In the first step, the installer will ask for the domain where you want to install Jitsi: `jitsi.yourdomain.example`.
In the next step select that you want to use your existing certificate which you
created [in the previous step](/books/how-to-install-jitsi-meet-on-debian-or-ubuntu/page/prepare-the-lets-encrypt-certificate)
. Assuming you are using certbot, you can find the private key
at `/etc/letsencrypt/live/jitsi.yourdomain.example/privkey.pem` and the certificate
at `/etc/letsencrypt/live/jitsi.yourdomain.example/fullchain.pem`.
If all goes well you should already be able to access Jitsi at `https://jitsi.yourdomain.example`. Nevertheless, there
are a few more steps to make sure everything is configured ideally.
{{<alerttype="danger">}}
Everyone who can access the website is able to create a meeting room. If you want to
restrict this, follow the instructions [below](#adding-authentification-to-room-creation).
{{</alert>}}
## Some more things...
### Nginx
If you are using Nginx, you can take a look at the generated `/etc/nginx/sites-available/jitsi.yourdomain.example.conf` and edit it to align with the configs of your other sites. You might want to adapt the ssl config or enable `http2`.
### NAT
If your server is not directly connected to the internet, you have to specify its local IP in `/etc/jitsi/videobridge/sip-communicator.properties`:
**Update: This change is included in the latest version of the Debian package and is therefore not needed anymore.**
Screensharing in Firefox 74+ doesn't work. Thankfully there is a [patch available](https://github.com/jitsi/jitsi-meet/pull/5180) and it is simple enough that one can apply it to the installed Jitsi instance.
Edit the `/usr/share/jitsi-meet/libs/external_api.min.js`. It is minified and quite unreadable, but one only has to search for `camera; microphone;` in it and then replace the string `this._frame.allow="camera; microphone"` with `this._frame.allow="camera; microphone; display-capture"`.
A save and reload of the page later everything should be working fine.
## Adding authentification to room creation
You probably want to restrict the creation of new rooms to some users, but still allow everyone with the link to join a room.
For this we can configure [`jicofo`](https://github.com/jitsi/jicofo/blob/master/README.md#secure-domain):
{{<alerttype="danger">}}
You might also want to take a look at [the official docs](https://jitsi.github.io/handbook/docs/devops-guide/secure-domain) on this topic.
{{</alert>}}
First edit the `/etc/prosody/conf.avail/jitsi.yourdomain.example.cfg.lua`.
In the main `VirtualHost`, replace `anonymous` authentication with `internal_plain`. Next up create a new `VirtualHost` below for e.g. `guest.jitsi.yourdomain.example` with `anonymous` authentication.
Afterwards the file should look similar to this:
```lua
VirtualHost "jitsi.yourdomain.example"
-- enabled = false -- Remove this line to enable this host
authentication = "internal_plain"
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
--app_id="example_app_id"
--app_secret="example_app_secret"
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
Now when you create a new room, you can click on `I am the host` and enter the username/passwort. Every following user will be able to join directly.
{{<imagesrc="waiting-for-host.png"title="Screenshot of confirmation window">}}
### Using existing user databases
As jitsi is using Prosody for this, you can use e.g. [IMAP](https://modules.prosody.im/mod_auth_imap.html), [LDAP](https://modules.prosody.im/mod_auth_ldap.html), [Wordpress](https://modules.prosody.im/mod_auth_wordpress.html) and [many more](https://modules.prosody.im/type_auth.html) for authentication.
But if you just want to limit the instance to the people you know, a single shared user account as set up above might be enough.