Jitsi Meet: Enabling Authentication and Server Optimization

In the previous article, we deployed a basic Jitsi Meet server using Docker.
Now let’s look at how to secure your server, enable authentication, and optimize performance for stable video calls.

Authentication: Invite-Only Access

By default, Jitsi Meet allows anyone to create rooms. To restrict access — enable Secure Domain.

1. Open the .env file and find the Prosody (XMPP server) section.

   ENABLE_AUTH=1
   AUTH_TYPE=internal
   

Here, internal means that users will be stored locally.

2. Add users for authentication:

   docker compose exec prosody prosodyctl register user1 meet.jitsi StrongPassword
   docker compose exec prosody prosodyctl register user2 meet.jitsi StrongPassword
   

3. Restart the containers:

   docker compose down && docker compose up -d
   

Now only registered users will be able to create conferences. Guests can join only via a link, if invited by an authenticated user.

Restricting Access via Link

If you want a conference to be available only to those you send the link to:

1. Set a room password (done in the Jitsi Meet interface).
2. Or use built-in JWT tokens for integration with an external authentication system (e.g., Keycloak or Google OAuth).

To enable JWT in .env:

ENABLE_AUTH=1
AUTH_TYPE=jwt
JWT_APP_ID=your_app_id
JWT_APP_SECRET=your_app_secret

Optimization for Load

To ensure the server can handle many participants:

1. Correct Firewall Ports

• 10000/udp — main media stream (always required).
• 4443/tcp — fallback if UDP is blocked.

2. JVM Settings for JVB

In .env you can increase limits for the Java Video Bridge:

JVB_ENABLE_APIS=rest,colibri
JVB_ENABLE_STATS_D=1
JVB_MAX_MEMORY=3072m

3. Scaling JVB

For heavy loads, you can run multiple jvb containers on different servers and balance them.

SSL and HTTPS

• Make sure ports 80 and 443 are open.

• For production, set up automatic certificate renewal:

  docker compose exec web /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
  

Monitoring and Logs

• View logs:

  docker compose logs -f
  

• Metrics are available via the JVB REST API (port 8080), which can be connected to Prometheus or Grafana.

Conclusion

Now your Jitsi Meet server:

• Supports authentication to restrict access.
• Can work in “invite-only” mode.
• Is optimized for high load and ready for monitoring.

This makes it a reliable alternative to cloud services, with full control over your data.