Self-hosted Jitsi server with authentication

noandrea profile image Andrea Giacobino Updated on ・5 min read

As the Coronavirus spreads and more and more people are spending time at home, one of the most critical thing for many is to be able to keep in touch with family, friends and colleagues.

We at Ape Unit are used to remote and distributed work but the current situation meant that it was necessary to go above and beyond....

As we are involved in open source projects and since we already use Jitsi we opted to deploy an instance of Jitsi to use internally and since there have been a lot of demand on the Jitsi community forum about installation and configuration here is a step by step tutorial about how to run your own server.

Once you have completed the tutorial you will have your own Jisti server with authentication enabled.

Before you start

This tutorial assumes that you have basic knowledge about technical stuff in particular assumes that you are familiar with the linux shell, ssh, and dns.

The costs

The running cost of the setup varies depending on the server choice and the domain, in this case we'll be using a Hetzner cloud instance that starts from 2.49€/m

this being said, let's start!

#1. Setup a new server (with Hetzner)

Login (or create an account on Hetzner), then:

  • go to the Cloud home
  • choose the project you want (usually Default)
  • Click on ADD SERVER

In the Create a Server page make sure to

  • select the Ubuntu 18.04 as Image (point 2)
  • add your public ssh key (point 7)

Then click on CREATE & BUY NOW

If you add your ssh key, make sure that it is enable in the ssh configuration of your machine (more on that here). If you do not add your ssh key, you'll receive an email with the root password to the server that you will have to change on first login. As a side note, public key authentication is preferable then password.

The server creation is going to take a minute or less, once completed take note of the IP address of the server.

#2. Point a domain to the newly created server

for this step, we'll assume that you already have a domain registered (you can grab one on namecheap. For this tutorial we will use the domain apeunit.test for our domain.

In your domain DNS configuration add the records:

  • type: A
  • host: @
  • value: IP Address (from the Hetzner server)

NOTE: it might take a few minutes for the DNS to propagate

#3. Jitsi installation

Now that the server is up and running, let's set it up!
If everything before has been successful you should be able to login to your server using:

$ ssh root@apeunit.test
The authenticity of host 'apeunit.test (' can't be established.
ECDSA key fingerprint is SHA256:Q1rLmH7vuBalRJGv7sasTJy+ZtS3yOf4A34artGjUI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'apeunit.test,' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-91-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

We can now proceed with Jitsi installation (documentation here)

First let's make sure that the system is up to date

apt update
apt upgrade -y

Then install nginx

apt install nginx -y

Now we can add the Jitsi repositories and install the Jitsi components. During the installation, you will be prompted for a domain to use, when it happens enter the domain you choose/registered at #2. The second question you'll be asked is if generate a self signed certificate or provide your own; choose the default (generate a self signed certificate)

echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO -  https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt update && apt install jitsi-meet -y

And finally, lets ask let's encrypt for a certificate for our domain


To verify that the installation was successful, open your browser and enter your domain in the address bar, Jitsi should be now up and running.

Once we have verified that the installation is working properly, it is time to configure the firewall so not to leave your server exposed. For firewall we are going to use ufw:

ufw allow ssh
ufw allow http 
ufw allow https 
ufw allow 10000/udp
ufw enable

#4 Enable authentication for Jitsi

Enabling the authentication requires only to edit three files:

  • /etc/jitsi/meet/apeunit.test-config.js
  • /etc/prosody/conf.avail/apeunit.test.cfg.lua
  • /etc/jitsi/jicofo/sip-communicator.properties

NOTE: for the first two, change the apeunit.test part of the filename with your domain

The official documentation for secure domain explains the details of the changes, but here are the files already configured:

I've published the changed files here:

but they have to be changed according to your domain name, here is how. First set a variable with your domain name:

export JITSI_DOMAIN="your_domain.com"

then update the meet configuration file:

curl  https://gist.githubusercontent.com/noandrea/5ff6b212273af95103996c0e71f0cdf2/raw/d14979d5b31af324c5823b3d3c8683a6c762f518/apeunit.test-config.js -s | \
sed  "s/apeunit.test/$JITSI_DOMAIN/g" \
> /etc/jitsi/meet/$JITSI_DOMAIN-config.js

then the prosody configuration file:

curl https://gist.githubusercontent.com/noandrea/5ff6b212273af95103996c0e71f0cdf2/raw/d14979d5b31af324c5823b3d3c8683a6c762f518/apeunit.test.cfg.lua -s | \
sed  "s/apeunit.test/$JITSI_DOMAIN/g" | \
sed  "s/JICOFO_SECRET/$(grep -e '^JICOFO_SECRET=.*' /etc/jitsi/jicofo/config | cut -d '=' -f2)/g" | \
sed  "s/TURN_SECRET/$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8})/g" \
> /etc/prosody/conf.avail/$JITSI_DOMAIN.cfg.lua

and finally the sip communicator properties file:

echo "org.jitsi.jicofo.auth.URL=XMPP:$JITSI_DOMAIN" \
>> /etc/jitsi/jicofo/sip-communicator.properties

Once this part is completed it is now time to create your users, with the command prosodyctl register USER DOMAIN PASSWORD; in our example we can register the user jane with:

prosodyctl register jane $JITSI_DOMAIN janepwd

Currently there is no option to make users register themselves, you will have to create users by command line. Also not all the users need to have a password, only the ones that open a room.

To apply the changes last thing we have to do is to restart Jitsi services:

systemctl restart jicofo
systemctl restart jitsi-videobridge2
systemctl restart prosody

That's it! Now you can enjoy your private chat server thanks to the wonderful Jitsi!

Posted on by:


Editor guide

Many thanks for this tutorial :)

I experienced crashes when a second person joined a meeting and the solution was to keep the original line in jicofo sip-communicator.properties (or add the line you mention to the existing file). So the file looks something like:


By the way, this is on Debian 10 with apache, so your mileage may vary. Maybe this helps someone else.


Thanks for the hint! I've run again the tutorial after the update and I am experiencing the same issue, I'll try to fix it and update the tutorial.


The tutorial should be correct again :phew:


I want only an authorized user to be able to create conferences and be an administrator in them (this is done), and not authorized users can enter and participate in the conference.
Now access to the created conference requires authorization.
How to do it?


Thank you!
I am not sure if I understand the question correctly but if you want to disable anonymous access you can probably do it by removing the block

VirtualHost "guest.meet.apeunit.com"
    authentication = "anonymous"
    c2s_require_encryption = false

from the prosody config file in /etc/prosody/conf.avail


I think that if you remove that block all users will require a host account, thus would be able to create the conferences by themselves. Instead I would change this block's authentication to "internal_plain" and add those guest accounts to prosody with that VirtualHost:

prosodyctl register guestjane guest.$JITSI_DOMAIN janepwd


Hi Andrea,

Thank-you so much for this tutorial too, I've successfully setup Jitsi with Prosody auth, but I seem to be running into the same problem as matveevds above.

Opening a new Jitsi room requires authentication by a registered prosody user as expected, however when I try accessing the newly created room from another device, I get presented with the login prompt again.

For some reason the configuration allowing anonymous users to join an existing room isn't working for me and by the sounds of things matveevds too.

Any help you could provide would be awesome, I take it that the config you've highlighted above is the key, and I can confirm that my conf.avail file contains this section.

Cheers and thanks again!

I'll try to reproduce the problem and see if I can spot the problem.
Make sure though that you are using the same linux version mentioned in the tutorial (ubuntu 18.04) since there might be extra steps required on other platforms (like debian) as mentioned in the comments

I re-run the tutorial on a fresh server and I cannot reproduce the issue,
I get prompted for authentication for the first user but once the first is in the others can join without pwd.
Maybe the logs will help you identify the problem?


That is, by far, the best tutorial I have seen so far on running your own jitsi server!
Thanks a lot!

Would you happen to know if there is a way to also secure some chat rooms for logged-in audience only? (Not all rooms, only SOME rooms)

And, I am pushing here, but do you know of a method to use Azure 365 as an authentication provider with prosody?




Hi Normand, I'm glad you like it!

Would you happen to know if there is a way to also secure some chat rooms for logged-in audience only? (Not all rooms, only SOME rooms)

AFAIK no, you can't. But among trusted peers a long enough random string would be impossible to guess for an external person, and with the option enableWelcomePage: false, in the ...-config.js file there will be no trace on jitsi front page.

And, I am pushing here, but do you know of a method to use Azure 365 as an authentication provider with prosody?

I've read that it is possible to configure prosody with an OAuth provider, but that's all I know . sorry mate :)

btw, check the community forum, there you will likely find what your are looking for community.jitsi.org/


Sorry to bother you again, but so far, you have been the most reliable source of information on Jitsi for me!

Do you happen to use the statistics part of jitsi-meet (the colibri thing)
The documentation seems to be written in ancient greek to my eyes and all I see is fellow nerds temporarily destroying their instance of jitsi-meet by trying to enable this feature, and I can't risk that at the moment. Our server is working 24/7 and serving our newly deployed elearning platform for hundreds of customers!

Also, if you have some experience with the jibri recorder, your feedback and guidance would be most appreciated!

  • Regards

No worries, but what is your elearning platform ?


Andrea, thank you very much for this fantastic howto!

This is outright the BEST tutorial to get started with a simple jitsi server.

Still, I do have two suggestions:

First, please add the modules that are enabled on the "main" VirtualHost to the "guest" VirtualHost as well. Otherwise, people could later unnecessarily run into the same problems as I did, when they try to enhance their server with TURN functionality - see this thread. And even if this functionality is not required, I don't see any downside to enabling the modules on the guest VServer (they're already enabled on the default VServer as well, anyway).

Second, since we are talking about authentication: By default, jitsi will automatically remember (or rather, accept client-side remembered) user credentials. To disable this behavior,

echo "org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true" >> /etc/jitsi/jicofo/sip-communicator.properties

This may or may not be what people want, but I think it's worth mentioning somewhere in the instructions.


About the modules, good point! I will add them to the the sample config.

For the autologin, I consider it more like tuning then a simple installation and I prefer not to get too much into details but to keep it simple and straightforward

Thanks :)


Hi, but you do not have to change the file as below???

COMMENTED OUT org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443


I am not sure about what is that part you are referring to


its by the instructions from jitsi-meet developers


BTW, you think your instructions should work with Ubuntu 20? I can try

Hello Klagio,
that's for servers behind NAT, the setup in the tutorial (hetzner) is not for NAT setup.
About ubuntu 20.04, last time I tried it did not work out of the box...

ahhh yes right.

Bummer, need to update to 20.4 because of another server, will have to figure out


Thanks for the tutorial. I have the following troubles:

when i try to restart the video bridge the following massage ist coming up:
"Failed to restart jitsi-videobridge.service: Unit jitsi-videobridge.service not found."

And on the server page i only see nginx standard page. What should i do to config nginx right?



Good Day,
since yesterday they have changed jitsi-videobridge into jitsi videobridge2 so please check at first service jitsi-videobridge2 status. It should help.


thanks @timonek6 , I've updated the tutorial

No problem you are welcome, thanks for great job btw ;)


Oh man, thanks so now the restart works BUT i still only see nginx when i open my server ip (domain ist not assinged yet), do i have to assing the url to make this thing work or should it also just work with the server ip

the tutorial is specifically written to configure jitsi with a domain name, but it should work if you use a IP address instead of a domain name (I haven't tried though).


Thanks for the tutorial.

I managed to get a Jitsi Meet server up on Azure. I can connect to it from a browser and from the Android Jitsi Meet app, but no sound or video is transmitted from user to user.

Any ideas?


hey Jakob, I haven't tried on Azure so I can't say what could be the issue, but it might be worth to check on the forum if somebody had the same problem.
On the server you can check for errors in the application logs (/var/log/jitsi), if there is all fine the problem might lie in the Azure networking or on the client side.


Hello Andrea,

Thanks for your suggestions.

After some trial and error I found this, which worked for me:


Hello, I also managed to deploy this jitsi meet server and make it run on Azure. And I faced the same NAT network issue as you mentioned. I did the same hotfix updating sip-communicator.properties properties.
so far, so good. BUT I am running an issue when more than 3 people are in the videoconf.
I am wondering if I am having this problem bc the VN's hostname is linked to "....cloudapp.azure.com".
how did you configure the DNS server? u had the same prob?
thanks in advance

I just made a subdomain on one of my domains and pointed it to the Azure server IP via 2 A-records in the DNS, one www-record and one non-www-record.


It works for me... in part.

I'm on Debian 10 Buster.

First, "service prosody status" complains about "portmanager: Error binding encrypted port for https: No certificate present in SSL/TLS configuration for https port 5281"
I found a possible solution for this at discourse.diasporafoundation.org/t... - apparently the .cfg.lua file needs further editing.

Going on, I can become a moderator for a room.

In the room, participants can chat with each other.

However, the participants can't get audio or video from each other.

"tail -f /var/log/jitsi/jvb.log" shows me a SEVERE: [18] RecurringRunnableExecutor.run#230: The invocation of the method org.jitsi.videobridge.health.Health.run() threw an exception.
java.lang.NoClassDefFoundError: Could not initialize class org.jitsi.videobridge.sctp.SctpManager

Does anybody else here get the same on Debian 10 Buster or has a suggestion for me?

and thanks a lot Andrea, especially for remarking that "the Coronavirus spreads" and "one of the most critical thing for many is to be able to keep in touch with family, friends and colleagues." This is the part of your article that helps me the most, it is so appropriate.


Hi @ernestotorresin other people mentioned issues with Debian ( look for the reply from @josefhavel8 that might be helpful).
I strongly suggest though to check on the official forum where is more likely to find other people with the same issues and hopefully with a solution!


Yes, it looks like it works eventually.
For me the files to change compared to the standard installation on Debian 10 Buster were the ones proposed, plus /etc/jitsi/videobridge/config with the JVB_OPTS="--apis=xmpp,rest".
No need to go for the nightly builds.
However, I had to REBOOT the system a couple of times to remove stale configurations still showing up in the logs: this is the only CAVEAT so far.

Thanks a lot!


Very good tutorial, and I'm in Linux server world but I achieved to install my own Jitsi server on Debian

I have registered users with "prosodyctl register jane $JITSI_DOMAIN janepwd" but how to list all the registered users to check who I have registered and who I haven't registered at the moment ?

I've looked after this information on web but no success for the moment.



that's a good question, I've found this solution so far:

ls -l /var/lib/prosody/*/accounts/*

Thank you, you're the best !!


Thank you so much for this tutorial.

I have been running into problem and that is every time I start a new meeting, It asks for the host to log in if not wait for the meeting to start and then I go log in and nothing happens. It goes right back to the first message asking the host to authenticate himself

please help. I have my server running Ubuntu 18.04 on Azure. Been able to get it up and running without the authentication but now that I want to authenticate. I doesn't work and I followed this tutorial cause it was so easy to understand.



Hi @griff1n , Azure networking is different from Hetzner,
please check this comment, I hope it will helpful for you:



Yes. I have already seen this post and I have already fixed this issue. My problem is that every time I enter the user and password in the log in to host window. It says connecting and then reverts back to the "are you the hosts" message.

try looking into the prosody log in /var/log/prosody, prosody is the component that manages authentication, you should finds clues there.


Many thanks for this great tutorial, it worked like a charm.
I got my Jitsi Server running within 15 minutes, without having much experience in that field!

(It's good to be remindet that the Let's Encrypt Certificate needs to be renewed every 3 months or set up to auto renew.)


A little update:
the tutorial is now updated to enable by default the new privacy feature:

// Disables storing the room name to the recents list
doNotStoreRoom: true,

Hi Andrea, thank you for the tutorial. I followed every step and it works well using on my android mobile phone (using react-native-jitsi-meet).

But on ios, I don't now why the dominant speaker detection is not working. If I use the public domain meet.jit.si, it works. Could you give me a lead? Thank you!


Fantastic how-to Andrea. Super clear and worked on the first run. Thank you!


Hi Andrea, this is a great tutorial since I wanted to add authentication and the original thread I found on Hetzner didn't provide this option: community.hetzner.com/tutorials/ji...

I followed the tutorial on Hetzner and it worked perfectly, I then tried to add the auth part of your tutorial but now whenever more than 1 person connects Jitsi says: "Etwas ist schiefgelaufen". And the meeting wouldn't start. Not sure what the problem is, can you help?


Dear Andrea,

First of all, thanks for this great tutorial. Installed without any issues. However, I am still experiencing the same problem as on the other installation of Jitsi that I already tried, namely that with a third participant the video and audio of ALL participants are dropping.
There are no firewall issues, any suggestions ?
Thanks, keep it safe these days and keep up the good work !!


Such a handy tutorial. I poked around in the config files and had a hard time understanding the docs for Jitsi authentication. So I'm really happy it is up and running. While it seems to be working, after I submit the login form the login form presents itself again. If I refresh the page I'm allowed into the conference. I've looked at the logs which were empty. Any thoughts? Thanks again!


Thank you for the excellent tutorial.
I got an error after applying all settings as explained here: when trying to create a room, I entered my username and password (as defined above) but afterwards got an error GET_SESSION_ID_ERROR after a few dozens of seconds.

The workaround for this was quite simple, as explained here:


Just set
storage = "memory"
instead of "none" for whatever instance of that variable in the file

It worked well for me.

Kind regards


Thanks for your work! It works fine.
Are there any experiences, how many clients and romms this small cloudserver from Hetzner does allow at one time? We need a good-working solution for our school while the shutdown.


You are welcome!
I don't have hard numbers but I did check the server stats with 10/12 people connected, with one in screen-sharing: the server load was around 50%CPU / 0.5Mbps traffic and for the memory I don't remember but was not critical.
This was though with the previous version (till friday), I don't know how the new release performs yet, but I'll keep an eye on it and will report some numbers.


Hmm, I can't seem to get this working. Whenever I go to the page, it says "This site can’t be reached" (ERR_CONNECTION_REFUSED). Any suggestions?


that looks like a DNS error, if you have set-up correctly the DNS to point to your server, it might take some time (few hours) for it the DNS record to propagate.


Strange. I use Cloudflare for my DNS and the “A” record has been set for a few days. Also, when I go to the IP of my Jitsi server, it says the same thing.

I see. It is difficult to guess in the dark what could be the problem, the meaning of ERR_CONNECTION_REFUSED suggests that there is nothing responding on that server.
As for the why you will have to dig a bit deeper.
The tutorial is made to work on a ubuntu 18.04 image from a Hetzner server, and all the steps are required to get it done, if you are on a different platform or have skipped some steps it might not work.

Hmm... I've installed non-secure-domain (On a different VM on the same dedicated host) Jitsi Meet and it worked on the same domain with the same DNS records. I'm selfhosting from my own server on ubuntu 18.04. I don't think I skipped any steps... I'll try it again just to be safe

Update: I got Prosody working after I switched hypervisors... just don't know what's wrong with it.
Update 2: Jitsi is working, but without authentication. I can not enter a password to password-protect a room, which leads me to think that there is no permissions altogether (no moderator rights or admin-to-create-a-room things, I guess they are managed by Prosody?)


Hi Andrea,
Thank you for the tutorial! I have run the tutorial from scratch several times, and everything works great until I try to add a new user. If I try to register a user with $JITSI_DOMAIN, I get the error "The given hostname does not exist in the config",
and if I put my domain in instead of $JITSI_DOMAIN i get the error, "Prosody was unable to find the configuration file, we for: /etc/prosody/prosody.cfg.lua." I can confirm that the config is indeed there. Any ideas??? Thank you so much for any ideas and the tutorial. I am following the exact steps you put in on Ubuntu 18.04. Thank you!


Thank you Andrea. I was able to figure it out. I don't think your files were importing properly for me so I just did it over by following the steps in the official documentation link you provided. I am an novice so I'm sure I did something wrong when running the import commands! Thanks again


hello Joe, from your description looks like you have not use this command correctly:

export JITSI_DOMAIN="your_domain.com"

yor_domain.com should be changed with the domain you want to use for your Jitsi installation


Hi, thank you for the very useful tutorial!
I'm just having one problem: I have a working setup using auth only.
I wanted to add anonymous access, so I just added the appropriate parts of your config files. But as soon as I create the virtual host guest.domain in prosody and a anonymousdomain: 'guest.domain' setting in the jitsi meet domain-config.js, no user is asked for the password any more, so the entire domain is open. Do you have any idea what could be wrong here?

Thank you,


OK, I've found it. It was the Jicofo sip-communicator.properties. This file was not in contained in the URL above, so I missed it ;-)


Excellent tutorial. So for a home office small office of like 4 people, and for a start it might have maximum 4 video calls concurrently (perhaps more in the future). You recommend a home server or better a VPS, like this Heztner, and if so which service shall I look for: I mean which band, machine, secs and so on?


I don't have specific recommendations, but I in the offical forum you can find for sure discussions about it.

From my observations I would say that the setup described in the tutorial it is fine up to 10 participants with video on (for audio I don't know), then you run out of CPU (network usage stays around 6mbps up and 3 up)

All considered, if I had a good and stable network connection (let's say 100mbps up/down and low ping time) I will probably go for the home server.


your guide has at least one error, you have to allow udp port 10000-20000 in your firewall for it to work probably!

also i dont think that it is a good idea (!!), even or especially in a crises where everyone is in a hurry, to suggest someone to download and use a configuration file from the internet without reviewing them, it may be easier in the first but admin needs to know what is configured (and best why) so please describe the changes in the config you have made step by step so everyone can comprehend them!



If you read the tutorial it is explicitly written the instruction to open port 10000/udp.
For the changes, in the tutorial I have linked the sources where the changes are explained,
since they are taken from the official documentation and just put together in this tutorial,
Also the configuration files are listed on github available for inspection from anyone.
And finally your are very much free not to use the tutorial :)


Thanks for the best tutorial about running Jitsi


Many thanks for that very easy and great tutorial!
I was surprised how well and easy that went and got my jitsi server running within 10 minutes and it works like a charme.


Hey very usefull tutorial. you have the key "wonderful Jitsi!"
step by step work fine.
I just have to add manually:
sudo apt instal jitsi-meet-prosody
to have authorisations.
grate job!


which distribution are you using


Thanks for the tutorial!! I've setup a self-hosted jitsi server on aws ec2 container service with t3-medium instance having 5gbps bandwidth.
The installation was a breeze but after installation, the static files served from the configured domain is loading too slow takes around at-least a minute or two. What could be the possible reason for it? FYI, I've checked nginx config with the static files gzip turned on already (the latest pull request has it merged).
Another problem I'm facing is, the people connecting to the server from the jitsi-meet UI aren't able to see everyone on the conference. I understand that the software is configured such that it saves bandwidth. But is there any way to forcefully set video streaming on for all the connected people in the meeting, because the same happens even if everyone is on adequate bandwidth.
Please let me know your thoughts on this or solution if you found any.


Hi, i get the error after login:

The login was accepted. And in the background i can see see videostream from my camera.


I can't reproduce the error and it is difficult to say what could be the reason,
but a good place to start is to search the community forum if someone has/d the same issue

you can also look into the logs to see if there are some obvious errors:

  • /var/log/prosody
  • /var/log/jitsi

Hi, I just installed server on Debian 10 exactly step by step and encountered the same issue. I've found the sollution: go to /etc/prosody/conf.avail/.cfg.lua and change variables (twice in file):
storage = "none" to storage = "memory"
Restart the service: service prosody restart

And it should work.


Had the exact same issue (clean install of VPS - Debian 10 - Jitsi quick install followed by Andrea's steps). Changing the storage corrected the error (by a new one appeared, described and solved here).


Thank you for the excellent tutorial! 🙏🏻