Ubuntu

How to Secure Jitsi Meet with Jicofo Secure Domain

Introduction.

The conference in Jitsi Meet is mandatory, and the default Jitsi Meet installation allows anyone to create a conference room and to join the room.

For security reasons, it’s recommended to use Jitsi Meet on the securely way, by enabling the secure domain through jicofo.

In this tutorial, we will show you how to secure Jitsi Meet using the jicofo secure domain. It will allow only authenticated users can create the conference room.

Prerequisites

To complete this tutorial, you must have the Jitsi Meet installed on your Ubuntu system. Also must have access to your server and has the root privileges.

In case if you don’t have Jitsi Meet installed on your Ubuntu server, install it using the following guide:

Install Jitsi Meet on Ubuntu 18.04 Server: This guide covers some topics, including how to secure Jitsi Meet with SSL Letsencrypt and ufw firewall.

Once you’ve completed the Jitsi Meet installation, continue the following step to secure your installation with the jicofo secure domain.

Step 1 – Configure Prosody

First, you need to edit the default Prosody configuration to enable the authentication on the Jitsi Meet domain and add the anonymous domain into it.

Jitsi Meet Anonymous Domain Note:
To setup the Anonymous Domain on Jitsi Meet, there is no need to create a new DNS record

Go to the ‘/etc/prosody/conf.avail‘ directory and backup the default Prosody configuration for your domain.

cd /etc/prosody/conf.avail/
cp meet.your-domain.com.cfg.lua meet.your-domain.com.cfg.lua.orig

Edit the Prosody configuration using vim editor.

vim meet.your-domain.com.cfg.lua

Enable authentication on your Jitsi Meet domain.

VirtualHost "meet.your-domain.com"
    authentication = "internal_plain"

Add a new virtual host with anonymous login method for guests to join the conference room.

VirtualHost "guest.meet.your-domain.com"
    authentication = "anonymous"
    c2s_require_encryption = false

Save and close.

Enable Authentication Prosody

As a result, you’ve enabled the authentication and added an anonymous domain to the Prosody XMPP Server. Go to the next step to ad the anonymous domain to Jitsi Meet.

Step 2 – Add Anonymous Domain to Jitsi Meet

In this step, we will add the anonymous domain to the Jitsi Meet.

Go to the ‘/etc/jitsi/meet‘ directory and edit the default configuration with vim editor.

cd /etc/jitsi/meet/
vim meet.your-domain.com-config.js

Add the ‘anonymousdomain’ option to the ‘hosts:‘ section as below.

var config = {
    hosts: {
            domain: 'meet.your-domain.com',
            anonymousdomain: 'guest.meet.your-domain.com',
            ...
        },
        ...
}

Save and close.

Add Anonymous Domain

As a result, you’ve added the anonymous domain to Jitsi Meet. In effect, participants can join the conference room.

For the next configuration, you need to add your authenticated domain to the jicofo.

Step 3 – Add Authentication Domain to Jicofo

At this stage, you have got an authenticated domain ‘meet.your-domain.com’ enabled and added the anonymous domain to Jitsi Meet. And for this step, you will add the authenticated domain to jicofo.

Go to the ‘/etc/jitsi/jicofo‘ directory and edit the ‘sip-communicator.properties‘ configuration using vim editor.

cd /etc/jitsi/jicofo/
vim sip-communicator.properties

Add and specify your authenticated domain to jicofo as below.

org.jitsi.jicofo.auth.URL=XMPP:meet.your-domain.com

Save and close.

As a result, you’ve added the authenticated domain to jicofo. In effect, the jicofo secure domain has been enabled.

And you’re ready to create a new user and password for your authenticated domain.

Step 4 – Create User and Restart Services

In this step, you will create a new user and password for your authenticated domain ‘meet.your-domain.com’. With that user, you will be able to create the conference room on Jitsi Meet.

Create a new user using the prosody command below.

prosodyctl register username meet.your-domain.com password

After that, restart Jitsi Meet services using the following command.

systemctl restart prosody
systemctl restart jicofo
systemctl restart jitsi-videobridge2

Make sure there is no error, and as a result, you’ve created a new user for authenticated domain and Jitsi Meet services have been restarted.

Add Prosody User and Restart Services

Finally, the Jitsi Meet secure domain configuration has been completed and you’ready to test Jitsi Meet.

Step 5 – Testing Jitsi Meet Authentication Secure Domain

In this step, you will test your Jitsi Meet configuration with a jicofo secure domain by creating a new conference room on your platform.

Open your web browser and type your Jitsi Meet URL on the address bar.

https://meet.your-domain.com/

Now you will get the Jitsi Meet default page.

On the ‘Start a new meeting‘ box, type your new conference name and click the ‘GO‘ button.

Start Conference Meeting Jitsi Meet

Once you’ve connected, you will get the result as below.

Secure Jitsi Meet with Jicofo Secure Domain

You need to wait for your host to start the conference.

Click the ‘I am the host‘ button, then you will be prompted for the user and password authentication.

Jitsi Meet Authentication with Secure Domain

Type your username and password that you just created on top and click ‘OK‘ to log in.

Once your username and password are correct you will get your conference room created and start a new meeting. Other participants can start joining the room that you just created.

Jitsi Meet Secure Domain Authentication

As a result, you’ve successfully secure your Jitsi Meet with the Jicofo Secure Domain.

Write A Comment