.meetings.domain.tld”

Component “conferenceduration.meetings.domain.tld” “conference_duration_component”
muc_component = “conference.meetings.domain.tld”

Component “guest.meetings.domain.tld” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “recorder.meetings.domain.tld”
modules_enabled = {
“ping”;
}
authentication = “internal_hashed”

  1. Enable guest in secure domain, which seems to be missing.
  2. Do not share prosody user, password with anyone.
  3. Add a meeting password
  4. Enable lobby

This should do it.

You may not need to enable lobby too…

I have this before update, but after update anything goes wrong

A note…this will only work as long as the host joins first and enables lobby, adds a password…
Else any user waiting for the host, will join without any auth, as soon as the host joins with user/password.

Or you may make config changes to enable the lobby by default and try…

lookup secure domain in jitsi handbook. You config don’t have an anonymous host.

Im modify config

– Component “guest.meetings.domain.tld” “muc”
– storage = “memory”
– restrict_room_creation = true
– muc_room_locking = false
– muc_room_default_public_jids = true

VirtualHost “guest.meetings.domain.tld”
authentication = “anonymous”
c2s_require_encryption = false

Also im comment all lines with lobby
But now i can create a room without authorization by username and password

did you define the anonymous domain in the config.js (this is all covered in the handbook I think)

yes, this is defined

It’s difficult to follow what you actually do, with you posting a full Prosody config file with anonymized names (or was it ? you did not set really domain.tld in the file ?) then a snippet with real names (but commenting out the guest muc ? did you really do that ? it’s not in the handbook I’m sure) and then not posting the rest of your config. You have to follow all the steps and it will work. Tedious but it works for everyone using secure domain.
Edit: hum I’m tired. Scratch the guest muc stuff indeed it’s not necessary.

im sorry, im mistaked in mask my original domain :smiley:

Err, am I been left behind by the march of progress in Jitsi-meet and is this external_services thingy a new thihg ? or is it an experiment of yours ? I don’t see any reference to it in the debian install.

this is debian installer on buster :slight_smile:

This is default :slight_smile:

cat /usr/share/jitsi-meet-prosody/prosody.cfg.lua-jvb.example

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “jitmeet.example.com”;

external_service_secret = “turnSecret”;
external_services = {
{ type = “stun”, host = “jitmeet.example.com”, port = 3478 },
{ type = “turn”, host = “jitmeet.example.com”, port = 3478, transport = “udp”, secret = true, ttl = 86400, algorithm = “turn” },
{ type = “turns”, host = “jitmeet.example.com”, port = 5349, transport = “tcp”, secret = true, ttl = 86400, algorithm = “turn” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284

Mozilla SSL Configuration Generator
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “jitmeet.example.com
– enabled = false – Remove this line to enable this host
authentication = “anonymous”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/jitmeet.example.com.key”;
certificate = “/etc/prosody/certs/jitmeet.example.com.crt”;
}
speakerstats_component = “speakerstats.jitmeet.example.com
conference_duration_component = “conferenceduration.jitmeet.example.com
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“external_services”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “lobby.jitmeet.example.com
main_muc = “conference.jitmeet.example.com
– muc_lobby_whitelist = { “recorder.jitmeet.example.com” } – Here we can whitelist jibri to enter lobby enabled rooms

Component “conference.jitmeet.example.com” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
–“token_verification”;
}
admins = { “focusUser@auth.jitmeet.example.com” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.jitmeet.example.com” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focusUser@auth.jitmeet.example.com”, “jvb@auth.jitmeet.example.com” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.jitmeet.example.com
authentication = “internal_hashed”

– Proxy to jicofo’s user JID, so that it doesn’t have to register as a component.
Component “focus.jitmeet.example.com” “client_proxy”
target_address = “focusUser@auth.jitmeet.example.com

Component “speakerstats.jitmeet.example.com” “speakerstats_component”
muc_component = “conference.jitmeet.example.com

Component “conferenceduration.jitmeet.example.com” “conference_duration_component”
muc_component = “conference.jitmeet.example.com

Component “lobby.jitmeet.example.com” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

yes indeed, I have turned my eyes off jitsi github for a few weeks and I am obsolete now.
Of course:

cd handbook
gerard@q1900:~/Documents/docinfo/gpfr1/handbook$ grep -ir external_service *
gerard@q1900:~/Documents/docinfo/gpfr1/handbook$ grep -ir av_mod *
gerard@q1900:~/Documents/docinfo/gpfr1/handbook$ grep -ir moderati *
gerard@q1900:~/Documents/docinfo/gpfr1/handbook$ 

oh well. Sorry I have no time these days to grep source code, read dozen of github issues, etc… to explain the last changes to people trying to install current jitsi-meet and customize it out of the default config. I have done it before but it’s not possible just now.

im assume, that my case is not working out of box

Properly configure the secure domain, using the instructions given, add password to the meeting and then check…

Properly configure secure domain…follow all instructions, including anonymous login…

Even with all those changes, it will not always be what you expect, unless the host joins the meeting, well before all others and adds the meeting password…well before…

Im solved this situation, now works as should, even lobby is working. Leaving it here

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “meetings.domain.tld”;

external_service_secret = “fafafaf”;
external_services = {
{ type = “stun”, host = “meetings.domain.tld”, port = 3478 },
{ type = “turn”, host = “meetings.domain.tld”, port = 3478, transport = “udp”, secret = true, ttl = 86400, algorithm = “turn” },
{ type = “turns”, host = “meetings.domain.tld”, port = 5349, transport = “tcp”, secret = true, ttl = 86400, algorithm = “turn” }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}

VirtualHost “meetings.domain.tld”
authentication = “internal_hashed”
ssl = {
key = “/etc/prosody/certs/meetings.domain.tld.key”;
certificate = “/etc/prosody/certs/meetings.domain.tld.crt”;
}
speakerstats_component = “speakerstats.meetings.domain.tld”
conference_duration_component = “conferenceduration.meetings.domain.tld”
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“external_services”;
“conference_duration”;
“muc_lobby_rooms”;
}
c2s_require_encryption = false
lobby_muc = “lobby.meetings.domain.tld”
main_muc = “conference.meetings.domain.tld”
muc_lobby_whitelist = { “recorder.meetings.domain.tld” } – Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost “guest.meetings.domain.tld”
authentication = “anonymous”
c2s_require_encryption = false

Component “conference.meetings.domain.tld” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
–“token_verification”;
}
admins = { “focus@auth.meetings.domain.tld” }
muc_room_locking = false
muc_room_default_public_jids = true

– internal muc component
Component “internal.auth.meetings.domain.tld” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.meetings.domain.tld”, “jvb@auth.meetings.domain.tld” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “auth.meetings.domain.tld”
ssl = {
key = “/etc/prosody/certs/auth.meetings.domain.tld.key”;
certificate = “/etc/prosody/certs/auth.meetings.domain.tld.crt”;
}
authentication = “internal_hashed”

– Proxy to jicofo’s user JID, so that it doesn’t have to register as a component.
Component “focus.meetings.domain.tld” “client_proxy”
target_address = “focus@auth.meetings.domain.tld”
component_secret = “ffsdfdsdf”

Component “speakerstats.meetings.domain.tld” “speakerstats_component”
muc_component = “conference.meetings.domain.tld”

Component “conferenceduration.meetings.domain.tld” “conference_duration_component”
muc_component = “conference.meetings.domain.tld”

Component “lobby.meetings.domain.tld” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “recorder.meetings.domain.tld”
modules_enabled = {
“ping”;
}
authentication = “internal_hashed”

meetings.domain.tld-config.js
anonymousdomain: ‘guest.meetings.domain.tld’,

My mistake was that i used one domain for lobby and for anonymous domain.

Thanks to community :slight_smile:

1 Like