Username/Password and JWT Authentication in Jitsi on Docker?

Hello, all!

So, I just got a fresh Jitsi server running in Docker, and I configured JWT authentication, which is working for both RocketChat and Nextcloud integration. Inside RocketChat and Nextcloud, I can create rooms, join them, and I am authenticated without issue!

However, I would also like to be able to go directly to my Jitsi server so a few “admins” can create and host meetings without RC or NC, using a username and password combination.

It’s my understanding that a username/password combination is enabled when “internal_plain” authentication is configured, but I am obviously already using JWT. Is there currently a relatively easy way to achieve what I am trying to do?

No, a given Prosody domain supports only ONE authentication type (Docker or not Docker is irrelevant)…

Thanks for your response, @gpatel-fr.

Okay. Now, to dig into your response a bit.

Would it be technically possible to run two or more Jitsi instances in Docker on the same VPS and use a reverse proxy (NGINX) to proxy the requests to the respective instances?

I.e., meet.my_domian.com could use standard password authentication, and meet-jwt.my_domain.com could use JWT authentication solely by the Nextcloud or RocketChat instances configured for JWT?

there is no problem running 2 Jitsi-meet servers on the same hardware using containers. About Docker I have no idea if configuration allows for setting a custom port for Jvb, but I tested this 2 servers configuration with Linux containers to set

  ice {
       udp {
           # The port for ICE/UDP.
           port = 10001
      }
    }

in jvb.conf (if the physical host is firewalled, firewall rules have to be adapted of course).

Note that the 2 servers are different and completely separate, you can have a room with the same name in each server (but occupants of the room on the first server will not know of the other room in the second server, the access rights will be managed independantly…)

AWESOME! This seems to be perfect! I will play around with it over the next couple of days and report back! Thank you SO much!

Just to be clear, since it would be running in 2 different containers as entirely independent installations, I would only need to modify one of the 2 jvb.conf files, correct? One JVB could use 10000, and the other could use 10001, yes?

I think it’s actually possible to do this. You’d need to define another Virtual Host with “internal_plain” set as the authentication method. I believe prosody can support multiple authentication mechanisms. I haven’t personally tried it, but it might be worth giving a shot.

Yes, exactly so. No need to configure the clients (unless there is a personal firewall involved), they are discovering this by themselves.