March 2021 update: the tutorial is still valid for the current Jitsi version but there are some new settings in the config file that are not up to date
As the Coronavirus spreads and more and more people are spending time at home, one of the most critical thing for many is to be able to keep in touch with family, friends and colleagues.
We at Ape Unit are used to remote and distributed work but the current situation meant that it was necessary to go above and beyond....
As we are involved in open source projects and since we already use Jitsi we opted to deploy an instance of Jitsi to use internally and since there have been a lot of demand on the Jitsi community forum about installation and configuration here is a step by step tutorial about how to run your own server.
Once you have completed the tutorial you will have your own Jisti server with authentication enabled.
Before you start
This tutorial assumes that you have basic knowledge about technical stuff in particular assumes that you are familiar with the linux shell, ssh
, and dns.
The costs
The running cost of the setup varies depending on the server choice and the domain, in this case we'll be using a Hetzner cloud instance that starts from 2.49€/m
this being said, let's start!
#1. Setup a new server (with Hetzner)
Login (or create an account on Hetzner), then:
- go to the Cloud home
- choose the project you want (usually
Default
) - Click on ADD SERVER
In the Create a Server page make sure to
- select the Ubuntu 20.04 as Image (point 2)
- add your public ssh key (point 7)
Then click on CREATE & BUY NOW
If you add your ssh key, make sure that it is enable in the ssh configuration of your machine (more on that here). If you do not add your ssh key, you'll receive an email with the root password to the server that you will have to change on first login. As a side note, public key authentication is preferable then password.
The server creation is going to take a minute or less, once completed take note of the IP address of the server.
#2. Point a domain to the newly created server
for this step, we'll assume that you already have a domain registered (you can grab one on namecheap. For this tutorial we will use the domain apeunit.test
for our domain.
In your domain DNS configuration add the records:
- type:
A
- host:
@
- value: IP Address (from the Hetzner server)
NOTE: it might take a few minutes for the DNS to propagate
#3. Jitsi installation
Now that the server is up and running, let's set it up!
If everything before has been successful you should be able to login to your server using:
$ ssh root@apeunit.test
The authenticity of host 'apeunit.test (10.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:Q1rLmH7vuBalRJGv7sasTJy+ZtS3yOf4A34artGjUI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'apeunit.test,10.0.0.1' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-91-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
root@server:~#
We can now proceed with Jitsi installation (documentation here)
First let's make sure that the system is up to date
apt update
apt upgrade -y
Then install nginx
apt install nginx -y
Now we can add the Jitsi repositories and install the Jitsi components. During the installation, you will be prompted for a domain to use, when it happens enter the domain you choose/registered at #2. The second question you'll be asked is if generate a self signed certificate or provide your own; choose the default (generate a self signed certificate)
echo 'deb https://download.jitsi.org stable/' >> /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt update && apt install jitsi-meet -y
And finally, lets ask let's encrypt for a certificate for our domain
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
To verify that the installation was successful, open your browser and enter your domain in the address bar, Jitsi should be now up and running.
Once we have verified that the installation is working properly, it is time to configure the firewall so not to leave your server exposed. For firewall we are going to use ufw
:
ufw allow ssh
ufw allow http
ufw allow https
ufw allow 10000/udp
ufw enable
#4 Enable authentication for Jitsi
Enabling the authentication requires only to edit three files:
/etc/jitsi/meet/apeunit.test-config.js
/etc/prosody/conf.avail/apeunit.test.cfg.lua
/etc/jitsi/jicofo/sip-communicator.properties
NOTE: for the first two, change the
apeunit.test
part of the filename with your domain
The official documentation for secure domain explains the details of the changes, but here are the files already configured:
I've published the changed files here:
/etc/jitsi/meet/apeunit.test-config.js
/etc/prosody/conf.avail/apeunit.test.cfg.lua
/etc/jitsi/jicofo/sip-communicator.properties
but they have to be changed according to your domain name, here is how. First set a variable with your domain name:
export JITSI_DOMAIN="your_domain.com"
then update the meet configuration file:
curl https://gist.githubusercontent.com/noandrea/5ff6b212273af95103996c0e71f0cdf2/raw/d14979d5b31af324c5823b3d3c8683a6c762f518/apeunit.test-config.js -s | \
sed "s/apeunit.test/$JITSI_DOMAIN/g" \
> /etc/jitsi/meet/$JITSI_DOMAIN-config.js
then the prosody configuration file:
curl https://gist.githubusercontent.com/noandrea/5ff6b212273af95103996c0e71f0cdf2/raw/d14979d5b31af324c5823b3d3c8683a6c762f518/apeunit.test.cfg.lua -s | \
sed "s/apeunit.test/$JITSI_DOMAIN/g" | \
sed "s/JICOFO_SECRET/$(grep -e '^JICOFO_SECRET=.*' /etc/jitsi/jicofo/config | cut -d '=' -f2)/g" | \
sed "s/TURN_SECRET/$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8})/g" \
> /etc/prosody/conf.avail/$JITSI_DOMAIN.cfg.lua
and finally the sip communicator properties file:
echo "org.jitsi.jicofo.auth.URL=XMPP:$JITSI_DOMAIN" \
>> /etc/jitsi/jicofo/sip-communicator.properties
Once this part is completed it is now time to create your users, with the command prosodyctl register USER DOMAIN PASSWORD
; in our example we can register the user jane
with:
prosodyctl register jane $JITSI_DOMAIN janepwd
Currently there is no option to make users register themselves, you will have to create users by command line. Also not all the users need to have a password, only the ones that open a room.
To apply the changes last thing we have to do is to restart Jitsi services:
systemctl restart jicofo
systemctl restart jitsi-videobridge2
systemctl restart prosody
That's it! Now you can enjoy your private chat server thanks to the wonderful Jitsi!
Latest comments (98)
So after doing the changes of #4 Enable authentication for Jitsi its not working anymore. When connecting to the domain you still see jitsi running, but no authentication window coming up.
it has been some time since I've update the tutorial last time, I'm not working with jitsi anymore and things may have changed since march 2021
Date 26_12_2021
Hello Andrea,
i worked through your tutorial up to step 3, it also works with test in the browser.
but from step 4 enable authentication for jitsi, which I have processed according to your instructions, no login window appears when logging into a room. and the error message "something went wrong" and restart the page as a continuous loop
do you have any idea what could be the fault here?
installed at Hetzner with ubuntu 20.04.
I also tried this step with:
On NAT
Edit / check your videobridge SIP config file /etc/jitsi/videobridge/sip-communicator.properties file
Add this lines at the end:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS = xxx.xxx.xxx.xxx
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS = xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx your internal and external P address
orig source: github.com/jitsi/jitsi-meet/blob/m... 129
3., Edit / check your videobridge config file / etc / jitsi / videobridge / config
modify your “JVB_HOST =” line
to
JVB_HOST = localhost
JVB_HOST = 127.0.0.1
but no success :-(
my old installation with ubuntu 18.04 based on the instructions from that time runs without any problems.
I need some help. I'm trying to configure the Jitsi from the docker to be used with a Foundryvtt (using the Jitsi WebRTC client inside Foundryvtt)
I found some articles with steps to do:
foundryvtt.com/packages/jitsirtc
vtta.io/articles/installing-a-self...
dev.to/noandrea/self-hosted-jitsi-...
github.com/jitsi/docker-jitsi-meet...
But I couldn't find the folders:
/etc/jitsi/meet/apeunit.test-config.js
/etc/prosody/conf.avail/apeunit.test.cfg.lua
/etc/jitsi/jicofo/sip-communicator.properties
Also, I don't know if all these are necessary. =/
Any idea how to resolve this issue and have the docker-jitsi-meet working with Foundryvtt?
Docker Jitisi repository: github.com/jitsi/docker-jitsi-meet
Hi, thank you for the very useful tutorial!
I'm just having one problem: I have a working setup using auth only.
I wanted to add anonymous access, so I just added the appropriate parts of your config files. But as soon as I create the virtual host guest.domain in prosody and a anonymousdomain: 'guest.domain' setting in the jitsi meet domain-config.js, no user is asked for the password any more, so the entire domain is open. Do you have any idea what could be wrong here?
Thank you,
Jörg
OK, I've found it. It was the Jicofo sip-communicator.properties. This file was not in contained in the URL above, so I missed it ;-)
Hi Andrea, thank you for the tutorial. I followed every step and it works well using on my android mobile phone (using react-native-jitsi-meet).
But on ios, I don't now why the dominant speaker detection is not working. If I use the public domain meet.jit.si, it works. Could you give me a lead? Thank you!
i am having a weird problem, after entering the users with password, the application does not seem to identify me as a valid user/host and gets me back to waiting screen. Any idea what i must be doing wrong?
Your guide is wonderful and I congratulate you, I just don't understand why the third user who connects doesn't hear and sees nothing anymore. Could you help me?
thanks
P.S. debian10 nginx
Hello there, I have not tested it with debian, so I can't help your there.
But for sure you'll find help in the official forum:
community.jitsi.org/
Your guide is wonderful and I congratulate you, I just don't understand why the third user who connects doesn't hear and sees nothing anymore. Could you help me?
thanks
Hi Andrea,
Thank you for the tutorial! I have run the tutorial from scratch several times, and everything works great until I try to add a new user. If I try to register a user with $JITSI_DOMAIN, I get the error "The given hostname does not exist in the config",
and if I put my domain in instead of $JITSI_DOMAIN i get the error, "Prosody was unable to find the configuration file, we for: /etc/prosody/prosody.cfg.lua." I can confirm that the config is indeed there. Any ideas??? Thank you so much for any ideas and the tutorial. I am following the exact steps you put in on Ubuntu 18.04. Thank you!
Thank you Andrea. I was able to figure it out. I don't think your files were importing properly for me so I just did it over by following the steps in the official documentation link you provided. I am an novice so I'm sure I did something wrong when running the import commands! Thanks again
hello Joe, from your description looks like you have not use this command correctly:
yor_domain.com should be changed with the domain you want to use for your Jitsi installation
Very good tutorial, and I'm in Linux server world but I achieved to install my own Jitsi server on Debian
I have registered users with "prosodyctl register jane $JITSI_DOMAIN janepwd" but how to list all the registered users to check who I have registered and who I haven't registered at the moment ?
I've looked after this information on web but no success for the moment.
Regards,
Michaël
that's a good question, I've found this solution so far:
Thank you, you're the best !!
Hi, but you do not have to change the file as below???
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=xxxxxxxxxxxxxxx
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=yyyyyyyyyyyyyy
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
COMMENTED OUT org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
I am not sure about what is that part you are referring to
its by the instructions from jitsi-meet developers
github.com/jitsi/jitsi-meet/blob/m...
BTW, you think your instructions should work with Ubuntu 20? I can try
Hello Klagio,
that's for servers behind NAT, the setup in the tutorial (hetzner) is not for NAT setup.
About ubuntu 20.04, last time I tried it did not work out of the box...
ahhh yes right.
Bummer, need to update to 20.4 because of another server, will have to figure out
I founf this guide
linuxbabe.com/ubuntu/install-jitsi...
Thanks for the tutorial!! I've setup a self-hosted jitsi server on aws ec2 container service with t3-medium instance having 5gbps bandwidth.
The installation was a breeze but after installation, the static files served from the configured domain is loading too slow takes around at-least a minute or two. What could be the possible reason for it? FYI, I've checked nginx config with the static files gzip turned on already (the latest pull request has it merged).
Another problem I'm facing is, the people connecting to the server from the jitsi-meet UI aren't able to see everyone on the conference. I understand that the software is configured such that it saves bandwidth. But is there any way to forcefully set video streaming on for all the connected people in the meeting, because the same happens even if everyone is on adequate bandwidth.
Please let me know your thoughts on this or solution if you found any.
Thanks!
If anyone is interested I have created an app to have On-Demand jitsi meet servers that get deleted once the meeting ends (yameeting.com)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.