Jitsi Meet requires hardening across web, signaling, and media paths. Focus on authenticated room creation, TURN security, and strict network exposure for XMPP and media components.
- Enable secure domain mode so only authenticated users can create rooms.
- Use JWT or internal authentication for moderator identities.
- Disable anonymous moderator creation in production.
- Require lobby and waiting room behavior for sensitive meetings.
- Keep Prosody and JVB control interfaces on private networks.
- Configure TURN with strong static auth secret and TLS where applicable.
- Limit exposed UDP/TCP ports to required ranges only.
- Enforce HTTPS for web and BOSH/WebSocket signaling paths.
- Rotate secrets used by Prosody, Jicofo, JVB, and JWT signing.
- Keep package and container images updated to current stable versions.
- Monitor conference and auth logs for abuse patterns.
- Isolate recording/transcription components from core meeting services.
- Jitsi Handbook (security and deployment): https://jitsi.github.io/handbook/docs/category/security
- Jitsi Meet source repository: https://github.com/jitsi/jitsi-meet
- Jitsi security policy and advisories: https://github.com/jitsi/jitsi-meet/security
Any questions?
Feel free to contact us. Find all contact information on our contact page.