Jitsi Jitsi Meet

Jitsi on mobile – download our apps and start a meeting from anywhere. Jitsi Meet (also referred to as meet.jit.si) is a free and open source video conference service maintained by parent company 8x8. Jitsi Meet users don’t need to create an account to join a call. To join a call, all you need is the meeting link, which you can open in a browser window on your computer, or through Jitsi’s mobile app.

A basic installation of Jitsi Meet gets you up and running within shortest time, probably in less than 15 minutes. There are hardly any configuration changes necessary. Most important information is a fully qualified domain name (FQDN), and that's it.

The content is divided in 3 main areas: User guide: Designed to help users of the service, to better understand all the available features and how to use them. Developer guide: Designed to help developers who want to either integrate the Jitsi Meet API / SDK in their products or want to improve Jitsi Meet itself by developing new features or fixing bugs. Jitsi Meet is an open-source (Apache) WebRTC JavaScript application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences. It can be used as a replacement for proprietary services like Zoom, Whereby, Teams, Skype and many others. Jitsi and 8×8 Meet. While Jitsi is free, 8×8 is a premium service that comes with advanced video conferencing options. You can use either of the two according to your requirements. Below is a comparison of both services. Jitsi: With Jitsi, you get all the services you would expect from an app like Zoom, with even fewer limitations.

However such a default installation of Jitsi Meet is open. Meaning, that anyone knowing the URL of your server can create a new meeting room and start to have video conferences using your instance and probably causing additional cost.

In this second article on Jitsi Meet we are going to enable authentication to avoid any misuse from public users. Please read Install Jitsi Meet on Compute Engine (GCP) in case you have not created your own instance yet.

Securing your instance of Jitsi Meet requires three configuration changes plus the creation of user accounts with permission to host conference calls.

Let's have a look at the architecture of Jitsi Meet to get a better understanding.

It is possible to allow only authenticated users for creating new conference rooms. Whenever a new room is about to be created Jitsi Meet will prompt for user name and password. After the room is created others will still be able to join from an anonymous domain.

Extend the Prosody configuration

The central component of Jitsi Meet is the Prosody XMPP server which is responsible for user management among other tasks, like authentication.

Open the configuration file of your domain with your preferred text editor.

Here you change the current value of authentication from anonymous to internal_hashed like so.

Additionally, you add a new virtual host definition at the end of the same file.

Save the file to confirm the modifications.

Jitsi/docker-jitsi-meet

Note: The domain of the guest VirtualHost is internal only. It does not require any DNS record or SSL certificate.

The outcome is now that the primary VirtualHost of your Jitsi instance would require any kind of authentication to create a conference meeting room whereas the VirtualHost for guests still grants access to anonymous users.

Add guest domain to Jitsi Meet frontend

After adding the guest domain to the XMPP server component, you need to add this VirtualHost to the configuration object in the web frontend.

Meet

Open the config file with a text editor.

Then you add the directive anonymousdomain into your hosts object.

Save and close the configuration file to confirm your modifications.

As you might see in the comment in the hosts sections, it already stipulates that your instance is going to use the new domain for guest users.

Change Jitsi Conference Focus

Next, you have to configure the Jitsi Conference Focus (jicofo) component to allow requests from an authenticated domain only. For that you need to add the protected URL to the properties files. Open it with a text editor.

2 utc to pst

Add the key-value pair org.jitsi.jicofo.auth.URL=XMPP:<domain> at the end of the file, and save it.

Restart all Jitsi services involved

With all changes mentioned above you need to restart the services to apply all modifications. Run the following commands or restart your VM instance completely.

Check the log files

Should you come across some unexpected issues always have a look at the log files first. Here is a brief overview of where to check.

Create your moderators

For the last step, now that authentication is active, you need to create at least one user which is going to have permissions to create meeting rooms.

According to the architecture it is the Prosody component which is responsible for this part. The command prosodyctl helps you to manage your XMPP server and therefore your user base.

You can add and enable a user with the following command.

The syntax is described here.

Unfortunately, this is not GDPR-compliant, because “enabling users to set their password without the admin knowing it” is a basic and unavoidable security measure.

Congratulations!
You completed all necessary steps to enable authentication in your instance of Jitsi Meet. All steps described above are mainly based on the official guide to Secure domain on GitHub.

Let's try it..

Authenticate against your instance of Jitsi Meet

Open a browser and navigate to your URL of Jitsi Meet. The site should load as before and there are no obvious changes visible. Authentication is bound to the creation of a meeting room only.

Voice

Either you choose an existing meeting room or you enter a new name and click on GO to start the video conference session. If you are not authenticated the site will now place you in some kind of virtual lobby until a moderator or host arrives.

Jitsi Meet Download

In case that you are the host of the meeting click on I am the host and you will be asked to enter your credentials. You can either enter just the user name without your domain or the fully qualified user name including the domain - both approaches will work.

Enter your passphrase and click OK. With successful authentication against Prosody the Jitsi Meet component will grant you access to the meeting room and assign moderator permissions to your account.

Public access is still possible as soon as a moderator (host) is present in the meeting room.

Jitsi Vs Jitsi Meet

Http://jitsi.org/jitsi-meet/

As a moderator you will get additional options under Settings > More which allow you to control what should happen when someone enters the meeting room, e.g. being automatically muted or not being visible to other participants.

Enjoy your next, secure video conference.

Http://jitsi.org/jitsi-meet/

Consider to set password per meeting room

An additional level of protection against 'Zoom-bombing' or unwanted intrusion into a video conference would be to activate the password of the meeting room.

Click on the i circle in the bottom right area and click on Add password in the popup dialog.

Enter your room-specific password and hit Enter to confirm your choice.

Jitsi Meet Jitsi Desktop

Note: The password of a meeting room is not persistent and needs to set each time that you would join / start a conference call. You cannot launch a meeting room with an initial password already set.

What's Next?

Perhaps you noticed that the visual appearance of the Jitsi Meet instance running for MSCC looks slightly different to the default installation.

Jitsi Iphone

The next article in this series is going to dive deeper into the possibilities to customise the look of your instance of Jitsi Meet.