Jitsi on mobile – download our apps and start a meeting from anywhere. Jitsi Meet (also referred to as meet.jit.si) is a free and open source video conference service maintained by parent company 8x8. Jitsi Meet users don’t need to create an account to join a call. To join a call, all you need is the meeting link, which you can open in a browser window on your computer, or through Jitsi’s mobile app.
A basic installation of Jitsi Meet gets you up and running within shortest time, probably in less than 15 minutes. There are hardly any configuration changes necessary. Most important information is a fully qualified domain name (FQDN), and that's it.
However such a default installation of Jitsi Meet is open. Meaning, that anyone knowing the URL of your server can create a new meeting room and start to have video conferences using your instance and probably causing additional cost.
In this second article on Jitsi Meet we are going to enable authentication to avoid any misuse from public users. Please read Install Jitsi Meet on Compute Engine (GCP) in case you have not created your own instance yet.
Securing your instance of Jitsi Meet requires three configuration changes plus the creation of user accounts with permission to host conference calls.
Let's have a look at the architecture of Jitsi Meet to get a better understanding.
It is possible to allow only authenticated users for creating new conference rooms. Whenever a new room is about to be created Jitsi Meet will prompt for user name and password. After the room is created others will still be able to join from an anonymous domain.
Extend the Prosody configuration
The central component of Jitsi Meet is the Prosody XMPP server which is responsible for user management among other tasks, like authentication.
Open the configuration file of your domain with your preferred text editor.
Here you change the current value of authentication from
internal_hashed like so.
Additionally, you add a new virtual host definition at the end of the same file.
Save the file to confirm the modifications.
Note: The domain of the guest VirtualHost is internal only. It does not require any DNS record or SSL certificate.
The outcome is now that the primary VirtualHost of your Jitsi instance would require any kind of authentication to create a conference meeting room whereas the VirtualHost for guests still grants access to anonymous users.
Add guest domain to Jitsi Meet frontend
After adding the guest domain to the XMPP server component, you need to add this VirtualHost to the configuration object in the web frontend.
Open the config file with a text editor.
Then you add the directive
anonymousdomain into your
Save and close the configuration file to confirm your modifications.
As you might see in the comment in the hosts sections, it already stipulates that your instance is going to use the new domain for guest users.
Change Jitsi Conference Focus
Next, you have to configure the Jitsi Conference Focus (jicofo) component to allow requests from an authenticated domain only. For that you need to add the protected URL to the properties files. Open it with a text editor.
Add the key-value pair
org.jitsi.jicofo.auth.URL=XMPP:<domain> at the end of the file, and save it.
Restart all Jitsi services involved
With all changes mentioned above you need to restart the services to apply all modifications. Run the following commands or restart your VM instance completely.
Check the log files
Should you come across some unexpected issues always have a look at the log files first. Here is a brief overview of where to check.
Create your moderators
For the last step, now that authentication is active, you need to create at least one user which is going to have permissions to create meeting rooms.
According to the architecture it is the Prosody component which is responsible for this part. The command
prosodyctl helps you to manage your XMPP server and therefore your user base.
You can add and enable a user with the following command.
The syntax is described here.
Unfortunately, this is not GDPR-compliant, because “enabling users to set their password without the admin knowing it” is a basic and unavoidable security measure.
You completed all necessary steps to enable authentication in your instance of Jitsi Meet. All steps described above are mainly based on the official guide to Secure domain on GitHub.
Let's try it..
Authenticate against your instance of Jitsi Meet
Open a browser and navigate to your URL of Jitsi Meet. The site should load as before and there are no obvious changes visible. Authentication is bound to the creation of a meeting room only.
Either you choose an existing meeting room or you enter a new name and click on
GO to start the video conference session. If you are not authenticated the site will now place you in some kind of virtual lobby until a moderator or host arrives.
Jitsi Meet Download
In case that you are the host of the meeting click on
I am the host and you will be asked to enter your credentials. You can either enter just the user name without your domain or the fully qualified user name including the domain - both approaches will work.
Enter your passphrase and click
OK. With successful authentication against Prosody the Jitsi Meet component will grant you access to the meeting room and assign moderator permissions to your account.
Public access is still possible as soon as a moderator (host) is present in the meeting room.
Jitsi Vs Jitsi Meet
As a moderator you will get additional options under Settings > More which allow you to control what should happen when someone enters the meeting room, e.g. being automatically muted or not being visible to other participants.
Enjoy your next, secure video conference.
Consider to set password per meeting room
An additional level of protection against 'Zoom-bombing' or unwanted intrusion into a video conference would be to activate the password of the meeting room.
Click on the
i circle in the bottom right area and click on
Add password in the popup dialog.
Enter your room-specific password and hit
Enter to confirm your choice.
Jitsi Meet Jitsi Desktop
Note: The password of a meeting room is not persistent and needs to set each time that you would join / start a conference call. You cannot launch a meeting room with an initial password already set.
Perhaps you noticed that the visual appearance of the Jitsi Meet instance running for MSCC looks slightly different to the default installation.
The next article in this series is going to dive deeper into the possibilities to customise the look of your instance of Jitsi Meet.