Jitsi Meet Self-Hosting Guide

quiet Версія unspecified Last review: 2020

This documentation hasn’t been updated in a while. Some information might no longer be valid. You can find the latest version of the upstream documentation at https://jitsi.github.io/handbook/docs/devops-guide/

Jitsi video conferencing stack enables users to create virtual meetings, conferences, and collaboration sessions among other notable use-cases. Jitsi video conferencing stack provides:

  • Jitsi Meet (jitsi-meet): a web-based client application used by conference participants

  • Jitsi Videobridge (jitsi-videobridge): a server-side component of the Jitsi stack. Acts as a central hub for video conferences, where participants can join by accessing a uniquely generated conference URL from the server. Jitsi Videobridge conducts negotiation of audio and video streams between conference participants and also provides the necessary infrastructure for seamless experience.

  • Webserver configurations (jitsi-meet-nginx) and (jitsi-meet-apache): components that help serve the Jitsi Meet web client to handle incoming HTTPS requests.

  • Configuration for Prosody (jitsi-meet-prosody): a server-side component providing user authentication and management, conference room management. Ensures secure communication within Jitsi video conferencing stack.

  • Jicofo (jicofo): a server-side component for conference management, participant control and media routing.

Installing Jitsi

The installation instructions are similar to the official Debian/Ubuntu instructions. Notable differences are:

  • Slightly different file locations

  • The Jicofo and Jitsi Videobridge components log to syslog instead of to their own logfiles.

  • The Jicofo component runs from a service, not from an init script.

Prerequisites
  • Small server, which is accessible from the Internet

  • Domain name and an SSL certificate for that domain

Procedure
  1. Enable the jitsi repository:

    $ sudo dnf copr enable lcts/jitsi
  2. Install the jitsi meta package to be able to configure a Jitsi server:

    $ sudo dnf install jitsi

    Alternatively, you can install other packages from the jitsi repository:

    • jitsi-meet - the Jitsi Meet web app

    • jitsi-meet-nginx - Jitsi configuration for NGinx

    • jitsi-meet-apache -Jitsi configuration for Apache

    • jitsi-meet-prosody - Jitsi configuration for Prosody

    • jitsi-videobridge - the Jitsi Videobridge component

    • jicofo - the Jitsi Conference Focus component

Additional resources
  • After installation, you need to configure all packages before you use them. For more information, see the /usr/share/doc/<package>/README-fedora.md file.

  • You can report issues with packages at jitsi-rpm queue.

    If you encounter problems with software, contact the respective upstream developers.

Configuring Jitsi

After installation, you need to perform a few additional configuration steps. The steps consist of replacing various placeholder variables with your values to ensure that Jitsi is correctly configured to work in your specific deployment. The placeholders are identified by underscores for example __variableName__.

In all files, replace __jitsiFQDN__ with the fully-qualified domain name of your instance and __<component>Secret__ with a strong random password. You need three secrets:

  • __focusSecret__

  • __focusUserSecret__

  • __jvbUserSecret__

You do not need to memorize the secrets. They are only used by different Jitsi components to communicate to each other.

Configuring Jitsi Prosody

You can find Prosody configuration for Jitsi in the /etc/prosody/conf.d/jitsi-meet.cfg.lua file.

Procedure
  1. Generate the SSL/TLS certificate for the Jitsi domain:

    $ prosodyctl cert generate __jitsiFQDN__

    You need to replace __jitsiFQDN__ with the actual domain name of your Jitsi installation. The generated certificate secures the Jitsi Meet web interface and enables encrypted communication.

  2. Generate the SSL/TLS certificate for the auth subdomain:

    $ prosodyctl cert generate auth.__jitsiFQDN__

    The auth subdomain is typically used for authentication purposes in Jitsi Meet. Replace __jitsiFQDN__ with your Jitsi domain name to generate the certificate for the auth subdomain.

  3. Add the Jitsi domain certificate as a trusted anchor to ensure that it is recognized as a valid certificate by the system:

    $ trust anchor /var/lib/prosody/__jitsiFQDN__

    The certificate file is typically located at /var/lib/prosody/__jitsiFQDN__. Therefore you need to replace __jitsiFQDN__ with the actual domain name to specify the correct file path.

  4. Add the auth subdomain certificate as a trusted anchor:

    $ trust anchor /var/lib/prosody/auth.__jitsiFQDN__

    The certificate file is expected to be located at /var/lib/prosody/auth.__jitsiFQDN__. Replace __jitsiFQDN__ with your Jitsi domain name to provide the accurate file path.

  5. Register a user with the username focus in the Prosody XMPP server:

    $ prosodyctl register focus auth.__jitsiFQDN__ __focusUserSecret__

    The focus user is a special user for Jitsi Meet conference management and coordination. It is responsible for example for creating and controlling conferences. The auth.__jitsiFQDN__ portion specifies the domain where the user is registered.

    Replace __jitsiFQDN__ with your Jitsi domain name. The __focusUserSecret__ is the password or secret associated with the focus user. Replace __focusUserSecret__ with a strong and secure password.

  6. Register a user with the username jvb in the Prosody XMPP server:

    $ prosodyctl register jvb auth.__jitsiFQDN__ __jvbUserSecret__

    The jvb user is used by Jitsi Videobridge component to handle video streams in Jitsi Meet. The auth.__jitsiFQDN__ portion specifies the domain where the user is registered.

    Replace __jitsiFQDN__ with your Jitsi domain name. The __jvbUserSecret__ is the password or secret associated with the jvb user. Replace __jvbUserSecret__ with a strong and secure password.

  7. Enable and start the prosody service:

    $ sudo systemctl enable --now prosody

Configuring Jitsi Meet

Procedure
  1. Locate the /etc/jitsi-meet/config.js configuration file.

  2. Replace the placeholder variables in config.js.

Configuring Jitsi webserver

Prerequisites
  • Configure an HTTPS server for __jitsiFQDN__.

Procedure
  • For Apache:

    • Replace the placeholders in the /etc/httpd/conf.d/jitsi-meet.conf file.

    • Restart the httpd service:

      $ sudo systemctl restart httpd
  • For Nginx:

    • Replace the placeholders in the /etc/nginx/conf.d/jitsi-meet.conf file.

    • Restart the nginx service:

      $ sudo systemctl restart nginx

Configuring Jicofo

Procedure
  1. Replace the __jitsiFQDN__ and __focusSecret__ placeholder variables in /etc/jicofo/config and /etc/jicofo/sip-communicator.properties files.

  2. Enable and start jicofo.service:

    $ sudo systemctl enable --now jicofo.service

Configuring Jitsi Videobridge

Prerequsites
  • Open the port 10000/udp if you use Network Address Translation (NAT):

    1. Install the jitsi-videobridge-firewalld package to obtain service definition for jitsi-videobridge.service

    2. Use the service definition to configure firewalld to open 10000/udp for Jitsi Videobridge.

Procedure
  1. Replace the __jitsiFQDN__ and __jvbUserSecret__ placeholders in the /etc/jitsi-videobridge/jvb.conf file.

  2. Enable and start jitsi-videobridge.service:

    $ sudo systemctl enable --now jitsi-videobridge.service
Additional resources
  • /etc/sysconfig/jitsi-videobridge

For more information see jitsi